I'm writing a bank payment app using Xamarin android that store user card information.
I'm looking for a safe and secure for storing data.
the only thing I found is below link that store account information which is useless for me:
https://developer.xamarin.com/recipes/cross-platform/xamarin-forms/general/store-credentials/
KeyStore is the most secure way to store sensitive data on Android. You can store there anything, if it can be serialized it to string.
For example, you can use free library KeyChain.Net that provides clear API for saving and retreading data from Android and iOS KeyStores.
If you want to save Class with account information and credit card number, you can serealize that class using JSON Newtonsoft.Json
using System;
using Newtonsoft.Json;
public class Account
{
public string user_id;
public string credit_card_number;
public override string ToString () {
return JsonConvert.SerializeObject (this);
}
}
Save Account:
string accountKey ="secure_key";
public static bool SaveAccount (Account account) {
KeyChainHelper keyChainHelper = new KeyChainHelper ();
return keyChainHelper.SetKey (accountKey, account.ToString ());
}
Get Account:
public static Account GetSavedAccount () {
KeyChainHelper keyChainHelper = new KeyChainHelper ();
string jsonAccount = keyChainHelper.GetKey (accountKey);
if (jsonAccount == null || jsonAccount == "") {
return null;
}
Account user = JObject.Parse (jsonAccount).ToObject<Account> ();
return account;
}
Related
How to use many #Html.AntiForgeryToken() in one page?
When I put it doesn't work on the remote host, only locally!
I tried to use different strings foreach forgery token
#Html.AntiForgeryToken("logoff_forgery") but when I add [ValidateAntiForgeryToken(Salt = "logoff_forgery")] in the controller, I get this following error
'System.Web.Mvc.ValidateAntiForgeryTokenAttribute.Salt'
'The 'Salt' property is deprecated.
To specify custom data to be embedded within the token,
use the static AntiForgeryConfig.AdditionalDataProvider property.'
D:\projects\codesan\app\CodeSan\CodeSan\Controllers\AccountController.cs
289 35 CodeSan
Does anyone know how to use the static AntiForgeryConfig.AdditionalDataProvider ? If yes please share it with me.
As it states in the description Salt property is deprecated.
Here is a simple implementation for IAntiForgeryAdditionalDataProvider
public class MyAntiForgeryAdditionalDataProvider : IAntiForgeryAdditionalDataProvider
{
public string GetAdditionalData(HttpContextBase context)
{
return GenerateTokenAndSaveItToTheDB();
}
public bool ValidateAdditionalData(HttpContextBase context, string additionalData)
{
Guid token = Guid.TryParse(additionalData, out token) ? token : Guid.Empty;
if (token == Guid.Empty) return false;
return GetIfTokenIsFoundInTheDBAndNotExpired(token);
}
private string GenerateTokenAndSaveItToTheDB()
{
var newToken = Guid.NewGuid().ToString();
//save it to the db
return newToken;
}
}
And you simply register it in the Global.asax.cs
protected void Application_Start()
{
AntiForgeryConfig.AdditionalDataProvider = new MyAntiForgeryAdditionalDataProvider();
}
I'm trying to use parse's .net client in an mvc web application.
and couldn't find a proper way to inject ParseObject, ParseUser and ParseUser.CurrentUser
what is the nice way of injecting static objects?
web app has a Forms authentication setup.
and ioc container register components or services LifestylePerWebRequest()
my problem occured when I want to update the user object,
only if the ParseUser.CurrentUser logged in we can update. (https://parse.com/docs/dotnet_guide#users-security)
but this is a static object and I get the latest signed in user...
now I'm thinking to create a user2 table in parse and keep all profile data in there...
Is there a better way to go?
public async Task<bool> UpdateUser(string id, string name, string surname)
{
//var user = ParseUser.CurrentUser;
var user = await ParseUser.Query.GetAsync(id);
if (user == null) return await Task.FromResult(false);
user.Name = name;
user.Surname = surname;
await user.SaveAsync();
return await Task.FromResult(true);
}
what is the nice way of injecting static objects?
You hide them behind an application-defined abstraction. You define a narrow interface that describes the functionality that your application needs (and ideally without the interface leaking the external framework). For instance:
public interface IUserRepository
{
// Throws an exception on failure.
void UpdateUser(string id, string name, string surname);
}
Now you can hide the static class behind an implementation of IUserRepository:
public class ParseUserRepository : IUserRepository
{
public void UpdateUser(string id, string name, string surname)
{
// call the static Parse functionality.
}
}
I work on an ASP.NET MVC4 solution. When the user is logged in, I would like to display his fullname (not the username provided in the login form). His fullname (firstname + lastname actually stored in the user table in my database) should be displayed in the top right corner.
For better performance, I don't want to query the database each time a request is done.
How to proceed?
Keeping the user information (firstname, lastname, ...) in a cookie?
Keeping the user information is a session variable for all the lifecycle of the application?
Keeping the user information in a 'Profile' like explained here: How to assign Profile values? (*)
Something else?
(*) I think this solution a little complex for the use I have.
Thanks.
I would use a cookie. It doesn't hog up any memory on your machine like Session, and it doesn't hit the database like Profile would. Just remember to delete the cookie when the user signs off.
Note that the Profile would hit the database server each time you make a request. As far as I know, Profile data is not cached anywhere on the web server (unless you have a custom profile provider).
Another reason why I like cookie: if you ever want to store any additional user information for fast access, like UserPrimaryKey, or any special user preferences, you can just store them as JSON in the cookie. Here is an example:
Another note: the code below uses Newtonsoft.Json (the JsonConvert lines). It should come out of the box in an MVC4 project, but for an MVC3 project, you can just add it via nuget.
public class UserCacheModel
{
public string FullName { get; set; }
public string Preference1 { get; set; }
public int Preference2 { get; set; }
public bool PreferenceN { get; set; }
}
public static class UserCacheExtensions
{
private const string CookieName = "UserCache";
// put the info in a cookie
public static void UserCache(this HttpResponseBase response, UserCacheModel info)
{
// serialize model to json
var json = JsonConvert.SerializeObject(info);
// create a cookie
var cookie = new HttpCookie(CookieName, json)
{
// I **think** if you omit this property, it will tell the browser
// to delete the cookie when the user closes the browser window
Expires = DateTime.UtcNow.AddDays(60),
};
// write the cookie
response.SetCookie(cookie);
}
// get the info from cookie
public static UserCacheModel UserCache(this HttpRequestBase request)
{
// default user cache is empty
var json = "{}";
// try to get user cache json from cookie
var cookie = request.Cookies.Get(CookieName);
if (cookie != null)
json = cookie.Value ?? json;
// deserialize & return the user cache info from json
var userCache = JsonConvert.DeserializeObject<UserCacheModel>(json);
return userCache;
}
}
With this, you can read / write the cookie info from a controller like this:
// set the info
public ActionResult MyAction()
{
var fullName = MethodToGetFullName();
var userCache = new UserCache { FullName = fullName };
Response.UserCache(userCache);
return Redirect... // you must redirect to set the cookie
}
// get the info
public ActionResult MyOtherAction()
{
var userCache = Request.UserCache();
ViewBag.FullName = userCache.FullName;
return View();
}
I am using persistent object in blackberry to store config details specific to the app. Here is how I am implementing the class
public class Preferences implements Persistable
{
private static PersistentObject persistentObject = PersistentStore.getPersistentObject(0x2759d6ff72264bdbL);
private static Hashtable tbl = new Hashtable();
public static void storeLoginToken(String token)
{
token = removeCharAt(token,0);
token = removeCharAt(token,token.length()-1);
tbl.put("token", token);
persistentObject.setContents(tbl);
persistentObject.commit();
}
public static String getLoginToken()
{
Hashtable tbl = (Hashtable)persistentObject.getContents();
try
{
String token = tbl.get("token").toString();
System.out.println("Token = "+token);
return token;
}
catch(Exception e)
{
return null;
}
}
}
But if I uninstall/delete the app these stored values are not getting deleted. When I installs the app for next time the app is fetching the old stored values.
How can i do this properly in blackberry?
Thanks
Create a custom hashtable class like this
package com.myapp.items;
import net.rim.device.api.util.Persistable;
import java.util.*;
public class MyAppHashtable extends Hashtable implements Persistable{
}
And change your code to
public class Preferences
{
private static PersistentObject persistentObject = PersistentStore.getPersistentObject(0x2759d6ff72264bdbL);
private static MyAppHashtable tbl = new MyAppHashtable ();
public static void storeLoginToken(String token)
{
token = removeCharAt(token,0);
token = removeCharAt(token,token.length()-1);
tbl.put("token", token);
persistentObject.setContents(tbl);
persistentObject.commit();
}
public static String getLoginToken()
{
MyAppHashtable tbl = (MyAppHashtable )persistentObject.getContents();
try
{
String token = tbl.get("token").toString();
System.out.println("Token = "+token);
return token;
}
catch(Exception e)
{
return null;
}
}
}
This is so that we adhere to the following info from RIM
The BlackBerry persistence model
When you use the BlackBerry persistence model, data is only deleted if the store contains data that belongs to the removed application.
For example, if an application stores an object with a package called com.mycompany.application.storage and no other application on the BlackBerry smartphone makes reference to the package, the persistent store and the removed application are deleted.
The same is true if the object is wrapped in a container such as a Vector. Even if only one of the elements of the Vector has a package name that is not used by other applications, the entire Vector is removed from the persistent store.
Note: If the application does not store any objects with an identifying package structure, (for example, an application that stores java.util.Vector or javax.microedition.location.AddressInfo objects), the application should create and use a class that extends Vector in order to identify that Vector belongs to the given application. When you store this Vector, which is identified uniquely by its package, you guarantee that the data is removed from the persistent store when the application is removed.
This info is from here
I am developing a BlackBerry application. I want to store the details of multiple users in my mobile. I have to store data like username, first name, last name ,email id ,phone number for each user. Can any one please provide me a sample code for persistent store using which I can store all this data in a vector and retrieve later.
This link should answer most of what you need to know - http://www.miamicoder.com/post/2010/04/13/How-to-Save-BlackBerry-Application-Settings-in-the-Persistent-Store.aspx.
Below is some code from one of my projects.
public class PreferencesStore
{
// Not a real key, replace it with your own.
private static long m_lTabulaRectaKey = 0l;
public static Vector getTabulaRectas()
{
Vector vecTabulaRectas = new Vector();
PersistentObject poObject = PersistentStore.getPersistentObject(m_lTabulaRectaKey);
if(poObject.getContents() != null)
{
vecTabulaRectas = (Vector)poObject.getContents();
}
return vecTabulaRectas;
}
public static void addTabulaRecta(TabulaRecta a_oTabulaRecta)
{
Vector vecTabulaRectas = getTabulaRectas();
vecTabulaRectas.addElement(a_oTabulaRecta);
PersistentObject poObject = PersistentStore.getPersistentObject(m_lTabulaRectaKey);
poObject.setContents(vecTabulaRectas);
poObject.commit();
}
}