|
8. To marshall an interface pointer from the owning thread to a another thread, use the CoMarshalInterThreadInterfaceInStream() and the CoGetInterfaceAndReleaseStream() APIs.
9. Note that marshalling an interface pointer is just one-half of the game. The other half, which in many ways is more challenging and interesting, involves the marshalling of the PARAMETERS of the interface methods.
10. If you make your interface dual or IDispatch-based, the marshalling of the methods' parameters is performed completely automatically for you curtesy of COM.
11. This is logical because dual and IDispatch interfaces can use only OLE Automation-Compatible Types for parameters (e.g. VARIANTs, BSTRs, etc). COM has already prepared itself to marshall these types of parameters.
12. Non-dual and non-IDispatch based interfaces (aka Custom Interfaces) must provide their own custom marshalling. Proxy and stub DLLs must be created for this purpose.
13. Note also that dual and IDispatch based interfaces also use a proxy/stub DLL to perform parameter marshalling. This proxy/stub DLL is the famous oleaut32.dll (read it as OLE AUTomation 32 DLL).
14. To determine or confirm if your interface uses oleaut32.dll to marshall parameters, look up the registry entry of your Interface, e.g. :
HKEY_CLASSES_ROOT\Interface\{66AD7066-C70F-4136-A108-71DC34F3305C}
Here you will find a "ProxyStubClsid32" subkey. It should have a "Default" string value. The value is the CLSID of the object that implements the marshalling functionality of your interface.
15. Look up the registry entry for this CLSID and you will see the in-proc server DLL of the marshalling object. If your interface is dual or IDispatch based, the CLSID should be :
{00020424-0000-0000-C000-000000000046}
If you look up this CLSID entry in the registry, i.e. :
HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}
you will find the following information :
15.1 The default string value for this CLSID is "PSOAInterface" (read this as Proxy Stub OLE Automation Interface). PSOAInterface is the "universal marshaler" that creates in-memory COM stub/proxy pairs based on type library information. PSOAInterface is oleaut32's tool that enables VB to do "somewhat native" COM marshaling by mimicking the functionality of "midl /Oicf" on-the-fly. PSOAInterface builds and caches native COM proxies based on type libraries. The downside of PSOAInterface is that it requires interfaces that use it to be OLE-Automation compatible, that is, it must return HRESULTs and its parameters must be OLE-Automation types, since that is what it was built for and that's the set of types that COM type libraries can express.
15.2 There is an "InprocServer32" subkey. In this subkey, you will find that the default string value is "oleaut32.dll".
We hope the above information will be useful to all. There's still quite alot of information to share with all on this same topic. We'll be updating this Knowledge Sharing Article with a Part 2 soon.
|
|
|
|
|
Understand Common Virus Attacks Before They Strike to Better Protect Your Apps
by Jason Fisher
The web address of this article is :
http://msdn.microsoft.com/msdnmag/issues/03/05/VirusHunting/default.aspx
This article presents information on some of the techniques viruses use to launch themselves and get into your system.
|
|
|
|
|
1. User A accesses the Web Application.
1.1 The Web Application Starts up (System.Web.HttpAplication.Application_Start() event is fired).
1.2 A new Session is started (System.Web.HttpAplication.Session_Start() event is fired).
2. User B accesses the Web Application.
2.1 The web application is already started up.
2.2 A new Session is started (System.Web.HttpAplication.Session_Start() event is fired).
3. The web application will only end after both User A and User B sessions end.
3.1 When a session ends, System.Web.HttpAplication.Session_End() event is fired.
3.2 When a web application ends, System.Web.HttpAplication.Application_End() event is fired.
|
|
|
|
|
The Global.asax file captures the start and end of both application and user sessions.
1. Application - when the internet application is first run by a user. Happens only once during an entire APPLICATION session.
2. Session - when a user requests for a page within an application. This happens everytime a new user accesses web pages of an application.
Definition of Session State :
The current value of all the controls and variables for the current user in the current session.
Note : values stored in Session variables are unique for each user session.
|
|
|
|
|
Microsoft ASP.NET solves the HTTP Stateless and CGI Performance Problems through :
1. Application Management.
2. Session Management.
3. Viewstate.
4. Model View Controller (Code behind) Architecture.
5. Automatic Memory Allocation System (Garbage Collection).
|
|
|
|
|
Microsoft Classic ASP solves the HTTP Statelessness Problem through :
1. Application Management.
2. Session Management.
|
|
|
|
|
1. HTTP : lack of session management (due to statelessness).
1.1 HTTP is usch that web applications are not able to "remember" a user's past status and operations.
1.2 It does not provide any means for a web app to clearly mark the start and end of a client user's engagement.
1.3 It does not provide any means for a web app to clearly mark the start and end of the entire application.
2. CGI : low in performance.
2.1 CGI does not operate in Multi-tasking and multi-threading environment.
2.2 It is difficult to support the programming of reusable codes.
|
|
|
|
|
This can be done by setting the "AutoPostBack" property of a Web Server Control to TRUE.
This is known as POSTBACK.
|
|
|
|
|
1. Use a button of type "submit". Embed this button inside a <form></form> tag in the web page's HTML.
2. Call the submit() function inside javascript, e.g. :
function SubmitForm
{
this.Form.submit;
}
|
|
|
|
|
Also note that the form tag must have the appropriate action attribute, e.g. :
<form name="MyForm" action="www.somesite.com/somepage.asp">
...
</form>
|
|
|
|
|
WebServiceObject wso = new WebServiceObject();
AsyncCallback cb = new AsyncCallback(MethodCallback);
try
{
wso.BegindoAsyncFunction
(
some_param_1,
some_param_2,
cb, // 2nd last parameter is always the AsuncCallback object.
(object)wso // This object (whatever it is)
); // is returned in IAsyncResult.AsyncState in
// callback function.
}
catch(SoapException se)
{
...
}
private void MethodCallback(IAsyncResult ar)
{
WebServiceObject wso = (WebServiceObject)ar.AsyncState;
string strRetVal = wso.EnddoAsyncFunction(ar);
...
}
|
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
|
|
|
|
C# Code :
byte[] byImageBytes = GetImageBytesFromSomewhere();
MemoryStream ms = new MemoryStream(byImageBytes);
pictureBox_Image.Image = Image.FromStream(ms);
|
|
|
|
|
<html>
<body>
<form action="http://localhost/MyWebService/MyWebService.asmx/MyMethod" method="POST">
<input name="a"></input>
<input name="b"></input>
<input type="submit" value="Enter"> </input>
</form>
</body>
</html>
|
|
|
|
|
1. To provide a common way of packaging message data.
2. To define encoding rules for serialization and deserialization of data transmission.
3. To provide a model that can be used to implement RPC operations using SOAP.
|
|
|
|
|
Misconception #1 - SOAP is nothing more than a protocol for RPC over HTTP.
* No, this is just one implementation of SOAP.
Misconception #2 - SOAP specification requires the use of HTTP.
* No, SOAP can be used with any protocol.
* Microsoft and others have implemented SOAP messages over SMTP.
Misconception #3 - SOAP works on HTTP request/response conversation.
* No, that supports the transmission of XML data from sender to receiver.
|
|
|
|
|
SAO - Activator.GetObject().
CAO - Activator.CreateInstance().
Config File - new
|
|
|
|
|
Windows applications in VS.NET use the name app.config by default for the configuration file. This will not be automatically created when you create a Windows application. If you need a configuration file for your application, open your project in VS.NET, go to the 'Solution Explorer' and right click on the project name. Choose Add > Add new item from the menu and select 'Application Configuration file' from the list of choices. This will create an app.config file for you in the application root.
When you compile your application, VS.NET will automatically create a file called <your application name>.exe.config in your bin\debug folder. The contents of the app.config will be automatically copied to this new config file when you compile the application. When you deliver the application to the end user, you have to deliver the exe and this new config file called <your application name>.exe.config and NOT the app.config. Users can modify the data in <your application name>.exe.config file and application will read the data from the config file, when restarted.
|
|
|
|
|
Remember that the config file -must- be named app.config and nothing else !
|
|
|
|
|
1. Make sure your depencency DLL is compiled with a strong name. This is because you will need to reference the Public Key Token in the client application's config file.
2. Create a file directory in your local hard disk in which to store your DLL (e.g. c:\MyLib). Store your dependency DLL there, e.g. c:\MyLib\MyLib.dll
3. Web Shard this folder. This will cause IIS to register a Virtual Directory for your Web Shared folder.
4. In your client application config file, supply a config file with at least the following data :
<configuration>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity
name="MyLib"
publicKeyToken="f165dd82fa9f2434"
culture="neutral"
/>
<codeBase version="1.0.0.0"
href="http://localhost/MyLib/MyLib.dll" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
5. Go to the .NET Configuration Tool and create a new Code Group. For this new Code Group, under Membership Condition, select "URL" for the condition type.
6. For the URL, type in the web path to your dependency assembly : e.g. :
"http://localhost/MyLib/MyLib.dll" or "http://localhost/MyLib/*"
7. If you happen to change anything (especially method signatures) in your dependency DLL, be sure to refresh the local cache of used assemblies by deleting the appropriate insance of your DLL in the following directory :
<documents and settings folder>\<user id>\local settings\application data\assembly\dl2.
Otherwise, your old dependency DLL will still be cached and used.
|
|
|
|
|
In addition, by including the use of the FileIOPermissionAttribute class, we can ensure that subsequent code will read ONLY specified file(s) and will write to ONLY specified file(s), e.g. :
[FileIOPermissionAttribute(SecurityAction.PermitOnly, Read="C:\\security.txt", Write="C:\\security.out.txt")]
private void buttonReadFile_Click(object sender, System.EventArgs e)
{
SecureFileReader sfr = new SecureFileReader();
byte[] byDataIn = sfr.ReadFile("c:\\security.txt");
Stream fs_out = new FileStream("c:\\security.out.txt", FileMode.Create,
FileAccess.Write);
fs_out.Write(byDataIn, 0, byDataIn.Length);
fs_out.Close();
}
The desired effect is achieved even if unrestricted FileIOPermission to the file system has been granted for the assembly.
|
|
|
|
|
byte[] byData = SomeFunctionThatReturnsAByteArray();
string MyString = System.Text.UnicodeEncoding.Unicode.GetString(byData);
|
|
|
|
|
At the .NET Command Line Prompt, type :
"mscorcfg.msc"
|
|
|
|
|
byte[] byData = System.Text.UnicodeEncoding.Unicode.GetBytes(strMyString);
|
|
|
|
|
If you need to open a file (for reading only) in IIS for your ASP.NET application, be sure to use the FileAccess.Read flag in your FileStream constructor, e.g. :
FileStream fs = new FileStream
(
m_strServerPath + sbBinFileName.ToString(),
FileMode.Open,
FileAccess.Read // <-- important.
);
Otherwise, the file access attempt may fail.
|
|
|
|