Web browser lock-down: How to? - asp.net

I have an ASP.NET web application where a portion of it needs to run in a web browser as a public facing terminal.
Essentially it is used to capture anonymous user feedback (wizard control on a .aspx) in a commercial location such as a shop.
An administrator will login and prep the application for 'terminal' mode.
The terminal is a normal PC with keyboard and/or mouse like device.
I would like to prevent users from:
Viewing the browser menu's, pushing back button and/or entering a different URI in the URL and also disallow keyboard shortcuts from bypassing the intended looping functionality of the application that is running?
Which browser is best suited for its ability to disable functionality as mentioned? The app runs on IE/FF/Chrome/Opera/Safari.
HOW would one go about configuring the machine and/or browser so it is locked to prevent unauthorized/unintended use?
On a side note, I guess the web application session needs to have an unlimited timeout?
Thanks for your input!
EDITED: I am leaving the question as unanswered for now... I would like to see responses that highlight possible options for the other browsers as well.

You can run Internet Explorer in Kiosk mode.
Please see this MS KB article.
Simply put, start Internet Explorer with the -k argument
There seems to be some commercial products available also, like this.

Try How to use Kiosk Mode in Microsoft Internet Explorer
Also, there are many Kiosk tools to assist in locking down a machine. Example: http://www.thekioskstore.com/index.php/software/kiosk-lock-down

Firefox has at least two plugins (and possibly many more):
https://addons.mozilla.org/en-US/firefox/addon/1659
https://addons.mozilla.org/en-US/firefox/addon/509
It is also possible to lock down KDE and GNOME (GNOME at least has a built in tool), which you can also use to lock down the rest of the system. I suggest installing Ubuntu if the web app is running on another system.
If you have to use MS Windows, check out: http://www.microsoft.com/windows/products/winfamily/sharedaccess/seeit/internetcafe.mspx.

You can use an opensource Linux distribution designed for this very purpose, http://webconverger.com/

Related

(Client) screen capture in meteor?

Is there a way to get a screen capture (of the client screen) in meteor? I don't care whether it's available (once captured) on the client or the server - either is fine.
I saw something similar to this but it appeared to only work for a browser window. I'm looking for a screen capture of the client screen no matter what is active - even if there's no browser open - just as if the user hit the "PrntScrn" key then pasted into a jpg file and saved it somewhere.
One cannot do such things (calling unapproved OS functions) from code that runs inside of a web browser.
This is a deliberate design decision for web browsers, as one doesn't want scripts from the broader internet running arbitrary code on your computer.
Internet Explorer used to (not sure if still) provide "hooks" for Windows Update that involved an Active-X control that interacted with the OS.
They MADE the OS (Microsoft) so it was their prerogative, but it undoubtedly lead to some exploits...
You can use html2canvas for generating the screenshot. There is a meter package too for the same on atmospherejs. You can find the docs and examples here
Alternative is to use PhantomJS to do this job.

How can we close the opened Url through program?

I am using QDesktopServices::openUrl(url); to open a url.
How can I close that through user defined code?
You are opening your URL in a browser window, on which user code doesn't have any control.
So basically you cannot close the browser.
A workaround could be that you write a script and detect if a browser is opened on the system, if yes you can close the browser by terminating that process. But I do not recommend this method as it has many security and standard compliance issues on some platforms.
EDIT:
You do not need to create your own browser, just use Qt Webkit to render the opened URL within your own window.
I'm afraid I don't believe you can close a URL via Qt code, with QDesktopServices.
The user could have configured their operating system to open URLs with any number of different browsers, and I don't see how it would be practical for Qt to be coded to know how to close every different type of browser porgramatically, on every different platform they support.
Edit
An alternative is to put a browser widget into your application. Then you'll have control over that. Qt provides some pretty powerful tools for is. See the Qt WebKit documentation.

Flex application suspended while in the background using Safari on Mac

Users of my Flex application report that sometimes the application is freezed when the browser window is minimized or they select another active tab over it. In this suspended state, the application receives no CPU share and all network connections it uses are closed. When the browser window is restored, the application is resumed. This happened with Safari 5 on Mac OS Leopard, with both Flash player 10.0 and 10.1. I searched a lot but I could not find any information about such behavior.
This behavior is not reproducible on each Mac with Safari, so my questions are:
Under which circumstances this may happen?
Is it possible entering in suspended state to be prevented and how?
Is it possible for the Flex application to be notified about going into sleep mode and wake up back?
This is a Safari thing and is by design. Newer versions of Safari suspend flash content that is not in the foreground tab (not sure when this started, version 4?) For instance, if you have multiple tabs open, each with a youtube video playing and you go back and forth between the tabs, only one of the videos will be playing at a time. To answer your specific questions:
This will happen to any flash content that is in a background tab (not sure about the minimized state.)
Not aware of a means of disabling this behavior.
You may want to dig around in the Safari documentation to see if there is some sort of JavaScript event that you can grab onto, but I don't think you are likely to have success there.
Good luck.
Are your users using Flash Player 10.1 ? As part of the performance improvements in 10.1; I believe an application in a minimized state will get throttled in order to use less system resources / battery power.
I don't think there is any way to prevent this; and no APIs exposed that relate to this.
Other people I've spoken to have had issues with using local connections between minimized apps and active apps. I'd bet there is already a bug in the bug base on that.
Wrt the following above:
.I don't think there is any way to prevent this; and no APIs exposed that relate to this.
You may want to check out if Silverline from Librato can help you control how much and which applications get what system resources (CPU, memory, Disk and Network IO) with dynamic control based on application demand. If the above issue is a feature of flash - then obviously it may not help. But if you are trying to say run multiple applications / processes and would like to control who gets how much system resources (dynamically) then you could try Silverline - it does not require any changes to OS or app. http://silverline.librato.com

How to Protect program from using on the SERVER?

I have a progam this is a converter for .NET that can be used in other .NET projects.
I have two kinds of license:
Developer license for DESKTOP software
Developer license for WEB server deployed software.
How I can protect my program if client buy (1) license he CAN NOT use it on the SERVER.
Disclaimer: I don't know anything about .Net, other than how to spell it, and I'm not completely sure about that.
It seems like one difference between a person using your file converter on their desktop and using it on a web server is that only a single instance will be running at a time on the desktop; a web page will probably have multiple instances, once per concurrent request. This seems like something you could enforce in software, and also something you could easily write into a license agreement.
Does IIS run with a graphical console on Windows? If it doesn't, and your desktop version does, maybe you could detect that?
Ultimately, though, if someone wants to get around your server/desktop distinction enough, they're going to; they could, for example, have the web server send the document to a desktop machine, and have the desktop send it back to the server. So, at some point, you'll have to give in and either ignore it or to say that's a problem for legal to handle.
If it is desktop software (I'm not sure by the question with the tag), you could use the Environment object to check what OS the code is running on and stop it running on Server Technology. This won't help if they run a server using XP or the like though, but it's a start.

What program can I use to remotely help clients?

I have a lot of people that ask me to fix their computers. Usually it is "slow computer" or "my computer has pop-ups," etc. In other words they have viruses and spyware. I thought I could use a remote program to do it, instead of them brining their computer to me or me traveling to their house..
I thought of UltraVNC, though I'm not sure how I would get them to use it. What I would like to have is a program they can download from my website.
What program would you recommend for this? Remote Desktop? VNC? Something else? I'm happy to pay a small fee if necessary to make things as seamless as possible. Word of mouth is valuable and a good referral for an easy to work with computer person (me) is worth that monthly or one time fee.
I have Vista, most will have Vista Home Premium or XP Home. I have Vista Home Premium and Mac OS X. I can use Linux if necessary. I just don't have it installed right now.
Thanks.
EDIT: Is there an alternative to copilot? I like it but I'm afraid to stake everything on one provider.
https://www.copilot.com/
It's made to be simple so even the most novice computer users can figure it out.
Copilot helps you fix someone's computer problems by letting you connect to their computer, see what they see, and control their mouse and keyboard to help fix the issue.
It's nice because they just go to the site and enter the code you give them. The installation is simple from there.
(Modified)
LogMeIn has a free version that works very well. It runs in the user's system tray and you can login and control their computer as long as they have the program running. The free version has a few less features, but they're mostly luxuries instead of necessities.
Team Viewer is a desktop sharing remote control support tool. It is free for non-commercial, personal use.
There are a few different options:
Remote Desktop: Nice interface, integrates with Windows very well (I had no trouble connecting to my Vista desktop from my XP laptop). I think your client would need to have Windows XP pro; XP home does not have the Remote Desktop Server.
RealVNC: Nice interface, the free version is very useful. Encrypted connections are available with the non-free version.
There are others (like Copilot), but I have only used Remote Desktop and RealVNC.
With either of these, you need to make sure port-forwarding is setup if they have a router, and that the firewall whitelists the program.
Windows XP has built-in "Windows Assist" which lets you send an invite to another Windows machine (typically via e-mail) and allows you to remotely control the machine with them watching. This is a nice option because it is already built into Windows (albeit not as well known as RemoteDesktop or LogMeIn).
The advantage over Remote Desktop is that the user can see what you are doing to their machine and control can be passed back and forth.
This link has the steps to do this.

Resources