|
Hi All, I would welcome recommendations on how to secure a Net Core API which I curently host on a publicly facing Linux box ( I'm using Apache as a reverse proxy server ) - it's in development and I would like ( if it's possible ) to restrict access to only my development LAN at home - I hope this makes sense
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
Is your API using REST or some other form of communication? Rather than worrying about limiting it to your home network, you could simply secure the API using something like OAuth2.
|
|
|
|
|
Hi Pete, it's just a basic ASP Net Core MVC API - when it's finished I will look at something like OAuth2 , at the moment while it's in development ( because it has real data in a database ( maybe I should change that ) ) I'd like to nail it down so only someone on my local LAN can connect to the API - as you know I'm not expert in all things Web
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
I'm experiencing some (new) and very odd behaviours trying to send outbound email from my ASP.Net websites. These are running on a shared-host setup and use ASP.Net Framework webforms. In the past I've been able to do this very simply:
In Web.config:
<system.net>
<mailSettings>
<smtp from="me@mydomain.com" deliveryMethod="Network">
<network host="mail.mydomain.com" userName="me@mydomain.com" password="notneeded" defaultCredentials="false" />
</smtp>
</mailSettings>
</system.net><pre lang="HTML">
then in the code
SmtpClient smtp = new SmtpClient();
smtp.Send("sender@mydomain.com", "recipient@somedomain.com" "subject", "message"); NOTE that the password defined in web.config really is the literal "notneeded". When running these sites on my local development box, the correct password for the named sending account is indeed required; but when uploaded to the server, the password is ignored (and the setting can be removed completely).
As of some time on Friday I became aware that email sending from all my sites was failing. I reported the issue to my hosting company but in the meantime attempted to find a fix myself. I found that entering the "correct" password worked fine. (Later this weekend the hosting company, who had denied ANY configuration changes at their end, then made further changes that resulted in all the amended sites failing again. They then told me to change to a different SMTP server (mail.hostingcompany.com ); however that didn't work for me. After several hours further testing showed it DID now work, so I updated all the sites again. Later this evening I also found that once again the original mail.mydomain.com host address was working again.
This was all pretty frustrating; I don't pretend to understand SMTP very well and am really not sure how / why omitting the password (or using a dummy one) worked, but it did. That was a Good Thing because it meant I didn't have to hard-code my email password in plain text in web.config, and also meant that when I change my email password I don't also need to go in and change web.config for the domain and all its sub-domains.
So I have some questions:
1. WHY did omitting password work, when the site was running on the same server as the SMTP host?
2. WHAT configuration change could the host have made to cause this to STOP working?
3. Most confusingly of all... there is ONE subdomain that continued to work fine WITHOUT the password through all this. I've examined the code carefully and it definitely does NOT specify the password (either in web.config or in code). Other subdomains of the same domain, which used identical SMTP configuration, now require the password; just this ONE does not.
I'm annoyed with my hosting company, as it's perfectly clear THEY have changed something that caused all my websites to break; not only did they not forewarn, they continue to deny they changed anything. They've subsequently made further changes that broke my fix and then yet more that allow my fix to work. But I'm also completely befuddled as to why things ever worked, then why they didn't, and why one identically-configured site continues to work as it always did!
|
|
|
|
|
My guess would be that the SMTP server was set up to implicitly trust the web server without requiring authentication, and something caused that trust to fail.
Is the site that's still working on the same server as the others? And if so, does the server have multiple IP addresses?
If you have access to IIS Manager on the server, you can configure the SMTP settings at the root level, and all of the sites should inherit those settings without needing the mailSettings element at all.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks Richard. Yes, I think they moved the SMTP server to a separate box, and have subsequently put DNS forwarding for mail.mydomain.com to the new server, so that it works but does not automatically authenticate. That would also explain why it broke again for a while but subsequently worked once the DNS changes propagated.
The subdomain that is still working without a password is an oddity - as far as I can tell it's on the same server (I guess there may be some checks I can do to verify, even looking at the IIS logs etc maybe). But as they've now setup a dedicated mail server it seems unlikely it would still be on that box... I'll do some more tests (and clone a page from one of the other sites to this one, as the code is slightly different though not using a password) to verify it's nothing different in the logic.
I run multiple sites with this host, and manage sites for clients on other shared hosts - all seem to suffer from the problem of unplanned, unannounced and undocumented configuration changes that break sites. I guess the majority of their income comes from static or otherwise trivial sites. I left my last host because they changed DBMS (from MySql to MariaSQL) with no warning, breaking a number of things, and claiming that MySql had been "renamed" MariaSql. That level of ignorance and stupidity was truly scary so they barely saw me for dust...
|
|
|
|
|
I know there's one already... Nicely packed inside the Entity Framework 6 package!?
So if I want to singularize or pluralize (English) words I have to add a package to an old version of an ORM, nice!
It also doesn't work all too well with EF Core.
Because I want to work with language...
The service wasn't added to .NET Core, but luckily someone ported it... Which also implicitly adds it to my EF Core designer messing up my database generation
Anyone know of a good alternative that has nothing to do with databases?
|
|
|
|
|
|
That looks good, but it does A LOT!
Certainly worth checking out, thanks
|
|
|
|
|
Funny - they have a Dasherize method, but they use Hyphenate instead of Hyphenize .
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
You could always write your own. It's not like the rules are complicated or anything!
An Algorithmic Approach to English Pluralization[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: It's not like the rules are complicated After all Goose - geese and Mongoose - mongooses, is completely logical.
|
|
|
|
|
The article starts with "the issues..." and "The problem of..."
If you look at the (ported) source code of the EF pluralizer[^] you'll see it's mostly exceptions
It even includes the word "pneumonoultramicroscopicsilicovolcanoconiosis"
|
|
|
|
|
Which the Oxford English Dictionary defines as "an artificial long word said to mean a lung disease caused by inhaling very fine ash and sand dust".
Although it's probably still easier to pronounce than the name of that Icelandic volcano.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: Although it's probably still easier to pronounce than the name of that Icelandic volcano.
|
|
|
|
|
Why do you want to use Entity Framework ? - biggest POS I've seen in code ( I know - I should get out more )
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
Why wouldn't you?
Makes DB connections and queries A LOT easier
|
|
|
|
|
Mmmm...
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
|
|
|
|
|
It took you nearly a month to come up with that answer?
|
|
|
|
|
Hi can anyone help? I've been stuck with this issue for the past 2 days. I'm trying to run asp.net application in visual studio 2019 I've tried changing the port numbers, it doesn't work, it still pops up with the error "unable to connect to web server IIS Express'. I've deleted my vs folder with the config like 100 times, restarted visual studio, did a clean and build, restarted my PC. None of this has worked. I've looked into the list of processes and I can see this port is not being used. I've tried using netstat to find what's using that port no luck. I mean it doesn't make any sense, any ports I tried I get the same "unable to connect to web server iis express error. This is happening to multiple projects in a solution but when I create a new project in a fresh solution, I can run new projects fine. I've also tried visual studio 2017, no luck! So the problem is with these web projects. Someone please help I'm a bit frustrated.
|
|
|
|
|
IS that 5xxxx port in use? Then it should be possible to identify the guilty from the Network tab in Resource Monitor, and you can see which process is the culprit. If there is no trace of port 5xxxx in Resource Monitor, then the error message is wrong, and you must search for other explanations.
My guess is that after an earlier run, the closedown ran into issues so the cleanup wasn't done properly. Maybe there is a stray detached process holding that port (then you'll see it in Resource Monitor), or some table of "ports that I have opened and must remember to close" table wasn't ceared. Both of these would most easily be solved by a controlled shutdown and reboot.
If you have rebooted since the problems arose, to no avail, there may be configuration / state info saved in the registry, application specific ini files etc. Right now, I am fighting a problem in an IDE: Every now and then things lock up. and the only way to unlock it is to delete the entire build directory. Earlier today, I had another problem: When one project setup was corrupted, I wanted to select another one - but the IDE always initialize e.g. directory searches from the settings of the current project, whose values were corrupted. So the selection dialog locked up completely (even after deleting the build directory of the current project), and I couldn't select another one. Fortunately, I found a list of "recently opened projects", and selecting one of those updated the defaults for the project selection dialog, overwriting the corrupted values.
I have no idea about where those corrupted values are stored, and I had to resort to tricks to get them out of the way. You may have to go on a similar hunt . As a last resort, I could have wiped out the entire IDE and reinstalling it from scratch; fortunately I didn't have to do that (reinstallation takes quite some time). Maybe you will end up with having to do that.
|
|
|
|
|
im trying to use Disc utils but i dont see the components
|
|
|
|
|
You don't find them because that's not part of Windows, the .NET Framework, or Visual Studio.
It's a 3rd party component you have to download.
Trying typing "DiscUtils.dll" into Google and you just might find where to get it from.
|
|
|
|
|
i have already a good Programm which shows my database in a Datagridview,
everything is Ok with it, now i would like to add Filter Option to my Datagridview like Excel Filter
i used : AdvanceDatagridview it's an advanced Datagridview with a lot of filter Option,
the problem here, i can not use this datagridview unless i bind it with a Datatable and i also when i did that t found a big problem because in my old code there is Datagridviewrow
and now so i tried to convert Datagridviewrow to datarow to import it in datatable and to use it but it did not work
my Old Code :
<pre> sSQL = "SELECT " &
"ItemID, " &
"PSC_tdItems.OrderID, " &
"ArtikelID, " &
"Menge, " &
"Art, "
"CodeID, " &
MyCommand = New SqlCommand(sSQL, conFF)
drW2P = MyCommand.ExecuteReader
If drW2P.HasRows Then
While drW2P.Read()
nField_ItemID = 0
nField_OrderID = 0
nField_Quantity = 0.0
sField_Art = ""
sField_pscArticleID = ""
sField_CodeID = ""
If Not DBNull.Value.Equals(drW2P("ItemID")) Then
nField_ItemID = Convert.ToInt32(drW2P("ItemID"))
End If
If Not DBNull.Value.Equals(drW2P("OrderID")) Then
nField_OrderID = Convert.ToInt32(drW2P("OrderID"))
End If
If Not DBNull.Value.Equals(drW2P("Menge")) Then
nField_Quantity = Convert.ToDouble(drW2P("Menge").ToString.Replace(".", ""))
End If
If Not DBNull.Value.Equals(drW2P("Art")) Then
sField_Art = drW2P("Art").ToString
End If
If Not DBNull.Value.Equals(drW2P("ArticelNumber")) Then
sField_mspArticleNumber = drW2P("ArticelNumber").ToString
End If
If Not DBNull.Value.Equals(drW2P("CodeID")) Then
sField_CodeID = drW2P("CodeID").ToString
End If
Try
MyRow = New DataGridViewRow
MyRow.CreateCells(dgvW2P)
MyRow.SetValues("0",
imgNotOK.ToBitmap,
nField_ItemID,
nField_OrderID,
nField_Quantity
sField_Art,
sField_pscArticleID
sField_CodeID)
dgvW2P.Rows.Add(MyRow)
Catch ex As Exception
ErrorLogging(True, "Sub FillW2PGrid: Add a line in the grid" & vbCrLf & ex.Message & vbCrLf & "SQL:" & sSQL & vbCrLf & ex.StackTrace.ToString, nErrorLevel_Error)
Finally
If Not MyRow Is Nothing Then
MyRow.Dispose()
MyRow = Nothing
End If
End Try
End While
End If
my new Code :
<pre> sSQL = "SELECT " &
"ItemID, " &
"PSC_tdItems.OrderID, " &
"ArtikelID, " &
"Menge, " &
"Art, "
"CodeID, " &
Dim Dt As New DataTable
Dt.Clear()
Dim cmd As New SqlCommand
If conFF.State = ConnectionState.Open Then
conFF.Close()
End If
conFF.Open()
cmd.Connection = conMspFF
cmd.CommandType = CommandType.Text
cmd.CommandText = (sSQL)
Dim da As New SqlDataAdapter(cmd)
da.Fill(Dt)
bindingSource_data.DataSource = Dt
dgvW2PNEW.DataSource = bindingSource_data
dgvW2PNEW.Refresh()
drW2PNEW = MyCommand.ExecuteReader
' the problem is here : i can not use HasRow with my new Datagridview
<pre> If drW2PNEW.HasRows Then
While drW2PNEW.Read()
nField_ItemID = 0
nField_OrderID = 0
nField_Quantity = 0.0
sField_Art = ""
sField_pscArticleID = ""
sField_CodeID = ""
If Not DBNull.Value.Equals(drW2PNEW("ItemID")) Then
nField_ItemID = Convert.ToInt32(drW2PNEW("ItemID"))
End If
If Not DBNull.Value.Equals(drW2PNEW("OrderID")) Then
nField_OrderID = Convert.ToInt32(drW2PNEW("OrderID"))
End If
If Not DBNull.Value.Equals(drW2PNEW("Menge")) Then
nField_Quantity = Convert.ToDouble(drW2PNEW("Menge").ToString.Replace(".", ""))
End If
If Not DBNull.Value.Equals(drW2PNEW("Art")) Then
sField_Art = drW2PNEW("Art").ToString
End If
If Not DBNull.Value.Equals(drW2PNEW("ArticelNumber")) Then
sField_mspArticleNumber = drW2PNEW("ArticelNumber").ToString
End If
If Not DBNull.Value.Equals(drW2PNEW("CodeID")) Then
sField_CodeID = drW2PNEW("CodeID").ToString
End If
Try
MyRow = New DataGridViewRow
MyRow.CreateCells(dgvW2PNEW)
MyRow.SetValues("0",
imgNotOK.ToBitmap,
nField_ItemID,
nField_OrderID,
nField_Quantity
sField_Art,
sField_pscArticleID
sField_CodeID)
dgvW2PNEW.Rows.Add(MyRow)
Catch ex As Exception
ErrorLogging(True, "Sub FillW2PGrid: Add a line in the grid" & vbCrLf & ex.Message & vbCrLf & "SQL:" & sSQL & vbCrLf & ex.StackTrace.ToString, nErrorLevel_Error)
Finally
If Not MyRow Is Nothing Then
MyRow.Dispose()
MyRow = Nothing
End If
End Try
End While
End If
|
|
|
|
|
This is a third party product so you need to contact the person who wrote it.
|
|
|
|
|