Most popular blog servers/engines such as WordPress, Drupal, Neclues and etc. are using RDS (Really Simple Discovery) to help client software like WB Editor to find the services that can be used to retrieve, modified and delete the blog posts.
Those blog servers/engines are also generating RDF (Resource Description Framework) for each blog post to give more information about the post, e.g. track back url. But not enough. I am looking for,
- RDF extension that describes the blog service API lisk WSDL dose for SOAP, so that WB Editor can generate dynamically proxies to the service.
- RDF extension that describes which HTML elements can WB Editor extract data from and then send to the blog service.
Here are some interesting references:
May 6th, 2007
August 17th, 2006
In IE: open “Tools | Internet Options -> Security”, add the SharePoint sites in “trusted sites”
In firefox: open firefox browse to about:config find “network.automatic-ntlm-auth.trused-uris†modify the value and enter in SharePoint intranet sites that you must pass your username and password to. For some site i connect to i also had to add values to: “network.negotiate-auth.delegation-uris†“network.negotiate-auth.trusted-urisâ€
July 20th, 2006
Smart Client Software Factory team is recommending the “Model View Presenter” pattern. They have created Guidance Package for using this pattern.
From my experience, the “Presentation Model” pattern is better. When I asked if SC-SF can also include Guidance Package for PM, it looks like people may think MVP is more suitable for unit tests than PM. Read this thread.
To me, PM is even easier for unit testing, because it is less coupled.
I have refactored the CAB Smart Part Quick Start project to use MVP and PM patterns and have also created unit test projects for comparison.
Source Code:
They can be added to the CAB Smart Part Quick Start solution.
June 14th, 2006
In my previous post, I refactored CAB Smart Part Quick Start project to use Presentation Model. This time I refactored the project to use Model View Presenter. Note: the Presenter class is borrowed from Smart Client Software Factory, SC-SF.
Download: Source for PM, Source for MVP
They can be added to Smart Part QuickStart Solution for comparison.
The difference is that in MVP the presenter uses the interfaces to push data into the views. That presenter refers to views. In PM, views pull data from the presentation model. Views refer to pm via interface. The pm implements the interfaces. Personally,
I prefer PM to MVP. I successfully used the PM pattern in several projects.
My thougths are,
What esstentially MVP and PM do is to take the state and behavior of the presentation out of view. The views are dumb. They do nothing other than data binding and bypass user inputs.
But in MVP, although it splits one “autonomous View” into two parts, actually presenter and view are logically one thing, physically two class. When adding a new view, a new presenter is required.
In PM, it is a decoupled structure. Presentation model has no idea about view(s). It just holds the state and raise events. Adding new views needs no changes to the PM. View can also choose to connect different presentation model.
The Smart Client Software Factory recommand MVP over PM, “The rationale behind MVP as implemented in SC-SF is to encourage unit testing …” Read this thread.
So, I created two projects for the two patterns. Next I will try to unit tests for them to see.
May 19th, 2006
Composite UI Application Block (CAB) is really a powerful framework for smart client applications. It comes with samples implementing the Model View Control (MVC) pattern and the Model View Presenter (MVP) pattern. There is actually a third pattern called Presentation Model. See the pictures from http://jgoodies.com/articles/patterns-and-binding.pdf.
As described in Martin Fowler’s article (MVP, PM), the presenter in MVP has no state and the views need to provide interface allow presenter to manipulate them. The Presentation Model holds and synchronizes the state, but no need to create view interfaces.
Choice between MVP and PM, as per Martin Fowler’s article:
This decision would be strongly influenced by a decent framework that supports such synchronization. If you have such a thing then Presentation Model seems the better choice.
Compare to MVC or MVP, I prefer using the Presentation Model, because it has a centralized place to store state/data and centralized event source to notify views to update themselves. The CAB’s Event Broker is perfect for notification. So I modified the Smart Part Quick Start Project to become the ”Presentation Model” pattern. Here is the Source code.
What have I done?
- Refactor to extract interface ICustomerListView and ICustomerDetailView from the views*.
- Added CustomerPresentationModel class that implements the above two interfaces.
- Define the CustomerPresentationModel class as Service. **
- Inject the CustomerPresentationModel instances into views using service dependency injection. ***
- Published events CustomerSelected events CustomerCommentsSelected from the CustomerPresentationModel class.
- Subscribed the above events in BrowseCustomerWorkItem and ViewCustomerWorkItem
* Extract interface from the views sound very much similar to MVP, isn’t it? The difference is that in MVP, the presenter uses the interfaces to push data into the views, means that presenter refers to views. In PM, the controller implements the interface. The views pull data from the controller, means that views refer to controller. The “refer to” is a very good case of using depedency injection.
**
[Service]
public class CustomerPresentationModel: ICustomerDetailView, ICustomerListView
{
}
***
public partial class CustomerListView : TitledSmartPart
{
private ICustomerListView controller = null;
[ServiceDependency(Required = true, Type = typeof(CustomerPresentationModel))]
public ICustomerListView Controller
{
set { controller = value; }
}
….
}
Tags: smart client Composite UI Application Block MVC Model View Presenter Presentation Model injection
May 15th, 2006
ç»§ç» VSLive Toronto çš„åŽç»æ•…事。 上次记录了 SQL/e,这次是关于 Daniel Cazzulino çš„å‘言 《Microsoft p&p ObjectBuilder》。å¬å®Œè¿™ä¸ªæ¼”讲å‘现最近周围的事情还都å‘生了些关è”。
首先是日å‰ä¹°äº†æœ¬ä¹¦ 《Head Up Design Patternsã€‹ã€‚å®ƒçš„ç¬¬ä¸€ç« å°±ä»¥ä¸€ä¸ªå¼•äººå…¥èƒœçš„æ•…äº‹ä»‹ç»äº†è®¾è®¡æ¨¡å¼çš„ Strategy Pattern。这个模å¼çš„好处多多,但是负作用是会产生了很多相互关è”的类。如何按照åˆç†åœ°åˆ›å»ºè¿™äº›ç±»ï¼Œå¹¶æŠŠå®ƒä»¬ç»„和起æ¥ã€‚这就引出了å¦å¤–一个è¯é¢˜ Inversion of Control / Dependency Injection。
è¿™å‡ å¤©å¸®å¥³å„¿å¤ä¹ 准备ä¹ç†è€ƒè¯•ï¼Œè¿˜ç¢°åˆ°äº† Interval Inversion / Triad Inversion,æžå¾—我就很头æ˜ã€‚Dependency Injection 好åƒè¿˜å¥½ç†è§£äº›ã€‚
Daniel Cazzulino 讲的 ObjectBuilder 就是一个具有 dependency injection 功能的轻é‡çº§å¯¹è±¡å®¹å™¨*。 ObjectBuilder 是 ï¼ï¼³ patterns & practices Composite UI Application Block ä»¥åŠ Enterprise Library çš„æ ¸å¿ƒéƒ¨åˆ†ã€‚
这就åˆå¼•åˆ°äº† CAB - Composite UI Application Block。也是ä¸ä¹…å‰ WB Editor 3.0 的设计已ç»å¼€å§‹äº†ã€‚鉴于 2.0 ç‰ˆæœ¬ä¸ RAD æµæ¯’太深**,决定应该采用个好的系统结构,æ£åœ¨çŠ¹è±«ï¼Œæ˜¯å¦ç”¨è¿™ç¯‡ Implement a Microsoft Word-like Object Model for Your .NET Framework Application æ–‡ç« ä»‹ç»çš„方法呢,还是用 CAB。
ç»è¿‡è†å¬ Daniel Cazzulino 的讲解,ä¸ä½†äº†è§£äº† OB çš„åŠŸèƒ½ï¼Œè¿˜äº†è§£äº†å…¶å†…éƒ¨çš„ä¸€äº›æœºåˆ¶ã€‚å› æ¤å†³å®šè¿›ä¸€æ¥å¦ä¹ 了一下 CAB Hands on Lab。于是得到结论就是 WB Editor 3.0 将采用 CAB。
Daniel Cazzulino 还讲了个有用的内容,Guidance Automation Toolkit / GAT,值得å†ç”¨ä¸€ç¯‡ç¬”记介ç»ã€‚
* è½»é‡çº§å¯¹è±¡å®¹å™¨å’Œ ** RAD æµæ¯’也å¯ä»¥è®²äº›æ•…事。
Tags: VSLive ObjectBuilder Strategy Pattern Inversion of Control Dependency Injection Composite UI Application Block CAB RAD
May 14th, 2006
During the WB Editor 2.5 testing, we found an interesting concurrency control issue. In this version, we allowed multiple program instance for ease of cross posting.
Now in multiple instance windows, user can setup blog server accounts differently. Which one is the winner?
“Last one wins” was disapproved by QA.
Maybe we need optimistic concurrency. I this case user will receive a dialog saying “another instance has modified the settings”, do you want to overwrite or discard or reload?
Another option is concurrency control with change notifications. Using FileSystemWatcher to detect changes of configuration file, but what should happen next in UI?
Tgas: WB Editor concurrency control Last one wins optimistic change notifications multiple instance blog cross posting FileSystemWatcher
May 10th, 2006
在 VSLive Toronto 上è§åˆ°ä¸¤ä¸ªäººç‰©ï¼ŒSteve Lasker å’Œ Daniel Cazzulino
Steve Lasker 介ç»äº†ä½¿ç”¨ SQL Server Everywhere çš„ Occasionally Connected Systems。 SQL Server Everywhere(SQL/e) 何须人也?原æ¥2-4å¹´å‰åš Pocket PC 程åºå°±ç›¸è¯†ï¼Œé‚£æ—¶å®ƒå« SQL Server CE,åŽæ¥åˆå« SQL Server Mobile。 Visual Studio 2005 带的 SQL Server Mobile 被é™åˆ¶åªèƒ½è¿è¡Œåœ¨ Tablet PC 上。SQL/e 就是解除了这个é™åˆ¶çš„版本。SQL/e å› æ¤èƒ½è¿è¡Œåœ¨å°å¼ Windows 上。
SQL/e 计划在 2006年下åŠå¹´å‘布。 Steve 演示了目å‰å¦‚何在 VS 2005 ä¸è¯•éªŒå¼€å‘çš„å’Œå¯ä»¥é€šè¿‡ ClickOnce 安装的办法。
这就解决了一个版本 WB Editor çš„æ•°æ®åº“选择问题。 本æ¥æ£åœ¨çŠ¹è±«æ˜¯å¦åº”该用 SQL Server 2005 Express (SQL/x)。这个家伙 55Mï¼Œè¿˜éœ€è¦ Admin 用户æƒé™æ‰èƒ½å®‰è£…。 比较 SQL/x å’Œ SQL/e,SQL/e æ‰ 1.4M。看æ¥SQL/e æ›´åŠ é€‚åˆ WB Editor 3.0。
Daniel Cazzulino 讲的内容也很有用,将会在下一篇笔记内介ç»ã€‚
May 8th, 2006
An icon in the system tray kept poping up a notification saying “Your computer is infected! …”. If clicked the message, it opens the browser and connects to spywarequake.com.
Scanned with Windows Defender and Windows Live Safety Center, they could not find anything …
Finally used the old Spy tool to catch that popup’s class name is “ballon window”. Then searched DLL to find out suprox.dll. In the registry:
[HKEY_CLASSES_ROOT\CLSID\{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}\InProcServer32]
@=”C:\WINDOWS\system32\suprox.dll”
“ThreadingModel”=”Apartment”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\SharedTaskScheduler]
“{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}”=”USB Mouse Driver”
SharedTaskScheduler!, a new place to watch out.
Tags: system tray spyware malware spy tool clsid popup SharedTaskScheduler Your computer is infected
April 15th, 2006
Server Side
1. IIS Configuration - Directory Security Tab of Site / Virtual Root Properties
- Disable anonymous access
- Enable ONLY Integrated Windows Authentication
2. Web.config
<authentication mode=”Windows” />
<authorization>
<deny users=”?” />
</authorization>
<identity impersonate=”true” />
3. NTFS Security Tab of the physical folder
- Add allowed user / user group
Client Side (IE)
- Add the server IP / Machine name / domain name to Intranet Sites
- Bypass proxy for the server if proxy server causing problem
- IE Security Setting, select “Automatic logon only in Intranet zone”
March 7th, 2006
Flickr 是å…费的图片å‘布和分享网站。最近被收è´åˆ° yahoo 旗下。
把图片å˜åœ¨ Flickr 然åŽè¿žæŽ¥åˆ°è‡ªå·±çš„ blog ä¸ æ˜¯ä¸ªå¾ˆä¸é”™çš„åšæ³•ã€‚
WB Editor 2 å·²ç»æ”¯æŒç›´æŽ¥ä¸Šä¼ 图片到 Flickr 了。å¦å¤–还会有一个æ’件,æ¥ç®¡ç†å’Œæ£€ç´¢å›¾ç‰‡ã€‚
December 10th, 2005
å¼€å‘个 Biztalk 系统真是颇费周折。记下一些ç»éªŒå¤‡ç”¨ã€‚
1. Error about enlisting DTC.
Solution:
1) Turn off the RPC security on your Windows Server 2003 computers.
http://support.microsoft.com/default.aspx?scid=kb;en-us;839187
2) Turn off DTC authentication.
http://support.microsoft.com/default.aspx?scid=kb;en-us;884623
Error Messages:
Failed to execute SQL Statement. Please ensure that the supplied syntax is correct. An error occurred while enlisting in a distributed transaction.
2. Unable to deploy early bindings… Access is denied.
Solution: Add user id / group to Biztalk Admin group and SSO admin group
Error Messages:
[Microsoft.BizTalk.Deployment.DeploymentException] Unable to deploy early bindings.
[Microsoft.BizTalk.Deployment.Binding.BindingException] Failed updating binding information.
BindingException: Could not store transport type data for Primary Transport of Send Port ‘xxSendPort’ to config store. Access is denied.[Microsoft.BizTalk.ExplorerOM.BtsException] Could not store transport type data for Primary Transport of Send Port ‘xxSendPort’ to config store. Access is denied.
3. Event Log is full of ENTSSO events?
Solution: C:Program FilesCommon FilesEnterprise Single Sign-Onssoconfig -backupsecret mybackup.bak
Error Messages:
The master secret has not been backed up. If you lose the master secret all the information stored in the SSO system will be lost permanently and your systems may fail to work correctly. Please use the SSO admin tools to back up your master secret.
4. Cannot deploy without strong name
Solution: Assign strong name from within the BizTalk project’s properties window.
Error Messages:
[Microsoft.BizTalk.Deployment.DeploymentException] Unable to install the “….dll” assembly into the Global Assembly Cache. Exception: A strongly-named assembly is required.
[Microsoft.BizTalk.Gac.GacException] A strongly-named assembly is required.
5. Cannot Access Schema Based Message’s Property in the Expression Editor
Solution: Open the XSD, right click the property name, select Promote | Show Promotions ..
Promote the properties to be distinguished.
November 18th, 2005
æžå®š æ”¯æŒ aspx è¯æ³•çš„ Template 引擎 åŽå³å¼€å§‹ç¼–写 template以åŠè¯•éªŒä»Ž windows forms 程åºä¼ 递数æ®ã€‚åœ¨æˆ‘çš„è®¾è®¡æ ‡å‡†ä¸ï¼Œæ•°æ®ç»“æž„ Custom Object 有先于 DataSet,一般尽é‡é¿å… late-bound data binding:
< %# DataBinder.Eval(Container, "DataItem.Title") %>
而是建议 bind to cutom object:
< %# ((WBEditor.Post) Container.DataItem).Title %>‘>
asp.net web 系统是应该这么åšçš„,但是用在 Template 引擎 ä¸æœ‰ä¸ªé—®é¢˜ï¼šasp.net host 固定è¦åˆ° bin ç›®å½•ä¸‹åŽ»æ‰¾åŒ…å« WBEditor.Post 类定义的 DLL。从程åºå‘布 (depolyment) 的观点æ¥çœ‹ï¼Œä¸æ˜¯å¾ˆèˆ’æœçš„结构。这ç§æƒ…况下 late-bound data binding 就很有用了。它ä¸è¦ä¾èµ–于 DLL,而是在 run-time 通过 reflection 去å–值。
有趣的是 DataBinder.Eval ä¸ä»…仅能对付 Container.DataItem,还能用在 object 上。< %# DataBinder.Eval(Post, "CreatedDate", "d") %>
March 28th, 2005
最近需è¦ä¸€ä¸ª .NET 下的 Template 引擎æ¥æ”¯æŒè‡ªå®šä¹‰ç½‘页模版。一般如 Velocity(java), Smarty(php) ç‰ Template 引擎都自带一套è¯æ³•ã€‚而 CodeSmith 的概念是用 ASPX è¯æ³•ã€‚这个概念å–点ä¸ä»…仅在于能直接用已ç»ç†Ÿæ‚‰äº†çš„ASPX è¯æ³•ï¼Œè¿˜åœ¨äºŽèƒ½åµŒå…¥ inline code,并且能用 server control,例如 DataGrid DataList å’Œ Repeater。Template 本身å¯ä»¥ç”¨ WebMatrix æ¥ç¼–辑。所以是很酷的设计。
在 m3rlin ä¸æ‰¾åˆ°äº† hosting the ASP.NET runtime 的办法,包括创建新的 AppDomain å’Œ 通过 HttpContext ä¼ é€’æ•°æ®ç‰ç‰ã€‚è¿™æ ·æˆ‘æœ‰äº†èƒ½ç”¨åœ¨ windows forms 程åºä¸çš„æ”¯æŒ ASPX è¯æ³•çš„ Template 引擎。
ps. Template 引擎通常å¯ä»¥ç”¨æ¥åšä»£ç 生æˆå·¥å…·çš„æ ¸å¿ƒã€‚
March 28th, 2005
终于为下一版的 WB Editor æžå®šäº†HTML è¯æ³•åŠ 亮编辑器。
è€çš„编辑器的原ç†åŒè¿™ç¯‡æ–‡ç« 。它实现了实时染色的功能 (highlight on the fly)ï¼Œä½†æ˜¯ä¸€ç¯‡æ–‡ç« æ–°è½½å…¥æ—¶ï¼Œå…¨æ–‡æŸ“è‰²æ•ˆçŽ‡æžå·® (feel it’s being choked)。
想了很多办法试图分页,但ä¸æˆåŠŸã€‚äºŽæ˜¯å¼€å§‹åˆ†æž SharpDevelop 的编辑器和 JSource 的编辑器的代ç 。å‘现如果自己从头åšå·¥ç¨‹é‡å·¨å¤§ã€‚接ç€å‘ SharpDevelop å¼€å‘者询价,得到个目å‰æ— æ³•æ”¯ä»˜çš„ä»·æ ¼ã€‚
回头å†æƒ³ï¼Œå…¨æ–‡æŸ“色慢的主è¦åŽŸå› 就是用 SelectionStart å’Œ SelectionLength 两个属性æ¥æ“ä½œã€‚ç”šè‡³æ ¹æ® Syntax colorizing with Speller engine using TOM and CSAPI 一文,用了 TOM 接å£ä¹Ÿæ²¡æœ‰æ”¹è§‚。
å†ç ”究,能ä¸èƒ½ç›´æŽ¥ç”Ÿæˆ rtf,终于å‘现 Delphi çš„æ–‡ç« Automatic Syntax Highlighting Using a RichEdit Control 介ç»äº† rtf çš„æ ¼å¼ä»¥åŠ Syntax Highlighting With RichEdit ä¸€æ–‡ç»™å‡ºäº†ç”Ÿæˆ HTML è¯æ³•åŠ 亮 rtf 的办法。
用我现æˆçš„ HTML Tokenizer 接上去一试效果很好,200 多K çš„HTML åŠ äº®æ²¡æœ‰å»¶è¿Ÿçš„æ„Ÿè§‰ã€‚å‡†å¤‡å‡çº§ WB Editor 2 了。
March 24th, 2005
折腾了两天,æ‰å‘现 OLE DB .NET ä¸æ”¯æŒ named parameters。
The SQL Server .NET data provider (SqlClient) supports named parameters. Therefore, when you use the SqlCommand object, you do not have add the parameters in any particular order, but the parameters must have the correct name. In this case, you must add the at sign (@) prefix to the parameter names.
Alternatively, the OLE DB .NET data provider does not support named parameters. Therefore, when you use the OleDbCommand object, you must add the parameters in the correct order (which is the same order that is defined at the backend stored procedure). In this case, you do not need to add the “@” prefix to the parameter names, and the parameter names do not have to match those that are defined at the stored procedure.
From: http://support.microsoft.com/kb/310071/EN-US/
å¦ï¼šMicrosoft Support 开始用 URL Re-Write 技术了 
March 18th, 2005
å‰æ–‡æ述了.NET 为 Shareware 程åºå¼€å‘æ供了许å¯è¯æ£€æµ‹æœºåˆ¶ï¼Œä½¿å¾—å¼€å‘者å¯ä»¥é›†ä¸ç²¾åŠ›åˆ°å¦‚何验è¯è®¸å¯è¯ã€‚
把一个信æ¯ç»ç”±ä¸å¯ä¿¡ä»»çš„é€”å¾„ä¼ è¾¾ç»™æŽ¥å—者的时候,就需è¦è¿›è¡ŒåŠ 密。对于信æ¯æŽ¥å—者æ¥è¯´ï¼Œåˆ™éœ€è¦ç¡®è®¤ä¿¡æ¯çš„æ¥æºæ˜¯æ¥è‡ªæ£ç¡®çš„,就需è¦è¿›è¡Œæ•°å—ç¾å。Shareware 程åºæ‹¥æœ‰è€…è¦å‘Šè¯‰è¿œåœ¨ç”¨æˆ·æœºå™¨ä¸Šçš„自己的程åºç”¨æˆ·æœ‰æƒä½¿ç”¨è¿™ä¹ˆä¸ªä¿¡æ¯ï¼Œæ˜¯è¦åŠ å¯†çš„ã€‚å› ä¸ºä½ ä¸æƒ³è®©å…¶ä»–人知é“这个信æ¯æ˜¯å¦‚何表达的,更ä¸èƒ½è®©äººå®¶å¦‚法炮制出相åŒçš„ä¿¡æ¯ã€‚
.NET æä¾›äº†åŠ å¯†å’Œæ•°å—ç¾åç‰çŽ°åœ¨ç”¨åœ¨ç½‘络安全方é¢çš„技术用到 Shareware 上是ç»å¯¹å¥½çš„。下é¢æ˜¯ç”¨ .NET RSACryptoServiceProvider 的一个办法。
RSA 是一ç§éžå¯¹ç§°åŠ 密技术 Asymmetric Cryptography,å³åŠ 密用的密ç 和解密用的密ç 是分开,相互ä¸èƒ½æŽ¨æ¼”的。如果知é“了解密用的密ç ï¼Œæ— æ³•çŸ¥é“åŠ å¯†ç”¨çš„å¯†ç ã€‚è¿™æ¯”å¯¹ç§°åŠ å¯†å®‰å…¨æ€§å¥½ï¼Œå› ä¸º Shareware 总是需è¦ä¸€ä¸ªå¯†ç 用æ¥è§£æ³¨å†Œç ï¼Œç”¨å¯¹ç§°åŠ å¯†çš„æƒ…å†µä¸‹ï¼Œå¦‚æžœè¢«äººä»Žç¨‹åºä¸åˆ†æžåˆ°äº†è§£å¯†çš„密ç ,有å¯èƒ½å¤åˆ¶æ³¨å†Œæœºã€‚而用éžå¯¹ç§°åŠ 密,å³ä½¿è§£å¯†çš„密ç 泄æ¼ï¼Œä¹Ÿæ— 法åšå‡ºæ³¨å†Œæœºã€‚
1ã€ç”Ÿæˆå’Œä¿å˜å¯†ç
创建个新的 RSACryptoServiceProvider 对象,.NET å°±éšæœºç”Ÿæˆäº†å¯†ç 。
RSACryptoServiceProvider 对象å¯ä»¥æŠŠå¯†ç è¾“å‡ºæˆ xml。
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider();
Console.WriteLine(rsa.ToXmlString(true));
这个 xml 是è¦å¥½å¥½ä¿å˜èµ·æ¥çš„秘密。其ä¸åŒ…å«äº†ç”¨æ¥åšæ³¨å†Œæœºçš„åŠ å¯†ç”¨çš„ private key å’Œ å°†æ¥åœ¨ç¨‹åºä¸ç”¨æ¥è§£å¯†çš„用 public key。
<RSAKeyValue>
<Modulus>…</Modulus>
<Exponent>…</Exponent>
<P>…</P>
<Q>…</Q>
<DP>…</DP>
<DQ>…</DQ>
<InverseQ>…</InverseQ>
<D>…</D>
</RSAKeyValue>
2ã€æ³¨å†Œæœº
æ ¹æ®ä¸Šé¢çš„密ç xml,å¯ä»¥è¿™æ ·ç”Ÿæˆæ³¨å†Œæœºæ‰€éœ€è¦çš„ RSACryptoServiceProvider 对象。然åŽç”¨æ•°å—ç¾å的办法生æˆæ³¨å†Œç 。
SignData 是åšæ•°å—ç¾å。它与å•çº¯çš„åŠ å¯†è§£å¯†æœ‰åŒºåˆ«ã€‚
如果è¦å˜æˆæ³¨å†Œç æ˜¯è¿™æ ·ä¸€å¥è¯ï¼šæŸäººäºŽæŸæ—¶æŸåœ°è´ä¹°äº†æˆ‘的软件。å•çº¯çš„åŠ å¯†åŽçš„è§£å¯†ä½ ä¼šçœ‹åˆ°è¿™å¥åŽŸè¯(从内å˜é‡Œä»€ä¹ˆåœ°æ–¹æŒ–出æ¥)。而用数å—ç¾å办法,解密åŽçœ‹ä¸åˆ°åŽŸè¯ï¼Œè€Œæ˜¯ä¸€ä¸ªå•å‘计算出æ¥çš„ Hash å€¼ã€‚æ‰€ä»¥å¯¹æ‰€ä¼ é€çš„ä¿¡æ¯å¤šäº†ä¸€å±‚ä¿æŠ¤ã€‚RSACryptoServiceProvider æ供了直接的生æˆæ•°å—ç¾å和验è¯æ•°å—ç¾å的方法。
private static byte[]CreateKey()
{
byte[] digestInput = fileEncoding.GetBytes(GetRegistrationInfo());
RSACryptoServiceProvider RSAalg= new RSACryptoServiceProvider();
RSAalg.ImportParameters(GetPrivateKeyParam());
return RSAalg.SignData(digestInput, new SHA1CryptoServiceProvider());
}
private static string GetRegistrationInfo()
{
return GetValue(“NAME”)+GetValue(“PURCHASE_TIME”)+GetValue(“FROM”);
}
private static RSAParametersGetPrivateKeyParam()
{
RSAParameters param = new RSAParameters();
param.D= Convert.FromBase64String(“…”);
param.DP = Convert.FromBase64String(“…”);
param.DQ = Convert.FromBase64String(“…”);
param.Q = Convert.FromBase64String(“…”);
param.P = Convert.FromBase64String(“…”);
param.Exponent= Convert.FromBase64String(“…”);
param.Modulus= Convert.FromBase64String(“…”);
param.InverseQ= Convert.FromBase64String(“…”);
return param;
}
从 XML ä¸ç”Ÿæˆ private key æ¥åˆ¶ä½œæ•°å—ç¾å,需è¦ç”¨åˆ°å…¨éƒ¨å‚数:D, DP, DQ, P, Q, Exponent, Modulus, InverseQ.
3ã€éªŒè¯æ•°å—ç¾å
在 Shareware 程åºä¸ï¼Œä»Žå¯†ç xml 文件生æˆéªŒè¯æ•°å—ç¾å所需è¦çš„ SACryptoServiceProvider 对象,然åŽè¯·ç”¨æˆ·è¾“入他的åå—ã€ä»¥åŠè´ä¹°è½¯ä»¶çš„时间地点。组æˆä¸€ä¸ªå¥å:æŸäººäºŽæŸæ—¶æŸåœ°è´ä¹°äº†æˆ‘的软件,用 SACryptoServiceProvider 验è¯ä¸€ä¸‹å®ƒçš„æ•°å—ç¾å是å¦ç¬¦åˆæ³¨å†Œæœºç”Ÿæˆæ³¨å†Œç 。
private static bool VerifyKey(byte[]digestInput, byte[] signed)
{
RSACryptoServiceProviderRSAalg = new RSACryptoServiceProvider();
RSAalg.ImportParameters(GetPublicKeyParam());
return RSAalg.VerifyData(digestInput, new SHA1CryptoServiceProvider(),signed);
}
private static RSAParametersGetPublicKeyParam()
{
RSAParameters param = new RSAParameters();
param.Exponent = Convert.FromBase64String(“…”);
param.Modulus = Convert.FromBase64String(“…”);
return param;
}
从 XML ä¸ç”Ÿæˆ public key æ¥éªŒè¯æ•°å—ç¾å,åªè¦ç”¨ä¸¤ä¸ªå‚数:Exponent, Modulus. 别人å³ä½¿ä»Žä½ æ•£å‘出去的程åºæœ¬èº«ç ´è§£å¾—到了public key,没有其它多大用处。
å½“ç„¶ï¼Œç ´è§£ä¸ä»…仅是è¦å¾—到密ç 。如果æ¥ä¸ªæš´åŠ›ç ´è§£ï¼ŒæŠŠä½ 的程åºå编译出æ¥ï¼ŒæŠŠä½ çš„ public key æ¢æˆä»–的,与他自己的注册机é…åˆçš„ï¼Œé‚£ä½ ä¸å°±è¢«æŠ¢åŠ«ä¸€ç©ºäº†ï¼Œæˆ–者å编译出æ¥åˆ 掉å‰æ–‡æ‰€è¿°çš„ LicenseProvdier,或者 …….,还有很多办法。
.NET æ供的许å¯è¯ç›‘测机制,éžå¯¹ç§°åŠ 密是å¦èƒ½çœŸæ£å‘挥,还得看程åºæœ¬èº«çš„åŠ æ‰°ç¨‹åº¦ã€‚ä¸‹ä¸€ç¯‡æ–‡ç« ä»‹ç»ã€‚
Tags: shareware asymmetric cryptography rsa private key public key
March 16th, 2005
制作 Shareware 有三个关键点:
- 如何ä¿æŠ¤å¯¹è±¡(程åº),在创建对象的时候检测许å¯è¯ (License)。
- åŠ å¯†/解密 用户信æ¯å’Œæ³¨å†Œä¿¡æ¯ã€‚
- 程åºåŠ 扰 (obfuscate) 或者程åºåŠ 密,åç ´è§£ã€‚
.NET 为å‰ä¸¤è€…æ供了基本支æŒï¼Œéžå¸¸æ–¹ä¾¿ã€‚这里先说检测许å¯è¯ã€‚许å¯è¯å¯ä»¥æœ‰é€šç”¨æ³¨å†Œç ã€éªŒè¯ç”¨æˆ·å的注册ç ã€éªŒè¯ç”¨æˆ·æœºå™¨çš„注册ç ç‰å½¢å¼ã€‚当用户花钱è´ä¹°äº† Shareware 程åºï¼ŒShareware 程åºæ‹¥æœ‰è€…就会å‘é€æ³¨å†Œç 给用户。(Share-It 有在线注册ç 生æˆåŠŸèƒ½ï¼Œä¸€æ”¶åˆ°é’±ç«‹å³è‡ªåŠ¨ç”Ÿæˆæ³¨å†Œç )。
Shareware 程åºè¿è¡Œæ—¶è¦æ£€æµ‹å’ŒéªŒè¯ç”¨æˆ·æ˜¯å¦å…·æœ‰æœ‰æ•ˆçš„注册ç ,以决定用户是å¦èƒ½æ‰§è¡Œç¨‹åºã€‚
.NET 下的程åºéƒ½æ˜¯é¢å‘对象的,所以 .NET 在对象的创建机制上,æ供了许å¯è¯æ£€æµ‹çš„一个接å£ï¼ŒShareware 程åºå¼€å‘å¯ä»¥åœ¨æ¤åŸºç¡€ä¸ŠåŠ 入自己的注册ç 验è¯ç®—法。
.NET Licensing 一文介ç»äº†è®¸å¯è¯æ£€æµ‹çš„办法:
[LicenseProviderAttribute(typeof(LicFileLicenseProvider))]
public class LicensedClass : IDisposable
{
private License license = null;
public LicensedClass()
{
license = LicenseManager.Validate(typeof(LicensedClass), this);
Console.WriteLine(“Hello from the licensed class.”);
}
public void Dispose()
{
if (license != null)
{
license.Dispose();
license = null;
}
}
}
有了这么个结构,程åºå¼€å‘å¯ä»¥æŠŠæ£€æµ‹è®¸å¯è¯äº¤ç”± .NET 完æˆï¼Œè€Œè‡ªå·±é›†ä¸ç²¾åŠ›è®¾è®¡å¦‚何验è¯æ³¨å†Œç 。把上é¢çš„ LicFileLicenseProvider æ¢æˆè‡ªå·±çš„ Custom LicenseProvider。比如,ä¸è¯»æ–‡ä»¶è€ŒåŽ»è¯»æ³¨å†Œè¡¨ï¼Œè§ï¼šCodeGuru: Licensed Applications using the .NET Framework ã€‚æˆ‘çš„ä¸€äº›æ–‡ç« æ”¶è— (RSSæ ¼å¼) 。
ä¸è®ºæ˜¯ä»Žæ–‡ä»¶æˆ–者从注册表得到注册ç ,它包å«äº†æˆ·æ˜¯å¦å¯ä»¥è¿è¡Œç¨‹åºçš„ä¿¡æ¯ï¼Œè€Œä¸”它一定是åªèƒ½ Shareware 程åºæ‹¥æœ‰è€…è¯´äº†ç®—ã€‚å› æ¤è¿™ä¸ªä¿¡æ¯æ˜¯å¿…é¡»åŠ å¯†çš„ã€‚
.NET æ供了éžå¯¹ç§°åŠ 密 (Asymmetric Cryptography) 工具å¯ä»¥ç”¨æ¥å¤„ç†æ³¨å†Œç ã€‚ä¸‹ä¸€ç¯‡æ–‡ç« é‡Œç»§ç»ä»‹ç»ã€‚
March 3rd, 2005
Next Posts
Previous Posts
