[ADCES]SqlInjection si Migrare BD in Azure

1. Teorie si Demo practic de Sql Injection si spargerea parolelor prin hashing
Prezentator: Andrei Rinea, https://www.linkedin.com/in/andreirinea/
Descriere: Abordare teoretică și practică asupra SQL Injection și Hashing. Include live hacking!
2. Migrarea bazelor de date SQL Server in cloud
Prezentator: Dragos Barbu, https://www.linkedin.com/in/drbarbu/
Descriere:
Incheiem seria in care am prezentat cum mutam o solutie veche in cloud cu etapa de migrare a bazei de date. Voi prezenta de ce sa alegem varianta migrarii in cloud si cum sa facem acest lucru. Variante de gazduire a bazei de date in cloud-ul Microsoft Azure si pentru ce este potrivita fiecare. Discutam si de trend-ul denumit Database Modernization.

Va astept la https://www.meetup.com/Bucharest-A-D-C-E-S-Meetup/events/273499121/  ( online la https://meet.google.com/gpj-jedu-mzj  )

Deploy .NET Core +SqlServer application to Ubuntu

Tools used:

SSH –  Windows Native

DOS – Windows Native

SSMS – download https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15

FileZilla – download https://filezilla-project.org/download.php?platform=win64

How I did :

SSH : Install SqlServer: https://docs.microsoft.com/en-us/sql/linux/quickstart-install-connect-ubuntu?view=sql-server-ver15

SSMS: Copy database with SSMS export data

DOS : Windows Compile application for Linux: dotnet publish -r linux-x64

Filezilla: Transfer with FileZilla all files: manual

SSH -Change permission chmod +777 <application name>  – to can execute

SSH –execute:  sudo ./<application name>–urls http://<ip>:8090

Note: Pay attention to Environment Variables on Linux – it did not work . See  https://docs.microsoft.com/en-us/dotnet/api/system.environment.getenvironmentvariables?view=netcore-2.0 . It did not work for me with Export.

Maybe it is better to configure as Linux Service, as in https://irina.codes/net-api-as-a-linux-service/

Also, for editing in ssh , sudo nano .service

Also, to start at startup, sudo systemctl enable

ASP.NET Core WebAPI should/ (must?) have

I am trying to have an extensive list about what an ASP.NET Core WebAPI project should / must have . After al, can be easy integrated into a VS project – or a wizard. I have put into 3 categories:

  1. Development – you need at development time.
  2. Testing – needed at testing time
  3. Production – needed in production

Note: All three are needed to be developed  !

  1. Development – Visibility  – see definition of the API
  2. Development  – Authorization + Authentication
  3. Development-Problem Details –  flow the
    errors as JSON text , keep status code
  4. Testing – test your application in CI mode
    • Production – Versioning  API endpoints
      • Production – CORS
      • Production – WhiteBox Monitoring
      • Production –BlackBox Monitoring and Observability – read about RED and USE
      • Production –Rate limit – do not allow insane usage
      • Production –Caching data – to return latest values
      • Production  – Status of the system

      Nice to have:

      1. Graph with endpoints: https://andrewlock.net/adding-an-endpoint-graph-to-your-aspnetcore-application/ – read about https://en.wikipedia.org/wiki/DOT_(graph_description_language) 
      2. Versioning  end points- see what version is your program: http://msprogrammer.serviciipeweb.ro/2019/02/18/identify-version-for-application-and-components-for-backend-net-core-and-frontendangularpart-2-backend/
      3. Not yet discovered, but should have endpoints for environment, settings json and others.
      4. Formatters: BSON, CSV, YAML: https://github.com/WebApiContrib/WebAPIContrib.Core

      ASP.NET Core : Add controllers at runtime and detecting changes done by others

      Part 1 Adding controllers at runtime

      Adding controllers at runtime in ASP.NET Core involves the ApplicationPartManager and IActionDescriptorChangeProvider. Let’s say that we hardcode the creation of the controller

       

      private Assembly CreateController(string name)
               {
                   
                   string code = new StringBuilder()
                       .AppendLine("using System;")
                       .AppendLine("using Microsoft.AspNetCore.Mvc;")
                       .AppendLine("namespace TestBlocklyHtml.Controllers")
                       .AppendLine("{")
                       .AppendLine("[Route(\"api/[controller]\")]")
                       .AppendLine("[ApiController]")
                       .AppendLine(string.Format("public class {0} : ControllerBase", name))
                   
                       .AppendLine(" {")
                       .AppendLine("  public string Get()")
                       .AppendLine("  {")
                       .AppendLine(string.Format("return \"test - {0}\";", name))
                       .AppendLine("  }")
                       .AppendLine(" }")
                       .AppendLine("}")
                       .ToString();
      
                  var codeString = SourceText.From(code);
                   var options = CSharpParseOptions.Default.WithLanguageVersion(LanguageVersion.CSharp7_3);
      
                  var parsedSyntaxTree = SyntaxFactory.ParseSyntaxTree(codeString, options);
      
                  var references = new MetadataReference[]
                   {
                       MetadataReference.CreateFromFile(typeof(object).Assembly.Location),
                       MetadataReference.CreateFromFile(typeof(Console).Assembly.Location),
                       MetadataReference.CreateFromFile(typeof(System.Runtime.AssemblyTargetedPatchBandAttribute).Assembly.Location),
                       MetadataReference.CreateFromFile(typeof(Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo).Assembly.Location),
                       MetadataReference.CreateFromFile(typeof(RouteAttribute).Assembly.Location),
                       MetadataReference.CreateFromFile(typeof(ApiControllerAttribute).Assembly.Location),
                       MetadataReference.CreateFromFile(typeof(ControllerBase).Assembly.Location),
                   };
      
                  var codeRun = CSharpCompilation.Create("Hello.dll",
                       new[] { parsedSyntaxTree },
                       references: references,
                       options: new CSharpCompilationOptions(OutputKind.DynamicallyLinkedLibrary,
                           optimizationLevel: OptimizationLevel.Release,
                           assemblyIdentityComparer: DesktopAssemblyIdentityComparer.Default));
                   using (var peStream = new MemoryStream())
                   {
                       if (!codeRun.Emit(peStream).Success)
                       {
                           return null;
                       }
                       return Assembly.Load(peStream.ToArray());
                   }
      
      
      
              }
      
      
      

       

      Then we will load into ApplicationParts

      [HttpGet]
              public string AddRuntimeController([FromServices] ApplicationPartManager partManager, [FromServices]MyActionDescriptorChangeProvider provider)
              {
                  string name = "andrei" + DateTime.Now.ToString("yyyyMMddHHmmss");
                  var ass = CreateController(name);
                  
                  if (ass != null)
                  {
                      partManager.ApplicationParts.Add(new AssemblyPart(ass));
                      // Notify change
                      provider.HasChanged = true;
                      provider.TokenSource.Cancel();
                      return "api/"+ name;
                  }
                  throw new Exception("controller not generated");
              }
      
      

      and the code for is

      public class MyActionDescriptorChangeProvider : IActionDescriptorChangeProvider
          {
              public static MyActionDescriptorChangeProvider Instance { get; } = new MyActionDescriptorChangeProvider();
      
              public CancellationTokenSource TokenSource { get; private set; }
      
              public bool HasChanged { get; set; }
      
              public IChangeToken GetChangeToken()
              {
                  TokenSource = new CancellationTokenSource();
                  return new CancellationChangeToken(TokenSource.Token);
              }
          }
      

      and it is added to the DI services by

      services.AddSingleton<IActionDescriptorChangeProvider>(MyActionDescriptorChangeProvider.Instance);
      services.AddSingleton(MyActionDescriptorChangeProvider.Instance);
                  
      

      Usually , you do not need Part 2 – if you do not construct something like Blockly for .NET Core (https://netcoreblockly.herokuapp.com/), that needs to see controllers added  by the application

      Part 2  Detecting controller added at runtime by others

      You usually do not need this – Part 1 is enough.  I need because I do construct something like Blockly for .NET Core (https://netcoreblockly.herokuapp.com/), that needs to see controllers added  by the application.

      So we need ActionDescriptorCollectionProvider –  read the remarks at https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.infrastructure.actiondescriptorcollectionprovider?view=aspnetcore-3.1 . We can obtain by DI from IActionDescriptorCollectionProvider and convert to ActionDescriptorCollectionProvider

      The code is

      //in the class , obtained by DI from IActionDescriptorCollectionProvider 
      private readonly ActionDescriptorCollectionProvider cp;
      
      internal void registerCallback()
              {
                  cp.GetChangeToken().RegisterChangeCallback(a =>
                  {
                       //a is your class because of this parameter below
      
                      //do your work
                      s.registerCallback();
                  }, this);
      
              }
      
      

      ( All code is taken from https://github.com/ignatandrei/netcoreblockly)

      Integrating SPA ( Angular, React, Vue) with .NET Core for production

      If you have a .NET Core WebAPI application ( that only serves data ) and  a SPA application ( Angular, Vue,  React) you can have just one application following this 2 steps:

      1.  In .NET Core add in Startup.cs ( with using Microsoft.AspNetCore.Builder from Microsoft.AspNetCore.StaticFiles )

      app.UseDefaultFiles();
      app.UseStaticFiles();

      app.UseRouting();

      app.UseAuthorization();

      app.UseEndpoints(endpoints =>
                   {
                      

                  // If you know the endpoints, put it here

                 //endpoints.MapFallbackToFile(“dbodepartment/{**slug}”,”/index.html”);
                               
                       endpoints.MapControllers();
                       endpoints.MapFallbackToFile(“{**slug}”, “/index.html”);
      });

      2. Compile the SPA to index.html, deploy in wwwroot with the js and css

      ( yes, you should modify the endpoint for data when compiling to / –  for Angular see my previous post , http://msprogrammer.serviciipeweb.ro/2020/09/14/angular-base-href-for-web-desktop-mobile-and-paths-for-services/ )

      Andrei Ignat weekly software news(mostly .NET)

      * indicates required

      Please select all the ways you would like to hear from me:

      You can unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

      We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.