I am trying to use the new .NET methods of sending email (System.Net.Mail), but I have various troubles along the way. My VB.NET app allows users to gather info and email it out based on the smtp server specs they set. Current issues are sending using STARTTLS (i think thats what its called) and doing things like authenticating via POP before being granted the ability to send.
I have had great reliability using CDO to deliver mail in the past as a part of a vbscript I wrote, and am going to look at integrating that over Net.Mail.
Is there a problem with using CDO to deliver email, over current .NET methods? Is it deprecated, or bad practice? Is there any limitation based on current email technology?
Am I totally going to wrong direction, and should instead, use a precompiled SMTP Mail application I can drop in as part of my application? I have seen people do this over writing their own code to deliver mail. If you like this method, what are some good choices?
Related
we are trying to build an application which is accessable via onetime passwords without a "user" having the need to register.
We did came accross the term magic-links sent via email, but there is only some old experimental keycloack extention for this.
Is there any way to build some auth flow like the following with keycloack?
User A is a fully registered User creating some document. This document needs some interaction with a Third Party Person (TPP) not registered.
Now User A sends an E-Mail invite to the TPP with a link to the document. When the TPP opens the link our application should ask for the email address and send a magic link or code to this email. Whith that email or magic code the user gets access to the document for the time it takes to complete the approval process. After the work of the TTP is done, the access should expire (or expire automatically after X days not used).
It does sound quite similar to what is possible with SaaS offerings like https://magic.link/ or https://www.arengu.com/ but we are using keycloack and would like to integrate it into it as well.
Does anyone have an idea how to achieve this with keycloak?
I know this is outdated, but perhaps someone else coming along may find this useful. There is a newer implementation of this feature provided here: https://github.com/p2-inc/keycloak-magic-link
We have found it usable and useful for our needs and works well in the latest version of Keycloak (18.x).
I was reading through the windows live developers doc here. In that I saw they are having an authentication method something like this.
GET https://oauth.live.com/authorize?client_id=CLIENT_ID&scope=SCOPES&
response_type=RESPONSE_TYPE&redirect_uri=REDIRECT_URL
I understood everything except for where do I give the username and password of the user?
I am planning to create an app(first one in my life) to learn the working.
I also have never used or coded something over REST.
When using OAuth, your application never receives the user's username or password. Rather, the user logs in to Windows Live on the Windows Live servers and authorizes your application for access to their information. After they have authorized your application, you receive an access token from Windows Live on behalf of the user. You then use that access token with the Live API to retrieve user information.
Coding something using REST protocols isn't anything too terribly complicated. It has been my experience that you're just specifying parameters to the API using GET or POST as your request method. Adding OAuth on to your requests is a matter of specifying additional parameters.
You're task is to learn two things here since you've never done REST or OAUTH before. Spend time looking at both.
Oauth is hard to get and hard to implement.
You should choose an off-the-shelf Oauth library they exists for most languages.
(Then you do not have to worry about the details. OTOH: You should know how it works to know how to set up and fix if something goes wrong.)
http://oauth.net/code/
I have a vb.net application that uses my gmail smtp server settings and my password to send me the users feedback through the email, (I don't want to show my email to the users)
The problem is I want to store these data securely in the vb.net application so that It's hard for any hackers/crackers through (reverse engineering or programs like cheat engine) to get my gmail account data.
Any ideas are welcome.
You cannot be 100% secure, you could store the email in a resource file and use an obsficator to make it much harder to get at the string but it is possible to break it (encrypted resource files and strings). However Even if you used a different email address and setup a forwarding rule the password for that account could still be comprimised. Anything you have access to in code a hacker could potentially break into as the key will be in clear text at some point.
You have a number of secure options:
Setup a webservice to receive your messages and email them onto you/log them to a database
Log your messages to a 3rd Party system (irc? news? some p2p network, IM system), and pick um the messages later.
Setup a Source Control/issue site for your system, google code/bitbucket/something else that has the ability to receive issues via an api.
I don't know if this makes any sense but what I'd do is let the program run an external PHP script that sends the mail.
Basically, if I'm understanding your question, you don't want the password in clear text in your .exe. Correct?
The solution is simply to ENCRYPT the string in your program, then decrypt it at runtime (pass your decrypted variable to your e-mail function).
Any two-way encryption will work. For example:
http://www.vbdotnetforums.com/security/1240-encrypt-password.html
As other people pointed out saving the password to your email in your application is unsafe because somebody might be able to crack your code and retrieve your password.
For logging errors, I suggest creating a very small PHP script and putting it on a PHP server. When an error occurs in your VB.NET application, the application can send data to this .php script. The script can save the data in a file or in a MySQL database.
All the things you need for sending data to PHP scripts can be found in "System. Net. WebRequest" namespace in VB.NET.
If you cannot use a PHP script, you may use a combination of IsolatedStorage ("System.IO.IsolatedStorage" namespace) and Cryptography ("System.Security.Cryptography" namespace) to save sensitive data. But, this is not completely secure to savvy attackers.
Is there any way to provide two factor authentication for Microsoft Outlook client. It may use ISA server or any other. Basically 2-factor authentication is possible for OWA but I haveb't been able to find a way to implement it for Microsoft Outlook.
In order for that to work, you would have to change the authentication method in Exchange. This is easy to do in packages like postfix a la:http://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-configure-webmail-for-wikid-strong-authentication/, however, I bet it would a lot harder for Exchange.
Currently on our system, when a user contacts us, we reply via our admin panel. The user is then sent an email containing our message and the other messages in the conversation.
Then the user has to click on 'Reply to this message' which opens up our website, with a contact enquiry form, and submits the message to the conversation (using a QueryString to tell which conversation it belongs to).
However, a lot of users like to simply reply to the email sent to them.
How can I track their reply and automatically add this to the same conversation?
We're currently using ASP.NET 3.5, IIS6 & SQL Server 2005, however will be upgrading to ASP.NET 4.0, IIS7 & SQL Server 2008
Thanks,
Curt
It's not a full code solution (but hey, that's not what this place is for anyway), but this is a general idea:
Specify a reply-to header in the messages you send (or simply use the from address). Then set up a script that periodically reads the emails send to that address and inserts them into your database (to be viewed). In order to get the correct threads, you can use the in-reply-to header in the message sent to you. I don't know by heart how to find the message-id of a mail you sent, but a little research on your part should reveal that. (if worst comes to worst, you can always BCC yourself the message and read it from there, but there should be easier ways).
Note that some people (most notably GMail) refuse to use in-reply-to headers because of how people use email (though I don't think it would be much of a problem in the case you are describing) and use topics to create threads instead. This may be an easier solution, though it may be less reliable in your case.