3

Currently I'm storing my C# mysql connection informations inside the class file itself, which doesn't seem that smart, since end users could simply use a reflector like NET Reflector to debug the source code in case it's not obfruscated.

Now a user on stackoverflow recommendet to create a web service which will manipulate the database.The software that the end-user would use then simply authenticates itself with the web service using the user's credentials and then uses that to access resources.

Now I have the following problem, My server is running on linux ubuntu and already stores a website which was created using plesk.

I know that I could use http://www.mono-project.com/ to host a webservice on linux. But I've never done that since I've always used PHP to do such things and I've got kinda confused on how to upload a c# web-service to the installed mono version on the ssh server.

Could I use something like the following PHP code as a C# web service in my winforms application?

PHP code:

<?php
    class webService extends database
    {
        // Web service constructor
        public function __construct($username, $password, $uniqueId, $versionId)
        {
            $this->username = $username;
            $this->password = $password;
            $this->salt = 'xxx';
            $this->hash = 'xxx';
            $this->uniqueId = $uniqueid;
            $this->versionId = $versionId;
        }

        // Web service functions to check database values

        // Web service user account check function
        private function userCheck()
        {
            $this->connect();
            $userCheck = $this->execute_query("SELECT username, password FROM Users WHERE username = '" . $this->username . "' AND password = '" . $this->hash . "'");

            if($userCheck && mysqli_num_rows($userCheck) > 0)
            {
                return 'true';
            }
            else
            {
                return 'false';
            }
        }

        // Web service unique id check function
        private function uniqueCheck()
        {
            $this->connect();
            $uniqueCheck = $this->execute_query("SELECT username, uniqueid FROM Users WHERE username = '" . $this->username . "' AND uniqueid = '" . $this->uniqueId . "'");

            if($uniqueCheck && mysqli_num_rows($uniqueCheck) > 0)
            {
                return 'true';
            }
            else
            {
                return 'false';
            }
        }

        // Web service first run check function
        private function firstRunCheck()
        {
            $this->connect();
            $firstRunCheck = $this->execute_query("SELECT username, firstrun FROM Users WHERE username = '" . $this->username . "' AND firstrun = '0'");

            if($firstRunCheck && mysqli_num_rows($firstRunCheck) > 0)
            {
                return 'true';
            }
            else
            {
                return 'false';
            }
        }

        // Web service user disabled check function
        private function disabledUserCheck()
        {
            $this->connect();
            $disabledUserCheck = $this->execute_query("SELECT disabled FROM Users WHERE username = '" . $this->username . "' AND disabled = '1'");

            if($disabledUserCheck && mysqli_num_rows($disabledUserCheck) > 0)
            {
                return 'true';
            }
            else
            {
                return 'false';
            }
        }

        // Web service update required check function
        private function updateRequiredCheck()
        {
            $this->connect();
            $updateRequiredCheck = $this->execute_query("SELECT requiredupdate FROM requiredupdate WHERE version = '" . $this->versionId . "' AND requiredupdate = 1");

            if($updateRequiredCheck && mysqli_num_rows($updateRequiredCheck) > 0)
            {
                return 'true';
            }
            else
            {
                return 'false';
            }
        }

        // Web service premium check function
        private function userPremiumCheck()
        {
            $this->connect();
            $userPremiumCheck = $this->execute_query("SELECT premium FROM Users WHERE username = '" . $this->username . "' AND premium = 1");

            if($userPremiumCheck && mysqli_num_rows($userPremiumCheck) > 0)
            {
                return 'true';
            }
            else
            {
                return 'false';
            }
        }

        // Web service functions to update database values

        // Web service update first run parameters function
        private function firstRunUpdate()
        {
            $firstRunCheck = $this->firstRunCheck();

            if($firstRunCheck == 'true')
            {
                $this->connect();
                $this->execute_query("UPDATE Users SET uniqueid = '" . $this->uniqueId . "', firstrun = '1' WHERE username = '" . $this->username . "'");

                return 'true';
            }
            else
            {   
                return 'false';
            }
        }

        function to_xml(SimpleXMLElement $object, array $data)
        {   
            foreach ($data as $key => $value) {
                if (is_array($value)) {
                    $new_object = $object->addChild($key);
                    to_xml($new_object, $value);
                } else {   
                    $object->addChild($key, $value);
                }   
            }   
        }   

        // Web service handler function
        public function webService()
        {
            $userCheck = $this->userCheck();

            if($userCheck == 'true')
            {
                $userArray = array (
                    'username' => $this->username,
                    'authentificated' => $this->userCheck(),
                    'firstRun' => $this->firstRunCheck(),
                    'firstRunUpdated' => $this->firstRunUpdate(),
                    'uniqueIdCheck' => $this->uniqueCheck(),
                    'Premium' => $this->userPremiumCheck(),
                    'Disabled' => $this->disabledUserCheck(),
                    'updateRequired' => $this->updateRequiredCheck()
                );
            }
            else
            {
                $userArray = array (
                    'username' => $this->username,
                    'userCheck' => $this->userCheck()
                );
            }

            echo str_replace("\/", "/", json_encode($userArray, JSON_PRETTY_PRINT));
        }
    }
?>

Or how is a PHP Web-Service created which could get used in my application?

The current response from the PHP script would look like the following:

{ "username": "dane", "authentificated": "true", "firstRun": "false", "firstRunUpdated": "false", "uniqueIdCheck": "true", "Premium": "true", "Disabled": "false", "updateRequired": "false" }
Improve this question
1
  • If the service can accept HTTP requests and return HTTP responses, then yes, you can call it from winforms app. Commented Dec 31, 2016 at 14:06

2 Answers 2

Reset to default
4

Rômulo M. Farias 's answer is spot on.

However, you may need a little more explanation, and it may help to do some things "by hand" the first time so you understand what's going on "under the hood" when you use frameworks to do the busy-work for you. So I'm letting my answer stand:

...

It looks like you're on the right track with the basic structure of what you want to do (MySQL credentials and access are handled server-side).

There is no reason that you need any C# running on your server, just because your client-side application WinForms. The whole point of web services is to allow different platforms to easily talk to each other.

A web service can be thought of as a website that returns data instead of HTML. (Actually it's the other way round: A website or webpage is just a specific kind of web service that returns html)

So, all you need now is get your WinFroms app to be able to talk to the PHP code you posted above, via a webservice. To put it another way, we want to wrap the PHP code you've got in a web service, and then get your WinForms app to consume the web service.

Remember that for security, you must make sure you're using SSL and doing a POST, not a GET (i.e. the password must be encrypted in the body of the message, not stuck onto the URL!)

Here are some tutorials on creating a PHP webservice (better ones must exist): https://davidwalsh.name/web-service-php-mysql-xml-json https://www.codeproject.com/Tips/671437/Creating-Web-Service-Using-PHP-Within-Minutes

There's many ways to consume a web service from C#. RestSharp is probably ideal.

Note that you're probably going to choose SOAP or JSON as a format. So look for an webservice tutorial and a consumer tutorial that use the same format. (Building a webservice that can return different formats depending on what the client requests is ideal but a bit more advanced. I don't have a tutorial for that in PHP)

(In this context, "API" is synonymous with "web service", but note that "API" can have completely different meanings too)

It may look like you've got a long way to go, but don't worry, once you've got your first example working, it'll be quick and easy to use the same method to do all kinds of great stuff.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

In fact I built a winforms/php web service just like this some years ago and have been expanding it since. One of the beauties of this model is that not only does it offer a secure way of exchanging data with a DB, you also have one foot on the client machine to interface with it better, and one foot in the cloud to SOAP to other servers. Of course all of the communication should be done with SSL (I use Lets Encrypt certificates. You can even do a host of file operations on the server, send emails, ect.
1

When you use an API, the data access layer becomes completely separated from the client software. The web service just need to print the response in a specific way for the clients understand (XML, JSON, YAML, etc).

In your C# application you will call that API and then convert the responses to C# objects. In C# I usually use RestSharp. It's easy to use and convert from XML or JSON to C# objects.

In your PHP server consider to use some Framework or micro-framework that handles HTTP codes and responses. Is responsibility of the server to send the correct response to the client (response content-type, status, etc). Try do that by hand can be boring sometimes. There is nothing wrong about your code now, but soon it will turn in a little monster.

For your case Lumen or Silex can be simple and useful!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.