We tried last night to build some code which would create a new public folder in Microsoft Exchange from within a .NET Winforms application.
Googling for code took us to a bunch of code samples involving http requests and WebDAV. We experienced all kinds of painfulness involving
The underlying connection was closed: Could not establish trust
relationship for the SSL/TLS secure channel.
and
The remote server returned an error: (440) Login Timeout.
and had to call it a day.
This morning I remembered that we had some old VBA code which used the Outlook Object Model to deal with Exchange Public Folders. Dug it out, adapted it to .NET and, hey, it works. Really it's just a couple of lines.
Is there a reason to use http & WebDAV rather than OOM? Are the WebDAV examples basically for ASP.NET development? If we could have got the WebDAV code to work in our case would it have given us any extra power or flexibility (e.g. in cases where the user has restricted permissions)?
See http://www.infinitec.de/post/2008/11/26/ExchangeWebServices-WebDAV-and-untrusted-server-certificates.aspx for the SSL thingy and http://www.infinitec.de/post/2004/12/31/Access-the-Exchange-store-via-WebDAV-with-Form-Based-Authentication-turned-on-Updated.aspx for the Login-Timout.
If you use the OOM, you rely on Outlook being installed and property configured (which can be somewhat difficult you have multiple profiles).
WebDAV ist a HTTP protocol, meaning that you have very little prerequisites. That being said, WebDAV for Exchange is a rather cumbersome protocol. There are, however .NET wrappers available (I can send you one which is free - just ping me through my website) which makes it easier.
But know that WebDAV for Exchange is only supported in Exchange 2003 and 2007. Since Exchange 2007, WebServices are available and there is even a managed API:
EWS Managed API - Download: http://www.microsoft.com/download/en/details.aspx?id=13480
EWS Managed API - SDK: http://msdn.microsoft.com/en-us/library/dd633710(v=exchg.80).aspx
Related
In a nutshell, my project consists of:
A secure RESTful API web service (hosted on Heroku), handling requests/responses for a database. It accepts & returns JSON data
A Unity desktop application, which doubles as a Twitch API chat bot, and communicates with the webservice to update the state of the game, as well as the state of the database.
IMPORTANT: This game is meant to be run by Twitch streamers, and played by users in Twitch chat
So my question is... Even though my web service is secure, what can I do to ensure that someone won't simply reverse engineer my Unity application to figure out how to properly communicate with my web server?
Encrypted HTTP traffic stops packet sniffing, but is a moot service if you can still use the same methods the application uses to interact with the data. Perhaps I'm being too paranoid, but there are plenty of tools out there that specifically target Unity & C# projects, so it really wouldn't take much effort.
One idea I had was to use the Twitch API to check if the user is actively streaming the game, and only allow them to start the game if the web service can't find a duplicate IP address in the database with an "isStreaming" flag set. This works in theory... but in practice, anyone can set up a fake Twitch account and a fake or "blank" stream on their machine, and then run some reverse-engineered code from the game.
Is there anything else I could do to minimize a hacker's ability to interact with my database?
The Simple Answer
Unity-compatible Code Obfuscation
Thanks to Unity's plugin system, there are actually some decent options for this. Some are paid options that exist in the Asset Store, as well as some 3rd party paid/free options that are simply unrelated to Unity (but could still work). Some of the free options, such as ConfuserEx, are also open source, allowing you to make custom code changes to how your work can be obfuscated.
The More Complex Answer
I made a simple C# Class Library and filled it with some pointless functionality (for testing)
I compiled a release build of the library
I obfuscated it through ConfuserEx using Aggressive settings (Maximum settings had Unity spitting out Invalid IL code errors)
I added an Assets/Plugins folder to my Unity project, and placed the compiled library there
I created a new C# script to test the library from within Unity
... And although the decompiled code was unintelligible, it still worked as expected within Unity. I used an IL/C# decompiler tool (such as JustDecompile) to compare the differences between the obfuscated binary and the original binary.
So if I really wanted to, I could follow these very same steps for all of my important bits of code (or even for the majority of my client project), as well as implementing any aforementioned security measures... And so hopefully, it's now going to be too much of a chore for anyone to understand the inner-workings of my project.
I am working on a project requiring communication between the Presentation layer (MVVM based client) and the Business layer. The application is to be installed on a single machine, and as such could have been executed using a .net remoting based approach. However, I have been suggested to use WCF since .net remoting is deprecated and WCF is the way to go.
So I implemented WCF Service as a WCF library project. I added a service reference (using visual studio tool by discovering services in the solution), which was successfully added on the client side. All works well, since during debug session visual studio launches the service library and the client can connect to it successfully.
Now Since the client and service host will be installed on same machine, I was thinking of using named pipes transport and self hosting for the WCF service. Here is where this gets very confusing to me:-
Since the MVVM client is the "main" app (since it is the application frontend), the client will be launched first. I am unable to come up with a solution to launch the service host "on-demand" when the client needs the same.
What are the solution I can use to do what I require for 1? I am not sure of using a continuous service through windows service for something that will be required "on-demand".
Please suggest clean approach to implement a way to launch "on-demand" service.
Thanks in advance.
I'm not quite following you here. MVVM is cake and really doesn't have anything to do with your problem. Using a servicebased architecture is a must today, I just want to smack every old guy/gal sticking to direct SQL on the client side, and don't see the dangers with that.
Well anyhow, you may solve this different ways. WCF is BIG, to big in my opinion. One way to use it, common on small applications like apps(WP8.1, 8.1 apps++), is just to connect, call the method you need and the close the connection. Case solved, given that I understand your needs. The otherway is to keep the session alive for each service... (ugh, loadbalancing etc).
I've been working on large LOB applications the last 4 years my self, what I can tell, is that if I were in charge, I would have done it very differently. For once I would used JSON endpoints with SSL over HTTP, and the json.net serializer. The datacontract serializer which is the default in WCF, is not good news at all. JSON allows easy communication with JavaScript based applications, and the serializer doesn't break like porcelain as the datacontract serializer does. Address/baseaddress may be stored in your config file, so it may be changed upon deployment(you probably have many servers, for different environments).
This is a really old post covering the subject(supporting SOAP aside JSON); REST / SOAP endpoints for a WCF service
Don't be stupid and just call your services directly now! Use the interface(Wrap if necessary) and feed it to your viewmodels for proper TDD! It will also allow you to completely replace WCF with another form of communication.
There also are alternatives to WCF.
IIS? Hosting WCF in IIS rather than a proper service? No way, flush that idea down the waterloo ;) (internal joke)
EDIT:
BTW: Your service must ofc already be running for your client to connect to it! Or nothing will be listening to your configured port. If you are selfhosting, you can use parameters to start in debug mode, that is start your service like a regular application you may debug. In Program.cs;
if (args.Length > 0 && String.Equals(args[0],"debugmode", StringComparison.OrdinalIgnoreCase)
{
Service1.Create(); // Debugging!
}
else
{
// Hosting
service = new Service1{ServiceName="YourService"};
ServiceBase.Run(new ServiceBase[] {service};);
}
Hope it helps,
Cheers,
Stian
I'd like to build a multiplayer web game application in which it supports chat. I presume the application will have to handle hundreds of simultaneous connections.
I'm planning to host my application in a shared web hosting, which has these limitations (most likely similar to PHP + Comet (long-polling) scaling / hosts):
It does not seem I can change the web server. Most likely it's using Apache.
Supports MySQL 5, PHP 5.3.x, Perl, Python, Ruby on Rails, CGI
(To be more precise, I'll be using HawkHost's shared web hosting.)
And here are my result of research, followed by my questions:
Some resources (like Python Comet Server) say that PHP is not good for handling concurrent connections, while Python is better choice. Is this true?
I've tried the long polling technique in PHP (although I don't know whether it's correctly implemented or not, like Comet issue with abandoned open connections) using "Loop endlessly until the data changes." method. This almost works. The remaining problem is that the server process never dies when the browser is closed (the server does not know that the connection has been terminated, and the data never changes). Is there any way the PHP can detect whether the browser has been terminated so that it stops the loop?
I've been looking everywhere to look for answers but still I can't conclude anything. This topic has also been asked on StackOverflow so many times, I'm sorry if I may sound repeating >.<.
Currently I am able to code using PHP, MySQL, and JQuery for JS. I'm still new to the term Comet and Server Push. If necessary, I'm also willing to learn new scripting language like Python.
I appreciate any insights of what scripting language, framework, and techniques to use to start my project.
When you have a shared hosting environment and there are a number of restrictions enforced then it's a good idea to outsource the realtime functionality. I would say this since I work for one such company, Pusher. But I hope others will back me up on this.
When using a hosted solution you can push a notification by making a HTTP request to a RESTful API. The service will then deliver the message to the connected Web Client (browser). The browser does need to include a script tag or use a library that also connects to the hosted service.
The main benefits are:
No installation or maintenance
No need to handle persistent connections - no resource usage
Really simple usage: Script tag in app and call REST API
The hosted solution handles scaling
Also, here's a list of hosted realtime solutions.
So you can use Python. Then you can use Tornado. (psst... facebook uses it)
And I had same problem with open connections. Just don't spend time for search solution in PHP - later you will be sorry. I was. Just use what is made for Comet. If you more prefere JAVA, then there is: CometD.
And for game get a normal hosting. They cheap this days.
I am working on an in-house, iOS app that will need read-only access to a SQL Server with multiple databases. I know the stock answer here is "write some web services", but I'd like a solution that is self-contained. Is there any way to directly connect to a SQL Server database from an iOS application? I'm thinking something like a basic ODBC connection.
I've seen a lot of users asking this question, but very few answers other than "write a web service." Is that really the only way?
A web service is indeed the only way, but Red Gate's written one you can reuse:
http://www.mobilefoo.com/iSqlServerSDK.html
http://labs.red-gate.com/Tools/Details/iSqlSDK
It's not officially released yet, just in beta, so keep in mind that features & prices may change.
Actually the easiest way is to create a MVC 3 or 4 asp.net web application. call the web methods. You don't need any API to pay for.
I use SBJson to serialize domain object and then send the objects as serialized jSOn to MVC 3. It's super easy to do. I even send images with base64, so it's .net compatible.
See my blog post with sample code:
http://nickturner.wordpress.com/2012/10/09/107/
So, after much searching and trial and error, unfortunately the best (only?) way I've found is indeed using Web Services.
Fortunately, Linq to SQL makes the WCF-creation-side incredibly easy. Once I got someone at work to walk me through setting up a Windows web server and adding the web service (and buying access to an online web server), the Windows side was up and ready to go.
I'm still working through all of the syntax stuff on the SOAP interaction side, but keeping my different methods somewhat similar in structure allows me to tinker a little until it works. By this time, I think I've gotten it to work pretty well.
So, both answers I got back were (disappointingly) correct. The only way to interact is through a Web Service. Even the 3rd party solutions they mentioned were really just convenient wrappers around the same type of technology. As it turns out, I'd rather have finer control over the process.
One word of advice: Get a real, external web server. I tried doing this on a non-Server Windows VM on my iMac/MacBook Pro, and it was like pulling teeth! Once I actually got access to an external, full, stand-alone web server, the process was much more streamlined and easy. Do yourself a favor and take that headache out of the equation!
There was a SQL ISAPI extension as part of SQLXML, but I think it has been deprecated: http://msdn.microsoft.com/en-us/library/aa226559%28v=SQL.80%29.aspx
This was effectively a pre-built, and relatively open, web service - so I'm not sure this counts as a direct connection.
You could also check out http://odbcrouter.com/Main
I am creating a Silverlight 2 user interface to a remote instrument. There are two concurrent users at different sites interacting with the instrument (operator at the instrument and remote scientist) and any number of observer users not interacting with it, just watching. However, whenever one of the two active users changes something these changes must be immediately reflected in the UIs of all users, e.g. panning or zooming an image or annotating or selecting part of an image, adding items to a collection displayed in a listbox. Within the client I use observable collections which easily reflect changes made by that user, but it is harder seeing changes made by another user. I can poll for changes from each client but something like push notifications would be better. I have extensively Googled for examples but not found anything which is quite what I need. There are all sorts of security issues with Silverlight interacting with WCF services which mean many potential examples just don't work. I have essentially run out of time on this project and need help fast. Does anyone have any suggestion of a suitable simple example which illustrates how to do this? I am an experienced developer but have had to teach myself Silverlight and WCF services and there is noone in my area who knows anything about these. Even tho' I have done a fair amount of ASP.NET work I am not a web/Javascript guru. Thanks.
Push notification is supported in Silverlight 2 using the new WCF PollingDuplexHttpBinding support. There are two assemblies installed with the Silverlight SDK (one for Silverlight app one for WCF server).
I have a few blog posts and a full sample application that demonstrate how to 'push' Stock updates from a Console Application server that self-hosts a WCF service to connected clients. It also shows how each client can add notes against a Stock and have those notes synchronized (pushed from server) to all other connected clients.
The latest version of the sample (Part 4) shows how to synchronize pushed updates between both Silverlight and WPF clients using two server endpoints as follows:
using System;
using System.ServiceModel;
using System.ServiceModel.Description;
namespace StockServer
{
public class StockServiceHost : ServiceHost
{
public StockServiceHost(object singletonInstance, params Uri[] baseAddresses)
: base(singletonInstance, baseAddresses)
{
}
public StockServiceHost(Type serviceType, params Uri[] baseAddresses)
: base(serviceType, baseAddresses)
{
}
protected override void InitializeRuntime()
{
this.AddServiceEndpoint(
typeof(IPolicyProvider),
new WebHttpBinding(),
new Uri("http://localhost:10201/")).Behaviors.Add(new WebHttpBehavior());
this.AddServiceEndpoint(
typeof(IStockService),
new PollingDuplexHttpBinding(),
new Uri("http://localhost:10201/SilverlightStockService"));
this.AddServiceEndpoint(
typeof(IStockService),
new WSDualHttpBinding(WSDualHttpSecurityMode.None),
new Uri("http://localhost:10201/WpfStockService"));
base.InitializeRuntime();
}
}
}
WPF clients connect to the WSDualHttpBinding endpoint and Silverlight clients connect to the PollingDuplexHttpBinding endpoint of the same WCF service. The app also shows how to handle the Silverlight client access policy requirements.
Clients (Silverlight or WPF) can add notes against a Stock in their UI and these notes propagate back to the server to be pushed to all other clients. This demonstrates communication in either direction and hopefully performs all of the necessary communication required for your app.
You can see a screenshot of the demo application running here.
Not that am pushing Flex in fan boy fashion, but matter of factly this is the kind of architecture we build into all our Flex-based applications routinely. Here is what we do on Flex - no doubt it could be suitably translated to Silverlight:
We take three ingredients and integrate them together to accomplish this capability:
Comet pattern (an HTTP compatible way to do server push notifications - look on Wikipedia for more info)
JMS messaging topics (publish/subscriber queues)
The Adobe BlazeDS servlet
The latter item implements the Comet pattern, supports AMF object marshaling (Adobe's binary serialization format for ActionScript3 objects), and bridges to a JMS queue or topic. When bridging to a topic, then multiple Flex clients running in a browser can be proxied in as subscribers to a JMS topic. So if any client publishes a message (or the server-side code publishes into the topic), all client subscribers will have the message pushed to them via BlazeDS and the Comet Pattern implementation.
Effectively you need to locate or write a component that accomplishes what BlazeDS does. You might also need to implement some client code that interacts with the Comet pattern of this server-side component.
Does WCF support the Comet Pattern and bi-directional messaging? Especially where complies to HTTP and port 80 or port 443 for SSL. Looks like you've already looked into that and not found anything for bi-directional messaging. So you may need to roll your sleeves up and do some coding.
Some things to note about doing server push to a web app:
BlazeDS supports two primary modes of implementing the Comet pattern (there's actually a 3rd polling option but am ignoring it):
long-polling
HTTP streaming
The long-polling one you should find to be more universally supportable to most web browsers. So you might streamline to just supporting that initially. Or you could spend the time to make your client code try HTTP streaming first and switch to long-polling if necessary.
As to a message broker that can provide publish/suscribe capatibility, you might consider using ActiveMQ JMS. It is open source and free with active community support (you can buy support too). Plus you can use NMS to integrate as a .NET client.
Having a message broker sitting in the middle-tier is actually important because it will be a place for messages to be placed safely. If your clients are doing long-polling, you wouldn't want them to miss any new message during an interval when they're not actually connected.
Another thing to consider in high traffic volume scenarios (hundreds or thousands of clients, such as a web site on the Internet), you need to have an approach to the Comet Pattern that is scalable.
In the Flex/Java world, the BlazeDS servlet (which is open source) has been modified to work with asynchronous model. In Java a socket listener can be built to use NIO channels and Java Concurrency Executor thread pools. The Tomcat web server has a NIO listener and support for asynchronous Servlet 3.0 events. BlazeDS in particular has been modified, though, to work with the Jetty web server. The bottom line is that the scalability of this asynchronous approach means a single physical web server can be enhanced to support up to around 20,000 concurrent Comet-style client connections.
It's been a while since I've done serious .NET programming but used to the io capabilities were much like Java 1.1 except with an asynchronous result handler capability. This, though, is not the same thing as creating asynchronous socket listeners via Java NIO channels. A NIO channel implementation can support hundreds to thousands of socket connections with a relatively small thread pool. But C# and .NET has gone through two or three significant revs - perhaps there have been new io capabilities added that are comparable to NIO channels.
I just wanted to clarify that the PollingDuplexHttpBinding doesn't implement 'true' push notifications, as reveals its name (polling). From the msdn documentation:
When configured with this binding, the Silverlight client periodically polls the service on the network layer, and checks for any new messages that the service wants to send on the callback channel. The service queues all messages sent on the client callback channel and delivers them to the client when the client polls the service.
However it is more efficient than the traditional way of polling a web service, since after each poll, the server will keep the channel open for a certain time (say 1 minute), and if a message arrives in that time it will directly 'push' the message to the client. The client has to repeatedly renew its connection, it so to say polls the service.
If you want to implement real push notifications with silverlight I believe you need to work with sockets, and I recommend reading some of Dan Wahlin's blog posts on the subject.
Alternatively,
if you want a native silverlight API with no proxies, bridges or webservers involved you could use Nirvana from my-Channels as your messaging middleware. Check out Nirvana from my-Channels and their showcase site. (sorry i am a new user and cant submit links):
Alex
EDIT: it's actually working fine. I got badly bitten by the "hidden variable" in a closure :(
I used the PollingDuplex for SL2 and I think that it's not ready for production yet.
My main issue is the fact that it doesn't discriminate on the clients on the same machine. If I run 2 clients then one of them won't be able to poll the server anymore and will die of timeout. There is a SessionId that is different for the 2 clients but it's just ignored on the client side.
Likewise, if I kill a client and then create a new one afterwards then the new client will get the push updates from the previous client for a while.
Did anyone encounter the same issues or are they fixed in SL3?
Actually I ran some more demo codes and realised that for some reason you have to specify the InstanceContextMode and InstanceMode so that the service is session based and not a singleton (as far as I can tell). There are clear performance issues in the simple demo code that I pulled.
It is quite unfortunate that this behaviour wasn't documented.
My organization found the Silverlight 2.0/WCF push implementation to be a little "not ready for prime time", at least for what we were planning to use it for.
We ended up going with XMPP/Jabber, because it is a more well formed beast, and you can implement it fairly easily in Silverlight, by just getting some resources off the internet.
I do believe that Silverlight 3.0 will implement a newer/more well formed push implementation, from what I can tell from publicly available information.
The PollingDuplexHttpBinding is probably the most elegant way to do it.
One possilby less involved alternative is to use a TCP socket from your Silverlight client. Whenever one of the Silverlight clients needs to have an update pushed you can send it a TCP message which contains the name of the WCF service it needs to call or some other light weight piece of information.
I use this approach for an application and it works well.
One much simpler and more powerful solution at the site http://www.udaparts.com/document/Tutorial/slpush.htm