I have various questions about windows phone 8 communications which I hope someone out there will be able to clarify.
What is the best method to communicate between a wp8 device and a server? WCF, OData, Json, Webclient, other? Does anyone know what is the recommend standard if any?
Based on 1, will using SSL or similar work? How do you encrypt data over the wire if SSL is not a an option.
Sample on how to use wcf (or other) using Async Await? The sample I'm working on, though not familiar with it all, I'm using wcf and I'm confused as to how I should go about it. Assume the following basic scenario:
a) The user is provided with a logon page. The user then clicks Login.
b) The proxy is first opened by calling the .Open (should I call openasync?).
c) A wcf call is made to call the .LogonUser (should I call LogonUserAsync?).
d) The proxy is then closed by calling .Close (should I call CloseAsync?).
Again I'm confused as if I don't use asynchronous call, it doesn't feel right, thought it might be ok. Can someone confirm this? Second, if I use async, should I call the .LogonUser from inside the OpenCompleted event and then call the .Close within the LogonUserCompleted? Seems messy and dirty coding? Again I could be completely off, but it just doesn't feel right?
Is there any good sample out there providing and explaining step by step on what should be the correct communication protocol that should be use and how to use it. Most of the wcf sample I'm finding never seem to call the .Open & .Close methods which I assume is a must and that's maybe why it is omitted but again, it's not obvious when you don't know what you're doing.
Should wcf (or any other) always call open & close for each call made i.e. logon, search, etc... rather than keeping this open for the entire session when the application is opened and re-using the same object?
Thanks and sorry for the many questions in one post.
Thanks.
T.
#1 There is no rule of thumb to decide which is the best method amongst: WCF, OData, Json,
I think what should be used should be decided by the requirement. In Windows Phone you can use any of these,.
#2 If you are not using SSL, then you can think of private/public key encryption
#3 I am not sure about whether openasync() should be really used. In one of my project I have consumed WCF service without calling openasync(). You should use Aync methods.
Related
i just want to ask you about a way to make something like what charles proxy do! www.charlesproxy.com it injects or makes proxy between it and browser, so it record each step (Sending and receive or Download and upload), i just wanna to make a project that inject or to be proxy then record the uploaded and received data! :) That's all!
Or just want to know how to start? is it WebRequest as i said?! or how to make it to be proxy via Chrome as example.
If anyone don't know it, just ask what is it?! and i can answer ;).
Many systems use proxies that are openly available in code across many platforms. For instance, one I've used in the past for proxying GIS queries is the ESRI proxy. The source can be found at https://github.com/Esri/resource-proxy and it is quite complete, including forwarding form parameters, iirc. In this case the proxy is used something along the lines of http://proxyurl.com/proxy.ashx?http://www.requestedsite.com. I would start by checking out the source for the .NET subtree of that GIT repo.
I'm trying to create a system that will be very modular. with the idea in mind that no module should really know about any other module (each running in it's own process).
There will be another program that will open, and will be able to tell what these modules will send and receive(this I largely have covered).
the issue I'm having at the moment, is there a way for me to be able to interrogate the application inside another process, or app domain? and in so doing late bind these modules together.
EG:
A module that can broadcast 'X' at runtime will be liked to a module that can accept 'X'.
This may be quite vague, and if so please ask me to clarify on anything I have not covered.
Right now, I Just need to know if it is possible to interrogate a process, and if so how? I Am fairly new to this but my initial research hasn't taken me to far.
I modeled a system like this recently for a personal home automation system. Basically, I'd want to be able to have certain sensors (microphones, cameras, etc.) broadcast what they have, and have other computers or programs get that information whenever they need it, without knowing exactly who is going to be getting the data at compile time.
If this sounds like what you're looking for, I'd look into a Pub-Sub style architecture.
http://en.wikipedia.org/wiki/Publish%E2%80%93subscribe_pattern
You're not really interrogating the process in this kind of architecture, but I think you get a similar result. Basically, you'll have one main pub-sub server.
In the Diagram above, Clients 2 and 3 "subscribe" to receive a specific kind of message. The server knows who is subscribed to what, so that when Client 1 sends that message, the server knows it needs to route it to the correct clients.
I hope this helps.
EDIT: After re-reading your question, I feel that you may have already gotten this far. Maybe all you need is something like
http://msdn.microsoft.com/en-us/library/bb546102(v=vs.110).aspx
Pipes allow you to pass some information between processes. You'll have to serialize and de-serialize the data across the pipe, but this (coupled with a pub-sub architecture) should give you what you need.
Apps downloaded from the Windows Store are installed in this location:
C:\Program Files\WindowsApps
If you look inside this folder you can access each application's .exe and use reflector to decompile them.
Currently, my Windows RT application sends a password over SSL to a WCF service to ensure that only people using my app can access my database (via the service).
If my code can be read by anybody, how can I ensure that only people using my Windows 8 app are accessing the service?
Thanks!
In the very general sense, it is impossible. If ever you create anything that is placed on the customer's computer, eventually you will stumble upon someone that will manage to decipher your code and understand how to call your service. You may obfuscate it into insane levels, but still it has to be executable by the processor, so the processor has to understand it. And if it does, then potentially anyone knowing assembly can understand it too. You may smartly obfuscate it so that it will be very time-consuming to cleanup the code from unimportant trash, but still, at some point of time someone will read it.
One of common defenses is in trying to detect who* is actually trying to use your service. This is why all the "portals" require you to "register". This way, the application identity is marginalized and it is the user who provides login, password, PGP keys, etc is checked and verified whether he/she is allowed to actually run your service.
Also, on the OS/framework layer, there are several ways to selectively provide "licenses" to your customers and then in your application you may use keys/hashes from the licenses to authenticate in your service. This may partially remove from the user the burden of remebering the passwords etc, or it may provide an additional authentication factor, or it may simply be a yes-no flag that allows to run the app or not. Still, it will not guard your code against being read. Licenses just help in verifying if the software copy is legit and if belongs to that specific user/computer.
You may act selectively only against 'reflectoring' (or dotpeeking, or ildasming, or ...). Those tools really make the decompilation easy (although the original reflector is now paid software). So, the simpliest form would be to use obfuscator that will make the decompilation impossible or harder - that cuts some percentage of the potential code-readers and you can assume scriptkiddies are gone. You may ignore obfuscators and you may write the service connector in native code (C++, not C++/cli). That will make the code completely un-reflectorable and un-ildasmable, and that will cut off another large percentage of people, but with some will still be left (me and thousands of others, but that's much less than millions).
While this does not give you definitive answer, I wanted to show you that you can only get some "level of hardness", but you cannot make it totally safe from being read. This is why you should focus on making the service access in that way, that showing your code to a stranger on the street does not compromise your security.
Now gettint to your problem: the core thing seems to lie not in the fact that your app uses some secret algorithms, but rather - that you have hardcoded the password in. You see, there's with this approach, they do not need to read your code at all. They just need to listen what data your app sends over the sockets..
Another issue is that everyone uses the same keyphrase.
A hardcoded magic string may be some sort of validation, but never authentication. If you want the app to be register-free, make the registration silent and automatic at first run? Of course, you will just bounce the problem: anyone could read the code and learn how to autoregister, and then they will make a clone.. But, again, like I've said: you never know who's on the other side. Is it your app, or is it an ideal-clone of it? Or maybe is it a clone that uses your own hacked-a-bit libraries to connect to you? If it looks like a duck, and quacks like a duck, it is a duck..
Let's say you have an ASP.NET MVC 4 Web API project. One of your resources, when you call it by URL, waits while it gets performance monitoring data for a specified amount of time and then returns it all in JSON form once it has completed. However, between entering the URL and when the process has completed, is there a way to return data dynamically, ie. at each second when performance data is retrieved and display it in the browser.
Here's the issue:
Calling an API resource via URL is static as far as I know and as far as anyone seems to know. Meaning, the JSON won't appear until the resource has retrieved all of its information, which is not what I want. I want to be able to constantly update the JSON in the browser WHILE the API resource is retrieving data.
Since I'm working in a repository class and a controller class, Javascript is not an option. I've tried using SignalR, but apparently that does not work in this scenario, especially since I'm not able to use Javascript.
Is there any possible way to get real-time data with a URL call to the API?
Case in point:
Google Maps.
The only way you can call the Google Maps API via URL is if you want a "static" map, that displays a single image of a specific location. No interaction of any kind. If you want a dynamic, "real time" map, you need to build a web application and consume the API resource in your application with Javascript in a view page. There is no way to call it via URL.
You can put together an old-school ASP.Net IHttpHandler implementation regardless of MVC controllers and routing pipeleline. http://support.microsoft.com/kb/308001. You would then have full acesss to the response stream and you could buffer or not as you see fit. You've got to consider though whether you want to tie up worker thread for that long and if you're planning on streaming more or less continuously then you definately want to use IAsyncHttpHandler while you await further responses from your repo.
Having said that, Web API supports Async too but it's a little more sophisticated. If you plan on sending back data as-and-when, then I'd strongly recommend you take another look at SignalR which does all this out of the box if you are planning on having some JavaScript client side eventually. It's much, much easier.
If you really want to write Async stuff in Web API though, here's a couple of resources that may help you;
http://blogs.msdn.com/b/henrikn/archive/2012/02/24/async-actions-in-asp-net-web-api.aspx
And this one looks like exactly what you need;
http://blogs.msdn.com/b/henrikn/archive/2012/04/23/using-cookies-with-asp-net-web-api.aspx
In order to use that PushStreamContent() class in the example though, you'll not find that in your System.Net.Http.dll, you'll need to go get that from the Web API stack nightly builds at http://aspnetwebstack.codeplex.com/SourceControl/list/changesets
YMMV - good luck!
I think what you're asking for is a sort of streaming mechanism over HTTP. Of course doing that would require sending a response of unknown content length.
This question deals with that sort of chunked transfer encoding which is probably part of the solution. Not knowing what is on the client side, I can't say how it would deal with the JSON you want to push through.
Great question.
You can certainly start streaming the response back to the browser as soon as you want. It's normally buffered, but it doesn't have to be. I've used this trick in the past. In fact SignalR does something similar in some operational modes, although I should add (now I've re-read your question) that although HTTP supports this, it won't be obvious by default from a Web API controller. I think you'll need to get a little lower into the response handling so you can flush the buffer than simply returning a POCO from your web method if that's what you mean.
Essentially, you'll be wanting to write and flush the buffer after you've gathered each piece of information, so I don't think you'll be able to do that with the typical model. I think you'll need a custom message handler http://www.asp.net/web-api/overview/working-with-http/http-message-handlers to get at the payload in order to do that.
I'm curious though, you say you want to send back JSON but you're not allowed JavaScript?
After reading this post, I decided to write my own chat application.
Differently from the above post, my application allows more polling, for instance when user presses any key (in order to inform the other one that user1 is writing something) and obviously when a user sends a message.
This causes some problems: often no-one notification is read correctly and the sent message isn't always read from the other side.
It could be great if there was some way to send and receive different notificaion types (message, alert about new writing, new user joined and so on...).
How can I solve this?
Signal R is the solution to your problem. I understand that you want to develop your own solution and that the intrigue can be enticing BUT please consider looking into SignalR - being able to get to grips with and manipulate SignalR will pay dividends and allow you to solve similar problems much more easily - its a great tool to add to your development arsenal.
In fact by all means continue developing your solution but give SignalR the once over for something else or another project it really is worth looking at as the de facto method of achieving this type of client server communication within .net. It can be found on NuGet using the link below so its only a few clicks away!
http://nuget.org/packages/SignalR
I'm glad to inform you my chat app are working now.
The problem was about two call to wcf service in the same javascript eventhandler (send message button, where I notiified the new message and an alert such as "user is not writing anything", yeah, I needed to reset the previous alert ("user is writing a message..").
Now I'm be able to send and receive many notification and all works fine. I've tested it with 10 chat page about.
Surely I know I can achieve more functionality and stability by using the framework you have suggested me, but I'm happy to have found a relative simple, customizable and good solution for my purpose.