|
|
|
I have a Windows forms app which uses WCF services. Our application sends messages using one of our WCF services to specific users running our client, so our callback “http:” string is dynamically constructed each time a message is sent to a user. It includes the server IP address and port (126.221.97.105:701) onto which the current user is logged, the user’s id (56281), and the client GUID (7392d27a-e4a0-42e2-89a3-adc332e28934). So, a typical callback “http:” string looks like this:
http://126.221.97.105:701/CmesCns/CALLBACK/56281/7392d27a-e4a0-42e2-89a3-adc332e28934
We have an http namespace (http://+:701/) on our client and the group “Everyone” is tied to this namespace with all of the access permissions checked (GenericAll, GenericExecute, GenericRead, and GenericWrite). We use “http namespace” to create our namespaces.
Our application has been in production (on Windows Server 2003) for a few years and everything is working fine.
We have recently converted our application to run in the Windows 2008 server environment. The “Target Framework” in each of our projects is set to the “.NET Framework 4.0”. Our application works fine on my Windows 7 developer workstation. That is, I am able to receive messages from our WCF service, but when I place our application onto our Windows 2008 server and I attempt to run the application, I receive the following error message:
“There was no endpoint listening at http:// 126.221.97.105:701/CmesCns/CALLBACK/56281/7392d27a-e4a0-42e2-89a3-adc332e28934 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.”
The http namespace (http://+:701/) exists on my developer workstation and on my Windows 2008 server. The group “Everyone” is tied the namespace on my Windows 7 box and on my Windows 2008 server, and all of the access permissions are checked (GenericAll, GenericExecute, GenericRead, and GenericWrite).
Our team has been trying to resolve this error but we are unable to do so. Would anybody have any ideas on why this would work on our Windows 7 workstations, but not on our Windows 2008 servers?
Any help is greatly appreciated!
Kevin
|
|
|
|
|
hi i am wondering if its possible to include a patch like .net framwork 4 or ms agent hotfix in a application setup wizard.? hence user dont need to install seperately
|
|
|
|
|
neodeaths wrote: if its possible to include a patch like .net framwork 4
That's not a "patch", but a prerequisite; the app will need the framework (which is a new version, not a patch on 3.5) and the wizard can include those. We got an article on the subject[^].
As for MS-agent hotfixes; if they are executable files, you could include them as a "custom action", described here[^].
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
Following code snippet may look weird, but it is a very simple method to reproduce the problem of a complicated interaction with a different application.
The example application has two forms, both forms register FormClosing and FormClosed events, just doing a Debug.WriteLine there.
The Main function does:
[STAThread]
static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Form2 form2 = new Form2();
form2.Show();
Application.Run(new Form1());
}
When I close Form2, I receive the events as expected. When I close Form1, the application exits and Form2 gets closed too. But: the events of Form2 do not occur.
I overrode the WndProc of Form2. When I close Form2, I receive
15.10.2012 10:25:04 WndProc - WM_CLOSE
15.10.2012 10:25:04 OnClosing
15.10.2012 10:25:04 Form2_FormClosing
15.10.2012 10:25:04 OnClosed
15.10.2012 10:25:04 Form2_FormClosed
...
15.10.2012 10:25:04 WndProc - WM_DESTROY
...
15.10.2012 10:25:04 WndProc - WM_NCDESTROY
When I close Form1, Form2 does not receive a WM_CLOSE. But WM_DESTROY and WM_NCDESTROY are received.
What is the reason for that strange behavior?
|
|
|
|
|
Bernhard Hiller wrote: What is the reason for that strange behavior?
Form1 is the MainForm. When it closes, the application terminates.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
Hello
I have been programming for something like 3 years in VBA - Excel and trying to move to VB.Net, The reason I want to move to .Net is basically because of security issues (I really enjoy programming to help excel users) and because I believe for sure that using .Net framework is a more robust platform and I will be able to keep working with excel users and also start programming new things.
I need some clarification about .Net Framework security. I have been searching the web the last week reading and understanding how I can protect connection strings and realize (I think) that the best way is by encrypting the app.config connectionstring section.
But now I am really frustrated because I made a very simple test and then I myself tried to hack my application and it was very, very simple to reveal the connection strings.
The reason I am asking is because may be I am misunderstanding something and I want to clarify if it is really that simple to hack the connection strings? And obviously get advice if I am doing something wrong…?
If I am right…, let me ask you if there is a way to really protect a connection string from being read in a windows application that will be in the user computer?
I also think and to encrypt a simple .xml (Not an app.config) with the connection strings but this will be useless because in order my app can decrypt the .xml, the app needs to have the decryption sub inside the .exe or a .dll and with any decomplier a hacker can read the code and copy the decrypt sub to decrypt the .xml.
I have also read there are a lot of code ofuscators but they are expensive and at this point I only want to know if it possible to really protect a connection string.
Please HELP… I am getting mad trying to figure it out!!!
Let me explain the test I did:
1.- Create a windows test app with 2 buttons and 1 app.config
App.config:
<?xml version='1.0' encoding='utf-8'?>
<configuration>
<connectionStrings>
<add name ="sourcepath" connectionString ="valid url path"/>
<add name ="finalpath" connectionString ="valid desktop path"/>
</connectionStrings>
</configuration>
Button 1:
Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
Try
Dim path As String =ConfigurationManager.ConnectionStrings("sourcepath").ConnectionString
Dim path1 As String = ConfigurationManager.ConnectionStrings("finalpath").ConnectionString
' Download file from web server to my desktop
Dim fileReader As New WebClient()
fileReader.DownloadFile(path, path1)
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
Button 2: I just copy ToggleConfigEncryption sub from http://msdn.microsoft.com
Private Sub Button2_Click(sender As System.Object, e As System.EventArgs) Handles Button2.Click
Call ToggleConfigEncryption("WindowsApplication4.exe"
End Sub
Sub ToggleConfigEncryption(ByVal exeConfigName As String)
' Takes the executable file name without the .config extension.
Try
' Open the configuration file and retrieve
' the connectionStrings section.
Dim config As Configuration = ConfigurationManager. _
OpenExeConfiguration(exeConfigName)
Dim section As ConnectionStringsSection = DirectCast( _
config.GetSection("connectionStrings"), ConnectionStringsSection)
If section.SectionInformation.IsProtected Then
' Remove encryption.
section.SectionInformation.UnprotectSection()
Else
' Encrypt the section.
section.SectionInformation.ProtectSection( _
"DataProtectionConfigurationProvider")
End If
' Save the current configuration.
config.Save()
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
2.- Run app, press button 2 to encrypt app.config connectionstrings section, press button 1 to download file, open app.config with notepad and verify the section is encrypted. So far, so good!!!
Now to hack my own app did the following.
1.- Download JustDecomile a free .Net decoder from internet
2.- Open my app with Just Decompile and I was able to read from button 1:
Dim path As String =ConfigurationManager.ConnectionStrings("sourcepath").ConnectionString
Dim path1 As String = ConfigurationManager.ConnectionStrings("finalpath").ConnectionString
3.- create a new app with following code: (I just copy paste from Just Decompile to new app and add msgbox line)
Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
Dim path As String = ConfigurationManager.ConnectionStrings("sourcepath").ConnectionString
Dim path1 As String = ConfigurationManager.ConnectionStrings("finalpath").ConnectionString
MsgBox(path & " " & path1)
End Sub
4.- Compile the new application.
5.- Copy the new application to test app directory
6.- Rename the new application with same name as test app (Maybe not necessary)
7.- Run the new app and I got a message box with the connection strings in 100% readable text!!!
|
|
|
|
|
Perhaps this article might be helpful:
Securing Connection Strings[^]
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Thanks for answer Richard. I have already read that article and as far as I understand it takes me again to encrypt the way I already did but I know encryption is not an easy issue and I am reviewing again the articule and see if I miss something. I will let you know.
|
|
|
|
|
Did you hack your program by going into the dll?
Well that works well, you need to obfuscate your dll and protect your code look up dotobfuscator
|
|
|
|
|
Member 8389571 wrote: I only want to know if it possible to really protect a connection string.
However you didn't really address the issue of understanding security first and then finding implementations (plural) that meet the needs of a specific application and business.
So can you encrypt a connection string? Yes.
Will this guarantee security? No.
|
|
|
|
|
So I'm quite comfortable with shallow and deep cloning for value and reference types but want to check how this plays out for an array of a value type.
I have a 2D array of double and since the array contains value types I think the Array.Clone method (whilst only guaranteeing shallow copies) will give a deep copy in this instance. Am I right?
Private _matrix as double(,)
Public Function CopyToArray() as Double(,)
Return Me._matrix.Clone()
End Fucntion
Public Function Copy() As Matrix
Return New Matrix(Me.CopyToArray())
End Function
Public Sub New(ByVal array As Double(,))
Me._matrix = array
End Sub
The constructor assumes that the user wants to assign the 2D array of double(,) they have already created to the new matrix instance and hence doesn't use Array.Clone (and since the array is a class and is therefore a reference type, ByVal essentially has no meaning in this context). Did I get that bit right?
Thanks,
Mike
|
|
|
|
|
It will copy the values. Now tell me, is that shallow or deep?
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Now tell me, is that shallow or deep?
Taking the question seiously for a moment, for copy/clone of value types or arrays of a value type, shallow == deep. For reference types, copy/clone shallow != deep.
So, last question, since an array is a reference type then there's a vast difference between these two alternatives:
Private _matrix as double(,)
Public Sub New(ByVal array As Double(,))
Me._matrix = array
End Sub
and
Private _matrix as double(,)
Public Sub New(ByVal array As Double(,))
Me._matrix = array.Clone
End Sub
Whereas with an array of reference types there would only be a subtle difference?
Mike
|
|
|
|
|
Mike-MadBadger wrote: for copy/clone of value types or arrays of a value type, shallow == deep
Mike-MadBadger wrote:
Private _matrix as double(,)
Public Sub New(ByVal array As Double(,))
Me._matrix = array
End Sub
Would assign the pointer to the array to "Me._matrix". (Both in case of value- and reference types)
Mike-MadBadger wrote:
Private _matrix as double(,)
Public Sub New(ByVal array As Double(,))
Me._matrix = array.Clone
End Sub
Would create a copy of the values (shallow, again for value and reference-types)
Mike-MadBadger wrote: Whereas with an array of reference types there would only be a subtle difference?
In the case of value-types, the result would be identical; you'd end up with an array of values. For reference-types, it'd be similar; version one assigns a pointer to the array, version two copies the structure of the array (and thus, all pointers to references it contains) and you end up with an exact copy of the list, still pointing to the original objects.
A shallow copy of an Array copies only the elements of the Array, whether they are reference types or value types, but it does not copy the objects that the references refer to. The references in the new Array point to the same objects that the references in the original Array point to.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
Apologies for the delay, been busy leaving work ready to move to a new country !!
I think we are absolutely agreeing but saying it in different ways, so for clarity I wanted to check this comment:
Eddy Vluggen wrote: In the case of value-types, the result would be identical; you'd end up with an array of values.
I don't understand the identical bit. In the first case you have a pointer to an existing instance of an array in the second case you create a new instance of an array with the same structure as the one you cloned? Perhaps pedantry but in this case, at least for understanding, forgiveable pedantry I feel...
That's what leads to clarity over the value / reference difference.
In the value case the new array structure contains new, independent value 'objects'.
Whereas in the reference case the new array structure contains new, independent pointers to the same object instances that the pointers in the original array pointed to.
Mike
|
|
|
|
|
Mike-MadBadger wrote: been busy leaving work ready to move to a new country !!
Getting ready for adventure? From where to where?
Mike-MadBadger wrote: I don't understand the identical bit. [..] Perhaps pedantry but in this case, at least for understanding, forgiveable pedantry I feel...
It's not pedantry, but being precise.
Mike-MadBadger wrote: In the first case you have a pointer to an existing instance of an array in the second case you create a new instance of an array with the same structure as the one you cloned?
Exactly
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Getting ready for adventure? From where to where?
UK (Reading) to France (Lyon).
Same industry, different company, family et al in tow. It certainly will be an adventure. Thanks for asking.
|
|
|
|
|
Good luck and enjoy
|
|
|
|
|
As to whether that difference is *important*... well, that completely depends on what you do with them.
Say you have a User object and this involves the concept of a list of Favourites (products, girls, doesn't matter). It'd probably be a List<Favourite> rather than a Favourite[], but no matter. The point is if for some reason you wanted to let one user copy another user's favourites, what should you do? Just point to the same list? Or make an actual copy of the list? Surely you should copy it, that way if user A subsequently edits his copy, the other one is not affected.
What about the Product objects themselves? Well, there's no need to clone them unless they "belong" to the user. If they are shared, you could happily point to the same Products, and both users would see any changes to products they have in their respective lists.
--
I know this isn't the right forum for it, but I gotta ask: Are you really from Hell, Eddy? A lot of English speakers claim they're from Hell, but most of them don't even know where it is! Look up "Hell, Stjørdal, Norway" on Google Maps, and you won't be one of them.
It depends. It *always* depends.
|
|
|
|
|
dojohansen wrote: The point is if for some reason you wanted to let one user copy another user's favourites, what should you do? Just point to the same list?
I'd serialize the list, as the user won't be sharing my PC's memory The most obvious route would be XML.
dojohansen wrote: I know this isn't the right forum for it, but I gotta ask: Are you really from Hell, Eddy?
It *depends*; if you mean the physical Hell from Norway, I hope to spend my old age there. Not only is it a very low-populated area, one also gets a 6-month night! I heard that one can even get there by train, and internet can probably be arranged too
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
Hi everyone. I have picked up some great tips and tricks from this website and as a consequence I have pretty much finished my desktop SMS project.
I have asked this question in the .net section as my project is written in such. However, my question is more about the possibilities and practicalities of SMS forwarding as there seems to be a few experts on the general subject here.
my .net project can send and receive SMS text messages through most GSM modems attached to the PC via usb or bluetooth. These text messages are then inserted into SQLServerCe database where certain actions are performed on the messages.
However, I now have a problem. I have seen a a program called SMS Enabler which has the function for setting up a forwarding number. At first I thought it was just a case of taking the received message and then automatically resending it to a stated number.
However, this is not the case as by doing that you are incurring the cost of that SMS as you would for any SMS sent.
This software will forward your SMS to the stated number at no extra cost. I could be wrong, but this might be called "bouncing" the sms onwards. Perhaps it works a bit like call forwarding?
Does anyone know how this might be achieved where an SMS is received by the software and then is auto forwarded to another number at no extra cost (except perhaps to the sender)?
A description of the forwarding by the aforementioned software can be found here: http://smsenabler.com/forward-incoming-sms-to-another-number.html[^]
Many thanks for your help.
|
|
|
|
|
Hi,
I'm using Visual Studio and ASP to generate a web page. On it is a Gridview with several columns. I want to have access from JavaScript to change data client-side in one of those (non-key) columns. So I used:
<asp:TemplateField HeaderText="Percentages">
<ItemTemplate>
<asp:Label ID="PERCSIT" runat="server"></asp:Label>
</ItemTemplate>
<EditItemTemplate>
<asp:TextBox ID="PERCS" runat="server" Text='Even geduld a.u.b.'></asp:TextBox>
</EditItemTemplate>
<ControlStyle BackColor="#00CC00" Width="35px" />
</asp:TemplateField>
However, when this is rendered, no ID is generated since it is neither a data-bound nor a key column, just a <td> tag.
So my question is: is there a way to force the rendering to generate an ID anyway, so it can be manipulated from JS?
Thanks in advance,
Jur.
modified 5-Oct-12 10:34am.
|
|
|
|
|
AtALossHere wrote: when this is rendered, no ID is generated sin
ID of what? Every control would have an ID so that you can access it on client side. The snippet shared above has two controls and I see ID defined for both of them.
Please add ID at the time of placing controls and you can access column value associated with that control at runtime.
|
|
|
|
|