Network Programming in .NET

The WhatsApp Business API is open for applications, which you can sign up for via https://www.facebook.com/business/m/whatsapp/business-api – and it looks like they are working with Twilio to create a webhook layer on top of this.

But, there are some simple things you can do today, for example, if you want to encourage your users to send you a WhatsApp message from your app or website, then you can add a link to;

https://api.whatsapp.com/send?phone=<your number>&text=hello

It’s important to remember that whatsapp is not typically used from the desktop, so if you want this to work, and your user is on a desktop browser, then it is better to show a QR code for the URL above – that they can scan with their phone, rather than sending them directly to this url.

Once this API is in general release, it’ll be a new feature that we’ll add to https://www.cloudansweringmachine.com

Cloudflare is a service that can help keep your website safe from DDOS attacks, by taking the load of the attack without affecting your underlying server too badly.

However, assuming that your website is being specifically targeted, then it is obvious for an attacker to spot that your website is behind cloudflare, by simply checking the NS records on your domain. – So an attacker will look to find your underlying webserver, and attack it directly, rather than a “front door” attack via Cloudflare.

So, the first step, as a domain owner, is to make sure that your underlying werserver is not published anywhere on the web. Since, if you can find it – you can bet an attacker will too.

A first search is here: http://www.crimeflare.org:82/cfs.html – Scroll to the foot of the page, and enter your domain – if it’s there, make sure you change your IP address of your server, or ask the owner of this website to remove your listing from his database.

Next, check for historic A records of your domain here; https://securitytrails.com/domain/<your domain>/history/a – and make sure the IP address of the server you used before you moved to cloudFlare is no longer your production IP address.

In short, the general tip is – that if you used the same server IP before moving to CloudFlare, as you do now, – change it. Otherwise an attacker can bypass your CloudFlare protection.

If you are looking to implement a system that can determine if a car is insured in Italy, and to find its current insurer, then here is an API that solves this for you;

You can also find the current insurer of a car in Italy, by calling the following API; CheckInsuranceStatusItaly at http://www.targa.co.it/api/bespokeapi.asmx , passing the number plate and your username from www.targa.co.it

The response is in XML as follows;

If you have an app on VSTS, which suddenly started returning the error
{“Error”:”unauthorized_client”,”ErrorDescription”:null} and InvalidScope in the query string, then it appears that the culprit is vso.codesearch, which needs to be removed from the scope.

Unfortunately, if you already have created an app with this in it’s scope, then a bug in VSTS prevents you from saving it again – so you may need to create a duplicate of the app.

This is a script in c# that runs a Twitter Bot that posts domain name ideas to https://twitter.com/dotcomideas 

First, I generate some random pronouncable words using this class

using System;

namespace words
{
class PasswordGenerator
{
//string vowels = “aeiou”;
//string consonants = “bcdfghjklmnprstvwxyz”;

/*
The reason for the duplicate letters is to add “weighting” to certain letters to allow them more chance
of being randomly selected. This is due to the fact that certain letters in the English language are more
frequently used than others.

The breakdown of usage is as follows (from most frequent to least frequent):
1. E (7)
2. T (6)
3. A, O, N, R, I, S (5)
4. H (4)
5. D, L, F, C, M, U (3)
6. G, Y, P, W, B (2)
7. V, K, X, J, Q, Z (1)
*/

string vowels = “aaaaaeeeeeeeiiiiiooooouuu”;
string consonants = “bbcccdddfffgghhhhjklllmmmnnnnnpprrrrrsssssttttttvwwxyyz”;

string[] vowelafter = { “th”, “ch”, “sh”, “qu” };
string[] consonantafter = { “oo”, “ee” };
Random rnd = new Random();

public string GeneratePassword(int length)
{
string pass = “”;
bool isvowel = false;

for (int i = 0; i < length; i++)
{
if (isvowel)
{
if (rnd.Next(0, 5) == 0 && i < (length – 1))
{
pass += consonantafter[rnd.Next(0, consonantafter.Length)];
}
else
{
pass += vowels.Substring(rnd.Next(0, vowels.Length), 1);
}
}
else
{
if (rnd.Next(0, 5) == 0 && i < (length – 1))
{
pass += vowelafter[rnd.Next(0, vowelafter.Length)];
}
else
{
pass += consonants.Substring(rnd.Next(0, consonants.Length), 1);
}
}
isvowel = !isvowel;
}
return pass;
}
}
}

Then I check that the domain ( word + .com ) is available using the WhoApi api and Newtwonsoft Json

var strUrl = “http://api.whoapi.com/?apikey=&#8230;..&r=taken&domain=” + word + “.com”;
WebClient wc = new WebClient();
var strJson = wc.DownloadString(strUrl);
var jResult = JObject.Parse(strJson);
var blnTaken = (jResult[“taken”].ToString() != “0”);

As part of the process, I want to post an image of the new domain name;

FontFamily fontFamily = new FontFamily(“Arial”);
Font font = new Font(
fontFamily,
45,
FontStyle.Regular,
GraphicsUnit.Pixel);
var img = DrawText( word + “.com”, font, Color.DarkOrchid, Color.Beige);
var strPath = Directory.GetCurrentDirectory();
var tempFile = strPath + @”\temp.jpg”;
img.Save(tempFile, ImageFormat.Jpeg);

Where drawtext is as follows

private static Image DrawText(String text, Font font, Color textColor, Color backColor)
{
//first, create a dummy bitmap just to get a graphics object
Image img = new Bitmap(1, 1);
Graphics drawing = Graphics.FromImage(img);

//measure the string to see how big the image needs to be
SizeF textSize = drawing.MeasureString(text, font);

//free up the dummy image and old graphics object
img.Dispose();
drawing.Dispose();

//create a new image of the right size
img = new Bitmap((int)textSize.Width, (int)textSize.Height);

drawing = Graphics.FromImage(img);

//paint the background
drawing.Clear(backColor);

//create a brush for the text
Brush textBrush = new SolidBrush(textColor);

drawing.DrawString(text, font, textBrush, 0, 0);

drawing.Save();

textBrush.Dispose();
drawing.Dispose();

return img;

}

Then it is posted to Twitter using code;

var twitter = new SendTweet(
ConsumerKey,
ConsumerKeySecret,
AccessToken,
AccessTokenSecret
);

string response = twitter.PublishToTwitter(word + “.com is available #” + word + ” – register it at https://www.namesilo.com/register.php?rid=c233459im&#8221; , tempFile);

The Isle of man is a small island between UK and Ireland, with just over 65,000 registered vehicles. However, up to now, vehicles registered in the IOM fell outside the data returned by the API https://www.regcheck.org.uk 

Following a customer enquiry, we added a bespoke API to allow vehicle data to be determined from an IOM registered plate via the following endpoint;

https://www.regcheck.org.uk/api/bespokeapi.asmx?op=CheckIOM

This API returns data in the following format;

{
“Description”: “HONDA JAZZ”,
“RegistrationYear”: 2012,
“CarMake”: {
“CurrentTextValue”: “HONDA”
},
“CarModel”: {
“CurrentTextValue”: “JAZZ”
},
“EngineSize”: {
“CurrentTextValue”: “1339”
},
“FuelType”: {
“CurrentTextValue”: “PETROL”
},
“MakeDescription”: {
“CurrentTextValue”: “HONDA”
},
“ModelDescription”: {
“CurrentTextValue”: “JAZZ”
},
“Version”: “I-VTEC ES”,
“Colour”: “SILVER”,
“Co2”: “126”,
“RegistrationDate”: “06/07/2012”,
“WheelPlan”: “2-AXLE Rigid”,
“Taxed”: “Active”,
“TaxExpiry”: “31/07/2018”,
“ImageUrl”: “https://www.regcheck.org.uk/image.aspx/@SE9OREEgSkFaWg==”
}

If the number plate matches one of the following patterns listed below, it will be returned in IOM format, rather than the standard UK format.

Bower is a cool front-end component manager for Javascript, CSS, and the like. We’ve just published our Car Registration API to Bower, as a component. – It’s not the recommended way to connect to our API, but just to help people out, here’s a sample.

A bower package as a simple wrapper for the Reg Check API, to use this library, run

bower install CarRegistrationAPI

Then include the scripts;

bower_components/jquery/dist/jquery.min.js
bower_components/Car Registration API/api.js

Finally call the API as follows

  lookup("Check","**your username**","**UK License Plate**",function(data){
    console.log(data);
  });

You will need a username from Car Registration API to get started.

Here is a scenario, where you generate RSA asymetric encryption keys in C#, use the public key to encrypt a message, then decrypt it using Javascript.

First, generate a pair of keys in C#

RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048);
tbPublicKey.Text = rsa.ToXmlString(false); // false to get the public key
tbPrivateKey.Text = rsa.ToXmlString(true); // true to get the private key

I’ve selected a key length of 2014 bits, this gives an output cypher text of 255 bytes,  or 344 bytes when base64 encoded.

You then use code such as the following to encrypt:

static string EncryptText(string publicKey, string text)
{
// Convert the text to an array of bytes
UTF8Encoding byteConverter = new UTF8Encoding();
byte[] dataToEncrypt = byteConverter.GetBytes(text);

// Create a byte array to store the encrypted data in it
byte[] encryptedData;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
// Set the rsa pulic key
rsa.FromXmlString(publicKey);

// Encrypt the data and store it in the encyptedData Array
// MAX 245 bytes
encryptedData = rsa.Encrypt(dataToEncrypt, false);
}
// Base 64 encode enctrypted data
return Convert.ToBase64String(encryptedData);
}

Then the following code to decrypt

static string DecryptText(string privateKey, string cyphertext)
{
// read the encrypted bytes from the file
byte[] dataToDecrypt = Convert.FromBase64String(cyphertext);

// Create an array to store the decrypted data in it
byte[] decryptedData;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
{
// Set the private key of the algorithm
rsa.FromXmlString(privateKey);
decryptedData = rsa.Decrypt(dataToDecrypt, false);
}

// Get the string value from the decryptedData byte array
UTF8Encoding byteConverter = new UTF8Encoding();
return byteConverter.GetString(decryptedData);
}

Now, you may note the comment “// MAX 245 bytes”, This is important, since if you try to encrypt text over 245 bytes, the code will break. Note, I’m using UTF8 here, if you wanted to support chinese text, you’d need Unicode, which sets the max to 122

You can however, break the text into 245 byte chunks as follows; (Using a pipe char as a seperator)

static string EncryptLongText(string publicKey, string text)
{
var strOutput = “”;
var stringParts = Split(text, 245);
foreach(var stringPart in stringParts)
{
strOutput += EncryptText(publicKey, stringPart) + “|”;
}
return strOutput;
}

public static IEnumerable<string> Split(string str, int chunkSize)
{
if (string.IsNullOrEmpty(str) || chunkSize < 1)
throw new ArgumentException(“String can not be null or empty and chunk size should be greater than zero.”);
var chunkCount = str.Length / chunkSize + (str.Length % chunkSize != 0 ? 1 : 0);
for (var i = 0; i < chunkCount; i++)
{
var startIndex = i * chunkSize;
if (startIndex + chunkSize >= str.Length)
yield return str.Substring(startIndex);
else
yield return str.Substring(startIndex, chunkSize);
}
}

Then reverse the process with a Regex;

static string DecryptLongText(string privateKey, string text)
{
var strOutput = “”;
var stringParts = Regex.Split(text, @”\|”);
foreach (var stringPart in stringParts)
{
if (stringPart != “”) strOutput += DecryptText(privateKey, stringPart);
}
return strOutput;
}

That’s all there is to it in C#, now to turn to Javascript, you will need to look at the format of the keys;

<RSAKeyValue>
<Modulus>….</Modulus>
<Exponent>…</Exponent>
<P>….</P>
<Q>….</Q>
<DP>….</DP>
<DQ>….</DQ>
<InverseQ>…</InverseQ>
<D>…</D>
</RSAKeyValue>

The parts of the keys (elided with …) are in base64 format, you will need this in Hex format for Javascript, and a tool such as https://cryptii.com/base64-to-hex can do this online for you.

Then following the code example on http://www-cs-students.stanford.edu/~tjw/jsbn/rsa2.html – the values match up as follows;

Modulus: Modulus (hex): [n]

Exponent : Public exponent (hex, F4=0x10001): [e]

P: P (hex): [p]

Q: Q (hex): [q]

DP: D mod (P-1) (hex): [dmp1]

DQ: D mod (Q-1) (hex): [dmq1]

InverseQ : 1/Q mod P (hex): [coeff]

D : Private exponent (hex): [d]

If you want to break a mirrored volume in Disk Management, because you want to resize the partition where your If you want to break a mirrored volume in Disk Management, because you want to resize the partition where your operating system is installed, then you may get the following error:

The specified plex is a the current system or boot plex. [sic]

As per KB 969749, the solution is detailed as follows, I’ve just added the commands required.
From an elevated Command Prompt, type diskpart to start DiskPart.

C:\Windows\system32>diskpart
Microsoft DiskPart version 10.0.14393.0
Copyright (C) 1999-2013 Microsoft Corporation.
On computer: xxxxxx

Use the list volume command in DiskPart to list the volumes present on the system.

DISKPART> list volume
Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
———-  —  ———–  —–  ———-  ——-  ———  ——–
Volume 0     X   xxxx     NTFS   Spanned     xxxx MB  Healthy
Volume 1     X   xxxxx        NTFS   Mirror       xxx GB  Healthy    Boot
Volume 2         EFI          FAT32  Partition    xxx MB  Healthy    System
Volume 3         EFI          FAT32  Partition    xxx MB  Healthy    Hidden

Type the command select volume x to select the mirror volume, where x is the alphanumeric identifier of the mirror volume.

DISKPART> select volume 1
Volume 1 is the selected volume.

Determine the numeric identifier of the disk containing the plex you are currently booted into (“Boot Disk”) using the list disk, select disk, and detail disk commands.

DISKPART> list disk
Disk ###  Status         Size     Free     Dyn  Gpt
——–  ————-  ——-  ——-  —  —
Disk 0    Online          xxx GB  1024 KB   *    *
Disk 1    Online          xxx GB  1024 KB   *    *

DISKPART> select disk 0

Disk 0 is now the selected disk.

DISKPART> detail disk
INTEL xxxxx
Disk ID: {xxxx}
Type   : xxxx
Status : OnlinePath   : 0
Target : 0LUN ID : 0
Location Path : …..
Current Read-only State : No
Read-only  : No
Boot Disk  : Yes
….
DISKPART> select disk 1
Disk 1 is now the selected disk.
DISKPART> detail disk
INTEL xxxxx
Disk ID: {xxxxx}
Type   : xxxx
Status : Online
Path   : 0
Target : 0
LUN ID : 0
Location Path : …
Current Read-only State : No
Read-only  : No
Boot Disk  : No
Pagefile Disk  : Yes
Hibernation File Disk  : No
Crashdump Disk  : Yes
Clustered Disk  : No
….

If you try to break the disk without selecting the volume, then you get the following error:

DISKPART> break disk 1
There is no volume selected to break.Please select a dynamic mirror to break.

Use the command break disk n  to break the mirror, where n is the numeric identifier of the disk containing the mirror plex you are not currently booted from.The mirror will be broken, and both plexes will be converted to Simple volumes.

DISKPART> select volume 1
Volume 1 is the selected volume.
DISKPART> break disk 1
DiskPart successfully broke the mirror volume.

After this is done, you will have two simple volumes, rather than one mirrored volume which will be very similar in content. You can then use Disk Management to resize, the volumes, dealocate one of them, then select the boot volume and press Add Mirror to restore the Raid.

If your database server is on a different machine to your webserver, and the SQL queries travel through the network, then they are liable to be sniffed by third parties sharing the same network.

However, if you add the words:

Encrypt=True; TrustServerCertificate=True

To your connection string then the TDS data sent from client to server will be encrypted, and impossible to sniff from the network.

You can verify the connection is secure by running the following query;

SELECT session_id, net_transport, client_net_address, local_net_address,
local_tcp_port, auth_scheme, encrypt_option
FROM sys.dm_exec_connections

According to performance tests, I found no difference between the performance of secure vs plain text secure. over a batch of 200 queries.