I am going to write up a webapp hosted on a windows 2003 server to allow me to connect to local and remote servers to do some basic things.
The webapp will be hosted on serverA. It will need to be able to copy files/folders from one folder to another on this server.
It will need to be able to connect to ServerB and copy files in the same way, e.g. copy \serverB\path\to\sourcefiles to \serverB\path\to\destinationfiles
ServerB hosts an installation of MSSQL 2008, I want to be able to create new database/login etc.
How do I go about this please? I've been reading a bit about Windows Authentication, Impersonation, Delegation but i don't know where to focus on.
thanks
S
To be honest there isn't really a one size fits all complete answer to your question, however there are a number of things that you need to take into consideration early in development to ensure that your platform is built on solid foundations.
From the description you have given the most critical consideration has to be security and everything you develop has to have this at its core. Judging by your post if the wrong person was to access your front end then they could wreak havoc.
As for the model to use, I would suggest Windows Authentication as this is built into the framework and gives you the ability to segregate into usergroups with differing levels of access. It will also open up some of the functionality you need, i.e. network copy of files etc
As for the database management aspect, this again can easily be done via Windows Authentication as you can grant (in SQL) windows users the ability to perform certain tasks, i.e. Create Database, Create Login, drop x, etc
All this said, it of course assumes that the two servers share user credentials, i.e. domain controller etc.
Another method, would be to use the web "interface" as a pass through onto a WCF service that operates under a specific user account that has the access you need. You would then seperately manage authentication/authorisation in a manner that you decide.
Like I said, no simple one size answer - but hopefully this will give you something to chew on.
If your goal is to create new databases or logins, why can't you use the create database and create login commands?
Related
I'm new to azure and cloud platform development - I have a web application and I create multiple companies using a
company table and
seperate the
company_products using a foreign key: companyid
Is it possible to run multiple instances in which each has it's own SQL database? I want to do this because every customer is unique and they may need tailored modules.
There are no restrictions on how you build your app. You many create as many databases as you wish, and have multiple web apps if you wish (whether in the same app service plan or across multiple app service plans). How you do this is strictly up to you, but no - there is nothing that forces you to use a single database for anything.
If I am understanding your question correctly, you would like each of your customers to have their own instance and separate databases?
Have a look at this article: https://msdn.microsoft.com/en-us/library/ff966499.aspx
I'd suggest using Azure App Service, and running each of your customers in their own app. You can save money as all the apps run under the same App Service Plan. Usage on one instance however, does not affect performance on another. There are quite a lot of benefits with App Service.
https://azure.microsoft.com/en-us/documentation/articles/azure-web-sites-web-hosting-plans-in-depth-overview/
For starting out, I'd suggest using individual Azure SQL Databases for each customer. This is to save money, as you can spin up S0/S1 databases for relatively cheap. Then you can set the connection string through the Azure Portal for each app you have under your App Service Plan.
If you end up scaling quickly, have a look at Elastic Databases. You pay for a database server and get something like 200 databases per server. So its really only economical if you have quite a few customers and can justify the cost. However there are some useful Azure tools that make managing elastic database pools easier. Check out the Azure documentation for more details on this.
Once you have this architecture set up, you can either manage your instances/databases through the portal or setup another logic app to manage all your instances. It would be a lot less development work to just manage it through the portal for starting out, however if this is a SaaS product, and is going to scale quite quickly, you may want to invest ahead of time in automating some processes so that deploying new instances doesn't have to be done manually.
I prefer this approach as well, because you can then point different subdomains at your individual custom apps. (i.e. customer1.yourdomain.com, customer2.yourdomain.com). Each app already has it's own domain under azurewebsites.net, so if you don't mind using that domain, you can just stick with it. It's nice cause then you don't have to manage your own DNS or worry about SSL Certificates and what not, as it's already managed for you. If you do want your own custom domains, there's plenty of documentation on this. Azure also has a DNS service for automating creating CNAME records while automatically spinning up a new app and deploying a DB to your pool and initializing the DB, etc...
As David says, you can do this how you like. My suggestion would be to use connection strings in your application's web.config to control the database instance you want to communicate with, and you can then configure your azure web app deployment's "slot settings" in the azure portal (or your ARM template) to override the web config settings for that deployment.
So - you can create your ARM template which describes your infrastructure, and may deploy your app service plan, web app, web config, sql database to a specifically named resource group (ie. targeting one of your customers). This would have configuration that points to the database instance in that resource group, and possibly other config that turns customer specific functionality on/off. Try to keep the code and deployment as common as you can, otherwise you'll end up with a maintenance nightmare in the future.
See https://azure.microsoft.com/en-gb/documentation/articles/web-sites-configure/ for information on configuration settings in azure web apps.
So I'm trying to find a "Best" way to interact(create a interface) with Active Directory read/write mode. So I'm deciding between this two aproaches:
Try and use the ADWS.
C# Implementation.
Apparently for ADWS is not that easy even though there is a full WSDL I'v not been able to locate it, to try to do some test via SOAPui...
Now fort the C# Implementation there are few implementations
but still I'm not sure if its 100% doable to have full READ/WRITE to AD i.e. creating accounts users, query for users info, etc. from lets say REST WS.
So My questions are
Is there a way of getting a WSDL from the AD server so that I can use that as a starting point? ( I don't want to get me into PowerShell stuff or the like)
Are there any good articles for the latest versions C# ,libs, etc... to help me implement this?
Is there a better way of doing this?
As an example This is what we're trying to do:
Scenario 1:
Create a Web Service (INTERFACE) that expose AD information
The Web Service could be REST or SOAP
The WS should read/Query/Write the AD
Any Application inside the network can consume the WS
Scenario 2 (What we currently plan to do):
Sharepoint Reads AD Information
Job should copy AD to DB
Applications can read this data
There should exist some replication between the DB and AD
Any suggestions will be more than welcome
I'm Using server 2008R2 ,Sharepoint foundations 2010
I'm assuming this is related to your previous question which mentioned Exchange.
My personal suggestion is to host a WCF service in IIS. You can set this service up to do whatever you want to suite your needs for the apps accessing it. You can probably do most of what you need to do through the System.DirectoryServices.AccountManagement namespace when it comes to User and Groups.
System.DirectoryServices will give you more granular control at the cost of more work. However, it is a little easier and reading and writing from/to custom attributes here.
If you're going to interact with Exchange 2010 you'll need to mess with Powershell. And you could use Powershell to do core AD work as well.
And of course if you're going to write your own web service you could make it REST.
Here is a link to MSDN with info about System.DirectoryServices and the various namespaces. I personally find AD to be a lot of fun to work with. There are many ways to do the same thing in it so I don't think there's one right answer for you. Go with what you're comfortable with or challenge yourself to do something new!
I have a website that uses WebMatrix user authentication (login/register pages) and I am making an app in Windows 8 release preview and would like to know if it is possible to authenticate users of my app (let users of my app sign in to my app) if they are registered members of my website? And if they are not, allow them to register through my app - but it appears that remost db connections are not possible in Metro apps - so I don't know what to do. Can somebody please help?
I've been searching for weeks but there still isn't a whole lot of official documentation out there.
You should never ever allow any client or user program to access your database directly (not even read access). People WILL abuse it one way or another and they might try exploits to gain write access if their access is restricted to reading. If you'd like a prominent example, Super Meat Boy did that exactly, and they got lots of database issues and abuse over last year's christmas days (while there game was on (Steam) sale, so they got lots of additional upset players!).
I've never used WebMatrix, so I might be a bit off here, but in general you should have several possible approaches - all being better than doing direct database access:
Use some provided remote access (this might be some extra class or addon or whatever; IF available).
Write your own remote access tool. This would essentially be some special website accepting/returning text or data interpreted by your program. E.g. you could post the login credentials in a HTTP POST request and it could return ok or failed or something like that.
Essentially fake a web browser and access the standard URLs/scripts/systems provided by WebMatrix.
I am building a very simple asp.net application that will have a SQL Server 2008 backend.
Some users will be entering data and storing in the database and some users will be viewing data.
The SQL Server 2008 is working with Windows authentication for every user; however, I am unable to get ASP.NET working with Windows authentication yet. Is there a simple way to allow windows authentication with ASP.NET? I found a very convoluted way, but I don't like it.
I will need to audit every action that the users perform.
Should I audit the users at the application level or at the SQL Server level?
Are there already built in methods to do this? If so, how?
On the contrary, I have always found Windows Authentication to be quite easy to set up and relatively painless. Here's some guides:
Setting up
More Setting up
I didn't realize that you could audit what users did at the ASP.NET level. My answer would be to use SQL Server for this one. You'd need to log:
timestamps and user name for every action
do you need to log workstation or location where the actions were performed?
can users go to mul
if multiple locations use this application, consider storing UTC time only
all actions, even deletes, which mean that delete's only get "hidden" from the user, but never erased from the database. Same for edits, the old record should never be changed or taken out of the database.
Your best bet here is to talk to your boss about this one. Auditors can have very specific needs, and you definitely don't want to forget anything. Every situation is different, so be sure to sit down and double check all your requirements and specifications.
Two things:
Here is example on Win auth on asp.net app:
http://weblogs.asp.net/scottgu/archive/2006/07/12/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application.aspx
I suggest you implement a log framework like log4net to log your application. It's simple and easy to use http://logging.apache.org/log4net/download.html
I would do this from the application if it is significant HOW people accessed the data as much as the WHO, but that's quite different from rlb.usa's answer. In my past jobs, it's often been as important to know which application the person changed data from as when/who. If it's primarily for application issues, log4net is a good option.
I am using sharepoint solely as a repository to store and retrieve large files (~100 MBs). How can I authenticate a web application such that it can upload and download files to a document list on Sharepoint 2007 without using Windows intergrated authentication?
The web application will handle the authorization - it'll figure out which users are allowed to access the repository via integrated windows authentication and a bunch of business rules that depend on the application's state. When the user wants a file they will use the web app. The web app will then download that file on the user's behalf using some sort of credentials. I prefer that these credentials be somewhat permanent so it's password doesn't expire every so often. I was thinking of using basic authentication because the files that I'm access controlling aren't high valued files (so its poor security is tolerable), and it seems to be the simplest. What are my options?
I wouldn't recommend using SharePoint for this at all. Its value comes from the features it provides through its user interface. If you remove this then you are looking at an expensive and over-complicated data store.
SharePoint stores all data in a database. Storage for databases is more expensive than storage for files. It's more costly to configure, administer, backup, load balance, scale, etc...
Development time is more costly with SharePoint. It's a big and complex product that's not trivial or quick to develop against. There needs to be a solid business case and using SharePoint for its back end only isn't a good one.
Please seriously consider this approach before going down it!
You are better off just enabling windows auth on your web application and then setting the permissions to the folders/files.
If you do need to get just the files however...go to www.codeplex.com and search for sharepoint powershell. There is a script there to upload stuff. This could be modified to download I believe.
As mentioned above, using SharePoint as a repository pretty much nullifies any of its benefits. You might as well just use a database to store your content (that's what SharePoint is doing behind the scenes anyway.)