|
You should check the next character for a space, period or line terminator to determine the length of the word.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
I would like to submit my reasoning for validation/sympathty. If your head is not already full of OAuth 2.0 the language here might not make sense.
Some context is required:
* The Resource Server is Xero
* The Authorization Server is Xero
* The Authorization Server permits registration of Clients which use either the 'Authentication Code Flow' or the 'Authentication Code + PKCE Flow'
* The Authorization Server correctly requires Client registrations to supply a 'redirect_uri'
* The Authorization Server incorrectly requires Client registrations to supply a 'redirect_uri' only with an https:// prefix 
* The Client is my .NET desktop ClickOnce app
* The User Agent (browser) runs on the same machine as the Client, in the same desktop session
* the User making the OAuth 2.0 delegation does not otherwise need admin rights to the machine
... and the Dev (not really the subject of an OAuth spec, thank heaven!) just wants to get on and write his business logic. 
Right, so back to work: ![Java | [Coffee]](https://www.codeproject.com/script/Forums/Images/coffee.gif)
To get an access token, we first of all need an authorization code. We get that from the Authorization Server through the 'front channel' ... the User's User Agent (ie. a browser) is given an HTTP redirect to the 'redirect_uri' with the information we need in an HTTP request.
And here we run into 'hassle'.
IF our Client were an Android, iOS or UWP(?) app, we could have registered for a 'Claimed Https Scheme URI Redirection' ... when the User Agent (browser) visits https://example.com/, it will activate the app and send the URL to us! (so long as we can convince the respective app store WE own example.com ... it's all in the app manifest).
But ... that's not us. We're a 'legacy' app on Windows. Well, we could use a 'Custom URI Scheme' and register 'com.example.myapp:/foo' with Windows, which would (after a browser prompt) activate our app and hand the URI over to it (maybe ... it isn't clear if we can do this for ClickOnce apps that are 'installed' in each user's roaming profile). We get the same effect as with the Claimed HTTPS URL approach.
But ... that's not us. Xero won't let us use a Custom URI as the 'redirect_uri' anyway 
(The article Redirect URLs for Native Apps on Okta (a competing Authorization Server) lays these things out quite neatly. Ldapwiki: Claimed Https Scheme URI Redirection on JSPWiki is more jumbled, but references RFCs).
That leaves us with ... running a quick webserver on the loopback/localhost address. Our 'redirect_uri' becomes 'https://localhost:1234/myapp'
Now we have to nominate a port to bind to, that is 'guaranteed' to be available at runtime! Fortunately, we can do bit of a scattergun and nominate *multiple* redirect_uri (https://localhost:5678, https://localhost:6789, etc) when registering our Client with the Xero Authentication Server (or we'd be sunk, basically, if another long-lived app decided to bind to the port we'd chosen).
Great, so we find an available port. Now to bind an HttpListener to the port and wait for the User Agent to hand control back to us.
So we either need:
* admin privileges to bind the port without a 'urlacl' reservation; or
* to have previously done something like "netsh http add urlacl url=https://+:1234" (for at least the redirect_uri variants we have chosen to use at runtime) ... which requires either that we set this up when we had elevated privileges when we installed our app (or not ...since we are ClickOnce), or that we obtain such privileges NOW to do the "netsh http add urlacl" work.
In either case, we now need to refactor a part of our app out to a separate process and arrange for it to run as admin ... which we never intended for our user to have to do ... so that they can delegate the right for our app to access their Xero accounts. Thankfully they only have to do this INFREQUENTLY, but they'll need someone with local admin rights standing over their shoulder when they do 
modified 15-Sep-20 10:50am.
|
|
|
|
|
Hello folks, my first post after years of lurking. The burden of the out-of-date articles on the Internet around .NET technologies is getting really heavy, and I can't quite locate reliable info, and I'm blocked on this.
I have asked the question on Stack Overflow, but the quality of the related answers is not encouraging me I'll get a bite. I guess all the real veterans hang out here!
I basically would like to force the UAC prompt to do some stuff as admin. I understand I will need a new process and must arrange IPC between the unprivileged-parent and the privileged-child (sounds familiar  ).
But I don't know if using
System.Diagnostics.ProcessStartInfo.verb = "runas" is the go, or if there is a Better Way Today. There are articles here and there about using the app.manifest which I can't seem to apply in VS 2019 - they feel defunct. (.NET Framework itself is starting to feel defunct, actually).
TIA
|
|
|
|
|
Either the runas verb or an application manifest should work.
I'm not sure whether you'll be able to use IPC from the unelevated app to the elevated app. And if you can, you need to be extremely careful to secure it, so that it can't be used by malicious code as an elevation of privilege attack vector.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Richard Deeming wrote: I'm not sure whether you'll be able to use IPC from the unelevated app to the elevated app.
Thanks Richard. For IPC, I hope I can use anonymous named pipes between the processes, per Microsoft's own How to Use Anonymous Pipes for Local Interprocess Communication. I imagine the privileged-child will be able to connect to the pipe created by the unprivileged-parent without issue if it has the token.
To pass the result of (new AnonymousPipeServerStream(/*etc*/)).GetClientHandleAsString() to the privileged-child, I will pass it as a command-line argument.
I suppose a malicious application could create its own named-pipe, invoke MY privileged-child app to fool the user into approving the UAC prompt (abusing my good name) and then control the privileged-child process from their malicious app. Fortunately I only really need the pipe for signalling the privileged-child to stop ... not to direct the action of the privileged-child.
Since I'll be working with ProcessStartInfo anyhow, adding a 'runas' verb is 'within easy reach'.
It then becomes a question of whether anything is gained by going declarative. Yes, if I needed the 'verb' for a different purpose, I guess. Or if I wanted the privileged-child code to be useful to an audience wider than my app. No, if I am happy for my privileged-child to fail unless properly invoked by MY code (heck, I could even take steps to make it a lot harder for said malicious actor!), or if I don't wish to draw the attention of malicious parties by marking it 'hey, I run as admin!'.
|
|
|
|
|
I'll go ahead and try these things right away. I solved my app.manifest issues by ticking the 'NET Desktop Development' profile in the VS 2019 installer!
|
|
|
|
|
Hi I have an Entity as below:
public class Complaint
{
public Complaint()
{ }
[Key]
[DatabaseGenerated(DatabaseGeneratedOption.Identity)]
public int Id { get; set; }
[Index("IX_UniqueConstraintComplaint", 1, IsUnique = true)]
public int? InspectionRequestId { get; set; }
public InspectionRequest InspectionRequest { get; set; }
[Index("IX_UniqueConstraintComplaint", 2, IsUnique = true)]
public int? InspectionResultId { get; set; }
public InspectionResult InspectionResult { get; set; }
[Index("IX_UniqueConstraintComplaint", 3, IsUnique = true)]
public int? CaseId { get; set; }
public Case Case { get; set; }
[Index("IX_UniqueConstraintComplaint", 4, IsUnique = true)]
public string ComplaintId { get; set; }
}
I want to rename this entity as below with couple of column names changed, can somebody please help me in this
public class RequestResultCaseComplaint
{
public RequestResultCaseComplaint()
{ }
[Key]
[DatabaseGenerated(DatabaseGeneratedOption.Identity)]
public int RequestResultCaseComplaintId { get; set; }
[Index("IX_UniqueConstraintComplaint", 1, IsUnique = true)]
public int? InspectionRequestId { get; set; }
public InspectionRequest InspectionRequest { get; set; }
[Index("IX_UniqueConstraintComplaint", 2, IsUnique = true)]
public int? InspectionResultId { get; set; }
public InspectionResult InspectionResult { get; set; }
[Index("IX_UniqueConstraintComplaint", 3, IsUnique = true)]
public int? CaseId { get; set; }
public Case Case { get; set; }
[Index("IX_UniqueConstraintComplaint", 4, IsUnique = true)]
[Required]
[StringLength(20)]
public string ComplaintId { get; set; }
}
I previously had the entity as in the 2nd case, unfortunately I removed it, and now when I am trying to create with same name again, whether EF has cached it I don't know, but EF is not recognizing it, can somebody please help me in this, does EF cache the already created Entities with same names, how can we clean it?
Its not allowing me to create the same Entity again even after deleting the Entity and trying regenerate again.
Or at least can I rename already existing Entity and its columns, how can I do it any help please?
|
|
|
|
|
|
If you're still in development, and using Code First, then just nuke the database / tables.
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it.
― Confucian Analects: Rules of Confucius about his food
|
|
|
|
|
Funny - I don't have nuke weapons ,
I did achieve it, I manually wrote up and down methods and ran them against, challenging, scary but did it, thank you both for the help buddies.
|
|
|
|
|
Message Closed
modified 7-Sep-20 14:02pm.
|
|
|
|
|
Change your username, or be kicked off the site.
That is unacceptable in a professional environment.
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Gone.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
On top of your username issues, the question is off-topic for this site.
|
|
|
|
|
Hi,
I am building desktop application with VB.NET. Have following query
Scenario 1:
1. Settings Form contains 2 sections
2. first section contains text boxes to enter data
3. Have button, popup window will open on clicking the same. User enter some data in popup window and click save. Want to display popup window data in settings form - datagridview. Please note still data is not saved to database.
4. Once user clicks 'Save' button of Settings window then all data of text boxes and datagridview is stored in database.
However, when user reopens this Settings form, I want data should be populated from database to text boxes and datagridview. Post this, want to display popup window data if user adds any new data.
Please help/
|
|
|
|
|
hiruthere wrote: Please help
You need to explain exactly what help you need. The above post just gives a list of requirements.
|
|
|
|
|
Hi,
We are working on a project, where there are 2 different web applications are used by the same user. Hence we need Single Signon (SSO), so that when a user is logged in one application opens the second application, it should not ask for relogin, if the user have permissions.
Our web application is on .net core 3.1
We had implemented SSO using identity 4. we had refereed a sample application (.net core 2.0 and identity 4 server 2.0) and implemented the same.
Issues facing
1. Even if a user have permissions for both the applications and logged in to 1 application, when he tries to open the 2nd application, it asks to signin again(ie, it is not authorized)
2. For admin user, which have all the permission, it fails to open the application due to cookie memory issue.
We have tried to upgrade the identity 4 server to the latest (4.1), but it through run time error.
Please help to resolve the issue.
|
|
|
|
|
If you're talking about IdentityServer[^], you're best source of information is going to be the people that wrote it. There's a "Contact" link in the upper right corner of the site.
|
|
|
|
|
Follow the cookie or the token.
How Does Single Sign-On (SSO) Work? | OneLogin
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it.
― Confucian Analects: Rules of Confucius about his food
|
|
|
|
|
Hi,
I am building desktop application using .net framework. Front end will be deployed in client PC and database will be kept in LAN server. In this case which is best database to be used.
Since I am new to client-server implementation how to make sure connection string while installing front end in client PC and is there any instance of database needs to installed before establishing connectivity. I don't want to too much dependencies while installation since client is startup company and not able to invest on licence databases.
Regards,
Rahul
|
|
|
|
|
You could use SQL Server Express, or google for free\open source database solutions, but using SQL Express would make it easier to go to proper SQL Server when they can afford it. However I would strongly question any company, start-up or not, that can't afford to properly license software and I'd also be wary working for such a company.
|
|
|
|
|
What SiteCore said - SQL Express will give you 4gb of storage and limited connections but will allow you to easily upgrade to a licenced version when you outgrow the express.
I do hope you are doing this pro bono or as a training/entry exercise, it does sound dodgy.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
Packaging will be the least of your problems: "I am building..."
It was only in wine that he laid down no limit for himself, but he did not allow himself to be confused by it.
― Confucian Analects: Rules of Confucius about his food
|
|
|
|
|
Você pode usar o MYSQl, e gratuito e atende bem para uma empresa de pequeno ou médio porte.
|
|
|
|
|
I see some articles on migrating away from .NET remoting, but so far I haven't found anything that flat out says I shouldn't use it for new projects.
Does anyone know the state of the world regarding .NET remoting in say... DNF 4.72?
I have no requirements to support Core because my project involves a window service that does interprocess communication. I want to use .NET remoting for that. It's not internet facing, it's purely for IPC.
Real programmers use butterflies
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
