Search Results

Search found 5864 results on 235 pages for 'secure gateway'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 222/235 | < Previous Page | 218 219 220 221 222 223 224 225 226 227 228 229  | Next Page >

  • Send User-Agent through CONNECT and POST with WinHTTP?

    - by Duncan Bayne
    I'm trying to POST to a secure site using WinHttp, and running into a problem where the User-Agent header isn't being sent along with the CONNECT. I am using a lightly-modified code sample from MSDN: HINTERNET hHttpSession = NULL; HINTERNET hConnect = NULL; HINTERNET hRequest = NULL; WINHTTP_AUTOPROXY_OPTIONS AutoProxyOptions; WINHTTP_PROXY_INFO ProxyInfo; DWORD cbProxyInfoSize = sizeof(ProxyInfo); ZeroMemory( &AutoProxyOptions, sizeof(AutoProxyOptions) ); ZeroMemory( &ProxyInfo, sizeof(ProxyInfo) ); hHttpSession = WinHttpOpen(L"WinHTTP AutoProxy Sample/1.0", WINHTTP_ACCESS_TYPE_NO_PROXY, WINHTTP_NO_PROXY_NAME, WINHTTP_NO_PROXY_BYPASS, 0); if(!hHttpSession) goto Exit; hConnect = WinHttpConnect( hHttpSession, L"server.com", INTERNET_DEFAULT_HTTPS_PORT, 0 ); if( !hConnect ) goto Exit; hRequest = WinHttpOpenRequest(hConnect, L"POST", L"/resource", NULL, WINHTTP_NO_REFERER, WINHTTP_DEFAULT_ACCEPT_TYPES, WINHTTP_FLAG_SECURE ); if( !hRequest ) goto Exit; WINHTTP_PROXY_INFO proxyInfo; proxyInfo.dwAccessType = WINHTTP_ACCESS_TYPE_NAMED_PROXY; proxyInfo.lpszProxy = L"192.168.1.2:3199"; proxyInfo.lpszProxyBypass = L""; WinHttpSetOption(hHttpSession, WINHTTP_OPTION_PROXY, &proxyInfo, sizeof(proxyInfo)); WinHttpSetCredentials(hRequest, WINHTTP_AUTH_TARGET_PROXY, WINHTTP_AUTH_SCHEME_BASIC, L"proxyuser", L"proxypass", NULL); if( !WinHttpSendRequest(hRequest, WINHTTP_NO_ADDITIONAL_HEADERS, 0, "content", 7, 7, 0)) { goto Exit; } if(!WinHttpReceiveResponse(hRequest, NULL)) goto Exit; /* handle result */ Exit: if( ProxyInfo.lpszProxy != NULL ) GlobalFree(ProxyInfo.lpszProxy); if( ProxyInfo.lpszProxyBypass != NULL ) GlobalFree( ProxyInfo.lpszProxyBypass ); if( hRequest != NULL ) WinHttpCloseHandle( hRequest ); if( hConnect != NULL ) WinHttpCloseHandle( hConnect ); if( hHttpSession != NULL ) WinHttpCloseHandle( hHttpSession ); What this does is connect to my server through an authenticated proxy at 192.168.1.2:3199, and make a POST. This works, but when I examine the proxy logs the User-Agent string ("WinHTTP AutoProxy Sample/1.0") is not being sent as part of the CONNECT. It is however sent as part of the POST. Could someone please tell me how I can change this code to have the User-Agent header sent during both the CONNECT and POST? Edited to add: we are observing this problem only on Windows 7. If we run the same code on a Windows Vista box, we can see the User-Agent header being sent on CONNECT.

    Read the article

  • WCF - Multiple schema HTTP and HTTPS in the same service

    - by Ender
    I am trying to set up WCF service in production. The service has two bindings with two different interfaces. One endpoint (basicHttpBinding) is set up at HTTP and the other endpoint (wsHttpBinding) is set up securely over SSL. I can't get this scenario to work. Everything works with no problem if both endpoints are set up over HTTP. Before I even get into the specifics of errors I get, is is possible to run secure and insecure endpoint over the same service ? Here is a brief description of my configuration: <serviceBehaviors> <behavior name="MyServiceBehavior"> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" /> <serviceCredentials> <serviceCertificate findValue="123312123123123123123399451b178" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" /> <issuedTokenAuthentication allowUntrustedRsaIssuers="true"/> </serviceCredentials> </behavior> </serviceBehaviors> <bindings> <basicHttpBinding> <binding name="basicHttpBinding" maxReceivedMessageSize="2147483647"> </binding> </basicHttpBinding> <wsHttpBinding> <binding name="wsHttpBinding" maxReceivedMessageSize="2147483647"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName" establishSecurityContext="False"/> </security> </binding> </wsHttpBinding> </bindings> <services> <service behaviorConfiguration="MyServiceBehavior" name="MyService"> <endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpBinding" contract="IMyService1"> </endpoint> <endpoint address="mms" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding" contract="IMyService2"> </endpoint> <endpoint address="mex" listenUri="" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> Thanks !

    Read the article

  • Exception thrown in YUI: "Sizzle" is not defined!

    - by nanobyt3
    Hi, We are using HTML Unit v2.6 with Web-Harvest and extended its functionality to create a new element <web session="sess1" browser="firefox2"> <web-getpage url="https://www.linkedin.com/secure/login"/> <web-setinput name="uname">username</web-setinput> <web-setinput name="pwd">password</web-setinput> <web-clickinput name="login"/> </web> When we run this we get an exception while the element loads the URL specified. The details are as below: Caused by: net.sourceforge.htmlunit.corejs.javascript.EcmaError: TypeError: Cannot find function hasOwnProperty in object net.sourceforge.htmlunit.corejs.javascript.EcmaError: ReferenceError: "Sizzle" is not defined. at net.sourceforge.htmlunit.corejs.javascript.ScriptRuntime.constructError(ScriptRuntime.java:3651) at net.sourceforge.htmlunit.corejs.javascript.ScriptRuntime.constructError(ScriptRuntime.java:3629) at net.sourceforge.htmlunit.corejs.javascript.ScriptRuntime.typeError(ScriptRuntime.java:3657) at net.sourceforge.htmlunit.corejs.javascript.ScriptRuntime.typeError2(ScriptRuntime.java:3676) at net.sourceforge.htmlunit.corejs.javascript.ScriptRuntime.notFunctionError(ScriptRuntime.java:3740) at net.sourceforge.htmlunit.corejs.javascript.ScriptRuntime.getPropFunctionAndThisHelper(ScriptRuntime.java:2249) at net.sourceforge.htmlunit.corejs.javascript.ScriptRuntime.getPropFunctionAndThis(ScriptRuntime.java:2216) at net.sourceforge.htmlunit.corejs.javascript.Interpreter.interpretLoop(Interpreter.java:1501) at net.sourceforge.htmlunit.corejs.javascript.Interpreter.interpret(Interpreter.java:845) at net.sourceforge.htmlunit.corejs.javascript.InterpretedFunction.call(InterpretedFunction.java:164) at net.sourceforge.htmlunit.corejs.javascript.ContextFactory.doTopCall(ContextFactory.java:427) at com.gargoylesoftware.htmlunit.javascript.HtmlUnitContextFactory.doTopCall(HtmlUnitContextFactory.java:263) at net.sourceforge.htmlunit.corejs.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3058) at net.sourceforge.htmlunit.corejs.javascript.InterpretedFunction.exec(InterpretedFunction.java:175) at com.gargoylesoftware.htmlunit.javascript.JavaScriptEngine$5.doRun(JavaScriptEngine.java:415) at com.gargoylesoftware.htmlunit.javascript.JavaScriptEngine$HtmlUnitContextAction.run(JavaScriptEngine.java:520) ... 42 more As it appears that 'Sizzle' (present in YUI3) is causing this. We then checked the same in Firefox and IE but neither of the browsers showed any error of 'Sizzle' not being defined. Also we tried to use latest snapshot of htmlunit, but had same issue. Is this a limitation(bug) of HTML Unit JavaScript engine? OR Is there anyway to configure HTML Unit to handle this exception? If anyone has already had such an issue, please do let us know. Any help is very much appreciated. Thanks in advance !

    Read the article

  • Ubuntu 9.10 and Squid 2.7 Transparent Proxy TCP_DENIED

    - by user298814
    Hi, We've spent the last two days trying to get squid 2.7 to work with ubuntu 9.10. The computer running ubuntu has two network interfaces: eth0 and eth1 with dhcp running on eth1. Both interfaces have static ip's, eth0 is connected to the Internet and eth1 is connected to our LAN. We have followed literally dozens of different tutorials with no success. The tutorial here was the last one we did that actually got us some sort of results: http://www.basicconfig.com/linuxnetwork/setup_ubuntu_squid_proxy_server_beginner_guide. When we try to access a site like seriouswheels.com from the LAN we get the following message on the client machine: ERROR The requested URL could not be retrieved Invalid Request error was encountered while trying to process the request: GET / HTTP/1.1 Host: www.seriouswheels.com Connection: keep-alive User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.307.11 Safari/532.9 Cache-Control: max-age=0 Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,/;q=0.5 Accept-Encoding: gzip,deflate,sdch Cookie: __utmz=88947353.1269218405.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __qca=P0-1052556952-1269218405250; __utma=88947353.1027590811.1269218405.1269218405.1269218405.1; __qseg=Q_D Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Some possible problems are: Missing or unknown request method. Missing URL. Missing HTTP Identifier (HTTP/1.0). Request is too large. Content-Length missing for POST or PUT requests. Illegal character in hostname; underscores are not allowed. Your cache administrator is webmaster. Below are all the configuration files: /etc/squid/squid.conf, /etc/network/if-up.d/00-firewall, /etc/network/interfaces, /var/log/squid/access.log. Something somewhere is wrong but we cannot figure out where. Our end goal for all of this is the superimpose content onto every page that a client requests on the LAN. We've been told that squid is the way to do this but at this point in the game we are just trying to get squid setup correctly as our proxy. Thanks in advance. squid.conf acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 192.168.0.0/24 acl SSL_ports port 443 # https acl SSL_ports port 563 # snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localnet http_access deny all icp_access allow localnet icp_access deny all http_port 3128 hierarchy_stoplist cgi-bin ? cache_dir ufs /var/spool/squid/cache1 1000 16 256 access_log /var/log/squid/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] upgrade_http0.9 deny shoutcast acl apache rep_header Server ^Apache broken_vary_encoding allow apache extension_methods REPORT MERGE MKACTIVITY CHECKOUT cache_mgr webmaster cache_effective_user proxy cache_effective_group proxy hosts_file /etc/hosts coredump_dir /var/spool/squid access.log 1269243042.740 0 192.168.1.11 TCP_DENIED/400 2576 GET NONE:// - NONE/- text/html 00-firewall iptables -F iptables -t nat -F iptables -t mangle -F iptables -X echo 1 | tee /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -j MASQUERADE iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 networking auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 142.104.109.179 netmask 255.255.224.0 gateway 142.104.127.254 auto eth1 iface eth1 inet static address 192.168.1.100 netmask 255.255.255.0

    Read the article

  • ASP.NET Web Service Throws 401 (unauthorized) Error

    - by user268611
    Hi Experts, I have this .NET application to be run in an intranet environment. It is configured so that it requires Windows Authentication before you can access the website (Anonymous access is disabled). This website calls a web service (enable anonymous access) and the web service calls the DB. We do have a token-based authentication between the web application and the web service to secure the communication between them. The issue I'm facing is that when I deploy this to production, I'm having an intermittent issue whereby the communication between the web application and the web service failed. The 401 issue was thrown. This is actually working fine in our QA environment. Is this an issue with Active Directory? Or could it be an isssue with FQDN as mentioned here: http://support.microsoft.com/default.aspx?scid=kb;en-us;896861? The weirdest thing is that this is happening intermittently when tested in both on the server itself and a remote workstation in my client's environment. But, this is working perfectly in my environment. OS: Windows Server SP1 IIS 6 .NET 3.5 Framework Any idea about the 401 (Unauthorized) issue?? Thx for the help... This is from the log... Event code: 3005 Event message: An unhandled exception has occurred. Event time: 4/5/2010 10:44:57 AM Event time (UTC): 4/5/2010 2:44:57 AM Event ID: 6c8ea2607b8d4e29a7f0b1c392b1cb21 Event sequence: 155112 Event occurrence: 2 Event detail code: 0 Application information: Application domain: xxx Trust level: Full Application Virtual Path: xxx Application Path: xxx Machine name: xxx Process information: Process ID: 4424 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: WebException Exception message: The request failed with HTTP status 401: Unauthorized. Request information: Request URL: http://[ip]/[app_path] Request path: xxx User host address: [ip] User: xxx Is authenticated: True Authentication Type: Negotiate Thread account name: xxx Thread information: Thread ID: 6 Thread account name: xxx Is impersonating: False Stack trace: at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at wsVulnerabilityAdvisory.Service.test() at test.Page_Load(Object sender, EventArgs e) at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) at System.Web.UI.Control.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    Read the article

  • Which functions in the C standard library commonly encourage bad practice?

    - by Ninefingers
    Hello all, This is inspired by this question and the comments on one particular answer in that I learnt that strncpy is not a very safe string handling function in C and that it pads zeros, until it reaches n, something I was unaware of. Specifically, to quote R.. strncpy does not null-terminate, and does null-pad the whole remainder of the destination buffer, which is a huge waste of time. You can work around the former by adding your own null padding, but not the latter. It was never intended for use as a "safe string handling" function, but for working with fixed-size fields in Unix directory tables and database files. snprintf(dest, n, "%s", src) is the only correct "safe strcpy" in standard C, but it's likely to be a lot slower. By the way, truncation in itself can be a major bug and in some cases might lead to privilege elevation or DoS, so throwing "safe" string functions that truncate their output at a problem is not a way to make it "safe" or "secure". Instead, you should ensure that the destination buffer is the right size and simply use strcpy (or better yet, memcpy if you already know the source string length). And from Jonathan Leffler Note that strncat() is even more confusing in its interface than strncpy() - what exactly is that length argument, again? It isn't what you'd expect based on what you supply strncpy() etc - so it is more error prone even than strncpy(). For copying strings around, I'm increasingly of the opinion that there is a strong argument that you only need memmove() because you always know all the sizes ahead of time and make sure there's enough space ahead of time. Use memmove() in preference to any of strcpy(), strcat(), strncpy(), strncat(), memcpy(). So, I'm clearly a little rusty on the C standard library. Therefore, I'd like to pose the question: What C standard library functions are used inappropriately/in ways that may cause/lead to security problems/code defects/inefficiencies? In the interests of objectivity, I have a number of criteria for an answer: Please, if you can, cite design reasons behind the function in question i.e. its intended purpose. Please highlight the misuse to which the code is currently put. Please state why that misuse may lead towards a problem. I know that should be obvious but it prevents soft answers. Please avoid: Debates over naming conventions of functions (except where this unequivocably causes confusion). "I prefer x over y" - preference is ok, we all have them but I'm interested in actual unexpected side effects and how to guard against them. As this is likely to be considered subjective and has no definite answer I'm flagging for community wiki straight away. I am also working as per C99.

    Read the article

  • Can't get tokens when using OAuth with LinkedIn API

    - by Angela
    Hi, was wondering if anyone can help me to get this basic OAuth implementation to work using the LinkedIn API: The output for the indexes oauth_token and oauth_token_secret are blank. The file I refer to in OAuth.php are a set of classes to help generate the token requests and tokens. That file is here: http://www.easy-share.com/1909603316/OAuth.php <?php session_start(); require_once("OAuth.php"); $app_token = "YOUR APP TOKEN GOES HERE"; $app_key = "YOUR APP KEY GOES HERE"; $domain = "https://api.linkedin.com/uas/oauth"; $sig_method = new OAuthSignatureMethod_HMAC_SHA1(); $test_consumer = new OAuthConsumer($app_token, $app_key, NULL); $callback = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']."?action=getaccesstoken"; # First time through, get a request token from LinkedIn. if (!isset($_GET['action'])) { $req_req = OAuthRequest::from_consumer_and_token($test_consumer, NULL, "POST", $domain . "/requestToken"); $req_req->set_parameter("oauth_callback", $callback); # part of OAuth 1.0a - callback now in requestToken $req_req->sign_request($sig_method, $test_consumer, NULL); $ch = curl_init(); // make sure we submit this as a post curl_setopt($ch, CURLOPT_POSTFIELDS, ''); //New Line curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_HTTPHEADER,array ( $req_req->to_header() )); curl_setopt($ch, CURLOPT_URL, $domain . "/requestToken"); curl_setopt($ch, CURLOPT_POST, 1); $output = curl_exec($ch); curl_close($ch); print_r($req_req); //<---- add this line print("$output\n"); //<---- add this line parse_str($output, $oauth); # pop these in the session for now - there's probably a more secure way of doing this! We'll need them when the callback is called. $_SESSION['oauth_token'] = $oauth['oauth_token']; $_SESSION['oauth_token_secret'] = $oauth['oauth_token_secret']; echo("token: " . $oauth['oauth_token']); echo("secret: " . $oauth['oauth_token_secret']); exit;

    Read the article

  • Synchronization requirements for FileStream.(Begin/End)(Read/Write)

    - by Doug McClean
    Is the following pattern of multi-threaded calls acceptable to a .Net FileStream? Several threads calling a method like this: ulong offset = whatever; // different for each thread byte[] buffer = new byte[8192]; object state = someState; // unique for each call, hence also for each thread lock(theFile) { theFile.Seek(whatever, SeekOrigin.Begin); IAsyncResult result = theFile.BeginRead(buffer, 0, 8192, AcceptResults, state); } if(result.CompletedSynchronously) { // is it required for us to call AcceptResults ourselves in this case? // or did BeginRead already call it for us, on this thread or another? } Where AcceptResults is: void AcceptResults(IAsyncResult result) { lock(theFile) { int bytesRead = theFile.EndRead(result); // if we guarantee that the offset of the original call was at least 8192 bytes from // the end of the file, and thus all 8192 bytes exist, can the FileStream read still // actually read fewer bytes than that? // either: if(bytesRead != 8192) { Panic("Page read borked"); } // or: // issue a new call to begin read, moving the offsets into the FileStream and // the buffer, and decreasing the requested size of the read to whatever remains of the buffer } } I'm confused because the documentation seems unclear to me. For example, the FileStream class says: Any public static members of this type are thread safe. Any instance members are not guaranteed to be thread safe. But the documentation for BeginRead seems to contemplate having multiple read requests in flight: Multiple simultaneous asynchronous requests render the request completion order uncertain. Are multiple reads permitted to be in flight or not? Writes? Is this the appropriate way to secure the location of the Position of the stream between the call to Seek and the call to BeginRead? Or does that lock need to be held all the way to EndRead, hence only one read or write in flight at a time? I understand that the callback will occur on a different thread, and my handling of state, buffer handle that in a way that would permit multiple in flight reads. Further, does anyone know where in the documentation to find the answers to these questions? Or an article written by someone in the know? I've been searching and can't find anything. Relevant documentation: FileStream class Seek method BeginRead method EndRead IAsyncResult interface

    Read the article

  • get local groups and not the primary groups for a domain user

    - by user175084
    i have a code to get the groups a user belongs to. try { DirectoryEntry adRoot = new DirectoryEntry(string.Format("WinNT://{0}", Environment.UserDomainName)); DirectoryEntry user = adRoot.Children.Find(completeUserName, "User"); object obGroups = user.Invoke("Groups"); foreach (object ob in (IEnumerable)obGroups) { // Create object for each group. DirectoryEntry obGpEntry = new DirectoryEntry(ob); listOfMyWindowsGroups.Add(obGpEntry.Name); } return true; } catch (Exception ex) { new GUIUtility().LogMessageToFile("Error in getting User MachineGroups = " + ex); return false; } the above code works fine when i have to find the groups of a local user but for a domain user it returns a value "Domain User" which is kind of wierd as it is a part of 2 local groups. Please can some1 help in solving this mystery. thanks Research I did some finding and got that i am being returned the primary group of the domain user called "Domain User" group but what i actually want is the groups of the local machines the domain user is a part of... i cannot get that.. any suggestions another code using LDAP string domain = Environment.UserDomainName; DirectoryEntry DE = new DirectoryEntry("LDAP://" + domain, null, null, AuthenticationTypes.Secure); DirectorySearcher search = new DirectorySearcher(); search.SearchRoot = DE; search.Filter = "(SAMAccountName=" + completeUserName + ")"; //Searches active directory for the login name search.PropertiesToLoad.Add("displayName"); // Once found, get a list of Groups try { SearchResult result = search.FindOne(); // Grab the records and assign them to result if (result != null) { DirectoryEntry theUser = result.GetDirectoryEntry(); theUser.RefreshCache(new string[] { "tokenGroups" }); foreach (byte[] resultBytes in theUser.Properties["tokenGroups"]) { System.Security.Principal.SecurityIdentifier mySID = new System.Security.Principal.SecurityIdentifier(resultBytes, 0); DirectorySearcher sidSearcher = new DirectorySearcher(); sidSearcher.SearchRoot = DE; sidSearcher.Filter = "(objectSid=" + mySID.Value + ")"; sidSearcher.PropertiesToLoad.Add("distinguishedName"); SearchResult sidResult = sidSearcher.FindOne(); if (sidResult != null) { listOfMyWindowsGroups.Add((string)sidResult.Properties["distinguishedName"][0]); } } } else { new GUIUtility().LogMessageToFile("no user found"); } return true; } catch (Exception ex) { new GUIUtility().LogMessageToFile("Error obtaining group names: " + ex.Message + " Please contact your administrator."); // If an error occurs report it to the user. return false; } this works too but i get the same result "Domain Users" . Please can some1 tell me how to get the local machine groups...????

    Read the article

  • RSA Encrypt / Decrypt Problem in .NET

    - by Brendon Randall
    I'm having a problem with C# encrypting and decrypting using RSA. I have developed a web service that will be sent sensitive financial information and transactions. What I would like to be able to do is on the client side, Encrypt the certain fields using the clients RSA Private key, once it has reached my service it will decrypt with the clients public key. At the moment I keep getting a "The data to be decrypted exceeds the maximum for this modulus of 128 bytes." exception. I have not dealt much with C# RSA cryptography so any help would be greatly appreciated. This is the method i am using to generate the keys private void buttonGenerate_Click(object sender, EventArgs e) { string secretKey = RandomString(12, true); CspParameters param = new CspParameters(); param.Flags = CspProviderFlags.UseMachineKeyStore; SecureString secureString = new SecureString(); byte[] stringBytes = Encoding.ASCII.GetBytes(secretKey); for (int i = 0; i < stringBytes.Length; i++) { secureString.AppendChar((char)stringBytes[i]); } secureString.MakeReadOnly(); param.KeyPassword = secureString; RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(param); rsaProvider = (RSACryptoServiceProvider)RSACryptoServiceProvider.Create(); rsaProvider.KeySize = 1024; string publicKey = rsaProvider.ToXmlString(false); string privateKey = rsaProvider.ToXmlString(true); Repository.RSA_XML_PRIVATE_KEY = privateKey; Repository.RSA_XML_PUBLIC_KEY = publicKey; textBoxRsaPrivate.Text = Repository.RSA_XML_PRIVATE_KEY; textBoxRsaPublic.Text = Repository.RSA_XML_PUBLIC_KEY; MessageBox.Show("Please note, when generating keys you must sign on to the gateway\n" + " to exhange keys otherwise transactions will fail", "Key Exchange", MessageBoxButtons.OK, MessageBoxIcon.Information); } Once i have generated the keys, i send the public key to the web service which stores it as an XML file. Now i decided to test this so here is my method to encrypt a string public static string RsaEncrypt(string dataToEncrypt) { string rsaPrivate = RSA_XML_PRIVATE_KEY; CspParameters csp = new CspParameters(); csp.Flags = CspProviderFlags.UseMachineKeyStore; RSACryptoServiceProvider provider = new RSACryptoServiceProvider(csp); provider.FromXmlString(rsaPrivate); ASCIIEncoding enc = new ASCIIEncoding(); int numOfChars = enc.GetByteCount(dataToEncrypt); byte[] tempArray = enc.GetBytes(dataToEncrypt); byte[] result = provider.Encrypt(tempArray, true); string resultString = Convert.ToBase64String(result); Console.WriteLine("Encrypted : " + resultString); return resultString; } I do get what seems to be an encrypted value. In the test crypto web method that i created, i then take this encrypted data, try and decrypt the data using the clients public key and send this back in the clear. But this is where the exception is thrown. Here is my method responsible for this. public string DecryptRSA(string data, string merchantId) { string clearData = null; try { CspParameters param = new CspParameters(); param.Flags = CspProviderFlags.UseMachineKeyStore; RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(param); string merchantRsaPublic = GetXmlRsaKey(merchantId); rsaProvider.FromXmlString(merchantRsaPublic); byte[] asciiString = Encoding.ASCII.GetBytes(data); byte[] decryptedData = rsaProvider.Decrypt(asciiString, false); clearData = Convert.ToString(decryptedData); } catch (CryptographicException ex) { Log.Error("A cryptographic error occured trying to decrypt a value for " + merchantId, ex); } return clearData; } If anyone could help me that would be awesome, as i have said i have not done much with C# RSA encryption/decryption.

    Read the article

  • Rails 3.0.3 and Polyglot Gem problem

    - by user557417
    Hello all. I hope you can help me. I had a rails app running locally, and also uploaded and running on Heroku. All was well. Last week, I started work again and ran into a snag. At the beginning of my day, I opened up Terminal and ran 'rails s' to start the local server. I received this error: doug-naegeles-macbook-pro-17:elig_check dougnaegele$ rails s /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler/resolver.rb:129:in resolve': Could not find gem 'polyglot', required by 'rails (= 3.0.3)', in any of the sources (Bundler::VersionConflict) from /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler/resolver.rb:127:incatch' from /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler/resolver.rb:127:in resolve' from /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler/definition.rb:151:inresolve' from /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler/definition.rb:90:in specs' from /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler/definition.rb:135:inspecs_for' from /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler/definition.rb:124:in requested_specs' from /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler/environment.rb:23:inrequested_specs' from /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler/runtime.rb:11:in setup' from /Library/Ruby/Gems/1.8/gems/bundler-1.0.7/lib/bundler.rb:100:insetup' from /Users/dougnaegele/Sites/elig_check/config/boot.rb:8 from script/rails:5:in `require' from script/rails:5 When I run 'gem list'..i can see Polyglot listed: doug-naegeles-macbook-pro-17:elig_check dougnaegele$ gem list * LOCAL GEMS * abstract (1.0.0) actionmailer (3.0.3, 2.3.5, 2.2.2, 1.3.6) actionpack (3.0.3, 2.3.5, 2.2.2, 1.13.6) actionwebservice (1.2.6) activemodel (3.0.3) activerecord (3.0.3, 2.3.5, 2.2.2, 1.15.6) activeresource (3.0.3, 2.3.5, 2.2.2) activesupport (3.0.3, 2.3.5, 2.2.2, 1.4.4) acts_as_ferret (0.5.2, 0.4.3) arel (2.0.6, 2.0.4) authlogic (2.1.6) blythedunham-sms_on_rails (0.1.0) builder (3.0.0, 2.1.2) bundler (1.0.7) capistrano (2.5.19, 2.5.2) cgi_multipart_eof_fix (2.5.0) color (1.4.1) configuration (1.2.0) crack (0.1.8) daemons (1.1.0, 1.0.10) derailed-ziya (2.1.5) dnssd (1.4, 0.6.0) erubis (2.6.6) fastthread (1.0.7, 1.0.1) fcgi (0.8.8, 0.8.7) ferret (0.11.6) gem_plugin (0.2.3) googlecharts (1.6.0) heroku (1.14.10, 1.14.3) highline (1.6.1, 1.5.0) hpricot (0.8.3, 0.6.164) httparty (0.6.1) i18n (0.5.0, 0.4.2) jk-ferret (0.11.8.2) json_pure (1.4.6) launchy (0.3.7) libxml-ruby (1.1.4, 1.1.2) little-plugger (1.1.2) logging (1.4.3) mail (2.2.12, 2.2.10) mattetti-googlecharts (1.4.0) mime-types (1.16) mongrel (1.1.5) mysql (2.8.1) needle (1.3.0) net-scp (1.0.4, 1.0.1) net-sftp (2.0.5, 2.0.1, 1.1.1) net-ssh (2.0.23, 2.0.4, 1.1.4) net-ssh-gateway (1.0.1, 1.0.0) nifty-generators (0.4.2) polyglot (0.3.1) rack (1.2.1, 1.0.1) rack-mount (0.6.13) rack-test (0.5.6) rails (3.0.3, 2.3.5, 2.2.2, 1.2.6) railties (3.0.3) rake (0.8.7, 0.8.3) RedCloth (4.2.3, 4.1.1) rest-client (1.6.1) ruby-openid (2.1.8, 2.1.2) ruby-yadis (0.3.4) rubygems-update (1.3.7, 1.3.6) rubynode (0.1.5) sequel (3.18.0, 3.17.0) sinatra (1.1.0, 1.0) sqlite3-ruby (1.3.2, 1.2.5, 1.2.4) static_record_cache (0.2.0) taps (0.3.14) termios (0.9.4) thor (0.14.6) tilt (1.1) treetop (1.4.9) twilio (2.9.0) twiliolib (2.0.7) tzinfo (0.3.23) xmpp4r (0.5, 0.4) When I run 'gem sources' I get this: doug-naegeles-macbook-pro-17:elig_check dougnaegele$ gem sources * CURRENT SOURCES * rubygems.org/ gems.github.com gems.github.com gems.github.com/ gems.github.com gems.rubyforge.org Which looks right -- that's where Polyglot lives. When I run 'bundle install' I get this: doug-naegeles-macbook-pro-17:elig_check dougnaegele$ bundle install Fetching source index for http://rubygems.org/ Could not find gem 'polyglot', required by 'rails (= 3.0.3)', in any of the sources Any idea? I've tried to reinstall the gem, run 'bundle install' etc. No luck. (I have a suspicion that this - rails (3.0.3, 2.3.5, 2.2.2, 1.2.6) may be the problem, but I don't want to go down that road just yet. I have apps running on 2.3.5 that have not been refactored for rails 3.0) Thanks in advance! Doug

    Read the article

  • Classic ASP vs. ASP.NET encryption options

    - by harrije
    I'm working on a web site where the new pages are ASP.NET and the legacy pages are Classic ASP. Being new to development in the Windows env, I've been studying the latest technology, i.e. .NET and I become like a deer in headlights when ever legacy issues come up regarding COM objects. Security on the website is an abomination, but I've easily encrypted the connectionStrings in the web.config file per http://www.4guysfromrolla.com/articles/021506-1.aspx based on DPAPI machine mode. I understand this approach is not the most secure, but it's better than nothing which is what it was for the ASP.NET pages. Now, I question how to do similar encryption for the connection strings used by the Classic ASP pages. A complicating factor is that the web sited is hosted where I do not have admin permissions or even command line access, just FTP. Moreover I want to avoid managing the key. My research has found: DPAPI with COM interop. Seems like this should already be available, but the only thing I could find discussing this is CyptoUtility (see http://msdn.microsoft.com/en-us/magazine/cc163884.aspx) which is not installed on the hosting server. There are plenty of other third party COM objects, e.g. Crypto from Dalun Software http://www.dalun.com, but these aren't on the hosted server either, and they look to me to require you to do some kind of key management. There is CAPICOM on the hosted server, but M$ has deprecated it and many report it is not the easiest to use. It is not clear to me whether I can avoid key management with CAPICOM similar to using DPAPI for ASP.NET. If anyone happens to know, please clue me in. I could write an web service in ASP.NET and have the classic ASP pages use it to get the decrypted connection strings and then store those in an application variable. I would not need to use SSL since I could use localhost and nothing would be sent over the internet. In the simpliest form I could implement what someone termed a poor man's version based on a simple XML stream, however, I really was looking to avoid any development since I find it hard to believe there is not a simple solution for Classic ASP like there is for ASP.NET. Maybe I'm missing some options... Recommendations are requested...

    Read the article

  • C# - WebBrowser control seems to cache screenshots

    - by Justin
    Hey, I'm using the WebBrowser control in an ASP.NET MVC 2 app (don't judge, I'm doing it in an admin section only to be used by me), here's the code: public static class Screenshot { private static string _url; private static int _width; private static byte[] _bytes; public static byte[] Get(string url) { // This method gets a screenshot of the webpage // rendered at its full size (height and width) return Get(url, 50); } public static byte[] Get(string url, int width) { //set properties. _url = url; _width = width; //start screen scraper. var webBrowseThread = new Thread(new ThreadStart(TakeScreenshot)); webBrowseThread.SetApartmentState(ApartmentState.STA); webBrowseThread.Start(); //check every second if it got the screenshot yet. //i know, the thread sleep is terrible, but it's the secure section, don't judge... int numChecks = 20; for (int k = 0; k < numChecks; k++) { Thread.Sleep(1000); if (_bytes != null) { return _bytes; } } return null; } private static void TakeScreenshot() { try { //load the webpage into a WebBrowser control. using (WebBrowser wb = new WebBrowser()) { wb.ScrollBarsEnabled = false; wb.ScriptErrorsSuppressed = true; wb.Navigate(_url); while (wb.ReadyState != WebBrowserReadyState.Complete) { Application.DoEvents(); } //set the size of the WebBrowser control. //take Screenshot of the web pages full width. wb.Width = wb.Document.Body.ScrollRectangle.Width; //take Screenshot of the web pages full height. wb.Height = wb.Document.Body.ScrollRectangle.Height; //get a Bitmap representation of the webpage as it's rendered in the WebBrowser control. var bitmap = new Bitmap(wb.Width, wb.Height); wb.DrawToBitmap(bitmap, new Rectangle(0, 0, wb.Width, wb.Height)); //resize. var height = _width * (bitmap.Height / bitmap.Width); var thumbnail = bitmap.GetThumbnailImage(_width, height, null, IntPtr.Zero); //convert to byte array. var ms = new MemoryStream(); thumbnail.Save(ms, System.Drawing.Imaging.ImageFormat.Jpeg); _bytes = ms.ToArray(); } } catch(Exception exc) {//TODO: why did screenshot fail? string message = exc.Message; } } This works fine for the first screenshot that I take, however if I try to take subsequent screenshots of different URL's, it saves screenshots of the first url for the new url, or sometimes it'll save the screenshot from 3 or 4 url's ago. I'm creating a new instance of WebBrowser for each screenshot and am disposing of it properly with the "using" block, any idea why it's behaving this way? Thanks, Justin

    Read the article

  • Workflows not starting after fresh install

    - by Greg McGuffey
    I just installed Dynamics CRM 4.0. It is working nicely except for workflows. They won't start. I turned on tracing and it appears that there is an IO error. The server is setup with IFD and SSL. No issues accessing it internally or externally. Here is the trace: # CRM Tracing Version 2.0 # LocalTime: 2010-06-08 11:34:58.2 # Categories: # CallStackOn: No # ComputerName: FOX-CRM1 # CRMVersion: 4.0.7333.2741 # DeploymentType: OnPremise # ScaleGroup: # ServerRole: AppServer, AsyncService, DiscoveryService, WebService, ApiServer, HelpServer, DeploymentService [2010-06-08 11:34:58.2] Process:CrmAsyncService |Organization:821a137e-7191-49a4-86cc-69101e2b6d20 |Thread: 24 |Category: Platform.Async |User: 00000000-0000-0000-0000-000000000000 |Level: Error | AsyncOperationCommand.Execute >Exception while trying to execute AsyncOperationId: {DF68F483-2C73-DF11-9A34-18A9053B7B38} AsyncOperationType: 1 - System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: The handshake failed due to an unexpected packet format. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.TlsStream.CallProcessAuthentication(Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Web.Services.Protocols.WebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.HttpWebClientProtocol.GetWebResponse(WebRequest request) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at Microsoft.Crm.SdkTypeProxy.CrmService.Retrieve(String entityName, Guid id, ColumnSetBase columnSet) at Microsoft.Crm.Asynchronous.SdkTypeProxyCrmServiceWrapper.Retrieve(String entityName, Guid id, ColumnSetBase columnSet) at Microsoft.Crm.Asynchronous.SdkPluginDescriptionProvider.GetPluginTypeDescription(Guid pluginTypeId, IOrganizationContext context) at Microsoft.Crm.Caching.PluginTypeCacheLoader.LoadCacheData(Guid key, IOrganizationContext context) at Microsoft.Crm.Caching.CrmMultiOrgCache`2.CreateEntry(TKey key, IOrganizationContext context) at Microsoft.Crm.Caching.CrmSharedMultiOrgCache`2.LookupEntry(TKey key, IOrganizationContext context) at Microsoft.Crm.Caching.PluginTypeCache.LookupEntry(Guid pluginTypeId, IOrganizationContext context) at Microsoft.Crm.Asynchronous.AsyncOperationCommand.GetPluginType(Guid pluginTypeId) at Microsoft.Crm.Asynchronous.EventOperation.InternalExecute(AsyncEvent asyncEvent) at Microsoft.Crm.Asynchronous.AsyncOperationCommand.Execute(AsyncEvent asyncEvent) The only thing I've tried to to update the AsyncSdkRootDomain row in the Deployment table to match the ADSdkRootDomain and the ADApplicationRootDomain values. It was blank. That didn't appear to work. After some more research, I think this might be caused because the Asynch service can't access the SDK web services using SSL. If this is correct, how would one configure a CRM server for secure access, internal and external (IFD) and still allow asynch service to hit web site? Thanks for your help!

    Read the article

  • Utility that helps in file locking - expert tips wanted

    - by maix
    I've written a subclass of file that a) provides methods to conveniently lock it (using fcntl, so it only supports unix, which is however OK for me atm) and b) when reading or writing asserts that the file is appropriately locked. Now I'm not an expert at such stuff (I've just read one paper [de] about it) and would appreciate some feedback: Is it secure, are there race conditions, are there other things that could be done better … Here is the code: from fcntl import flock, LOCK_EX, LOCK_SH, LOCK_UN, LOCK_NB class LockedFile(file): """ A wrapper around `file` providing locking. Requires a shared lock to read and a exclusive lock to write. Main differences: * Additional methods: lock_ex, lock_sh, unlock * Refuse to read when not locked, refuse to write when not locked exclusivly. * mode cannot be `w` since then the file would be truncated before it could be locked. You have to lock the file yourself, it won't be done for you implicitly. Only you know what lock you need. Example usage:: def get_config(): f = LockedFile(CONFIG_FILENAME, 'r') f.lock_sh() config = parse_ini(f.read()) f.close() def set_config(key, value): f = LockedFile(CONFIG_FILENAME, 'r+') f.lock_ex() config = parse_ini(f.read()) config[key] = value f.truncate() f.write(make_ini(config)) f.close() """ def __init__(self, name, mode='r', *args, **kwargs): if 'w' in mode: raise ValueError('Cannot open file in `w` mode') super(LockedFile, self).__init__(name, mode, *args, **kwargs) self.locked = None def lock_sh(self, **kwargs): """ Acquire a shared lock on the file. If the file is already locked exclusively, do nothing. :returns: Lock status from before the call (one of 'sh', 'ex', None). :param nonblocking: Don't wait for the lock to be available. """ if self.locked == 'ex': return # would implicitly remove the exclusive lock return self._lock(LOCK_SH, **kwargs) def lock_ex(self, **kwargs): """ Acquire an exclusive lock on the file. :returns: Lock status from before the call (one of 'sh', 'ex', None). :param nonblocking: Don't wait for the lock to be available. """ return self._lock(LOCK_EX, **kwargs) def unlock(self): """ Release all locks on the file. Flushes if there was an exclusive lock. :returns: Lock status from before the call (one of 'sh', 'ex', None). """ if self.locked == 'ex': self.flush() return self._lock(LOCK_UN) def _lock(self, mode, nonblocking=False): flock(self, mode | bool(nonblocking) * LOCK_NB) before = self.locked self.locked = {LOCK_SH: 'sh', LOCK_EX: 'ex', LOCK_UN: None}[mode] return before def _assert_read_lock(self): assert self.locked, "File is not locked" def _assert_write_lock(self): assert self.locked == 'ex', "File is not locked exclusively" def read(self, *args): self._assert_read_lock() return super(LockedFile, self).read(*args) def readline(self, *args): self._assert_read_lock() return super(LockedFile, self).readline(*args) def readlines(self, *args): self._assert_read_lock() return super(LockedFile, self).readlines(*args) def xreadlines(self, *args): self._assert_read_lock() return super(LockedFile, self).xreadlines(*args) def __iter__(self): self._assert_read_lock() return super(LockedFile, self).__iter__() def next(self): self._assert_read_lock() return super(LockedFile, self).next() def write(self, *args): self._assert_write_lock() return super(LockedFile, self).write(*args) def writelines(self, *args): self._assert_write_lock() return super(LockedFile, self).writelines(*args) def flush(self): self._assert_write_lock() return super(LockedFile, self).flush() def truncate(self, *args): self._assert_write_lock() return super(LockedFile, self).truncate(*args) def close(self): self.unlock() return super(LockedFile, self).close() (the example in the docstring is also my current use case for this) Thanks for having read until down here, and possibly even answering :)

    Read the article

  • user generated / user specific functions

    - by pedalpete
    I'm looking for the most elegant and secure method to do the following. I have a calendar, and groups of users. Users can add events to specific days on the calendar, and specify how long each event lasts for. I've had a few requests from users to add the ability for them to define that events of a specific length include a break, of a certain amount of time, or require that a specific amount of time be left between events. For example, if event is 2 hours, include a 20min break. for each event, require 30 minutes before start of next event. The same group that has asked for an event of 2 hours to include a 20 min break, could also require that an event 3 hours include a 30 minute break. In the end, what the users are trying to get is an elapsed time excluding breaks calculated for them. Currently I provide them a total elapsed time, but they are looking for a running time. However, each of these requests is different for each group. Where one group may want a 30 minute break during a 2 hour event, and another may want only 10 minutes for each 3 hour event. I was kinda thinking I could write the functions into a php file per group, and then include that file and do the calculations via php and then return a calculated total to the user, but something about that doesn't sit right with me. Another option is to output the groups functions to javascript, and have it run client-side, as I'm already returning the duration of the event, but where the user is part of more than one group with different rules, this seems like it could get rather messy. I currently store the start and end time in the database, but no 'durations', and I don't think I should be storing the calculated totals in the db, because if a group decides to change their calculations, I'd need to change it throughout the db. Is there a better way of doing this? I would just store the variables in mysql, but I don't see how I can then say to mysql to calculate based on those variables. I'm REALLY lost here. Any suggestions? I'm hoping somebody has done something similar and can provide some insight into the best direction. If it helps, my table contains eventid, user, group, startDate, startTime, endDate, endTime, type The json for the event which I return to the user is {"eventid":"'.$eventId.'", "user":"'.$userId.'","group":"'.$groupId.'","type":"'.$type.'","startDate":".$startDate.'","startTime":"'.$startTime.'","endDate":"'.$endDate.'","endTime":"'.$endTime.'","durationLength":"'.$duration.'", "durationHrs":"'.$durationHrs.'"} where for example, duration length is 2.5 and duration hours is 2:30.

    Read the article

  • Securing a license key with RSA key.

    - by Jesse Knott
    Hello, it's late, I'm tired, and probably being quite dense.... I have written an application that I need to secure so it will only run on machines that I generate a key for. What I am doing for now is getting the BIOS serial number and generating a hash from that, I then am encrypting it using a XML RSA private key. I then sign the XML to ensure that it is not tampered with. I am trying to package the public key to decrypt and verify the signature with, but every time I try to execute the code as a different user than the one that generated the signature I get a failure on the signature. Most of my code is modified from sample code I have found since I am not as familiar with RSA encryption as I would like to be. Below is the code I was using and the code I thought I needed to use to get this working right... Any feedback would be greatly appreciated as I am quite lost at this point the original code I was working with was this, this code works fine as long as the user launching the program is the same one that signed the document originally... CspParameters cspParams = new CspParameters(); cspParams.KeyContainerName = "XML_DSIG_RSA_KEY"; cspParams.Flags = CspProviderFlags.UseMachineKeyStore; // Create a new RSA signing key and save it in the container. RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams) { PersistKeyInCsp = true, }; This code is what I believe I should be doing but it's failing to verify the signature no matter what I do, regardless if it's the same user or a different one... RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(); //Load the private key from xml file XmlDocument xmlPrivateKey = new XmlDocument(); xmlPrivateKey.Load("KeyPriv.xml"); rsaKey.FromXmlString(xmlPrivateKey.InnerXml); I believe this to have something to do with the key container name (Being a real dumbass here please excuse me) I am quite certain that this is the line that is both causing it to work in the first case and preventing it from working in the second case.... cspParams.KeyContainerName = "XML_DSIG_RSA_KEY"; Is there a way for me to sign/encrypt the XML with a private key when the application license is generated and then drop the public key in the app directory and use that to verify/decrypt the code? I can drop the encryption part if I can get the signature part working right. I was using it as a backup to obfuscate the origin of the license code I am keying from. Does any of this make sense? Am I a total dunce? Thanks for any help anyone can give me in this..

    Read the article

  • Facing Memory Leaks in AES Encryption Method.

    - by Mubashar Ahmad
    Can anyone please identify is there any possible memory leaks in following code. I have tried with .Net Memory Profiler and it says "CreateEncryptor" and some other functions are leaving unmanaged memory leaks as I have confirmed this using Performance Monitors. but there are already dispose, clear, close calls are placed wherever possible please advise me accordingly. its a been urgent. public static string Encrypt(string plainText, string key) { //Set up the encryption objects byte[] encryptedBytes = null; using (AesCryptoServiceProvider acsp = GetProvider(Encoding.UTF8.GetBytes(key))) { byte[] sourceBytes = Encoding.UTF8.GetBytes(plainText); using (ICryptoTransform ictE = acsp.CreateEncryptor()) { //Set up stream to contain the encryption using (MemoryStream msS = new MemoryStream()) { //Perform the encrpytion, storing output into the stream using (CryptoStream csS = new CryptoStream(msS, ictE, CryptoStreamMode.Write)) { csS.Write(sourceBytes, 0, sourceBytes.Length); csS.FlushFinalBlock(); //sourceBytes are now encrypted as an array of secure bytes encryptedBytes = msS.ToArray(); //.ToArray() is important, don't mess with the buffer csS.Close(); } msS.Close(); } } acsp.Clear(); } //return the encrypted bytes as a BASE64 encoded string return Convert.ToBase64String(encryptedBytes); } private static AesCryptoServiceProvider GetProvider(byte[] key) { AesCryptoServiceProvider result = new AesCryptoServiceProvider(); result.BlockSize = 128; result.KeySize = 256; result.Mode = CipherMode.CBC; result.Padding = PaddingMode.PKCS7; result.GenerateIV(); result.IV = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; byte[] RealKey = GetKey(key, result); result.Key = RealKey; // result.IV = RealKey; return result; } private static byte[] GetKey(byte[] suggestedKey, SymmetricAlgorithm p) { byte[] kRaw = suggestedKey; List<byte> kList = new List<byte>(); for (int i = 0; i < p.LegalKeySizes[0].MaxSize; i += 8) { kList.Add(kRaw[(i / 8) % kRaw.Length]); } byte[] k = kList.ToArray(); return k; }

    Read the article

  • Suggestions for designing large-scale Java webapp from the group up

    - by Chris Thompson
    Hi all, I'm about to start developing a large-scale system and I'm struggling with which direction to proceed. I've done plenty of Java web apps before and I have plenty of experience with servlet containers and GWT and some experience with Spring. The problem is most of my webapps have been thrown together just to be a proof of concept and what I'm struggling with is what set of frameworks to use. I need to have both a browser based application as well as a web service designed to support access from mobile devices (Android and iPhone for now). Ideally, I'd like to design this system in such a way that I don't end up rewriting all of my servlets for each client (browser and phone) although I don't mind having some small checks in there to properly format the data. In addition, although I'm the only developer now, that won't necessarily be the case down the road and I'd like to design something that scales well both with regards to traffic and number of developers (isn't just a nightmare to maintain). So where I am now is planning on using GWT to design the browser-based interface but I'm struggling with how to reuse that code with to present the interface (most likely xml) for the mobile devices. Using GWT RPC would, I think, make it relatively easy to do all of the AJAX in the browser, but might make generating xml for the mobile phones difficult. In addition, I like the idea of using something like Hibernate for persistence and Spring Security to secure the whole thing. Again, I'm not sure how well those will cooperate with GWT (I think Hibernate should be fine...) There's obviously a lot more to this than I've presented here, but I've tried to give you the 5-minute overview. I'm a bit stumped and was wondering if anybody in the community had any experience starting from this place. Does what I'm trying to do make sense? Is it realistic? I have no doubt I can make all of these frameworks speak the same language, I'm just wondering if it's worth my time to fight with them. Also, am I missing a framework that would be really beneficial? Thanks in advance and sorry for the relatively broad question... Chris

    Read the article

  • Access external xml using xslt document function return 401

    - by Ciprian Grosu
    On MOSS2007, I have a webpart that display the content of a xml feed. I use a xslt with parameters for transforamtions. There is a situation when I receive a 401 Authorisation exception. I realize that this happen when a document() function from my xslt try to open an external xml. If I try to open this xml in browser all work ok. I provided my admin credentials to the web part and to the XmlSecureResolver. Same problem. The webpart is on server1 and the xml feed and external xml required by xslt is on server2. What can be ? protected override void RenderContents(HtmlTextWriter writer) { base.RenderContents(writer); if (string.IsNullOrEmpty(this.xmlUrl) || this.xmlResponseStream == null) return; try { XslCompiledTransform transform = new XslCompiledTransform(); if (UseXslt) { XmlTextReader stylesheet = null; try { SPSite site = new SPSite(xsltlUrl); SPWeb web = site.OpenWeb(); SPFile file = web.GetFile(xsltlUrl); if (file != null) { stylesheet = new XmlTextReader(file.OpenBinaryStream()); } } catch(Exception ex) { stylesheet = new XmlTextReader(xsltlUrl); } if (stylesheet != null) { transform.Load(stylesheet, new XsltSettings(true, true), GetAResolver()); } using (XmlReader reader = new XmlTextReader(this.xmlResponseStream)) { string theParams = xsltProperties; XsltArgumentList xslAgrs = GetXsltArgumentList(xsltProperties); XmlTextWriter results = new XmlTextWriter(writer.InnerWriter); if (UseProperties) { transform.Transform(reader, xslAgrs, results, GetASecureResolver()); } else { transform.Transform(reader, results); } reader.Close(); } } else { string feedAsString = null; using (StreamReader rssReader = new StreamReader(this.xmlResponseStream)) { feedAsString = rssReader.ReadToEnd(); writer.InnerWriter.Write(SPHttpUtility.HtmlEncode(feedAsString)); } } } catch (Exception ex) { writer.Write(ex.Message); if (this.xmlResponseStream != null) { this.xmlResponseStream.Close(); this.xmlResponseStream.Dispose(); } } } private static XmlSecureResolver GetASecureResolver() { // Create a secure resolver XmlSecureResolver resolver = new XmlSecureResolver(new XmlUrlResolver(), "http://externalservername.com/thesite/"); string proxyUserName = RssFeedUtility.GetConfigFileReader().ProxyUserName; string proxyUserPwd = RssFeedUtility.GetConfigFileReader().ProxyUserPassword; string proxyUserDomain = RssFeedUtility.GetConfigFileReader().ProxyUserDomain; resolver.Credentials = new NetworkCredential(proxyUserName, proxyUserPwd, proxyUserDomain); return resolver; }

    Read the article

  • Upload large files via a webpage

    - by Hultner
    What way is the best way to let users upload large files from there webbrowser to a server. I'm talking 200MB+ possible up to a few gigatyes. I have been thinking of a few possible solutions to the problem (not tried them yet) and this is basically the things I came up with. Server download speed will not be a problem but the users connection possibly could. Having some sort of applet on the client side written in Java or Flash which sends the file in parts (is this possible with an applet) to a php/other script on the server and a checksum+ some other info about the file. On the server scripts all the parts and the info file is saved in a temporary directory wich has a unique name based on the checksum of the file and the ip of the user. When the last chunk is sent the applet sends a signal to the server saying it's finished and the server put the file together in the right location. If a chunk doesn't match the checksum for that part the server will send a response to the applet telling it to reupload that chunk. I don't know how important the checksum checking is since it's all tcpackages, someone with more insigth migth be able to answer on that. This is probably the worst way, changing the settings on your server to allow huge fileuploads via an inputfiel. Do it like a normal transfer. User an uploadmanager which does pretty much the same thing as applet i mentioned above. Pros of the first is probably that it would most likely be rather secure, you could show progress as well and possibly resume an upload if ip hasn't changed and do a threaded upload of the chunks. Cons of the first is that the user will need flash/java for it to work. Pros of the 2nd is that it will pretty much work for everyone but cons are big, first there's no way resuming an intruppted download and if something is wrong the whole file would have to be reuploaded is a few of cons. For the third one the pros is pretty muc the same as for the first but the cons is that the user would have to download an application to their computer and run and the application will have to be have to be compatible with their computer and OS. Another way may be a combination of two. Lets say an applet for bigger or more files and a simple input which is rather restricted to maybe max 10-20MB for smaller files and comability. There are probably other much smarter ways to tackle this and that's why I'm asking for advice here on SO.

    Read the article

  • C# RSA Encrypt / Decrypt Problem

    - by Brendon Randall
    Hi All, Im having a problem with C# encrypting and decrypting using RSA. I have developed a web service that will be sent sensitive financial information and transactions. What I would like to be able to do is on the client side, Encrypt the certain fields using the clients RSA Private key, once it has reached my service it will decrypt with the clients public key. At the moment I keep getting a "The data to be decrypted exceeds the maximum for this modulus of 128 bytes." exception. I have not dealt much with C# RSA cryptography so any help would be greatly appreciated. This is the method i am using to generate the keys private void buttonGenerate_Click(object sender, EventArgs e) { string secretKey = RandomString(12, true); CspParameters param = new CspParameters(); param.Flags = CspProviderFlags.UseMachineKeyStore; SecureString secureString = new SecureString(); byte[] stringBytes = Encoding.ASCII.GetBytes(secretKey); for (int i = 0; i < stringBytes.Length; i++) { secureString.AppendChar((char)stringBytes[i]); } secureString.MakeReadOnly(); param.KeyPassword = secureString; RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(param); rsaProvider = (RSACryptoServiceProvider)RSACryptoServiceProvider.Create(); rsaProvider.KeySize = 1024; string publicKey = rsaProvider.ToXmlString(false); string privateKey = rsaProvider.ToXmlString(true); Repository.RSA_XML_PRIVATE_KEY = privateKey; Repository.RSA_XML_PUBLIC_KEY = publicKey; textBoxRsaPrivate.Text = Repository.RSA_XML_PRIVATE_KEY; textBoxRsaPublic.Text = Repository.RSA_XML_PUBLIC_KEY; MessageBox.Show("Please note, when generating keys you must sign on to the gateway\n" + " to exhange keys otherwise transactions will fail", "Key Exchange", MessageBoxButtons.OK, MessageBoxIcon.Information); } Once i have generated the keys, i send the public key to the web service which stores it as an XML file. Now i decided to test this so here is my method to encrypt a string public static string RsaEncrypt(string dataToEncrypt) { string rsaPrivate = RSA_XML_PRIVATE_KEY; CspParameters csp = new CspParameters(); csp.Flags = CspProviderFlags.UseMachineKeyStore; RSACryptoServiceProvider provider = new RSACryptoServiceProvider(csp); provider.FromXmlString(rsaPrivate); ASCIIEncoding enc = new ASCIIEncoding(); int numOfChars = enc.GetByteCount(dataToEncrypt); byte[] tempArray = enc.GetBytes(dataToEncrypt); byte[] result = provider.Encrypt(tempArray, true); string resultString = Convert.ToBase64String(result); Console.WriteLine("Encrypted : " + resultString); return resultString; } I do get what seems to be an encrypted value. In the test crypto web method that i created, i then take this encrypted data, try and decrypt the data using the clients public key and send this back in the clear. But this is where the exception is thrown. Here is my method responsible for this. public string DecryptRSA(string data, string merchantId) { string clearData = null; try { CspParameters param = new CspParameters(); param.Flags = CspProviderFlags.UseMachineKeyStore; RSACryptoServiceProvider rsaProvider = new RSACryptoServiceProvider(param); string merchantRsaPublic = GetXmlRsaKey(merchantId); rsaProvider.FromXmlString(merchantRsaPublic); byte[] asciiString = Encoding.ASCII.GetBytes(data); byte[] decryptedData = rsaProvider.Decrypt(asciiString, false); clearData = Convert.ToString(decryptedData); } catch (CryptographicException ex) { Log.Error("A cryptographic error occured trying to decrypt a value for " + merchantId, ex); } return clearData; If anyone could help me that would be awesome, as i have said i have not done much with C# RSA encryption/decryption. Thanks in advance

    Read the article

  • Verify Authenticode signature as being from our company for automatic updater

    - by James Johnston
    I am implementing an automatic update feature and need some advice on how to do this securely using best practices. I would like to use the downloaded file's Authenticode signature to verify that it is safe to run (i.e. originates from our company and hasn't been tampered with). My question is very similar to question #2008519. The bottom-line question: what's the best, most secure way to check Authenticode signatures for an automatic update feature? What fields in the certificate should be checked? Requirements being: (1) check signature is valid, (2) check it's my signature, (3) old clients can still update when my certificate expires and I get a new one. Here's some background information / ideas from my research: I believe this could be broken into two steps: Verify that the signature is valid. I believe this should be easy using WinVerifyTrust as outlined in http://msdn.microsoft.com/en-us/library/aa382384(VS.85).aspx - I don't expect problems here. Verify that the signature corresponds to our company, and not another company. This seems to be a more difficult question to answer: One possibility is to check some of the strings in the signature. Could be obtained via code at MS KB article #323809, but this article doesn't make recommendations on what fields should be checked for this type of application (or any other, for that matter). Question #1072540 also illustrates how to get some certificate info, but again doesn't recommend what fields to actually check. My concern is that the strings might not be the best check: what if another person is able to obtain a certificate with the same name, for example? Or if there's a valid reason for us to change the strings in the future? The person at question #2008519 has a very similar requirement. His need for a "TrustedByUs" function is identical to mine. However, he goes about doing the check by comparing public keys. While this would work in the short-term, it seems like it won't work for an automatic update feature. This is because code signing certificates are only valid for 2 - 3 years max. Therefore, in the future, when we buy a new certificate in 2 years, the old clients wouldn't be able to update any more due to the change in public key.

    Read the article

  • Best Practices / Patterns for Enterprise Protection/Remediation of SSNs (Social Security Numbers)

    - by Erik Neu
    I am interested in hearing about enterprise solutions for SSN handling. (I looked pretty hard for any pre-existing post on SO, including reviewing the terriffic SO automated "Related Questions" list, and did not find anything, so hopefully this is not a repeat.) First, I think it is important to enumerate the reasons systems/databases use SSNs: (note—these are reasons for de facto current state—I understand that many of them are not good reasons) Required for Interaction with External Entities. This is the most valid case—where external entities your system interfaces with require an SSN. This would typically be government, tax and financial. SSN is used to ensure system-wide uniqueness. SSN has become the default foreign key used internally within the enterprise, to perform cross-system joins. SSN is used for user authentication (e.g., log-on) The enterprise solution that seems optimum to me is to create a single SSN repository that is accessed by all applications needing to look up SSN info. This repository substitutes a globally unique, random 9-digit number (ASN) for the true SSN. I see many benefits to this approach. First of all, it is obviously highly backwards-compatible—all your systems "just" have to go through a major, synchronized, one-time data-cleansing exercise, where they replace the real SSN with the alternate ASN. Also, it is centralized, so it minimizes the scope for inspection and compliance. (Obviously, as a negative, it also creates a single point of failure.) This approach would solve issues 2 and 3, without ever requiring lookups to get the real SSN. For issue #1, authorized systems could provide an ASN, and be returned the real SSN. This would of course be done over secure connections, and the requesting systems would never persist the full SSN. Also, if the requesting system only needs the last 4 digits of the SSN, then that is all that would ever be passed. Issue #4 could be handled the same way as issue #1, though obviously the best thing would be to move away from having users supply an SSN for log-on. There are a couple of papers on this: UC Berkely: http://bit.ly/bdZPjQ Oracle Vault: bit.ly/cikbi1

    Read the article

  • Function-Local Static Const variable Initialization semantics.

    - by Hassan Syed
    The questions are in bold, for those that cannot be bothered reading a question in depth. This is a followup to this question. It is to do with the initialization semantics of static variables in functions. Static variables should be initialized once, and their internal state might be altered later - as I (currently) do in the linked question. However, the code in question does not require the feature to change the state of the variable later. Let me clarrify my position, since I don't require the string object's internal state to change. The code is for a trait class for meta programming, and as such would would benifit from a const char * const ptr -- thus Ideally a local cost static const variable is needed. My educated guess is that in this case the string in question will be optimally placed in memory by the link-loader, and that the code is more secure and maps to the intended semantics. This leads to the semantics of such a variable "The C++ Programming language Third Edition -- Stroustrup" does not have anything (that I could find) to say about this matter. All that is said is that the variable is initialized once when the flow of control of the thread first reaches the code. This leads me to ponder if the following code would be sensible, and if not what are the intended semantics ?. #include <iostream> const char * const GetString(const char * x_in) { static const char * const x = x_in; return x; } int main() { const char * const temp = GetString("yahoo"); std::cout << temp << std::endl; const char * const temp2 = GetString("yahoo2"); std::cout << temp2 << std::endl; } The following compiles on GCC and prints "yahoo" twice. Which is what I want -- However it might not be standards compliant (which is why I post this question). It might be more elegant to have two functions, "SetString" and "String" where the latter forwards to the first. If it is standards compliant does someone know of a templates implementation in boost (or elsewhere) ?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 218 219 220 221 222 223 224 225 226 227 228 229  | Next Page >