Can someone give me a starting point on how to send an encypted mail from my C# .NET Application to a Lotus Notes inbox (in the company intranet)?
I requested a certificate and Notes User from our support.
But now I'm stuck. I read through this guide, and implemented the code but know the mails in my inbox do not have any content, but just a file named smime.p7m. So I am generally unsure if this is the right method.
Can you give me a hint to a tutorial or tell me the steps I need to do?
Or is the linked guide generally right and I goofed something up? In this case please leave a comment an I'll add my code.
Thank you very much in advance!
UPDATE 1 (26.08.16):
Here is what I'm now at so far:
System.Net.Mail.SmtpClient smtp = new System.Net.Mail.SmtpClient("smtp.services.companyname");
smtp.Credentials = new System.Net.NetworkCredential("NOTESUSER","password");
smtp.Send(message);
In Notes itself I ticket the checkbox for "Send my mails encrypted". The thought behind it was the following:
I assumed this way the Notes User passes the credentials to the Smtp Server and uses the usersettings.
The eMails get delivered, but are not encrypted.
Maybe you could try and break down things a bit further. What about sending an encrypted email from a basic mail client like Thunderbird to a person who will open it in her Notes client ?
The fundamental thing is that the recipient must have a private key symetric to the public key you used for encryption. In normal use, Domino does this very well as it comes with its own two-factors PKI : users can't sign in without their private key, which is stored on their workstation in a tiny (~3 ko) file named something like hername.id or user.id. The corresponding public key is for all to see, as it should, in the Domino Directory (names.nsf)
While based on standard RSA stuff, those usual pairs of keys are managed and deployed in ways very specific to Domino.
Now, it is perfectly possible for a user to import a private key issued by a third-party certification authority. I don't have the exact procedure at hand right now buy you'll find it in the help.nsf available to any Notes client.
But I wonder. You are inside the intranet, which means that you do have access to the Domino Directory, thus to the usual public key of the recipient. Your application will probably need its own user.id and it's more than likely that you'll need to have the 1352 hole punched in various firewalls. By the way, if it helps to alleviate any concern, by virtue of the aformentioned native PKI, it is very easy to encrypt communications on port 1352 from end to end.
Another option is as follow. The Domino server is also a web server. Sometimes this option is activated, sometimes not. If it is, or if you can make it happen, the directory is available as a web application. Zooming in on the public key of a user would require some tinkering and some HTML parsing but should be doable.
One last one for the road, although you may not like it : Domino is a very good platform for intranet applications, be it of the client-server persuasion or of the HTTP creed.
Okay, here is what I finally did:
Domino.NotesSession nSession = new Domino.NotesSession();
nSession.Initialize("secretpassword"); //password for the Notes User
Domino.NotesDatabase nDatabase = nSession.GetDatabase("SERVER", "names"); //Server and location of the names.nfs file
Domino.NotesDocument nDocument = nDatabase.CreateDocument();
NotesStream nStream;
nDocument.ReplaceItemValue("Subject", tmp.Subject);
nBody = nDocument.CreateMIMEEntity();
nStream = nSession.CreateStream();
nStream.WriteText(tmp.Body);
nBody.SetContentFromText(nStream , "text/HTML;charset=UTF-8", MIME_ENCODING.ENC_IDENTITY_7BIT);
nDocument.EncryptOnSend = true;
nDocument.Send(false, user.INS_EMAIL);
This creates a Notes Session with the latest Notes User logged in. So you install the Notes client on the Server, log in with the user and it works so far.
Related
i have bot made using c#. It has the feature of human off. We have integrated the solution provide by tompanna of human handoff where a agent can talk to single user at a time.Here the link of solution we used for human handoff https://github.com/tompaana/intermediator-bot-sample. Our bot is working fine and able to talk with agent with the help of this solution but major issue come when a user want to share image or any kind of attachments from user to agent or from agent to user. The bot show that image is send but user is not able to see it. Simpler case happen in the case of agent.
Image of agent while sending a attachment to user.
And also the image of user ,unable to see the image send by agent.
The sample which you are using for Human HandOff has not been updated over a year, so it gets difficult to be able to find solutions for supporting various features pertaining to the same. However, going through the sample issues, there has been a similar issue in which the sample does not support emojis, images or files to the receiving user. If a user sends any of the above mentioned features, the receiver will get a blank message as it supports only text messages.
Th tentative solution suggested by a user is to create a simple method extension to send image/file messages.You could go ahead and give it a try to see if it works for your case.
Hope this helps.
You need to edit the source code of the library to achieve what you are trying.
In this MessageRouter file , method RouteMessageIfSenderIsConnectedAsync , you can access message.Attachments , then pass it as a parameter to SendMessageAsync in line 432, then from SendMessageAsync in line 160 , you can pass it to CreateMessageActivity method and then in file ConnectorClientMessageBundle , you can access the attachment and attach it to messageActivity.
I've been writing code to retrieve calendar info from a room mailbox using Exchange Web Services. I'm able to successfully retrieve info from room mailboxes and user mailboxes alike, but I seem to have hit a snag. My theory is that it has to do with the ampersand in the address... I can confirm that this is the primary address of the room mailbox. I've also made sure that I can access the calendar from outlook.
Here's my code which, once again, works really well on other mailboxes but fails with this one:
EmailAddressType mailbox = new EmailAddressType();
mailbox.EmailAddress = "r&d#somecompany.org";
DistinguishedFolderIdType[] parentFolderId = new DistinguishedFolderIdType[1];
parentFolderId[0] = new DistinguishedFolderIdType { Id = DistinguishedFolderIdNameType.calendar, Mailbox = mailbox };
Has anyone experienced problems of this kind before? Any chance you might be able to nudge me in the right direction? Any help appreciated!
TIA,
Rick.
You are probably right. Try replacing it with &
Explanation: Since this is going across a Web Service, it's probably getting parsed into XML at some point, and the & character is reserved. So you need to use & any time you want to use & in a string.
One of the requirements for the application that I'm working on is to enable users to submit a debugging report to our helpdesk for fatal errors (much like windows error reporting).
I've been told that e-mails must come from a client's mail account to prevent the helpdesk getting spammed and loads of duplicate calls raised.
In order to achieve this, I'm trying to compose a mail message on the server, complete with a nice message in the body for the helpdesk and the error report as an attachment, then add it to the Response so that the user can download, open and send it.
I've tried, without success, to make use of the Outlook Interoperability Component which is a moot point because I've discovered in the last 6 hours of googling that creating more than a few Application instances is very resource intensive.
If you want the user to send an email client side, I don't see how System.Net.Mail will help you.
You have two options:
mailto:support#domain.com?subject=Error&body=Error message here...
get user to download email in some format, open it in their client and send it
Option 1 will probably break down with complex bodies. With Option 2, you need to find a format that is supported by all mail clients (that your users use).
With option 1, you could store the email details locally on your server against some Error ID and just send the email with an Error ID in the subject:
mailto:support#domain.com?subject=Error 987771 encountered
In one of our applications the user hits the generate button and it creates and opens the email in outlook. All they have to do is hit the send button. The functions is below.
public static void generateEmail(string emailTo, string ccTo, string subject, string body, bool bcc)
{
Outlook.Application objOutlook = new Outlook.Application();
Outlook.MailItem mailItem = (Outlook.MailItem)(objOutlook.CreateItem(OlItemType.olMailItem));
/* Sets the recipient e-mails to be either sent by 'To:' or 'BCC:'
* depending on the boolean called 'bcc' passed. */
if (!(bcc))
{
mailItem.To = emailTo;
}
else
{
mailItem.BCC = emailTo;
}
mailItem.CC = ccTo;
mailItem.Subject = subject;
mailItem.Body = body;
mailItem.BodyFormat = OlBodyFormat.olFormatPlain;
mailItem.Display(mailItem);
}
As you can see it is outputting the email in plaintext at the moment because it was required to be blackberry friendly. You can easily change the format to HTML or richtext if you want some formatting options. For HTML use mailItem.HTMLBody
Hope this helps.
EDIT:
I should note that this is used in a C# Application and that it is referencing Microsoft.Office.Core and using Outlook in the Email class the function is located in.
The simple answer is that what you are trying to achieve isn't realistically achievable across all platforms and mail clients. When asked to do the improbable it is wise to come up with an alternative and suggest that.
Assuming that your fault report is only accessible from an error page then you've already got a barrier to spam - unless the spammers can force an exception.
I've always handled this by logging the fault and text into the database and integrating that with a ticketing system. Maybe also have a mailto: as Bruce suggest with subject=ID&body=text to allow the user to send something by email.
I don't think an .eml format file will help either - because they'll need to forward it, and most users would probably get confused.
A .eml is effectively plain text of the message including headers as per RFC-5322.
I am making a custom ftp client that logs onto a single ftp site and goes to a specific folder to avoid users' putting files in the wrong place.
I'm not super concerned about it, but the password is just a string to initiate the new ftp object.
FtpClient ftp = new FtpClient("www.markonsolutions.com", "user", "password");
What is the best way to keep this password from prying eyes?
FTP supports only plain text authentication - if you want to hide the password from attackers you have to use FTPS (FTP over SSL).
UPDATE
Don't care about hiding and obfuscating the password in your source code as a first step - your application will have to decrypt it and send it over the wire in plain text. Everyone can just start WireShark or any other packet sniffer and get the password back in plain text. First make sure that you don't send the password in plain text over a network, then start thinking about obfuscating it in your code.
UPDATE
Obfuscating the password in your code yields no security at all while you are sending it in plain text, but you can do so. Just encrypting the string adds one level of indirection. Without obfuscation I have to finde the password in your application and that's a matter of minutes with Reflector, with obfuscation I have to find the key, the encrypted password, and the encryption method. This will probably still take only minutes.
Using an obfuscator to prevent me from decompiling you application (into readable code) might stop me for a few hours until I find the relevant call into a system library function (but I wouldn't try, but only read the password from the wire ;).
So I suggest not to try to hard to obfuscate the password - the average user is probably unable to find a plain text password in a executable and people willing to find the password cannot be stopped by obfuscation. In this case the only way would be not to include the password in your application in the first place.
You can use this to protect your plain text string from reflector like programs.
See this SO post about how to encrypt and decrypt a string, in this case your password.
You should also consider obfuscating your code to make it difficult for people with appropriate tools to get the password by debugging your code.
Make your passwords and connection URLs configuration parameters, in a protected file. I uses INI files, and they are placed in a directory that is protected by the web server such that a browser can't open nor see the file/directory.
Apologies in advance as I haven't had much experience with directories before.
I have an ASP.net application, and I have to validate its users against an Active Directory Application Mode instance running on Server 2k3. I was previously attempting a connection with DirectoryEntry and catching the COMException if the user's credentials (userPrincipalName & password) were wrong, but I had a number of problems when trying to bind as users who weren't a member of any ADAM groups (which is a requirement).
I recently found the System.DirectoryServices.AccountManagement library, which seems a lot more promising, but although it works on my local machine, I'm having some troubles when testing this in our testbed environment. Chances are I'm simply misunderstanding how to use these objects correctly, as I wasn't able to find any great documentation on the matter. Currently I am creating a PrincipalContext with a Windows username and password, then calling the AuthenticateCredentials with the user's userPrincipalName and password. Here's a very short exert of what I'm doing:
using (var serviceContext = new PrincipalContext(
ContextType.ApplicationDirectory,
serverAddress,
rootContainer,
ContextOptions.Negotiate | ContextOptions.SecureSocketLayer,
serviceAccountUsername,
serviceAccountPassword)) {
bool credentialsValid = serviceContext.ValidateCredentials(userID, password, ContextOptions.SecureSocketLayer | ContextOptions.SimpleBind)
}
If the user's credentials are valid, I then go on to perform other operations with that principal context. As I said, this works for both users with and without roles in my own environment, but not in our testbed environment. My old DirectoryEntry way of checking the user's credentials still works with the same configuration.
After a very long morning, I was able to figure out the problem!
The exception message I was receiving when calling ValidateCredentials was extremely vague. After installing Visual Studio 2008 in the test environment (which is on the other side of the country, mind you!), I was able to debug and retrieve the HRESULT of the error. After some very deep searching in to Google, I found some very vague comments about "SSL Warnings" being picked up as other exceptions, and that enabling "SCHANNEL logging" (which I'm very unfamiliar with!) might reveal some more insight. So, after switching that on in the registry and retrying the connection, I was presented with this:
The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is ADAMServer. The SSL connection request has failed. The attached data contains the server certificate.
I found this rather strange, as the old method of connecting via SSL worked fine. In any case, my co-worker was able to spot the problem - the name on the SSL certificate that had been issued on the server was that of the DNS name ("adam2.net") and not the host name ("adamserver"). Although I'm told that's the norm, it just wasn't resolving the correct name when using PrincipalContext.
Long story short; re-issuing a certificate with the computer name and not the DNS name fixed the problem!