Hi All, I would welcome recommendations on how to secure a Net Core API which I curently host on a publicly facing Linux box ( I'm using Apache as a reverse proxy server ) - it's in development and I would like ( if it's possible ) to restrict access to only my development LAN at home - I hope this makes sense
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
Hi Pete, it's just a basic ASP Net Core MVC API - when it's finished I will look at something like OAuth2 , at the moment while it's in development ( because it has real data in a database ( maybe I should change that ) ) I'd like to nail it down so only someone on my local LAN can connect to the API - as you know I'm not expert in all things Web
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
I'm experiencing some (new) and very odd behaviours trying to send outbound email from my ASP.Net websites. These are running on a shared-host setup and use ASP.Net Framework webforms. In the past I've been able to do this very simply:
SmtpClient smtp = new SmtpClient();
smtp.Send("email@example.com", "firstname.lastname@example.org""subject", "message");
NOTE that the password defined in web.config really is the literal "notneeded". When running these sites on my local development box, the correct password for the named sending account is indeed required; but when uploaded to the server, the password is ignored (and the setting can be removed completely).
As of some time on Friday I became aware that email sending from all my sites was failing. I reported the issue to my hosting company but in the meantime attempted to find a fix myself. I found that entering the "correct" password worked fine. (Later this weekend the hosting company, who had denied ANY configuration changes at their end, then made further changes that resulted in all the amended sites failing again. They then told me to change to a different SMTP server (mail.hostingcompany.com); however that didn't work for me. After several hours further testing showed it DID now work, so I updated all the sites again. Later this evening I also found that once again the original mail.mydomain.com host address was working again.
This was all pretty frustrating; I don't pretend to understand SMTP very well and am really not sure how / why omitting the password (or using a dummy one) worked, but it did. That was a Good Thing because it meant I didn't have to hard-code my email password in plain text in web.config, and also meant that when I change my email password I don't also need to go in and change web.config for the domain and all its sub-domains.
So I have some questions:
1. WHY did omitting password work, when the site was running on the same server as the SMTP host?
2. WHAT configuration change could the host have made to cause this to STOP working?
3. Most confusingly of all... there is ONE subdomain that continued to work fine WITHOUT the password through all this. I've examined the code carefully and it definitely does NOT specify the password (either in web.config or in code). Other subdomains of the same domain, which used identical SMTP configuration, now require the password; just this ONE does not.
I'm annoyed with my hosting company, as it's perfectly clear THEY have changed something that caused all my websites to break; not only did they not forewarn, they continue to deny they changed anything. They've subsequently made further changes that broke my fix and then yet more that allow my fix to work. But I'm also completely befuddled as to why things ever worked, then why they didn't, and why one identically-configured site continues to work as it always did!
My guess would be that the SMTP server was set up to implicitly trust the web server without requiring authentication, and something caused that trust to fail.
Is the site that's still working on the same server as the others? And if so, does the server have multiple IP addresses?
If you have access to IIS Manager on the server, you can configure the SMTP settings at the root level, and all of the sites should inherit those settings without needing the mailSettings element at all.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Thanks Richard. Yes, I think they moved the SMTP server to a separate box, and have subsequently put DNS forwarding for mail.mydomain.com to the new server, so that it works but does not automatically authenticate. That would also explain why it broke again for a while but subsequently worked once the DNS changes propagated.
The subdomain that is still working without a password is an oddity - as far as I can tell it's on the same server (I guess there may be some checks I can do to verify, even looking at the IIS logs etc maybe). But as they've now setup a dedicated mail server it seems unlikely it would still be on that box... I'll do some more tests (and clone a page from one of the other sites to this one, as the code is slightly different though not using a password) to verify it's nothing different in the logic.
I run multiple sites with this host, and manage sites for clients on other shared hosts - all seem to suffer from the problem of unplanned, unannounced and undocumented configuration changes that break sites. I guess the majority of their income comes from static or otherwise trivial sites. I left my last host because they changed DBMS (from MySql to MariaSQL) with no warning, breaking a number of things, and claiming that MySql had been "renamed" MariaSql. That level of ignorance and stupidity was truly scary so they barely saw me for dust...
I know there's one already... Nicely packed inside the Entity Framework 6 package!?
So if I want to singularize or pluralize (English) words I have to add a package to an old version of an ORM, nice!
It also doesn't work all too well with EF Core.
Because I want to work with language...
The service wasn't added to .NET Core, but luckily someone ported it... Which also implicitly adds it to my EF Core designer messing up my database generation
Anyone know of a good alternative that has nothing to do with databases?
Funny - they have a Dasherize method, but they use Hyphenate instead of Hyphenize.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
The article starts with "the issues..." and "The problem of..."
If you look at the (ported) source code of the EF pluralizer[^] you'll see it's mostly exceptions
It even includes the word "pneumonoultramicroscopicsilicovolcanoconiosis"
Hi can anyone help? I've been stuck with this issue for the past 2 days. I'm trying to run asp.net application in visual studio 2019 I've tried changing the port numbers, it doesn't work, it still pops up with the error "unable to connect to web server IIS Express'. I've deleted my vs folder with the config like 100 times, restarted visual studio, did a clean and build, restarted my PC. None of this has worked. I've looked into the list of processes and I can see this port is not being used. I've tried using netstat to find what's using that port no luck. I mean it doesn't make any sense, any ports I tried I get the same "unable to connect to web server iis express error. This is happening to multiple projects in a solution but when I create a new project in a fresh solution, I can run new projects fine. I've also tried visual studio 2017, no luck! So the problem is with these web projects. Someone please help I'm a bit frustrated.
IS that 5xxxx port in use? Then it should be possible to identify the guilty from the Network tab in Resource Monitor, and you can see which process is the culprit. If there is no trace of port 5xxxx in Resource Monitor, then the error message is wrong, and you must search for other explanations.
My guess is that after an earlier run, the closedown ran into issues so the cleanup wasn't done properly. Maybe there is a stray detached process holding that port (then you'll see it in Resource Monitor), or some table of "ports that I have opened and must remember to close" table wasn't ceared. Both of these would most easily be solved by a controlled shutdown and reboot.
If you have rebooted since the problems arose, to no avail, there may be configuration / state info saved in the registry, application specific ini files etc. Right now, I am fighting a problem in an IDE: Every now and then things lock up. and the only way to unlock it is to delete the entire build directory. Earlier today, I had another problem: When one project setup was corrupted, I wanted to select another one - but the IDE always initialize e.g. directory searches from the settings of the current project, whose values were corrupted. So the selection dialog locked up completely (even after deleting the build directory of the current project), and I couldn't select another one. Fortunately, I found a list of "recently opened projects", and selecting one of those updated the defaults for the project selection dialog, overwriting the corrupted values.
I have no idea about where those corrupted values are stored, and I had to resort to tricks to get them out of the way. You may have to go on a similar hunt . As a last resort, I could have wiped out the entire IDE and reinstalling it from scratch; fortunately I didn't have to do that (reinstallation takes quite some time). Maybe you will end up with having to do that.