6/23/18

Xamarin Android WebView Authentication

The WebView browser component is commonly used to render web content within a native application layout. When the content is secured, it is required for the app to authenticate with the Web server first.  When using the WebView component, we can leverage the component events (HTTP pipeline) to detect a challenge-response authentication event from the server and automatically login our app.

Challenge Response Security



The challenge-response interaction is a security protocol (HTTP 401) event in which a server challenges the identity of a client, and the browser responds with the security credentials required to access the content. If the required credentials are not validated, the content is forbidden to the app. We can leverage this interaction to send the impersonating identity to the server by extending the WebViewClient class and overriding the authentication event. Let’s take a look.

Extending the WebViewClient Class

In order to write a handler for the challenge-response event, we need to extend the WebViewClient class. We start by implementing a constructor that can take the credential information. This enables the activity that instantiates our class to manage the credential information and just pass it to our class during the class instantiation.


internal class AuthWebViewClient : WebViewClient
{
    public string Username { get; }
    public string Password { get; }
    private int LoginCount = 0;
    
    /// <summary>
    /// gets the user credentials for the impersonation process
    /// </summary>
    /// <param name="username"></param>
    /// <param name="password"></param>
    public AuthWebViewClient(string username, string password)
    {
        Username = username;
        Password = password;          
    }
    
    /// <summary>
    /// handles the authentication with the website.
    /// </summary>
    /// <param name="view"></param>
    /// <param name="handler"></param>
    /// <param name="host"></param>
    /// <param name="realm"></param>
    /// <remarks>
    /// </remarks>
    public override void OnReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, string host, string realm)
    {
        try
        {
            if (LoginCount < 3)
            {
                LoginCount++;
                handler.Proceed(Username, Password);
            }
            else
            {
                LoginCount = 0;
                handler.Cancel();
            }
        }
        catch (Exception ex)
        {
            Toast.MakeText(Application.Context, ex.Message, ToastLength.Long).Show();
        }
    }      
}


Handling the Authentication

When we extend the WebViewClient class, we can override some of the class events. For the authentication pipeline, we override the OnReceivedHttpAuthRequest event which provides a reference to the HttpAuthHandler object. This object provides the Proceed method which we use to send the login credentials to the server.

One important area to note here is that if there is a problem with the credentials that we send to the server, the HTTP 401 event will continue to be sent back from the server. This can create a loop between the browser and server. To prevent this, we track the number of attempts, and cancel the authentication when the limit is met. This is done by using the Cancel method on the HttpAuthHandler object.

Please note that this simple approach to pass the username and password information from the browser to the server. There are still other securities areas to be concerned with like encrypting the communication channel to protect the security credentials from unwanted traces.


Thanks for reading.

Originally published by ozkary.com

6/2/18

Xamarin Android Class Not Found Exception

The Class Not Found Exception is commonly raised when the class loader tries to find an activity or a broadcast receiver class listed on the app manifest, but it fails to find it. Common examples can be a splash activity with no layout to show an animation, or a broadcast receiver which should load after intent is received, like boot completed intent.

What is common on these cases is that these classes should be configured on the AndroidManifest.xml file as part of the build process, but during the application load lifecycle, these classes are not found. This indicates that there is missing metadata which affects the load process. Let’s review a common application manifest and class declaration and discuss the problem and solution.


AndroidManifest


<manifest package="com.ozkary.app"
<receiver       
        android:name=".BootReceiver"    
<intent-filter>
                <action android:name="android.intent.action.BOOT_COMPLETED" />  
</intent-filter>

</receiver>
</manifest>


On the abbreviated manifest above, we can find the package name and the receiver class.  The receiver class name is relative to the package name which means that during the load time, the class loader will attempt to find a class with the name of com.ozkary.app.BootReceiver.

When the class not found exception is raised, we need to take a look at how our project metadata is getting created. This is where our class attributes become very important for our builds.


Class Metadata with Attributes

During the class implementation phase, we can leverage class attributes to add metadata information to our projects. For a Xamarin Android project, this is very important because this is the metadata that is added to the AndroidManifest file during the build cycle. With that knowledge in mind, let’s take a look at how we should properly declare our class.


[BroadcastReceiver(Name = "com.ozkary.BootReceiver]
[IntentFilter(new[] { Intent.ActionBootCompleted })]
public class BootReceiver : BroadcastReceiver


By looking at our abbreviated class declaration, we are setting the receiver class name properly as well as the intent. When we build the project, the metadata generated from our classes is merged with the Properties/AndroidManifest.xml file.  This is true for all classes including activities.

When encountering this Class Not Found Exception, we should review the content of the manifest file as well our class declarations, and we should find that there is probably not enough metadata added to the classes to prevent this error.


I hope this helps some of you with this problem.

Originally published by ozkary.com

5/19/18

Xamarin Android Build Java Exited with Code 1 ProGuard

When building a Xamarin Android app and using the option to Enable ProGuard, we may get the following error:


error MSB6006: "java.exe" exited with code 1


Note: Proguard is a file shrinker/optimizer which is often used on a release version. This can be found on the Android Options tab.



The error means that java is not able to build the application due to some an error that is raised during the build process. To find out what the error details, we need to set the MSBuild verbosity mode to Diagnostic which provides detail log on each step during the build. We can change the verbosity mode from Visual Studio Build and Run settings which can be found on the following menu option:

Tools->Options->Project and Solutions-Build and Run



Once this option is set, we should be able to compile again and see more detail about what is happening. If we look at the MSBuild output (output window on Visual Studio), we can find the error or exception that can provide more insight on the problem.

For this case, we can see that there is an error associated to the proguard tool. The error reads that there is an unknown option on the configuration file proguard.cfg.


proguard.ParseException: Unknown option '∩┐-dontwarn' in line 1 of file 'proguard.cfg', (TaskId:226)


If we look carefully, we can see that there is a funny character on the error message.  This leads us to think that there is some junk data in the proguard.cfg file, or there is an encoding problem.

Solution:

The proguard tool does not handle files that contain Byte Order Mark BOM. Visual Studio creates files with this information. The BOM is used to indicate the file encoding type. To see and remove that encoding, use a tool like Notepad++ and save the file without the BOM encoding which is a menu option when saving the file.

After removing the BOM from the file, we should be able to build the project again and see a successful build. Inspecting the log, we can also see that the proguard task completes with no errors:


Done executing task "Proguard". (TaskId:179)



Hopefully this can help solve similar errors when building Xamarin Android Apps.

Originally published by ozkary.com

5/5/18

Xamarin Android Device Mac and IP Address on a WebView JavaScript App

When using JavaScript applications with any framework, we cannot get access to some of the device information like the MAC and IP Address because JavaScript runs on an Isolated Sandbox due to security concerns.

When building hybrid applications using the WebView control on a Xamarin Android app, we can leverage the nature of the native app layer to provide the device information to the JavaScript layer. There are several ways to enable this interaction/bridge between the Native and JavaScript layers, but there is a more direct integration that can be used to handle this with less effort.

Browser UserAgent

All browsers provide a way to identify their information using the Navigator UserAgent property.  This property tells us the type of browser that is running the application like Internet Explorer, Safari, and Chrome etc.

When using the WebView control on a native app, we have more permission to control this information. This can enable our apps to set a UserAgent property that can provide the JavaScript application with device specific information.  Let’s review how that can be done by looking at a code sample with Xamarin Android project (C#) and JavaScript.

Xamarin Android Project

On the Xamarin Android project, we can set some of the WebView control properties on the OnCreate override of our activity as shown below:


private void SetWebView()
{
    WebView view = FindViewById<WebView>(Resource.Id.webView1);
    view.Settings.JavaScriptEnabled = true;
    view.Settings.UserAgentString = GetDeviceInfo();
}

private static string GetDeviceInfo()
{
    string mac = string.Empty;
    string ip = string.Empty;

    foreach (var netInterface in NetworkInterface.GetAllNetworkInterfaces())
    {
        if (netInterface.NetworkInterfaceType == NetworkInterfaceType.Wireless80211 ||
            netInterface.NetworkInterfaceType == NetworkInterfaceType.Ethernet)
        {
            var address = netInterface.GetPhysicalAddress();
            mac = BitConverter.ToString(address.GetAddressBytes());

            IPAddress[] addresses = Dns.GetHostAddresses(Dns.GetHostName());                   
            if (addresses != null && addresses[0] != null)
            {
                ip = addresses[0].ToString();
                break;
            }                 

        }
    }



The code loads the reference to the control. This enables us to set the control settings to enable the JavaScript functionality to run on and set the user agent with the device information.

Notice that on the GetDeviceInfo function, we get both the MAC and IP address and return the information as a delimited string similar to the format used by most browsers. This enables us to parse the information and display/use it as needed.

JavaScript Code

When navigating to the web page on the WebView control, we can now query the windows user agent property and request the information that is set by the native code as shown below:


var device = window.navigator.userAgent;
console.log(device);              
 

The console log should print out the content of the string with a pattern similar to aa-bb-cc-dd/100.10.0.0 which represents the MAC and IP address of the device.

Using this approach, we can easily provide device information to the JavaScript app to enable it to display the device MAC and IP address which is usually hidden from the JavaScript layer due to security concerns on the device.

Originally published by ozkary.com

4/21/18

Complex Joins .NET Core 2.0 Entity Framework and SQL Server

With this article, we take a look at building a console application using .NET Core 2.0 and Entity Framework (EF). The goal is to show how to start a project with .Net core, install the dependencies and run a small test to extract data from a SQL Server database using a complex join.
We start by creating a Console Application using the .NET Core project template.  Make sure to target the .NET Core 2.0 framework.

Install Dependencies

We can install the necessary Entity Framework dependencies using the NuGet Package Manager Console.  We are only targeting SQL Server as our data platform, so we need to install that dependency as well.

On the console, type the following:


Install-Package Microsoft.EntityFrameworkCore.SqlServer

Install-Package Microsoft.EntityFrameworkCore.Tools


Defining the Database

Our database Entity Relation Diagram (ERD) is shown below. We want to query task information with the extended properties like status, type, severity and priority.



Defining the Models

We want to be able to join all those entities, so we need to define a model for each entity shown on the ERD: Task, TaskType, TaskStatus, TaskPriority, TaskSeverity.

   
    public class Task
    {
        public int TaskId { get; set; }
        public string Description { get; set; }
    }

    public class TaskStatus
    {
        public int TaskStatusId { get; set; }
        public string Name { get; set; }      
    }

    public class TaskType
    {
        public int TaskTypeId { get; set; }
        public string Name { get; set; }
    }

    public class TaskPriority
    {
        public int TaskPriorityId { get; set; }
        public string Name { get; set; }
    }

    public class TaskSeverity
    {
        public int TaskSeverityId { get; set; }
        public string Name { get; set; }
    }
   

Since we are joining all these tables, we want to create a model that can define the result of our join. Therefore, we add the TaskDetail model. This is basically a view model for the result we want which does not need to bind to physical table.


    public class TaskDetail
    {
        public int TaskId { get; set; }
        public string Description { get; set; }
        public string Status { get; set; }
        public string Severity { get; set; }
        public string Priority { get; set; }
        public string Type { get; set; }
    }



Defining the Database Context

We need to get data to our models, so we need to define the DbContext with a DbSet property to map to each entity. This is what we can use to make queries from our database.


    public class TaskContext : DbContext
    {
        public TaskContext(DbContextOptions<TaskContext> options)
            : base(options)
        { }

        public DbSet<Task> Tasks { get; set; }
        public DbSet<TaskStatus> TaskStatus { get; set; }
        public DbSet<TaskType> TaskTypes { get; set; }
        public DbSet<TaskSeverity> TaskSeverity { get; set; }
        public DbSet<TaskPriority> TaskPriority { get; set; }
    }


Doing the Work

We are ready to test our approach using our console application.  The logic is to execute a SQL statement with inner joins with the look up tables to get extended task information. We want to return a view model that brings all the relevant properties of a task.


var connection = @"Server=.;Database=dev;Trusted_Connection=True;";

var optionsBuilder = new DbContextOptionsBuilder<TaskContext>();
optionsBuilder.UseSqlServer(connection);

using (TaskContext context = new TaskContext(optionsBuilder.Options))
{

  var results = from task in context.Tasks
    join status in context.TaskStatus
            on task.TaskStatusId equals status.TaskStatusId
    join type in context.TaskTypes
            on task.TaskTypeId equals type.TaskTypeId
    join severity in context.TaskSeverity
            on task.TaskSeverityId equals severity.TaskSeverityId
    join priority in context.TaskPriority
            on task.TaskPriorityId equals priority.TaskPriorityId
    select new TaskDetail
    {

        TaskId = task.TaskId,
        Description = task.Description,
        Status = status.Name,
        Type = type.Name,
        Severity = severity.Name,
        Priority = priority.Name
    };              

foreach (var task in results)
{
    Console.WriteLine($" {task.TaskId}, {task.Description}, {task.Priority}, " +
        $"{task.Status}, {task.Type}, {task.Severity}," +
        $" {task.Priority}");
}

Console.WriteLine($"Total Records {results.Count()}");


The join is done using the primary keys for each entity which maps to a foreign key constraint on the task entity. We then just return the task description and names from each of the look up tables using our view model, TaskDetail.

Conclusion

We can create complex joins using EF and LINQ, and we can also define views models that can help us abstract the complexity of the database entities for our apps. There are also other strategies to get this done like creating a view on the database or executing a raw SQL statement and build the view model without defining each entity model.

Check this article for a Single Model from a Multi-Join Query .NET Core Entity Framework SQL Server

It really depends on the approach and coding standards that you need to follow. I hope this can provide a simple way to do complex join using .Net Entity Framework

Originally published by ozkary.com