I'm using NetTcpBinding with a WPF client.
i want to know if the CallBackChanel (OperationContext.Current.GetCallbackChannel)
can be spoofed by some one else ...
i meen, can i be sure, if i store this CallBack object in a list, this call back can't be use by some one else ...
exemple :
private class ClientCallBack
{
public IDuplexServiceCallBack CallBack { get; set; }
public long UserId { get; set; }
public bool IsAuthenticate { get; set; }
public DateTime LastPing { get; set; }
public DateTime LastPong { get; set; }
public bool Fault { get; set; }
public long Ping { get; set; }
}
static List<ClientCallBack> Clients;
public void Login(string UserName, string Password)
{
var auth = new AutentificationService();
var user = auth.Login(UserName, Password, true, null);
if (user != null)
{
Clients.Add(new ClientCallBack()
{
CallBack = OperationContext.Current.GetCallbackChannel<IDuplexServiceCallBack>();,
Fault = false,
IsAutenticate = true,
LastPing = DateTime.Now,
LastPong = DateTime.Now,
Ping = 0,
UserId = user.Id
});
}
}
public void action() {
var client = Clients.FirstOrDefault(o => o.CallBack == OperationContext.Current.GetCallbackChannel<IDuplexServiceCallBack>(););
if (client != null && client.IsAutenticate)
{
//This client is authenticated
}
}
is it possible for some one to use the callBack of someone else?
tanks
This is a very vague question, but I think I understand what you are trying to get at. First, OperationContext.Current.GetCallbackChannel will definitely give you the caller of the service, whichever client that may be. Another client (at least on windows) would not be able to use the same TCP channel since it is already in use.
Now if you are talking authentication, or how to make sure the client that called the service is legitimate, that is a different topic all together.
Related
I have a Payment Application in ASP.NET Core-6 Web API Entity Framework. I have this model:
Payment:
public class Payment
{
public Guid Id { get; set; }
public string ReferenceNumber { get; set; }
public string Email { get; set; }
public DateTime TransactionDate { get; set; }
public DateTime? DueDate { get; set; }
public decimal Amount { get; set; }
}
EmailSettings:
public class EmailSettings
{
public string Username { get; set; }
public string Password { get; set; }
public string DisplayName { get; set; }
public string Host { get; set; }
public int Port { get; set; }
}
EmailService:
public async Task<string> SendEmailAsync(List<string> ToEmailName, string Subject, EventModel Data)
{
_mailResponse = string.Empty;
using (SmtpClient smtpClient = new SmtpClient(_mailConfig.Host, _mailConfig.Port))
{
smtpClient.UseDefaultCredentials = true;
smtpClient.Credentials = new NetworkCredential(_mailConfig.Username, _mailConfig.Password);
smtpClient.EnableSsl = true;
smtpClient.DeliveryMethod = SmtpDeliveryMethod.Network;
smtpClient.SendCompleted += new SendCompletedEventHandler((object sender, AsyncCompletedEventArgs e) =>
{
_mailResponse = (e.Error != null || e.Cancelled != false) ? "failure" : "success";
});
MailMessage message = new MailMessage
{
From = new MailAddress(_mailConfig.Username, _mailConfig.DisplayName),
Subject = Subject,
SubjectEncoding = Encoding.UTF8,
BodyEncoding = Encoding.UTF8,
HeadersEncoding = Encoding.UTF8,
IsBodyHtml = true,
Body = GetEmailContent(Subject, Data),
Priority = MailPriority.High
};
foreach (string EmailName in ToEmailName)
{
message.To.Add(new MailAddress(EmailName));
}
await smtpClient.SendMailAsync(message);
}
return _mailResponse;
}
I am using HangFire.
I want the application to run a schedule using HangFire, and iterate the Payment Model using ReferenceNumber and DueDate. Then send email notification to the affected Email, 14 days to the DueDate. Reminding the affected users that his payment should be done on the DueDate
How do I achieve this?
Thanks
This can be done by scheduling notification directly based on DueDate - 14 days (or current date if that is less than 14 days away).
Also probably you would need to some extra check to your notification to see if that has already been paid before sending a reminder.
BackgroundJob.Schedule(
() => NotficationService.SendPaymentNotificationEmail(Payment.Id),
TimeSpan.FromDays(DueDate.AddDays(-14)));
Reference:
https://docs.hangfire.io/en/latest/background-methods/calling-methods-with-delay.html
I would like to build a authorization service using gRPC under .Net Code. In order to do that, I need to pass a System.Security.Claims.ClaimsPrincipal object as a request argument from caller to the server so the server can use it to authorize the caller. But I don't know how to that - how can I define a .proto for a class that is a standard library. What am I supposed to do?
I'm doing the same, using protobuf-net grpc libraries.
As many of the Identity/Security classes (if you are using them) are from Microsoft, you'll need to expose their members for serialization; you can use:
RuntimeTypeModel.Default.Add(typeof(SignInResult), false).Add(
nameof(SignInResult.Succeeded),
nameof(SignInResult.IsLockedOut),
nameof(SignInResult.IsNotAllowed),
nameof(SignInResult.RequiresTwoFactor)
);
and list the members that need to be exposed over gRpc.
As for ClaimsPrincipal, specifically, that is what I'm currently trying to implement. For Claims, i'm using a surrogate class:
RuntimeTypeModel.Default.Add(typeof(Claim), true).SetSurrogate(typeof(ClaimSurrogate));
public class ClaimSurrogate
{
[DataMember, ProtoMember(1)]
public string Type { get; set; }
[DataMember, ProtoMember(2)]
public ClaimsIdentity Subject { get; set; }
[DataMember, ProtoMember(3)]
public IDictionary<string, string> Properties { get; set; }
[DataMember, ProtoMember(4)]
public string OriginalIssuer { get; set; }
[DataMember, ProtoMember(5)]
public string Issuer { get; set; }
[DataMember, ProtoMember(6)]
public string ValueType { get; set; }
[DataMember, ProtoMember(7)]
public string Value { get; set; }
public static implicit operator ClaimSurrogate(Claim claim)
{
if (claim == null)
return null;
return new ClaimSurrogate()
{
Type = claim.Type,
Subject = claim.Subject,
Properties = claim.Properties,
OriginalIssuer = claim.OriginalIssuer,
Issuer = claim.Issuer,
ValueType = claim.ValueType,
Value = claim.Value
};
}
public static implicit operator Claim(ClaimSurrogate surrogate)
{
if (surrogate == null)
return null;
return new Claim(surrogate.Type, surrogate.Value, surrogate.ValueType, surrogate.Issuer, surrogate.OriginalIssuer, surrogate.Subject);
}
}
And I'm assuming that ClaimsPrincipal can be done the same way, but, I'm having trouble with it. That is how I came across your question...
Actually, by, trying to provide an answer...Literally, I just realized what I overlooked, I need to also set up a surrogate for the ClaimsIdentity
So far, I've needed surrogates for 'third' party classes that have get; only properties. ClaimsPrincipal has these types of properties, and so does ClaimsIdentity (as does Claim). I'll update/comment if ClaimsIdentitySurrogate does the trick
Updates:
Yes, it can be done. Surrogates, like the example above, will be needed for ClaimsIdentity and IIdentity. These classes are used as members/properties within ClaimsPrincipal.
ClaimsIdentity: you can mix up the SetSurrogate and the Add(nameof(...)) as it has get onlies and get/sets (get/sets go in the Add portion). Do not include the Actor in the ClaimsIdentity surrogate as it will create a never ending loop in your service's startup. If you do include it, make sure it is not a DataMember/Protomember. And (private) set it in the surrogate operator. Same same with Claims.
Essentially, any surrogates with members that reference the parent class, or that of a another type with a surrogate that references this parent type, will create a circular reference and error out your service on startup.
IIdentity: This is a simple one, just
RuntimeTypeModel.Default.Add(typeof(IIdentity), false).
Lastly (I posted this update when I thought I had it, but, amidst all the UT tests and changes, etc, I posted a bit early; after making a breaking change on the ClaimPrincipal surrogate class)....
You'll want an IIdentity dummy class that will be used in your ClaimPrincipal surrogate, instead of the IIdentity Identity {get;set;}. This dummy class should inherit from IIdentity, e.g.
[DataContract]
public class IIdentityFraud : System.Security.Principal.IIdentity
And within your surrogate's implicit operator:
IIdentityFraud identityfraud = null;
if (claimPrincipal.Identity != null)
{
identityfraud = new IIdentityFraud(claimPrincipal.Identity.AuthenticationType, claimPrincipal.Identity.Name, claimPrincipal.Identity.IsAuthenticated);
}
Updates (11/05/2021):
[DataContract]
public class ClaimsPrincipalSurrogate
{
[DataMember, ProtoMember(1)]
public IIdentityFraud Identity { get; set; }
[DataMember, ProtoMember(2)]
public IEnumerable<ClaimsIdentity> Identities { get; set; }
[DataMember, ProtoMember(3)]
public IEnumerable<Claim> Claims { get; set; }
public static implicit operator ClaimsPrincipalSurrogate(ClaimsPrincipal claimPrincipal)
{
if (claimPrincipal == null)
{
return null;
}
else
{
IIdentityFraud identityfraud = null;
if (claimPrincipal.Identity != null)
{
identityfraud = new IIdentityFraud(claimPrincipal.Identity.AuthenticationType, claimPrincipal.Identity.Name, claimPrincipal.Identity.IsAuthenticated);
}
return new ClaimsPrincipalSurrogate()
{
Identity = identityfraud, // (System.Security.Principal.IIdentity)identityfraud,
Identities = claimPrincipal.Identities,
Claims = claimPrincipal.Claims
};
}
}
public static implicit operator ClaimsPrincipal(ClaimsPrincipalSurrogate surrogate)
{
if (surrogate == null)
return null;
if (surrogate.Identities != null && surrogate.Identities.Any() == true)
{
return new ClaimsPrincipal(surrogate.Identities);
}
else if (surrogate.Identity != null)
{
return new ClaimsPrincipal(surrogate.Identity);
}
return new ClaimsPrincipal();
}
}
[DataContract]
public class ClaimsIdentitySurrogate
{
[DataMember, ProtoMember(1)]
public string AuthenticationType { get; set; }
[DataMember, ProtoMember(2)]
public string Name { get; set; }
//[DataMember, ProtoMember(3)]
//public string Label { get; set; }
[DataMember, ProtoMember(4)]
public bool IsAuthenticated { get; set; }
[DataMember, ProtoMember(5)]
public IEnumerable<Claim> Claims { get; private set; }
//[DataMember, ProtoMember(6)]
//public object BootstrapContext { get; set; }
//[DataMember, ProtoMember(7)]
public ClaimsIdentity Actor { get; private set; }
[DataMember, ProtoMember(8)]
public string RoleClaimType { get; set; }
[DataMember, ProtoMember(9)]
public string NameClaimType { get; set; }
public static implicit operator ClaimsIdentitySurrogate(ClaimsIdentity claimIdentity)
{
if (claimIdentity == null)
return null;
return new ClaimsIdentitySurrogate()
{
AuthenticationType = claimIdentity.AuthenticationType,
Name = claimIdentity.Name,
//Label = claimIdentity.Label,
IsAuthenticated = claimIdentity.IsAuthenticated,
Claims = claimIdentity.Claims,
//BootstrapContext = claimIdentity.AuthenticationType,
Actor = claimIdentity.Actor,
RoleClaimType = claimIdentity.RoleClaimType,
NameClaimType = claimIdentity.NameClaimType
};
}
public static implicit operator ClaimsIdentity(ClaimsIdentitySurrogate surrogate)
{
if (surrogate == null)
{
return null;
}
if (surrogate.Claims?.Any() == true)
{
return new ClaimsIdentity(surrogate.Claims, surrogate.AuthenticationType);
}
else
{
return new ClaimsIdentity(surrogate.AuthenticationType, surrogate.NameClaimType, surrogate.RoleClaimType);
}
}
}
[DataContract]
public class IIdentityFraud : System.Security.Principal.IIdentity
{
[DataMember, ProtoMember(1)]
public string AuthenticationType { get; private set; }
[DataMember, ProtoMember(2)]
public string Name { get; private set; }
[DataMember, ProtoMember(3)]
public bool IsAuthenticated { get; private set; }
public IIdentityFraud() { }
public IIdentityFraud(string authenticationType, string name, bool isAuthenticated)
{
this.AuthenticationType = authenticationType;
this.Name = name;
this.IsAuthenticated = isAuthenticated;
}
}
[DataContract] //don't know if this is really needed. Too involved in testing out the rest of it and have yet to come back to this.
public class IIdentitySurrogate : System.Security.Principal.IIdentity
{
[DataMember, ProtoMember(1)]
public string AuthenticationType { get; set; }
[DataMember, ProtoMember(2)]
public string Name { get; set; }
[DataMember, ProtoMember(3)]
public bool IsAuthenticated { get; set; }
public static implicit operator IIdentitySurrogate(IIdentityFraud iidentity)
{
if (iidentity == null)
return null;
return new IIdentitySurrogate()
{
AuthenticationType = iidentity.AuthenticationType,
Name = iidentity.Name,
IsAuthenticated = iidentity.IsAuthenticated
};
}
public static implicit operator IIdentityFraud(IIdentitySurrogate surrogate)
{
if (surrogate == null)
return null;
return new IIdentityFraud(surrogate.AuthenticationType, surrogate.Name, surrogate.IsAuthenticated);
}
}
More of what is executed on startups:
#region ClaimsIdentity
RuntimeTypeModel.Default.Add(typeof(ClaimsIdentity), true).Add(
nameof(ClaimsIdentity.Label),
nameof(ClaimsIdentity.BootstrapContext),
nameof(ClaimsIdentity.Actor)
).SetSurrogate(typeof(ClaimsIdentitySurrogate));
#endregion ClaimsIdentity
#region ClaimsPrincipal
RuntimeTypeModel.Default.Add(typeof(ClaimsPrincipal), true).SetSurrogate(typeof(ClaimsPrincipalSurrogate));
#endregion ClaimsPrincipal
#region IIdentity
RuntimeTypeModel.Default.Add(typeof(IIdentity), true);
#endregion IIdentity
I have a saga data class with one property marked by Unique attribute. However, this didn't prevent NServiceBus from creating several sagas with identical values in this field.
Here is my data class:
public class ModuleAliveSagaData : ContainSagaData
{
[Unique]
public string ModuleId { get; set; }
public string Endpoint { get; set; }
public string Module { get; set; }
public DateTime LastCheck { get; set; }
public bool Warning { get; set; }
public bool Error { get; set; }
}
Here is the mapping:
public override void ConfigureHowToFindSaga()
{
ConfigureMapping<ModuleAliveMessage>(m => m.Id).ToSaga(s => s.ModuleId);
}
Here is how data gets its values:
public void Handle(ModuleStartedMessage message)
{
Log.InfoFormat("Module {0} started on {1} at {2}", message.ModuleName, message.Endpoint, message.Timestamp);
Data.ModuleId = message.Id;
Data.Endpoint = message.Endpoint;
Data.Module = message.ModuleName;
Data.LastCheck = DateTime.Now;
Data.Warning = false;
Bus.SendLocal(new SendNotification
{
Subject = string.Format("Module {0} is online at {1}", Data.Module, Data.Endpoint)
});
RequestTimeout<ModuleCheckTimeout>(TimeSpan.FromMinutes(5));
Bus.Publish(new ModuleActivated
{
Endpoint = message.Endpoint,
Module = message.ModuleName
});
}
And here is what I see in the saga persistence table (Azure table storage):
Does it suppose to work like this or may be I am missing something?
Yves wrote this in comments, basically it is the proper answer:
Azure storage cannot check for uniquess besides the partitionkey/rowkey pair, so that attribute is ignored. If you need uniqueness you will have to consider another storage techology. PS: this is a known limitation of the underlying storage: http://github.com/Particular/NServiceBus.Azure/issues/21
I want to use ReadAsAsync() in my mvc project with .net 4.0. The result comes as null.
If I enter the uri to address bar, the result in chrome as(tag names are changed):
<ns2:MyListResponse xmlns:ns2="blablabla">
<customerSessionId>xxcustomerSessionIdxx</customerSessionId>
<numberOfRecordsRequested>0</numberOfRecordsRequested>
<moreResultsAvailable>false</moreResultsAvailable>
<MyList size="1" activePropertyCount="1">
<MySummary order="0">
<id>1234</id>
<name>...</name>
.
.
</MySummary>
</MyList>
</ns2:MyListResponse>
If I use the statement in code :
using (var client = new HttpClient())
{
var response = client.GetAsync(apiUri).Result;
var message = response.Content.ReadAsStringAsync().Result;
var result1 = JsonConvert.DeserializeObject<MyListResponse>(message);
var result2 = response.Content.ReadAsAsync<MyListResponse>().Result;
}
the message comes in string format as "{\"MyListResponse\":{\"customerSessionId\"...}" which corresponds to a json object as:
{"MyListResponse":
{"customerSessionId":"xxcustomerSessionIdxx",
"numberOfRecordsRequested":0,
"moreResultsAvailable":false,
"MyList":
{"#size":"1",
"#activePropertyCount":"1",
"MySummary":
{"#order":"0",
"id":1234,
"name":"...",
.
.
}
}
}
}
and the properties of result1 and result2 came as null or default values. Class definitions are below. I want to read the content as an object but I couldn't. What do you advice to solve this? What am I doing wrong? Thanks in advance.
public class MySummary
{
public int #Order { get; set; }
public string Id { get; set; }
public string Name { get; set; }
.
.
}
public class MyList
{
public int #Size { get; set; }
public int #ActivePropertyCount { get; set; }
public MySummary MySummary{ get; set; }
}
public class MyListResponse
{
public string CustomerSessionId { get; set; }
public int NumberOfRecordsRequested { get; set; }
public bool MoreResultsAvailable { get; set; }
public MyList MyList { get; set; }
}
I defined a new class as:
public class ResponseWrapper
{
public MyListResponse MyListResponse { get; set; }
}
then I used this wrapper with,
var result1 = JsonConvert.DeserializeObject<ResponseWrapper>(message);
var result2 = response.Content.ReadAsAsync<ResponseWrapper>().Result;
then it worked. I need only MySummary object but I should write more classes to make it work.
After reading your solution I came up with one that doesn't need an extra class:
private static async Task<U> Execute<U>(HttpClient client, string path)
{
U output = default(U);
HttpResponseMessage response = await client.GetAsync(path);
if (response.IsSuccessStatusCode)
{
var jsonAsString = await response.Content.ReadAsStringAsync();
output = JsonConvert.DeserializeObject<U>(jsonAsString);
}
else
{
throw new ApplicationException(string.Format("Response message is not OK. Issues in action: {0}", path));
}
return output;
}
For the sake of future readers, I think the correct approach is using ReadAsAsync overload that takes IEnumerable<MediaTypeFormatter> and provide a formatter with the same settings used on the server for serialization. That should fix it.
It is possible to use at client ReadAsAsync with MyListResponse directly (in consequence without ResponseWrapper). To do this, you can define "BodyStyle = WebMessageBodyStyle.Bare" in the operation contract of "apiuri" in stead of "BodyStyle = WebMessageBodyStyle.Wrapped" (server side, i.e. service contract).
I have two saga's namely a client saga and a client billing saga.
public class ClientSagaState:IContainSagaData
{
#region NserviceBus
public Guid Id { get; set; }
public string Originator { get; set; }
public string OriginalMessageId { get; set; }
#endregion
public Guid ClientRef { get; set; }
public ClientMessage ClientChangeMessage { get; set; }
public ClientContactChangeMessage ClientContactChange { get; set; }
}
public class ClientBillingSagaState:IContainSagaData
{
#region NserviceBus
public Guid Id { get; set; }
public string Originator { get; set; }
public string OriginalMessageId { get; set; }
#endregion
public Guid ClientRef { get; set; }
public Guid FunderRef { get; set; }
public Guid ClientBillingRef { get; set; }
public ClientBillingMessage ClientBillingMessage { get; set; }
}
public class ClientSaga:Saga<ClientSagaState>,
IAmStartedByMessages<ClientChangeMessage>,
IAmStartedByMessages<ClientContactChangeMessage>
{
public override void ConfigureHowToFindSaga()
{
ConfigureMapping<ClientChangeMessage>(s => s.ClientRef, m => m.EntityRef);
ConfigureMapping<ClientContactChangeMessage>(s => s.ClientRef, m => m.PrimaryEntityRef);
}
public void Handle(ServiceUserChangeMessage message)
{
if (BusRefTranslator.GetLocalRef(EntityTranslationNames.ClientChange, message.EntityRef.Value) != null)
{
GetHandler<ClientChangeMessage>().Handle(message);
CompleteTheSaga();
return;
}
HandleServiceUserChangeAndDependencies(message);
//MarkAsComplete();
CompleteTheSaga();
}
}
public class ClientBillingSaga:Saga<ClientBillingSagaState>
,IHandleMessages<ClientChangeMessage>,
IAmStartedByMessages<ClientBillingMessage>,
IHandleMessages<FunderChangeMessage>
{
public override void ConfigureHowToFindSaga()
{
ConfigureMapping<ClientChangeMessage>(s => s.ClientRef, m => m.EntityRef);
ConfigureMapping<FunderChangeMessage>(s => s.FunderRef, m => m.EntityRef);
ConfigureMapping<ClientBillingMessage>(s => s.ClientBillingRef, m => m.PrimaryEntityRef);
}
public void Handle(ClientChangeMessage message)
{
var state = this.Data;
if (state.ClientBillingMessage != null)
{
Handle(state.ClientBillingMessage);
}
}
public void Handle(CareSysInvoiceLineInsertMessage message)
{
//First check for the funder
//If funder is not there store the message in saga
//If funder is there then check for client
//If client is not there then put the message in saga
// if funder and client are there then execute the message delete the saga
}
}
Here is the scenario:
1)If i receive a ClientBillingMessage whose client and funder are not there , i store this message in saga.
2)If now the funder message comes then it gets executed , but the saga still persists as it is waiting for client message
3)Now if the client message comes it runs the ClientBillingSaga's client message handler first hence the already existing ClientBillingSaga still persists and after that it goes and executes the handler inside the ClientSaga for Client message.
My question: Is there any way i can order the execution of these two saga. I found ISpecifyMessageHandlerOrdering interface which deals with handling of messages but i don't think i can use it for saga.
Sagas are meant to help with synchronising events over time.
You can collect the data you need form the messages you handled in your saga state and once you you have handled all then proceed to send a command/publish an event so the business logic could be processed by a handler.
Note: The actual work (business logic and domain data manipulation) should be done in a separate handler (to comply with SRP and unit of work).
hope this helps
I think you should not be ordering the execution of two Sagas. Saga should be autonomous acting purely on the messages it receives, has an internal state and either sends out messages or complete. If you really want to interact with another Saga, you should be using messages(commands/events).