My classic asp application would run on local system of users via internet browser. The code file resides in the root folder of the C: drive. But I want that the code cannot be seen by the users, and even if the file is opened then the code is not readable easily, like encrypted or encoded. I want to protect the code from being copied. Is it possible? If so, then how?
Other way is to Host application on one System and if other system is in connected in LAN they can use same site via hosted URL.
To deploy code in each system is not a good practice to secure.
I will agree with everybody else, suggesting a different design, but I will give you an answer that I think is applicable if you're dead set on what you're doing:
Write your server-side logic in Visual Basic 6 or .NET and expose as COM objects.
(A wilder idea would be to implement your own ISAPI filter, but I am not positive if the APIs allow you to intercept the loading of the source... thinking and googling around make me think that that's not possible, but not 100% sure)
I have done this with COM objects.
Related
I would like to create my own tool to sort photos and videos from anywhere in the file system, sorting and changing names, and stuff like that (basically a sorting tool with custom sort parameters).
Since windows store apps are easy to distribute I think it could be a nice place to develop it.
while I have nothing against C# or VB that i guess it could be easily done with it, I would like to try the HTML/CSS/JS apps of the windows store.
I'm not looking for profit on this, since is aimed for my family.
And I don't really know what kind of access to the file system do these apps have.
I consider a store app because of the universal model, if necessary I could port it to the phones too, the other option I'm considering is just to use ironpython and make it full Desktop.
With UWP apps you don't have the full access to the system files. Of course you get one to the working folder of your app - LocalFolder. By using suitable Capabilities you can be granted an access to specified libraries like: Music, Photos, Videos and more, known as KnownFolders. Additionally you can widely access removable devices. To prevent access violation to work on files in KnownFolders you have to use a special broker, which will grant privileges to your app.
The full list of access permitions you will find at MSDN.
Does anyone know of any article/publication on the security architecture of Metro app?
For example, can the metro app call an external service. If it can,
under what condition. Will it prompt the user first? And if so will
they be able to change their restriction later and how?
Cross domain scripting in a website is usually considered a big
no-no. But if I were to turn the same code into a metro app (since
presumably they're both written in Html 5 + js), does it mean I can
make ajax calls to any server irrespective of their domain? Is it
even possible to port a website into an app? If so how easy is that?
What about accessing local file system? Or does it have to go
through the contracts to do so?
And this is kind of related but if I were to write a website (not an
app). And the site was opened using Metro IE10, can it subscribe
into the metro specific js events? I guess I'm trying to figure out
how to save cost by doing as little development as possible. I
prefer a website that can target multiple platforms and only target
specific platform for the features that absolutely require it - also
not to thrilled with the idea of having to go through microsoft in
order to publish my app.
Any help appreciated.
Metro applications can call into web services located on other machines, but their ability to interact with the local machine is severely limited.
Similarly, accessing arbitrary parts of the local filesystem is not permitted. If your application has the documents (or music or photos) library permission, it can access the files in those libraries.
I'm writing some ASP code to service requests from a simple HTML form on my company's intranet. The code needs to call methods from a (COM) dll. I'm using the code:
myObject = Server.CreateObject("myDLL.myClass")
but it's giving an error at this line. I'm not sure if the dll is registered on the server, but I suspect it may not be. I'm not sure how to find this out.
If it's not registered, is it possible/best practice to:
Use the dll without registering it on the server (I have the .dll file);
Remotely register the dll safely using ASP code; or
Do I need to contact the IT dept to get it registered?
I'm worried that option 2 might freak the IT department out and also possibly break something - but I have a deadline and it's unlikely that they will get around to registering anything before then.
Is there any way I can use the dll without involving them, purely with ASP?
I've also got this question open regarding running the dll on the client's computers by embedding in the intranet form, which is my preferred method if it's possible. It's the same dll, and it's already registered on all clients' machines but so far I've been unable to get it passed the IE intranet security settings.
ANY help/comments/suggestions on this or my other thread would be greatly appreciated.
Thanks for reading.
you need to register the DLL AFAIK, either with a setup program that does it, or manually with regsvr32 (or similar)
I'm going to need to push and pull files from a SharePoint site that is not hosted by my company (it is external). I'm only going to get a few days (if that) to get this working so I don't have much time to experiment.
To add to my requirements/headaches, I'm going to have to implement this with VBScript. .Net would be preferred for me but for reasons beyond my control I have to use VBScript. I don't have direct access to my VBScript web server, so I won't be able to implement this in .NET and use that object from VBScript.
I'm looking for anything that would help me accomplish this goal quickly and effectively. I found this post and am wondering if the PUT/GET method used here would work for me?
http://weblogs.asp.net/bsimser/archive/2004/06/06/149673.aspx (I got this link from: Sharepoint API - How to Upload files to Sharepoint Doc Library from ASP.NET Web Application)
To top all of this off, I've never done any programming or administration of a SharePoint site. My knowledge of SharePoint is that of a user. I'm aware that there is an API from the few Google searches I did. However, my readings make me believe that my code would need to run on or in proximity to the SharePoint server. I don't believe I have the proximity I need to use the API.
Sincere thank yous!
Regards,
Frank
Progress Update: I'm still researching this. Tom pointed out that the example I had posted is probably from an old SharePoint version. His recommendation to use .Net to develop a prototype on Web Services is good but I'm hoping for more detailed answers.
I'm now wondering if I can accomplish what I need to accomplish using HTTP PUT and GETs. At my company, for a specific project we do use HTTP PUT and GETs to do something like this. We have files that are stored on an HTTP server and this is how we post and retrieve them.
Would this work over SharePoint or would SharePoint require special handling? Basically, do I have to use Web Services?
Progress Update 2: This link is helpful... Upload a file to SharePoint through the built-in web services
But I am still looking for more information on this topic... Thanks all...
You'll need to use the sharepoint lists web service for metadata and get/put for uploads. That link looks to be for SharePoint 2001, so hopefully you can use the newer/simpler version.
I recommend building something in .net first to get the web service calls worked out - some of the parameters can be quite tricky to debug, and I wouldn't want to be doing that on a remote vbscript page.
Assuming there is no metadata required and the SharePoint library is being used like a file server you can do most of what you want with PUT/GET, but you will probably need a call to GetListItems to find the urls to download.
There's an example on my blog of a lower level call to that web service - it's javascript, but probably close enough.
http://tqcblog.com/2007/09/24/sharepoint-blog-content-rating-with-javascript-and-web-services
What setting up the .net version gets you is very quick set up of a connection to the server (just add a web service reference in visual studio) so you can get the query and queryoptions strings working to retrieve the items you want. Once that works you just have to put it all together as a string including the soap stuff for use without all the nice tools.
I'm a little unclear on the context of the implementation and the prerequisite of having to use VBScript. Are the files being moved from one server to another server or from a user's desktop to this SP server? or are they being accessed via software like Excel?
The first thing that sprang to my mind (this may sound crazy) was using the Office application to make the connection. Your script would call up Excel (just as an example) and pass it the vba needed to initiate the Open File, and then provide the full path to the file that needs to be retrieved. Then have it do a Save As to the location that needs the file. Do the same thing but in reverse for putting files on the SharePoint server.
The tricky part, obviously, is getting the script to interface with the Office app. I know this can be done with the Windows version of PHP, but I don't want to get into anything specific without knowing your situation.
I seriously wonder if you are going to be able to use VBScript to call the SharePoint web services. I haven't looked at the SharePoint web services for a while so I don't remember exactly how they are defined. I thought the web services were SOAP calls though which makes it trickier than
I'm not sure I tried to use Excel to call some web services with the MSSOAP.SoapClient and it seemed this component was unable to handle any WSDL types beyond the very simple strings. Anything with nested data would not work. Instead, you would need to create a COM object to process the conversion which is a major hassle. If you are able to use XMLHTTP component then it might be possible with VBScript, but I'm not sure if it will work with SharePoint web services.
I'm not sure what you mean, "I don't have direct access to my VBScript web server." Is your web server in VBScript (ASP)? Or did you mean SharePoint server?
You might consider C# Script (cs-script) as a scripted solution that uses .NET. I have had good success with it, although it does need to be installed on the computer that runs the script.
I'm integrating between two companies. According to this book, we should use AD FS to accomplish what I'm looking for.
I still don't actually have this working though so if someone has more information I will change the answer to this question.
http://books.google.com/books?id=-6Dw74If4N0C&pg=PA27&lpg=PA27&dq=sharing+sharepoint+sites+external+adfs&source=bl&ots=ojOlMP13tE&sig=FjsMmOHymCOMGo7il7vjWF_lagQ&hl=en&ei=ytqfStClO5mMtgejsfH0Dw&sa=X&oi=book_result&ct=result&resnum=5#v=onepage&q=&f=false
I never really received a answer to this that worked out but this is no longer an issue for me.
What we ended up doing is scraping the html. In effect, we put together our own ad-hoc web service processor where instead of SOAP, html is used to communicate. Then we execute GETs, POSTs, and etc to work with the web service.
We had done something similar in VBScript in for WebDAV -- we had a class and created a new one to work with SharePoint.
Is there a way to get URI based access control directly in IIS that works with static content, ASP, WCF services and anything else that comes in looking something like an HTTP request?
Particularly I want the access control to be a bullet proof as possible preferably making the decision before IIS even tries to figure out what to service the request with.
This link sort of hints that this can't be done but it's old and I'd be very surprised if what I'm looking for doesn't exist.
This link has a few other options (and a less "aggressive" community)
An ideal solution would be able to declare that everything (static and dynamic content) under a given URL (for example https://dns.name/some/path/*) needs a login and the user must be in some group. Also, I'd rather set it up with a username/passord file (at least for now) rather than AD or some windows account system.
In short I want access control and I don't want to be writing code to get it.
This seems related but I'm not sure it's quite the same.
You can set access rules for ASP.NET or WCF web application in web.config file.
HOW TO: Control Authorization Permissions in an ASP.NET Application
If you have access to IIS and you know .htaccess syntax, you can use ISAPI_Rewrite 3. The Lite version is free.