I am writing a .NET Core 3.1 application that depends on another library (Serilog.Sinks.SQLite) which is attempting to store log data to an SQLite database. Unfortunately, Serilog.Sinks.SQLite does not support passing in a password to System.Data.SQLite via the SQLiteConnectionStringBuilder.Password property (which you provide to the SQLiteConnection constructor) and I would really like that functionality.
The code that Serilog.Sinks.SQLite uses to connect to the database is as follows:
private SQLiteConnection GetSqLiteConnection()
{
var sqlConString = new SQLiteConnectionStringBuilder
{
DataSource = _databasePath,
JournalMode = SQLiteJournalModeEnum.Memory,
SyncMode = SynchronizationModes.Normal,
CacheSize = 500,
PageSize = (int)MaxSupportedPageSize,
MaxPageCount = (int)(_maxDatabaseSize * BytesPerMb / MaxSupportedPageSize)
}.ConnectionString;
var sqLiteConnection = new SQLiteConnection(sqlConString);
sqLiteConnection.Open();
return sqLiteConnection;
}
There are a number of similar posts on StackOverflow about encryption with SQLite stating very convincingly that encryption / password protection of the database is indeed supported by System.Data.SQLite. However, that is not matching my experience.
I grabbed a copy of the Serilog.Sinks.SQLite source in an attempt to prototype a modification to it to support specifying the password. This seems like it should be easy enough to accomplish with the following addition to the above code (specifying the Password property in the connection string):
MaxPageCount = (int)(_maxDatabaseSize * BytesPerMb / MaxSupportedPageSize),
Password = "mypasswordhere"
}.ConnectionString;
Unfortunately, this does not work and results in an exception being thrown on startup with the following message:
Exception has occurred: CLR/System.Data.SQLite.SQLiteException An
unhandled exception of type 'System.Data.SQLite.SQLiteException'
occurred in LoggingWebApi.dll: 'SQL logic error Cannot use "Password"
connection string property: library was not built with encryption
support, please see "https://www.sqlite.org/see" for more information'
What is confusing me the most here are the number of other posts I've found claiming that System.Data.SQLite supports this password and the fact that a .NET Framework 4.6 application from another team in my company is using System.Data.SQLite.dll (though an older version 1.0.111.0) and this Password behavior works fine for them.
My code is targeting netcoreap3.1 and my dependency of Serilog.Sinks.SQLite is targeting netstandard2.0 so that is one obvious difference I see. In my modified version of the Serilog.Sinks.SQLite code, I am referencing System.Data.SQLite.Core as follows (added via otnet add package System.Data.SQLite.Core --version 1.0.113.1):
<PackageReference Include="System.Data.SQLite.Core" Version="1.0.113.1" />
Is there something with .NET Core 3.1 or .NET Standard 2.0 that causes System.Data.SQLite.Core to not support the Password connection string property like everyone else seems to think it supports?
I thought maybe my issue was running on Linux so I tried running on my Windows but it produced the same error.
I did find another post referencing a potentially helpful approach but this sample is not using System.Data.SQLite.Core and instead is using SQLitePCLRaw.bundle_e_sqlcipher and I would prefer to avoid rewriting all of the Serilog.Sinks.SQLite code to use a different SQLite client: https://github.com/paragpkulkarni/SQLiteEncryptionUsingEFCore
It seems that System.Data.SQLite has dropped support for encryption as of version 1.0.113.1 which explains why I haven't been able to get it working:
https://system.data.sqlite.org/index.html/tktview?name=9c330a3e03
This is also mentioned on their News page though it was not clear to me that the Password support was part of the "legacy CryptoAPI Codec":
https://system.data.sqlite.org/index.html/doc/trunk/www/news.wiki
The other team I referred to is using an older version 1.0.111.0 so if you require this support, I guess just don't upgrade...
Related
I inherited a program written in VB.NET. I want to host the installer and documentation for the program in a SharePoint Online library. The SPO library allows View/Read-only access to "Everyone except external users" but it does not allow anonymous access. I want the program to check the SPO library for an updated version when it launches.
I envisioned a simple function like this:
Private Function getVersion() As String
Using client As New WebClient
getVersion = client.DownloadString("https://companyname.sharepoint.com/site/library/version.txt")
End Using
End Function
where version.txt contains nothing but the current version number.
However, this function throws an IOException stating that the connection was forcibly closed by the remote host. I think this is because the SPO site requires authentication.
I don't want to add a user login step solely for this one thing. This probably means an SPO site that requires authentication is not the ideal place for my version.txt file to reside, but I'm also trying to avoid solutions that require me to jump through hoops and involve others to get it to work. I'm the only developer for this program, so I'd like to be able to publish an update without having to wait for someone else to do something (like update a web server that I don't have access to).
Suggestions for a simple technique to achieve my goal?
In your Using block, before the line with DownloadString, set the Credentials of your WebClient:
Private Function getVersion() As String
Using client As New WebClient
client.Credentials = CredentialCache.DefaultCredentials
getVersion = client.DownloadString("https://companyname.sharepoint.com/site/library/version.txt")
End Using
End Function
The DefaultCredentials will be the credentials of the currently logged in Windows user.
See the docs on System.Net.WebClient.
I am using the QuickBooks Javav3SDK2.0.3 in a java web project and trying to get list of customers as given below, however I am getting the below exception. The API expects request of type com.intuit.apache.http.HttpRequest while it is passed the HttpServletRequest.
Code:
OAuthAuthorizer oauth = new OAuthAuthorizer(CONSUMER_KEY, CONSUMER_SECRET, ACCESS_TOKEN, ACCESS_TOKEN_SECRET);
Context context = new Context(oauth, APP_TOKEN, ServiceType.QBO, COMPANY_ID);
DataService service = new DataService(context);
Customer customer = new Customer();
List<Customer> customers = service.findAll(customer);
Iterator itr = customers.iterator();
while (itr.hasNext())
{
Customer customer2 = (Customer) itr.next();
String customerName = customer2.getFullyQualifiedName();
System.out.println(customerName);
}
Exception:
java.lang.IllegalArgumentException: This consumer expects requests of type com.intuit.apache.http.HttpRequest
I ran your code using the Javav3SDK2.0.3 and it worked fine for me. Are you sure every object you're using is from the same SDK? (2.0.3). My guess is whatever calls the authorize method on OAuthAuthorizer behind the scenes is passing in the HTTPServeletRequest instead of the com.intuit.apache.http.HttpRequest due to some sort of sdk version mismatch. I couldn't find any docs on the older quickbooks java sdk so I could be wrong.
I got it resolved by installing MyEclipse 11 (Version: 2013 SR1) on another system (CentOS) while the previous system was Linux Fedora. Although I am still using jboss 7, however it works now. I don't know exactly how it got working, so no clue is available.
This is due to the .jar you are using. If you check the QuickBooks SDK, you might be able to see that there are some jars with the name followed by "with dependencies".
For example ipp-v3-java-devkit-2.3.2-jar-with-dependencies.jar. If both this and the jar with out dependencies (in this case ipp-v3-java-devkit-2.3.2.jar) are present at the same time, you might get the above error.
Remove the latter from the class path and you should be good to go.
While using Shared Access Signature to fetch Table data using StorageClient Library 2.0, I am consistently getting the error "The supplied credentials '{0'} cannot be used to sign request". From GitHub what I can understand is that the error is due to sasCredentials.CanSignRequest returning false...but as per code in GitHub there are no scenarios where it is supposed to return true...is it a bug...or am I doing something wrong here?
StorageCredentials sasCredentials = new StorageCredentialsSharedAccessSignature(sharedAccessSignature);
CloudTableClient ctc = new CloudTableClient(tableEndpoint, sasCredentials);
StorageCredentialsSharedAccessSignature type does not exist in Azure Storage Client Library 2.0. Hence, I am assuming you are still using an older version, most probably 1.7. As also described in the Introducing Table SAS (Shared Access Signature), Queue SAS and update to Blob SAS blog post, support for Table SAS was added in newer releases of the Azure Storage Client Library.
I strongly recommend upgrading to 2.0, which also has many other improvements in addition to the functionality you are looking for. For more details, please refer to Introducing Windows Azure Storage Client Library 2.0 for .NET and Windows Runtime.
First let me start by saying I'm sorry if I posted this question in the wrong place. I saw the entry at Object already exists in RSACryptoServiceProvider. I tried the solutions offered there. But, they did not solve my issue. Also, I didn't see an option to re-ask the question.
I have almost the same issue. I have a class that uses RSACryptoServiceProvider that runs in two projects on the same machine and under the same account. Both projects live in the same solution and share the same encryption code. One project, the server, is a Windows service and the other, the client, is a Windows application. They use the RSACryptoServiceProvider to talk to each other over a named pipe using asymmetric encryption. I started out by just having the server run in another Windows form within the same application as the client. Everything ran fine. Then, I moved the server to a Windows service.
The Windows service starts up fine. It seems to be able to create it's instance of the RSACryptoServiceProvider fine. But, when the client, which runs in the Windows application, starts up it gets a runtime error when it tries to create it. Here is the code that runs in both projects.
rule = New CryptoKeyAccessRule("everyone", CryptoKeyRights.FullControl, AccessControlType.Allow)
csp = New CspParameters
csp.KeyContainerName = _KeyContainerName
csp.Flags = CspProviderFlags.UseMachineKeyStore
csp.CryptoKeySecurity = New CryptoKeySecurity()
csp.CryptoKeySecurity.SetAccessRule(rule)
//Object already exists exception happens here
rsa = New RSACryptoServiceProvider(_KeySize, csp)
As you can see, I have the code that sets the access rule as mentioned in the other post on this subject. Unfortunately, this did not solve my issue. Is there anything else that needs to change?
I am a .NET student and currently we are learning about Application Domains.
We were given the following example code (for .NET 3.5). As expected, it throws a SecurityException. Note: TestApp.exe is added as a reference in the project.
Dim file As String = "TestApp.exe"
Dim hostEvidence As Object() = {New Zone(SecurityZone.Internet)}
Dim appDomainEvidence As Evidence = New Evidence(hostEvidence, Nothing)
Dim d As AppDomain = AppDomain.CreateDomain("MyDomain", appDomainEvidence)
d.ExecuteAssembly(file)
When trying to run this in VS2010 under .NET 4.0 I run into a problem.
First it shows a warning
'Public Sub New(hostEvidence() As Object, assemblyEvidence() As Object)' is obsolete: 'This constructor is obsolete. Please use the constructor which takes arrays of EvidenceBase instead.'.
I change the type of hostEvidence to EvidenceBase() and the warning is gone.
However, when trying to run the application it gives an error.
This method implicitly uses CAS policy, which has been obsoleted by the .NET Framework. In order to enable CAS policy for compatibility reasons, please use the NetFx40_LegacySecurityPolicy configuration switch. Please see http://go.microsoft.com/fwlink/?LinkID=155570 for more information.
I have viewed the page, followed the link to How to: Run Partially Trusted Code in a Sandbox and read http://blogs.msdn.com/shawnfa/archive/2009/05/27/coding-with-security-policy-in-net-4-0-implicit-uses-of-cas-policy.aspx but I'm having trouble understanding all of this.
The code example on MSDN is quite big compared to what I currently have, so any help with changing my code so it works without adding other stuff, will be very appreciated.
As it says in the link you provided, .NET is no longer supporting the policy portion of the code access security framework, as of version 4.0.
In other words, your lesson is about .NET 3.5 and does not pertain to the 4.0 framework. The solution is to revert to your original code and configure your project to target the 3.5 framework (you can still use Visual Studio 2010).
.