I have recently created an API on my server in PHP, but I have discovered that I shouldn't use my API directly with an API key because sensitive information like that can't be held securly inside an EXE. I did some research and people recommend creating a proxy between the API and your application, but even still that can be broken into.
I was wondering, how can I make my server know if it is being accessed from my C# application, or from another source? The reason why I want to know is to stop potential hackers accessing my gateway and using it themselves.
Thanks
SSL with a login?
There is no way for you to be certain someone is using your application to access a web service. I'm in a similar boat, and the most you can do is ensure the communication channel is secure (SSL) and use a username/password or something similar. You also have to be aware that anything done on the client's computer can be compromised. So much so, that you should pretty much assume that your application will be open source to anyone that wants it.
Related
Is there a way to create a C# application and a Server side API where the server side API will only allow data from the C# app?
The problem with .Net apps is you can decompile them and then recompile to make them send different data than what you are expecting. In my case the data is not secret, only the ability to write the data to the server side API is the trust issue.
What if I want the application to report back to the server if a certain hot fix is presently installed and then make a server side decision on that info? If an insider threat recompiles the code and modifies it to report false info then the data cannot be trusted. If only the un-modified application can communicate with the API then the data can be trusted and decisions can be made upon it.Can the application use the digital signature it gets signed with to perform a trusted hand shake to the server API?
Any ideas or conversation on the subject may prove helpful. Thank you.
Well, virtually nothing is "hackproof". Security is a game of cat and mouse.
That said I would suggest SslStream. Fairly easy to use.
It's .NET's implemention of SSL (Secure Sockets Layer), which is used in combination with HTTP very commonly seen as HTTPS all over the web.
I'm searching for a way of authentication like that from Blizzard (Authenticator). It creates an off-line OTP.
I know that larger companies use it as "tokens" however, I'm still unable to find a proper library.
So, what I want;
A project that is able to create OTPs on the client side without having the client to connect to the internet and yet be able to generate the exact same on the servers-side.
I think you can take a look at this library: https://code.google.com/p/otpnet/
It is a C# port of a popular TOTP/HOTP for PHP. There seems to be a few outstanding issues in the library which have not yet been fixed by the developers but you can easily patch it on your side with recommendations that have already been submitted.
Is it possible to pass a Socket.Handle from a C# Application to a ASP.NET Web Application running on the same server?
I have looked around and found examples of passing C# socket to un-managed code, however this is not sufficient.
I'm very curious about why you'd want to do that.
As for the answer, no, I am 99% sure it is not possible, because unless I am very much mistaken socket handles are scoped to the process at the OS level.
EDIT:
Based on the comments, it sounds like you'd want to make the server process run a WCF service on IPC transport that the ASP.NET application can use to pass along commands to the hardware.
An added benefit is that if you use WCF and eventually need to move the ASP.NET site to another box, you can switch to TCP transport with relatively little fuss.
I have code on my server which works very well. It must crawl a few pages on remote sites to work properly. I know some users may want to abuse my site so instead of running the code which uses webclient and HttpRequest i would like it to run on client side so if it is abused the user may have his IP blacklisted instead of my server. How might i run this code client side? I am thinking silverlight may be a solution but i know nothing about it.
Yes, Silverlight is the solution that lets you run a limited subset of .NET code on client's machine. Just google for silverlight limitations to get more information about what's not available.
I don't know what is the scenario you're trying to implement, and whether you need real-time results, but I guess caching the crawl results could be a good idea?
In case you're after web scraping, you should be able to find a couple of JavaScript frameworks that for you.
I think your options here are Silverlight or somesort of desktop app
Unless maybe there is a jquery library or other client scripting language that can do same things
That's an interesting request (no pun). If you do use Silverlight then maybe instead of porting your logic to it, create a simple Proxy class in it that receives Requests from your server app and shuttles it forward for the dirty work. Same with the incoming Responses: have your Silverlight proxy send it back to the server app.
This way you have the option of running your server app through the Silverlight proxy in some instances, and on its own (with no proxy) in other scenarios. The silverlight plugin should provide a consistent API to program against no matter which browser it's running in.
If using a proxy solution in the web browser, you might even be able to skip Silverlight altogether and use JavaScript/AJAX calls. Of course this kind of thing is usually fraught with browser compatibility issues and it would be an obscure push/pull implementation for sure, but I think JavaScript can access domains and URLs and (in some cases of usage) not be restricted to the one it originated from.
If Silverlight security stands in the way you might look into other kinds of programmable (turing complete) browser plugins like Java, Flash, etc. If memory serves correct, for the Java plugin, it can only communicate over the network with the domain it originated from. This kind of security is too restrictive for your crawling needs.
I have some shared server web hosting in the States (I'm from the UK), which allows me to publish PHP and .NET applications. I cannot install my own software onto the remote server, but I'd like to set up a web forwarding proxy for accessing sites that serve different content depending on what country you're from.
My C# and ASP.NET skills are OK, but my PHP is very limited. Are there any solutions that anyone would recommend for this sort of problem? The proxies I've investigated all seem to require installation on the server machine itself, whereas I'm just looking for something that's accessible from a URL.
Obviously, as the requests are coming from the UK, the headers will have to be manipulated by the proxy before forwarding them on. I was going to code my own HTTP handler in C#, but I don't want to reinvent the wheel if there's something out there already ;)
Although quite old, the Org.Mentalis.Proxy could be a good starting point for an example proxy implementation in C#. You can find it here: http://www.mentalis.org/soft/projects/proxy/
maybe this script is helping you? phproxy