I am creating a free program that has a support request page. This will send me an email and a log file so I can see what is going on.
I have created the email class, but like any email program/class it will require a username, password, email address, etc.
Now, once I put this out, I know that, with the right programs, you can view the code behind on .Net, which I really thing is completely absurd.
Anyhow, I don't want this information out there because it's a support email address and is sensitive information.
What is the best way for me to send an email but not include my sensitive information for all the nosy people out there or hide it so they cannot get to it?
Here is an example of the code I'm referring to:
var emailSettings = new EmailSettings();
emailSettings.Body = richTextBox_Message.Text;
emailSettings.BodyIsHtml = false;
emailSettings.EmailServerEnableSsl = true;
emailSettings.EmailServerPassword = "";
emailSettings.EmailServerPort = 25;
emailSettings.EmailServerUsername = "";
emailSettings.EmailSmtpServer = "";
emailSettings.FromEmailAddress = new MailAddress(textBox_EmailAddress.Text);
emailSettings.Subject = comboBox_TypeOfRequest.Text;
Scary stuff in there :D
Just to clarify, this is a free app so I cannot afford a program to hide the code. :(
It's not safe to use this method to send error reports. Consider using a .php file on a web server to send yourself errors, or some other method.
PHP Email Tutorial
But if you really want to, I believe you might be able to use System.Security.Cryptography to protect your data, I'm not 100% sure on that though, so correct me if I'm wrong.
http://msdn.microsoft.com/en-us/library/system.security.cryptography(v=vs.110).aspx
Related
I'd like to create a sign-in card that is not a link to a webpage to sign in to. Something that behaves something like this
All of the resources I've found online only show the button link like
Whose code looks something like this
var replytoconversation = context.MakeMessage();
replytoconversation.Text = "Authorize your Account";
replytoconversation.Attachments = new List<Attachment>();
var cardbuttons = new List<CardAction>();
cardbuttons.Add(new CardAction
{
Title = "connect",
Value = "http://mail.google.com",
Type = ActionTypes.Signin
});
SigninCard plcard = new SigninCard("Log in to your account", cardbuttons);
Attachment plattachment = plcard.ToAttachment();
replytoconversation.Attachments.Add(new SigninCard("Log in to your account", cardbuttons).ToAttachment());
await context.PostAsync(replytoconversation);
Any help would be appreciated thanks
What you are asking is not possible using the card system in the way you are asking. The only way I can think of at the moment would be to create a login web page alongside your web interface chat (if that's what you are using) and embed the web page in the chat bot (I've done something like this for a similar reason). This is a useful way of dealing with a number of things, such as connecting to a system that does not have an api. I know it's not the exact answer you want, but it's really the only way to my knowledge.
Just updating this as ive been working on it lately. If you use Adaptive-Cards, you can add in Input boxes using AdaptiveTextInput. Link these to a submit function and you can have the user input their details in,then pass them to another function. Here, you can either cast out of the bot to an auth protocol (not sure about how, havent tried yet), or you can do what I'm doing, and use a http/ftp database to authenticate data. Not that secure, but depends on what you are using it for.
My team and I have a very specific and frustrating issue. We have an MVC4 web application that many people utilized within a company (no external exposure). Some of our processes generate emails to other employees with links back to the application.
For example, there may be some activity that one employee sees and wants to attend. They can can an email to the other employee saying they would like to attend.
In these emails, we put an anchor tag in with the link back to our application and some query string stuff to help direct it to the right page.
All of that works wonderfully. Now, the problem is, we want the link (from the email) to load in an existing window with the application, if it exists. Normally, I believe, this would be done with setting the target attribute in the anchor tag, but that doesn't work, it just opens in a new tab.
This is what the anchor tag source from the email looks like (i've changed some text so that it hides company related info):
Please <a target="appMain" href='http://domain/app/controller.aspx/view?
keyname=querystringparam1¶ms={"prop1":val,"prop2":va;}'>
click here</a> to approve and go to app
this is our smtp function to send the mail:
public void SendMail(EmailContent emailContent, string mailConfigurationPath)
{
var toRecipients = string.Join(",", emailContent.ToList);
var mailMessage = new MailMessage(emailContent.From, toRecipients)
{
IsBodyHtml = emailContent.IsBodyHtml,
Body = emailContent.Body,
Subject = emailContent.Subject
};
var smtpClient = new SmtpClient
{
DeliveryMethod = SmtpDeliveryMethod.SpecifiedPickupDirectory,
PickupDirectoryLocation = mailConfigurationPath
};
smtpClient.Send(mailMessage);
}
Is what I'm trying to achieve even possible? It seems pretty straight forward, maybe I'm just going about it the wrong way. Would love some help or even some "crazy" ideas.
This is not possible, because it creates a vulnerability in the email program itself...
http://thenextweb.com/insider/2013/01/07/yahoo-mail-users-hit-by-widespread-hacking-xss-exploit-seemingly-to-blame/
Also, it goes against all the normal user interface guidelines for email programs. Users don't expect an email to transform into an app. They are very familiar with clicking on links in emails though, so you wouldn't want that action to do something weird.
I am making a launcher for Minecraft. 1.6.2 changed a lot, so the way you login is different. If any of you have any knowledge of logging into minecraft using C#, I would appreciate it.
wClient.DownloadString("http://login.minecraft.net/?user=" + strUsername + "&password=" + strPassword + "&version=13");
I believe this used to be a valid way of doing it, but I am not quite sure anymore. Help is appreciated, thanks.
In reply to TheUnrealMegashark's comments to Rhys Towey's Answer. I have been working really hard to get it to launch, but. Its throwing me off a bit. The very next update will include a 1.6 fix. Just got to figure it out.
The proper answer to your question is that the web link that fetches the Session is still currently in use. Nothing new there.
Beware! You must know that your
"http://login.minecraft.net/?user=" + strUsername + "&password=" +
strPassword + "&version=13"
Is unsafe. It sends the password of the user through the internet in plain text. it can be subject to "Man in the Middle" attacks.
One of the proper ways to encrypt the connection is to use HTTPS with POST. Using POST, I avoid sending all of the data in the request URL and send the data through POST. Using HTTPS, I encrypt any data sent after the request URL returns. HTTPS makes POST encrypted, thus removing "Man in the Middle" attacks.
You can use GET with HTTPS and it still be secure (from what i have read). But, it is considered an unsafe practice. Although it is safe in all accounts between your computer and the connected device, anywhere else it might be seen and be subject to "Man behind you Attack". What I mean is that when you send this URL, it is possible for your computer to record the URL in some sort of history, or, display it in an address bar in plain text. Although, sense your not making a web browser and the URL is not displayed, this could possibly all be forgotten.
But, If it were me, I would still play it safe and just use the safer strategy.
To use HTTPS with POST.
Here is a sample of code i use in my "AtomLauncher." This code will send the POST data to the URL and return a string. Goto http://www.minecraftwiki.net/wiki/Minecraft.net to get more info on the string that is returned.
string mcURLData = "Error";
using (WebClient client = new WebClient()) // Get Data from Minecraft with username and password
{
// This a Text control for my Program, ignore this commented line if you wish.
// this.Invoke(new MethodInvoker(delegate { homeLabelTop.Text = "Connecting to Minecraft.net..."; }));
try
{
System.Collections.Specialized.NameValueCollection urlData = new System.Collections.Specialized.NameValueCollection();
urlData.Add("user", "UserName");
urlData.Add("password", "MYPa22w0rd");
urlData.Add("version", "13");
byte[] responsebytes = client.UploadValues("https://login.minecraft.net", "POST", urlData);
mcURLData = Encoding.UTF8.GetString(responsebytes);
}
catch
{
if (!System.Net.NetworkInformation.NetworkInterface.GetIsNetworkAvailable())
{
mcURLData = "Internet Disconnected.";
}
else
{
mcURLData = "Can't connect to login.minecraft.net.";
}
}
}
To use HTTPS with GET
just simply change the
http
in your code to
https
In other news.
I have fixed my code. Feel free (when its uploaded) to use it.
For your information, you need to know that when 1.6.X launches it creates a natives folder of which it starts using immediately. What I have done to fix this was to run 1.6.2 and copy the natives folder it created and removed the number.
Created "version/1.6.2/1.6.2-natives-###"
Copied it to "version/1.6.2/1.6.2.natives"
Point my program to "natives" folder I created.
What I'll end up doing in the future is automatically checking for the natives folder and if it doesn't exist, I'll have it download natives from the internet.
(I would love to know where minecraft is getting its current natives so i can essentially do the same thing. Unless, what it does is download it from the internet every time it launches. If true, that's kind of ugly. Seeing as I have bandwidth usage limits.)
So let's say I created a feedback form in C#.
It sens the feedback to my PHP Page and my PHP Page adds it to my MySQL Database.
Code:
private void PostFeed(string Params)
{
using (WebClient wc = new WebClient())
{
wc.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
wc.Headers["Accept"] = #"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8";
wc.Headers["Accept-Language"] = #"en-US,en;q=0.5";
string HtmlResult = wc.UploadString("http://website/feedtest.php", "POST", Params);
Console.WriteLine(HtmlResult);
}
}
On my PHP I have a code that looks similar to:
$name = $_REQUEST['name'];
$email = $_REQUEST['email'];
$desc = $_REQUEST['description'];
connect
post result...
close connection
The question I have is: is there a way to protect against flood ? I understand anyone can just spam/flood it by sending feedback continuously or even creating a third party app that sends like 1000 post request per second. I was thinking of implementing some sort of check on the PHP side, for example: if the connection password from the c# app matches, then continue if not, exit.
Basically, I dont want people to take advantage of the feedback method and spam me.
Can anyone suggest a method ? or Should I not even worry about this ?
Any help is appreciated.
A typical technique is to have some kind of submissions per X unit of time limit where you have a last_submitted_at column in a table associated with some kind of identifier. For example, you might associate it with a user if you have a fairly robust user registration system, or you might associate it with an IP if you don't.
This is the system that Stack Overflow uses if you try and vote, post, or as questions too often. Each of these has a separate timer which probably translates to a separate last_X_at column in the database somewhere.
If the last time is less than some threshold, present an error instead of accepting the submission.
I'm thinking of implementing "Report a bug/Suggestions" option to my game, however I am not quite sure how I could get that working. I do not have my own server or anything, so I can't just send the text that user has written to there.
The only way I came up with is that the client would write a message and I would send it to an email account where I could read them. However, I do not want that users would need to send the reports through their personal accounts. I am not quite sure how I could implement this and googling didn't bring up any good suggestions.
I haven't done a lot of network stuff, so I'd really appreciate it if you could explain ( possibly even in code ) the process step-by-step.
I am using C# and the game is being programmed for Windows Phone 7.
Yes, it is absolutely possible to do that. From a relatively low-level perspective, you need to:
Resolve the MX (mail-exchanger) server for the e-mail account you want to send to.
Open a socket to the MX server.
Send the appropriate SMTP commands to cause the e-mail message to be delivered to your recipient account. You essentially have the freedom to set the "from" address to be any arbitrary thing you want.
SMTP is a very simple/human-friendly protocol, so it's not a massive effort to do all of that by hand. At the same time, there are prebuilt libraries that will handle all of that for you (except possibly the resolution of the recipient's MX server).
Note that emails sent this way are more likely to be filtered out as spam (generally because the sender's IP/hostname is not going to match whatever domain you put on the outgoing e-mail address you decide to use).
Also note that since you can set the "from" address to anything, you have the option of asking the user if they want to provide their actual contact address, and if they do you can make that the "from" address so that you can actually get back in touch with them if necessary.
You don't need to use email at all. Consider using an error reporting service like sentry or airbrake.
These services have clients that you embed in your program; which automatically log your errors, including any debugging information/stacktrace; and notify you by email when your application reports a problem.
Usually you integrate the app's API into your own error handling mechanism. At the point of an error, the client will capture your debugging information, you can popup a modal asking user for information like "what were you doing when this error happened?", save that as part of your error response that is sent back to the service.
Since the app works over HTTP, you don't need any special ports to be open. It is easier and more helpful than having users send you emails with "it doesn't work!!", and you don't have to deal with email sending headaches.
I recently wrote an article on this: Sending email with C#
You basically have two choices, either you send it using an SMTP-client, this means that you have to have a SMTP-server and be able to connect to port 25 (if you're not using an external SMTP, then you have to manage that by yourself). Or you can use an external email provider, such as:
AlphaMail
SendGrid
Mandrill
If you're using AlphaMail you can send emails in the following way:
IEmailService emailService = new AlphaMailEmailService()
.SetServiceUrl("http://api.amail.io/v1/")
.SetApiToken("YOUR-ACCOUNT-API-TOKEN-HERE");
var person = new Person()
{
Id = 1234,
UserName = "jdoe78",
FirstName = "John",
LastName = "Doe",
DateOfBirth = 1978
};
var response = emailService.Queue(new EmailMessagePayload()
.SetProjectId(12345) // ID of AlphaMail project (determines options, template, etc)
.SetSender(new EmailContact("support#company.com", "from#example.com"))
.SetReceiver(new EmailContact("Joe E. Receiver", "to#example.org"))
.SetBodyObject(person) // Any serializable object
);
Another thing that differs from just building HTML and sending it with an SMTP-client is that with AlphaMail you have the ability to edit your emails outside your code directly in a GUI. You can also easily create highly dynamic templates using AlphaMail's templating language Comlang.
<html>
<body>
<b>Name:</b> <# payload.FirstName " " payload.LastName #><br>
<b>Date of Birth:</b> <# payload.DateOfBirth #><br>
<# if (payload.Id != null) { #>
Sign Up Free!
<# } else { #>
Sign In
<# } #>
</body>
</html>
So this is my thought, why don't you have the email sent to you...as you?
using System.Net;
using System.Net.Mail;
var fromAddress = new MailAddress("from#gmail.com", "From Name"); //Both the email addresses would be yours
var toAddress = new MailAddress("to#example.com", "To Name"); //Both the email addresses would be yours
const string fromPassword = "fromPassword";
const string subject = "There name or whatever";
const string body = "Errors ect....";
var smtp = new SmtpClient
{
Host = "smtp.gmail.com",
Port = 587,
EnableSsl = true,
DeliveryMethod = SmtpDeliveryMethod.Network,
UseDefaultCredentials = false,
Credentials = new NetworkCredential(fromAddress.Address, fromPassword)
};
using (var message = new MailMessage(fromAddress, toAddress)
{
Subject = subject,
Body = body
})
{
smtp.Send(message);
}
code from here
All they would see would be the submit button so they wouldn't have all your personal username/password, also you should prolly set up a dummy account to have them sent to even if it just then forwards them to your real email account.
Another way to achieve this would be to host a WCF Service which takes in your Message and stores in db or /sends email. One downside of this is you'll need a web server to do this.
Try following code this might help you :
Dim objCDOMail
Set objCDOMail = Server.CreateObject("CDONTS.NewMail")
objCDOMail.From = "sender#domain.com"
objCDOMail.To = "receiver#domain.com"
objCDOMail.Subject = "Test Mail Script"
objCDOMail.BodyFormat = 0
objCDOMail.MailFormat = 0
objCDOMail.Body = "Testing Mail from Test Script"
objCDOMail.Importance = 1
objCDOMail.Send
Set objCDOMail = Nothing