just a quick question hopefully someone can point me in the right direction. In our .net web application we are trying to implement a third party device that pairs with the user computer. In order to generate this pair in our project we need to be able to either pull the current users computer name, or ip address. In a winforms application this would be easier since it resides on the users network. Since this is a web application, it has been quite hard as the only thing being returned is the ip address of the server or the name of the server. So what we are thinking of doing now is having either a Windows Service, or WinForms application, that our customers can download that will return this information to our application.
Creating the Windows Service or WInForms application is straight forward and I understand that, my question is how would I get my Windows Service or WinForms application to send data to the web application? I have looked into WCF but it seems the end user would have to set up some tcp settings on their end which could be difficult for some and I would like to avoid. If anyone has any suggestions other than WCF I'm open to that as well.
Any suggestions for how this situation should be handled appreciated, thanks.
i guess you are misunderstanding the concept of Web service, or WCF or whatever technology you use.
A Web Service is that, a "function" that will be called from a client but executing on the server, so when you do a WCF and you use it from a different web site, or a desktop app, you are in fact sending the data to that server.
In other case if you are trying to achieve a "real time" monitor, sending data to the server and showing it on your website, then you need to do separate things.
This is what you need to do.
First set up a WCF service that will handle the information on your SERVER side, in there you need to implement a function which will be receiving a IP and computer name (or whatever you need) and returning the hash, key or the info you are using to pair the device, then host it on a IIS server.
`public string PairDevice (string name, string IP, string ....){
//save to database, do something and return the hash.
}`
Second create a windows service, a desktop application or something that will be running on the CLIENT computer, in there you need to CONSUME the WCF, in your main code, you will retrieve all the parameters you need for your WCF function, then adding a "Service Reference", you will be available to use the REMOTE function on your CLIENT, be aware that your SERVICE needs to be reachable by the application.
//retrieve IP, name, etc
string name;
string ip;
myWCFclass WCF= new myWCFclass();
string myHash=WCF.PairDevice (name,ip,etc...);
//thats all.
And that's all you gotta do, if you need more help about how WCF works, i suggest you to read this link
http://www.codeproject.com/Articles/406096/A-beginners-tutorial-for-understanding-Windows
Related
I have an application which is structured as:
Web Application - WCF Service - Database
All communicate to and from the database goes through the WCF Service, the Web Application is not able to directly talk to the database. I needed to protect the data as it travels across, so i setup SSL on my local machine to test and configured it in IIS, so now the WCF Service has to be hit using HTTPS. However, I did not setup my Web Application to use HTTPS, is that ok? I thought since the WCF Service is doing all the transferring of data, it's the only one that needs HTTPS.
Thanks.
If you're interested in encrypting your data, you need to make sure it's passed encrypted on all tiers of your application. From your description it seems that the data passed from the user to the WebApplication itself is unencrypted and therefor passed in clear text. This means that anyone that "listens" to the traffic between your users and the Web Application can intercept the data.
I recommend adding SSL on the Web Application too, to make sure that your data passes encrypted through all 3 tiers of your application.
Im currently in the process of exposing our internal CRM system to the web so our employees can use it outside out network. The data is being surfaced to our web application via asp.net WebAPI.
We have SSL setup on the website. But am thinking how else I can make sure the WebAPI is secure from malicious use. My ideas are:
Tracking what IP addresses are accessing the WebAPI and only allow addresses that we have validated are from employees. Problem with this having dynamic IP addresses we might be constantly updating a data store of valid IP addresses.
The user has to login to the system. So every request to the webapi will send across their login details which will be validated before the webapi will process any request.
Pass the device ID of the device using the webAPI and validate (pretty much the same as IP Address tracking in idea 1)
Having a unique clientside generated access token which much match up at the server side.
Has anybody got any advice on my security ideas I outlined? Is it to little or is it overkill?
Just want to make sure the data cannot be hacked, because my butt would be on the line if it did.
Thanks in advance
I would actually choose a totally different solution - updating valid dynamic IP's will be hell.
I would:
Create a new Project using the "Intranet Application" instead of using "Internet Application"
Host the application on your local office network
Set up VPN to your Office for your colleagues
Would this solution be possible for you?
I'm very new to web services (please note, not WCF but the old fashioned .asmx files).
Now I may be liking this too much to ports, but if I expose a port on my web facing server then it is exposed to attacks as well as my own use; There are tools which can scan to see what ports are open.
Is this true of a web service? Now, don't get me wrong, I know each service should be coded well enough that nothing malicious can happen or that the calling class doesn't know the 'contract' to implement them, but that's not the question (and I guess port flooding could still occur?); If I put up a few web services on a server, is there a tool/program which can detect them (by name)?
Yes, a web service is basically a web page that takes arguments and response with a formatted result that can be read more easily by a program (technically both are a result of a http request and response - there are other mechanisms as well, but the typical one is over the http protocol).
If you type the link to your web service in a browser you will see you are presented with an interface that allows you to "execute" its services.
Therefor you need the same security as with a web page, meaning login or check of credentials, tokens, signing, encryption and so forth (preferably on a ssl-connection).
How can I send commands to a WinForms application from an ASPX web page? We have already explored executing the WinForms application with different command line parameters but wanted something more smart.
Thanks.
Create a web server within your application that listens for HTTP GET and/or POST commands and acts appropriately. Then use AJAX to send request, i.e., http://localhost/myapp/?command=print&file=teletubies.jpg
Your web server, which is just a program that listens on port 80 and sends responses according to the very simple HTTP protocol, within your application then parses the requested URL and decides that it should print the file teletubies.jpg based on the query string in the URL.
Web pages (whether running asp.net or a competing platform) are always reactive. They receive commands (requests) and respond. They are not proactive, and don't send commands. This is how the core technology on which the internet is built works.
This means is you want an asp.net page to send a message to a client app, the only way to do it is for the client app to frequently poll the page, possibly using System.Net.WebClient.
I don't know of any way this can be done due to security. I know I wouldn't want people to be able to access the running applications on MY machine from their web app.
I have a silverlight application that uses wcf service. This application is shown from a link in an existing project of asp.net web application type. There is a userid session found in the project that i want to transfer it to the silverlight application. I thought of query string but its not a secure thing to do it. so is there a way to transfer the asp session object to the wcf application which the silverlight application communicate with?
You could write a web service that you could use in Silverlight and with which you could get and set single values from and to the current session.
If you want to transfer the whole session to Silverlight, this is of course also possible by a query parameter or the like.
Concerning security, it depends on your scenario. There is no way around that, you do have to send the data over the wire to the client in some way. You can encrypt it, but the Silverlight client will have to know how to decrypt it. Silverlight client code can of course always be inspected in reflector by anyone who has access to the application.
What you can do is set everything up to use SSL for communication, it might be sufficient for your scenario if you never send more information to a client than a client is allowed to know.
If you can run WCF services in ASP.Net compatibility mode then you would be able to share all of the ASP.Net Runtime Objects such as Session, Cache etc.