|
My vote of #1 on this "answer." All you have done is make fun of the OP; for what ?
"Is it a fact - or have I dreamt it - that, by means of electricity, the world of matter has become a great nerve, vibrating thousands of miles in a breathless point of time? Rather, the round globe is a vast head, a brain, instinct with intelligence!" - Nathanial Hawthorne, House of the Seven Gables
|
|
|
|
|
No I didn't, I clearly stated my opinion, which I believe is held by many.
|
|
|
|
|
They won't have comments or the original local variable names. So .NET languages can also not be decompiled completely.
Furthermore, your anti-cracker defense should not rely on their ability to read your code, because they can do so anyway. If the CPU can execute the code, then a cracker can read the code. You can slow them down at best.
If you have sensitive code that absolutely must not be read by crackers, you can hide it behind a webservice.
|
|
|
|
|
Sort of (it is a necessary evil of using a good framework and a virtual machine like Java or .Net, the IL is much more easily read than machine assembler). There are also disassemblers for conventional languages, so nothing is entirely safe – unless you hide it behind a web service call, as someone else mentioned.
An obfuscator can help by making more of the internal method calls, classes etc hard to read, and hiding values to avoid search-based finding of critical code. But if someone tries hard enough, they can virtually 'run' your program and reverse engineer it, whatever language you write it in, if you give them the program. (If that wasn't the case, it wouldn't be executable.)
|
|
|
|
|
This is a gripe and a question, maybe someone can help me
Problem Scenario:
I just upgraded to Visual Studio 2010 Professional. I noticed some wierd things happening and after troubleshooting came up with this scenario
Create a C# Windows Form Application in Visual Studio 2005 Professional
Create a C# Windows Form Application in Visual Studio 2010 Professional
Identical code in each
namespace WindowsFormsApplication2
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
}
}
}
Visual Studio 2005
uncomment the 'throw' statement in the Form1 constructor. Visual Studio will report the exception and halt the code.
uncomment the 'throw' statement in the Form1_Load event handler. Visual Studio will report the exception and halt the code
Visual Studio 2010
uncomment the 'throw' statement in the Form1 constructor. Visual Studio will report the exception and halt the code.
uncomment the 'throw' statement in the Form1_Load event handler. Visual Studio silently aborts the method and continues running the code
This means that, in VS2010, in order to stop on , for example, a System.NullReferenceException that I threw, I have to check the "Thrown" box in the Exceptions configuration (cntrl+shift+E). Doing this causes it to stop on *every* System.NullReferenceException, even ones that are swallowed by a try/catch block.
I want VS2010 to act like 2005. Halt on any Exception that isn't explicitly delt with by a try/catch block, even Exceptions that I throw myself.
I don't get why it will halt on an explicit throw in the Forms constructor, but silently abort the method when thrown in the event handler. I find myself constantly reconfiguring the Exceptions config screen when something unexpected occurs (usually when an exception happens that I don't know about)
Am I doing something wrong or is this just something I need to adapt to?
|
|
|
|
|
This sounds pretty odd. I'm sure there is no native difference in the way the two versions of Visual Studio handle exceptions in the debugger. Don't quite understand what you were saying about the exceptions configuration, but try this: In both environments, go to Exceptions configuration as you say (cntrl+shift+E).
In both cases, there should be two columns of checkboxes 'Thrown' and 'User-unhandled'. If you've only got one column go to Tools->Options->Debugging->General and make sure 'Enable just my code' is chcked. Then, make sure the two columns in the two environments match.
Regards,
Rob Philpott.
|
|
|
|
|
Thanks for the reply
You are correct when I'm talking about the "Exceptions Configuration" i'm referring to Dialog Box that you access via Cntrl+Alt+E (sorry I gave wrong shortcut in the original post)
I verified using your method.
Here's the strange bit. At home I have WIndows 7 64 bit, at work I have Windows 7 32 bit
I just did a little test where i made a new C# WindowsApplication project.
The work PC halted on the "throw new Exception()" in the Form1_Load handler, but the home PC did not.
|
|
|
|
|
Sardaan Frostreaver wrote: even ones that are swallowed by a try/catch block.
Do you seriously write code that swallows exceptions in production?
|
|
|
|
|
While I appreciate what you're saying, in the interest of preventing a debate on exception handling, let's keep the scope in context
|
|
|
|
|
|
|
Very interesting material. Thanks.
|
|
|
|
|
That's it!
Here's the C# signatures to implement his solution
public const uint PROCESS_CALLBACK_FILTER_ENABLED = 1;
[DllImport("kernel32.DLL")]
public static extern bool SetProcessUserModeExceptionPolicy(uint dwFlags);
[DllImport("kernel32.DLL")]
public static extern bool GetProcessUserModeExceptionPolicy(ref uint lpFlags);
uint dwFlags = 0;
if (StormWindows.Win32Api.GetProcessUserModeExceptionPolicy(ref dwFlags))
{
SetProcessUserModeExceptionPolicy(dwFlags & ~PROCESS_CALLBACK_FILTER_ENABLED);
}
|
|
|
|
|
Thank you SO much for this link.
I was, as the article described, pulling my hair out why and how a first-chance unhandled exception caused my program to silently crash in debug mode.
|
|
|
|
|
Hello,
When a textbox is clicked, i need to disable some buttons on the page. I am using an asp:textbox control which does not an onclick event. How can I do this?
Thanks.
|
|
|
|
|
This question belongs in the ASP.NET forum.
What you want to do would have to be done in client-side JavaScript, not C# code.
You're also not looking for the onClick event since it will only if the mouse is used to give the TextBox focus. That event won't fire if the user hits the tab key to put the focus in that TextBox.
You're looking for the onFocus event instead.
|
|
|
|
|
I have a C#.net 2008 desktop application that I modified to read the active directory to obtain what group(s) each user has access to. My company told me the windows and web applications should use the same logic when accessing the active directory. Since the web
application was completed first, I need to find a way to use the web method of accessing the active directory.
Thus I have the following questions about the desktop code listed below versus the web code listed below also:
1. Thus can you tell me if there is a way to use the web code in the windows version of accessing the active directory? If so, can you tell me how to modify the code so it would work in the windows application?
2. Is there a way to use at least part of the web code. If so, can you show me what code can be used?
3. If there is no way to use the web code and I should use the windows code that works, can you tell me why the web code would not work?
--------------
DESKTOP CODE
--------------
The following code is called from various portions of the desktop application. Right after the following class module returns from the application, the following line of code is executed in each section for the vatious groups that have been setup.
if ((Thread.CurrentPrincipal.IsInRole("testi1")
then do some process.
}</pre>
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Diagnostics;
using System.Reflection;
using System.IO;
using System.Threading;
using System.Web;
using System.Windows.Forms;
using System.Security.Principal;
namespace Common.Area
{
public class ActiveDirectoryUser
{
public ActiveDirectoryUser()
{
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
Thread.CurrentPrincipal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
}
}
}
----------
WEB CODE
----------
using System;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
namespace Sup
{
public class ActiveDirectoryValidator
{
private string _path;
private string _filterAttribute;
public ActiveDirectoryValidator(string path)
{
_path = path;
}
public bool IsAuthenticated(string domainName, string userName, string password)
{
string domainAndUsername = domainName + @"\" + userName;
DirectoryEntry entry = new DirectoryEntry(_path, domainAndUsername, password);
try
{
// Bind to the native AdsObject to force authentication.
Object obj = entry.NativeObject;
DirectorySearcher search = new DirectorySearcher(entry);
search.Filter = "(SAMAccountName=" + userName + ")";
search.PropertiesToLoad.Add("cn");
SearchResult result = search.FindOne();
if (null == result)
{
return false;
}
// Update the new path to the user in the directory
_path = result.Path;
_filterAttribute = (String)result.Properties["cn"][0];
}
catch (Exception ex)
{
throw new Exception(ex.Message);
}
return true;
}
}
}
|
|
|
|
|
1) There's nothing "web specific" about your ActiveDirectoryUser class. And it should stay that way. The code will work unmodified.
2) This is utterly meaningless.
3) Again, a moot point.
ActiveDirectory makes no distinction between being accessed by a Windows Forms app and a Web Forms app.
The problem with interchangability will only arrised if you mix UI code (either Web or Windows Forms specific) into your ActiveDirectory object classes. So long as you avoid making that newbie mistake, you'll be fine.
You may even want to put your ActiveDirectory object classes into their own project, making a seperate .DLL, so you can very easily use the same .DLL in both applications.
|
|
|
|
|
So you are saying that I could use the code the way it currently exists and add it to my windows application? if so, can you tell me what would need to change? I am a newbie at this. I can not see how a directory search will help to solve the problem.
|
|
|
|
|
I already told you, there's nothing to change.
What problem? If you keep all of your ActiveDirectory related code in a seperated project, you can use it in either Windows Form or Web Forms without ayn modifications at all.
|
|
|
|
|
I am working on a C#.net 2008 desktop application where code has been added to verify if a user has access to various parts of a desktop application based upon the tab they select. The C#.net 2008 desktop, code has been added to verify if a user has access to various parts of the application. The user will only see the parts of the desktop they should have access to or a error message will be displayed right away saying 'you do not have access, contact network administrator'.
There has been code added to sql server 2008 r2 also that checks to see if the user has access based upon the groups they are assigned to in sql server.
Current problem. When the user tries to access the sql server r2 database through the application, a runtime error is displayed shwoing the user does not have access (basically to sql server).
Thus to display a user friendly message and close out of the applicartion, I would likec to know what my options are.
Thus let me know if I can do any of the following:
1. Is there some code the .net desktop can access before the first call to sql server to see if the user has access based upon how sql server accesses the ldap code? If so, can you tell me and/or point me to a reference I can use to include in my code?
2. Is there some code the .net desktop can access before all calsl to sql server to see if the user has access based upon how sql server accesses the ldap code? If so, can you tell me and/or point me to a reference I can use to include in my code?
3. If there is no .net code to check prior to the call, what kind of logic can I put in a try catch block to capture the error? What kind of an error would I be getting that I need to check for? What is the exception type, error code, error code number, and/or error message that I should be checking for? Would you display come sample code and/or point me to a url that I can use as a reference?
|
|
|
|
|
Edit your post and remove the PRE tags surrounding your text. The code block is for posting code snippets, not your question.
|
|
|
|
|
|
No, he wants you to edit your message and fix it now.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- "Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass." - Dale Earnhardt, 1997
|
|
|
|
|
I did not read this, bad formatting. Again.
Code belongs inside PRE tags, text does not (unless it is tabular data or something similar that badly needs a non-proportional font).
|
|
|
|