Allow IE interaction to trigger execution of local code client-side

I want to allow interaction on a trusted webpage to trigger execution of code on the client. The users will be using IE as web browser. The code files 开发者_如何学运维to be executed will be available on the client. The method interface of the local code files will be known to the webpage. This could for example be used to save data from the browser to a predefined file on the client or any other action defined in the local code files.

All other code will be written using c# and aspx.

What would be the proper way (or the easy way?) to do this?

Unless you have a desire to dig into ActiveX, I fear IE doesn't provide any other interface to manipulate underlying levels in the system.

It wouldn't be safe for the client at all.

Can't tell you exactly. Firstly what comes to my mind is Developing a browser plugin or Google Gears.

I think Google Gears allows to create and access files locally through browser.

One easy way to do this for intranet apps is to write an IE extension that implements a URL scheme (for example myapp://blahblahblah) and install it on client computers. Then your webapp can contain links that use that scheme. The extension that implements the scheme can interpret it to communicate with applications installed on the client machine.

This is considered hacking (using a browser to write data on the client's computer). Whether the users trust you or not, there's no possible way (other then illegally using exploits) to do this, whether you use C#, JavaScript or any other technique.

Just suppose for a moment that it is possible. You can write to c:/windows/ and destroy a user's system. Even if you don't intend to and promise the world that you do it right, if it is possible, other people can do it that are less trustworthy. And considering the amount of actively exploited leaks in IE by criminal organizations, that's not a thing you should want.

That said: to gain full trust and be able to do anything, can be done by one of the following:

1. Write an extension or plugin for the browser.
2. Write an ActiveX control that needs full trust.
3. Write an application that the user must install.
4. Use full-trust VBScript or JScript and open and use FileSystemObject from the script.

Either of these give you full freedom. Option 3 is the most common though, for obvious reasons. And all of these require the user's permission (they'll get a popup and have to click yes one or more times).

An example of option 4 is as follows (note, drop the idea of using C#, that's server side only and can't be used in a browser):

// this is JScript and works within <script> in IE only
function CreateSomeFile()
{
    var fso = new ActiveXObject("Scripting.FileSystemObject");
    var myFile = fso.CreateTextFile("c:\\somefile.txt", true);
    myFile.Writeline("this is Hello World from Outer Space");
    myFile.Close();
}

Update: added code sample