We are testing application which is implemented using Silverlight. The development team has used CSLA for encryption and decryption of request and response body. A message body is in an encrypted format, we are facing issues for co-relation and parameterization.
Anyone having experience of load testing for such kind of application? We are using VSTS 2015
Csla is not an encryption; rather it is a framework for development of business objects. One of the key features is that the object can move across the network, so that the same business rules run on both the Silverlight client and the Asp.net server (which is where you data access will occur). It does this by serializing the objects using HTTP, WCF or some other protocol back and forth.
If the calls you are load testing do not require a user to be authenticated, you should be able to capture them with something like Fiddler and replace them. If the calls are authenticated, you may encounter issues as Csla automatically can serialize the Silverlight appdomain's IPrincipal so its available on the server as well. That may or may not cause problems with your load testing, but it would depend on how exactly the authorization and authentication was implemented.
Related
I want to send simple data (geolocation data to be precise) from Windows Phone 7 application to a windows forms application and use it, as I'm a total beginner in this field I don't know which tools to use.
I searched about wcf services and tested this method but there's some issues: the data is sent from the phone application but isn't sent to the winforms application (guess something is missing)
If your know how to do this in a quick way, or have good tutorials I'll be thankful.
EDIT
I found this tutorial, it show how to connect directly wp7 application and desktop application without using sockets neither wcf service, I'm wondering if it is really works if the application isn't in localhost.
the like for the tutorial: wp7 tutorial
I had a similar problem and so I created a REST/JSON WCF service hosted in IIS with AppHarbor to provide the data. There's hundreds of ways to do it (Ruby/Heroku, etc..), but that particular one fits well within the Microsoft stack. I also needed to share route data and I used the WCF service to wrap the BingMaps services so that route computations are cached and shared. Considering that I had already created a local model, moving it out of my phone project into a service took less than a few hours (including the usual config hiccups, and forgetting to add the appharbor user to my bitbucket repo).
Consuming the service from WinForms (or any client) shouldn't be an issue as the service knows nothing about the client implementation.
Here's a tutorial from code project. REST WCF Service with JSON
I think you would need to implement some sort of server side solution which you could upload to on your Windows Phone and download from on your Windows Form application. This could be achieved using a WCF service which was connected to a server side database.
Another option would be to use sockets and communicate directly with your WinForms application. Check this tutorial on how to use basic sockets on WP7.
I have a Silverlight application and I would need to be able to get data from practically any webservice. I'd like to provide the functionality for the user to specify an URL of a webservice during runtime, then my app would discover the service and offer some UI to select the webmethod and fill the necessary parameters. Then the user could call the webservice and the app would display the data on the UI.
How can I achieve this?
I assume you mean a SOAP web service? There are many components in .NET that you would normally want to use for this (e.g. WCF's metadata download and client proxy generation functionality, based on CodeDOM, as well as various classes for dealing with WSDL and XSD schema). Unfortunately, these are not present in Silverlight. So, I can think of two approaches:
1) Manually implement a general-purpose SOAP client in Silverlight (i.e. manually implement metadata download, WSDL parsing, XSD parsing, etc) - this will be very difficult unless you can find some existing code for this that you can adapt to Silverlight (and even then it's probably still very difficult)
2) Do it through the server. The server will do all the difficult parts, and Silverlight will just display the UI. Still not an easy task, but possible; You can start by reverse-engineering how the WCF Test Client application works by using Reflector and go from there.
I've got a Silverlight application that will be running out on the open internet, available to basically everyone who has ever lived.
The application makes use of RIA Services to manipulate data in a database on the server.
The application creates, reads, updates, and deletes data of different varieties, however I only want these operations to occur from within the application.
This brings about two questions:
Is there a particular recommendation for what type of Authentication to use? Forms or Windows?
Is there a way to prevent someone from "linking" to the application? That is to say, copying the HTML from the containing page, pasting it in their own HTML page on their local machine and running it? The end goal would be to only allow the application to be run when it is embedded in a page requested directly from my server and my server alone?
If your application is being used on an internal network, then Windows authentication is best. Otherwise (as is your case) use Forms authentication.
Silverlight automatically prevents applications (unless they're running with elevated trust) from accessing resources on the Internet (web services, HTML, etc) that are not from the domain that the application originated from, unless that domain has a cross-domain policy file in its root. The Silverlight runtime prevents this (not the server), so this a client based security feature - not server based. By not having a cross-domain policy file in place on your server, your application will only be able to communicate with your domain services when it is run from your server (as you are after). The application will run, but calls to those services will fail.
You could always do a check for what domain the application originated from in code, and match it to a hard-coded domain name if you want to prevent the application running at all from other domains.
Hope this helps...
Chris
I have googled a bit for how I should handle security in a web service application when the application is basically the data repository for a Silverlight application, but have gotten inconclusive results.
The Silverlight application is not supposed to have its own user authentication, since it will be reachable only through a web application that the user have already authenticated to get into.
As such, I was thinking I could simply add a parameter to the SL application that is a cookie-type value, with a certain lifetime, linked to the user in the database. The SL application would then have to pass this value alongside other parameters to the web services. Since the web service is hopefully going to be a generic web service endpoint, few methods, adding an extra parameter at this level will not be a problem.
But, am I supposed to roll this system on my own? It sounds to me as this isn't exactly new features that nobody has considered before, so what are my options?
First of all use SSL for the service. Otherwise users will be able to capture all the parameters passed to the service. It's still possible to see it in case of https but it will be a little bit more difficult.
Also, consider using Message Inspector for adding custom headers to the messages which you will validate on the server. This way you will not need to add extra parameters.
We have a Silverlight app which we wrote which calls a Silverlight-enabled data service. The Silverlight app cannot require a login, as it is required to present data to the unauthenticated public.
We have some schmoe who took the time to examine our Silverlight app, one way or another figure out what service it is calling, and then wrote his own client to slurp off the data so he can post it on his site and pretend like it is his. We need to prevent this.
How can i limit my data service somehow to ONLY accept requests from my silverlight app? I tried using the allow-from domain uri setting in the clientaccesspolicy.xml file to limit access to the service only from the domain in which the silverlight app sits (say mydomain.com). This did absolutely nothing though, and the service is still serving up requests to clients from outside the domain. (I tested this by putting my SL app on a different domain under our control).
What is the proper/best/most effective way to limit the data service so only our app can use it? Thanks!!!
I'm using SL 3 and .NET 3.5.
The clientaccesspolicy.xml tells the Silverlight application which Webservice it can consume. Not preventing people accessing the Webservice.
You can try using a authentication login even though its not required. This prevents 'schmoes' accessing your webservice.
Also use Dotfuscator to prevent 'schoes' to disassemble your Silverlight application and acquire the login.
Silverlight webservice security follows the same patterns you'd use for ASP.NET security, especially services exposed to AJAX. The best way to do make use of ASP.NET's authentication.
RIA Services is an even better way to handle this. It rides on top of the ASP.NET authorization, but validates on both the client and server-side automatically to combat service spoofing. It let you take care of both client and server-side authorization by adding attributes to your methods indicating that the method requires authorized access, and by which groups or users if you need to be specific.
In addition to wire-side security and obfuscation, remember that clients can attach a debugger to Silverlight applications running in their browser. See this example from MSDN Magazine's Security IQ Test, November 2008.