In my laravel application, I want to provide the users with the opportunity to download a copy of their stored data in the form of a Word document. I found that certain parts of this can only be accomplished using C#/.NET.
For this, I wrote a C# application alongside a method called GetWordProfile(User user) which returns FileInfo set to the actual path of the output file (this is always within the storage folder of laravel, so laravel has access to it). I only need the path and everything's done and dusted since from this point on, I can manage my laravel application to download this for the user.
However, the question is how do I get there? I must not forget about potential errors which may occur and thus display them (the errors are (inside my C# application) handled by log4net in a file as well as on the console; same goes for all output).
I tried to run my application using shell_exec respectively exec, however, both only returned zero results (null) (despite having set $output for exec) and thus seem not to be suitable. Also, I usually don't want loops (inside PHP/laravel) too much since you're then using a lot of computing power which is unnecessary for this sort of task, also you don't want to let your users wait more than, say, 5 secs, seeing nothing in your browser but the script being executed within a blank page (during the execution there's no content, obviously).
EDIT: I also approached the use of COM which ultimately did not work properly out either.
What is an appropriate approach towards this?
I did something similar with Python + C# a while back using IPC (Inter-process Communication) using named pipes.
EDIT: URL is broken. Here's the question someone asked previously on this topic.
Interprocess Communication using Named Pipes in C# + PHP
Related
I have a a requirement to control the ability for a client to download images/files based on who they are. We are calling an action with a parameter that allows me to sub in data from session to finish a path, without putting the real path on the client. We then return a FileActionResult from the controller.
It was working. If we found the image, we could create a stream and serve the file, and if we could not, we returned a default image. But, we found that we could easily run into an issue where the stream was open when a new request was made, which resulted in an error. This could then turn into an issue where even the default image could not be downloaded.
I have looked around a lot and we have tested several methods, and these conflicts can still occur. I have started to think that maybe this is not an IO issue, but more of an, "I'm trying to do something wrong" issue.
Is there a way to intercept a call for a static resource, and then adapt the path if it is looking in a specific location, without imposing the rule on all request?
The closest I have found is when creating a View Expander, where I can re-interoperate the path of a called resource, but it is not the same. One is compiled, the other is not.
I don't have any code to show because the approach is uncertain, and unknow. Searches have proven difficult because the terms collide with well know solutions to topics that do not apply.
I am hoping that someone who is more knowledgeable can point me to a method that will treat files in a secure folder as if they are static resources once I have determined they are authorized to access the static resource.
I am using Identity, but I do not extend that identity to system access, nor will I. The only user allowed can be the IISUsr, per my client.
Any help would be greatly appreciated!
This is probably coming off as a REALLY broad question.
But is there a way to have my applications code (or some of it) stored on a server, and download it and execute it securely?
I've been seeing ASP.net everywhere but I don't fully understand it. Is this basically exactly what im looking for, or is it some kind of C# Website Hosting, like xampp?
Either way, what im looking to do, is to be able to download some C# methods, not an entire namespace and be able to reference code like, System.*, Program, Form1 and such from those methods.
I managed to get CSHarpCodeProvider working and with System references using its CSharpParameter but it uses a direct namespace, essentially asking for an entire full valid .cs file, whereas I want to load in methods only and not have it secluded but to be interactable with all existing code.
This is probably a lot to ask and probably doesn't exist.
Here's my formula:
Make a request to website.com/api/login.php?e=email#domain.ext&p=Pass123, returns obfuscated C# code along with the first line of text being an MD5 hash of the C# code, Email, Password and random generated strings/numbers/symbols.
Generate the verification hash on the C# Client Side, send the returned hash back to the website on a different php script, That script will verify if it's correct and will return a session token even if it's an incorrect hash (meaning the request was tampered with).
The C# returned from the first request, This seems good to go, Everything matches up. Replace the placeholder garbtext like <!!TOKEN!!> with the token from request 2 without doing verification checks at all.
Execute the finalized C# code.
The finalized C# code will do stuff like create methods that would be used throughout the application including a private bool x() that returns if the application is licenced/purchased.
Use application as normal using the methods created.
Notes:
Having some unixtime checks in the hash and inside bool x() and such would be a good idea to further prevent un-licenced intrusion.
Pros:
The application is theoretically almost impossible to "Crack". To crack it, you would have to manually replace all the functions. Obfuscate the code on server-side before returning to the C# client and it will be extremely hard to do and would be very time consuming.
Can be auto-updated and you wouldn't need to update the .exe unless you did vast changes.
Cons:
Will require a lot more server power depending on the size of your userbase.
Costs you and makes profit a lot smaller if your selling an application licence.
Internet connection needed no-matter-what!
Startup time would be slower.
Downtime can seriously impact your application.
I'm virtually a complete novice, I've tried Googling for answers and become totally confused.
Using Visual Studio 2010, I have a C# application which is an email notifier for a friend. The external (Arduino) hardware works, the main code (from a website) works but I'm sending it to her on the other side of the world to use and she is very 'non-technical' - hence the need for a 'setup form'.
I have created a form where she can enter comm port (selected from a list), username and password (all to be used by the main code), but that form should run only when the application is first installed on the PC.
At the moment it runs in VS-2010 (though I need to iron out a couple of snags), validates and hides - but I don't know how to a) store the data and make it available to the main code, b) ensure that the form only runs at setup, or c) exactly what I need to do or include to create an installable application.
Could somebody either help or direct me to some tutorials that don't assume I understand all the terminology?
I just want to create something that she can instal from a memory stick. I know it can be done and it's proababy quite simple for those who understand - I'm trying to learn but I'm no longer young and it's a struggle.
Thanks
a) store the data and make it available to the main code,
write the data on a file!
you have millions of possibilities, for isntance reading and writing a plain text file can be done with few lines of code, but if you want to encrypt your file (it may be the case if you want to store the password) you can use System.Security.Cryptography as shown in this guide
b) ensure that the form only runs at setup,
once you have written the file, then it means that the program has run already at least once, so you don't need to ask the user again (just read the data from the file)
c) exactly what I need to do or include to create an installable application.
Visual Studio already comes with the Setup project for this task. See this good guide.
From your comment and link to the code project for the Arduino, I gather that this is your first venture into writing code in C#, or very close to it. And ideally you'd like to make this as easy for your friend as possible. The best advice I can give you is not to try to run before you learn to walk. If you try to create a custom setup project and use a configuration file, which is what you are talking about doing, you may hit so many barriers that you never get to a successful end of the project. That kind of experience is discouraging and I'd hate for you to lose the drive to ever want to try another software project.
Make this initial project easy on yourself. This is not good programming practice for most situations, but if you only have one user, hard-code her configruation information for this first version. In other words, put her username, password, com port, etc directly into the main program. This eliminates the need for both the configuration, and any custom setup form. If you still want to make the whole thing configurable and versatile, do that in your next version. Custom setup is not a beginner task. It will be a lot easier to take on with the encouragement of your friend's excitement and compliments over a first version that works.
Imagine there's a mission-critical process that'll be used in a business which handles sensitive information (think of Credit Card, social security, patient records...etc). I would think this unit ideally should do whatever it has to do on-the-fly, meaning it won't intentionally write files to disk containing sensitive information. The idea here is that if the computer that runs this process is compromised, no sensitive information can be leaked, at least not by means of files.
What approaches could be taken to, say, come up with a unit test that will fail if the unit under test tries to write any file to disk?
There is the FileSystemWatcher (http://www.c-sharpcorner.com/uploadfile/puranindia/filesystemwatcher-in-C-Sharp/) however this requires you to know a specific directory. In your case this probably isn't very helpful since the program could write anything to disk any where. This introduces a unique problem. However, I have also found something called Detours from Microsoft. This appears to intercept all native win32 api calls. http://research.microsoft.com/en-us/projects/detours/ The issue with this is that its kind of hard to test, and integrating it into unit testing will be a challenge.
When you have to treat your software as "untrusted" in the sense that you need to prove it doesn't do something, testing becomes a complex task that requires you to run them on very controlled environments. When hooking in to the Win32 API, you will be deluged with API calls that need to be processed quickly. This can result in unintentional side effects because the application is not running in a truly native environment.
My suggestion to you (having worked several years doing software testing for Pharma automation to the exacting standards of the FDA) is to create a controlled environment, eg a virtual machine, that has a known starting state. This can be accomplished by never actually saving vmdk changes to disk. You have to take a snapshot of the file system. You can do this by writing a C# app to enumerate all files on the virtual drive, getting their size, some timestamps and maybe even a hash of the file. This can be time consuming so you may want (or be able) to skip the hashing. Create some sort of report, easiest would be by dropping them in a CSV or XML export. You then run your software under normal circumstances for a set period of time. Once this is complete, you run a file system analysis again and compare the results. There are some good apps out there for comparing file contents (like WinMerge). When taking these snap shots, the best way to do it would be to mount the vmdk as a drive in the host OS. This will bypass any file locks the guest OS might have.
This method is time intensive but quite thorough. If you don't need something of this depth, you can use something like Process Monitor and write the output to a file and run a report against that. However in my work I would have to prove that Process Monitor shows all IO before I could use it which can be just as hard as the method I spoke of above.
Just my 2 cents.
UPDATE:
I've been thinking about it, and you might be able to achieve fairly reliable results if you remove all references to System.IO from your code. Write a library to wrap around System.IO that either does not implement a write method, or only implements one that also writes to a log file. In this case, you simply have to validate that every time a write occurs using your library, it gets logged. Then validate using reflection that you don't reference System.IO outside of this new wrapper library. Your tests can then simply look at this log file to make sure only approved writes are occurring. You could make use of a SQL Database instead of a flat log file to help avoid cases of tampering or contaminated results. This should be much easier to validate than trying to script a virtual machine setup like I described above. This, of course, all requires you to access to the source code of the "untrusted" application, although since you are unit testing it, I assume you do.
1st option:
Maybe you could use Code Access Security, but the "Deny" is obsolete in .NET 4 (but should works in previous version):
[FileIOPermission(SecurityAction.Deny)]
public class MyClass
{
...
}
You may reactivate this behavior in .NET 4 using NetFx40_LegacySecurityPolicy
2nd option:
reducing the level of privilege may also works, as I know that downloaded app can't write on the disk and must use a special storage area.
3rd option:
Remove any reference to System.IO and replace by an interface that your code must use to write data to disk.
Then write an implementation that use System.IO (in a separate project)
In the nunit test, mock this interface and throw an exception when a method id called.
Problem is to ensure any developers will not call System.IO anymore. You can try to do this by enforcing coding rules using FxCop (or other similar tools)
I want to test my trading system by playing execution reports back into my application. Then I could verify that my order/position state is correct.
I found this somewhat related question: how to replay a quickfix log
The difference is that in the article the person was looking for a whole testing tool that would play back a log file. What I was wondering is whether there exists a utility that will take a string representing a FIX message and then just generate a FIX object (ex: ExecutionReport).
Does anything like this exist out there? Has everyone just been writing their own?
It sounds like you simply want a different kind of test tool.
If you've written your app in unit-test-friendly fashion, then you could simply write unit tests to create ExecReport objects and pass them as parameters into some ExecReport-processor component. (I'm guessing you're not designing for UTs, else you probably wouldn't need this suggestion.)
If not, then I think the best thing to do is write another app that your first app can connect to. You could create a simple Acceptor app that can use command-line commands to trigger ExecReports to be sent. If you're using QuickFIX/n (the C# port), you could steal code from QuickFIX/n's example apps "TradeClient" and "Executor".