Can I somehow request the current time from Google using the Google .NET Client library and C#?
I am migrating an older calendar application that syncs calendars using modification times. I realize there is a new sync token method, but everything is already working using the modification time method for syncing. My app remembers the last time it synced, so it uses this in future Events.List requests as the UpdatedMin value. Currently it uses the local computer's time, and if this is off, it can miss events posted in this short time period. Knowing the current time from Google will help here.
Related
I am creating a desktop application that should be able to store and download date from Google Drive. I am using Google.Apis.Drive.v3 to handle the Authorization flow. I am facing an issue how and where to store client_secret that is needed in authorization flow.
This application should be available for wide public so the idea of every user creating its credentials is not acceptable.
I tried:
hard-coding the ClientId and ClientSecret directly to code which works but it is not ideal due to the system versioning and possible secret loss caused by program decompilation.
reading about PKCE which I read it is not supported by the library.
What are other options to achieve desired result?
Thanks for your help,
TheSecurity
hard-coding the ClientId and ClientSecret directly to code which works but it is not ideal due to the system versioning and possible secret loss caused by program decompilation.
I am going to go out on a limb and say your creating a installed application. You should do as you have done and compile the client id and client secret into your application. You should not be checking these into your version control system so you will need to set it as a secret as part of your build script so that it is only added at build time.
As for the issue of it being decompiled, there is no workaround. I have asked google about this serval times over the last ten years. They know your app could be decompiled but there's really no other option.
My creative work around
Serval years ago I had a client. What we did was when the app was installed by the user it would make a call to an api end point on our servers, which would return the client secret. This was then encoded into a file hashed to heck and back so that it was not clear text and then the application would run. This did require that the person installing the app had an internet connection to get the secret from our servers.
I am developing a location-based recommender system, which uses a chatbot which:
Situation
Gets the users current location via a channel such as telegram/facebook messenger or other
Uses the chatbot, which shares this location with a backend azure serverless function, and which sends a set of personalization multiple-choice questions with options to the chatbot.
The chatbot asks those questions( according to the questions sent from the backend), to the users, and sends the user's selected answers back to the backend. Note: the questions and their choices, are entirely dynamic, and a static questionnaire cannot be assumed.
The backend personalizes the recommendation for the landmarks around the user, according to the answers, and displays the recommendation to the user.
Questions:
I read lots of tutorials on doing this with microsoft botbuilder( which is a requirment) but dynamic form-dialogs dont seem to be possible ( I only saw statically coded form). The questions and their options should be retrieved via a back-end REST API call and the json will be parsed to make the Q and A dialog. With the option for each question being sent back to the server to store. how do I make this happen?
Since its a user-location-dependent service, how do I take the current location of the user, from the deployed channel(i.e. telegram),into the chatbot ( and then send it to server backend). is there any way to do this using the microsoft botbuilder framework?
Since I am very new to azure and botbuilder framework, thanks in advance for any help!
Now
1) The text for a message can be retrieved from anywhere. This example pulls messages from a mocked up service, and walks the user through the steps one at a time: https://github.com/EricDahlvang/MultiTurnHelpStepsBot
2) This library might help: https://github.com/Microsoft/BotBuilder-Location
I have a ASP .NET application that we give to our clients for them to deploy it in their web server and use it. My concern is that all of my ASPX pages source code is open
and our clients can open the ASPX/CS file and see the code in it.
I want to protect my code something like a Windows application by implementing some 15-20 days trial limitations. Also on the other hand the source code must have some third party dll so that whenever they try to deploy the fresh build, it will be available for limited period only.
The payment terms with our client is, First Source Code and then Payment. So I am thinking some in between way that the faith at both side remain as it is. How can I do this?
Publish your web application so that all the code behind files are compiled into a dll. This way they cannot easy see your code. They will however be able to use reflection to see the code using tools such as jetBrains dotPeeek.
Best Option
Host the site yourself but as this doesnt answer your question here are some other options
1st Option
If the client insists on hosting the site as they are concerted about owning the data then allow them to host the site and database but pull in the functionality from a centrally hosted site that you are in control of. You can even provide an api.
You provide the client with a hash code in the web.config and this gets validated against your site.
The hash gets made up from:
presalt
the web service address
the expiry date
client uniqueidentifier
any other info you want
postsalt
Encrypt the request and response of the web service and send via ssl.
The client hash will be sent in the request. Build a new hash with the same fields and validate this against the hash you received from the client. if it is not valid you don't provide the functionality.
Google maps requires that you register and get a hash code as they can then terminate your usage of the google maps api if you misuse it.
2nd Option
Another option would be to setup a web service call to a site that you host.
The deployed compiled web application would then build a hash using the response from your web service and match the generated hash with the hash you sent over in the response.
This means that if the client block traffic to your web service or tried to fake the response then the application will stop working.
Also add some logic to alert you if they have tried to fake the response. This obviously wont work if they block the call to your web service.
You wouldn't include the salts here as the client could read them if they decompiled your code.
3rd Option
Add two fields to your web.config:
the hash code which you have generated for the client
an expiry date.
If the client changes the expiry date to allow them more time then it will not validate and they will be locked out.
Opion 2 and 3 would allow the client to reverse engineer the hashcode if they really wanted to.
=====================================
I don't really see the need for it but if you want you can use some obsfucation tools like mentioned in the other post to make it harder for the client to read your code. But even if they can read your code they should not be able to create a valid hash code on their own.
I suggest you check out .NET Reactor and Intellilock. .NET Reactor will prevent decompilation of compiled code, however with aspx I'm not sure how this will work since it would need to be pre-compiled. Intellilock will provide the ability to set an expiration time. I've used both with standard executables but never ASPX so I'm not sure if they'll help.
Link: http://www.eziriz.com/
DotFuscator Community Edition is a possibility, but it's probably too basic for your needs.
I suggest you look at the commercial obfuscators on the market. Here's a list of some I found with a simple Google search. (This is not a recommendation of any of these tools.)
.NET Obfuscator from Red Gate Software (I've used their Reflector tool in the past and it was good.)
You could make your own. See this StackOverflow thread.
Here's a thread on MSDN
Hi there
I have scanned this site and Google for any latest updates on downloading stock info from Yahoo Finance. I have not had much success. As I am testing my app, I came across an 404 server not found exception using the following C# code snippet:
string urlTemplate =
#"http://ichart.finance.yahoo.com/table.csv?s=[symbol]&a=" +
"[startMonth]&b=[startDay]&c=[startYear]&d=[endMonth]&e=" +
"[endDay]&f=[endYear]&g=d&ignore=.csv";
...
WebClient wc = new WebClient();
try
{
history = wc.DownloadString(urlTemplate);
}
Do you know if Yahoo recently (or always) had some update on how much much you can request from Yahoo's Finance server? If so, does anyone know the upper limit or threshold? Is it over time or max number of daily requests? I thought about putting a random sleep request of up to 2 minutes to get by this. I don't think that would help. Is there any alternatives that would enable me to constantly make requests to Yahoo Finance? I thought Yahoo had some kind of subscription service you could use for this exact purpose. I cannot find anything about it. If none of this is a no go with Yahoo, does anyone have any recommendations of affordable alternative services or data feed services?
See the Yahoo Query Language Usage Information and Limits page. This is for all of the YQL APIs, not just the Finance API.
YQL Rate Limits:
What this means:
Using the Public API (without authentication), you are limited to
2,000 requests per hour per IP (or up to a total of 48,000 requests a day).
Using the Private API (with OAuth authentication using an API key), you are limited to
20,000 requests per hour per IP and you are limited to 100,000 requests per day per API Key.
As for implementation, if you wish to use the Yahoo Finance API, then you must adhere to their requirement. Build a system that only makes the number of requests they allow to prevent errors. You can do this with a database (in case there is more than one script/application client using it) and use threads/jobs (jobs=polling) to wait until it can make more requests. Get an API key to extend your limit. Get multiple API keys to extend it even more.
As for an alternative, there are too many to count. I've only used the Yahoo and Google APIs. Yahoo is my preferred option, but I haven't found a free alternative that is comparable. Try your luck and let me know if you find one!
They never said what the limit was. I used to update something like 6000 stocks daily, it worked. On some other pages the limit seems to be much higher, but on historic stock prices they do block at some point.
By the way, sometimes yahoo server returns undocumented HTTP 999 code which I interpret as "too many requests".
If all you want is end of day data then perhaps you can try this:
http://www.eoddata.com/products/default.aspx
(I've never tried it myself)
Of course there are paid subscriptions for more frequent data.
Hi
We're on a project where we've got a Calender and events in it. Users are
allowed to add shown events into their Google Calender by simply hitting a button.
I see that it's possible to add an event using URL and it works great since today. There's an event with a little big description (about 1000 characters or more) and it crashes on Google's side when he evaluate the URL because it was truncated as it was too large.
So, I know there's an API than can be use but if my memory's still good, to add an event to the calendar, you must have access to username and password of the user's Google account.
Question
Is there any way to use API with an non-authenticate user or what is the best solution here without asking user's email and password? Because, I can for sure continue with URL, but the max lenght of my description is a bit confusing because my events are written in french. So, an "É"(1 char) is "&ecute;"(7 chars).
I'm familiar with using the Google Calendar API (in C#) and I'm pretty sure that it just wraps the http post/get request in an object oriented way. This means that you'd still hit your URL length limit even using the API.
It looks like there is a 256 character limit on event descriptions when added via URL: http://www.google.com/support/forum/p/Calendar/thread?tid=4e8d5d012dadc7b9&hl=en
Without knowing how your users interact with Google Calendar (individual users or google apps account, console or web app) its difficult to say. The calendar API does allow you to add events without authentication if you make the calendar public and allow everyone to add events.
What you could do is have a service account which has access to said calendar to add events and use that to authenticate to the calendar api. Again without knowing how your users interact with google it's hard to say.