I will soon be hosting my MVC site to an external provider (I am yet to finalize the hosting services company).
My website is developed using ASP.NET MVC 4 and it is using SQL Server 2008 as its database.
I will publish 3 applications under single domain:
MVC 4 external site - Public access
WCF service - Consumed by external site
MVC 4 internal site - Restricted access (admin and configuration
purpose)
There are few questions striking me at the moment -
How can I make my code secure so that it can't be refactored from
its DLLs?
How to make CSHTML (razor) views secure so that noone from the
hosting company can see its internals?
Finally, how to make SQL Server database secure so that no one in
hosting company can open it through SSMS?
These all questions are interrelated and so I have posted in a single question.
I am not sure, if anyone in hosting company can really bother about the code or database of their customers, but its just a security consideration.
Short answer is: You cannot. You need to have a minimum amount of trust toward your hoster. If you don't, find someone else.
The only way to have the kind of security you want would be to host the website yourself, on a machine where you yourself control physical access (i.e. on site). Next best solution would be to rent a root server, but even then you cannot lock out the hosting company reliably.
You can obfuscate the DLLs to make decompiling harder (but not impossible), but there is no way (that I know of) to do that with Razor views. I would not recommend doing that for a website either way. The database cannot be obfuscated like that by design, especially if it is on a shared server.
Long story short: If you run code or store data on a machine you do not own, you can no longer completely control access to it.
Related
I'm new to web development and just built my first website with .Net Core. It's primarily HTML, CSS, and JavaScript with a little C# for a contact form.
Without recommending any service providers (question will be taken down), how do I go about deploying the website? The more details the better as I have no idea what I'm doing haha.
Edit: I am definitely going to go with a service provider, however the business I am building the website for doesn't have a large budget so I want to find the best provider at the lowest cost.
Daniel,
As you suspect, this is a bit of a loaded question as there are so many approaches. One approach is to use App Services within Microsoft Azure. You can create a free trial Azure account to start that includes a 200.00 credit, which is more than enough to do all of this for free. Then, using the Azure Management Portal, create an App Service (also free) on an App Service Plan in a region that makes sense for you (i.e. US West). Once you do that, you can download what is called a Publish Profile from within the App Service's Management Portal in Azure.
If you're using Visual Studio, for example, you can then right click your project and "Publish" it (deploy to the cloud, or the App Service you just created). One option in that process is to import an Azure Publish Profile, which you can do with the one you just downloaded. This makes it really simple. The Publish Profile is really just connection information to your Azure App Service (open it in Notepad to see). It will chug for a bit and then publish and load the app for you. You can also get to the hosted version of your app by clicking the Url of the app in the App Service management portal on the main page.
This may be oversimplifying what you need to do, but this is a valid direction to take. AWS and others have similar approaches.
Again, tons of ways to do this, but this is a free approach. :-) I don't consider Azure a Service Provider in the sense that you asked us not to. Instead, I wanted to outline one turn-key approach with specific details on how to get there.
You can find specific steps in a lot of places, such as this link:
https://www.geeksforgeeks.org/deploying-your-web-app-using-azure-app-service/
DanielG's answer is useful, but you mentioned you don't want use any services from service provider.
Usually, there are only three ways to deploy the program,
first one is the app service provided by the service provider mentioned by DanielG,
**Benefits of using service provider products:**
1. Very friendly to newbies, follow the documentation to deploy the application in a few minutes.
2. It offers a very stable, scalable service that monitors the health of our website.
3. We can get their technical support.
**Shortcoming**
It is a paid service, and although Azure's service has a free quota, it will run out.
**Suggestion**
It is recommended that websites that are officially launched use the services of service providers.
second one is to use fixed IP for access (it seems that fixed iPv4 IP is not provided in network operations),
**Benefits of using fixed IP:**
If there is a fixed IP address, or if the carrier supports iPv6, we can deploy our website, and the public network can access it. And if you have domain, it also can support https.
**Shortcoming**
1. There are cybersecurity risks and are vulnerable to attack.
2. Without perfect website health monitoring, all problems need to be checked by yourself, and it is very troublesome to achieve elastic expansion.
**Suggestion**
It is generally not recommended because there is no fixed IP under normal circumstances. Broadband operators used to offer it, but now it doesn't.
If you are interested, you can try ipv6 to test.
the last one is to use tools such as ngrok or frp for intranet penetration.
**Benefits of using intranet penetration:**
Free intranet penetration services such as ngrok, the URL generated by each run is not fixed, and there are some limitations, such as a new URL will be generated after a certain period of time, which is enough for testing.
Of course you can purchase the service of this tool, which provides fixed URLs and supports https.
**Shortcoming (same as the second one)**
**Suggestion**
The functional implementation is the same as the second suggestion, and the physical devices used by the website are all their own. The intranet penetration tool (ngrok, or frp) solves the problem of not having a fixed IP, providing a URL that you can access.
There are few users and the demand for web services is not high, so it is recommended that individual users or small business users use ngrok and frp in this scenario. Generally suitable for OA use in small businesses.
I have developed a POS system using ASP.NET Core 5 MVC. I want it to work offline in case there is no internet connectivity.
How can we make an ASP.NET Core MVC app work with a local and remote database?
According to your needs description, I think the following scheme will be more suitable for you.
The first situation:
1. You need to have one physical server (used to deploy the website and install the database), or two, depending on your performance requirements.
2. If you have an independent public network IP, it is best. If you don't, you need to use an intranet penetration tool, such as ngrok. When users have a network, they can access the public network.
If the above two conditions are met, when the Internet gateway service is disconnected, users in your intranet can still access the website and can work normally. However, if you leave the intranet, such as when you return home, you will not be able to access it. At this time, it is equivalent to offline.
When the public network environment of the intranet is restored, it can be accessed from the public network again.
The second situation:
If you are using a cloud server, this situation does not exist. I don't think it makes sense to use offline and remote databases. When it is stored in the local database when offline, there will always be data out of sync.
We are implementing Sharepoint 2010 and the architecture we are planning to deploy is made by 1 WFE, 1 Application and 1 DB server.
Our customer policy requires however that the Web front end must be isolated from the DB, so the 2 servers will not be able to communicate directly (WFE will talk only to App, and App will talk to DB).
What are the implications of this kind of solution? Could we have issues with some of the services? I'm thinking specially about the reporting: Excel services, Performance Point and Reporting Services.
Thanks.
This is not possible. Every server in the farm must be able to talk to SQL. This is just a guess, but it sounds like they are looking to implement the WFE in a DMZ and then have SQL on the internal network? Planning for that kind of farm is beyond what I can explain in a post here (and probably beyond what you should be configuring if you weren't already aware of the typologies), but this link should give you a start on typology and security considerations for this setup. The one farm I have built that used this typology was very difficult to get setup and involved several meetings with the company firewall team.
http://technet.microsoft.com/en-us/library/cc263513(v=office.14).aspx
We are developing a desktop Windows 8 application, that work with WCF-service. We want enable work with Azure WCF-service and with WCF-service in local network(choosingly). Application will be publish in Windows Store.
What the best practise deploy WCF-service on local server of company?
I understand what you want. Let's pretend the Azure part is not an option. How can a Windows Store App use a local service (WCF or not)? That's the fundamental question.
Here's the answer(s):
First, a Windows Store App cannot access intranet services unless it has private network access declared in its manifest. It looks like this:
Second, in order to use private networks in your manifest and get accepted into the Windows Store, you must be a company publisher and not an individual. More on this is discussed in this SO question: Which features are allowed for company store accounts and not individual?
Third, a local service cannot be mistakenly thought of as localhost. To this end, localhost is not available to Windows Store Apps, unless they are side-loaded (which means they are manually installed and not delivered through the Windows Store at all). To access localhost, you can enable loopback, but, as I stated, this disqualifies you from the Windows Store. There's more on this here: How does Windows 8 Loop Back work?
Forth, because you are talking about a service, you might want to authenticate the user. This is accomplished using enterprise authentication (just like in number 1) only a few checkboxes higher. And it has the same restrictions as private networks.
Fifth, you are not asking this, but to be clear, local access does not mean you can speak to a local SQL server. The reason for this is because the SQL namespace is not part of WinRT or .Net for WinRT. Windows Store Apps are intended to be service-based apps.
And, that's about it. I think you are good if you follow that.
It doesn't sound like you are talking about a pure enterprise-play, but it might be interesting to you to read through some of the strategies for enterprise developers: http://blog.jerrynixon.com/2012/08/windows-8-apps-whats-enterprise-to-do.html
As for deploying WCF, there's nothing special just because a Windows Store App is accessing it. So for deployment, just use vanilla techniques you are already using. :) That's it.
Best of luck!
I have a Small ERP Financial Software developed in VB.Net and SQL Server consisting on modules
HRM, Accounts, General Ledger etc.
Now i want to run some module on web but Creating all application in asp.net or other web tools is too much time taking.
Is There any way to run this Desktop application on web espacially in Web Browsers. ?
Any Help.
If you don't want to re-write your application you could have a look at Go Global.
I can't vouch for it as I have personally never used it, but I know of people who have.
I have tested that for a proof of concept on the past and it runs great. Called .net zero deployment, you can look it up. The only concern is off you need database access, remember that you are paying through the port 80, so a need for a web service to access database call may be needed. Not sure of I have still the code trial, but I can look.