I have a web application (developed in Angular4) hosted with embedded web browser that is Chromium Web Browser Control (CefSharp) in a desktop application.
The web application is tightly coupled with host desktop application hence cannot be run it on browser independently.
Considering the scenario, Can I automate scanning or by any means perform scanning manually with ZAP API tool ?
After spending few minutes I realized that ZAP is independent of browser type. It supports any type of browser (including embedded one).
What it needs to read websites is proxy set up.
I just set up proxy to “CefSettings” while initializing the app.
Note: ZAP server is running on "localhost:8081".
var cfsettings = new CefSettings();
cfsettings.CefCommandLineArgs.Add("proxy-server", "localhost:8081");
Cef.Initialize(cfsettings);
browser = new ChromiumWebBrowser();
Related
If a web application is developed in Asp.net, IIS is needed to run a webserver.
How these two(Asp.net and IIS) works together? Do IIS takes the build files and runs the server?
How expressjs(A frame work of nodejs) run web server since it isn't using any other software?
I can explain the node.js side of things and hopefully someone else can come along and explain the IIS/ASP.net side of things.
Node.js is a generic Javascript run-time environment. You can build all sorts of apps in it, even applications that have nothing at all to do with a web server.
It so happens that one of the built-in libraries in node.js is an http/https server. So, if you want to build a node.js-driven web server, you just grab the http server object, create a server, start it and program away on request handling.
Express is a web framework that is built on top of the node.js http/https server objects. It uses the built in server and provides a framework around that for defining request handlers, setting up routing and middleware and the middleware API is supports enables all sorts of 3rd party libraries for doing a wide variety of web-server-type things such as authentication, encryption, compression, uploads, downloads, image handling, audio handling, video handling, etc...
What set node.js apart from a number of other web-server frameworks is that node.js didn't start out saying I'm only a tool for doing web server stuff. It started out as a generic programming environment that happened to have a pretty good web server built-in as one of the tools one could use. And, it only takes a few lines of code to create and start your own web server using the built-in support. I would hazard a guess that building web-server apps is perhaps the most popular thing to do with node.js, but certainly not the only thing.
For example, I have a node.js script I wrote that does nightly housecleaning on my disk drive. It removes certain types of files from my temp directory. It helps manage backup files (keeping only the last 10 backups of my Adobe Lightroom catalog). This use of node.js has absolutely nothing to do with a web server. It's just a Javascript run-time environment that I happen to use the file system access libraries in it to do a bunch of file management.
For example, here's code to start a basic web server in plain node.js:
const http = require('http');
const server = http.createServer(function(req, res) {
console.log("got a request from", req.url);
res.end("Hi");
});
// start web server on port 3000
server.listen(3000);
I have a requirement to install a desktop application written in visual c++ when our customers log in our asp.net web site. The desktop app will be installed once, but will be updated as a newer version is available. What is the best way to do this?
My second question is that is there a way for my asp.net web app to interact with a window service installed on customer computer and direct the window service to control USB devices.
My work uses software by a company called Citrix. There is some client side software that goes on the client's PC. When setup correctly, we can click a link on our sharepoint site that will trigger the citrix client software to launch a WPF desktop application from a network drive that will run locally on the clients computer (might be in a virtualized space that Citrix creates). This seems to work well, it runs our WPF applications that use windows authentication. This is all I know about it. You can research more if you're interested.
To answer that second question... Your window service would need to expose some kind of service for the client (asp.net web app) to communicate to it with. So ideally I think setting up the windows service to host a WCF service inside it and use something like named pipes or HTTP protocol to communicate with your application. I don't know what kind of USB devices you are trying to control though, that will take research on your part. But if you can control them with a local console application, you should be able to do the same with a windows service.
Good luck. Hope this was helpful.
You can't install an app from a web site, best you can do is prompt the user to download the installer. And asp.net (or any website in general) can't interact with the window service on the client. Imagine going to a website which changes your service settings, installs viruses, etc. A website is pretty much limited to changing cookies and local storage on the client, anything else on the client is inaccessable.
I have zero knowledge on flex and need help to determine what is preventing my web service from being called.
We have a working application in production and the developer who wrote it has left.
I am trying to build it on my machine and I can see a web service call in fiddler being made with the URL "/Services.asmx/MethodName" (as a GET request).
I have set my break point in the asmx web service and it is not being hit. All I get in the flex front end is a pop up with " The remote server failed to respond and may be offline. http://MachineName/Services.asmx/MethodName"
The web service is in the same application as the web app that hosts the SWF file.
I have the cross domain policy file in place.
What I noticed in fiddler is the URL is "/Services.asmx/MethodName" and not "/WebApp/Services.asmx/MethodName" (not sure if this makes a difference) where WebApp is the IIS virtual directory to the web application that hosts the SWF.
Any ideas?
JD
If you are Web-services and your web-application is same domain then just pass the whole path like "http://..../Services.asmx" for creating web-service api instance in ActionScript 3.0 (for flex). and use this instance name to call your web-service method.
Please read this article from Adobe help for your perfect answer
We are developing client application for our solution. Its a desktop client. We are using flex for same. (Although I know flex is meant for web application and air application is best suited for desktop clients, but due to some build issues we can't go for air applications). Now according to our use case we required to read file from local file system which is not allowed in flex application due to sandbox policy. To override it we had planned to use it in local mode (i.e. running from local file system instead of deploying in web container). So after running application in local mode it bypasses sandbox policy and allows to read local file. Eventually we requires remote services call (either using web services or blaze ds) also in our application. To avoid sandbox restriction for network access in local mode we are planning to explicitly grant network access permission to our flex application. So does anybody finds any issues in this approach which I may encounter ?
Thanks,
Ankur Shah
As long as you make sure to use the local-with-networking security sandbox. This will allow you to access both the local file system and the network.
You can see more about the different sandbox types here: http://livedocs.adobe.com/flex/3/html/help.html?content=05B_Security_04.html
We had to avoid any of these kinds of issues by using Air with C# WebServices and HttpServices (twas an Air GUI with C# server-side running on Windows). Although not much help to you.
Another possible solution might be to use JavaScript within Internet Explorer to access the local file system via ActiveX controls (which I hav'nt done), and then use Flex's ExternalInterface API to grab the JavaScript/Html data from within the same browser (which I have).
We have a desktop client application and recent customer requests indicate that they would like to have some dynamic HTML content served and displayed by the application.
We are considering hosting a simple ASP.NET application in a local process, accessible only from the local machine (similar to the ASP.NET development web server used when debugging from Visual Studio).
How can we run an ASP.NET application locally without IIS? IIS is not an option because most client machines will not have it installed.
Is there a leightweight ASP.NET web server that could run locally similar to the development web server that VS is using?
I have found some information about "Cassini". Is this suitable for production use? Can it handle ASP.NET MVC? Are there any alternatives we should consider?
I have not used it myself, but you can try the mono XPS server.
It is a stand alone webserver.
The easiest way to start XSP is to run it from within the root directory of your application. It will serve requests on port 8080. Place additional assemblies in the bin directory.
Cassini is in fact also a good option - it is the development web server that comes with visual studio (so widely distributed, used and tested) and is also used by the open source ScrewTurnWiki. See wikipedia.
In regards to your "only locally" requirement - a web server will serve any request made to the right port. In order to limit accessibility, you should use a firewall that will block any external requests.
You might consider using WCF to host a service on the local machine that can serve the data without having to host a full blown web server.
If you do this, WCF allows you to expose the service with multiple endpoints and make it available through HTTP, TCP, or Namepipes. Namepipes would restrict traffic to only the local machine.
I have also tried IIS Express. It works great with ASP.NET MVC. Right now it is available only with Web Matrix, but installing web matrix is easy.
Coming back to this question three years later, ServiceStack.NET with self-hosted option seems like a good choice. While it is not ASP.NET MVC directly, it provides a good API and features are on par with ASP.NET MVC/WebAPI (or in some ways better).