All Categories :
Servers
Chapter 17
Understanding ActiveX Technologies
CONTENTS
On December 7, 1995 Microsoft rushed to the Net! In a major press
conference to announce their Internet vision, Chairman Bill Gates
paraphrased a historical quote from the same date when he alluded
that he felt as if a sleeping giant had been awakened.
He was referring both to the rapidity with which the Internet
phenomenon had come upon the software industry-and to Microsoft's
own lack of attention to that fact. As so many players in the
software industry already consider Microsoft to be too large for
its own good, the onslaught of changes being brought on by the
Internet was seen by several competing companies as an opportunity
to seize the initiative. One company in particular, Netscape,
was (and is) doing exactly that. Until Microsoft woke up, it looked
as though Netscape would dominate the Internet almost unchallenged.
For example, Netscape's premier product, Navigator, is preferred
by 80 percent of all Web surfers.
Users of the Internet, the Web, and Intranet technologies stand
to gain a great deal from the competition between Netscape and
Microsoft. The rush of both companies to bring out new and improved
products is further fueling the need for trained professionals
like you and me.
Because this book is about Windows NT and the Web, and because
I try hard to keep abreast of all of Microsoft's product developments,
I have shaped this chapter around Microsoft's recent Internet
technology announcements. Its bevy of new Internet products is
perhaps best summed up by the name, and strategy, of ActiveX,
even though that is really only one piece of the overall Web that
Microsoft is weaving.
Please understand that any perceived lack of information in this
book about Netscape products should by no means be considered
a vote to ignore those technologies. That would be a perilous
mistake to make as Netscape will continue to influence major standards
and be a preeminent force on the Web for a long time to come.
I applaud Netscape for helping pave a superhighway we can all
enjoy, and I celebrate the opportunity to work in an industry
with innovators such as Netscape. But space and time limitations
being what they are, I can only cover so much in one book.
No matter how you talk about the Internet, the conversation always
winds back to the Web browser. As you have seen repeatedly throughout
this book, we are living in a time when the Web browser has the
potential to radically change the way we use computers. Netscape
wants to own the browser market. Their Internet ally, Sun Microsystems,
intends to help them reach that goal by getting everyone to use
the Java language everywhere. (Java is being developed by Sun
as a possible replacement for C++ and object-oriented client/server
programming.) If their collective strategy works, they stand to
get the largest piece of the Internet software pie. Because no
one ever figured out how to cut into Microsoft's operating systems
and applications pie, the thinking goes, why not just bake a new
pie? In other words, client/server computing delivered through
Web browsers is a way to reduce, some say even eliminate, the
need for mass market desktop operating systems like Windows 95!
Microsoft realized that when it came out with Internet Explorer
1.0 at the time Windows 95 was released in August 1995. But Explorer
was largely considered an insignificant free program that had
no chance of competing with Navigator on features and power. Netscape
had already produced many popular versions of Navigator. Navigator
also ran on several operating system platforms (including Apple
and UNIX), and it supported all of the Netscape HTML extensions
(of course).
In early 1996, both Netscape and Microsoft released their version
2.0 Web browsers. Although Microsoft invented and supported a
few interesting HTML extensions, IE 2.0 was still nowhere close
to earning the popularity that the Web had bestowed upon Navigator.
Microsoft needs more than one new release of software to catch
up to Netscape in browser popularity. Both Microsoft and Netscape
know this fact, and software engineers at both companies are working
late into the night to bring out the 3.0 versions of their respective
browsers (both are expected by the time you read this).
As I put the final words into this book, both Netscape and Microsoft
have released beta versions of their new 3.0 browsers. The competition
continues to heat up. The June 3, 1996 issue of WebWeek magazine
carries a story which points out that Microsoft has decided to
integrate Macromedia's Shockwave into Explorer 3.0. In addition,
with the URL parental blocking feature (useful on the corporate
Intranet as well), support for HTML 3.2 style sheets, and ActiveX,
Microsoft is claiming that they have the leg up. Meanwhile, Netscape
has added CoolTalk (teleconferencing), LiveAudio, LiveVideo, Live3D
(using VRML, or Virtual Reality Markup Language), and they have
enhanced their Java and JavaScript features. (Microsoft claims
that IE 3.0 will support Java, but it has yet to materialize.)
Although ActiveX is cool and it does open the door to technologies
such as the Microsoft NetMeeting collaboration application (available
for free now, possibly bundled with Explorer in the future), it
is still too early to tell what percentage of Web users (if any)
will drop Navigator for Explorer. Most likely, some users will
move over to Microsoft (especially when it becomes an integrated
piece of the Windows 95 operating system late this year), but
don't hold your breath if you are looking for any knockout punches
in the fight for browser market share. System administrators and
Web page designers will have to deal with supporting both browsers
for some time to come.
Note |
NCompass Labs has developed an ActiveX plug-in for Netscape Navigator 2.x (and above). Basically, this helps Microsoft try to establish ActiveX as a platform that is accessible to a larger number of users than Internet Explorer would deliver by itself. That in turn, will help Microsoft convince developers to build ActiveX controls, and page designers to use those controls, as an alternative to Java applets. Visit the NCompass Web site at
http://www.ncompasslabs.com/.
|
While Web browsers are at one end of the client/server transaction;
server software stands at the other end. Microsoft feels that
Windows NT and BackOffice are uniquely positioned to help them
dominate the Intranet/Internet marketplace.
Take a peek at the server components in BackOffice that deliver
Intranet/Internet functionality:
- Internet Information Server 2.0 is free with NT 4. This product
is the key piece of technology that Microsoft hopes will help
NT customers to build millions of Web sites. It offers a Gopher
server, an FTP server, and, most importantly, a Web publishing
server.
- A GUI Domain Name Server (DNS)
is also free with NT 4 Server. Microsoft has recently announced
its plans to merge the Internet DNS technology into the NTFS filesystem
as part of the directory services war with NetWare.
- SQL Server 6.5 is the latest version of the enterprise database
server that supports dynamic HTML page creation triggered by changes
in the relational database.
- Exchange Server is the e-mail server and groupware application
development platform that goes head-to-head against IBM/Lotus
Notes and Netscape/Collabra Share.
Just as NT and BackOffice are designed to run the types of new
Intranet and Internet server applications that are being developed
around the world, Microsoft recognizes that Web page creation
tools are key to the overall success of its product suite. Bill
Gates and company have spelled out a three-tiered approach that
looks to have at least something for everyone.
First, at the low end in both cost and features, are the series
of Internet Assistant add-ons for the Microsoft Office applications.
These applications include Word, PowerPoint, Excel, Access, and
Schedule+. The Internet Assistants are all freely available at
the Microsoft Web site (http://www.microsoft.com).
The current version of Internet Assistant for Word, 2.0, requires
Word 7.0 for Windows 95. IA for Word allows you save word processing
documents in HTML format or load and edit HTML documents. It also
includes features to preview your HTML document, insert HTML tags,
and even browse the Web, if you have a connection to the Internet.
Internet Assistant for Excel is a simple macro that allows you
to save spreadsheets into HTML table format. Internet Assistant
for PowerPoint accomplishes the same thing for your slide presentations.
The middle layer of the Microsoft Web authoring tools consists
of FrontPage (recently acquired with their purchase of Vermeer,
Inc.). As far as HTML editors go, FrontPage is a much more powerful
and complete package than, say, IA for Word. FrontPage includes
a personal Web server so that you can test your pages. In addition
to a slick HTML editor, it also includes a Web site analyzer to
help check for broken URL references in your HTML pages. Microsoft
has stated the price of FrontPage will be substantially reduced
from the level Vermeer was charging (analysts are predicting a
street price of $99). Some reports indicate it will be available
as an add-on to Microsoft Office.
Internet Studio represents the high-end of the spectrum of authoring
packages. Pricing, feature details, and availability have not
been released as I write this, but Microsoft has stated that it
will go beyond HTML authoring. Given the positioning of FrontPage,
I infer that Internet Studio will be a comprehensive package for
creating enterprise-wide ActiveX Web pages and client/server Intranet
applications.
In February 1996, Microsoft quickly renamed its technology for
OCX controls to ActiveX in an effort to boldly take on
Java. ActiveX is a hot topic, which you have probably already
heard about before you bought this book.
ActiveX, VBScript (see Chapter 18, "Using
Visual Basic Script on the Intranet"), and HTML are closely
related. ActiveX controls can be placed inside Web pages to make
them more dynamic. Because ActiveX is just another name for OCX,
you can take any commercially available Visual Basic 32-bit extension
control, such as a data grid or a stock ticker, and embed it into
your HTML code (once the vendor upgrades the software to the ActiveX
model). The ActiveX control will be downloaded to any client computer
that retrieves your Web page.
How does the browser know how to display an ActiveX control? After
all, ActiveX certainly isn't part of the HTML standard, not even
the new HMTL 3.2 standard. The answer is that only Microsoft Internet
Explorer 3.0 knows how to do it. Well, that's only true at first
glance. Actually, Microsoft is making the technology available
to other browser vendors who are porting it to Internet Explorer
for Macintosh, and Microsoft has even teamed up with third-parties
(such as NCompass mentioned previously) to provide it as an plug-in
extension to Netscape Navigator (something that Netscape probably
wishes wasn't workable).
Adding OCX controls to Web pages will transform client/server
computing. It provides application developers with a whole new
method to quickly build network applications. Visual Basic, PowerBuilder,
Delpi, and C++ are all great tools, but none of those beat the
ease of programming in HTML, especially when you consider that
Web page creation tools are still only in their infancy.
VBScript fits in between HTML and the ActiveX control. VBScript
is both a subset of Visual Basic and a powerful extension to HTML.
VBScript is designed to be safe to run on the client Web browser;
language commands that could be potentially damaging in the hands
of a virus creator have been removed. VBScript is designed as
a subset so that it is small and can be downloaded quickly from
the server to client. VBScript is designed to compete with JavaScript
(from SunSoft and Netscape) as an interactive Web page programming
language.
Caution |
The question of whether VBScript is safe is still a debatable point. Some software engineers have devised ways for a malicious VBScript function to use OLE Automation to execute operating system commands on the client machine unbeknownst to the user!
|
When you place an ActiveX control, such as a gauge, on your HTML
page, what happens when the user clicks it? The Web browser will
fire an ActiveX event into your HTML code where you can provide
custom code to process the event anyway you desire. For example,
you could determine whether to load a different Web page or send
a collection of form data to the Web server.
Microsoft has also announced a new product that it considers to
be an outstanding example of what can be accomplished with Web
technology and ActiveX. Microsoft is developing a new application
(NetMeeting) that will provide real-time, worldwide audio and
data conferencing over the Internet. See its Web page at http://www.microsoft.com/intdev/
for more information.
Note |
Microsoft offers several mailing lists that may be of interest to Web page authors and Intranet/Internet developers. The following topics are currently available:
- ActiveX controls
- ActiveX scripting
- Code signing (trust verification services)
- CryptoAPI (cryptography for Win32 applications)
- DCOM (distributed COM-based programming issues)
- DocObjects (OLE document developers)
- Internet Explorer HTML
- VBScript
- WebPost API
For more information and to subscribe to any of these mailing lists in either regular or digest form, visit this URL:
http://www.microsoft.com/intdev/resource/mail.htm
|
Note |
NetManage offers a free package of ActiveX controls for use by Web designers and VB programmers. Be sure to check out this URL:
http://www.netmanage.com/
|
In addition to selling application programs and operating systems,
Microsoft has always been a vendor of programming tools. They
started with Microsoft Basic almost 20 years ago, and they continue
that tradition today with VBScript. Visual Basic does have its
limitations, however.
Visual C++ is a very powerful environment for the creation of
commercial PC software. Microsoft is in eternal battle with Borland
for the king of the hill position in the C++ tools arena. To aid
that effort, Microsoft has just released Visual C++ 4.1 and 4.2
with a new focus toward the Internet.
The following are some of the new features in Visual C++ that
are targeted at Internet programmers:
- A new Class Wizard for creating an ISAPI
DLL (Internet Server Application Programming Interface, Dynamic
Link Library).
- C++ classes for Windows Sockets programming
that treat complex TCP/IP data transfers as simple streams (CSocketFile,
CAsyncSocket, and Csocket).
- Classes for the HTML, HTTP, FTP, and Gopher
protocols and datastreams.
Jakarta is the code name for a new development tool from Microsoft
that will function similarly to Visual C++. The difference is
that Jakarta will develop Java code. Of course, Microsoft has
to officially license Java from Sun first. Although Microsoft
has business agreements with Sun, it remains to be seen whether
Microsoft will drag its feet on this one in an effort to give
VBScript a chance to catch up with JavaScript. No release date
has been made public for Jakarta.
Microsoft is making the following Application Programming Interfaces
(APIs) publicly available for developers to help them build Internet-ready
applications.
Winsock 2.0
This API provides TCP/IP UNIX-style sockets on Windows platforms.
NT 4.0 supports the new Winsock 2.0 standard which allows application
programs to be written transparent to the low-level network protocol.
Winsock 2.0 will support AppleTalk and IPX/SPX, in addition to
TCP/IP.
ISAPI
ISAPI is the Internet Services Application Programming Interface
that Microsoft jointly developed with Process Software. Process
has carved its mark on the Web via their full-featured and robust
Purveyor Web Server for Windows NT.
I will discuss ISAPI a bit further in Chapters 19
and 20, but basically I can say here that
it is a Windows DLL version of the Common Gateway Interface (CGI).
It allows Web server extension programs to achieve much greater
performance on NT than is possible with straight CGI.
CAPI
CAPI, or the Cryptography API, allows developers to call prewritten
functions for encryption/decryption of files and messages, and
to transmit and verify digital signatures. CAPI is available in
NT 4 (and soon in a Windows 95 service pack).
Sweeper or the WinInet API
It seems that Sweeper and WinInet API are practically synonyms
for each other. Sweeper was apparently the code-word for this
technology before it was released under the ActiveX umbrella.
So what does it do? It allows programmers to use HTTP, FTP, and
Gopher to send and receive functionality without having to develop
it from scratch on top of TCP/IP. It can be seen as one layer
above TCP/IP and Winsock, and one layer below the application.
Security is very important to the mainstream success of the Web.
I already mentioned the Cryptography API above, but let me also
touch briefly on some of the other security initiatives that Microsoft
is either making or backing.
Code Signing
This is another feature that is built into Internet Explorer 3.0.
The idea behind it is to let the browser user know which ActiveX
and Java applications will be run on their machines before
they are downloaded. The user can then choose to accept software
from reputable developers or reject suspicious programs before
they run.
SSL 2.0 and SSL 3.0
SSL stands for Secure Sockets Layer. Originally developed by Netscape,
SSL has become a leading standard for credit card transactions
between Web browsers and Web servers.
IIS and Internet Explorer include built-in support for both SSL
2.0 and SSL 3.0. If you wish to secure transactions on your SSL
Web server, you must first obtain a digital certificate from a
certificate authority as outlined in the IIS user's guide.
STT
The Secure Transaction Technology specification (STT) was developed
by Visa and Microsoft for the purpose of secure credit-card transactions
on the Web.
PCT
Here is a quote from Microsoft's own Web page (http://pct.microsoft.com)
on their Private Communication Technology specification. PCT "...is
designed to secure general-purpose business and personal communications
on the Internet, and includes features such as privacy, authentication,
and mutual identification. PCT enhances SSL with technology developed
for STT, particularly in authentication and protocol efficiency.
By separating authentication from encryption, PCT allows applications
to use authentication that is significantly stronger than the
40-bit key limit for encryption allowed by the U.S. government
for export."
SET
Secure Electronic Transactions (SET) is a payment protocol designed
by Visa and Mastercard for Web merchants. It is getting very hard
to keep up with all this, but I think that SET will supersede
STT. Whereas STT was Microsoft and Visa vs. Netscape and Mastercard
(who were backing SSL), SET is the fruit of Visa and Mastercard
deciding to get together to avoid the possibility of having two
Internet banking standards.
PFX
The acronym PFX is supposed to stand for Personal Information
Exchange. (Hmmm, it looks like the marketing folks will do
anything to get an X in there.) PFX was derived from Microsoft's
work on STT and PCT.
This protocol proposal has been submitted to the W3C (World Wide
Web Consortium) by Microsoft. The protocol is designed to let
users transfer or carry personal data securely between different
computer platforms. Internet Explorer 3.0 supports PFX.
TLS
The Transport Layer Security (TLS) protocol includes both PCT
and SSL. TLS is being considered by the Internet Engineering Task
Force as a potential standard.
This chapter has presented a quick overview of the vast array
of Microsoft technologies aimed at the Intranet and the Internet.
The discussion included everything from the Web browser to the
application programming interfaces.
The next chapter, "Using Visual Basic Script on the Intranet,"
covers VBScript in much greater detail than was given in this
chapter. I'll discuss the language elements and show you how to
write VBScript into your own HTML pages.

Contact
reference@developer.com with questions or comments.
Copyright 1998
EarthWeb Inc., All rights reserved.
PLEASE READ THE ACCEPTABLE USAGE STATEMENT.
Copyright 1998 Macmillan Computer Publishing. All rights reserved.