I have an app that tests web page layouts in different browsers without requiring the user to download a new browser to their local. Every time when a user opens a new browser to test a page, I want this browser to open in a sandbox to limit the browser's actions in case of coming across any malware or dangerous sites.
How can I do that?
Note: The app is in C#.
You may also want to determine if this will be an acceptable workflow since each launched sandbox will only have the default browser by default. Additional browsers may have to be manually installed, even scripted, but will take time and slow down testing.
Configuring your sandbox:
You may be able to devise a workaround based on creating a .wsb file and populating it with a startup script. Your app can create this file programmatically with parameters and launch it.
https://www.windowscentral.com/how-configure-windows-sandbox-windows-10
Based on that you would probably have something like the following:
<Configuration>
<VGpu>Default</VGpu>
<Networking>Default</Networking>
<MappedFolders>
<MappedFolder>
<HostFolder>C:\FolderThatContainsBrowserInstaller\</HostFolder>
<ReadOnly>false</ReadOnly>
</MappedFolder>
</MappedFolders>
<LogonCommand>
<Command>Powershell.exe -ExecutionPolicy Unrestricted C:\users\WDAGUtilityAccount\Desktop\FolderThatContainsBrowserInstaller\ScriptThatInstallsBrowserAndLaunchesURL.ps1</Command>
</LogonCommand>
</Configuration>
Additional info may be found here: Starting the Windows Sandbox from managed code
You will have to decide what the ScriptThatInstallsBrowserAndLaunchesURL.ps1 actually does, but installing browser to test, then launching it with URL sounds like a fairly simple task.
Related
Using WebView2 browser when a user clicks a link that opens another program, this prompt shows up every time.
Is there a way to suppress this in WebView2?
You can use the NavigationStarting event to cancel navigations to URIs that start with the URI schemes you care about and then do whatever you like with that URI. For example, call ShellExecuteExW, or Windows.System.Launcher.LaunchUriAsync with the URI so that the OS opens the URI.
As Yu Zhou notes this is dangerous if its arbitrary websites opening arbitrary applications as in the case of a web browser. If you're going to skip this security prompt you should ensure that you own the web content or trust the web content in the WebView2 to not be malicious. If you are showing arbitrary URIs or user submitted web content you should not skip the prompt.
I can understand that you want to bypass the prompt, but it's by design and we can't change it. It is designed for security. This prompt is the only thing standing between every arbitrary site on the Internet (loaded inside your browser’s sandbox) and a full-trust application on your computer (running outside of the browser’s sandbox).
The only thing we can do to reduce the pain is to check the "Always allow..." checkbox, so that the prompt won't show at the next time.
Preferred Language: C#
Description:
I would like to block a specific URL (ex: www.myurl.com/pages/page), from being opened through any web browser (or even a particular browser if that's easier).
*NOTE:
It needs to be a specific page on the website, not just the domain.
I want to write an application to be able to do this... not use browser extensions or an anti virus.
What I've researched/tried:
Unfortunately you cannot block specific pages with Windows Hosts file, as it only blocks domains (and I tried it myself).
Other than editing the hosts file, I've not found any other ways to go about this.
Detailed steps/explanations would be great.
I have a .NET a web app that i built for files processing .I am using IIS 7 anonymous user authentication , i also did not require the users to log in, so pretty much any user who has access to the intranet can access the web app.
The users said when two of them try to run their files on app at the same time they receive an error( did not specify it).
My question is :
If i use anonymous authentication is it by default every user will have his\her own session while accessing the app?
Yes, by default every user will have their own session. And anonymous authentication is the default scheme for the web. It is unlikely that any web server, by default, would only allow 1 anonymous user at a time.
Most likely, if your app is doing file processing, you may be dealing with file locks and not an issue with IIS. You want to make sure that your code is written so that, if two or more people access it simultaneously, they can not request to same file. Also, you need to make sure that you are properly closing any file streams you open, even in the case of exceptions. Without seeing the code in question, it would be difficult to impossible to give more specific guidance, but hopefully this will help point you in the correct direction.
Install Elmah to get error report of ypur app!
I am running a website and a windows service . I am able to change at runtime the level of log of my Website using a page I made, and I would like to do the same for my windows service( ie: using a page to monitor the different levels of Log I am using in the service).
Would you have some tips and tricks to achieve that? Or should I resign and upload a new version of the log4net file every time I need to log things a bit more in details (this upload is a bit tricky and quite annoying to do)?
thanks for your ideas,
[EDIT]
UNfortunately none of the answer listed here are aimed at my problem. Mine is to access the log4net from a service located on a Machine A from a WebSite running on a machine B. So that accessing the Web of MAchine A may allow me to change log level of service thread of Machine B.
If your windows service is using ConfigureAndWatch you should be able to edit the config file just like you do for your website with that page you made if you place the configuration file in a place that is accessible via the web page.
You will also have to change the path to the configuration file you load in your windows service but this should be a solution.
You can modify a config file and have your application pick up the changes. The trick is that you cannot use the app.config/web.config file to do so. Otherwise, it takes a reboot of your application before the changes will take place. Here is a SO question that has a couple answers that might work:
.net dynamically refresh app.config
You can also make changes through code like so:
http://weblogs.asp.net/psteele/archive/2010/05/03/tweaking-log4net-settings-programmatically.aspx
Ok only things I found, it to interface my service and Web Application to access the same table in the database, and make regular check to this table to change log level in servizio.
If someone has a better idea, I am all ears.
I have a C#/.NET website on my local machine that I use to test.
Everytime I run the website in Internet Explorer 7, I have to empty the browser history or it will stay logged on as the previous person.
How do I make it so it lets me log in without having to empty the history every single time I want to test?
Your login information is stored in the session and that sets a cookie in IE7. So you don't have to clear the whole history - just a session cookie for the site.
Alternatively you could implement 'logout' functionality in your app.
Since the issue exists only in your development environment, a workaround would be to use a browser that implements a 'private' mode such as Google Chrome's incognito mode or Microsoft Internet Explorer 8's InPrivate mode
These browsers, when operating in these 'private' modes do not keep the cookies and temporary internet files after you close the window which should solve your issue.
However, it should be kept in mind that these browsers might not be fully compatible with the website you are developing.
Moreover, you should provide more information regarding the implementation of your website's authentication and your website in general if a more permanent solution is to be reached.