We have a Silverlight application that requires access to peripheral devices - specifically, scanners. With this requirement, we're forced to use Silverlight as an OOB application. Up until recently we have been hosting our silverlight app online inside a .aspx page. We've been passing parameters to this application through the url (i.e., http://testsite.com/default.aspx?username=User&password=UserPassword&screen=Screen ). The SL app validates the username and password and if authenticated, opens up the "Screen" passed to it.
What options do I have to get this SL application working similar to the way I delineated above (as an OOB)?
Thanks,
-Tom
Instead of passing data in via the URL, you could have the application call back to a web service on startup to request this data. Or store it in Isolated Storage (but I don't recommend putting passwords there, Isolated Storage is not secure) and use that on startup.
Even if there was another way to pass start params to the OOB app how would you want a user to invoke this? Via some sort of link? A custom shortcut you create? Since a user launches an OOB app via the Start menu or desktop only, I'm not understanding what context would even really be available in these cases.
When you install a Silverlight application to run OOB, it creates a directory in isolated storage which has an index.htm page in it that actually "hosts" the OOB application. (It's described here: http://debuggingblog.com/wp/2009/07/17/silverlight-3-outofbrowseroob-explained-and-how-to-host-any-xap-package-by-modifying-the-metadata/). One way to do what you need to do is to edit that index.htm page, and pass in the parameters there. Of course, you'd need to figure out how to edit that page (likely hard to do automatically, unless you've got a setup.exe). Would it make more sense to just prompt the user for their userid/password? You'd only need to do it once -- after that, you could store it in a configuration file in some well-known location (presumably encrypted or at least obfuscated in some fashion).
The other possibility, if you are using Silverlight 4, is to store values into the Windows Registry. This is what we are using for username, database name, etc..
Related
I've a C# WPF application developed in VS 2015, and I want the browser to read some data from it. Just a short string. I can save it in a text file, or in a variable but it should be visible to the browser (using JS I suppose). For instance using file:/// doesn't work if the original page is hosted online - as in my case (different source conflict). This should work in Opera and FFox, but looking at their extensions, it seems you can only develop with front-end technologies, which are not enough in my case since I use WPF to look into Win OS, and then I need to share the result with the browser.
I suspect it's possible, and no , it's not to write a malicious piece of code. For instance I can read the details of the graphic card for diagnostic purposes.
Please help, many thanks.
Browsers run in a security sandbox which is intended to stop them reading or writing files to the file system.
You could write to the user's appdata. There are various javascript frameworks which persist data to there so they can provide offline or static data.
I don't think that is a good plan though.
I suggest your first candidate would be a cookie.
Quick google on how to do that, I find:
How to create cookie in c#.net windows application?
From a web page you can use the content of a cookie dynamically. So you could change what you see in the web page after it's up and running from some process in your wpf app and do a counter or whatever.
I've not used this with windows apps and a browser but I have with a web app and Silverlight. I'm afraid I don't have that code to hand though.
I am developing a web application, Here I want to open .exe on client system from server, that means after hosting my site in IIS. Is it possible to open for example notepad or windows media player on client when the user clicks on a link on my web site?
This is not possible. And if it will be possible - it should be removed immediately.
The reason for this is simple - security, it means almost everything if you working with browser.
If you want to launch some external executables - just make WPF or WinForms application client, and talk with WCF service. This way you will be free to use everything you want on client side.
It's a common scenario in some cases. mailto: url scheme is an example. When you click on such links, your default mail application will open. Or as another example you can see such feature in SharePoint applications which opens OneDrive for Business for synchronizing documents or use other office applications. Also skype: is another example.
To have such feature in your application you can use either of these options:
You can register an application to a custom URI Scheme, then you can activate that application by the specified URL and pass parameters in URL. For more information take a look at:
Registering an Application to a URI Scheme.
You can use a ClickOnce deployment by specifying an installation URL. Then you can simply open the application using that URL and pass parameters to the application using query string.
For more information take a look at:
How to: Specify the Location Where End Users Will Install From
How to: Retrieve Query String Information in an Online ClickOnce Application
Warning
Be careful! You may introduce security holes to your application and clients. When passing data be careful about security vulnerabilities like Injection, Insecure Direct Object References, SensitiveData Exposure, and so on.
Especially if you want to use such protocols to create a middleware to open a program which is not yours, you should only expose a minimal secure set of features of that program and pend the operations to users confirmation. For example mailto: activates the mail program with some minimal data but doesn't send email. The users should press send themselves.
I am building a UWP app for windows 10. I want the users to be able to login to a website and retrieve data from that site using the login information provided. How to login to a website programmatically and save the login credentials and login automatically the next time the user opens the app ? I want the login information to be available throughout the app so that in all the pag
It heavily depends on the web app you're trying to connect to. Actually, you don't connect to the web app or to a site but most likely to some backend services which back up the whole web application. The UI is called in this case a web client. What you are trying to do, is to create a desktop client (the UWP app).
Unless this site you're speaking of, has no clear documentation of how to use a certain API to connect to it, I don't see a way you can achieve this.
Additionaly, I am sure this whole approach will raise suspicions when your app might be eventually under certification, before being published in the Windows Store. If it doesn't pass the certification, only you can use it, others can't, 'cause it won't be available for them.
if you have the login information. I guess you have a token to make a valid requests.
Just need to save this information in the storage of your application and get the saved data when it will be necessary.
Please check this example how to use Storage in UWP apps
https://msdn.microsoft.com/en-us/library/windows/apps/mt185401.aspx
I recommend you to use Json format to save the data in your storage with this technique you can serialize a your data very easy.
here is an example:
http://www.codeproject.com/Tips/79435/Deserialize-JSON-with-C
I always use this approach in my apps and they work very well.
Best Regards
I have done a project similar to your project. My project involved logging in onto a website inside an UWP-application. I wanted to inject login-information into the DOM without the user knowing the information.
Quickly I concluded that the WebView Class is too limited and tightly protected to get it working. I resorted to an alternative webbrowser for UWP-applications named Gecko. Gecko is a .NET implementation of Firefox, found a tutorial on how to get it working and it worked right out of the box.
In the case of your project you have three options:
Use a UWP popup (MenuFlyOut class) where the user inserts their data. You then inject the inserted data into the DOM of the browser.
Let the user insert their credentials inside the DOM and intercept the keystrokes.
Let the user insert their credentials inside the DOM and retrieve the information by requesting the value of the inputs inside the DOM.
To use the values everywhere throughout the application you can create a static attribute inside the App-class inside the App.Xaml.cs file.
sealed partial class App : Application
{
internal static String Username { get; set; }
internal static String Password { get; set; }
public App()
{
If you want to use the variables again you can use them like this:
App.Username
I've written a small library that fetches password protected data over a https link. This library works under the desktop on Windows 8.1, windows phone 8, and windows store 8.1. I now need to complete my test harness for it. This project will shortly appear on github.
In order to properly test this, I need a username/password. Since this is open source, I don't want to store my username/password up there (obviously). When running against desktop applications I tend to use the Windows supplied password store (Credential Manager control panel, stored under a generic credential. This works fine. The code scans the credential cache for whatever is needed, loads it, and runs the test.
But what about the tests for Windows Phone or Windows Store. How can I safely cache a username/password like this so that my code can still be public? I have starting thinking about having a special empty file that gets put into source control. The actual version of this file is looked for during the build process, and if it is found, it is copied over (and it is some sort of resource file) and then it has the username and password in it. Etc.
I am using VS2013 and MSTest for this project.
How have others solved this? Many thanks in advance!
For a couple of rest client libraries that I've got on GitHub and which require an API key, I've taken to just storing the credentials in a known location, outside of the source tree, but loaded by unit tests at runtime. This keeps it our of source control, allows others to supply their own key to run unit tests and is simple. This approach could be generalized for the unique storage requirements of the various platforms you mention but I've only needed it on straight windows.
example from a unit test project
EDIT
Yes on store and phone apps you have limited access to the file system. You will need to use IsolatedStorage or treat the credentials as an embedded resource in your test assembly. I find the latter easier.
In order to keep your credentials out of GitHub you could add the credentials as an embedded resource file but then tell git to ignore it. Someone who downloaded your code wouldn't be able to build it until the provide said file but that is probably what you want anyways. A similar thing can be achieved with pre/post build events; copy the resource from a known location pre-build and then delete post build (make sure post build is set to always run).
You can use PasswordVault to store username & password for Windows Store apps (Windows 8.1). It can be seen control panel's credential manager.
Best practice for saving sensitive data in Windows 8
For WP8, there is no such thing, so it's better to store in isolated storage with some encryption.
I am writing a simple WPF quiz application for a family member and he would like users of this application to have the option to send him their scores once they have completed the quiz. I was hoping to do this without the need to create some kind of webservice for the app to talk back to.
My initial idea was to email the results back, but that runs into problems. What if there is no SMTP client on the user's machine? I don't want to embed a password for a public smtp server into the application. I could do a Process.Start("mailto:..."), but that requires their machine to have a handler for mailto: and for them to click submit on the generated email.
Another idea I had was that the app could add a line into a Google docs spreadsheet, but that would mean a google docs password would need to be embedded in the app.
So my question is, without me writing a separate application running on a webserver for my WPF app to talk to, is there a good way of my app sending data back to me that doesn't require a password? I'm guessing there must be some kind of public webservice I could use for this?
If you're happy with a third party service that can do this for you, consider Parse, or any other 'backend as a service' provider.
You should then be able to implement something else that reads the saved data from the service when required, without having to expose itself as an API.
Create a google doc forms and when you need the user to submit their score, launch a web browser with the doc url. You can auto-populate the fields by query parameters( ... &entry_0=Barney&entry_1=Google& ... )