we are developing app in asp.net HTML5 css3 for Iphone and Ipad. Its database driven web app. I want to know what are the best pracices to access DB from Mobile client. What are the database security considerations? What are the security risks that I should consider whaile developing such app that will run on mobile.
Since you're developing in asp.net, which is a web framework, the same security considerations should be made as a normal web application.
As it's a web application, mobile or desktop isn't relevant.
Microsoft have a a great website covering Security Considerations for ASP.NET Web Applications, I would suggest you give this a good look over and implement these into any websites you build.
The only things you need to consider whilst building a mobile website is responsive design, and restrictions on the browser.
Responsive Design:
http://blog.teamtreehouse.com/beginners-guide-to-responsive-web-design
Browser Restrictions
For browser restrictions you will have to look around but for example up to iOS 5.x.x you couldn't upload using an input tag, and obviously in iOS you won't be able to download unsupported file types to the device.
Accessing from Client
As with any application where a client is accessing a database with other client data in it, input sanitation is a must.
E.g a link to change a document is like Document.aspx?ID=4
Don't assume that the user wouldn't change the ID in the URL just to see what happens, always do checks for everything the user attempts.
Related
I have an ASP.Net web application (web forms) with Telerik ajax controls.
It is currently mobile-friendly, but I would like to put it into an app that a user could download from the app stores.
Is there a quick and easy way to make this work using something like a
WebView or am I likely stuck writing a full native app? The
application​ is mostly data driven (lots of Telerik grids) and will
need an internet connection for most functions.
I guess you could create a native app that opens the web site inside a WebView. That's fairly simple. I've done as much in the Video player app I wrote for my book. However, that isn't in the spirit of mobile apps. The point of putting it in the app store is generally to give your users an app that works like they expect on their phone.
If it is data driven, then expose the data via REST APIs and consume those APIs in a mobile app. If you want offline sync (for resilience or performance), that's an additional consideration. If you want mobile specific functionality like push notifications or authentication via touch id, for example, then those would also need a native app.
Short version - the simple "project my web app into a native app" is easy. But it's unlikely to be satisfying to your users and won't allow you to extend your app with native features.
I have the following requirement and I couldn't figure out a way to achieve it.
I have a mobile friendly web application developed using ASP.NET MVC. It works fine as a normal web application. Now my client wants it to be more like a native application (like the Facebook app for mobile, where you can download and install it and still opens in a browser window when you run the executable file.More importantly, all the fixes and updates are reflected in the application without having to re-install it.)
Can someone guide me through this?
As you said he wants to run application like website in browser. it sounds like that he just wants some sort of Shortcut for website.
Then you just create an application and fire your event to run site URL in browser.
as you said
all the fixes and updates are reflected in the application without
having to re-install it.
means this is just a site.
in other case use Phone gap (http://phonegap.com/) it matches your requirements and uses HTML for styling and almost all features of an typical site.
PhoneGap Support to Different Mobile Plateform (Claimed by PhoneGap)
http://docs.phonegap.com/en/edge/guide_support_index.md.html#Platform%20Support
The Native application need to be developed in separate platforms. Like Android, IOS, Nokia, BlackBerry, Windows Phone etc., If the Application requires all the platform apps.
In our concern we have developed few apps same as your requirement. When user wants to view in PC they can view entire web with responsive design. Same will work, if customer access from mobile with in mobile view. Entire application will work accordingly for PC, TAB and MOBILE with responsive design.
If you go for Native then the platform apps need to be developed and inside app they will use to call your site url with in WebView. Like PC Browser calls URL.
So, when ever you made any changes the changes will be reflected in your app also. without reinstalling the app. Since webview is calling only your URL. For this internet is must.
You can make these kind of Apps with setups and designs through Online itself. Just give your URL with that.
Link Here : Apps Bar
Link Here : App Makr
Google It : Google
Dear All,
We are planning to develop Mobile Applications.
Would you please let me know the following information, if you have an idea.
Merits and demerits when we use ASP.NET for Mobile Applications Development.
Best reference book for ASP.NET Mobile Applications Development.
Many Thanks,
Regards,
Anupriya.
So, I'm not sure that I'm understanding your question correctly... When you develop a web application in ASP and host it on a server, both mobile devices and regular computers can use that application in their respective browsers.
It's important to realize the difference between a web application that can be accessed properly on a mobile device and an application that runs natively on a mobile device.
So, if you want to build an application that is accessible on mobile and desktop devices, then a web application is potentially a good choice.
The language you choose for your web application has no bearing on whether or not you will have success in allowing mobile users to access your application.
That being said, what you probably need is a good intro ASP book and (most importantly from your perspective) a good book on mobile website development.
I am in the planning phases of building a new ASP.NET website. The website is really a transactional web application where the users will log in and perform basic CRUD data operations. For right now this website will be accessible through a traditional desktop browser and a mobile browser. For the mobile browser we will build a separate scaled down version of the site.
In the future we may decide to create native mobile applications for Android or iOS devices also.
So the question I have is what is the best way to design the system to easily support that? Here is what I am thinking. I am thinking of building out 3 tiers to the site. The back end will be the database - SQL Server 2008. We will use stored procedures for all data access. The middle tier will be a web services tier. This tier will be built using RESTful web services and will contain all of the business logic. These web services will provide access to the database. The front end will be built using ASP.NET. The front end will only contain presentation logic. These tiers will actually be deployed on physically separate servers.
Then I am thinking that when we decide to build a native Android or iOS app that we could build those apps to simply call the same RESTful web services that the main site is calling.
Does this seem like a reasonable approach? The only thing I can think of is that the way we are building it right now the web services would be behind the firewall and would not be accessible to the outside world. When we want to support a native mobile app then we would need to make the web services accessible to the outside world.
Any thoughts? Does this seem like a good approach for building a high availability, high usage web app that needs to support native mobile apps in the future?
Thanks,
Corey
I'm with Rober Harvey there. With ASP.NET MVC you can make the presentation site in no time, use as Models your web service; with the link that he gave you, set the site for mobile browsing, and use the web services for the mobile apps when you build them.
For me it looks like a good plan. Regarding the web services being public, you can protect yourself by implementing API keys in the web service, so only your apps can use it.
I want to build a web application (SaaS) that can work both in Online and Offline modes. The user needs limited features in case he is offline and full feature access when he becomes online again. I thought of the following options:
Make the user download a local server such as Cassini and devise an architecture to allow online and offline modes in the web application. I am not sure how it will be done but I believe all the commands will be routed through this local server. The local server will then decide whether it accesses the local resources or the server.
Making a user install application on his system will defeat the whole idea behind SaaS.
Use Google Gears - I just checked how Google Docs work in offline mode. It installs Google Gears on the user's system which was pretty neat and fast and copies all the files locally. A link is provided to access the offline version. This seems like a good option to me as it integrates a local server, relational datastore and a worker pool in itself but is Google Gears mature enough to be used in production?
Has anyone worked/working on such an application. Ideas welcome.
EDIT #1:
I am not very familiar with Silverlight and whether it can be used in such a scenario.
EDIT #2: The following link mentions that SilverLight can be used to develop Offline applications Offline SilverLight
I am looking for expert comments from people who have used SilverLight in their development. Can user work offline? Can user re-open the same webpage after closing the browser window?
If you choose to let users install an app on their computer, I would consider developing a Windows Forms app instead of a web app, basically because this seem like a more logical solution. If you deploy the app using ClickOnce it is remarkably easy to keep the clients up to date.
From a user's point of view, I think that Gears is mature. I use in it Gmail, Google Calendar and Google Docs, pretty much without any problems. I don't know about the developer tools. It might help to use Google Clusure Library since it has methods specific for Google Gears.
Depending on the web browser that you need to support, you could also take a look at HTML 5. O'Reilly's online book Building iPhone Apps with HTML, CSS, and JavaScript has a chapter about making a web app work in offline mode.
Seems to me that "web application" and "offline mode" are a bit contradictory.
I have seen some examples of Silverlight being used in such a way however. And, at one time, I implemented a WinForms smart client application that worked in such a way. These days, though, I would definately look into Silverlight.