Click here to Skip to main content
15,879,613 members
Home / Discussions / .NET (Core and Framework)
   

.NET (Core and Framework)

 
AnswerRe: Great Forms (GUI) in MAC using Visual studio 2019 Pin
Eddy Vluggen6-Oct-20 12:20
professionalEddy Vluggen6-Oct-20 12:20 
AnswerRe: Great Forms (GUI) in MAC using Visual studio 2019 Pin
Richard MacCutchan6-Oct-20 22:05
mveRichard MacCutchan6-Oct-20 22:05 
QuestionWhat minimal self-hosted server options use TcpListener and not HttpListener (to dodge urlacl)? Pin
DT Bullock15-Sep-20 13:25
DT Bullock15-Sep-20 13:25 
AnswerRe: What minimal self-hosted server options use TcpListener and not HttpListener (to dodge urlacl)? Pin
DT Bullock15-Sep-20 15:04
DT Bullock15-Sep-20 15:04 
GeneralRe: What minimal self-hosted server options use TcpListener and not HttpListener (to dodge urlacl)? Pin
DT Bullock15-Sep-20 15:35
DT Bullock15-Sep-20 15:35 
QuestionWord search Pin
Emmery Chrisco15-Sep-20 11:31
Emmery Chrisco15-Sep-20 11:31 
AnswerRe: Word search Pin
Mycroft Holmes15-Sep-20 12:29
professionalMycroft Holmes15-Sep-20 12:29 
RantOAuth 2.0 when a .NET desktop app is the 'client' Pin
DT Bullock15-Sep-20 4:42
DT Bullock15-Sep-20 4:42 
I would like to submit my reasoning for validation/sympathty. If your head is not already full of OAuth 2.0 the language here might not make sense.

Some context is required:
* The Resource Server is Xero
* The Authorization Server is Xero
* The Authorization Server permits registration of Clients which use either the 'Authentication Code Flow' or the 'Authentication Code + PKCE Flow'
* The Authorization Server correctly requires Client registrations to supply a 'redirect_uri'
* The Authorization Server incorrectly requires Client registrations to supply a 'redirect_uri' only with an https:// prefix Sigh | :sigh:
* The Client is my .NET desktop ClickOnce app
* The User Agent (browser) runs on the same machine as the Client, in the same desktop session
* the User making the OAuth 2.0 delegation does not otherwise need admin rights to the machine

... and the Dev (not really the subject of an OAuth spec, thank heaven!) just wants to get on and write his business logic. Cry | :((

Right, so back to work: Java | [Coffee]

To get an access token, we first of all need an authorization code. We get that from the Authorization Server through the 'front channel' ... the User's User Agent (ie. a browser) is given an HTTP redirect to the 'redirect_uri' with the information we need in an HTTP request.

And here we run into 'hassle'.

IF our Client were an Android, iOS or UWP(?) app, we could have registered for a 'Claimed Https Scheme URI Redirection' ... when the User Agent (browser) visits https://example.com/, it will activate the app and send the URL to us! (so long as we can convince the respective app store WE own example.com ... it's all in the app manifest).

But ... that's not us. We're a 'legacy' app on Windows. Well, we could use a 'Custom URI Scheme' and register 'com.example.myapp:/foo' with Windows, which would (after a browser prompt) activate our app and hand the URI over to it (maybe ... it isn't clear if we can do this for ClickOnce apps that are 'installed' in each user's roaming profile). We get the same effect as with the Claimed HTTPS URL approach.

But ... that's not us. Xero won't let us use a Custom URI as the 'redirect_uri' anyway D'Oh! | :doh:

(The article Redirect URLs for Native Apps on Okta (a competing Authorization Server) lays these things out quite neatly. Ldapwiki: Claimed Https Scheme URI Redirection on JSPWiki is more jumbled, but references RFCs).

That leaves us with ... running a quick webserver on the loopback/localhost address. Our 'redirect_uri' becomes 'https://localhost:1234/myapp'

Now we have to nominate a port to bind to, that is 'guaranteed' to be available at runtime! Fortunately, we can do bit of a scattergun and nominate *multiple* redirect_uri (https://localhost:5678, https://localhost:6789, etc) when registering our Client with the Xero Authentication Server (or we'd be sunk, basically, if another long-lived app decided to bind to the port we'd chosen).

Great, so we find an available port. Now to bind an HttpListener to the port and wait for the User Agent to hand control back to us.

So we either need:
* admin privileges to bind the port without a 'urlacl' reservation; or
* to have previously done something like "netsh http add urlacl url=https://+:1234" (for at least the redirect_uri variants we have chosen to use at runtime) ... which requires either that we set this up when we had elevated privileges when we installed our app (or not ...since we are ClickOnce), or that we obtain such privileges NOW to do the "netsh http add urlacl" work.

In either case, we now need to refactor a part of our app out to a separate process and arrange for it to run as admin ... which we never intended for our user to have to do ... so that they can delegate the right for our app to access their Xero accounts. Thankfully they only have to do this INFREQUENTLY, but they'll need someone with local admin rights standing over their shoulder when they do Dead | X|

Thumbs Down | :thumbsdown: Thumbs Down | :thumbsdown: Thumbs Down | :thumbsdown:

modified 15-Sep-20 10:50am.

QuestionHow can a .NET Framework desktop-application gain temporary elevated privileges? Pin
DT Bullock14-Sep-20 20:00
DT Bullock14-Sep-20 20:00 
AnswerRe: How can a .NET Framework desktop-application gain temporary elevated privileges? Pin
Richard Deeming14-Sep-20 21:33
mveRichard Deeming14-Sep-20 21:33 
GeneralRe: How can a .NET Framework desktop-application gain temporary elevated privileges? Pin
DT Bullock15-Sep-20 2:47
DT Bullock15-Sep-20 2:47 
GeneralRe: How can a .NET Framework desktop-application gain temporary elevated privileges? Pin
DT Bullock15-Sep-20 2:50
DT Bullock15-Sep-20 2:50 
QuestionI want to rename a table by using EF 6 Code First approach Pin
simpledeveloper11-Sep-20 8:41
simpledeveloper11-Sep-20 8:41 
AnswerRe: I want to rename a table by using EF 6 Code First approach Pin
Dave Kreskowiak11-Sep-20 8:57
mveDave Kreskowiak11-Sep-20 8:57 
AnswerRe: I want to rename a table by using EF 6 Code First approach Pin
Gerry Schmitz11-Sep-20 9:17
mveGerry Schmitz11-Sep-20 9:17 
GeneralRe: I want to rename a table by using EF 6 Code First approach Pin
simpledeveloper11-Sep-20 9:26
simpledeveloper11-Sep-20 9:26 
QuestionMessage Closed Pin
4-Sep-20 21:14
Bdown “FukthaPolice” Tigs4-Sep-20 21:14 
AnswerRe: Lenovo yoga 2 Pin
OriginalGriff4-Sep-20 21:38
mveOriginalGriff4-Sep-20 21:38 
GeneralRe: Lenovo yoga 2 Pin
Richard Andrew x647-Sep-20 4:08
professionalRichard Andrew x647-Sep-20 4:08 
AnswerRe: Lenovo yoga 2 Pin
Dave Kreskowiak5-Sep-20 5:41
mveDave Kreskowiak5-Sep-20 5:41 
QuestionDisplay temporary data in datagridview Pin
hiruthere1-Sep-20 0:36
hiruthere1-Sep-20 0:36 
AnswerRe: Display temporary data in datagridview Pin
Richard MacCutchan1-Sep-20 2:18
mveRichard MacCutchan1-Sep-20 2:18 
QuestionImplementation of Identity 4 in .net core 3.1 for SSO for multiple projects Pin
Ravikumar Patra14-Aug-20 2:41
professionalRavikumar Patra14-Aug-20 2:41 
AnswerRe: Implementation of Identity 4 in .net core 3.1 for SSO for multiple projects Pin
Dave Kreskowiak14-Aug-20 4:09
mveDave Kreskowiak14-Aug-20 4:09 
AnswerRe: Implementation of Identity 4 in .net core 3.1 for SSO for multiple projects Pin
Gerry Schmitz14-Aug-20 4:56
mveGerry Schmitz14-Aug-20 4:56 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.