I am working on the Licence Key for activating Web application. Which could deployed on Physical server, virtual server, Shared hosting Server and (Azure cloud hosting) Native Cloud Server. This product is issue to one User at one Time.
I created the window Application Which tacking hardware Finger print current server and creating the licence key to the Web application. which store Hardware Finger print, Time period of Licence key issue. Which is fine in the Physical Server. it is Not Going to be Change.
This is The Code For Detecting the Hardware Print Link
I am Detecting
Manufacturer
BiosId
DiskId
BaseId
VideoId
MacId
Now issue is that i can't use this Approach to the Virtual server and (Azure cloud hosting) Native Cloud Server.
Now I am trying to get
Static Ip Address
Domain Name
GUID By System
Location of File path (Where Application is install)
By using this four i am created the Product key. but still i don't know this for component is good to create unique Licence key.
Some Limitation i have found
if (Azure cloud hosting) Cloud server IP Address is Changed. it not have static IP
Address
How i can deal with the Internal IP address and External IP address
just i need to know which component i can used to create the key. or what strategy i can used when hardware component is changing on Cloud and Virtual server.
Each System have unique BIOS UUID. Which is unique in all the VM and System.
this below method is how we can detect the System is running in virtual pc
public static bool detectVPC()
{
using (var searcher = new System.Management.ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
{
using (var items = searcher.Get())
{
foreach (var item in items)
{
string manufacturer = item["Manufacturer"].ToString().ToLower();
if ((manufacturer == "microsoft corporation" && item["Model"].ToString().ToUpperInvariant().Contains("VIRTUAL"))
|| manufacturer.Contains("vmware")
|| item["Model"].ToString() == "VirtualBox")
{
return true;
}
}
}
}
return false;
}
Code for detecting the UUID:
public static string UUID
{
get
{
string uuid = string.Empty;
ManagementClass mc = new ManagementClass("Win32_ComputerSystemProduct");
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
uuid = mo.Properties["UUID"].Value.ToString();
break;
}
return uuid;
}
}
Which solve my issue. I tested this code by
in Virual pc
in Physical PC
Copy the virtual hard disk
created the clone of hard disk
i did test this code in the azure cloud and share hosting server
Related
Is there a way to list all the Mule applications deployed in a VPC in Cloudhub, and their private IP addresses as a report (maybe in Monitoring)? I know the private IP addresses are dynamic and will change, but is there a way to get such a report?
There is no built-in way to do that however you can gather the information together with a script or application. I can give you the high level direction. You need to get the list of applications for each environment associated with the VPC, get the deployment region to confirm that it matches the VPC region (just in case that multi region deployments are enabled) and the status to ensure it is running. You can use CloudHub 1.0 REST API: https://anypoint.mulesoft.com/exchange/portals/anypoint-platform/f1e97bc6-315a-4490-82a7-23abe036327a.anypoint-platform/cloudhub-api/minor/1.0/pages/home/
Then with the resulting list of applications you can query the DNS names used by CloudHub 1.0:
mule-worker-myapp.region.cloudhub.io to get the public IPs
mule-worker-internal-myapp.region.cloudhub.io to get the internal IP inside the VPC
Please bear with, I have a little experience in SQL but otherwise I am a complete newbie when it comes to programming/coding.
I have a database with Microsoft SQL server and I have downloaded Android studios.
In short I want to create a basic app that can have the ability to show data as well as update tables from my database. (app won't be a problem)
The question is, what would be the 'best' way to do to link database to my app? Bearing in mind I am not at a great technical level at the moment
I have been informed that linking to the database to the app directly may pose security risks but other than that I am a bit lost at how to get the information I need to get started...
Any information you can chuck my way will be greatly appreciated!!
First, you need to download JTDS drivers https://sourceforge.net/projects/jtds/
If you are not sure about how to set up watch this video as a reference https://youtu.be/UXy_phw5Psg.
To add jar files to your android studio:
Right-click on app > New > Module.
A window will open where you can find jar files when you scroll down.
Select the widget another window will open, find the location of your jar and select.
Finish. That is it you can start creating projects with SQL server after the build is finished.
Now after adding JTDS, you have to Add This Line In Your App Gradle File, x.x.x is the version of JTDS that you downloaded
dependencies{
implementation project(':jtds-x.x.x')
}
Now we are going to make a java class to connect SQL server and android studio. Remember this class is the heart of your every android project with SQL server.
Use Imports Correctly.
import android.annotation.SuppressLint;
import android.os.StrictMode;
import android.util.Log;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
public class ConnectionClass {
// Your IP address must be static otherwise this will not work. You //can get your Ip address
//From Network and security in Windows.
String ip = "000.000.000.00";
// This is default if you are using JTDS driver.
String classs = "net.sourceforge.jtds.jdbc.Driver";
// Name Of your database.
String db = "MyDB";
// Userame and password are required for security.
so Go to sql server and add username and password for your database.
String un = "username";
String password = "passw0rd";
#SuppressLint("NewApi")
public Connection CONN() {
StrictMode.ThreadPolicy policy = new StrictMode.ThreadPolicy.Builder()
.permitAll().build();
StrictMode.setThreadPolicy(policy);
Connection conn = null;
String ConnURL;
try {
Class.forName(classs);
ConnURL = "jdbc:jtds:sqlserver://" + ip + ";"
+ "databaseName=" + db + ";user=" + un + ";password="
+ password + ";";
conn = DriverManager.getConnection(ConnURL);
}
catch (SQLException se)
{
Log.e("safiya", se.getMessage());
}
catch (ClassNotFoundException e) {
}
catch (Exception e) {
Log.e("error", e.getMessage());
}
return conn;
}
}
Strict Mode:
StrictMode is a developer tool which detects things you might be doing by accident and brings them to your attention so you can fix them.
StrictMode is most commonly used to catch accidental disk or network access on the application’s main thread, where UI operations are received and animations take place. Keeping disk and network operations off the main thread makes for much smoother, more responsive applications.
Orignal link to this is guide is https://life-news.blog/2018/09/24/connect-sql-server-with-android-application-jdbc-driver-integration/
I have an asp.net mvc web site on an intranet. Access to the site is determined by groups in active directory. There are 4 different groups each having different access in the site. I have been having occasional problems with the site running slowly. The site will run fine for several days then suddenly slow to a crawl. I have both a test site and a production site. When the slowdown occurs both sites are affected equally. I also have a site that test site that has no active directory access and it runs with no problems while these two sites are crawling. The sites I am having trouble are running under a user account because the application has to reach out to another share on the intranet in order to print and merge pdf files. The sites are running under the same application pool. When the problem occurs, all pages are equally slow even pages with no database activity. When the problem occurs I reset IIS, restart the web sites, and recycle the threads. The only thing that actually resolves the problem is restarting the server. Sometimes it takes a additional restart to get the site back to normal. Here are a few things I have tried. It seems the problem is occurring less often but still occurs.
1. Reduce the numbers of times that I query active directory.
2. Reset IIS when the problem occurs. This has not been helping.
3. Recycle application pools.
4. Restart the sql server service
5. Made sure fully qualified names are used when referring to servers. This seems to have reduced the problems some. Not sure though. I am using IIS 7 on a windows 2008 server, 64 bit.
user = ConfigurationManager.AppSettings["TravelCardUser.AD_GroupName"];
approver = ConfigurationManager.AppSettings["TravelCardApprover.AD_GroupName"];
maintenance = ConfigurationManager.AppSettings["TravelCardMaintenance.AD_GroupName"];
admin = ConfigurationManager.AppSettings["TravelCardAdmin.AD_GroupName"];
testuser = ConfigurationManager.AppSettings["TestUser"];
List<string> adgroups = new List<string>();
adgroups.Add(admin);
adgroups.Add(approver);
adgroups.Add(maintenance);
adgroups.Add(user);
this.groups = adgroups;
List<string> groupmembership = new List<string>();
foreach (var group in groups)
{
if (!String.IsNullOrEmpty(testuser))
{
this.username = testuser;
}
else
{
this.username = currentloggedinuser;
}
using (var ctx = new PrincipalContext(ContextType.Domain))
using (var groupPrincipal = GroupPrincipal.FindByIdentity(ctx, group))
using (var userPrincipal = UserPrincipal.FindByIdentity(ctx, username))
{
if (groupPrincipal != null)
{
try
{
if (userPrincipal.IsMemberOf(groupPrincipal))
{
groupmembership.Add(group);
}
}
catch (Exception ex)
{
string theexception = ex.ToString();
}
}
}
}
Here is my ldap connection string.
<add name="ADConnectionString_UserRole" connectionString="LDAP://locationX/cn=TravelCardUser,ou=LocationXgroupsGroups,dc=acme,dc=us,dc=com" />
Ther server slows down every 3 or 4 days so I shut down the application pools to my applications and used Sysinternals to monitor process for 3 days.
http://technet.microsoft.com/en-us/sysinternals/bb896653
I am seeing that processes related to sequal server and team foundation server are grabbing resources but not releasing them. By the way I ran my asp.net code through Red Gate Memory Profiler and there are no memory leaks. Now I have to figure out what to do about the problem with memory usage.
I would like to create a C# WinForms application which will create web requests to servers that require username and password (Basic authentication).
I want to save the password locally (encrypted of course) on the machine that runs the application.
Basically, I need something that operates as Keychain in iOS, or "secure storage" in eclipse, only for .NET
I've found the Credential Manager in Windows, but all API examples are from .NET Framework V2.0
Isn't there a normal API from Microsoft about how to use it in C#?
Windows applications can use DPAPI for that, the Data Protection API, which stores secrets on a computer, encrypted (indirectly) with a user's login credentials. Any process that runs with the user's privileges can access this data. Optionally you can let the user add his own password (for this one item / secret) if you like (PrompStruct). The DPAPI is also accessible via C# (there are examples on the net).
You can store the credentials in a section in app.config and then encrypt the section (similar to what you'll do in web.config for a web application).
You can use SectionInformation.ProtectSection to protect the section, and SectionInformation.GetRawXml to retrieve the encrypted info (decryption is done transparently).
Example (taken from the MSDN article below):
static public void ProtectSection()
{
// Get the current configuration file.
System.Configuration.Configuration config =
ConfigurationManager.OpenExeConfiguration(
ConfigurationUserLevel.None);
// Get the section.
UrlsSection section =
(UrlsSection)config.GetSection("MyUrls");
// Protect (encrypt)the section.
section.SectionInformation.ProtectSection(
"RsaProtectedConfigurationProvider");
// Save the encrypted section.
section.SectionInformation.ForceSave = true;
config.Save(ConfigurationSaveMode.Full);
// Display decrypted configuration
// section. Note, the system
// uses the Rsa provider to decrypt
// the section transparently.
string sectionXml =
section.SectionInformation.GetRawXml();
Console.WriteLine("Decrypted section:");
Console.WriteLine(sectionXml);
}
http://msdn.microsoft.com/en-us/library/system.configuration.sectioninformation.protectsection.aspx
Here is what I've been trying to do
Build an ASP.NET MVC 3 application with forms authentication and active directory membership. The web server and database are different physical servers hence a double hop.
I thought the answer was this older article on constrained delegation and protocol transition? So far, I have not been able to get the technique to work.
I'm testing this from my DEV machine (Windows 7, IIS7) for the web server before deploying to windows 2008 (IIS7) in the production setup. Would windows 2008 make a difference?
What works and what fails
I'm able to login with forms auth and the AD membership. This seem to be working fine. When I try to make a database call using this code:
public void AsUser(Action action)
{
using (var id = new WindowsIdentity(User.Identity.Name + #"#example.com"))
{
WindowsImpersonationContext context = null;
try
{
context = id.Impersonate();
action.Invoke();
}
catch (Exception ex)
{
// ex.Message is The type initializer for System.Data.SqlClient.SqlConnection threw an exception
// buried inner exeption is Requested registry access is not allowed
}
finally
{
if (context != null)
{
context.Undo();
}
}
}
}
It fails with an exception leading me to believe I have setup issues on my local DEV server. The inner exception is Requested registry access is not allowed.
If I set a breakpoint and inspect the WindowsIdentity after the Impersonate() call I see that the ImpersonationLevel is set to Identification. This seems like a clue that it is not setup correctly. Can anyone confirm?
Am I on the right track and is this even possible to setup? Any pointers would be appreciated.
I think you are on the right track. You just need more troubleshooting work on your protocol transition setup.
I assume you configured your Active Directory membership provider correctly so that you can successfully logon your web page using the active directory user name and password. If that's not the case, please ignore the rest of my answer :)
From what I saw in your question, you got your user's token using S4USelf by WindowsIdentity. Then, you are using S4UProxy to pass the impersonated token to SQL server. Since you said you got ImpersonationLevel.Identification only, it means you failed to do protocol transition.
You need to understand that allowing one machine to do protocol transition in a domain is very high privilege. Granting a server to do protocol transition almost means that you trust that server to be almost like a domain controller. You need to consciously make this decision in AD to turn a server to have this ability and you have to be a domian administrator to make this change. If you haven't done this, you probably didn't setup your thing properly.
There are couple things to check.
First, make sure you selected "Trust this computer for delegation to specified services only" and then you picked "select Use any authentication protocol" on your service account. You may like to create a domain account. Here is a link on how to create a service account for ASP.NET. Remember, you need a domain account. After you created a domain service account, make sure you go to the delegation tab on that account and selected the correct options.
Second, you need to make sure SPNs are set properly. I realize that the link that you posted only mention the SPN of your ASP.NET service account. Actually, you also need to make sure the service account on your SQL server also set properly. Otheriwse, Windows won't use Kerberos authentication at all. It will fall back to use NTLM. There are a lot of details to setup a SPN correctly on SQL server. You can check here first and see if you have any luck. From my experience, most of the DBA don't know how to set them up properly. They don't even aware of it because most applications work fine with NTLM. You need to pay attention to the SQL server service account and the port number that it's using.
Third, you need to make sure there is nothing disabling your Kerberos delegation. Some sensitive AD accounts are by default not allowed to be delegated. For example, the built-in administrator account. So, you better use some other normal user accounts for testing purpose.
UPDATE
I just found another article teaching you how to setup the protocol transition for ASP.NET. It mentioned that you need to grant TCB right to the IIS service account in order to make sure it can create a Impersonation type WindowsIdentity. You can give it a shot.
Here the class I use. Also, you'll want to check and see if the process that the AppPool is running under has enough permission to do the impersonation since it is such a privileged activity. I would give the user account that the app pool is running under temporary admin privileges (dev box only of course) and see if it works so you'll know if it is a permissions issue.
public class ImpersonationHelper : IDisposable
{
private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_PROVIDER_DEFAULT = 0;
private WindowsImpersonationContext _impersonationContext;
private string _userName;
private string _domain;
private string _password;
[DllImport("advapi32.dll")]
public static extern int LogonUserA(String lpszUserName,
String lpszDomain,
String lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern int DuplicateToken(IntPtr hToken,
int impersonationLevel,
ref IntPtr hNewToken);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
public static extern bool CloseHandle(IntPtr handle);
public ImpersonationHelper(string domain, string userName, string password)
{
_userName = userName;
_domain = domain;
_password = password;
}
public void Start()
{
WindowsIdentity tempWindowsIdentity;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;
if (RevertToSelf())
{
if (LogonUserA(_userName, _domain, _password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, ref token) != 0)
{
if (DuplicateToken(token, 2, ref tokenDuplicate) != 0)
{
tempWindowsIdentity = new WindowsIdentity(tokenDuplicate);
_impersonationContext = tempWindowsIdentity.Impersonate();
if (_impersonationContext != null)
{
CloseHandle(token);
CloseHandle(tokenDuplicate);
}
}
}
}
if (token != IntPtr.Zero)
CloseHandle(token);
if (tokenDuplicate != IntPtr.Zero)
CloseHandle(tokenDuplicate);
}
#region IDisposable Members
void IDisposable.Dispose()
{
if (_impersonationContext != null)
{
_impersonationContext.Undo();
}
}
#endregion
}
Have you enabled Impersonation on the Windows 7 or Windows 2008 machine? This article covers how to set it up. http://technet.microsoft.com/en-us/library/cc730708(WS.10).aspx. Also, are you running 32-bit or 64-bit?
You should also check with your AD administration to see if Impersonation is allowed. My companies AD policies won't allow impersonation.
I think you have identified the problem but no one has mentioned it. The "double hop" issue is not going to allow you to do this. It's not possible. There are lots of people who have written about it such as Scott Forsyth.
When you authenticate to the IIS
server using Integrated
Authentication, that uses up your
first 'hop'. When IIS tries to access
a network device, that would be the
double or second hop which is not
allowed. IIS cannot in turn pass on
those credentials to the next network
device, otherwise the developer or
administrator could abuse your
credentials and use them in ways that
the site visitor didn't anticipate.
This doesn't occur with anonymous
access or with impersonation off
because in that case IIS takes care of
authenticating you and then it uses a
different user for local or network
access. This means that the app pool
identity or anonymous user can make a
network call as the first hop.
I think it's pretty clear that you cannot pass your credentials any further than the first connection.