I am currently making a WCF service that is hosted on an IIS. There are however some of my parameters that are hardcoded as strings inside the service and I would like to be able to adjust these without having to restart the service or the IIS.
I was thinking about reading them from a file but preferably the parameters should not be adjustable by anyone but me.
Then I thought about making a separate library with the parameters and add it as a dependency to the main project. Whenever I would have to change parameters I would just switch the library in the bin folder of the project on the IIS, but I don't know if this is even feasible.
You can think of what I am trying to accomplish as a licensing module. Say I have a license code and a date in my file/library and every 3 months (otherwise the service will not work) I have to replace it (if the customer renews) and it should only be me that can do it. I realize this is probably not how you would do licensing it is just an example.
Peter
You probably know that if it is a .NET app, then it is very easy to decompile and patch it.
You can use DPAPI for encryption like this:
1. Create a winform/console application which will do the encryption with "LocalMachine" context or a dedicated user on that server.
2. Encrypt a secret string with that app.
3. Decrypt the secret on web application startup with "LocalMachine" or run the application pool with a dedicated user.
Include reference to System.Security, then do something like below and you're done.
DPAPI password encryption in C# and saving into database.Then Decrypting it using a key
Related
I have created a WCF Service Application project and created a single .svc file with a single method that takes a string and returns a string. I published the service to our IIS test server (not local machine IIS) and I can see the default page when browsing to http://wcftesting.com/WCFService.svc.
At this point, I am going to create a small html page to test that I can access this service and that it returns data properly. Before doing that I googled around to see if there were any pre-requisite steps that needed to be taken, but couldn't find anything concrete and most of the information was at least a few years old.
Is there anything else that needs to be done to make this work? Everything is pretty standard. No changes have been made to the web.config file, and no additional attributes have been added to the methods. I had seen some mentions of added RESTFUL attributes to the operation contract, but in all honestly I'm very new and wanted to keep things as bare bones as possible.
We are using Visual Studio 2015 and I believe IIS 7.
My web app currently uses the old FedEx WSDL API for rates and tracking and I have to now test it for FedEx's SHA-2 changes coming in Jan 2016.
I am a little confused about how to easily switch between "Production Environment" and "Test Environment" and need some advice.
I will first explain how the Web Service is currently integrated into my app so you understand the context of my question:
I initially uploaded the FedEx WSDL files to my second server (not the actual server the website app is on) and "Added Web Reference" to the remote url in my project. This may not have been necessary and there may have been an easier way (locally for instance) but because I did not fully understand how it all works this was the easiest route for me at the time.
This created an "App_WebReferences" folder within my project and within that a WSDL file and a discomap file for the track and rate services.
I also have two key/value pairs in my Web.config file under that point to these web references and gateway.fedex.com. I can't remember if I manually created them or if the WSDL import did it automatically.
I know that for testing purposes I need to use the "gatewaybeta.fedex.com" url and my FedEx "Test Credentials" not my "Production Credentials" but I am confused how it all works and where exactly I need to swap over the endpoint urls.
For instance, can I just change the url in the Web.config file or do I have to also change it in the WebReference and the original imported WSDL files that are on my second remote server?
After the import, is the WSDL file on the second remote server even needed or used in a live call by my app to the FedEx web service or can it be deleted now?
The discomap file references the original wsdl file location on my second server so how does that work and what would happen if I deleted the wsdl file from my second server?
Ultimately what I would like to do is create a simple admin FedEx web page with a basic form on it where I can enter a default FedEx tracking number and/or shipment details and then select from a drop-down list between TEST and PRODUCTION and have the aspx.vb code handle the url/credential changes so I don't have to manually change wsdls and webreferences and web.config file keys etc.
Hope someone can clarify this for me and set me on the right track!
Thanks.
Switching from test to production
If you haven't created your production credentials yet, go to the FedEx Web Services page, click "Move to Production" and follow the instructions. Your organization will need a FedEx customer account and you will need that info.
In your Visual Studio project, change the URLs in Properties\Settings.settings and App.config/Web.config. (If you use the UI to change Settings.settings, the config file will update automatically.)
Update the project to use your production credentials.
Consider taking advantage of config transformations to keep your test and production credentials in different config files.
How to add the web reference
What you did (placing FedEx's WSDLs on your own server so you can add the web reference using an http link) is fine but was a little more work than was necessary.
Next time you need to do this, simply keep the WSDLs on your own computer, and when you add the web reference, use a local file path (ex: C:\Users\Desktop\RateService.wsdl).
The WSDL and discomap files
These files are only used by Visual Studio to create the proxy classes. They are not referenced during the actual service calls. You could delete them but, for future reference, make sure they are part of your project.
I don't think there's a problem with the discomap pointing to the WSDL on a different server even if that address no longer exists. I think this reference is only used if you were to update the web reference (right click > Update Web Reference), which you shouldn't be doing because you're supposed to download the latest WSDLs from FedEx's developer site.
FYI: I have found the easiest way to switch between production and test environment endpoint urls and credentials is simply to change the service class object values within the code behind of the page according to the admin user's drop-down list selection.
So if they choose "Test" it's TrackService.Url = "gatewaybeta.fedex.com" and if it's "Production" then it's TrackService.Url = "gateway.fedex.com".
This overrides the endpoints in the web.config and WSDL files.
You have to remember to swap the key/password/meternumber credentials too.
I have more WCF services under an IIS virtual directory. I have to deactivate some of them and I thought, I have just commet out the appropriate sections in the web.config, but it seems not, the client works. Just in the browser comes the error message, that the metadata is not reachable.
Is it actually possible to somehow deactivate the services?
I had an another idea, to rename the .svc files, but I want to avoid that solution.
I am using .Net 4.0.
I've found that:
Simplified Configuration for WCF Services:
http://msdn.microsoft.com/en-us/library/ee530014%28v=vs.100%29.aspx
If you have only one service in the Web application, you may simply stop the app pool associated with the service, provided you have one app pool per web application.
If you have more than one services in the application and you just want to deactivate one,you may remove the respective svc file; or if you use config activation without any svc file, you may comment out respective line in the config. For more details about how to activate services without SVC files, you may read http://www.codeproject.com/Articles/627240/WCF-for-the-Real-World-Not-Hello-World and check the source codes attached in the article.
In Visual Studio 2012, using publish profiles along with web deploy simplifies the deployments quite a bit. However it still is missing few things or may be I don't know how to use it yet.
I prefer to use the NTLM authentication without storing the username and password (especially) in the publish profiles. How can this be done? If I leave the username and password empty, I am prompted for it. Is there a way like manually modifying the .pubxml files?
Why is the username/password stored in PublishProfileName.pubxml that I have checked in the source control and not in PublishProfileName.pubxml.user that is local to each user? I could at least save the username but obviously don't want that to be checked in.
The Configuration itself is not part of PublishProfileName.pubxml but is stored in PublishProfileName.pubxml.user as LastUsedBuildConfiguration.
Same for the Platform as last point.
I am also missing support for multi-server deployments. I am currently forced to use batch files in addition to Publish Profiles.
EDIT
The command line that works fine for publishing is
MSBuild.Exe MyProject.sln /p:Configuration=QA /p:DeployOnBuild=true;PublishProfile=PublishToQA;AllowUntrustedCertificate=true /p:authType=NTLM /p:UserName=
In this I would like to omit the /p:Configuration=QA if the configuration becomes part of the publish profile itself.
Some answers to your questions.
I prefer to use the NTLM authentication without storing the username and password (especially) in the publish profiles. How can
this be done? If I leave the username and password empty, I am
prompted for it. Is there a way like manually modifying the .pubxml
files?
Your authentication is typically driven by how Web Deploy is hosted. By default if you are using the Web Management Service then you are using IIS users for auth. With IIS users you can control which users have permissions to specific sites/apps. You can configure WMSVC to use windows auth as well though. If you have issues using VS for those scenarios let me know.
If you are using the Remote Agent service to host Web Deploy then in this case you'll be using windows auth.
Why is the username/password stored in PublishProfileName.pubxml that I have checked in the source control and not in
PublishProfileName.pubxml.user that is local to each user? I could
at least save the username but obviously don't want that to be checked
in.
We have another mechanism for you to determine what information is private/shared. With the exception of the password all publish info is shared (and checked in by default). In order to simplify the design you can either have a publish profile which is shared, or one which is not shared at all. There is no in-between in which you have a profile that some fields are shared and other not. Password is special cased here and encrypted on a per-user/per-machine basis in the .pubxml.user file.
If you'd like to have a private publish profile then you can simply not check in the .pubxml file which corresponds to the publish profile. These are stored in the Properties\PublishProfiles (or My Project\PublishProfiles for VB) and just exclude them from the project and don't check the files in. The publish dialog looks for the profiles on disk, not just the ones which are in the project. Everything should continue to work.
We don't support the concept of selectively storing values in the .pubxml.user file. The publish dialog will only store a set number of values in that file. Instead of
The Configuration itself is not part of PublishProfileName.pubxml but is stored in
PublishProfileName.pubxml.user as LastUsedBuildConfiguration.
Same for the Platform as last point.
This was a mistake it should have been stored in the .pubxml file, not the .pubxml.user file. We have since fixed this, but haven't had a chance to release the update yet.
The Configuration property cannot be set in the publish profile. The Configuration property is a core part of the build process. To be more specific, the reason why we didn't call this property Configuration is because the .pubxml file is imported into the definition of the .csproj/.vbproj during a build & publish. Since other properties are defined based on Configuration you cannot change the value once it's been set. I just blogged with way too much detail on this subject at http://sedodream.com/2012/10/27/MSBuildHowToSetTheConfigurationProperty.aspx. This limitation is an MSBuild thing not a publish limitation. For command line you should specify Configuration in the following way:
msbuild.exe myproj.csproj /p:...(other properties)... /p:Configuration=
I am also missing support for multi-server deployments. I am currently forced to use batch files in addition to Publish Profiles.
We don't have direct support for this, but if you expand on your needs I may be able to help. FYI I have an extension which you may be interested in. I have posted a 5 min video to http://sedodream.com/2012/03/14/PackageWebUpdatedAndVideoBelow.aspx.
You are free (and encouraged) to manually edit your pubxml files, so feel free to remove the password.
To switch to NTLM, change AuthType to NTLM in the first PropertyGroup.
Platform and Configuration remain build configuration, the user file just stores them so Visual Studio knows what the last configuration you deployed was.
By multi-server, do you mean a web farm? If so, you might try looking at the Web Farm Framework which basically performs MSDeploy syncs from the primary server to the others.
Alternatively, you could switch to the command line and use postSync to upload and execute a batch file on the remote server that triggers the other deployments from there.
I have wcf client. It uses .NET 3.5.
When I compile the client I get two files:
client.exe and
client.exe.config.
The second file contains configuration for the wcf client.
In my case I need to prevent the user sitting on the computer to see the urls and change some other parameters from the config file.
So the requirements are, the end user not to see and modify the data stored in the config. The config file contains the same data as app.config. I need to forbid the person using the program to see the end point urls so easy.
Also I have a lot of configuration there so I do not like to code in the moment.
Is there any solution for the problem (embedded app.config of something else)?
Edit: I do not need configurable options. The config file is automatically created when adding service reference from the studio.
Regards
You can also create your proxies programatically instead of using the service reference feature.
Every parameter in the serviceModel config section can be represented in code as well.
The ChannelFactory class will help you create proxies to the service.
You can easily encrypt entire parts of your config files - and not just web.config in web scenarios, but also application config's in stand-alone apps.
Check out some resources on how to do this:
Encrypting web.config values
Encrypting passwords in .NET app.config file
Encrypting the app.config file for Winforms application