I've created a Asp.net MVC web application that has a SQL Server attached to it. I would like to update the database on an action (in this case a physical card swipe). I have a microcontroller that stores the identification number and then can connect via tcp to the site.
What is the best approach for allowing the microcontroller to add data to the database attached to my MVC website? I was considering setting up an API similar to the one described here, and just posting to the website constantly. Is this the best approach to the problem?
Thanks!
Yes, it'd be pretty straightforward to have the uC do an HTTP POST to a specific URL and have your website do something in your database as a result.
This example of dealing with POST in asp.net MVC might help.
I'd be strongly considering using SSL/TLS with a client certificate, if your microcontroller can handle it. Otherwise your application could be open to spoofing (someone pretending to be the card reader) or sniffing (monitoring of traffic between the reader and your web server).
There appear to be several options for embedded SSL/TLS stacks in a Google search for "embedded ssl".
Also, if you're dealing with credit cards you'll want to be sure you're aware of the Payment Card Industry Data Security Standard (PCI-DSS).
Related
I have been developing an asp.net core web application and published on the production mode (online server), the users can access it with the specific domain name and will log in and do data entry from three different countries.
But, the problem is sometimes, in one specific country there is no internet access, my client wants that this application should work online and offline, If there is no internet access the local branch must be able to do data entry, then when the internet gets connected data should send to the online server database,
What is the best way to achieve this goal?
Please write your view or add some good forum link below.
Rationally, it is not possible for you to access a Web App without internet. Web Apps are meant for network usage. However, I believe there is a workaround for such requirements. What you can do is that you can create a clone of your database for the third user, who has no internet access and perform all transactions within the local machine and when the connection comes back on line, you can replicate the data from the local SQL Server into the online server database.
And then there is something called Progressive Web Apps , which will allow you below privileges :
Reliable - Load instantly and never show the downasaur, even in uncertain network conditions.
Fast - Respond quickly to user interactions with silky smooth animations and no janky
Engaging - Feel like a natural app on the device, with an immersive user experience.
What are Progressive Web Applications, Google has something more to discuss here
Right now ,i and my friend looking forward to make a mobile application, which is going to get data from several different sources, analyze it with some kind of algorythm and make the best decision on that. The main problem is - right architecture for that. We consider that mobile application is going to be just a client, representing data placed somewhere on internet (anyway internet is required).
Can u help us with making right choice?
We have some kind of knowledge about client-server architecture with sockets... But this is definetly not we need in this particular situation.
Our thought is to make a web site which is going to generate all the required data.After that implement mobile apps which will represent info from website, using convenient interface. Is it right way?
Yes, that's the way to go.
Now, you have several options within that architecture...
server gets data from several different sources
server might expose some kind of RESTful API to the client apps
clients can be native mobile applications or client might be html5 mobile apps
depending on the nature of the data, you might want to consider some kinds of caching data that you get from 3rd party services/sources
EDIT:
I use ASP WebApi to build REST Api that serves json data to android mobile app.
So, my infrastructure is:
- MS SQL 2012
- ASP MVC 4, WebAPI
- android mobiles (we're targeting mainly Jelly Bean & Kit Kat)
I've built n-layered application with layers (bottom up order):
- DAL (i don't use any ORM framework...i use my own repository that runs stored procedures on SQL server)
Repository that wraps around db DAL and a few Service Agents that gets data from 3rd party services we use
Business layer where i do our business operations
Service layer (for now, it has no special use but afterwards i might need it as my business layer will be consumed from a few clients: WebAPI, web site, windows service...)
WebAPI for REST where mobile client requests end up
I've created a angularjs app which uses php for handling the database queries and enforcing an authentication schema.
When the user logs in into the app, he does so in php and php fetches the user data into a session. Then angularjs issues a http post request to a php page to read the fetched data.
After that, whenever a user asks for data, angular issues a post to a php page.
I'm considering using a framework for doing the authentication and the database queries in a better way. My security knowledge is primitive and I fear that I have mistakes in my code.
After doing a research I found laravel which seems straightforward and easy.
Now my questions are:
Can a php framework such as laravel do these things for me?
Is there something else I could use to have people authenticate and making sure that they are doing the CRUD operations they are authorized to do?
What are the keywords I'm searching about, is it routing, is it php restful? I'm asking in order to do further research on the matter.
Is there any other way in which a SPA could work with CRUD operations and Authenticating in a "safe" manner using php?
I know that the above questions are not programming questions per se, but I don't know where to ask (because I feel I cannot communicate what I want to learn about/ *that's why the keywords question above).
Thank you
There's basically two kinds of relevant "routing" both based on URLs, either client side or server side. AngularJS has the $routeProvider which you can configure so when the location changes (handled by $location) the client side template and controller being used also change. On the server side you may have redirects or "routes" that map a URL to a particular PHP file (or Java method) where at the destination it parses the incoming URL to get extra information/parameters.
I know nothing about laravel, but googling laravel and authentication came back with this which looks promising:
http://bundles.laravel.com/category/authentication
I also know things like Zend framework provide many similar options for plugging in some authentication code.
Ultimately if you're writing the CRUD operations something in your code is going to have to do deal with the role based execution of code or access to data.
RESTful is it's own thing. At a very basic level a RESTful interface uses HTTP "verbs/vocuabulary" like PUT, POST, DELETE, GET (part of the request headers which is just data that comes before any body data in the request) are given special meaning like update an entry etc. It's mostly orthogonal to the issue of authentication though if you do true REST I'm not sure if using the SESSION for maintaining authentication would be allowed since it's not completely stateless in that case (anyhow just an academic argument). Point being you can use the other ideas of REST or use some implementation that is "RESTful" and it can be written in any language or you can choose not to do this, either way you still have the issue of controlling resources (functions/methods/data) that you want to control and this issue is not the same as choosing RESTful or not RESTful (if you wanted to keep true to REST for reasons of scalability across a cluster of servers etc. you could follow guidance here How do I authenticate user in REST web service?). Also to note here the $resource in AngularJS provides an abstraction above $http specifically for handling restful services.
IMHO you should be searching for two things
1 php security/authentication
2 php hacking/hacks/vulnerabilities
You can simply write your own authentication mechanism using a session to keep track of the signed in user. http://php.net/manual/en/features.sessions.php There is no difference in a SPA vs a traditional web app as far as the server is concerned, these are simply differences in the client side code.
Any security you intend on putting in place is really only as good as your understanding of that security. I wouldn't trust someone else's plugin from the internet to handle authentication for me unless time was an extremely critical factor and security not so much. One thing that you hadn't mentioned but I think is worth looking into and necessary for any of this to really be secure is SSL. If you don't have your data encrypted there is always a possibility of a man in the middle attack (someone getting the plaintext username and password as their submitted to the database) or session hijacking (someone getting the sessionid of an active session then using that to act as the original user). Basically I would suggest you keep doing research regarding best practices and personally look over any code you plan to use to be sure you understand how it's working and what kind of security it provides you with.
I also wanted to mention, though it's a bit off topic languages wise, that Java Spring has some really nice stuff for dealing with authentication and handling access to services and data. If security is a major concern I would probably strongly consider running a Java server (not to say Java has never had it's issues or that it's automatically more secure but there's a lot of production code that has withstood the test of time). There's the free Tomcat J2EE Server or IBM WebSphere if you need to massively distribute an application. If interested search for Java, Spring, Hibernate (ORM), MyBatis, Data Access Objects. Those are all the parts (some optional) I can think of you would need to put together a service layer in Java. Good intro in the video on the left of this page:
http://static.springsource.org/spring-security/site/index.html
Also SSL isn't a silver bullet, but every layer of security helps.
Kevin Mitnick said in one of his books that lots of places have "hard-shell candy security" (paraphrasing) where breaking the outer layer means you get to all the mushy goodness inside. Any direct answer I would bank will result in this type of security.
Depending on the scope of the project it might be necessary to have security professionals do penetration testing on the system to determine if there are vulnerabilities so they can be plugged.
I have built an ERP for a small company using MS-Access (front end) and SQL Server 2008 R2 as database. Now one of their clients is implementing "SAP Business one" and I am asked to provide a web service for that SAP to enquire our database for stock availability.
I don't really know where to start. I have seen there are native web services in SQL Server, but MS seems to discontinue that.
From what I have googled, I understand that REST is not appropriate, because we want the service to be restricted to identified clients, so we would have to go for SOA and WCF ?
Is that correct or stupid ?
I am looking for links / books, or very simple code samples (if that exists).
I have already found Good starting point for learning to create ASP.NET SOAP web services and https://stackoverflow.com/q/296040/78522.
Any suggestion welcome, thanks.
Edit: just for the info: I have found these 2 links quite usefull, specially the 1st one, which is really "quick and practical", ideal for a total newbie in the field.
on w3schools.com
on siteduzero.com (in French)
Windows Communication Foundation
Windows Communication Foundation Walkthrough
https://stackoverflow.com/questions/386801/wcf-book-recommendations
I understand that REST is not appropriate, because we want the service to be restricted to identified clients.
This is not correct. REST services can have security, and most of them that I'm aware of do. The common ways to do this are:
Use HTTP authentication (basic or digest). Most languages will already have libraries to handle this for you.
Define some other way of logging in. Some REST services accept a username and password and return a cookie. Some use OAuth. Twitter is a good example of this.
Don't use login at all, just validate that the client has some sort of token or password (probably sent as a cookie).
Use any other form of security that works over HTTP.
I would like to build a mobile application with the following requirements:
The mobile client applications should request and recieve data from a database on a server.
In the future I will probably want to build a web application for the same database.
For communication between the clients and the server I would like to use Google Protocol Buffers.
So I have the following questions:
How does one set up a server to take request and respond with anything other than html. I think that using RPC sounds nice, but I have no clue how to set it up on a server.
I need to find a good web hosting service which will allow me to set up a database and a server that can serve both Google Protocol Buffers and regular web pages with data.
Before I get to making the web app, is there any more lightweight solution that might be better just for communicating with the clients (maybe even a home made tiny server), and how hard would it be to do it with a full scale web server from the start?
Please point me in the right direction so I know what to read up on.
I'm not necessarily looking for specific names of web hosting services but rather an idea what kind of services are available that might meet my needs. I've worked a little bit with django, Spring and Java EE so if there's any solution involving those that would be great, however I'm not afraid of learning something new.
Thanks in advance
Simon
if you still mean http, that is pretty trivial - you simply set an appropriate content-type, and write your data to the response stream. The exact how depends on your web framework and tools, but this is no different to (say) serving generated images on the fly. HTTP requests function fine for messaging scenarios - as simple as making an http request (typically POST) with a protobuf (etc) body, and processing the response in the same way.
can't comment
a web app can be lightweight; certainly more-so than having to configure a non-http service/daemon. The "lightweight" option would be raw sockets, but that is harder to deploy, and you'll have to be more picky choosing a host. Unless you absolutely need this level of terseness (i.e. dropping the http headers and writing your own transport to get close to the wire), just stick with http - it'll be a lot easier to get going and maintain
For info, I have a blog post on doing this with ASP.NET MVC; this isn't intended to mean "do this" (heck, use whatever tools help you) - simply, it is meant to show the kind of thing necessary.