Launching Desktop application from Browser using custom protocol C#

In the current cloud way of working, recently I came with one interesting requirement where we had to launch a desktop application residing in user’s system using another web application.

Now we all know with browser and application security the browser don’t get direct access to applications installed (unless we use registry)

To solve this problem we had 2 options

1. Allow the desktop application launch using custom protocol by Registry update
2. Launching desktop application using chrome extension

In this article we will talk about launch using custom protocol.

1: First we need to register a custom protocol from the desktop application, which will allow the browser to launch the desktop application when a user clicks on the link

To register an application to handle a particular URI scheme, add a new key, along with the appropriate subkeys and values, to HKEY_CLASSES_ROOT. The root key must match the URI scheme that is being added. For instance, to add an “alert:” scheme, add an alert key to HKEY_CLASSES_ROOT, as follows:HKEY_CLASSES_ROOT
alert
(Default) = "URL:launchmyapp"
URL Protocol = ""
DefaultIcon
(Default) = "myapp.exe,1"
shell
open
command
(Default) = "C:\Program Files\myapp\myapp.exe" "%1"

Achieving the same using C# using the Microsoft.Wint32.Registry class.

Here is an example code snippet to register a custom protocol for your desktop application:

using Microsoft.Win32;

RegistryKey key = Registry.ClassesRoot.CreateSubKey("launchmyapp");
key.SetValue("", "URL:myprotocol");
key.SetValue("URL Protocol", "");

RegistryKey shell = key.CreateSubKey(@"shell\open\command");
shell.SetValue("", "C:\\Program Files\\myapp\\myapp.exe %1");

In the above code, “launchmyapp” is the custom protocol name, and “C:\Program Files\myapp\myapp.exe” is the path to your desktop application.

2. Once the custom protocol is registered, you can create a link in your web page with the “launchmyapp” URL. When the user clicks on this link, the browser will launch your desktop application.

Example for launching desktop app from Browser:<html>
<h1>Open MY APP Application</h1>
<a href="launchmyapp://">Click Here</a>
</html>

When the user clicks on this link, the browser will launch your desktop application using the custom protocol we registered. Additionally we can also share values from browser as variables.

Passing variables in the desktop application can be done by adding $ as separator

Example for passing variables:

<html> 
 <h1>Open MY APP Application</h1>
 <a href="launchmyapp://para1$para2$para3$para4">Click Here</a>
</html>

Security Issues: Launching desktop applications from web browsers can be a security risk, the string that is passed to a pluggable protocol handler might be broken across multiple parameters. Malicious parties could use additional quote or backslash characters to pass additional command line parameters. For this reason, pluggable protocol handlers should assume that any parameters on the command line could come from malicious parties, and carefully validate them. Applications that could initiate dangerous actions based on external data must first confirm those actions with the user. In addition, handling applications should be tested with URIs that are overly long or contain unexpected (or undesirable) character sequences.

If you liked this article, please 👏 below, so that other people can find it! 😊