WCF Endpoints

WCF Service is a program that exposes a collection of Endpoints. Each Endpoint is a portal for communicating with the outside applications and services. All the WCF communications take place through end points

Endpoint consists of:

1) Contract - It is a set of operations that are provided by the service. It is usually the name of the interface which defines the WCF service and gives the information about what all methods and operations are exposed to the outside applications. Each operation can interact in one of the following way - one-way, duplex and request/reply.

2) Address - This is the address of the WCF service being constructed. Through means of this URL the other applications can access the WCF operations.

3) Binding - Binding describes how client will communicate with service. The following table gives some list of protocols supported by WCF binding.

Binding	Description
BasicHttpBinding	Basic Web service communication. No security by default
WSHttpBinding	Web services with WS-* support. Supports transactions
WSDualHttpBinding	Web services with duplex contract and transaction support
WSFederationHttpBinding	Web services with federated security. Supports transactions
MsmqIntegrationBinding	Communication directly with MSMQ applications. Supports transactions
NetMsmqBinding	Communication between WCF applications by using queuing. Supports transactions
NetNamedPipeBinding	Communication between WCF applications on same computer. Supports duplex contracts and transactions
NetPeerTcpBinding	Communication between computers across peer-to-peer services. Supports duplex contracts
NetTcpBinding	Communication between WCF applications across computers. Supports duplex contracts and transactions

Note: This is not my original work. Have blogged it here just for my future reference and of course if someone wants to use it.

This content has been taken from: http://www.wcftutorial.net/EndPoint.aspx

SQL Injection Attacks

SQL Injection attacks

What is?

An SQL injection attack means insertion or "injection" of a SQL query via the application to fetch/update the SQL database. 

How?

How can the malicious software or unauthorized personal access the database? This can be done by simply inserting a query in the given textbox. Example the query in code behind is 

"Select * from customers where Name = " + txtuserName.txt + "order by UID";

Here in txtuserName.txt whole query can be appended and will be executed. 

Solution

To prevent such attacks in our application we should always use one of the following:

1) Stored Procedures 

2) Parameterized Queries

In both the above cases SQL checks for just the parameter value. And throws exception if its not valid. Just this simple precaution can add little bit of security to our application.

For details, please refer

•  https://www.owasp.org/index.php/SQL_Injection
• http://www.aspnet101.com/faq/how-to-protect-against-sql-injection-attacks-in-asp-net/

Debugging made easy - Part1

We will briefly discuss 3 things here -
1) Run to Cursor
2) Set Next Statement
3) Insert Tracepoint

1) Run to Cursor - While debugging, if you right click on any statement you can see many options. One of them is Run To Cursor.  It can be used as a one time breakpoint. Like when u want to execute a few rows in a go. You can right click on line where u want ur execution to come and select Run to cursor.

2) Set Next Statement - While debugging when you right click you see another option - Set Next Statement. This command jumps the program counter directly to the line under cursor. You can give a line above or below the current execution step. A major difference between Run to Cursor and Set Next statement is that the former executes all the statements till the point while the latter skips all the lines and directly executes next statement. Because of this behavior, we can take the control inside if-else or loop etc. I usually use it when I get a UE (Unexpected Error) and want to inspect where exactly it came from by setting the first statement of method as Next statement. You can see details at http://msdn.microsoft.com/en-us/library/09yze4a9(v=vs.85).aspx

3)  Insert Tracepoint - You can insert tracepoint as you insert breakpoints. The difference between both of them is that while a breakpoint breaks the execution flow, a trace point does a specified action and/or breaks the execution flow. Tracepoints can be used for the same purpose as Trace is used, without modifying the code, but they work only in "Debug" mode. For more details http://msdn.microsoft.com/en-us/library/232dxah7.aspx