First of all, I took a look to every related topic on her about this issue. However non of them was successful in answering my question fully.
Currently I am working on a desktop app, coded in C#/wpf, that requires MySQL connection both for authentication and storing user custom lists etc.
However, the problem is that apparently allowing everyone to remotely connect to MySQL db is not good practice. Also, my current host requires IPs to be whitelisted before they can connect to the db.
What are my options on this?
Thank you in advance
You should look into creating a web service (SOAP), http web-api (REST) or some other middleware to abstract your data storage.
This has the benefits of:
Allows you to move much of the business logic out of your desktop app and into middle ware
Allows you to keep business logic out of sql which might be a bottleneck
Allows you to update your business logic without redistributing your desktop app (easier if you don't have direct control of all the desktops).
Allowing you to control authentication (many web servers have their own modules, method of authentication). Your app would control access and access storage under it's own service account.
Allows you to complete change your data storage (let's say in the future you store some in sql, some in mongodb, some in cloud storage - once again, without having to update all your desktops.
Allows you to scale out your front ends and even possibly scale out your backend storage (for example, read/write DB replicas)
If you're already working with C#, then the new MVC4 web-api should be a good fit. Read more here:
http://www.asp.net/web-api
If you go that route you could control access in your service and have your service access the database either via credentials in a connection string or if you use IIS, credentials on the application pool mapped to your site.
If you're shipping your desktop app (you're not hosting the DB) then you can also self host web-api in it's own exe if your customers don't want to install/manage IIS.
Finally, if your mysql is online, your middleware could be in the cloud (azure etc...)
Create a web service, such as with WCF or MVC Web API where your app can pass through their credentials and authenticate. I'd recommend https for transport security.
Related
I have a WinRT app that is going to interact with a WebAPI service on my server backed by an Entity Framework managed SQL database (MVC - ASP.NET). For security, I'm only allowing users authenticated on the WinRT side with the Microsoft Live Connect SDK to interact with the WebAPI service. I already have the login code for authenticating with the Live Connect SDK on the WinRT app side working. The WebAPI service is running in the context of an MVC Web Role running on my Azure hosted server.
I've done a lot of reading on StackOverflow and there's a wide range of documents on the topics of authentication, OData, OAuth, Azure Mobile Services, WebAPI and how to combine them:
Live Connect Authentication Token for use on Azure Mobile Services (REST)
How to use a MVC WebAPI OData endpoint securely?
Disable Windows Authentication for WebAPI
I am very concerned that I choose the tools/path that implements only what I need to implement the above scenario and in a secure manner. My main attack concern is un-authenticated users trying to access the ApiController and performing harmful Puts or Deletes. Some questions:
Do I need Azure Mobile Services at all?
What tool(s) do I use or configuration changes do I need to make to manage/pass the Live Connect token between the WinRT app and the service?
Is there a template or NuGet package that I should use that automates much of this?
Is there a document that addresses my scenario or one close to it?
Is there anything built-in to Entity Framework that can help, or conversely has a vulnerability I need to address? If so, what?
What changes do I need to make to the server configuration (web.config)?
Common replication question with seemingly a slightly different scenario.
In short, I'm trying to develop a C# web app that will link up a third party CRM application (via oAuth and its REST API) with a users remote data server (mySQL/SQL Server) and keep it synchronized.
User logs on, sets up an oAuth connection to the third party CRM, enters their SQL login credentials to their local server, clicks "GO". My app then creates a fresh database on their server, makes an initial dump of data into said server from CRM via REST API, and then keeps it bi-directionally synchronized moving forward.
I understand this is a non-trivial undertaking however I'm just wondering if there are any tools/frameworks (such as SymmetricDS perhaps) that I should be looking at so that I don't reinvent the wheel and expedite the development.
SQL Server Replication is intended for this purpose. I don't know of any ready-made replication tool for MySQL.
I wrote a WCF service and I want to host it in azure. When I wrote the service , I didn't have in my mind that I am going to host it in azure.
Every application , even a WCF service , is using platform resources. When I say resource , I mean anything:
memory
CPU
File handle
Low level APIs (pinvoke)
Com objects.
sockets
.Net BCL API (Yep , I even consider this as a resource)
Databases
etc..etc.. (anything that is not the code i have written myself)
Hypothetical example : If the service , for example , logs to Drive 'H' , it may work on my computer(since I have drive 'H') , but it will probably won't work on the cloud. Same for Drive 'C' , or any drive letter , I don't even know how a file system is seen from the service perspective.
This is just one example.
Another hypothetical example : I can pinvoke from the service some winapi method in nt.dll , It will work on my computer. But i guess it won't work on the cloud.
My question is :
How can I know what kind of resources can be used on the cloud and how resources are used when writing to the cloud? What are the "rules" to follow? Also Is there any "Smart" Compiler that can ensure that my service is compatible with the cloud platform
I'll be glad to get any detailed explanation or a reference\book about this topic. I tried to find some info by googling but didn't find anything that cover it well enough.
Once i'll get the details i'll be able to make the nessecary porting to my service (if any needed at all).
The limitations depend on how you host your WCF Service:
Windows Azure Web Sites: This is a shared hosting model. If you deploy your WCF service in a web site you'll need to take that into account. This means you'll have limited access to disk, limited access to low level APIs, no way to use native libraries, ...
Windows Azure Web / Worker Roles (PAAS): Your application will be deployed in a Windows Server 2008 / 2012 VM. So if you want, you can leverage all functionalities you would use on a normal Virtual Machine (all "resources" you mention in your question). The only thing to keep in mind is that these virtual machines are non persisent (meaning all data you store on them could get lost) and that the load balancer is not sticky (could be an issue if you use WCF sessions). The fact that these machines are not persistent also means you cannot install a database server on them in a reliably way, but you can use an external database, like SQL Azure. The advantage of this solution is that the machines are maintained by the Fabric Controller, so you push your service package (the application) to Windows Azure, and the rest of the deployment is done for you.
Windows Azure Virtual Machines (IAAS): You get a machine like in Web / Worker Roles which allows you to use all "resources", but with even more control. The machines are persistent, meaning everything you store on them is persisted in Blob storage (if the machine crashes, you don't loose the data stored on the OS drive and data disks). This is the closest alternative to an on-premises deployment, but this also adds extra work. It will be up to you to manage deployments on all servers, to handle security updates, ... But in this case you could install your own database on a machine. Keep in mind that also here the load balancer is not sticky which could impact features like WCF session.
You can follow below mentioned Guidance for Using WCF in Windows Azure.
Deciding whether to run a WCF service in a web or worker role
WCF services can be hosted in either a web role or a worker role. Which type of role you decide to use depends on the type of WCF service you are writing
Running a WCF service in a web role
A WCF service that is set up for deployment to a Windows Azure web role uses the same setup and configuration as a WCF service hosted in IIS on on-premise servers.
Understanding WCF Security in Windows Azure
The security concerns for hosting a WCF service on Windows Azure is the same as those you encounter hosting the service in on-premise servers
Troubleshooting WCF in Windows Azure
You can troubleshoot performance issues for WCF services in Windows Azure using the same techniques that you use with WCF services hosted on-premise servers
For get more information check Guidance for Using WCF in Windows Azure Here
I hope this will help to you.
I want my web app (running in a browser) to, at some point, communicate (bidirectionally) with a desktop app (in Windows), the client has installed in its computer.
What's an elegant and modular and simple way of doing this (with Java and C#)?
Not much information will be passed between the web app and the desktop app. Just something like "I was here", "Pick this from this point", etc.
I solved that problem by using a database on the network.
All communications where made trough the database.
Website -> DB -> User logged in <- DB <- Desktop
However, if no trusted information needs to be shared, you could consider just posting and reading some http headers to a common website, or a simple log file.
Greetings
I suggest you to use the backend part of your webapp, assuming that your app is based on some backend services.
You have two options:
Your desktop apps use the same services of your web app. You must use a class that mimic a web-browser to give the data (curl, ie). If your web app is based on AJAX push ( APE Server i.e ) use library that is able to run some javascript
Use a REST protocol, with a JSON format in your backend services. It's easy to manage and is supported by many client-side languages (java/c#/python....)
Use a specialized endpoint only for your desktop app,for C#, you can use WCF, that allow you, in one of his forms bidirectional communications. For JAVA, there are WSDL, DWR
My preferred solution is to decouple the web app in a front-end side and a backend side, that expose the services as REST that are used by the web app via AJAX.
If I need true bidirectional communication with other desktop app, I'll create a separate service / endpoint for it. (APE , WCF, ..)
I see several options to achieve part of what you are asking:
Besically you expose the relevant parts of your apps (web and desktop) via some sort of API and use that for the communication - for example DB and/or WCF (SOAP/REST/whatever).
BEWARE:
If you are after some sort of direct/interactive communication between both apps on the same computer then this won't be possible - at least not without some security related issues.
The browser executes your web app in a sandbox which doesn't allow for direct communication between the web app and the desktop... there are technologies which can help circumvent that (ActiveX, signed Java applets, some Flash technology called AIR etc.)... or you could host some webbrowser/control in your desktop app which in turn runs the web app... BUT basically I would recommend against using any such measures...
IF you really want to go this route then please describe your environment and goal with much more detail.
I'm writing a new desktop app as a smart client. Although it will need to cache some data locally, data will be downloaded and commands issued via a WCF web service.
So that "not just anyone" can call the web service operations to get data or issue commands, I'd like to use forms authentication. I'd like users of the desktop app to log into it with their website credentials (all on the same domain), and from them on for the app to supply the "token" (cookie or whatever) with each WCF request, so that the WCF service can authenticate/authorise them.
Is this possible, and could someone point me in the right direction (keywords, tech to research), please?
I know that I could "roll my own" where I have an authentication service that will return a token, and that each web service operation could require a token that it will look up authorisation information for, but it seems we already have this in the ASP.NET membership stuff, so I'd like to make use of it.
Many thanks in advance.
If you are using VS 2010, it is build it, you just have to select in the project properties, and then click the Services tab. MS changed the name to Client Application Services. Just check the Enable client application services and then fill in the blanks.
Here is the whole help section on it from MS...
http://msdn.microsoft.com/en-us/library/bb384297.aspx