Securing application in Silverlight - security

I have this application in silverlight 5. Actually the problem is with its security. I'd used HTTPS but still the query I fire within the application can be decrypted by FIDDLER and can be used to get all the data from the database. Please suggest something to prevent this. Or at least any link to get start with. I'd already implemented some suggestions from MSDN but still the application has the same issue.

Related

Excel WebApi Odata Authentication with Organisational Account

I have created an OData Service using .Net 6 / OData 8 and am trying to authenticate using Organisational Account in Excel. I can test the authentication sucesfully in Postman and also in my web App that uses the authenticated service.
However, if I try and create an OData Feed in Excel and authenticate using [Organisational Account], I get an error "We were unable to connect because this credential type isn't supported for this resource.".
Microsoft seems to indicate that it is not supported to connect to "arbitrary" services per the following link.
https://learn.microsoft.com/en-us/power-query/connectors/odatafeed#authenticating-to-arbitrary-services
However, this is a pretty big limitation and I'm interested to know if anyone has been able to solve this problem yet.
I won't go into the configuration of my web api, suffice it to say that I have tried every possible combination of builder.Services.AddAuthentication()..... that I can find and they all seem to have a similar issue - ie. I can use the WebApi for everything that I need it for - except Excel.
A quick Google search gets many, many hits (and I think that I have read them all - ..... twice), but try as I might I haven't yet found one that has an answer that works.
The following link showed some promise, which indicated it might be possible to change the audiencce, but I could not make it work.
https://www.c-sharpcorner.com/article/azure-odata-feed-web-api-authentication-setup-with-azure-ad/
I did find another promising link that I can't seem to find again that indicated we could add the Office 365 Client Id to the list of Authorised Client Applications under Expose an Api of the app registration in Azure AD B2C. I did that, with not success.
I'm really at my wits end on this and have been trying to get a solution on and off the last couple of weeks. Would really appreciate any help from others who might have tried and succeeded at this.
Confirming that I have now worked out how to do this and have posted the solution to the following SO thread. connecting-excel-to-oauth-api-on-azure
There are a number of steps to the solutions, so won't attempt to summarise them here.

Is my site hacked?

I have my client website www.healthiva.com.. this is developed in .Net C#. In global.asax i have a functionality to send alert email to development team, if any unhandled exceptions are thrown in the whole application. Some times dev team gets email like "The file '/ivr/VAD_Deploy1.aspx' does not exist", "The file '/ivr/mxm_3cx/mxm30.aspx' does not exist".. Our application does not have these files obviously & hence the error. Now my worry is, is someone trying to hack our site by running some scripts ? if yes, please suggest some good security policies.. (the site already uses SSL)..
You are safe
I've just done a couple of tests to see, and it appears that you are getting these errors because other resources in your application are trying to access these directories. Rather than handle these errors and provide a user safe code, it's simply throwing a default server error. Your website is not being hacked - it's just badly written (Sorry, no offence) and lacks sufficient logging techniques.
However, that does not mean that you are still 100% safe. You can either consult with a private security expert or look at automated tools online to test the security of your website. I'd recommend doing some research on the OWASP Top 10 for this, and how to prevent these measures. Most hackers will try to go for one of these methods before trying more robust and niché attacks.
EDIT: Relevant image showing what happens when the server throws an exception

Application Insight works fine localhost but in Azure only client side data

I have a problem with Application Insights that is really similar to this.
Application Insights - Getting only client side data, no server data.
For me however it works fine when i just hit F5 and run the application, i get performance metrics for both client and server side.
However when i deploy the application i dont not get any server side data as far as i can tell. The site runs as a Azure Web App (Web Site). I do get client side data thou.
Anyone have any tips?
Ok, i'm officially an idiot.
I had a Web.Config transformation that was supposed to only replace an attribute in the part of Webconfig but it replaced the entire section. And yeah, now it works hehe. Sorry.
Feel free to remove this post since it was clearly just my code / debugging skill that was lacking.

How to enable Virtual ListView Control for OpenLDAP server?

I'm trying to use UnboundID's LDAP SDK to fetch contacts present on an LDAP server.
I'm using the VirtualListView(VLV) Control along with Server-side sort in my code and this code works perfectly fine when I tested with a LDAP server configured in my organization.
However, I wanted to setup a local server and add certain contacts/entries to it and test my code with that server. For this, I used OpenLDAP and configured it on Ubuntu 10.04 using instructions from this link: http://www.ghacks.net/2010/08/31/set-up-your-ldap-server-on-ubuntu-10-04/
Now, when I tried getting the contacts, my code does not work as the server I've setup is not supporting VLV. When I perform a simple search, i.e. without any VLV or other paging technique, then I am able to see the results. This means the server is working fine, but not supporting VLV control.
So what I need to know is how can I enable support for VLV or any other required controls for my server?
Please do let me know if anyone knows how to achieve this. Hors of googling hasn't lead to any promising results :(
Thanks & Regards,
Kiran
Question is off topic, should be on serverfault.com, but you have to load, enable, and configure the SSSVLV overlay.
Forget that blog, and all random Internet blogs while you're at it. Have a good look at the OpenLDAP Admin Guide itself, which is where you should have started. I can also recommend a really good reference here, but only because I've used it extensively, not just because Google said so.

SharePoint - Posting and Retrieving files Automatically via VBScript

I'm going to need to push and pull files from a SharePoint site that is not hosted by my company (it is external). I'm only going to get a few days (if that) to get this working so I don't have much time to experiment.
To add to my requirements/headaches, I'm going to have to implement this with VBScript. .Net would be preferred for me but for reasons beyond my control I have to use VBScript. I don't have direct access to my VBScript web server, so I won't be able to implement this in .NET and use that object from VBScript.
I'm looking for anything that would help me accomplish this goal quickly and effectively. I found this post and am wondering if the PUT/GET method used here would work for me?
http://weblogs.asp.net/bsimser/archive/2004/06/06/149673.aspx (I got this link from: Sharepoint API - How to Upload files to Sharepoint Doc Library from ASP.NET Web Application)
To top all of this off, I've never done any programming or administration of a SharePoint site. My knowledge of SharePoint is that of a user. I'm aware that there is an API from the few Google searches I did. However, my readings make me believe that my code would need to run on or in proximity to the SharePoint server. I don't believe I have the proximity I need to use the API.
Sincere thank yous!
Regards,
Frank
Progress Update: I'm still researching this. Tom pointed out that the example I had posted is probably from an old SharePoint version. His recommendation to use .Net to develop a prototype on Web Services is good but I'm hoping for more detailed answers.
I'm now wondering if I can accomplish what I need to accomplish using HTTP PUT and GETs. At my company, for a specific project we do use HTTP PUT and GETs to do something like this. We have files that are stored on an HTTP server and this is how we post and retrieve them.
Would this work over SharePoint or would SharePoint require special handling? Basically, do I have to use Web Services?
Progress Update 2: This link is helpful... Upload a file to SharePoint through the built-in web services
But I am still looking for more information on this topic... Thanks all...
You'll need to use the sharepoint lists web service for metadata and get/put for uploads. That link looks to be for SharePoint 2001, so hopefully you can use the newer/simpler version.
I recommend building something in .net first to get the web service calls worked out - some of the parameters can be quite tricky to debug, and I wouldn't want to be doing that on a remote vbscript page.
Assuming there is no metadata required and the SharePoint library is being used like a file server you can do most of what you want with PUT/GET, but you will probably need a call to GetListItems to find the urls to download.
There's an example on my blog of a lower level call to that web service - it's javascript, but probably close enough.
http://tqcblog.com/2007/09/24/sharepoint-blog-content-rating-with-javascript-and-web-services
What setting up the .net version gets you is very quick set up of a connection to the server (just add a web service reference in visual studio) so you can get the query and queryoptions strings working to retrieve the items you want. Once that works you just have to put it all together as a string including the soap stuff for use without all the nice tools.
I'm a little unclear on the context of the implementation and the prerequisite of having to use VBScript. Are the files being moved from one server to another server or from a user's desktop to this SP server? or are they being accessed via software like Excel?
The first thing that sprang to my mind (this may sound crazy) was using the Office application to make the connection. Your script would call up Excel (just as an example) and pass it the vba needed to initiate the Open File, and then provide the full path to the file that needs to be retrieved. Then have it do a Save As to the location that needs the file. Do the same thing but in reverse for putting files on the SharePoint server.
The tricky part, obviously, is getting the script to interface with the Office app. I know this can be done with the Windows version of PHP, but I don't want to get into anything specific without knowing your situation.
I seriously wonder if you are going to be able to use VBScript to call the SharePoint web services. I haven't looked at the SharePoint web services for a while so I don't remember exactly how they are defined. I thought the web services were SOAP calls though which makes it trickier than
I'm not sure I tried to use Excel to call some web services with the MSSOAP.SoapClient and it seemed this component was unable to handle any WSDL types beyond the very simple strings. Anything with nested data would not work. Instead, you would need to create a COM object to process the conversion which is a major hassle. If you are able to use XMLHTTP component then it might be possible with VBScript, but I'm not sure if it will work with SharePoint web services.
I'm not sure what you mean, "I don't have direct access to my VBScript web server." Is your web server in VBScript (ASP)? Or did you mean SharePoint server?
You might consider C# Script (cs-script) as a scripted solution that uses .NET. I have had good success with it, although it does need to be installed on the computer that runs the script.
I'm integrating between two companies. According to this book, we should use AD FS to accomplish what I'm looking for.
I still don't actually have this working though so if someone has more information I will change the answer to this question.
http://books.google.com/books?id=-6Dw74If4N0C&pg=PA27&lpg=PA27&dq=sharing+sharepoint+sites+external+adfs&source=bl&ots=ojOlMP13tE&sig=FjsMmOHymCOMGo7il7vjWF_lagQ&hl=en&ei=ytqfStClO5mMtgejsfH0Dw&sa=X&oi=book_result&ct=result&resnum=5#v=onepage&q=&f=false
I never really received a answer to this that worked out but this is no longer an issue for me.
What we ended up doing is scraping the html. In effect, we put together our own ad-hoc web service processor where instead of SOAP, html is used to communicate. Then we execute GETs, POSTs, and etc to work with the web service.
We had done something similar in VBScript in for WebDAV -- we had a class and created a new one to work with SharePoint.

Resources