I have an extension that uses native messaging to launch a server. It
sends a message through the native messaging API which launches a host
process; the host process launches an HTTP server on an ephemeral port
and sends the port number back to the extension; the extension then
connects to that port. All of this works fine.
I am attempting to generalize this mechanism in two ways, and cannot
figure out how to do it.
(1) I would like to allow multiple applications to communicate with a
single installed native messaging host. Currently, each application
needs to install its own host which is configured with information
about the application (basically contains all the code for a "server"
for that application). I would like to use a single host which can
serve arbitrary applications.
(2) I would, thus, like to be able to start the process by having the
application connect to the native messaging host and provide it with
the installation directory of the extension. Then I'd like the native
messaging host to be able to read that directory looking for
configuration information, code, etc. so that it can initialize itself
appropriately. Basically, I'd like the native messaging host to be
able to run code and scripts bundled with the extension, in arbitrary
data formats (in my case, probably plain text, JavaScript files, and Java JAR/class
files) to implement the "server" or "native" portion of the
application.
Given that NPAPI plugins are supposed to be re-implemented using the
native messaging API, I am assuming that this is possible and that I
just can't figure out how to do it.
The only approach that I've come up with that might work seems overly
complicated and underperformant -- basically, I believe I could allow
the host to load code from the extension by having the host send a
"request" to the client (by posting a JSON message, with a request ID and a path, say), and having the client use XMLHttpRequest with ArrayBuffer (in the most general case)
to its own chrome-extension:// URL (as obtained by chrome.runtime using the path as the argument to getURL) to
read its files, serializing them back to the host as JSON. Would this
work? Is this the intended approach?
Related
I'm new to Federation Services and I'm trying to understand how ADFS works as a whole and I've started to get down into the details. I followed along with creating an app using OIDC to authenticate a user, however, within the tutorial, they specified using a "Server Application" when setting up an Application Group. This ended up not working for me so I tried setting up a "Native Application" application group for kicks and was able to successfully login.
The thing that threw me off is, I ended up hosting ADFS on a server outside of the domain in which I had my application running, so I'm confused as to how that is "native" in terms of ADFS.
I went looking for this answer within microsoft's documentation but I didn't find the information very clear.
Native Application:
"Sometimes called a public client, this is intended to be a client app that runs on a pc or device and with which the user interacts."
Server Application:
"A web application that runs on a server and is generally accessible to users via a browser. Because it is capable of maintaining its own client 'secret' or credential, it is sometimes called a confidential client."
This may seem simple to some, but I'm trying to really get a grip on what would be used when. To me it sounds like a native application is used when you're running the application natively on a pc in which the user is also using the same pc, and the server application is run remotely in which the user would not be using the same machine. Is it really that simple or am I misunderstanding?
A native application (in Microsoft speak) is something that is not browser based e.g. mobile. The code runs client side. It may use JavaScript in which case the secret key is publicly accessible. (The secret key is one of the OAuth parameters). You use ADAL / MSAL to access it.
A server application runs server side e.g a web API. The secret key is not publicly accessible. You use OWIN to access it.
These terms have no relevance to where ADFS is actually installed. Native applications typically are not domain joined.
I developed an extension that communicates with a host (also developed by me), as provided by the https://developer.chrome.com/extensions/nativeMessaging example, and it works just fine.
Now I need to distribute my host with my extension and I couldn't find in Distributions how can I package my host along my extension. Are there any examples of how can I do it? Or must I distribute my host elsewhere?
I couldn't find in Distributions how can I package my host along my extension.
Support for this has been requested and turned down by Chrome developers.
I would recommend reading that thread for some insights in how native hosts are supposed to work according to them.
Or must I distribute my host elsewhere?
That's the idea. You need an installer hosted somewhere else.
wOxxOm's proposal is not going to work seamlessly, since a Native host cannot function without registering it with the system (e.g. adding a registry key on Windows) - something an extension cannot trigger.
It's possible you can still follow the bundle-download-open route for an installer, but I imagine it may get frowned upon by Chrome Web Store.
Our setup is like this: we use a coldfusion 10 server, and files are on a local intranet. Users use a domain login to access any files over https. I'm interested in using html5 websockets, but the first attempt gave me an error because no credentials were supplied. Is there a way around this? If not, is there a recommended technology for this scenario?
The user does log in on the client side. If it's possible, what I'd really like to do here is pass those credentials when making the connection to the server.
you should be able to supply the authentication header to your web socket server before the elevation to web socket read that and send it back in the headers for the elevation (first frame) then when the browser connects it should have the authentication it needs.
if your using a custom authentication E.G in page not authentication header you can also do this by passing any custom header to your server.
Or mandate that the first thing your web client sends is the authentication details this could be something like {username_hash}.{password_hash} if they don't close the socket to them.
Do not do this.
You're now responsible for sending and encrypting the authentication credentials yourself, bypassing something that already works and is tested.
Anyone can snoop on an unencrypted websocket port. Use HTTPs for an intranet, use stable solutions, don't reinvent this wheel because it tickles your fancy.
In a couple of years some colleague will have to maintain this and will have to figure out how your homebrew version works versus something that's solid like plain browser authentication.
My advice: Leave this to the browser and to well-tested coldfusion libraries.
i want to know if it is possible for google chrome extension to check if there is already a native app installed on the client machine or not
So we established that you control both the extension and the native app.
Note that the extension cannot access the filesystem to check for existence of files; presumably, you also want to detect the presence of the app even if it's not running, and ideally be able to launch it if it isn't.
The best way to check that the app is installed is to provide a Native Messaging host in the app. The installer would then add a registry key to let Chrome know that the native host is present, and you can connect to it.
Now, there are some considerations:
You can't check the presence of the native host without trying to launch it.
The process launched that way lives only as long as its communication port is opened in the extension.
The communication channel between the extension and the app is the STDIO.
It would not be wise to just declare your main Windows Forms app as the native host. You should write a separate utility app that can communicate according to the Native Messaging protocol (even if to just answer "I'm here"). If needed, it can launch the main app and/or communicate with it as needed using other channels. You could also just launch the main app from your native host and then communicate with it using WebSockets.
What are the options for executing a local client-side program directly from Chrome/Chromium?
Here's the criteria:
ease of installation
cross-platform support
control over security (no other than the specified program can be
executed)
Currently, I can think of three options
write a Chrome plugin
clients run a local web server
a Java Applet
Are there any other options? The client side runs Javascript and is accessing a RESTful API to receive the data. Or maybe a way to directly execute a local program with the user's consent from Chrome?