.NET Secure Memory Structures - c#

I know the .NET library offers a way of storing a string in a protected/secure manner = SecureString.
My question is, if I would like to store a byte array, what would be the best, most secure container to hold this?

It is important to understand the vulnerability of the System.String type. It is impossible to make it completely secure, SecureString exists to minimize the risk of exposure. System.String is risky because:
Their content is visible elsewhere, without having to use a debugger. An attacker can look in the paging file (c:\pagefile.sys), it preserves the content of RAM pages that were swapped out to disk to make room for other programs that need RAM
System.String is immutable, you cannot scrub the content of a string after you used it
The garbage collected heap compacts the heap but does not reset the content of the memory that was freed-up. Which can leave a copy of the string data in memory, entirely out of reach from your program.
The clear risk here is that the string content can be visible long after the string was used, thus greatly increasing the odds that an attacker can see it. SecureString provides a workaround by storing the string in unmanaged memory, where it is not subject to the garbage collector leaving stray copies of the string content.
It should be clear now how you can create your own version of secure array with the same kind of guarantees that SecureString provides. You do not have the immutability problem, scrubbing the array after you use it is not a problem. Which in itself is almost always good enough, implicit in reducing the likelihood of exposure is that you don't keep a reference to the array for very long either. So the odds of the non-scrubbed copy of the array data surviving after a garbage collection should already be low. You can reduce that risk as well, present only for arrays less than 85,000 bytes. Either by doing it the way SecureString does it and using Marshal.AllocHGlobal(). Or much easier by pinning the array, GCHandle.Alloc().

as of .Net 2.0 use the ProtectedData.Protect Method, looks like setting the scope to DataProtectionScope.CurrentUser should give the same desired effect as secure string
example usage taken from here
http://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.protect.aspx
using System;
using System.Security.Cryptography;
public class DataProtectionSample
{
// Create byte array for additional entropy when using Protect method.
static byte [] s_aditionalEntropy = { 9, 8, 7, 6, 5 };
public static void Main()
{
// Create a simple byte array containing data to be encrypted.
byte [] secret = { 0, 1, 2, 3, 4, 1, 2, 3, 4 };
//Encrypt the data.
byte [] encryptedSecret = Protect( secret );
Console.WriteLine("The encrypted byte array is:");
PrintValues(encryptedSecret);
// Decrypt the data and store in a byte array.
byte [] originalData = Unprotect( encryptedSecret );
Console.WriteLine("{0}The original data is:", Environment.NewLine);
PrintValues(originalData);
}
public static byte [] Protect( byte [] data )
{
try
{
// Encrypt the data using DataProtectionScope.CurrentUser. The result can be decrypted
// only by the same current user.
return ProtectedData.Protect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
}
catch (CryptographicException e)
{
Console.WriteLine("Data was not encrypted. An error occurred.");
Console.WriteLine(e.ToString());
return null;
}
}
public static byte [] Unprotect( byte [] data )
{
try
{
//Decrypt the data using DataProtectionScope.CurrentUser.
return ProtectedData.Unprotect( data, s_aditionalEntropy, DataProtectionScope.CurrentUser );
}
catch (CryptographicException e)
{
Console.WriteLine("Data was not decrypted. An error occurred.");
Console.WriteLine(e.ToString());
return null;
}
}
public static void PrintValues( Byte[] myArr )
{
foreach ( Byte i in myArr )
{
Console.Write( "\t{0}", i );
}
Console.WriteLine();
}
}

A combination of RtlZeroMemory and VirtualLock can do what you want. VirtualLock if you want to keep the data from swapping to disk and RtlZeroMemory to ensure the memory gets zeroed (I tried to use RtlSecureZeroMemory but that doesn't seem to exist in kernel.dll) The class below will store a array of any of the built in types securely. I broke the solution up into two classes to separate out the type-agnostic code.
The first class just allocates and holds an array. It does a runtime check that the template type is a built in type. Unfortunately, I couldn't figure a way to do that at compile time.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
/// <summary>
/// Manage an array that holds sensitive information.
/// </summary>
/// <typeparam name="T">
/// The type of the array. Limited to built in types.
/// </typeparam>
public sealed class SecureArray<T> : SecureArray
{
private readonly T[] buf;
/// <summary>
/// Initialize a new instance of the <see cref="SecureArray{T}"/> class.
/// </summary>
/// <param name="size">
/// The number of elements in the secure array.
/// </param>
/// <param name="noswap">
/// Set to true to do a Win32 VirtualLock on the allocated buffer to
/// keep it from swapping to disk.
/// </param>
public SecureArray(int size, bool noswap = true)
{
this.buf = new T[size];
this.Init(this.buf, ElementSize(this.buf) * size, noswap);
}
/// <summary>
/// Gets the secure array.
/// </summary>
public T[] Buffer => this.buf;
/// <summary>
/// Gets or sets elements in the secure array.
/// </summary>
/// <param name="i">
/// The index of the element.
/// </param>
/// <returns>
/// The element.
/// </returns>
public T this[int i]
{
get
{
return this.buf[i];
}
set
{
this.buf[i] = value;
}
}
}
The next class does the real work. It tells the garbage collector to pin the array in memory. It then locks it so it doesn't swap. Upon disposal, it zeros the array and unlocks it and then tells the garbage collector to unpin it.
/// <summary>
/// Base class of all <see cref="SecureArray{T}"/> classes.
/// </summary>
public class SecureArray : IDisposable
{
/// <summary>
/// Cannot find a way to do a compile-time verification that the
/// array element type is one of these so this dictionary gets
/// used to do it at runtime.
/// </summary>
private static readonly Dictionary<Type, int> TypeSizes =
new Dictionary<Type, int>
{
{ typeof(sbyte), sizeof(sbyte) },
{ typeof(byte), sizeof(byte) },
{ typeof(short), sizeof(short) },
{ typeof(ushort), sizeof(ushort) },
{ typeof(int), sizeof(int) },
{ typeof(uint), sizeof(uint) },
{ typeof(long), sizeof(long) },
{ typeof(ulong), sizeof(ulong) },
{ typeof(char), sizeof(char) },
{ typeof(float), sizeof(float) },
{ typeof(double), sizeof(double) },
{ typeof(decimal), sizeof(decimal) },
{ typeof(bool), sizeof(bool) }
};
private GCHandle handle;
private uint byteCount;
private bool virtualLocked;
/// <summary>
/// Initialize a new instance of the <see cref="SecureArray"/> class.
/// </summary>
/// <remarks>
/// You cannot create a <see cref="SecureArray"/> directly, you must
/// derive from this class like <see cref="SecureArray{T}"/> does.
/// </remarks>
protected SecureArray()
{
}
/// <summary>
/// Gets the size of the buffer element. Will throw a
/// <see cref="NotSupportedException"/> if the element type is not
/// a built in type.
/// </summary>
/// <typeparam name="T">
/// The array element type to return the size of.
/// </typeparam>
/// <param name="buffer">
/// The array.
/// </param>
/// <returns></returns>
public static int BuiltInTypeElementSize<T>(T[] buffer)
{
int elementSize;
if (!TypeSizes.TryGetValue(typeof(T), out elementSize))
{
throw new NotSupportedException(
$"Type {typeof(T).Name} not a built in type. "
+ $"Valid types: {string.Join(", ", TypeSizes.Keys.Select(t => t.Name))}");
}
return elementSize;
}
/// <summary>
/// Zero the given buffer in a way that will not be optimized away.
/// </summary>
/// <typeparam name="T">
/// The type of the elements in the buffer.
/// </typeparam>
/// <param name="buffer">
/// The buffer to zero.
/// </param>
public static void Zero<T>(T[] buffer)
where T : struct
{
var bufHandle = GCHandle.Alloc(buffer, GCHandleType.Pinned);
try
{
IntPtr bufPtr = bufHandle.AddrOfPinnedObject();
UIntPtr cnt = new UIntPtr(
(uint)buffer.Length * (uint)BuiltInTypeElementSize(buffer));
RtlZeroMemory(bufPtr, cnt);
}
finally
{
bufHandle.Free();
}
}
/// <inheritdoc/>
public void Dispose()
{
IntPtr bufPtr = this.handle.AddrOfPinnedObject();
UIntPtr cnt = new UIntPtr(this.byteCount);
RtlZeroMemory(bufPtr, cnt);
if (this.virtualLocked)
{
VirtualUnlock(bufPtr, cnt);
}
this.handle.Free();
}
/// <summary>
/// Call this with the array to secure and the number of bytes in that
/// array. The buffer will be zeroed and the handle freed when the
/// instance is disposed.
/// </summary>
/// <param name="buf">
/// The array to secure.
/// </param>
/// <param name="sizeInBytes">
/// The number of bytes in the buffer in the pinned object.
/// </param>
/// <param name="noswap">
/// True to lock the memory so it doesn't swap.
/// </param>
protected void Init<T>(T[] buf, int sizeInBytes, bool noswap)
{
this.handle = GCHandle.Alloc(buf, GCHandleType.Pinned);
this.byteCount = (uint)sizeInBytes;
IntPtr bufPtr = this.handle.AddrOfPinnedObject();
UIntPtr cnt = new UIntPtr(this.byteCount);
if (noswap)
{
VirtualLock(bufPtr, cnt);
this.virtualLocked = true;
}
}
[DllImport("kernel32.dll")]
private static extern void RtlZeroMemory(IntPtr ptr, UIntPtr cnt);
[DllImport("kernel32.dll")]
static extern bool VirtualLock(IntPtr lpAddress, UIntPtr dwSize);
[DllImport("kernel32.dll")]
static extern bool VirtualUnlock(IntPtr lpAddress, UIntPtr dwSize);
}
To use the class, simply do something like this:
using (var secret = new SecureArray<byte>(secretLength))
{
DoSomethingSecret(secret.Buffer);
}
Now, this class does two things you shouldn't do lightly, first of all, it pins the memory. This can reduce performance because the garbage collector now must work around that memory it cannot move. Second, it can lock pages in memory that the operating system may wish to swap out. This short-changes other processes on your system because now they cannot get access to that RAM.
To minimize the detrimental effects of SecureArray<T>, don't use it a lot and use it only for short amounts of time. If you want to keep the data around for longer, then you need to encrypt it. For that, your best bet is the ProtectedData class. Unfortunately, that puts your sensitive data into a non-secure byte array. The best you can do from there is do a quick copy into a SecureArray<byte>.Buffer and then a SecureArray.Zero on the sensitive byte array.

There is no "best" way to do this - you need to identify the threat you are trying to protect against in order to decide what to do or indeed if anything needs to be done.
One point to note is that, unlike a string which is immutable, you can zero out the bytes in a byte array after you've finished with them, so you won't have the same set of problems that SecureString is designed to solve.
Encrypting data could be appropriate for some set of problems, but then you will need to identify how to protect the key from unauthorized access.
I find it difficult to imagine a situation where encrypting a byte array in this way would be useful. More details of exactly what you're trying to do would help.

You could use SecureString to store the byte array.
SecureString testString = new SecureString();
// Assign the character array to the secure string.
foreach (byte b in bytes)
testString.AppendChar((char)b);
then you just reverse the process to get the bytes back out.
This isn't the only way, you can always use a MemoryBuffer and and something out of System.Security.Cryptography. But this is the only thing specifically designed to be secure in this way. All others you would have to create with the System.Security.Cryptography, which is probably the best way for you to go.

One option:
You could store the bytes in a memory stream, encrypted using any of the providers in the System.Security.Cryptography namespace.

Related

How to get a list of all forks of a GitHub repo?

I would like to get a list of all forks of a GitHub repo (e.g. https://github.com/eternicode/bootstrap-datepicker), however I am unable to find out how to do it using octokit.net.
I want also get a renamed repositories, I could not just search a name of a repository.
Any hints?
CLARIFICATION: The rest api is described here https://developer.github.com/v3/repos/forks/, but how to do it with octokit.net?
You can achieve that by visiting:
https://api.github.com/repos/<Author>/<Repo>/forks
Make sure to replace Author and Repo with suitable values.
The functionality has been added to octokit.net recently:
https://github.com/octokit/octokit.net/blob/b07ce6e11a1b286dda0a65ee427bda3b8abcefb8/Octokit.Reactive/Clients/ObservableRepositoryForksClient.cs#L31
/// <summary>
/// Gets the list of forks defined for a repository
/// </summary>
/// <remarks>
/// See API documentation for more information.
/// </remarks>
/// <param name="owner">The owner of the repository</param>
/// <param name="name">The name of the repository</param>
public IObservable<Repository> GetAll(string owner, string name)
{
Ensure.ArgumentNotNullOrEmptyString(owner, "owner");
Ensure.ArgumentNotNullOrEmptyString(name, "name");
return GetAll(owner, name, ApiOptions.None);
}
Similar functions exist for other ways to specify repository.
Please feel free to edit in the full code for this use case here.
Threads a bit old but in case someone else ends up here from google thought Id necro it.
private static IReadOnlyList<Octokit.Repository> retrieveGitHubRepos()
{
Task<IReadOnlyList<Octokit.Repository>> getRepoList = null;
string appname = System.AppDomain.CurrentDomain.FriendlyName;
Octokit.GitHubClient client = new Octokit.GitHubClient(new Octokit.ProductHeaderValue(ConnectionDetails.appName));
client.Credentials = new Octokit.Credentials(ConnectionDetails.username, ConnectionDetails.password);
Task.Run(() => getRepoList = client.Repository.GetAllForUser(ConnectionDetails.username)).Wait();
return getRepoList.Result;
}

Shadow copy error using Alphavss

iI am trying to use the sample code provided on the site alphavss. I am trying to include the class VssBackup.cs and then use this in my program. Most likely I am missing a dll reference but I am not getting any errors on the using components. Anyone knows what the problem could be?
I am getting 3 errors:
The type or namespace name 'Snapshot' could not be found (are you missing a using directive or an assembly reference?)
Snapshot _snap;
The type or namespace name 'IVssAsync' could not be found (are you missing a using directive or an assembly reference?
using (IVssAsync async = _backup.GatherWriterMetadata())
{.......
The type or namespace name 'Snapshot' could not be found (are you missing a using directive or an assembly reference?)
_snap = new Snapshot(_backup);
Class **VssBackup.cs C# Sample Code that the site provides**
/* Copyright (c) 2008-2012 Peter Palotas
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
#region Copyright Notice
/*
* AlphaVSS Sample Code
* Written by Jay Miller
*
* This code is hereby released into the public domain, This applies
* worldwide.
*/
#endregion
using System;
using System.Diagnostics;
using System.Collections.Generic;
using Alphaleonis.Win32.Vss;
using Alphaleonis.Win32.Filesystem;
namespace VssSample
{
/// <summary>
/// This class encapsulates some simple VSS logic. Its goal is to allow
/// a user to backup a single file from a shadow copy (presumably because
/// that file is otherwise unavailable on its home volume).
/// </summary>
/// <example>
/// This code creates a shadow copy and copies a single file from
/// the new snapshot to a location on the D drive. Here we're
/// using the AlphaFS library to make a full-file copy of the file.
/// <code>
/// string source_file = #"C:\Windows\system32\config\sam";
/// string backup_root = #"D:\Backups";
/// string backup_path = Path.Combine(backup_root,
/// Path.GetFilename(source_file));
///
/// // Initialize the shadow copy subsystem.
/// using (VssBackup vss = new VssBackup())
/// {
/// vss.Setup(Path.GetPathRoot(source_file));
/// string snap_path = vss.GetSnapshotPath(source_file);
///
/// // Here we use the AlphaFS library to make the copy.
/// Alphaleonis.Win32.Filesystem.File.Copy(snap_path, backup_path);
/// }
/// </code>
/// This code creates a shadow copy and opens a stream over a file
/// on the new snapshot volume.
/// <code>
/// string source_file = #"C:\Windows\system32\config\sam";
///
/// // Initialize the shadow copy subsystem.
/// using (VssBackup vss = new VssBackup())
/// {
/// vss.Setup(Path.GetPathRoot(filename));
///
/// // We can now access the shadow copy by either retrieving a stream:
/// using (Stream s = vss.GetStream(filename))
/// {
/// Debug.Assert(s.CanRead == true);
/// Debug.Assert(s.CanWrite == false);
/// }
/// }
/// </code>
/// </example>
public class VssBackup : IDisposable
{
/// <summary>
/// Setting this flag to true will enable 'component mode', which
/// does not, in this example, do much of any substance.
/// </summary>
/// <remarks>
/// VSS has the ability to selectively disable VSS-compatible
/// components according to the specifics of the current backup. One
/// might, for example, only quiesce Outlook if only the Outlook PST
/// file is intended to be backed up. The ExamineComponents() method
/// provides a framework for this sort of mode if you're interested.
/// Otherwise, this example code quiesces all VSS-compatible components
/// before making its shadow copy.
/// </remarks>
bool ComponentMode = false;
/// <summary>A reference to the VSS context.</summary>
IVssBackupComponents _backup;
/// <summary>Some persistent context for the current snapshot.</summary>
Snapshot _snap;
/// <summary>
/// Constructs a VssBackup object and initializes some of the necessary
/// VSS structures.
/// </summary>
public VssBackup()
{
InitializeBackup();
}
/// <summary>
/// Sets up a shadow copy against the specified volume.
/// </summary>
/// <remarks>
/// This methods is separated out from the constructor because if it
/// throws, we still want the Dispose() method to be called.
/// </remarks>
/// <param name="volumeName">Name of the volume to copy.</param>
public void Setup(string volumeName)
{
Discovery(volumeName);
PreBackup();
}
/// <summary>
/// The disposal of this object involves sending completion notices
/// to the writers, removing the shadow copies from the system and
/// finally releasing the BackupComponents object. This method must
/// be called when this class is no longer used.
/// </summary>
public void Dispose()
{
try { Complete(true); } catch { }
if (_snap != null)
{
_snap.Dispose();
_snap = null;
}
if (_backup != null)
{
_backup.Dispose();
_backup = null;
}
}
/// <summary>
/// This stage initializes both the requester (this program) and
/// any writers on the system in preparation for a backup and sets
/// up a communcation channel between the two.
/// </summary>
void InitializeBackup()
{
// Here we are retrieving an OS-dependent object that encapsulates
// all of the VSS functionality. The OS indepdence that this single
// factory method provides is one of AlphaVSS's major strengths!
IVssImplementation vss = VssUtils.LoadImplementation();
// Now we create a BackupComponents object to manage the backup.
// This object will have a one-to-one relationship with its backup
// and must be cleaned up when the backup finishes (ie. it cannot
// be reused).
//
// Note that this object is a member of our class, as it needs to
// stick around for the full backup.
_backup = vss.CreateVssBackupComponents();
// Now we must initialize the components. We can either start a
// fresh backup by passing null here, or we could resume a previous
// backup operation through an earlier use of the SaveXML method.
_backup.InitializeForBackup(null);
// At this point, we're supposed to establish communication with
// the writers on the system. It is possible before this step to
// enable or disable specific writers via the BackupComponents'
// Enable* and Disable* methods.
//
// Note the 'using' construct here to dispose of the asynchronous
// comm link once we no longer need it.
using (IVssAsync async = _backup.GatherWriterMetadata())
{
// Because allowing writers to prepare their metadata can take
// a while, we are given a VssAsync object that gives us some
// status on the background operation. In this case, we just
// wait for it to finish.
async.Wait();
}
}
/// <summary>
/// This stage involes the requester (us, again) processing the
/// information it received from writers on the system to find out
/// which volumes - if any - must be shadow copied to perform a full
/// backup.
/// </summary>
void Discovery(string fullPath)
{
if (ComponentMode)
// In component mode, we would need to enumerate through each
// component and decide whether it should be added to our
// backup document.
ExamineComponents(fullPath);
else
// Once we are finished with the writer metadata, we can dispose
// of it. If we were in component mode, we would want to keep it
// around so that we could notify the writers of our success or
// failure when we finish the backup.
_backup.FreeWriterMetadata();
// Now we use our helper class to add the appropriate volume to the
// shadow copy set.
_snap = new Snapshot(_backup);
_snap.AddVolume(Path.GetPathRoot(fullPath));
}
/// <summary>
/// This method is optional in this implementation, and in fact does
/// nothing of substance. It does demonstrate how one might parse
/// through the various writers on the system and add them to the
/// backup document if necessary.
/// </summary>
/// <param name="fullPath">The full path of the file to back up.</param>
void ExamineComponents(string fullPath)
{
// At this point it is the requester's duty to examine what the
// writers have prepared for us. The WriterMetadata property
// (in place of the C API's 'GetWriterMetadata' function) collects
// metadata from each writer behind a list interface.
IList<IVssExamineWriterMetadata> writer_mds = _backup.WriterMetadata;
// If you receive a "bad state" error when enumerating, you might
// have a registry inconsistency from a program that improperly
// uninstalled itself. If your event log is showing an error like,
// "ContentIndexingService called routine RegQueryValueExW which
// failed," you'll want to read Microsoft's KB article #907574.
foreach (IVssExamineWriterMetadata metadata in writer_mds)
{
// We can see the name of the writer, if we like.
Trace.WriteLine("Examining metadata for " + metadata.WriterName);
// The important bit of the writers' metadata is the list of
// components each writer is broken into. These components are
// responsible for some number of files, so going through this
// data allows us to construct an initial list of files for our
// shadow copies.
foreach (IVssWMComponent cmp in metadata.Components)
{
// Print out some info for each component.
Trace.WriteLine(" Component: " + cmp.ComponentName);
Trace.WriteLine(" Component info: " + cmp.Caption);
// If a component is available for backup, it's then up to us to
// decide whether it is relevant to the current backup. To do
// this, we may examine the files each component manages.
foreach (VssWMFileDescription file in cmp.Files)
{
// The idea here is to find out whether these files are
// relevant to whatever purpose your application holds. If
// they are, you should a) add this component to your backup
// set so VSS involves it in the shadow copy operation, and
// b) record the files' volume names so you know later which
// volumes need to be shadow copied.
// I'm not worried about that stuff for this example, though,
// so instead I'm printing out the stuff you might need to
// examine if you have requirements of that sort.
Trace.WriteLine(" Path: " + file.Path);
Trace.WriteLine(" Spec: " + file.FileSpecification);
// Here we might insert some logic to:
//
// 1. Check whether the AlternateLocation property is valid.
// 2. Expand environment vairables in either Path.or
// AlternateLocation, as appropriate.
// 3. Considering the FileSpecification and the IsRecursive
// properties, decide whether this component manages
// the file(s) you wish to backup (in this case, the
// fullPath argument).
//
// If this component is relevant, add it with AddComponent().
// (The FileToPathSpecification method below might help with
// some of these steps.)
}
}
}
}
/// <summary>
/// This phase of the backup is focused around creating the shadow copy.
/// We will notify writers of the impending snapshot, after which they
/// have a short period of time to get their on-disk data in order and
/// then quiesce writing.
/// </summary>
void PreBackup()
{
Debug.Assert(_snap != null);
// This next bit is a way to tell writers just what sort of backup
// they should be preparing for. The important parts for us now
// are the first and third arguments: we want to do a full,
// backup and, depending on whether we are in component mode, either
// a full-volume backup or a backup that only requires specific
// components.
_backup.SetBackupState(ComponentMode,
true, VssBackupType.Full, false);
// From here we just need to send messages to each writer that our
// snapshot is imminent,
using (IVssAsync async = _backup.PrepareForBackup())
{
// As before, the 'using' statement automatically disposes of
// our comm link. Also as before, we simply block while the
// writers to complete their background preparations.
async.Wait();
}
// It's now time to create the snapshot. Each writer will have to
// freeze its I/O to the selected volumes for up to 10 seconds
// while this process takes place.
_snap.Copy();
}
/// <summary>
/// This simple method uses a bit of string manipulation to turn a
/// full, local path into its corresponding snapshot path. This
/// method may help users perform full file copies from the snapsnot.
/// </summary>
/// <remarks>
/// Note that the System.IO methods are not able to access files on
/// the snapshot. Instead, you will need to use the AlphaFS library
/// as shown in the example.
/// </remarks>
/// <example>
/// This code creates a shadow copy and copies a single file from
/// the new snapshot to a location on the D drive. Here we're
/// using the AlphaFS library to make a full-file copy of the file.
/// <code>
/// string source_file = #"C:\Windows\system32\config\sam";
/// string backup_root = #"D:\Backups";
/// string backup_path = Path.Combine(backup_root,
/// Path.GetFilename(source_file));
///
/// // Initialize the shadow copy subsystem.
/// using (VssBackup vss = new VssBackup())
/// {
/// vss.Setup(Path.GetPathRoot(source_file));
/// string snap_path = vss.GetSnapshotPath(source_file);
///
/// // Here we use the AlphaFS library to make the copy.
/// Alphaleonis.Win32.Filesystem.File.Copy(snap_path, backup_path);
/// }
/// </code>
/// </example>
/// <seealso cref="GetStream"/>
/// <param name="localPath">The full path of the original file.</param>
/// <returns>A full path to the same file on the snapshot.</returns>
public string GetSnapshotPath(string localPath)
{
Trace.WriteLine("New volume: " + _snap.Root);
// This bit replaces the file's normal root information with root
// info from our new shadow copy.
if (Path.IsPathRooted(localPath))
{
string root = Path.GetPathRoot(localPath);
localPath = localPath.Replace(root, String.Empty);
}
string slash = Path.DirectorySeparatorChar.ToString();
if (!_snap.Root.EndsWith(slash) && !localPath.StartsWith(slash))
localPath = localPath.Insert(0, slash);
localPath = localPath.Insert(0, _snap.Root);
Trace.WriteLine("Converted path: " + localPath);
return localPath;
}
/// <summary>
/// This method opens a stream over the shadow copy of the specified
/// file.
/// </summary>
/// <example>
/// This code creates a shadow copy and opens a stream over a file
/// on the new snapshot volume.
/// <code>
/// string source_file = #"C:\Windows\system32\config\sam";
///
/// // Initialize the shadow copy subsystem.
/// using (VssBackup vss = new VssBackup())
/// {
/// vss.Setup(Path.GetPathRoot(filename));
///
/// // We can now access the shadow copy by either retrieving a stream:
/// using (Stream s = vss.GetStream(filename))
/// {
/// Debug.Assert(s.CanRead == true);
/// Debug.Assert(s.CanWrite == false);
/// }
/// }
/// </code>
/// </example>
public System.IO.Stream GetStream(string localPath)
{
// GetSnapshotPath() returns a very funky-looking path. The
// System.IO methods can't handle these sorts of paths, so instead
// we're using AlphaFS, another excellent library by Alpha Leonis.
// Note that we have no 'using System.IO' at the top of the file.
// (The Stream it returns, however, is just a System.IO stream.)
return File.OpenRead(GetSnapshotPath(localPath));
}
/// <summary>
/// The final phase of the backup involves some cleanup steps.
/// If we're in component mode, we're supposed to notify each of the
/// writers of the outcome of the backup. Once that's done, or if
/// we're not in component mode, we send the BackupComplete event to
/// all of the writers.
/// </summary>
/// <param name="succeeded">Success value for all of the writers.</param>
void Complete(bool succeeded)
{
if (ComponentMode)
{
// As before, we iterate through all of the writers on the system.
// A more efficient method might only iterate through those writers
// that were actually involved in this backup.
IList<IVssExamineWriterMetadata> writers = _backup.WriterMetadata;
foreach (IVssExamineWriterMetadata metadata in writers)
{
foreach (IVssWMComponent component in metadata.Components)
{
// The BackupSucceeded call should mirror the AddComponent
// call that was called during the discovery phase.
_backup.SetBackupSucceeded(
metadata.InstanceId, metadata.WriterId,
component.Type, component.LogicalPath,
component.ComponentName, succeeded);
}
}
// Finally, we can dispose of the writer metadata.
_backup.FreeWriterMetadata();
}
try
{
// The BackupComplete event must be sent to all of the writers.
using (IVssAsync async = _backup.BackupComplete())
async.Wait();
}
// Not sure why, but this throws a VSS_BAD_STATE on XP and W2K3.
// Per some forum posts about this, I'm just ignoring it.
catch (VssBadStateException) { }
}
/// <summary>
/// This method takes the information in a file description and
/// converts it to a full path specification - with wildcards.
/// </summary>
/// <remarks>
/// Using the wildcard-to-regex library found at
/// http://www.codeproject.com/KB/string/wildcmp.aspx on the
/// output of this method might be very helpful.
/// </remarks>
/// <param name="file">Object describing a component's file.</param>
/// <returns>
/// Returns a full path, potentially including DOS wildcards. Eg.
/// 'c:\windows\config\*'.
/// </returns>
string FileToPathSpecification(VssWMFileDescription file)
{
// Environment variables (eg. "%windir%") are common.
string path = Environment.ExpandEnvironmentVariables(file.Path);
// Use the alternate location if it's present.
if (!String.IsNullOrEmpty(file.AlternateLocation))
path = Environment.ExpandEnvironmentVariables(
file.AlternateLocation);
// Normalize wildcard usage.
string spec = file.FileSpecification.Replace("*.*", "*");
// Combine the file specification and the directory name.
return Path.Combine(path, file.FileSpecification);
}
}
}
I ran into the same issues when attempting to use that sample code. You should note that in addition to linking, and adding references to the references you need for AlphaVss, that this code also uses AlphaFS. In particular, you should link and reference AlphaFS.dll from that package.
The Snapshot class could not be found...you should bring in the Snapshot.cs file from the sample to your project.
But wait...there's more...
This was a bit frustrating til I found a few clever notes in the change log from version 1.1.
"* BREAKING CHANGE: The class VssWMFileDescription has been renamed to VssWMFileDescriptor
BREAKING CHANGE: The IVssAsync interface has been removed. Any methods previously returning
IVssAsync are now synchronous and returns void. Asynchronous versions of these
methods have been added with the standard APM naming scheme of BeginXXX, EndXXX
where the Begin method returns an IVssAsyncResult instance which implements
the standard IAsyncResult interface.
"
Replacing "VssWMFileDescription" with "VssWMFileDescriptor" will get you half the way there.
To get this code to compile and function, change the messages in the following pattern of:
using (IVssAsync async = _backup.GatherWriterMetadata())
{
// Because allowing writers to prepare their metadata can take
// a while, we are given a VssAsync object that gives us some
// status on the background operation. In this case, we just
// wait for it to finish.
async.Wait();
}
to
_backup.GatherWriterMetadata();
In short, the methods are now synchronous, so calling them differently will do the trick.
I hope this helps. I have my VssSample code working with these changes.
You've added references to all the AlphaVSS files? AlphaVSS.Common loads the correct assembly for the OS via IVssImplementation vss = VssUtils.LoadImplementation();.
The list for AlphaVSS 1.1 (add references to all of them):
AlphaVSS.Common
AlphaVSS.51.x86
AlphaVSS.52.x64
AlphaVSS.52.x86
AlphaVSS.60.x64
AlphaVSS.60.x86

Is SecureString a write-only class?

I recently discovered SecureString and it seems to fit a perfect application where I want to basically initialize a static secret string at the beginning of an application, and then make it read-only and use it throughout the life of the application(as a portion of a hash).
I'm having trouble understanding how to even make use of the SecureString class.. From what I can tell, you can set the SecureString, but there is no way to compare the value or retrieve the value in any way.
What is the purpose of this class if it's write-only?
No, it's not write-only: you can retrieve a regular .NET String from the SecureString by using the Marshal class:
IntPtr ptr = Marshal.SecureStringToBSTR(secureString);
string str = Marshal.PtrToStringBSTR(ptr);
Marshal.ZeroFreeBSTR(ptr);
return str;
Note that this allocates unmanaged memory, so you need to be sure to free it (with Marshal.ZeroFreeBSTR) to avoid leaks. And it should go without saying that once you've converted it to a .NET String, you lose the benefits of SecureString (the String will remain in memory until it's GC'ed, it may be paged to disk, etc.).
The purpose of the SecureString class is that you can use it in APIs where the privacy of user data (e.g., passwords or credit card numbers) should be protected (e.g., if your application crashes and a minidump is saved to disk). A handful of classes in the .NET Framework (e.g., PasswordBox.SecurePassword) take a SecureString object in order to avoid exposing this data.
Both ways here, a way to convert it to a securestring and from a securestring. Of course the whole point of storing it in a securestring is to prevent it from being in memory in the first place.
#region SecureString Manipulation
/// <summary>
/// Convert a Securestring to a regular string (not considered best practice, but make sure it's not in memory if you can help it)
/// </summary>
/// <param name="securePassword">Password stored in a secure string</param>
/// <returns>regular string of securestring password</returns>
public static string ConvertToUnsecureString(this System.Security.SecureString securePassword)
{
if (securePassword == null)
throw new ArgumentNullException("securePassword");
IntPtr unmanagedString = IntPtr.Zero;
try
{
unmanagedString = Marshal.SecureStringToGlobalAllocUnicode(securePassword);
return Marshal.PtrToStringUni(unmanagedString);
}
finally
{
Marshal.ZeroFreeGlobalAllocUnicode(unmanagedString);
}
}
/// <summary>
/// Pass a text password to this function to return a SecureString (doesn't store the password in memory)
/// </summary>
/// <param name="password">Text version of a password</param>
/// <returns>SecureString of a password (not readable by memory)</returns>
public static SecureString ConvertToSecureString(this string password)
{
if (password == null)
throw new ArgumentNullException("password");
var secure = new SecureString();
foreach (var c in password.ToCharArray())
secure.AppendChar(c);
return secure;
}
#endregion

Retry the request if the first one failed

I am using a xml web service on my web app and sometimes remote server fails to respond in time. I came up with the idea of re-request if first attempt fails. To prevent loop I want to limit concurrent request at 2. I want to get an opinion if what I have done below is ok and would work as I expect it.
public class ScEngine
{
private int _attemptcount = 0;
public int attemptcount
{
get
{
return _attemptcount;
}
set
{
_attemptcount = value;
}
}
public DataSet GetStat(string q, string job)
{
try
{
//snip....
attemptcount += attemptcount;
return ds;
}
catch
{
if (attemptcount>=2)
{
return null;
}
else
{
return GetStat(q, job);
}
}
}
}
public class ScEngine
{
public DataSet GetStat(string q, string job)
{
int attemptCount;
while(attemptCount < 2)
{
try
{
attemptCount++;
var ds = ...//web service call
return ds;
}
catch {}
}
//log the error
return null;
}
}
You forgot to increment the attemptcount. Plus, if there's any error on the second run, it will not be caught (thus, becomes an unhandled exception).
I wouldn't recurse in order to retry. Also, I wouldn't catch and ignore all exceptions. I'd learn which exceptions indicate an error that should be retried, and would catch those. You will be ignoring serious errors, as your code stands.
You don't want to solve it this way. You will just put more load on the servers and cause more timeouts.
You can increase the web service timeout via httpRuntime. Web services typically return a lot of data in one call, so I find myself doing this pretty frequently. Don't forget to increase how long the client is willing to wait on the client side.
Here's a version that doesn't use recursion but achieves the same result. It also includes a delay so you can give the server time to recover if it hiccups.
/// <summary>
/// The maximum amount of attempts to use before giving up on an update, delete or create
/// </summary>
private const int MAX_ATTEMPTS = 2;
/// <summary>
/// Attempts to execute the specified delegate with the specified arguments.
/// </summary>
/// <param name="operation">The operation to attempt.</param>
/// <param name="arguments">The arguments to provide to the operation.</param>
/// <returns>The result of the operation if there are any.</returns>
public static object attemptOperation(Delegate operation, params object[] arguments)
{
//attempt the operation using the default max attempts
return attemptOperation(MAX_ATTEMPTS, operation, arguments);
}
/// <summary>
/// Use for creating a random delay between retry attempts.
/// </summary>
private static Random random = new Random();
/// <summary>
/// Attempts to execute the specified delegate with the specified arguments.
/// </summary>
/// <param name="operation">The operation to attempt.</param>
/// <param name="arguments">The arguments to provide to the operation.</param>
/// <param name="maxAttempts">The number of times to attempt the operation before giving up.</param>
/// <returns>The result of the operation if there are any.</returns>
public static object attemptOperation(int maxAttempts, Delegate operation, params object [] arguments)
{
//set our initial attempt count
int attemptCount = 1;
//set the default result
object result = null;
//we've not succeeded yet
bool success = false;
//keep trying until we get a result
while (success == false)
{
try
{
//attempt the operation and get the result
result = operation.DynamicInvoke(arguments);
//we succeeded if there wasn't an exception
success = true;
}
catch
{
//if we've got to the max attempts and still have an error, give up an rethrow it
if (attemptCount++ == maxAttempts)
{
//propogate the exception
throw;
}
else
{
//create a random delay in milliseconds
int randomDelayMilliseconds = random.Next(1000, 5000);
//sleep for the specified amount of milliseconds
System.Threading.Thread.Sleep(randomDelayMilliseconds);
}
}
}
//return the result
return result;
}

Creating a class for an interface at runtime, in C#

I'm looking at taking a set of objects, let's say there's 3 objects alive at the moment, which all implement a common interface, and then wrap those objects inside a fourth object, also implementing the same interface.
The fourth object's implementations of methods and properties would simply call the relevant bits on those 3 underlying objects. I know that there will be cases here where it won't make sense to do that, but this is for a service multicast architecture so there's already a good set of limitations in place.
My question is where to start. The generation of that fourth object should be done in memory, at runtime, so I'm thinking Reflection.Emit, unfortunately I don't have enough experience with that to even know where to begin.
Do I have to construct an in-memory assembly? It sure looks that way, but I'd just like a quick pointer to where I should start.
Basically I'm looking at taking an interface, and a list of object instances all implementing that interface, and constructing a new object, also implementing that interface, which should "multicast" all method calls and property access to all the underlying objects, at least as much as possible. There will be heaps of problems with exceptions and such but I'll tackle those bits when I get to them.
This is for a service-oriented architecture, where I would like to have existing code that takes, as an example, a logger-service, to now access multiple logger services, without having to change the code that uses the services. Instead, I'd like to runtime-generate a logger-service-wrapper that internally simply calls the relevant methods on multiple underlying objects.
This is for .NET 3.5 and C#.
I'll post my own implementation here, if anyone's interested.
This is heavily influenced and copied from Marc's answer, which I accepted.
The code can be used to wrap a set of objects, all implementing a common interface, inside a new object, also implementing said interface. When methods and properties on the returned object is accessed, the corresponding methods and properties on the underlying objects are accessed in the same way.
Here there be dragons: This is for a specific usage. There's potential for odd problems with this, in particular since the code does not ensure that all underlying objects are given the exact same objects as the callee is passing (or rather, it does not prohibit one of the underlying objects from messing with the arguments), and for methods that returns a value, only the last return value will be returned. As for out/ref arguments, I haven't even tested how that works, but it probably doesn't. You have been warned.
#region Using
using System;
using System.Linq;
using System.Diagnostics;
using System.Reflection;
using System.Reflection.Emit;
using LVK.Collections;
#endregion
namespace LVK.IoC
{
/// <summary>
/// This class implements a service wrapper that can wrap multiple services into a single multicast
/// service, that will in turn dispatch all method calls down into all the underlying services.
/// </summary>
/// <remarks>
/// This code is heavily influenced and copied from Marc Gravell's implementation which he
/// posted on Stack Overflow here: http://stackoverflow.com/questions/847809
/// </remarks>
public static class MulticastService
{
/// <summary>
/// Wrap the specified services in a single multicast service object.
/// </summary>
/// <typeparam name="TService">
/// The type of service to implement a multicast service for.
/// </typeparam>
/// <param name="services">
/// The underlying service objects to multicast all method calls to.
/// </param>
/// <returns>
/// The multicast service instance.
/// </returns>
/// <exception cref="ArgumentNullException">
/// <para><paramref name="services"/> is <c>null</c>.</para>
/// <para>- or -</para>
/// <para><paramref name="services"/> contains a <c>null</c> reference.</para>
/// </exception>
/// <exception cref="ArgumentException">
/// <para><typeparamref name="TService"/> is not an interface type.</para>
/// </exception>
public static TService Wrap<TService>(params TService[] services)
where TService: class
{
return (TService)Wrap(typeof(TService), (Object[])services);
}
/// <summary>
/// Wrap the specified services in a single multicast service object.
/// </summary>
/// <param name="serviceInterfaceType">
/// The <see cref="Type"/> object for the service interface to implement a multicast service for.
/// </param>
/// <param name="services">
/// The underlying service objects to multicast all method calls to.
/// </param>
/// <returns>
/// The multicast service instance.
/// </returns>
/// <exception cref="ArgumentNullException">
/// <para><paramref name="serviceInterfaceType"/> is <c>null</c>.</para>
/// <para>- or -</para>
/// <para><paramref name="services"/> is <c>null</c>.</para>
/// <para>- or -</para>
/// <para><paramref name="services"/> contains a <c>null</c> reference.</para>
/// </exception>
/// <exception cref="ArgumentException">
/// <para><typeparamref name="TService"/> is not an interface type.</para>
/// </exception>
/// <exception cref="InvalidOperationException">
/// <para>One or more of the service objects in <paramref name="services"/> does not implement
/// the <paramref name="serviceInterfaceType"/> interface.</para>
/// </exception>
public static Object Wrap(Type serviceInterfaceType, params Object[] services)
{
#region Parameter Validation
if (Object.ReferenceEquals(null, serviceInterfaceType))
throw new ArgumentNullException("serviceInterfaceType");
if (!serviceInterfaceType.IsInterface)
throw new ArgumentException("serviceInterfaceType");
if (Object.ReferenceEquals(null, services) || services.Length == 0)
throw new ArgumentNullException("services");
foreach (var service in services)
{
if (Object.ReferenceEquals(null, service))
throw new ArgumentNullException("services");
if (!serviceInterfaceType.IsAssignableFrom(service.GetType()))
throw new InvalidOperationException("One of the specified services does not implement the specified service interface");
}
#endregion
if (services.Length == 1)
return services[0];
AssemblyName assemblyName = new AssemblyName(String.Format("tmp_{0}", serviceInterfaceType.FullName));
String moduleName = String.Format("{0}.dll", assemblyName.Name);
String ns = serviceInterfaceType.Namespace;
if (!String.IsNullOrEmpty(ns))
ns += ".";
var assembly = AppDomain.CurrentDomain.DefineDynamicAssembly(assemblyName,
AssemblyBuilderAccess.RunAndSave);
var module = assembly.DefineDynamicModule(moduleName, false);
var type = module.DefineType(String.Format("{0}Multicast_{1}", ns, serviceInterfaceType.Name),
TypeAttributes.Class |
TypeAttributes.AnsiClass |
TypeAttributes.Sealed |
TypeAttributes.NotPublic);
type.AddInterfaceImplementation(serviceInterfaceType);
var ar = Array.CreateInstance(serviceInterfaceType, services.Length);
for (Int32 index = 0; index < services.Length; index++)
ar.SetValue(services[index], index);
// Define _Service0..N-1 private service fields
FieldBuilder[] fields = new FieldBuilder[services.Length];
var cab = new CustomAttributeBuilder(
typeof(DebuggerBrowsableAttribute).GetConstructor(new Type[] { typeof(DebuggerBrowsableState) }),
new Object[] { DebuggerBrowsableState.Never });
for (Int32 index = 0; index < services.Length; index++)
{
fields[index] = type.DefineField(String.Format("_Service{0}", index),
serviceInterfaceType, FieldAttributes.Private);
// Ensure the field don't show up in the debugger tooltips
fields[index].SetCustomAttribute(cab);
}
// Define a simple constructor that takes all our services as arguments
var ctor = type.DefineConstructor(MethodAttributes.Public,
CallingConventions.HasThis,
Sequences.Repeat(serviceInterfaceType, services.Length).ToArray());
var generator = ctor.GetILGenerator();
// Store each service into its own fields
for (Int32 index = 0; index < services.Length; index++)
{
generator.Emit(OpCodes.Ldarg_0);
switch (index)
{
case 0:
generator.Emit(OpCodes.Ldarg_1);
break;
case 1:
generator.Emit(OpCodes.Ldarg_2);
break;
case 2:
generator.Emit(OpCodes.Ldarg_3);
break;
default:
generator.Emit(OpCodes.Ldarg, index + 1);
break;
}
generator.Emit(OpCodes.Stfld, fields[index]);
}
generator.Emit(OpCodes.Ret);
// Implement all the methods of the interface
foreach (var method in serviceInterfaceType.GetMethods())
{
var args = method.GetParameters();
var methodImpl = type.DefineMethod(method.Name,
MethodAttributes.Private | MethodAttributes.Virtual,
method.ReturnType, (from arg in args select arg.ParameterType).ToArray());
type.DefineMethodOverride(methodImpl, method);
// Generate code to simply call down into each service object
// Any return values are discarded, except the last one, which is returned
generator = methodImpl.GetILGenerator();
for (Int32 index = 0; index < services.Length; index++)
{
generator.Emit(OpCodes.Ldarg_0);
generator.Emit(OpCodes.Ldfld, fields[index]);
for (Int32 paramIndex = 0; paramIndex < args.Length; paramIndex++)
{
switch (paramIndex)
{
case 0:
generator.Emit(OpCodes.Ldarg_1);
break;
case 1:
generator.Emit(OpCodes.Ldarg_2);
break;
case 2:
generator.Emit(OpCodes.Ldarg_3);
break;
default:
generator.Emit((paramIndex < 255)
? OpCodes.Ldarg_S
: OpCodes.Ldarg,
paramIndex + 1);
break;
}
}
generator.Emit(OpCodes.Callvirt, method);
if (method.ReturnType != typeof(void) && index < services.Length - 1)
generator.Emit(OpCodes.Pop); // discard N-1 return values
}
generator.Emit(OpCodes.Ret);
}
return Activator.CreateInstance(type.CreateType(), services);
}
}
}
(I'm justifying an answer here by adding extra context/info)
Yes, at the moment Reflection.Emit is the only way to solve this.
In .NET 4.0, the Expression class has been extended to support both loops and statement blocks, so for single method usage, a compiled Expression would be a good idea. But even this won't support multi-method interfaces (just single-method delegates).
Fortunately, I've done this previously; see How can I write a generic container class that implements a given interface in C#?
Did you really need to create the assembly at runtime?
Probably you don't need it.
c# give you Action<T>, the is operator and lambda/delegates...

Categories