|
I've been going to programmer seminars over the last month and learning more about .Net Core, and the concepts of breaking up my programs into smaller pieces and processes. My plan going forward is to start running my .Net Core apps in Docker Containers in my little data center first, then Azure later. So we were talking about Azure and Web Jobs, which Segway into sending email as a separate process. Rob Rich, the speaker was talking about making email more durable and stateless by making it a separate process that works off a message queue. I get the concept as if it was an illustration, but can't grasp the code architecture of it.
I currently just have classes that handle email in a separate project that is attached to the main project. The email classes just generates the email message and then calls SendMailAsync in the same external project. I'm thinking perhaps I should create a new project that just handles email. Something completely modular that I could use over and over with little configuration or integration.
My first thought is take the SendMailAsync, and create a .Net Core console app for it. Pass the mail to it, send it, if it fails add it back to the queue.
Second thought is to take all the email stuff, and create another program for it and use dependency injection to generate the message, and send it.
As an exercise towards writing better architected code, I would like to get it right this time. I'm asking for help on this.
Thanks.
Richard:
Is this what you meant by console apps?
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Wasn't he talking about using some kind of queuing broker (e.g. Apache Kafka)? From your explanation, that is what it sounds to me.
If that's the case, you will have an application that would send a message to the queue with an email object and another application that would take those objects, send the emails and, if successful, remove them from the queue.
The broker is the specialized middle-ware responsible for saving those messages until needed and delivering them, guaranteeing that no messages are lost due to applications crashing, servers not available, etc.
|
|
|
|
|
Hi everyone
I am fairly new to MVC and I've only done simple projects without security before. I am now working in a new, more complex project that requires a security model based on role + organization.
The authorization will be based on Windows user. Once the users are validated, they will be marked as working with their default organization, but the can change the organization at any time. We are imagining a drop-down with the organizations the user belong to, and stored the current one as a session variable.
The simplest part of the projects consists of several CRUDs. We have users that are either viewers or editors in these CRUDs, but their role may vary depending on the organization they are working on.
E.g. for the "Branches" table, User "Peter" may be an editor for organization 1 and a viewer for organizations 2 and 3.
If I ignore the organization, I can easily manage the security by extending System.Web.Security.RoleProvider and handling the logic within that class. I believe I could read the current organization from the session variable (haven't tried that yet) in order to add that to the class logic, but I'm pretty sure there must be a better solution.
Can anyone suggest a better solution? Ideally it should be following the ASP.NET System.Web.Security model. Any Visual Studio integrated framework that makes this security handling easier is also very welcomed.
Thank you
|
|
|
|
|
I'm no expert at this by far. But I'll mention the HttpContext. It has a lifespan of one cycle and is stateless.
So I made a Attribute that you decorate the controller ActionResult with. It runs run before the ActionResult is fired, and passes everything downstream. Basically it's session free so you don't have to worry about restarts or what server you hit. I do remember this being a little buggy, in terms of having to erase the cookie a couple of times when exiting debug and starting again, but I think I fixed it.
[AdminCheck]
public IActionResult SomeEditor()
The AdminCheck reads the cookie with special data in it, and if the user authenticates, it creates a new HttpContext.User using a GenericIdentity and GenericPrincipal
I wrote this for .Net Core
[AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class AdminCheckAttribute : ActionFilterAttribute, IActionFilter
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var controller = filterContext.Controller as Controller;
var httpContext = controller.HttpContext;
Model_Admin_Login pResult = SecurityCookies.CookieRead_Admin_Login(httpContext);
if (pResult.AccountName != null)
{<br />
Model_Admin_Login model = new Model_Admin_Login();
bool result = EF_Website_Users.AdminCheck_AccountName(pResult.AccountName, ref model);
if (true == result)
{
String[] newRoles = { "Administrator" };
GenericIdentity newIdentity = new GenericIdentity(pResult.AccountName);
GenericPrincipal newPrincipal = new GenericPrincipal(newIdentity, newRoles);
httpContext.User = newPrincipal;
System.Threading.Thread.CurrentPrincipal = httpContext.User;
controller.ViewData["Admin_Menu"] = true;
controller.ViewData["Admin_UserID"] = model.ID;
controller.ViewData["Admin_UserName"] = pResult.AccountName.ToLower();
controller.ViewData["Admin_ImageUrl"] = model.Avatar.Url;
controller.ViewData["Admin_ImageAlt"] = model.Avatar.Alt;
controller.ViewData["Admin_Base64"] = model.Avatar.Data != null ? Convert.ToBase64String(model.Avatar.Data, 0, model.Avatar.Data.Length) : null;
}
else
{
controller.ViewData["Admin_Menu"] = false;
}<br />
}
else
{
controller.ViewData["Admin_Menu"] = false;<br />
}
base.OnActionExecuting(filterContext);
}
}
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Thanks for your reply Jim. I will look into the example you provided.
When you said "It has a lifespan of one cycle and is stateless.", you mean that it won't survive a IIS/Server reboot? As long as it keeps track of sessions (which I'm pretty sure it does), we are OK with it.
Thanks you
|
|
|
|
|
On the contrary quite the opposite.
Because it reads the cookie you set with say the user name and a special token you craft when validated or authenticated the first time, the attribute will revalidate the authentication being stateless and durable, it will survive a server reboot, or say a worker process recycle and can be used in multiple Docker containers using Kubernetes.
Just add another column to your user database table to store a token that you carefully craft.
Using Sessions to store a value or to maintain authentication is dangerous and not durable in an environment that is suppose to be stateless. It may work today, but can be the cause of your worst mistake ever.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Hi,
I received a security issue recently.It seems to be "Man in the middle attack".
Suppose browser send a request to UI server and receive the response.
But before response is received by browser, it is intercepted by some proxy (like fiddler or burpproxy), the hacker who hold the response, he first change it and then send to the browser.
The actual user doesn't know that the response has been changed.
The application is running on https (SSL), then also it is getting changed.
I tried below things.
1- I analyzed HPKP (http public key pinning). It is aimed to fix these types of issues but it is not supported by all the browser (IE Safari).
It is supported by Chrome but i read an article that even chrome is planning to stop its support for HPKP.
2- I thought to send the encrypted data and decrypt at browser using javascript.
But javascript logic is not possible to hide from hacker.
I heard several article where it is said that javascript logic can be tried to hide, but we can not be sure that it can't be found by hacker.
Please provide some guidance where I should look for the solution to prevent this type of attack.
Regards,
Saurabh
|
|
|
|
|
If your site is always running over HTTPS, then requests and responses cannot be read or modified by a MitM. The only exceptions would be:
- The attacker has convinced a rogue CA to issue an invalid cert for your site.
This would likely be detected pretty quickly, and would result in browsers dropping that CA from their "trusted CAs" list.
HPKP[^] can help to prevent this; but if the user's first access to your site is via a compromised network, the HPKP information could also be removed or compromised.
- The attacker has compromised the user's computer, and installed their own root cert in the trusted store, allowing them to issue invalid certs for any site.
HPKP might help in this case; but if the user's computer has been compromised, the cached pins could also have been deleted or modified.
- The attacker has compromised the user's computer, and installed malware to modify pages after the browser has downloaded them.
As a site owner, there is nothing you can do to prevent this sort of attack. Even if you add CSP[^] to control which scripts can run, the malware can just remove that header.
A more likely scenario is if your site is initially served over HTTP, in which case, a MitM attacker can prevent the redirection to HTTPS, and is free to do whatever they want with your site's content.
HSTS[^] can help to prevent this, but your user would need to access your site via a clean network first.
You can request to have your site included on the "preload" list[^], which would ensure it's only ever accessed over HTTPS, even for new users. But if you ever wanted to switch back, it could take many months for your site to be removed.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks Rechard,
I will try the options provided by you and get back.
|
|
|
|
|
Hi,
I am getting the following error in my Production Server, the application is working fine in Dev environment, so if I have to keep Logging etc and deploy the application, and Web Service, it takes a bit of time like Code Review etc, is there any way to find out where is the Exception happening etc? Without another deployment?
Thanks in advance.
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
|
|
|
|
|
Assuming you're calling a WCF service, you can turn on message logging in the config file:
Message Logging | Microsoft Docs[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Well I've made it this now, which is pretty good. I've almost completed the porting over the front end of my portfolio website and I'm working with the database now, in which I chose MongoDB since that seems to be the buzz word for job apps.
A couple I don't understand about MongoDB. Guess the first question is the auto increment for the index column. Guess Mongo uses a unique identifier based on some other logic, so I used ObjectId.GenerateNewId(); Below is an example of my controller code which writes to Mongo successfully. see the CRMMessage;
Q1: Should I just get rid of the "Id" which was int and is now string and just use InternalId? Or does MongoDB have the same mechanism that will auto increment?
So before I added the the respository to the controller function, it worked fine. Angular would register a success and run my success code. But now it returns something I can't see, which results in Error 500 according to Chrome F12.
Q2: Should I just change IActionResult to void and return nothing? I'm lost here on this.
[HttpPost]
public IActionResult AddMessage([FromBody] CRMMessage message)
{
if (message == null)
{
return BadRequest();
}
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
_crmRespository.AddMessage(new CRMMessage
{
InternalId = ObjectId.GenerateNewId(),
Name = message.Name,
CompanyName = message.CompanyName,
EmailAddress = message.EmailAddress,
PhoneNumber = message.PhoneNumber,
PhoneMobile = message.PhoneMobile,
TimeZone = message.TimeZone,
TimeStamp = message.TimeStamp,
UpdatedOn = message.TimeStamp,
Message = message.Message,
RememberMe = message.RememberMe
});
return CreatedAtRoute("GetSingleMessage", new { id = message.Id }, message);
}
This is my Angular 6, TypeScript onSubmit Function. I know this question is in the wrong section bought thought I'd ask anyways since it tied together. I wonder how it knows the difference between a success and an error. There are tools like postman in which I need to learn how to use.
onSubmit() {
this.dataService.addMessage(this.model).subscribe(
() => {
this.messageSuccess = true;
this.getStartedForm.reset();
this.model.name = '';
this.model.companyName = '';
this.model.emailAddress = ''
this.model.phoneNumber = '';
this.model.phoneMobile = '';
this.model.message = '';
setTimeout(() => {
this.messageSuccess = false;
this.getStartedModal.hide();
this.router.navigate(['/home/getStarted']);<br />
}, 3000);
},
error => {
console.log(error);
}
);
My Angular journey has been confusing because there are so many different examples and versions of Angular. I'm actually dual developing between a pure Angular 6 app in cli and this .Net Core 2.1 version so I can see the different between the two, determine which info is correct. Angular 6 using cli and ng on a text editor is more straight forward to learn first.
Any thoughts besides giving up would be appreciated.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Did some reading up on it and now it makes sense to me.
Changed the id to InternalId that was generated by MongoDB.Bson and called GetSingleMessage to confirm the write, which results in a 201 code.
This must be part of the CRUD operation procedure.
I'll read up on the Id part, auto-increment for MongoDB. Then figure out if I need it the value of not, and whether it should be a string or int.
Must admit it was exciting to see my angular app work correctly.
var result = CreatedAtRoute("GetSingleMessage", new { id = message.InternalId }, message);
return result;
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Hi,
I am trying to use Elmah for my ASP.Net MVC application, in which I was somewhat successful, I could able to see errors like if I try to access url without action method like 404 etc.
But I have questions how Elmah works like
- If I have multiple layers like one Web Service and another one is UI layer, then is it better to include Elmah in both projects separately or just adding it on one Project UI is fine?
- Elmah to Work do I need to log the Errors into Elmah Database explicitly or is the Elmah going to catch the exceptions and write it in the Elmah Database, I have included the Connection string and details in the Web Config of both the Service and UI and included the DLLs as well in both the applications. Is it enough or do I need to write the Exceptions into the Elmah Db
- If I have multiple layers of application, one in that is UI layer and another one is Web Service Layer, then how would I know if any error happened in Data access layer within Web Serice or Business layer within Web Service, do I need to log it into Database of Elmah or how can I do that?
- Which is better way to log errors using Elmah, file or Database, I am using Database, it it ok?
- My most important Concern is how to secure my application? When I have Elma, it shows that we can directly access the errors, I want to make sure only the Developers should be able to access the Errors or Exceptions information, not even Admin users of the Application, can you please give me some suggestions.
I have these questions, can anybody please help me with these, thanks in advance.
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
-- modified 13-Aug-18 12:18pm.
|
|
|
|
|
I am Creating my dashboard page to show line chart pie chart and bar chart in asp.net web form. I don't have any idea about that can you help me to develope the page or any links where i can get demo. Which js file i have to use for this. I don't have idea please suggest me or give me the sample code asap. Its client urgent requirement. help me please.
|
|
|
|
|
Use Google to find a charting library.
|
|
|
|
|
When i host WEB API on cloud and call from Another application then facing this issue
Server Error in '/' Application.
The remote name could not be resolved
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The remote name could not be resolved:
-:Please help:-
|
|
|
|
|
As the error says, your code is trying to make a call to a remote server that doesn't exist.
We can't see your code, and we can't access your network, so we can't tell you how to fix it. You'll need to debug your code, and correct the name of the server that it's trying to call.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
It's likely a DNS issue. Make sure you have a good entry for your endpoint.
Easy check on windows cli:
nslookup my.domain.name
If you don't get an IP address result, the DNS is not setup properly.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
Hi all friends,
I have a textbox like below, I want call jquery function on its onblur or onkeyup or onfocus etc.
@Html.Kendo().TextBoxFor(model => model.Code).HtmlAttributes(new { autocomplete = "off", id = "idTxtForCodeLookupCode" })
when I set it as
$("#idTxtForCodeLookupCode").on('input', function ()
{
debugger;
SetLookupTableValue();
});
function SetLookupTableValue()
{
$("#txtLookupTableId").val($("#drpLookup").data("kendoDropDownList").value());
$("#txtLookupTableId").val();
}
The SetLookupTableValue() function is not being called. I don't know the reason, maybe because TextBox is in Popup and the functions are in the main page.
But I want to try it it works it I can set this onblur event or keyup or even onfocus events using HtmlAttributes, it might work.
Can anybody please help me how to set those events using HtmlAttributes property. Any help would be very helpful, thanks in advance.
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
|
|
|
|
|
Depends on the version of JQuery your using. The call changes as versions are updated.
Technically, JQuery can select an element anywhere on the page or in the DOM, even if it's hidden.
Best thing to do is test first. just have the function write an alert to see if it works first, then write your code to do it's thing.
$("#idTxtForCodeLookupCode").on('blur', function ()
$("#idTxtForCodeLookupCode").blur(function() {
focus, blur, keyup is very tricky and requires more code to listen to certain keys.
I'm going to a seminar, the post JQuery world, in which basically JQuery is no longer needed with modern JavaScript and TypeScript being available now. Something for us to think about.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
The meetup was pretty cool. Technically we don't need JQuery anymore for modern browsers that support HTML5, because modern JavaScript is now part of the browser. You save a 2 meg download on pages that use JQuery. There are many small npm libraries like animate.css that are around 64K in size that can do animation for you and Ajax is built in now.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Hi all,
I have overridden GetValidators method of CustomModelValidatorProvider in class CustomModelValidatorProvider, when a Post is happening, this Validator is getting all the values that I have input on the screen but I have Hidden field that I want to pass into this method is not coming in.
public class CustomModelValidatorProvider : System.Web.Mvc.DataAnnotationsModelValidatorProvider
{
protected override IEnumerable<System.Web.Mvc.ModelValidator> GetValidators(System.Web.Mvc.ModelMetadata metadata, ControllerContext context, IEnumerable<Attribute> attributes)
{
var z = metadata.PropertyName;
if ((metadata.PropertyName == "Code")
&& (metadata.ContainerType.FullName == "DHCS.BH.Provider.Models.LookupTable"))
{
LookupTable model = metadata.Container as LookupTable;
var newAttributes = new List<Attribute>(attributes);
var stringLength = newAttributes.OfType<StringLengthAttribute>().FirstOrDefault();
if (stringLength != null)
{
newAttributes.Remove(stringLength);
if (model.CodeLength != 0)
{
newAttributes.Add(new StringLengthAttribute(model.CodeLength)
{
MinimumLength = model.CodeLength,
ErrorMessage = @"The field {{0}} length must be at least {model.CodeLength}."
});
}
attributes = newAttributes;
}
}
return base.GetValidators(metadata, context, attributes);
}
public string GetPropertyName<T>(Expression<Func<T>> propertyLambda)
{
var me = propertyLambda.Body as MemberExpression;
if (me == null)
{
throw new ArgumentException("You must pass a lambda of the form: '() => Class.Property' or '() => object.Property'");
}
return me.Member.Name;
}
}
My cshtml file is as below, it is a Popup that's being generated for Create and Edit buttons of Kendo Grid.
@model DHCS.BH.Provider.Models.LookupTable
@{
ViewBag.Title = "EditLookup";
}
@using (Html.BeginForm())
{
@Html.AntiForgeryToken()
<pre>
<div class="k-edit-form-container">
@*<div class="editor-field">
@Html.Kendo().TextBoxFor(model => model.LookupTableId).HtmlAttributes(new { autocomplete = "off", id = "idXYZ" })
</div>*@
@Html.HiddenFor(model => model.LookupTableId, new { id = "txtLookupTableId" })
<div class="editor-label">
@Html.LabelFor(model => model.Code)
</div>
<div class="editor-field">
@Html.Kendo().TextBoxFor(model => model.Code).HtmlAttributes(new { autocomplete = "off", id = "idTxtForCodeLookupCode" })<br />
<br />
<label id="lblCodeValidationMessage" style="color:gray;font-style:italic;font-size:smaller;font-weight:normal;">Testing</label>
</div>
<div class="editor-label">
@Html.LabelFor(model => model.Description)
</div>
<div class="editor-field">
@Html.Kendo().TextBoxFor(model => model.Description).HtmlAttributes(new { autocomplete = "off", id = "idTxtForDescLookupCode" })
<label id="lblDescriptionValidationMessage" style="color:gray;font-style:italic;font-size:x-small;font-weight:normal;"></label><br />
</div>
<div class="editor-label" >
<label id="lblIsValid">Is Active: </label>
</div>
<div class="editor-field" style="padding-top: 10px;">
@Html.Kendo().CheckBoxFor(model => model.IsValid)
</div>
</div>
}
SetLookupTableValue();
And method SetLookupTableValue sets the value of the HiddenField txtLookupTableId, when I click on the save all other Textbox and Checkbox values coming in the model of the above GetValidators method but the LookupTableId value is coming as null, any help for this would very great help, thanks in advance.
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
|
|
|
|
|
Are you sure that txtLookupTableId is being set correctly?
You can use a tool like Fiddler[^] to inspect the raw HTTP post to check the value coming in.
|
|
|
|
|
Yes I mean in the JavaScript function but I am not sure if something else is happening between the RequestEnd javascript function call and opening the Popup.
I want to write a text changed event for the Kendo Textbox, idTxtForCodeLookupCode, can you please help me how to write it using jquery, maybe if I assign value to the HiddenField: txtLookupTableId, it would be good.
Thanks,
Abdul Aleem
"There is already enough hatred in the world lets spread love, compassion and affection."
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
