C# – Signing .NET DLL used as ActiveX Control

activexccode-signinginternet explorernet

I have a COM visible .NET DLL file that is being used as an ActiveX control within a webpage shown in Internet Explorer.

The control itself is working perfectly (though with some caveats) when called via JavaScript code from a webpage.

The problem comes with signing the DLL and having it reliably accessible. I am (as far as I can tell) signing the project within Visual Studio. In the properties for the project's 'Signing', I created a .pfx file and am using it to sign the DLL.

Within Internet Explorer, no matter what I do, I cannot get Internet Explorer to let the ActiveX control load without manually going into the security settings and changing the 'Download unsigned ActiveX controls' and 'Initialize and script ActiveX controls not marks as safe for scripting' options to Enable/prompt.

Best Answer

Seems the original issue had nothing to do with the signature of the file, but in the implementation of IObjectSafety. For IE to allow it to be loaded, I needed to properly implement that interface, and it worked fine (even without a valid signature).

Simple example:

[ComImport()]
[Guid("CB5BDC81-93C1-11CF-8F20-00805F2CD064")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
interface IObjectSafety
{
    [PreserveSig()]
    int GetInterfaceSafetyOptions(ref Guid riid, out int pdwSupportedOptions, out int pdwEnabledOptions);

    [PreserveSig()]
    int SetInterfaceSafetyOptions(ref Guid riid, int dwOptionSetMask, int dwEnabledOptions);
}

And the class itself:

[ProgId("Testing.Test")]
[ClassInterface(ClassInterfaceType.AutoDispatch)]
[ComVisible(true)]
public sealed class Test : IObjectSafety
{
    #region Saftey Interface
    private const int INTERFACESAFE_FOR_UNTRUSTED_CALLER = 0x00000001;
    private const int INTERFACESAFE_FOR_UNTRUSTED_DATA = 0x00000002;
    private const int S_OK = 0;

    [ComVisible(true)]
    public int GetInterfaceSafetyOptions(ref Guid riid, out int pdwSupportedOptions, out int pdwEnabledOptions)
    {
        pdwSupportedOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;
        pdwEnabledOptions = INTERFACESAFE_FOR_UNTRUSTED_CALLER | INTERFACESAFE_FOR_UNTRUSTED_DATA;
        return S_OK;
    }

    [ComVisible(true)]
    public int SetInterfaceSafetyOptions(ref Guid riid, int dwOptionSetMask, int dwEnabledOptions)
    {
        return S_OK;
    }
    #endregion

    [ComVisible(true)]
    public string TestString
    {
        get
        {
            return 'A Test';
        }
    }
}

Related Solutions

How to disable “ActiveX Control May Be Unsafe” popup

By pure hackery, I discovered that setting the following registry value does it:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1201"=dword:00000000

But I'm still wondering whether there's any supported way of doing this.

.net – Difference between decimal, float and double in .NET

float and double are floating binary point types. In other words, they represent a number like this:

10001.10010110011

The binary number and the location of the binary point are both encoded within the value.

decimal is a floating decimal point type. In other words, they represent a number like this:

12345.65789

Again, the number and the location of the decimal point are both encoded within the value – that's what makes decimal still a floating point type instead of a fixed point type.

The important thing to note is that humans are used to representing non-integers in a decimal form, and expect exact results in decimal representations; not all decimal numbers are exactly representable in binary floating point – 0.1, for example – so if you use a binary floating point value you'll actually get an approximation to 0.1. You'll still get approximations when using a floating decimal point as well – the result of dividing 1 by 3 can't be exactly represented, for example.

As for what to use when:

For values which are "naturally exact decimals" it's good to use decimal. This is usually suitable for any concepts invented by humans: financial values are the most obvious example, but there are others too. Consider the score given to divers or ice skaters, for example.
For values which are more artefacts of nature which can't really be measured exactly anyway, float/double are more appropriate. For example, scientific data would usually be represented in this form. Here, the original values won't be "decimally accurate" to start with, so it's not important for the expected results to maintain the "decimal accuracy". Floating binary point types are much faster to work with than decimals.

Best Answer

Related Solutions

How to disable “ActiveX Control May Be Unsafe” popup

.net – Difference between decimal, float and double in .NET

Related Topic