How can I obfuscate database authentication info during open-source development? - asp.net

I'm working on an open-source web application that will retrieve and display data from a database whose authentication info I would like to keep under wraps, but at the same time, I would like anyone to be able to view and contribute to the source code. The idea is that we don't want the database to be used for profit.
Is there a way to make the database schema public, but only have a few rows of each table actually visible outside of the production server? I'm using ASP.NET MVC 4 in Visual Studio 2012, hosting the code on git, and publishing to Windows Azure. I'm also using a pre-existing Microsoft Access 2007 database.

You could encrypt the connectionStrings section of the Web.config file.
How you do that is described here. The connectionStrings section would not be decryptable on any machine except the server. It would be rather inconvenient for other developers though. You could set up so that this connection string is only used when the web site is published using transforms.

Related

Connect Azure database to existing Asp.Net web application

I'm actually working on an university project and have to figure out how to connect my windows azure database to an already existing ASP.net web application project.
The web application should run on smartphones and tablets.
Since this is a group project, we use TFVC to manage the project.
Our client supplied an mysql script that will create the tables needed.
The Database is hosted in Azure and we want to access it through Visual Studio ultimate, so we can reveice data from the DB and integrate it's data in the application.
I also got the connection string, so I could use it if needed.
So my question is:
How can I connect to the database through visual studio and afterwards: how can I access to it? With access I mean, how and where can I use SQL queries in Visual Studio?
I don't really know where to start, whether it is connecting to the DB via code or on another way.
Every kind of help is welcome.
Thank you in advance.
Your question is still quite vague on specifics of what you want to achieve but hopefully this answers it. If not, please provide even more detail on your question.
If you just want to see the DB in Visual Studio and interact with it
Download the Azure SDK
Go to Tools > Connect To Database
A side box will open and you can navigation through Azure then to your database.
Personally I prefer using SQL Server Management Studio, its much more responsive that the UI through Visual Studio.
If you want to connect your application to Azure, as in code an application that talks to a database, then you just need to replace the connection string in your Web.Config to your Azure Connection String. Then either use ADO.NET, Entity Framework or another ORM.
I recommend Entity Framework but it all depends on what your circumstances and project requirements are.
If the DB already has its schema defined get started here:
https://www.asp.net/mvc/overview/getting-started/database-first-development/setting-up-database
If its empty you can use code first:
http://www.asp.net/mvc/overview/getting-started/getting-started-with-ef-using-mvc/creating-an-entity-framework-data-model-for-an-asp-net-mvc-application

Can I deploy web-form asp.net web application to cloud?

I know such questions have already been asked many times, but I am here with my scenario. Kindly do not delete or vote to close.
I have an asp.net application with L2S and SQL 2008 R2 as backend
Using N-Layered architectured
Mostly normal crud operations to be performed.
Use of Sessions and View States
Manual Login / Logout(User and Roles management) , no .net Membership has been used.
No services used yet, might be a later part.
Third Party controls like Telerik or Infragistics also are in use.
I want to know:
Do i need to change entire application to Azure Web Application?
If not, is it possible to deploy it directly over the cloud , on MS or any other, as we normally do in IIS?
If not, Is there any third party migration tool available to make my plain old web application cloud-compatible, without affecting existing codes ?
I want cost effective and easy to go steps?
Thanks in advance
Yes that should be possible. You almost certainly do NOT have to change your whole application.
Linq2SQL is fine, I run an Azure site with L2S without any problems
You'll have to deploy your DB to a SQL Azure database. There are some restrictions, like all of your tables must have a primary key. A bigger list is here: http://msdn.microsoft.com/en-us/library/windowsazure/ee336245.aspx.
Also, when generating your SQL scripts, be sure to select SQL Azure as the database engine type: http://mooneyblog.mmdbsolutions.com/index.php/2011/09/22/generating-azure-friendly-sql-scripts/
What do your N-layers look like? If they are DLLs, it's fine. If they are web services, you'll need to create web roles for them. If they are windows services, you'll need to port them to a worker role.
Most crud and view state and manual authentication code is fine
For session, it depends on what you are doing (memory vs database). But you'll have the same challenges that you would have if you deployed to any web farm
For Telerik, I'm sure they have to have some support for Azure, and I don't think they would be doing anything crazy that would not work Azure. You should check out their website to verify compatibility.
Also, make sure you are not writing to the hard drive anywhere and expecting it to be there later, because instances can be started and stopped and reimaged at any point. If you're doing that, you'll need to change it to use something else like blob storage.
I have an ongoing series of blog posts that walk through some of the steps, which should help: http://mooneyblog.mmdbsolutions.com/index.php/category/azure/
Good luck!
I don't see any hassles to deploy your web application into the cloud.
You don't need to convert your entire application to anything else.
After all you can just try to deploy it now with the trial subscription in Windows Azure which is free for three months.
There is a fairly big stuff of new technology in Windows Azure such as service bus, azure storage, access control service, etc. However it's not necessary to use all them right now. It's prety easy just to move the existing app into the cloud.
You can deploy it to Azure web site.
That should be easier if you don't want to use SQL Azure and cloud storage.

Asp.net Membership and Roles Self Contained Web Application

I need to quickly wrap some security around an existing ASP.Net 2.0 web app. After thinking about it for a moment, I remembered that Microsoft created that Membership and Roles paradigm a couple of years back, and that Visual Studio could essentially create everything for you.
Thus I forged forward using the built in ASP.Net Web Site Administration Tool and created a simple little security framework around the application. After setting all of the options, Visual Studio created a nice little SQL Express DB called ASPNETDB.MDF right under the newly created App_Data directory of my website. This works great until you deploy it.
After trying to push this app to my DEV server I realized that it's not going to work unless you have SQL Express installed on the hosting machine. Worse yet, I figured that there's essentially no way this would work under a load balanced environment considering the DB itself will only be isolated to one of the N nodes.
Rather than work to script out the DB and shove it into my existing SQL box...I figured I'd ask the StackOverflow if there is a better solution for simple yet secure ASP.Net websites.
I'd love to maintain the existing model yet have the database become a local, or flat-file DB baked right into the application. For the time being I'm even fine with deploying the flat file with each user or role change to counteract the load balanced sites in PROD.
Is there not a way to create some sort of similar setup with a flat file? I thought that was the point of the App_Data folder?
You could use a custom Role & Membership provider that supports a flat file, like XML. Here is a link to a XML Membership provider, I've seen similar implementations for Roles.
XML Membership Provider
it's not going to work unless you have SQL Express installed on the hosting machine.
Not necessarily. If you still want to use default membership/role providers you can either have the DB server on the hosting machine or have one instance of the DB as a separate server (just change the connection string for providers).
Worse yet, I figured that there's essentially no way this would work under a load balanced environment considering the DB itself will only be isolated to one of the N nodes.
This statement is not really correct in this particular situation.
With load-balancing you will not have isolated database, but rather a separate database server.
I'd love to maintain the existing
model yet have the database become a local, or flat-file DB baked right
into the application. For the time
being I'm even fine with deploying the
flat file with each user or role
change to counteract the load balanced
sites in PROD
If you say that application with proper SQL DB will not scale, I do not understand how flat-file storage can.
You still can keep local SQL Server database and it will work as long as you take responsibility of maintaining the database consistency across different nodes.
In your situation, I would personally use default membership/roles provider as you do now.
But when deploying, just change the connection string to the proper database server.
You will need a database for other stuff anyway, so why not use the same database for all data withing the application (including membership/roles).
Regards.
I found an excellent solution to this here...http://aspnetxmlproviders.codeplex.com/. Using the dynamic XML you can hack out a simple provider based security model in no time flat.

Publishing Access database reports to the web

Client has a bunch of Access databases and associated reports.
He wants to make the reports available (live, not snapshots) via a secure extranet.
He's willing to recreate the reports using a proprietary GUI if necessary, but ideally would like a solution that exports his reports "as is" to the web.
Had a look at Caspio Bridge. It's pretty slick but doesn't appear to offer grouping and summing (key requirement) without a nasty Javascript hack - seems like a rather glaring omission to me!
Any suggestions?
I'm an ASP.NET developer so if there's coding involved, an ASP.NET based solution would be preferred.
You can try Access Reporter.
http://www.ssw.com.au/ssw/AccessReporter/Default.aspx
You might like to consider Access 2010, point 3 of the linked document says:
Access your application, data, or
forms from virtually anywhere.
Extend your database to the Web so
that users without an Access client
can open Web forms and reports via a
browser and changes are automatically
synchronized.1 Or work on your Web
database offline, make your design and
data changes, and then sync them to
Microsoft SharePoint Server 2010 when
you’re reconnected. With Access 2010
and SharePoint Server 2010, your data
can be protected centrally to meet
data compliance, backup, and audit
requirements, providing you with
increased accessibility and
manageability.
-- http://www.microsoft.com/office/2010/en/access/default.aspx
SQL Server Express edition is free. It includes Reporting Services
http://www.microsoft.com/Sqlserver/2005/en/us/express.aspx
You can connect to the MS Access database (or any other database that you have OLEDB or ODBC connectivity for)
For your existing reports, here is a link on how to migrate just the reports to SQL Server (leave data in MS Access)
http://technet.microsoft.com/en-us/library/cc966391.aspx
Actually, the suggestion being given here is to move your back and data up to SQL server , but keep your front end application part as is in Access.
So the suggestion isn’t to move your application to SQL server. The suggestion here is to move only the data part of your application to SQL server but continue to use the desktop access application.
So, you link your tables to sql server, and continue to use the access application.
What this means that is you can use SQL server reporting services, or some other web based interface that pulls the data from SQL server. So your access application will be directly updating the data on that SQL server.
This setup works well since you not tying to shuttle data between two separate systems. I know a number of companies that successfully migrated their backend data to SQL server for this very purpose of allowing the Executives and the company Managers to view reports on a web based system.
However, they did not have to throw out or lose the investment and time they spent building the access application part.

Silverlight/.Net RIA Services - Authorization Working Sample?

I have followed numerous tutorials and walkthroughs/blogs about the capabilities that Ria Services brings to the table when using Silverlight with ASP.Net. Essentially I am looking for a live working example of the authorization functionality that Ria Services can apparently take hold of from ASP.Net. (Even better if it works with ASP.NET MVC too)
Example of failed to work Ria Services authorization implementation
Navigate to the live demo link on this page....fails
This one may work however I couldn't get it to work on my office computer(strange setup that seems to break code for no reason)
Check here: enter link description here. There is a bunch of posts giving samples. It not exactly what you want but has a walk-through for setting up full authorization.
Brad Abrams has some good information. Also note that the new "Silverlight Business Application" template in the Visual Studio -> New Project dialog has authentication set up already where you can mess around with it without having to figure out how to set it up first.
http://blogs.msdn.com/brada/archive/2009/10/05/business-apps-example-for-silverlight-3-rtm-and-net-ria-services-july-update-part-26-authentication-and-personalization.aspx
C# Silverlight with RIA Services Authentication
Most likely you haven't configured your environment yet. In the machine.config file for the framework version in use, you will find LocalSqlServer defined. You should edit this definition to point at the SQL Server serving up the aspnetdb database that you want to use (and if you don't have one then start by setting up that).
Machine.config is generally in c:\windows\microsoft.net\framework\v2.something\config
For development you have to configure this in the workstation machine.config to make the debugger's webserver use your production authentication database. For production you have to do the same configuration on the production webserver.
There are different paths for 64 and 32 bit framework instances, and if like me you have 32 and 64 bit editions of version 2, 3, 3.5 and 4 then you have eight "root" configuration files. If you hunt them all down and set all of them it will save untold confusion later.
This is from my blog last october:
The Business Application Template for Silverlight comes with a login and register pages. It is very easy to connect these to a ASPNETDB.mdf.
Just add a LocalSqlServer connection string to your web.config file. For example, here is what I use to connect to Sql Server.
It’s almost too easy!
If you are using SqlExpress on your dev machine, it gets even easier. You don’t have to do anything. Just create a new Silverlight Business App and fire it up. Go to the log-on page and register. It will be slow, but in the background, your ASPNETDB was just created and attached, and you will be logged in. If you then look in the Web.config file, you won’t see a connection string anywhere, as the defaults are used for this piece of magic. Of course, a real world connection is going to need it’s own connection string like the above.
Greg

Resources