How would you implement database updates via email? - asp.net

I'm building a public website which has its own domain name with pop/smtp mail services. I'm considering giving users the option to update their data via email - something similar to the functionality found in Flickr or Blogger where you email posts to a special email address. The email data is then processed and stored in the underlying database for the website.
I'm using ASP.NET and SQL Server and using a shared hosting service. Any ideas how one would implement this, or if it's even possible using shared hosting?
Thanks

For starters you need to have hosting that allows you to create a catch-all mailbox.
Secondly you need a good POP3 or IMAP library, which is not included AFAIK in the .NET stack.
Then you would write a Command Line application or a Service that regularly checks the mailbox, pulls messages, inserts content in db based on the "To" address (which is unique for each user), and then deletes the email from the mailbox.
It's feasible and sounds like fun. Just make sure you have all you need before you start!

If the data is somewhat "critical", or at least moderately important, do NOT use their username as the "change-data-address". Example: You might be tempted to create an address like username#domain.com, but instead use username-randomnumer#domain.com where you give them the random number if the visit the web-page. That way people can not update other peoples data just by knowing their username.

E-mails can be trivially forged. I would only do this if you can process PGP / SMime certificates in your application.
Other than that, I see no reason why not!

use a dotnet popclient to read the incoming emails, parse them for whatever you are expecting and insert the data into the database.
see codeproject website for simple popclient implementation
you would have to decided on the email content yourself, eg data only, payload of sql statements, etc

You could also identify the user based on sender address. This is how Tripit (and probably others) does it. This only requires one e-mail address on your end.

I have done something similar, using Lumisoft's IMAP client and scheduling a task in my app that checks every x minutes the configured mail address for updates. For scheduling I recommend quartz.net. No launching external processes or anything.

Related

SAML 2.0 configuration

I'm totally new to SAML. I want implement SSO for my ASP.NET Website. I got the SAML assertion from my client. I would like to know what are all other requirements I need to get it from my client and what setup I need to implement at my end.
Can anybody help me out in this.
Thanks in advance.
The first thing that I would do is avoid writing the SAML code yourself. There's plenty out there. #Woloski (above) has some. My company has some (I work for the company that makes PingFederate). There's some open source stuff, too. I've seen good connections from KentorIT authServices. If this is your first foray into SAML, then my bet is that ADFS is way overboard. I'll be honest, the groups we see most commonly at Ping is when they decide to go "all in" with SSO. The first one or two connections are easy. Tehn it becomes a management nightmare rapidly thereafter. The reason I say to avoid writing your own, is because there are a LOT of nuances to SAML, with massive pitfalls, and headaches you just don't need.
As the service provider (SP), you need to tell your client (Identity Provider, or IdP) what "attributes" you need from them to properly connect their users to their account in your application (maybe a username?). In addition, you can ask for additional attributes to ensure their profile is up to date - phone number, email, etc. It's up to the two of you to determine what you need (and what they'll give you). Obviously, they shouldn't send social security number, if you have no need for it.
You also need to decide if you will do SP initiated SSO (will the users get links to documents deep inside your app?), or if just IdP initiated (Or will always just come to the front door?) will suffice. What about Single Logout? Do you (or they) want to do that? [Personally, I suggest NO, but that's a different topic]
What about signing the assertion? Your cert or theirs? If you're doing SP-init, do you need to use their cert or yours for signing the AuthnRequest? Do you need encryption of the assertion, or maybe just a few of the attributes?
Generally, you do all of this with a "metadata exchange". You give them your metadata that says "this is what we need". They import that metadata to build a new connection, fulfilling the attributes your app needs with calls to their LDAP or other user repository, as well as doing authentication (if required). They finish building their connection, and export THEIR metadata, which you import to build your connection (thereby making sure you all agree on certificates). You hook it to your app, and away you go.
I make this sound easy. It is, and it isn't. Rolling your own can mean issues. Lots of them. With some being so minute that it takes pros hours (and days) to see it. When it works, it works, and well.
HTH -- Andy
you can use something like ADFS to accepto SAML Assertions. ADFS gets installed on Windows 2008 or 2012.
You would need to ask your customer
the signing certificate public key and
the sign in URL.
Then you would create a "Claims Provider Trust" in ADFS and enter those details. Then a "Relying Party Trust" that represents your application. Finally you would have to configure your application with ADFS using WIF. This blog post have more details:
http://thedotnethub.blogspot.com.ar/2012/12/adfs-20-by-example-part1-adfs-as-ip-sts.html
Also you can use Auth0 to accomplish the same without setting up any software on your side (disclaimer: I work there).

How to send an anonymous email through Wordpress?

I have a client who has a crimestoppers' website. They want to provide visitors a means to submit anonymous crime tips, which would then be forwarded to a pre-established email address at the local police department.
What is the best / easiest way to accomplish this? The sender's IP address needs to be hidden. My client also needs to be able to pull reports showing how many tips were submitted and forwarded.
Many thanks!
A simple contact form can be used. It's up to the developer's trust to hide the IP. The submitter won't see anything what is being done using PHP.
You can then update a database with the tips being posted before sending the mails.
In terms of development, you can use a plugin such as Contact Form 7 and then use its hooks to save the tips submitted before sending the mails.
While it is rather simple to set up a contact form that submits to an email address (just use the excellent ContactForm7, as rrikesh's answer suggests). However, getting anonymity right (especially against a party that has as much power and resources) is tricky. You need to be clear about the level of anonymity that you can provide. Log files, document metadata or your ISP can easily give a lot of information away.
Here are two project that have different approaches. They're both not ready-made solutions to your question, but still relevant:
PrivacyBox:
This is a web service run by the German Privacy Foundation. It's basically a message relay like the one you want, except that the user has to trust the Foundation, not you. This model highly depends on the institution providing this service. I'm sure there are other, US-based services like this.
Briefkasten:
An open source software tool used by the German newspaper Die ZEIT.
a reasonably secure web application for submitting content anonymously. It allows to upload attachments which are then sanitized of a number of meta-data which could compromise the submitters identity. Next, the sanitized files are encrypted via GPG and sent via email to a pre-configured list of recipients. The original (potentially 'dirty') files are then deleted from the file system of the server. Thus, neither should admins with access to the server be able to access any submissions, nor should any of the recipients have access to the unsanitized raw material.
This is an attempt to automate the crucial steps to strip any identifying data from the submission and encrypt it, so only the intended recipients can access it.
You would have to host this yourself, though. And it's a Python app.

How to send 1000+ emails per day using an ASP.NET Web site

We have a website that requires to send 1000+ emails a day to all the customers who opted for the alerts. In couple of months time we are expecting to raise our customer base to 5,000 and so we may need to send 5000+ mails every day.
At the moment we are using GoDaddy email server(the email services associated with our domain) and it permits us to send only 250 mails a day. Which is far less than what we need.
Is there any cloud based service that allows us to send as many mails as we want? or do we have to install an email server on our dedicated hosting server?
Please suggest me the possible solutions to this problem as well as the software/services that are required.
Updated:We have Windows Services that run in the background to generate the required emails and send them using SmtpClient class. Our problem is restrictions imposed by GoDaddy(only 250 emails per day)
If you can't or don't want to install your own mail server, then one option is to lookup the MX records for the destination mail servers, and do the delivery directly from your application using the SmtpClient class.
Ideally, you should do this from a background thread (a Windows Service would be even better), to minimize interference with the rest of your web site.
IIRC, MX DNS lookups aren't available as a standard Framework call. However, they are pretty easy to add using p/invoke.
There are a number of different solutions out there. If you want to send all the emails you want you will need to get a good reputation with all the Email Providers like Hotmail, Yahoo Mail, GMail. This can be quite difficult since they do everything according to IPs and getting a fixed IP in a cloud can be difficult.
You can use providers, like smartFOCUS DIGITAL, to send the emails for you and they take care of the reputation with the ESPs.
I suggest you to use your own mail server. Some email servers set to check sender mail server is authorized to send email. I mean sender email server must be authorised to send your domain's emails. Otherwise receipent email server drops emails.
While this question is a bit dated. I have recently undergone a search for a host, and stumbled onto JodoHost.com. They have a reseller program in which you can have a domain classified as a 'mass mailer'. You have to sign a waiver stating that you won't use it for spam, but they give you 'unlimited' emails.
You will want to verify with them that 5000+ emails won't be an issue.
Now outside of finding a host that will allow you to send this many emails (as many ISP's will prevent this number as well), you have two options.
Invest in a dedicated server. This way you can host as many sites as you'd like on your server and send as many emails as you want. MailEnable is a perfectly suitable application to use, though its free version is limited to one domain. With this option, your cost will rise significantly over cheap GoDaddy hosting.
Use a third party service to send your mass mails. A prior employer had a list of 40,000+ users and we used a third party service to manage our list. That way they are responsible for a lot of the details to managing a list that size (add,remove, spam complaints, etc..)
Easy solution is not to use a website to send all these emails just use a desktop application.
No dedicated server in a cloud is needed, an smtp server installed will do.
Well that and a bulk email component like: aspnetmail

Sending mass email campaign via ASP.NET

I have read a few other posts on here about mass emailing, but I need some other information. We want to integrate our mass e-mail system into our current application, but I fear this may not be a good idea. Does anyone have any input as to what kind of resources are needed to send, potentially, 1000's of emails an hour? We only have one web server right now and do not have access to our mail server. We do have full access to our web server, however. Would it be a bad idea to host the mass e-mail application on our current server? Should we have a separate sever to run this type of application and call the server via web services (WCF)? Each email would need to be sent separately because the links on the e-mail are for tracking and unsubscribing purposes. I appreciate your thoughts.
Daniel
Yes its a bad idea,
One of the key things for detecting spam, is the IP address it came from (Known as its reputation) if you start sending out alot of emails which end up getting marked as spam (Which is likly, even if the users said they wated to recieve email) your IP address could end up in trouble. I wouldnt fancy doing this on my webserver.
As for specs, your bandwidth is going to be hit hard when you start doing somthing like this. Although I think you would be suprised at how fast you can send out emails (Mail Server Dependant)
Either way when it comes to sending mass mail campaigns out, I'd speak to a third party if its somthing you are serious about, they have the knowledge and hardware to perform campaigns that are not going to damage your IP rep.
I think this issue all depends on your mail server. I've been in a project where we sent out 50-100K emails in a few hours and the main limitation was the capacity of the mail server. In my opinion it would be fine to have the mail client run on the web server as it won't be using too much resources if well written, the main question is what the mail server can take.
You can help your reputation on some email providers by contacting them and or filling out bulk mail registrations.
This is for yahoo:
http://help.yahoo.com/l/us/yahoo/mail/postmaster/bulkv2.html
I would not recommend using exchange for anything like this. You will want a separate bulk mail server like Ironport.
http://www.ironport.com/
Otherwise your internal emails will get stuck in the queue with all of your bulk emails which you definitely don't want.
The actual code involved does not have to be that complex. In my case we used an asynchronous task to loop over an email list table in the DB pulling out a batch of 20 or so at a time sending then sleeping for a number of seconds. Email providers do not like receiving hundreds/thousands of emails from a source at one time. Even better if you can stagger the list by providers.

Has anyone hooked up BizTalk and Fogbugz?

We have an intranet system that schedules routine tasks. We also have Fogbugz for bug tracking. When an urgent bug comes in, we track that task in the bugtracker. However, I need to write back to both the Intranet and our CMS. I'm thinking Biztalk as the middle piece, but am not sure the best way to go about it. Database adapter? Web services?
I know I can use the CMS adapter for Microsoft CMS. I'd love to hear your experiences with Fogbugz.
I'm guessing that watching the database for changes would be the best way to do it. That way, you could post any changes you saw happen in the FogBugz database through other Biztalk adapters.
Please keep us updated with what you decide to do - I'd be interested to hear about it.
Version 6 of the FogBugz API is pretty well documented at http://www.fogcreek.com/FogBugz/docs/60/topics/advanced/API.html. The API is implemented as an ASP page that accepts GET or POST params and returns XML after a user has been authenticated.
So, we can use the HTTP Send Adapter to POST requests to the FogBugz system, either updating bug records or retrieving information. The response from the API call is basic Xml that will be returned in the response body that can be read by BizTalk as necessary.
Be aware that the HTTP Send Adapter can only POST data - it cannot use the GET verb (http://msdn.microsoft.com/en-us/library/aa561642.aspx)
Isn't FogBugz based on a SQL Server Database? Or do you use a hosted alternative?
If it's using a SQL Server you're controlling I'd just tie up two send ports to the process that read and handles the "FixBugMessage". One send port that uses the CMS Adapter and writes to the CMS and another that just uses the SQL Adapter and via an Stored Procedure writes to the FogBugz database.

Resources