Stand alone DirectoryServices.DirectoryEntry() - c#

I'm on a stand alone Windows 10 laptop and NOT running AD LDS or any other active directory services. I'm running IIS.
I'm trying to deeply understand what this line of code is doing and more importantly, how.
DirectoryEntry e3 = new DirectoryEntry(#"IIS://localhost/W3SVC/1/Root");
Does a windows OS fake in some sort of resolution for this method in absence of active directory?

1) First take care to note if you mean pre/port IIS7. With and after IIS7 many things changed yet, all to much, they still look alike. But there are important differences.
2) MAKE SURE you are at least running in administrative mode
run as administrator
~ or doing something better.
3) Look into .net's DirectoryServices()/DirectoryEntry() but also Microsoft.Web.Administration.ServerManager(). This is probably where you can do 90% of all you are attempting.
4) There is a windows tool cmdline exe (windows/syswow64[system32]/inetsvr/appcmd.exe) that is wonderfully helpful ~ in fact, if it is an option for your needs/environment, you might prefer to create a cmd script for all that you are trying to do. I suggest first learn this tool, then use it to extract out a lot of the IIS/Site metadata to explore what & where you are trying to get to. https://www.iis.net/configreference/system.applicationhost/applicationpools
5) Powershell has a snapin, certainly on server with IIS installed, maybe on workstations. I don't use a lot of powershell so the most i will say about that is the snapin is called WebAdministration and/or iisConsole. You may need to/prefer to manually register the snapin each time you run your script OR you might automatically register the snapin by using the IIS powershell management console.
6) For any above option always remember #2 ~ be certain you are at least running in administrative mode.
7) I know you certainly are playing in the land of IIS's metadata database ~ not the registry so much.
Local workstation: The exact mechanics when you are local to the IIS instance? I'm not sure. You might be accessing the metadata directly, you might be getting to the metadata via the IIS service, or you might be accessing the Server.exe Server service, or something else.
Remote server w/o LDAP: If you are querying a remote server not in an active directory? same as a workstation.
Remote server w/ LDAP: If you are querying a server in an AD you almost certainly are hitting the AD/LDAP service. Of course, how you are doing so might technically be via a segregate such as server.exe service running on that remote.
-- The end game is appcmd.exe, powershell, or c# Microsoft.Web.Administration, DirectoryServer(), all probably come close to doing the same thing in the background. But these are your interfaces to access that background so you don't need to think so much about the deeper implementation.
I hope this helps everyone!
Up vote it is you like this answer.

Related

Is it possible to defend my program whilst offline?

I need to find a way to block user access to my database that will be installed in his pc.
So, here on the company we have a problem. We need to block user access to our database that will be installed on their pc, what I mean by this is...
We have 2 softwares. A web App ERP and an instalable finances App.
We reached the conclusion that it was unnecessary to have 2 standalone apps, and that we should put the finances app inside our ERP.
But this comes with a problem, theres a big part of our users that don't trust the web, and web apps, they think that what is on their pc is what is
safe, and is where it should be.
We don't want to maintain the 2 standalone softwares needlessly.
We asked our users if they'd be happy with a progressive web app, their answer was the same.
Then we tried to make a way to run our ERP on their pc whilst offline, as an executable, but that comes with a lot of troubles, we need to install IIS, PostgreSQL, .net frameworks, pgadmin, our metadata database (which it shouldn't be accessible in any way shape or form by the user!), etc... that lets our app run on the users pc.
Of course we don't want to do that, but we got no choice left. We need to at least block our metadata database from being accessed, since the whole structure of the web app is there and we don't want to share it with the competition
Our solution was installing all that was needed inside a virtual drive and run the app from there. but all the files and databases are available to the user for him to mess with.
How can we restrict acess to that virtual drive the best possible, and protect our intelligence property? is it even feasable? I've run out of ideas and don't know what else to do, so any help is welcome.
Should I take another route or is it a lost cause?
Whoever has control of the database machine has control of the database. So if the database is running on the client's machine, there is no way to keep an administrative user out of the database.
So if the users don't trust a web application, they will have to trust their system administrators (or themselves, if they have administrator rights to their machines).

Notification Services custom delivery channel DLL trust issue

We have an instance of SQL Notifcation Services for which we have written a custom delivery channel. We had this process up and running in our QA environment running Windows Server 2003 with SQL Server 2005. It took a little bit of tweaking to the get the custom DLL trusted however we got it all working.
We have since deployed this code to our Live environment. This runs Windows Server 2008 with an Instance of SQL 2005 for Notification Services but then we have an instance of SQL 2008 which hosts the actual DB instance for Notification Services. Notification Services works as it should however we cannot get the custom DLL to be trusted as a result the custom delivery channel won't work. We simply get the error
That assembly does not allow partially trusted callers
We have tried using the .NET configuration utility and caspol.exe to give the .dll full trust with no luck at all. The .dll is compiled as a .NET 2 dll as notification service requires this.
We are pretty much out of ideas at the moment and hoping someone can suggest something?
We have managed to fix our issue. It would appear that Windows Server 2008 is stricter in its implementation of code access. By giving granting access to the .DLL by it's strong name rather than it's path allowed Notification Services to access the code.
Notification Services was not at fault.
I think you have one of two choices:
Embrace SQL 2008 and get rid of Notification Services because it was deprecated. Use Reporting Services or SSIS to do what you need.
Revert back to SQL 2005.
IMHO, I'd go option 1. Continuing to build with deprecated tools is going to quickly find you in a situation where support (community or vendor) is going to be extremely hard to come by.
update
This was too long for comments.
Not to beat your head too much, but continuing to develop applications for a technology that was EOL'd (end of life) over 3 years ago was the first mistake. The EOL statement was made quite public.
The second was having a QA environment that is radically different from production. Before deploying anything to production, the QA environment should have been identical... same type of hardware, same OS's, same server versions and patch levels. Otherwise QA is a joke, as you've found.
Now, as to the "resolution", there really is only one path: Revert your production environment back to SQL 2005 with the appropriate patches in place.
I wish you luck.

Run .exe on client system from server-side c# code

I want to run an exe on client system from my c# asp.net website. When I use Process.Start()
it throws an error:
The requested operation requires elevation.
How do I set permissions to run that exe?
You can't spawn processes on the client machine from server-side code.
When you use Process.Start in server-side code, it is attempting to execute the process there, on the server where the website is hosted. If you wanted to create processes on the clients computer then you would need to expose a download for them (and not in employing subterfuge, like malign sites might do to install software - supply it gracefully, and normally (and with permission)), or a Silverlight application or something along those lines.
The bottom line is that the code you want to execute (even if that is just to spawn a process) must reside on the client, and be executed there.
You can't run an application from a web server like that. You will have to have the user download the application by supplying the EXE, a setup file or using ClickOnce.
Or you can develop an ActiveX control that you can have the browser automatically download from a Trusted Internet Zone.
Once downloaded, proper signing with a certificate (signed from the trusted (corporate) root certificate) will avoid the user getting a prompt to ask whether he wishes to allow the ActiveX control to install/be activated -
The ActiveX control can subsequently do anything the interactively logged on user could. This means that to actually install a program you'd need to elevate (UAC on Vista+); But if the goal was just to run a standalone executable, you should be good to go.
This all assumes white-hat purposes in a (larger) corporate setting, because it relies on PKI infrastructure and central browser policies, to name just two.**
This would, really, lead to some excellent questions on serverfault or superuser
I noticed you said you wanted to run an exe file on the client, but you didn't say explicitly that the exe is on the server and you want to push it to the client. Everyone seems to be assuming that is the case.
You CAN accomplish this fairly easily with a small JavaScript if you have a few prerequisites:
The executable is already present on the client machine.
All of your clients are running IE
You can enforce a policy to put your site in the Intranet or Trusted
Sites zone.
So basically this means it's a corporate intranet application. I am assuming this is probably the case since, well, if you were expecting to do this with a public app, I would be surprised.
For the script to accomplish this, please see my answer to this question:
How can I get a program on a client machine to run from an ASP.NET page?

Block the user from changing the System Date/Time

We have a windows application (C# .net) and we'll be giving installers to client. The requirement is that once the application has been installed , user should not be able to edit the system time/date . This is to make sure that the application generated dates/reports are not manipulated.
My target OS is Win-XP
What is the best way to do that ?
Does OS provide any facility to do that ?
Client machine is a stand alone machine and is not on any network.
Thanks in Advance
As said here already, you can use group policies, but they are easily circumvented. Also, your customers may react hostile (rightfully so) if your app does that. Still, in case your application is in a closed network, talk to the sysadmin and get it rolled out as a policy.
If you really need a trusted time source, then do so: Write a Web Service or use an existing NTP Service that your application contacts and use the time returned by that trusted service. Then use signing techniques to prevent tampering with the reports afterwards.
Downside: you need internet access. Possibility is to have the client setup a NTP Server within their network (AFAIK Windows Domain Controllers can do that automatically?) and use that, but then the client can again tamper with it.
But bottom line is: Contact a webservice to make tampering hard or use group policies to make tampering easy. Making tampering impossible isn't possible anyway.
That sounds more like a server-fault question; I wonder if "group policy" is the way to do that on a per-machine basis;
However - for a programming answer - why not get the time from a central server when your app starts? Calculate the offset from the local time and apply that throughout your app.
If security needs to be tight you may need to sign the response from the server to prevent spoofing (in particular via "hosts" etc).
You block this by changing Windows Policy. You can either do this from Active Directory (Group Policy) or by manipulating the local seurity policy.
See link: http://www.sevenforums.com/tutorials/113557-date-time-allow-prevent-users-groups-changing.html
But I would rather recommend that you check time with an online server instead. Preventing such a thing for users may give them big problems if their BIOS resets or something.
I don't think that is possible because that is related to group policy rather than your application changing any system settings which will prevent users from changing system date time. Go through these it might come of use -
If XP Pro, use the Group Policy Editor to create fine-grained
permissions.Start>Run gpedit.msc [enter]
If XP Home, look at Doug Knox's Security Console and see if it will do
the job for you: http://www.dougknox.com
No, you can't prevent a basic OS function like this (aside from a group policy...but not programmatically, especially if the users had admin permissions). If you could do this programmatically, it could easily be exploited for mis-use (changing the time and breaking Kerberos authentication for example).
Only through Domain policy - admins must prevent the user not to mess with the time.
Windows 2008 has an option to sync time with internet.
Alternative is that you create a web service that your app could access through internet and get the non-modified time.
You need to implement local or group policy for that. I don't know if you can easily manipulate it from C#.
Assuming these machines are not actually under your administrative control then clearly you can't do this. But an alternative would be to get the time used to generate your timestamps from an external web service, you could use some sort of encryption to access the service to ensure the client can't tamper with the result en-route.

What sort of web host lets you run crawlers on it?

I'm working on a graduation project for one of my university courses, and I need find some place to run several crawlers I wrote in C# from. With no web hosting experience, I'm a bit lost. Is this something that any site allows? Do I need a special host that gives more access to the server? The crawler is a simple app that does its work, then periodically writes information to a remote database.
A web crawler is a simulation of a normal user. It acess sites like browsers do, getting the html code (javascript, etc.) returned from the server (so no internal access to server code). Being that, any site can be crawled.
Be aware of some web crawler ethics guidelines. There are pages you shouldn't index or follow its links. And web developers build some files and instructions to web crawlers, saying what you can index or follow.
If you can't run it off your desktop for some reason, you'll need a host that lets you execute arbitrary C# code. Most cheap web servers don't do this due to the potential security implications, since there will be several other people running on the same server.
This means you'll need to be on a server where you have your own OS. Either a VPS - Virtual Private Server, where virtualization is used to give you your own OS but share the hardware - or your own dedicated server, where you have both the hardware and software to yourself.
Note that if you're running on a server that's shared in any way, you'll need to make sure to throttle yourself so as to not cause problems for your neighbors; your primary issue will be not using too much CPU or bandwidth. This isn't just for politeness - most web hosts will suspend your hosting if you're causing problems on their network, such as denying the other users of the hardware you're on resources by consuming them all yourself. You can usually burst higher usage levels, but they'll cut you off if you sustain them for a significant period of time.
This doesn't seem to have anything to do with web hosting. You just need a machine with an internet connection and a database server.
I'd check with your university if I were you. At least in my time, a lot was possible to arrange in-house when it came to graduation projects.
Failing that, you could look into a simple VPS (Virtual Private Server) account. Unless you are sure your app runs under Mono, you will need a Windows one. The resource limits are usually a lot lower than you'd get from a dedicated server, but they're relatively affordable. Some will offer a MS SQL Server database you can use next to the VPS account (on another machine). Installing SQL Server on the VPS itself can be a problem license wise.
Make sure you check the terms of usage before you open an account, as well as the (virtual) system specs though. Also check if there is some kind of minimum contract period. Sometimes this can be longer than a single month, especially if there is no setup fee.
If at all possible, find a host that's geographically close to you. A server on the other side of the world can get a little annoying to access remotely using Remote Desktop.
80legs lets you use their crawlers to process millions of web pages with your own program.
The rates are:
$2.00 per million pages
$0.03 per CPU-hour
They claim to crawl 2 billion web pages a day.
You will need a VPS(Virtual private server) or a full on dedicated server. Crawlers are nothing more then applications that "crawl" the internet. While you could set up a web site to be a crawler, it is not practical because the web page would have to be accessed for you crawler to work. You will have to read the ToS(Terms of service) for the host to see what the terms are for usage. Some of the lower prices hosts will cut your connection with a reason of "negatively impacting the network" if you try to use to much bandwidth even though they have given you plenty to use.
VPS are around $30-80 for a linux server and $60+ for a windows server.
Dedicated services run $100+ for both linux and windows servers.
You don't need any web hosting to run your spider. Just ask for a PC with web connection that can act as a dedicated server,configure the database and run the crawler from there.

Categories