I have a desktop application and I am using the Process.Start property in this application. Can I somehow send a request to this program over the web?
Note: I cannot install iis or similar things on the device as it is a company computer.
Typically, the desktop application would act as a client here, and contact the server (possibly the same server that runs the web app, possibly a slightly different server intended just for API access). It is possible for a browser application to talk to a desktop application, by having the desktop application install itself as a custom protocol handler - but this may require more permission than you are allowed on the desktop machine, and it is relatively complex. Having the desktop app talk to a server, and the browser app talk to a server, but not directly to each-other: is a simpler setup.
If you mean to do this without any kind of browser session on the same machine, then:
either the desktop app needs to be running as a client, connecting to a server, and listening for messages, or:
the app needs to be a server, and open an inbound TCP/UDP port, to listen for connections/messages
The second option presents much more security issues; in a lot of corporate scenarios, this could be disallowed and blocked by corporate firewalls, or could even have the network security folks arrive at your desk with a cardboard box for your things.
You will need to setup your server somewhere in the internet or inside company LAN.
Desktop app should connect to this server and keep connected, waiting for a data. Or you can check for a new data by a timer, if your scenario allows some delays.
When you need to make a request, you send data to your server (may be including client id or something similar to identify the exact instance of the desktop app).
The server forwards data to the desktop app and then forwards the app's response back to you.
Note: you will not able to connect directly to the desktop client without intermediate server, as most likely the company computer does not have "white" ip and is located behind the company's NAT.
Related
We are developing a web page that use https protocol (two way).
We need to access to the private certificates of the user, because we need sign documents by the user's certificate, so we developed a Java application that communicate with the web by a websoket.
This application will call with a protocol call since the web (same that when you open a pdf on Acrobat Reader from a browser).
So we have to be sure that our web is calling to the native application(only our web). We want develop a system to be sure of that. Our idea:
Send a public key, a signed token by the server's private certificate and a symmetric key (to encrypt websocket communications) to the native application.
Next, we will Check in the native application that the token it is OK with a web service to the server.
After, we will have to open the websocket between the native app and the web, and send the signed document by the native app by this way.
Then sent document to the server.
Is this implementation safe? We will be safe of a man in the middle?
Any suggestion about this solution will be wellcome, because I don't see any weakness but I am not an expert on security.
I know other solutions for this problem, like applets, JavaFX or native messages on Chrome, but I only want to know if these solution is safe.
Thanks to all in advance and sorry if my english isn't the best :P,
I see the following issues
Send a public key and a signed token by the server's private certificate to the native application.
You are calling a local app by protocol. For example mylocalapp://sign?securitytoken=.... You do not control which application is installed on local PC to respond to mylocalapp://. The browser shows an ugly warning because you are leaving the secure environment. An attacker could have replaced the default app, simulate the flow and get all signed documents.
2.Next, we will Check in the native application that the token it is OK with a web service to the server.
To verify identity of server and avoid a ManInTheMiddel attach you need also to set a trustore for your application with the server certificate
Your server needs also to verify identity of client. Are you planning to use TLS two ways also?
After, we will have to open the websocket between the native app and the web, and send the signed document by the native app by this way.
You do not need a websocket. Simply use a URL connection to download and upload the documents.
This solution was used by Spanish ministry of economy when chrome decided to cut the NPAPI support and signature applets began to fail. Now, they have rebuilt the system in this way
Install a local Java application on the user's PC. The application listens on a port as, for example 5678
In your page, javascript connects to the application in the form http://127.0.0.1:5678/sign and sends the data to sign.
The application is local and has no trouble using the operating system keystore, which includes drivers PKCS#11. Perform digital signature and sends the result to the server
The javascript of the page periodically query the result and retrieves it when ready
The security problem is basically the same, but install a server in localhost is harder than replace the local default app.
The solution is called #firma, I guess you probably know it. It is opensource, you can use it
TL;DR
In Javascript, how do you to find the IP of all servers running a specified program on a specified port in the LAN?
Background
I'm writing a server in node.js that is supposed to connect users browsers as controllers to a common device on which a game is running. The browsers are running a web app based on html and Javascript. The connection is based on socket.io.
I'd like for the web app to be able to find all available instances of this server in the LAN in order to create a server list for the user to choose from.
Is there a way to make the server discoverable by the web app on the local network in Javascript, and in that case: how?
Ideas
Have the server broadcast its IP to all devices on the LAN and have the web app listen for these messages (No idea how to do this without node on the client)
Connect to every IP on the network and see if the connection is successful. (Does not seem feasible)
Scan every IP on the network and connect only to those where the port is open. (Once again, no idea how to do this without node on the client and does not seeem feasible either.)
EDIT
The server is supposed to be portable and work independently, without any central system backing it up or providing matchmaking for clients. It is a LAN only server and should work even without internet access.
There is no way for you do this. Sorry. Since there is no exposure to UDP on client-side JavaScript, broadcasting is out of question. Any attempt on massive scanning will quickly raise flags on network monitoring software. You have to use a known address.
What I want to achieve:
I have a linux server connected to network which runs a database. The database is not reachable from network. There is a software which acts as a middle layer between the server and client(s). The clients would access the database through this layer. This is required because:
There will be multiple users with different permissions.
I want a common API because the client software will be implemented to mobile platform, mostly for Android and as a webpage(this is where I want to use JavaScript) as well.
I don't want to expose the database directly to clients because I would be forced to store the database's login credentials in client's device.
The client software will be used only for data exchange and displaying the result to user. Any processing would be done in server.
The part which is not clear is the webpage. I could use PHP, but I want to make it like the Google Hangouts app in Gmail or the Facebook Messenger. The content which is fetched from database is displayed without reloading the page. Since I have't done anything like this in JavaScript, I don't know where to start, which libraries I should use.
Note that the communication between the client and the server would be done over secure sockets. The middle layer would be implemented in C++ using OpenSSL.
I would suggest to connect to the server using C++ with the system() command.
The requirement is to provide duplex communication methodology between .net client application which is a windows application and javascript application, which runs on the browser.
Flow is
1. User installs the client app on their machine.
2. User visits the website and logs in to the portal which hosts the javascript app.
3. If the user performs an activity on client .net app, javascript app requires to be notified.
4. If the user performs an activity on the javascript app on the browser the .net client application has to be notified.
Possible solutions tried out are
1. Web server .net client app, where javascript app connects to using web sockets. However given the .net client app might start the webserver on a different port than originally intended, if the ports in use, the javascript app might not be able to identify the port the web server is running on.
2. Have an activeX running on the javacript app. Both the active X and .net app will connect through local named pipes through WCF. Bad part is use of active X will show a pop up soon as you load the web application.
Would you know of a better solution for the problem?
We've successfully used WebSockets for duplex communications between in-browser Javascript and an external app running a WebSocket server. It's efficient and (at least as of last year) bypassed all browser sandbox restrictions. I'm not 100% understanding this part of your question:
However given the .net client app might start the webserver on a different port than originally intended, if the ports in use, the javascript app might not be able to identify the port the web server is running on
The .NET app can run a socket server on any port it wants. If you are writing both apps, I'm not seeing how synchronizing on a specific port would be an issue? Worst case scenario the desktop app could write the port to local storage, which your JS can grab via local storage. There are other ways to synch this as well.
SignalR is a communications API that has client libraries for both .NET and javascript, and the server library is built on the ASP.NET stack.
With it, you can build a solution that allows client (js) <-> server <-> client (.NET) communication.
Here are some useful links to get you started:
SignalR main page
Tutorials are here
Handling SignalR communication between servers in a farm
SO question: example of SignalR .NET client application
I am wondering how i can send a command (like 1, 2, 3..etc) from my web app (classic asp/asp.net) web page on my android web browser to a windows computer thats on the same LAN network. Kind of like an instant messenger type of thing so that i can design a web page with buttons and each button would send a command back to the computer.
Is that possible? Or do you know any other alternatives to accomplish this same task?
David
If you are looking at using a web server for each system windows system, then the android app simply calls some webpage with the message. The android app would need to keep calling a particular page for 'new' messages using an ajax request. However there are probably other better was of doing this - but it is possible using this method. Another option is each windows system self hosts their own WCF app which receives messages. You still need some central store to make sure all members get the messages unless they constantly poll each other.
Another alternative (and doesn't require polling) is to utilize sockets and simply stream the data back and forth over a port and keep the connection open.