It's a very simple question, but I wasn't able to find exact answer.
Do you need to install anything extra besides .Net Framework 3.5 and IIS7 to run ASP.Net MVC applications?
Hope it will be useful to other people too.
If you don't use any third party libraries, then no.
The host has to have the .NET 3.5 SP1 installed.
However you need to be aware of the trust level issues. Most shared hosts run in medium trust mode. Although this will suffice for the MVC itself, it may not for your other code. If you use reflection for example, you will need the full trust enabled.
Basically this simple code may get you into trouble:
object something = 5;
if (something is int)
{
// Do something
}
Check your code and choose the host wisely.
Related
I need to allow some users to upload some plugin dll that would run on the server (based on asp.net core) as some custom script (I dont want to use javascript or any other languages to limit the api accessibility).
How can I keep the user dlls from accessing the .net APIs such as System.IO to avoid the potential security problems on my server?
.NET Core does not provide any code sandboxing, isolation, code security features like how previous versions of the .NET Framework did with AppDomains and trust settings. These features were found to be insecure and omitted from .NET Core from the get go.
However, if you still want to run code (.NET Core or not) from an external source there's several options.
Create your own DSL. This is what Salesforce has done with Apex. If the language gives your developers everything they need and limit what they can do, this is a solid option. JavaScript would be a great option as you can define what calls can be made into the .NET side if you use a .NET JavaScript interpreter and you wouldn't have to reinvent the wheel. Node.js would work but you would run into that it has a rich API for accessing "the outside world"
Use Docker. Docker containers are really isolated and can't directly touch the outside world without your permission. This is how the .NET example runs work. They can't do damage to the host machine unless you give them permission to do so.
Anytime you load code into your process you are opening the gates for them to do anything that your process can do.
I have a COM control that wraps a lot of client side functionality, i.e. using input devices to gather information, integration with different devices, report formation, etc... I would like to wrap this inside a .NET control of some sort and add it to an ASP.NET application. The wrapper will be responsible for speaking with our database located on a server and also contain a little business logic. Does anyone have a good general or even better a specific direction I should be heading in? I am using C# in .NET and the COM object is in C++.
BTW, I have tried to create a windows forms control Library and hosting it in a ASP web app but I have had no success with that.
You might host an ActiveX inside a webpage. ActiveX is COM - but there are limitations what an Active control can do when hosted inside a browser. Browsers are commonly developed with sandboxing in mind, so you might run into serious problems in regard to security settings. Another aspect is cross browser capabilities. WinForms is definitely another world, so even if you find a way to display some sort of a simple form, you're most surely ending up somewhere between mess and boom.
From what you told in your question, I think your best option is to stick with a classic desktop application. Apparently, this does work for you, and changing the way the application behaves isn't an option besides the fact, that a rewrite is too costly. Migrating a rather complex app to the web, with it's radical different programming approach compared to classic desktop applications, won't go along with limited amount of resources (money and/or human).
That said, if you're going to take the burden of mess and boom, you might want to look at that information:
http://codebetter.com/petervanooijen/2007/06/18/including-a-winforms-user-control-in-an-asp-net-web-page/
http://www.codeproject.com/Articles/4953/Simple-way-to-expose-a-NET-WinForm-control-as-an-A
Note, the articles are rather old and don't solve the problem, that the ActiveX / COM stuff used by the form has to be registered on the client machine (as well as issues like accessing servers that may or may not be in the same network anymore). And you can't be sure about security settings.
You appear to be confusing the difference between System.Windows.Forms (WinForms) which run on the desktop within the Windows OS, and System.Web.UI (WebForms) which run under IIS within a very different security environment in ASP.NET. Just because many of the form properties and such have been made to look similar, it does not mean they work anything alike internally - and in fact, they most certainly do not. You need to take a closer look at how WebForms work within ASP.NET to begin to understand why, as SLaks pointed out for you already, that what you are attempting to do cannot work in the manner in which you are suggesting.
In the Windows Features control panel applet, under Internet Information Services → World Wide Web Services → Application Development Features, there are two options: ".NET Extensibility" and "ASP.NET".
What is the difference between these two options? If I'm developing simple ASP.NET web applications / services, is there any need for the .NET Extensibility option?
I Google'd the terms, and came up with this link:
http://forums.iis.net/t/1146942.aspx
This link confuses me, because the response (from a supposed Microsoft employee) says that to test for .NET Extensibility, you create a simple ASPX page, and try to load it. That seems (to ME) more like a test for the ASP.NET option.
Any clues?
In versions of IIS prior to 7.0, the ASP.NET pipeline was separate from the web server's request processing pipeline. The web server's functionality was usually extended via ISAPI filters and extensions.
However, in IIS 7.x they are more tightly integrated, which allows for the server to be extended using managed code, via the ASP.NET extensibility APIs. Two primary ways this can be done are via modules and handlers, which are quite similar to ISAPI filters and extensions respectively.
The APIs of interests are:
System.Web.IHttpModule
System.Web.IHttpHandler
System.Web.IHttpAsyncHandler.
You can read more about how to extend the server in the articles below.
http://learn.iis.net/page.aspx/243/aspnet-integration-with-iis-7/
http://learn.iis.net/page.aspx/170/developing-a-module-using-net/
http://msdn.microsoft.com/en-us/magazine/cc164128.aspx#S4
This site talks about .Net extensibility in relation to IronPython: http://www.asp.net/learn/whitepapers/ironpython
You might want to review more info at this site: http://aspnetextensibility.com/
Assuming your developing asp.net sites in c# or vb.net then you will need the ASP.Net support. To sum up, it's probably one of those things you'll be able to define when you actually need the .Net Extensibility option installed.
However, if you really want to know: .Net Extensibility is an IIS 7 feature which brings the ability to extend IIS 7 via the runtime extensibility model into the core server product.
Building "regular" sites (whatever those are), don't worry about it. Needing to get down and dirty by modifying the pipeline through modules or handlers? Install it. Either way, you are still going to need the regular ASP.Net support installed.
With regards to what the MS guy said about the Hello World file.. Ignore that, he didn't read the full question...
I have been doing ASP.NET / C# development for several years now. I have recently been offered a project that will need to be a winforms application (I am assuming .net 2.0).
Specs:
Winforms applicaton
Application will
have "testing for understanding
questions"
Must support flash and camtasia
files (these are "lessons")
I have done winforms development before, although nothing that is this involved. As there is a potential need for this application to be generic enough to apply to multiple different "disciplines", I would like to make the application generic enough to be easily configurable. The caveat here is that the application will need to be run from a CD-ROM and that I cannot rely explicitly on an internet connection. I was thinking of using something like SQL-Lite to support the configuration of the application. There will not be the need for updating the application as it will not be updated (at least I don't think, I guess there is the possibility of the application calling a webservice and configuring its-self based upon returned values).
With the requirements of supporting Flash and Camtasia, along with making this application generic enough to support different "disciplines", and my self being an ASP.NET developer, does anyone have an recommendations or tips/ tricks to look out for? Has anyone done something like this before?
Thanks in advance.
I'd start by writing a user control that can be used to either display a video file (presumably the output from Camtasia) or a Shockwave app. Once you have that user control, I'd then move on to look at the overall app.
If you're using Winforms, and the software is supposed to run from the CD (instead of merely be installed from CD) you'll need to have the DotNet framework already on the computer I think - but then I'm not an expert in deployment.
I find the application model in Winforms to be a lot easier than WebForms, but then I was "raised" in thick clients, so I suppose I would.
I would also, whilst agreeing to WinForms if needs really must, encourage the client to give consideration to using WPF instead - which opens up the idea that you could also provide access over the web using a simlar interface using Silverlight...
Just a few thoughts anyway - good luck with it...
I am trying to use Dotfuscator (CE) to help protect our ASP.NET MVC .ddl. Its a web application that will be distributed to clients and we need a way to protect our IP.
The problem is that it appears to break the application once completed. I've only got so far with disabling renaming on my Controllers namespace but I'm get null reference exceptions now.
Has anyone got Dotfuscator working with ASP.NET MVC DLL's? Google provides no possible blog posts or information.
Thanks.
Other details:
Visual Studio 2008 Professional,
Windows Vista Business x64,
Registered my Dotfuscator but not had an email with a download link for the upgraded CE edition.
Or can anyone suggest a relatively cheap tool that would work properly?
I don't think that will work because ASP.NET MVC relies so heavily on reflection.
I have successfully obfuscated an ASP.NET MVC application using SmartAssembly and the control-flow-obfuscation option it has. That does't change the name of your class members but instead changes the code in your methods into spaghetti code.
It is true that ASP. NET MVC relies heavily on reflection, and therefore you cannot obfuscate the type or properties which will be reflected. However, I would argue that there is no need to obfuscate most of this stuff anyway. Your controller names and action names are already public, since they appear in URIs. Your presentation models are essentially public as well, since they should be designed like your view, and since end-users can see your view.
Your controllers should be very lightweight, and simply bind objects from a repository to your presentation models. So there is little intellectual property to hide here.
The code you would actually want to obfuscate would presumably be your business logic, which can very easily live in a separate assembly. So my suggestion would be that rather than trying obfuscator after obfuscator, and trying to find one which seems to work (except for those bugs which you miss, but your users find later on), that you instead partition the code which is important to obfuscate and his not so dependent on reflection.