Note about the downloads: All except "raw" contain also newObjects ActiveX Pack1 and the NetStreams library to give you rich set of components to use with AXGate.

Related products and tools
NetStreams Networking addition to ActiveX PAck1 family. ActiveX Pack1 About 30 components for CE and desktop. CE App manager Inovker You may need this for your Pocket PC installations. NDL newObjects Development Library - combined documentation.

The ActiveX Gateway (AXGate) is a specific solution for Pocket Internet Explorer (PIE) that overcomes the limitations for the ActiveX scripting in it. If you ever tried perhaps you already know about the problem - PIE silently disallows any unsafe ActiveX usage in the HTML pages. In many cases it is quite convenient to build some small applications or parts of applications as HTML pages with some scripts in them. Obviously depending on the functionality intended such pages will need some way to save or read data from local files, data bases or even access other system resources such as registry and network. Even many of the utility ActiveX which have no unsafe functionality are rarely marked as safe because they are initially planned for server side usage (ASP for example) or as components for development tools such as eVB/VB and others.

So, AXGate provides a simple but powerful solution that allows HTML pages to perform complex operations in HTML pages. This may be extremely useful for corporate and utility applications that are part of bigger systems. For example very often you may need relatively small module working on a pocket device for information collection and some simple queries over the data kept on the device. Even if most of the work is done on a server or a desktop PC (after synchronization for example) sometimes having part of the functionality on a handheld is a must. AXGate gives you a very simple way to implement this. AXGate also integrates with newObjects ActiveX Pack1 and NetStreams library. This in turn gives you over 30 ActiveX ranging from file access to network. It is even possible to implement a corporate WEB site that serves such small applications that work on the device and make them capable of sending/requesting data to/from the server in the background. Thus the opportunities are here - it is up to you to decide if HTML pages with AXGate fit your needs or you need something bigger such eVB, C++ or ALP to implement more complex solution.

Requirements

AXGate is for Windows Mobile 2003 and later (also referred as Pocket PC 2003 in many places and non-oficial conversations). It is for PIE and will not run with the full Internet Explorer even if the processor type is the same (The PIE and IE provide a bit different interfaces to the ActiveX). Unfortunately Pocket PC 2002 lacks some features and this trick is not possible there. For Pocket PC 2002 something can be done in theory but it wont run the way developers expect and will require big deal of accommodations which is non-practical for older old OS version.

How it works?

In contrast to the security manager as we know it on the desktop IE an full IE for Windows CE.NET AXGate works not on a per-object basis. Instead it uses profiles which list a number of objects that can be created through it. The authentication/permission request is done when the page activates the profile. If a single profile is enough for all the work the page does, no matter how many objects are created from it the user will be asked just once (if user interaction is configured) or authentication will be done when the profile is activated only (if password protection method is configured for the profile). Thus the access to the components is in packets of classes grouped together by means of their functionality and potential impact over the system security. 

The profiles are kept in a configuration file named AXGate.cfg which must be in the same directory where the AXGate.dll resides. There are several standard profiles listing components from our popular DLLs such as newObjects ActiveX Pack1 and NetStreams. The download packages in the header of this page contain these DLL in order to provide you with fully functional solution with working samples (note that there are some additional external samples in VBScript - you may need the VB runtimes from Microsoft in order to run them).

You can create your own profiles as needed. The standard profiles can be used as base or examples, but we do not recommend changing them. We are trying to establish something like a standard with them in order to allow wider usage of the AXGate features. Another reason to not change them is their design - we carefully estimated the functionality included and its security impact so they are consistent as they are. Also using your own profiles (especially for company specific applications) will minimize the security risks in case of wrong profile configuration. This means that even if you made a mistake in the profile and that mistake may lead to risky situations the attacker will need to know the name of your profile - additional precaution is always a good idea today. see more about the profiles in NDL and a little overview for the first time users here.

Aside of the COM classes list AXGate supports several useful features such as creation of pre-configured objects. For example the LogFile profile contains a class named "Log" which is not just a COM class listed there but a section that specifies certain file on the device. When the page creates the object "Log" it receives a SFStream object attached to that file. This allows sandbox techniques. The standard profiles implement them to allow even untrusted applications save/read data from your local file system, but only to certain file or OLE storage. This allows extended functionality without risk to harm the device - in the worst case a harmful page will only destroy the content of that file and nothing else. 

Samples

There are several samples included in the packages. They are all for PIE (the sample pages will not work on PPC2002 or full IE). You can see how you can do a lot of work from a page. Special attention deserves the DataCollect sample which uses the Sandbox profile. Such a page can work from any site and still be able to store a lot of information on your local device. However it can do this only in the OLE storage specified in the profile. Assuming that the work you do with the entire product (from which this page is a part) involves additional processing on the device or even on a server or stand alone desktop machine - you will need to access the stored information later. It is quite easy and there are two very simple scripts (for newObjects Micro script host, but they can be ported to anything else) that demonstrate how this can be done. Depending on the structure of the application the best way may differ - from extraction of the collected data at the end of the day for example to dynamic usage from other parts of the application. For instance the OLE storage used by the profile can be put in the file synchronization list of ActiveSync and processed upon synchronization on the desktop. Well, there are too many opportunities to describe them shortly.

Request for opinion!

This solution is for Pocket PC/Pocket IE only. However it seems reasonable to expect some benefit of similar or extended solutions supporting not only PIE but also the full Internet Explorer and desktops. Let say some kind of sandbox technique that will allow complex work to be done on HTML pages. Making possible to access the local resources in a restricted way but still making possible to do things impossible without usage of unsafe ActiveX seems to be interesting. Of course, this is not the way one will build a big and complex product, yet running applications online and allowing them store data locally is quite tempting as technique employed for some of their parts. With all the networking today there are many cases in which certain employees will work detached from the main office or the network. Doing everything online involves too much spending - for all the active time. If it is possible to do part of this work offline it will lower the costs considerably. AXGate demonstrates one more way to do so and it is quite simple. May be extending the idea to something more flexible will be interesting? We will be glad to hear your opinions, needs and thoughts. There are certain technical specifics and certain needs - finding out the balance between them and the actual needs may lead to something useful.  

Licensing

AXGate is FREEWARE! You may include it with your solutions, build custom applications that include it as long as not copyright markings are stripped. For your convenience there is a raw download package that contains the files without installation. Use it to obtain the DLL and the standard configuration if you want to include them in your installations. In such case you will probably need also newObjects ActiveX Pack1 and may be NetStreams. See their pages for the appropriate downloads (there are raw file downloads for all of them).