How to secure database access in mvc web application - sql-server

I am developing a web application in ASP.NET MVC, iOS and Android app using Xamarin that would have a common SQL Server database. I would want to develop a common layer/object that will have functions and methods common to all applications. I am also concerned about database security. I would want understand is there any other way in which this can be achieved.
I planning this roadmap :
I will develop web service or WCF services and host on a server, applications will communicate with these services and services will communicate with DB server.
If I develop web service or WCF service and host on a server, I want to prevent direct access and attack.
Which is better for my applications, web service or wcf service?
Masters please guide me.

Related

How can we user NserviceBus with WcfRest using SqlServerTransport?

I want to create a WCF Rest Application using NserviceBus and also i want use SQLServer transport.
Kindly help me ..Give me some Proper Code
NServiceBus V5.x - SQL Transport V2.x
The following sample shows you how to setup the SQL transport:
https://github.com/Particular/docs.particular.net/tree/master/samples/sqltransport-nhpersistence/Version_2.2
Hosting in IIS
NServiceBus can be hosted in IIS without any issues. Especially with a central broker transport like SQL, RabbitMQ, Azure Storage Queues or Azure Service Bus.
http://docs.particular.net/nservicebus/hosting/#self-hosting-web-hosting
NServiceBus can be hosted in any web technology that support .NET. This includes:
ASP.net
ASP.MVC
WCF
Web API
NancyFX
And many others.
As most web technologies operate in a scale out manner NServiceBus is usually hosted in a "Send-only" manner. In this mode they act as a "forwarder" of messages rather than the "processor". So the handling code (MVC controller, NancyFX module etc) of a given web request simply leverages the Bus send APIs and no processing is done in the web process.
Hosting in IIS does have some concerns as application pools by default don't startup automatically and can be recycled or even stopped. Any messages send to such an IIS hosted endpoint will not be processed until the application pool is started again.
MVC
The following samples demonstrate how to initialize NServiceBus and how to use it from MVC
http://docs.particular.net/samples/web/asp-mvc-application/
http://docs.particular.net/samples/web/asp-mvc-injecting-bus/

About AngularJS performance with large application specifically an ERP application

Our team want to choose a technical architecture for our future ERP web application. We have fixed the choice for the back-end layer, actually we'll use Spring Data JPA/Hibernate and CXF web service to develop the service layer.
Right now we're a little confused about the font-end framework to use so as to develop the client layer. Can anyone give me his viewpoint about AngularsJS framework, is it possible use it to develop all the front-end layer including soap and rest web service calls? Will it fit with our ERP application? I mean from a performance standpoint? because there is a lot of data that will be saved in the client side? Working with Javascript in the client layer? Doesn't it slow down the treatment inside the application?
Hey we are developing a hybrid application for data logistics which is connected through webservices and a Database with the ERP System.
We are using angularJs / Ionic Framework / Cordova
For saving data on the ClientSide we decided to use Localstorage / our own setter/getter Service and WebSql since we are doing offline Functionality too.
Our app is growing big and we have no Performance issues what so ever currently we have about 80 different views.
Hope this helps you

Azure Web Site with Push notifications

I'm trying to develop a Windows Phone 8 app. I've created a Web Site in a Windows Azure account which is an MVC 4 project with REST endpoints. I've got an SQL database in Azure to store data from the Azure Web Site. Ocassionaly, I want my application to send PUSH notifications to mobile phones. So I've created a Mobile Service and I've linked the SQL database with the Mobile Service's database in order to have got the same data for the web page and the service.
I though that when I send an HTTP POST to the web site, the script in the database from the Azure Mobile Service would be launched but it looks not to be true. Isn't it? Because of that, I would write in the controller of an HTTP POST endpoint the code to send the data to the Mobile Service endpoint in order to launch the JavaScript code to send the Push Notification.
Is that the right approach for my goal? Is there any way for sending PUSH notifications from an Azure Web Site or it is only allowed from a Mobile Service?
My last question: Do you know any books or blogs about development in Windows Azure? On the Internet there is lots of documentation but principally those are get started tutorials. I've read some books but those are really complex, boring, and not really practical.
As your website MVC4 based and is running on Windows Azure using SQL Database as backend, I will guess that it is based on ASP.NET and i will write my suggestion based on that.
Now about your question "Is there any way for sending PUSH notifications from a Azure Web Site or it is only allowed from a Mobile Service?" I would say, Azure Mobile web services are designed for the same purpose for any service running on Windows Azure to send push notification on multiple of platforms. Application developer can choose to use Mobile Services to expedite their development as well as have multiple application using the one single service for such objective.
However as you mentioned "Is there any way for sending PUSH notifications from a Azure Web Site" this is not depend on "Azure web sites" instead it is depend on what development technology you are using with your Windows Azure Application. For example in ASP.NET your can use SignalR implementation if your application is based on Java, PHP, Python, Node,js etc then you can find some other run time specific real time implementation. If you look around for websockets you will find implementation in almost every popular language or look for comet programming on this regard. Not only that you can use some of the popular 3rd party applications for this purpose as well. i.e. pusher or any other.
While Windows Azure Mobile Services will give you the best results on Windows Azure platform as it is designed to provide such specific functionality for applications running on it.
Recently released: Azure Notification Hub
http://msdn.microsoft.com/en-us/library/windowsazure/jj927170.aspx

Problem Publishing WCF Ria Application Over Citrix Access Gateway

We currently have a silverlight app, one that uses "vanilla" wcf services and one that uses WCF Ria Services.
We publish the application via a citrix access gateway (secure web proxy).
The SL app that accesses the WCF Service works fine, but the RIA one fails with a ton of "response invalid" errors.
If you browse to the service url of either service (using the citrix url), then you see the WCF Service description fine.
Does anyone have any idea of any special config needed to enable WCF RIA Service apps to work over a Citrix Access Gateway?
Can you change the endpoint of the WCF RIA client proxy? Because I suspect it is trying to go to http://your.website.com/yourApp/yourService.svc when it really needs to go to http://your.website.com/cvpn/BIG_HASH_HERE/yourApp/yourService.svc. I have had to jump through some hoops to explicitly support the Citrix Access Gateway in a Silverlight app that I am working on at the moment (will come back later and possibly elucidate further when I have reviewed the code).

Access Windows Azure API via Silverlight?

I am interested in the best practices to access Windows Azure API from a Silverlight application? I am pretty sure as an experienced developer it will require me to build a back end web service that silverlight can then use as an interface between Azure API and Silverlight. But I am concerned with speed and security...For instance I am guessing I can use WCF, but what is the fastest way to get this communication to occur?
Also this is an assumption on my part that a webservice is needed, is there any support from Azure for Silverlight? I couldn't find anything on Microsoft site about this, only how to host a Silverlight application on your Azure Storage Blob which is not what I am asking...
Thanks!
Your assumption is correct. You will have to create a web service (wcf is considered best practice) that exposes the methods in the Azure API that you want to access.

Resources