I try to build a health check for all system (API & Database & Angular)
I succeeded in adding it in API and Database by using AspNetCor.HealthCheck.UI.
Now I try to add it to frontend but I need to add this health check to the same dashboard that contains the status of checking API and Database
Related
i have a website (asp.net core 3) with input fields , and all data entered by the visitors will be saved to firebase child (realtime database)
i'm using FireSharp ( Firebase REST API wrapper for the .NET & Xamarin )
FireSharp work only with authSecret , so my server will bypass my Realtime Database Rules
even if my rules are ;
{
"rules": {
".read": false,
".write": false
}
}
can can i protect my database with security rules ?
is it safe to put the auth secret in my own server ?
If FireSharp only allows you to access Firebase Realtime Database by specifying the database secret, then it bypasses your security rules completely and has full read/write access to the entire database.
If you want access in a way to adheres to your security rules, you'll have to find another client for your platform, or use the REST API directly and pass the ID token of a user that is signed in to Firebase Authentication rather than passing the database secret.
I want to get the usernames of all registered users in my Firebase project. I have installed FirebaseAuth.unitypackage.
I have looked to the Unity Docs in Firebase but found nothing about this. What i want is given here. But there are some problems;
It is made with Admin SDK, I am not sure that this SDK can be installed for Unity. There is no package in the SDK named Admin.
C# code is not given.
A note has been left as "Note: This API is currently only available for the Admin Node.js SDK"
I'll answer this in the context of keeping everything in Firebase and being willing to pull in other Firebase products. If you want to use the Auth Admin SDK in general, just make sure that you do it from a server you control (as opposed to a user's machine).
In general, you typically need one more Firebase service to interact with Firebase Auth in the way you want to. Either use Cloud Functions with the Node.js admin SDK (which I don't like using the admin SDK in your critical user path just out of caution) or to use something like Realtime Database to keep a separate list of all your users and any additional information you might associate with them.
I'll typically store my registered users in Realtime Database, with a node named users and then each user having a node just named their user id. So a user list with two users whose IDs are uid_0 and uid_1, I'd have a structure like:
users:
uid_0: {name, avatar, &c}
uid_1: {name, avatar, &c}
Your rules.json could look something like this to only allow users write their own userid data but let everyone read it (so you can give your users a user list):
{
"rules": {
// Bonus maps cannot be written to under normal circumstances.
"users": {
".write": "!data.exists()",
"$uid" {
".write": "auth != null && auth.uid == $uid",
".read": true // or more granular, like ensure your uid is in the target's friends list
}
}
}
}
As far as maintaining this list. You can either use the rules language to ensure that users can only create/delete their own $uid or use Functions with Firebase Authentication triggers (and that Realtime Database Admin SDK I try to minimize my usage of) to add/remove entries to the users list.
I hope this helps!
I'm working on a service which should be able to disable a user's app. That means for a specific office account, disable a specific application that authenticates against Azure AD.
In order to test my service I subscribed for 2 office 365 E1 accounts and an azure trial.
For testing disabling of an app, I downloaded Nine on one of my mobile devices and connected with my Office-365 account.
Then I queried the Azure Graph API with the following REST requests:
GET <BASE>/users
And extracted my user's ID which I will denote as [user-id]
(BASE = https://graph.windows.net/[tenant-id]/)
(All my urls ends with api-version=1.6)
GET <BASE>/servicePrincipals
And extracted the Service Principal's ID for the one that had appDisplayName: "Nine for office 365". Which I will denote with [principle]
GET <BASE>/servicePrincipals/[principle]/appRoleAssignedTo
And received:
"odata.metadata":"https://graph.windows.net/[removed]/$metadata#directoryObjects/Microsoft.DirectoryServices.AppRoleAssignment",
"value":[ { "odata.type":"Microsoft.DirectoryServices.AppRoleAssignment",
"objectType":"AppRoleAssignment",
"objectId":"[AppRoleAssignmentId]",
"deletionTimestamp":null,
"creationTimestamp":"2017-01-01T17:04:45.1033993Z",
"id":"00000000-0000-0000-0000-000000000000",
"principalDisplayName":"Tom",
"principalId":"[removed]",
"principalType":"User",
"resourceDisplayName":"Nine for Office 365",
"resourceId":"[principle]"
},
And lastly -
DELETE <BASE>/users/[user-id]/appRoleAssignments/[AppRoleAssignmentId]
And received 204 as response code.
I queried again for the appRoleAssignment (As I did in section 3) and the one I deleted was actually removed, but, Nine could still sync with server and receive new messages. What am I missing?
The AppRoleAssignment is used to record when a user or group is assigned to an application. Delete this record will not disable the application. More detail about this entity, you can refer here.
And to disable the application, I have answered in this thread. Please feel free to let me know whether you still have the problem.
Update( the option to enable for users assignment)
I am trying to retrieve a message from a node (my own status message):
I am using C# Facebook SDK. My GET request is the following:
status = fb.Get("/v2.2/100006927xxxxxx_1568238173xxxxxx?fields=message")
I tested this in Graph Explorer on the development site and it works.
but in my application I get an "Unsuppported Get Request #100" error.
Is there something new because I think that worked before?
Ensure that the access token you are using on Graph API Explorer matches the one you are using in your application.
In Graph API Explorer check three calls
/app to see which app you are using
/me/permissions to see what permission is granted in the application
/me to see which app scoped user ID has been assigned
Depending on the access token and the application, the privacy level of that status might not be able available to you.
e.g. 100006927xxxxxx looks like an app scoped user ID
This will mean that only one particular application will be able to access this resource.
let suppose i have two domains
1. abc.com
2. xyz.com
now the thing i want to do that i have a index page on both sites and there is a image on both index page , but when i click next in abc.com and image changes on abc.com at the same time i made a session variable in sql server . Now leave abc.com and come to xyz.com
the index page of xyz.com automatically gets refresh by ajax function after 2 second , now when page get refresh it will make a request to server and pick the next image name from session which we stored using abc.com and by getting the we will show the latest image on xyz.com .... Note . both sites are using the same server
can i do this ? . If yes then how ?
You can share sessions between sites using SQL server as the session manager, I did it following these instructions, works well.
these steps are taken from: Share ASP.net session between domains
ASP.NET APPLICATION : CSASPNETShareSessionBetweenSubDomains Project
Overview
Summary:
Session can be set to different modes (InProc, SqlServer, and
StateServer). When using SqlServer/SateServer mode, Session will store
in a specific SQL Server/Sate Server. If two ASP.NET Web Applications
specify the same SQL Server as Session Server, all Sessions store in
the same database. All in all, if using SQL Server Session, it is
possible to share Session between different ASP.NET Applications.
Since ASP.NET stores Session Id to cookie to specify current Session,
so in order to share Session, it is necessary to share Session Id in
the cookie.
The CSASPNETShareSessionBetweenSubDomains sample demonstrates how to
configure a SessionState Server and then create a SharedSessionModule
module to achieve sharing Session between sub domain ASP.NET Web
Applications.
Two ASP.NET Web Applications need to run in the same Root Domain (can
use different ports). Steps:
Configure SQL Server to Store ASP.NET Session State.
Run "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
-S localhost\sqlexpress -E -ssadd" to add Session State support to Sql Server Express 1.
If you haven't added Session State to SQL Server, when you configure
a web site to use SQL Server Mode Session State,
System.Data.SqlClient.SqlException will be thrown saying "Invalid
object name 'tempdb.dbo.ASPStateTempSessions'."
Configure ASP.NET Web Applications to Use SQL Server to Store Session and Use specific decryptionKey and validationKey.
Add this settings to web.config file to use SQL Server Session
State:
Add this settings to web.config to use specific decryptionKey and
validationKey:
If you host the applications in IIS, please run the Application Pool
under an account who can log into the database. Otherwise
System.Data.SqlClient.SqlException will be thrown saying "Cannot
open database 'ASPState' requested by the login. The login failed."
Write SharedSessionModule Module to Achieve The Logic of Sharing Session
a. Implement Init() method to set Application Id read from
web.config.
b. Implement PostRequestHandlerExecute Event to store Session Id to
cookie with
the same domain and root path.
Configure ASP.NET Web Applications to Use SharedSessionModule Module.
Add this config to web.config to use SharedSessionModule Module:
If you run the applications in your own domains except localhost,
please don't forget to change the value of RootDomain after
publishing.
Run and Test
a. Add a new Web Page. b. Add two Buttons (used to Refresh the page and Set Session) and one Label for displaying
Session value. c. On Page_PreRender() method, read Session and display it in Label. On Button Click
Event, Set Value to Session. d. Create a new Web Site with the same config as Web Site 1, but set different value
to Session e. Now open two sites in two tabs. Now if you set Session Value in site1,
you can retrieve the same value in site2. So they use the same Session.
1 Remove Session State from Sql Server. Run
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe -S
localhost\sqlexpress -E -ssremove" to remove Session State support
from Sql Server.