FlexGrid? Why on earth would you be using such an ancient control?
Your question doesn't make sense. What value? Why are you using the KeyPress and KeyDown events? For what? What is the DoubleClick event being used? For what? What are you expecting to work that doesn't?
Oh, and change your username to something other than your email address, unless you like getting bombarded by spam emails. NEVER post your email address in a public forum.
Anything else is not great; WinForms has usability, predictability, and accessability. The latter meaning it works even for those who see less. Predictability means a button is recogizable as one, meaning users don't need expensive education. Usability means they find that on their own.
So, to be short; a great UI is a non MAC one.
Bastard Programmer from Hell
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
For the purposes of an OAuth 2.0 Client, I need to parse a HTTP GET with no body, and return either this pre-canned HTML (success) or that pre-canned HTML (fail), maybe serve up a bit of CSS and an image or two. Every other request I can respond 404.
I have elsewhere explained that I can't use anything based on System.Net.HttpListener for this purpose, because that puts me in the situation of needing to elevate privileges on the host at least *sometime previously* ... but this app is ClickOnce so-as-to-avoid-the-need-for-admin-rights ... especially the need for admin rights in order to setup the app to receive an OAuth 2.0 authentication code!
System.Net.TcpListener dodges the 'urlacl' infrastructure though. Sure, it puts more responsibility on me to 'be a webserver', but as explained, the 'functional surface area' of this web-server is quite small. So whether I write-my-own or import some dependencies, I feel like this *should* result in either a little bit of code, or a few minimal dependencies.
Is this expectation reasonable, do you think, or are there gremlins in the forest? Are there any minimal 'sits on top of TcpListener' HTTP libraries/servers you are aware of?
Big relief: https is NOT required for OAuth 2.0 redirect_uri which use 'localhost' as the hostname (at least with Xeros Authentication Server anyway ... it is possibly a requirement of the spec).
A good thing too, or else presenting a clean certificate for 'localhost' to the user's browser (kind of super-important when getting the user to trust your app to access their resources) would require presentation a self-signed cert that's trusted by the host. Which would require generating and adding adding it to the trust store at some point in time prior to the moment it is used. Which would require privilege-elevation prior to the moment it is used. Which we are trying to avoid with ClickOnce.
My program is going through each word in a story looking for names. I am using the following function to check against a string full of names (aaron, adam, ...) to see if the word is a name, but it is returning true for partial word matches such as "the" in "Theodore". What am I doing wrong?
I would like to submit my reasoning for validation/sympathty. If your head is not already full of OAuth 2.0 the language here might not make sense.
Some context is required:
* The Resource Server is Xero
* The Authorization Server is Xero
* The Authorization Server permits registration of Clients which use either the 'Authentication Code Flow' or the 'Authentication Code + PKCE Flow'
* The Authorization Server correctly requires Client registrations to supply a 'redirect_uri'
* The Authorization Server incorrectly requires Client registrations to supply a 'redirect_uri' only with an https:// prefix
* The Client is my .NET desktop ClickOnce app
* The User Agent (browser) runs on the same machine as the Client, in the same desktop session
* the User making the OAuth 2.0 delegation does not otherwise need admin rights to the machine
... and the Dev (not really the subject of an OAuth spec, thank heaven!) just wants to get on and write his business logic.
Right, so back to work:
To get an access token, we first of all need an authorization code. We get that from the Authorization Server through the 'front channel' ... the User's User Agent (ie. a browser) is given an HTTP redirect to the 'redirect_uri' with the information we need in an HTTP request.
And here we run into 'hassle'.
IF our Client were an Android, iOS or UWP(?) app, we could have registered for a 'Claimed Https Scheme URI Redirection' ... when the User Agent (browser) visits https://example.com/, it will activate the app and send the URL to us! (so long as we can convince the respective app store WE own example.com ... it's all in the app manifest).
But ... that's not us. We're a 'legacy' app on Windows. Well, we could use a 'Custom URI Scheme' and register 'com.example.myapp:/foo' with Windows, which would (after a browser prompt) activate our app and hand the URI over to it (maybe ... it isn't clear if we can do this for ClickOnce apps that are 'installed' in each user's roaming profile). We get the same effect as with the Claimed HTTPS URL approach.
But ... that's not us. Xero won't let us use a Custom URI as the 'redirect_uri' anyway
That leaves us with ... running a quick webserver on the loopback/localhost address. Our 'redirect_uri' becomes 'https://localhost:1234/myapp'
Now we have to nominate a port to bind to, that is 'guaranteed' to be available at runtime! Fortunately, we can do bit of a scattergun and nominate *multiple* redirect_uri (https://localhost:5678, https://localhost:6789, etc) when registering our Client with the Xero Authentication Server (or we'd be sunk, basically, if another long-lived app decided to bind to the port we'd chosen).
Great, so we find an available port. Now to bind an HttpListener to the port and wait for the User Agent to hand control back to us.
So we either need:
* admin privileges to bind the port without a 'urlacl' reservation; or
* to have previously done something like "netsh http add urlacl url=https://+:1234" (for at least the redirect_uri variants we have chosen to use at runtime) ... which requires either that we set this up when we had elevated privileges when we installed our app (or not ...since we are ClickOnce), or that we obtain such privileges NOW to do the "netsh http add urlacl" work.
In either case, we now need to refactor a part of our app out to a separate process and arrange for it to run as admin ... which we never intended for our user to have to do ... so that they can delegate the right for our app to access their Xero accounts. Thankfully they only have to do this INFREQUENTLY, but they'll need someone with local admin rights standing over their shoulder when they do
Hello folks, my first post after years of lurking. The burden of the out-of-date articles on the Internet around .NET technologies is getting really heavy, and I can't quite locate reliable info, and I'm blocked on this.
I basically would like to force the UAC prompt to do some stuff as admin. I understand I will need a new process and must arrange IPC between the unprivileged-parent and the privileged-child (sounds familiar ).
is the go, or if there is a Better Way Today. There are articles here and there about using the app.manifest which I can't seem to apply in VS 2019 - they feel defunct. (.NET Framework itself is starting to feel defunct, actually).
Either the runas verb or an application manifest should work.
I'm not sure whether you'll be able to use IPC from the unelevated app to the elevated app. And if you can, you need to be extremely careful to secure it, so that it can't be used by malicious code as an elevation of privilege attack vector.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Last Visit: 31-Dec-99 19:00 Last Update: 25-Jan-21 5:20