We are having an application that is downloadable. We want to stop the application being reverse engineered by someone to lose our business. It there any way to stop this?
What do you mean by an downloadable application? You are talking about ASP.NET applications in the title of the question, but that's not a kind of application which can be downloaded. If you have a Console/WinForms/WPF-Application that has compiled binaries, you could use code obfuscation tools to make reverse engineering harder.
Best Regards
Visual Studio (usuall) comes with Dotfuscator (community edition). Look in your Visual Studio Tools program files entry.
PreEmptive Solutions’ Dotfuscator is
the leading .NET Obfuscator, Compactor
and Watermarker that helps protect
programs against reverse engineering
while making them smaller and more
efficient. Dotfuscator Professional
Edition is designed to stop even the
best of decompilers from producing
useful output. It provides
comprehensive and efficient .NET code
development and deployment.
I've had a similiar problem. I had a server based piece of software that was loaded onto a server within the customer's premises. This meant anyone half technical could copy the files from the server onto disk and re-install with some know-how onto another server. Basically, stealing my work.
I wrote in numerous measures, I obfuscated the code and I put hooks into all corners of the server (registry, database, root of drive) so if the code was installed elsewhere the system wouldn't find these items and lock itself up. I even went to the lengths of self encrypting some of the source files and then deleting the encryption tool itself. Unfortunately, if anyone wants to steal the software however, they still can. You have to realistically judge how much effort you must put it to stop a percentage of thefts. I love Roeder's Reflector, but it's programmes like this that allow a competent programmer an insight into your protection code and circumvent it.
Have you looked at 3rd party products like Xheo: http://www.xheo.com/products/codeveil/?gclid=CL-Tjoye7psCFdYB4wodHGVZAQ?
I found this on SO too: Protect ASP.NET Source code
I hope this helps.
Related
We own a small company and develop asp.net websites. Here is our work procedure:
We have a server at the company with Sql Server 2008 and IIS 7.5 installed on it. All our projects including the database and website pages are on the server. We connect to the server and edit the files using FTP, so any change to a web page can be seen at once. The programmers (less than 10 programmers) connect to the server using Visual Studio 2010.
Now we want to include source control system in our work. The problem is including a SCM in our work requires changing our way of working.
Does anyone have any advise on setting up the working environment?
Thanks in advance.
You first need to decide on what type of SCM you are going to use - centralized or distributed.
One centralized SCM is TFS - this is from MS and integrates very will with VS. I believe there is an express (basic) version that is free, but the other editions are quite expensive.
An easy and free centralized SCM to start with is subversion - you can install the SVN server on your server and setup a client for each developer.
A distributed SCM does not have a server - a popular one is GIT.
Do read up on all of these before deciding. You will also have to figure out a good workflow for your team. Start with a small project so you can gain understanding and minimize the cost of mistakes.
So many ways to do this :)
One way is to use something like http://beanstalkapp.com/ to store your source code under SVN. Each developer then has a local copy of the code to work on and a good history of changes is kept when developers commit their code (at least daily), and these changes can be emailed around to the team if you want them to be. One member of the team is then tasked with uploading the latest SVN code to the testing server once it's tested and approved locally (probably at the end of each day).
I'd recommend your developers install http://www.visualsvn.com/visualsvn/ Toolbar into Visual Studio if you use SVN.
As an alternative to hosting your SVN repository with someone like Beanstalk, you could use the free http://www.visualsvn.com/server/ which cuts out the need to upload the latest code to your testing server, as it'd be stored right there and updated on each SVN commit. But this adds an overhead in terms of backups etc.
Let us know what road you go down in the end.
You know, the next "big" and "enterprisey" thing from Microsoft.
Is it just me, or is it really hardly for humans? Main highlights are (IMO):
Absolutely cryptic syntax (-skip:objectName=filePath,absolutePath=App_Offline.* just for skipping App_Offline.html)
Manifest as an after thought
Lack of thorough documentation
Not a word about extensibility (except for several blog posts out there). Moreover, all these extensions developed in great pains have to be registered in GAC and registry
Waaay too low-level (metadata/metakey; all this IIS jazz)
No integration with MSBuild
Granted, MSDeploy and MSDeployAgent are quite powerful, but do they really need to be that complex for relatively simple tasks?
I too share your frustrations over the lack of documentation and the apparent low-level nature of this tool.
However what MS has done is finally create a free tool with which you can actually script whole server deployments, including parameterising addresses, configurations etc. This is unfortunately a very complicated thing to do - given how many bits of configuration actually go into a web server - and this is probably the best way to do it all.
What we need now is a really good GUI that can help build up these packages, and scripts etc. The GUI that is embedded within IIS is good - but again, short on explanation - so hopefully soon that'll be addressed.
On the functional side, I'm using at the moment to deploy a site from dev -> staging -> live with parameters to change bound IP addresses etc. I was deeply frustrated that it took me a few days to get it all working - however now I have it, I can remove a lot of the possibly of human error at the IT Support side - who are responsible for our deployments. I now only have the configuration of my master staging server to worry about - and can be sure that all the servers in the web farm will be kept in sync whenever I deploy.
As Sayed mentions, as well, there are MSBuild tasks in 2010 (the Website Deployment feature is now implemented using msdeploy) to work with this - which also brings the possibility of a true Continuous Integration environment to VSTeamSystem - having a team build that can actually perform a full web deployment as its last step is very exciting (and scary, granted!).
Actually there are MSBuild tasks for MSDeploy. They will be shipped with .NET 4/Visual Studio 2010.
Although a bit rough around the edges, I've come to like MSDeploy quite a bit. Using it to sync web servers in a farm is very useful as it is efficient (only copies changes) and takes care of actual IIS settings in addition to content files. It seems like MSDeploy is a building block for various scenarios and uses. Also, as previously mentioned, there is a MSBuild task for MSDeploy in .NET 4. I've taken advantage of this MSBuild task to make deployment of my web applications from TeamCity trivially easy. I've blogged here it here:
Web Deploy (MS Deploy) from TeamCity - http://www.geekytidbits.com/web-deploy-ms-deploy-from-teamcity/
I have recently started implementing a deployment pipeline and I found below links quite useful:
MSBuild commands I used for Continuous Integration:
http://www.troyhunt.com/2010/11/you-deploying-it-wrong-teamcity_24.html
WebDeploy sync commands, I used for deployment packages to production server:
http://sedodream.com/2012/08/20/WebDeployMSDeployHowToSyncAFolder.aspx
Also I used these references:
Video about MSBuild on dnrtv.com
Microsoft Press book called "Inside the Microsoft® Build Engine: Using MSBuild and Team Foundation Build" which you can buy PDF version from Oreilly
Finally, "Continuous Delivery" book, gave me good ideas about deployment pipe line, although the book is not focusing on MSDeploy, but it is really worth reading.
The statement of documentation is typical of a MSFT 1.0 product, unfortunately MSDN no longer have dedicated Developer Technology Engineers to fill the gaps --- instead, there is a blind faith that the web will provide it.
I am actually considering dusting off my writing skills and write a short ebook on it since there is likely a market for it....
Msdeploy definitely has a touch of the PowerShell to it: power over simplicity rather than worse is better.
There is no Windows alternative to it, however you can hybridize some of its powers to make automated deployments. For example:
Compile your solution with Team City and msbuild
Use msdeploy to transform your site and web.configs on the build server
Manually FTP a ZIP file of your site (it doesn't support FTP)
Alternatively, use its remote deploy capabilities. This requires port 8172 open, lots of security changes and as far as I'm aware no concessions for load balancing
Use msdeploy on the live site to sync changes
As a tool it's clearly aimed at service providers as it's an enormous Swiss army knife. You can do all kinds of things to IIS with it, which for the most part are over kill for small businesses. I've no experience of large scale IIS setups so maybe that's where it shines.
I just started at a new company that has 99% of their code written in classic ASP (most of it poorly written) and part of the reason they hired me was because I had worked with both ASP and ASP.NET in the past. The ASP.NET experience was VB.NET but I've worked with C# in college but I prefer it just because I've worked a lot with PHP in the past and when I'm not focusing I just start typing C syntax and have had many occasions here in ASP where I end lines in a semi colon just out of habit and have to go back and delete it.
But I digress, basically I just don't have the knowledge I need to make the best decisions on things have made notes of some key processes that I'd like advice on:
Version Control - truth be told I've never really used it. On my own I just never had that whoops moment to push me to use it and shops I've worked in have always just thrown caution to the wind. Would like to know what you all think I should use as far as the server side and
Local Dev Environment - Probably something I'll just quickly Google but I want to setup a local dev environment so I can test stuff without having to FTP it somewhere first.
Pushing Changes Live - I've never really understood the step between checking something into version control and seeing it live, is there some sort of automated system that can go "hey I see you checked in, let me see what's different between this and the live version and push the affected files" – possibly just a lack of vc understanding all together: (
IDE - Downloading VS2010 Beta 10 now, hoping it's stable
MVC.NET - Easy to pickup? I always hated the whole concept of Web Forms, seemed like it didn't ultimately fit the Internet the rest of the world is developing.
Anything Else - Like I said I'm relatively new to this stack so I'd love any advice I can get early on to avoid any "shit, I wish I knew that 3 months ago" moments.
Version Control:
Definately have a look at SubVersion, its free, we use a paid-for hosted service called Assembla (www.assembla.com) but you can install the server on your network. Themost popular client is called TortoiseSVN (http://tortoisesvn.tigris.org/) its also free.
You can also have a look at VisualSVN (http://www.visualsvn.com/) which integrated into the VS IDE, their site also has a handy SVN server installation.
Local Dev Environment
Local IIS or Built-in VS web-server in VS are both fine, it really down to preference I think. Opening a website (File-system based) rather than IIS based seems to work quite well for us.
Pushing Changes Live
ASP is very page by page based development and doesnt require compiling, copying files up to a test or production site is quite easy. Depending on how you compile/publish your asp.net site, you will need to consider how you compile library code and publish your web application/website.
I would recommend starting off by using SVN to commit changes and to update test/production sites.
IDE:
I would recommend updating to the latest Beta version of VS2010 and use that.
Anything else:
Consider the rollout, are you replacing everything before going live?
Consider adopting an existing framework, use an ORM, or Business Objects framework, possibly even use Code-Generation. Have a look at CodeSmith, it has various ORM/Business Object Frameworks associated with it. (these will use various teqniques and technologies in the .net framework, which you will need to learn)
Look at the basic structure of the site:
Consider asp.net WebForms (Applications) or MVC (Websites) [yes, this is a very basic analysis of the differences]
Site Membership and Permissions: Have a look at the MembershipProvider, RoleProvider and build your own.
File System: Consider how and where you will upload files.
Separate UI into re-usable UserControls.
HTH, Good Luck you have a lot to do...
Wow. lots of questions here:
Version Control - Look into Subversion and Git. They represent two kinds of version control, you might like one more than the other. Git is free for open source projects.
Local Dev Environment - I would recommend using the built-in web server in Visual Studio. You can right-click a page in your solution explorer and say "view in browser". Then it will just compile it right there and open up an instance of the local web server.
Pushing Changes Live - I am not gonna offer advice here. Someone smarter than me will surely do so.
IDE - Yeah, just stick with the current version of Visual Studio. If you don't have any active (for pay) projects, I think the VS2010 is a good idea because it supports the newest upcoming features of asp.net and by the time you learn them, it will probably be released to the public anyways.
Anything Else - It's worthwhile (from getting work perspective) to know WebForms in and out. But I would highly suggest learning ASp.Net MVC (if, for no other reason than, "it's more fun").
After reading Mark Redman's answer, it triggered something for me. I would recommend (as he does) that you investigate some sort of ORM. I use SubSonic and really love it. Bu t there are lots of options out there.
Those are my 2 cents.
I'm going to focus on versioning and project tracking here. Development environments for ASP.Net are well documented.
Version Control - I use SVN (version control) with Tortoise SVN (windows client integration) and Trac (project tracking). SVN and Trac both run on Apache (a web server).
Pushing Changes Live - Commit your changes to SVN from your dev machine, do a SVN update on your test site to pull down the latest changes from the repository, run tests, then do a SVN update on your production site.
Anything Else - In this scheme Apache, Subversion, and Trac will be running on a server that is NOT your development machine and hopefully (but not necessarily) also not the same server that is running your production IIS.
Check out:
Apache HTTP server: http://httpd.apache.org/
Subversion: http://subversion.apache.org/
Tortoise SVN: http://tortoisesvn.tigris.org/
Trac: http://trac.edgewall.org/
One thing to take account of is basically going from Classical ASP to ASP.NET is about as similar as going from COBOL to ASP.NET. Everything will basically need to be a complete rewrite (especially as you said there were poor development practices in the original codebase)
Version Control: Definitely use it, there's also Team Foundation Server which if you can convince the company in the value of purchasing you a MSDN subscription TFS is included at no additional cost for 5 or less users.
Pushing changes live: I currently use Web Deployment projects (not sure if they're compatible with VS2010), TFS is also a build server I just haven't had time to setup the responsibility for that. If you take advantage of TFS fully I'd also recommend looking into a continuous integration (CI) tool something along the lines of Jetbrains's TeamCity or CruiseControl etc.
Local Dev Enviroment: Get Jetbrains's Resharper! This is the number one most important tool to developing software in .NET second only to Visual Studio itself!
Anything else: Learn generics and lambdas/expression trees both are integral to proper software development in .NET and both are moderately to extremely complex topics (IMO).
Version control: I see many recomendations of SVN here but... it's just outdated. Use GIT or Mercurial. They merge algorithms are more robust. The are faster and safere because they are distributed. They are more flexible - you can construct a workflow model that suits your company well while there is basically one way of using SVN.
Pushing changes live: After you have version control, the next thing to do is making a Continous Integration server thah repeatedly checks out repository and perform automated build. You can get immediate information who and where made an error. You can make this build do anytking you want: perform static code analysis, unit tests, deployment. You can make several builds - one, automatic, that builds a project and deploys it to a testing environment. And another one, triggered manually, that will deploy to live. I worked with Hudson, Jenkins, CruiseControl.NET, TeamCity and I've found TeamCity to be the most user friendly tool of that four.
Local dev env: Althoug IIS Express (that Visual Studio built-in) is OK in many cases, you have to know where it differs from the 'real' one. I would just recommend using the full IIS 7.
IDE: Visual Studio + Resharper + Notepad++ + LINQPad.
Anything else: Have some bug tracking/planning software. Even as simple as http://www.trello.com, but use it. My favourite is http://www.pivotaltracker.com
Introduce code review into the workflow. http://www.reviewboard.org might help.
I am going to develop my first application (4 members team).I am not aware of source control tool ( Visual
source safe,Tortoise SVN).
My .NET version is 3.5. What is the best source control tool ?
Is CruiseControl a source control tool ?
Definitely avoid Visual Source Safe.
Subversion is probably a safe choice, but you will have to elaborate about your situation (E.g. how big is your team?) to get more specific advice.
Another no vote for Visual Source Safe here.
Might be an idea to get familiar with subversion as - just as others mentioned - it's widely adopted, so might be useful in the future and simply works..oh and it's free too!
TortoiseSVN integrates into the windows explorer and is both easy to use and well documented so I would give it a try.
If it's a small project of yours and you don't want to worry about hosting, I would recommend signing up for a free account at something like beanstalk, to keep it safe, without any hassle.
But if it's your first ever project, it might just give you too many additional things to learn about, so you might want to put it aside for a while.
Try GIT, it's much lighter weight than svn
http://sourceforge.net/projects/gitextensions/
you can use a local repository for just checking in your own work (to keep a history, or to keep a working version before changing everything) Or you can connect to a central repository for enterprise source control.
The company where I work used to use the SVN, Tortoise, Ankh stack but we're using Git now. Plus I use it at home on my on play projects.
(quated part is no more important since you edited your post about team size)
If you are doing some small project on
your own, maybe you shouldn't use code
versioning at all because you probably
don't need it. Code versioning helps
you with central code storage,
multi-person development code merging
(several people working on the same
file and then commit changes) and code
branching to name the most important
ones.
If I were you, and I would be the only
person developing something simple, I
wouldn't use it, because it would also
be a bit of a time-overkill.
But otherwise source control doesn't address technology like .Net framework version. Code control only stores files (with history) and is able to merge text files. Written in whatever language possible.
If you are part of a team I'd suggest using Subversion + TortoiseSVN + AnkhSVN
And No, CruiseControl is not a code versioning system. It's a continuous integration system.
If you have a pure Windows environment then VisualSVN server is a Windows version of SVN server and installs easily and cleanly. You can setup security using Windows usernames and passwords, or SVN usernames and passwords.
You can then use Tortoise to provide integration in Explorer and VisualSVN to provide Visual Studio integration (there's a small cost for VisualSVN) or you could try AnkhSVN if all you want is VS integration and don't want to spend any money. Personally I prefer VisualSVN's integration.
Running a GIT server under Windows is, umm, frankly a pain in the ass, and not a route I'd recommend for beginners. VS integration is also fraught with pain.
As with everyone else I'd say avoid SourceSafe like the plague.
CruiseControl is not a source control system, it's an automated build server. It monitors source control servers looking for changes, then checks everything out, compiles it and runs it through your unit tests, so people know if they've broken the build. Once you have source control up and running it's the next big step towards a better build environment.
Before we start talking about source control, I would like you to consider your actual need for it, if this is to be your first .NET application. Is this your actual first attempt of writing some .NET 3.5 code? If so, I doubt that you need to worry about source control just yet. I would say it's not just a little bit overkill for the first learning projects.
On the other hand, if this is to be your first application that you'll actually sell to someone, it's a completely different matter.
I currently use VisualSVN, an add-in to Visual Studio that lets you do check-in, check-out etc from within the environment. Along with it, I use the free SVN repository service at XP-Dev. It works well for me =)
Your choice of a versioning system does not have to do anything with the .NET version you are using.
I'd vote for Subversion / Tortoise SVN. It's rock-solid, has lots of handy features, widely adopted and free.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I am trying to plan a way for 5 developers to use Visual Studio 2005/2008 to collaboratively develop an ASP.NET web app on a development web server against an Oracle 8i(soon to be 10g) Database.
The developers are either on the local network or coming in over a vpn (not a very fast connection),
I evaluated the latest Visual SourceSafe, but ran into the following gotchas:
1) We can't use decentralized development because we can't replicate a development oracle database to all developers computers. Also, the vpn is too slow to let their local app instances connect to the database server.
2) Since VSS source code not on the file system, the only way to debug it is to build the app and run debugger, which only one developer can do at a time on a centralized development server. This is unacceptable. We tried using shadow folders so that every time a file is checked in it gets published to the app instance on the development server, but this failed for remote developers on the vpn.
3) Since the developers do a lot of web code, it is important for productivity reasons that when they SAVE a file, they should be able to immediately see the change working on the development server.
4) No easy way to implement a controlled process for pushing files to the production server.
Any suggestions on a source control solution that would work under these contraints?
Update: I guess since development is forced to be on the server, we need to go with a "Lock and Check In" model. So which source control solution would work best for "Lock and Check In' scenarios?
Update: Does Visual SVN support developing centrally against a development server? As in, the dev can immediately see his update on the development server after saving in VS?
I have used Subversion and TortoiseSVN and was very pleased.
Is point 1 due to an issue with your database schema (or data) ?
We can't use decentralized development because we can't replicate a development oracle database to all developers computers.
If not, I strongly suggest that every developer has its own environment (Visual Studio, Oracle...) and use your development server for integration purposes. Maybe you could just give them a subset of the data, or maybe just the schema scripts.
Oracle Express Edition is perfectly fit for this scenario. Besides, sharing the same database violates rule #1 for database work, which in my experience should be enforced anywhere possible.
As Guy suggested, have an automated build allowing any developer to recreate its database schema at any time.
More very useful guidelines can be found here (include rule #1 above).
Define your development process so that parallel development is possible, and only use locks as a last resort.
I'm sorry if you already envisioned these solutions and found them unfit to your situation, but I really felt the urge to express them just in case...
Visual Source Safe is the spawn of Satan.
Look at Subversion, and Visual SVN (with Tortise SVN). Sure, Visual SVN costs a bit - $49 per seat - but it is a great tool. We have a development team of 6 programmers, and it has been a great boon to us.
If you can spend the money, then Team Foundation Server is the one that works best in a Visual Studio dev environment.
And based on personal experience, it works beautifully over VPN connections. And you can of course have automated builds going on it.
I would say SVN on price (free), Perforce on ease of integration.
You will undoubtedly hear about GIT and CVS as well and there are good reasons to look at them.
Interesting -- it sounds you are working on a web site project on the server, and everyone is working on the same physical files. I agree that SVN is far superior to VSS and really good to work with, but in my experience it's really geared toward developers working on a copy of the code locally.
VSS is a "lock and check in" type of source control, while SVN and TFS and most others are "edit and merge" -- devs all get copies of the source, edit the files as needed, and later merge their changes in to source control, and if someone else has edited the file in the meantime they merge the changes together.
From a database standpoint, I assume you are checking in your database scripts, then have some automated build packaging and running them (or maybe just a dev or DBA running them manually every so often). In this case, having the developers have a local copy of the scripts that they can edit and merge using SVN or TFS makes sense.
For a team working on a shared copy of the source code on a development server, though, you may get into problems using edit and merge -- a "lock and check in" model of source control may work better for you. Just not VSS, from a corruption and stability standpoint.