Restrict or Obscure data sent to Application Insights - asp.net-web-api

we have just added Application Insights to our WebAPI 2.2 application and it looks like a winner.
However, we have some controllers that receive sensitive information that we cannot store due to compliance regulations, even in Application Insights. We want to capture information level trace events on some of our controllers, but we need to not capture or obscure the information when sent through other controllers. Can anyone suggest a way that we can achieve that?

Since you're using the Microsoft.ApplicationInsights.TraceListener package, I don't think there's any way to directly filter the data. If you can add something special to the Trace.WriteXxx() call, then one option might be to implement a TraceFilter and register it through your configuration for the ApplicationInsights Trace Writer.
Then in your TraceFilter.ShouldTrace(), you could check for that special value (maybe it's the event ID, maybe some prefix in the trace message, or something like that) and simply return false to cause it to be skipped.

I asked the same question on the Azure MS website and got a reply that works well.
Anyone looking here for an answer should look there.
https://azure.microsoft.com/en-us/documentation/articles/app-insights-get-started/#comment-2309233065

Related

asp.net-web-api using culture for returning errors in different languages

I'm using ASP.NET Web API 2,
I have resx files for errors, I need to return the error in the correct language (by user culture).
My solution is
1)I created BaseApiController that all the other controllers would inherit.
2)In BaseApiController I changed the Thread.CurrentThread.CurrentCulture for each request.
My question is if this is the correct way for doing it?
Thanks a lot!
There are lots of way doing this. It actually depends on your architecture. Your way is also acceptable. You will implement ResourceManager if you use your way. Let me give some other examples:
You can keep language code in request header and you don't need to
change Thread.CurrentThread.CurrentCulture.
You can store errors in database with language code and you can get
corresponding error with the active culture when the operation is
failed.
You can store errors in cache with language code and you can get
corresponding error with the active culture when the operation is
failed.
As you can see, there are lots of ways. As I said it depends on your architecture.
Good luck

Is this issue due to bots?

In our MVC website log I can see lot of errors with message "A public action method was not found". Requests are coming with junk action method name.
For example if I have action name "GetProducts" then requests are coming with actiona name as "GetProducts AND 1=1" , "GetProducts;id'" , "GetProductswhscheck".
is this because of internet bots are trying to access my website with junk values?
It may be bots, it may be script kiddies, or it may be crackers. Either way - somebody is trying to find vulnerabilities on your site.
Let's look at the first one:
GetProducts AND 1=1"
This looks like an attempt at SQL Injection. There was probably a longer query after the "1=1", trying to get information out of your database - like usernames, e-mail addresses, and so on.
To defend yourself, make sure your queries are parameterized. You may also want to add some form of rate-limiting on your system; if possible, see if you can add captchas.
You may also want to look at this answer on Information Security Stack Exchange, and the OWASP top 10 security vulnerabilities.
Do this as soon as possible, because somebody's trying to break in to your system.

BackgroundTransferService: what are some of the details of its operation?

I kick off 5 uploads (of varying size) via the BackgroundTransferService. I have the following questions about the way it works:
It seems that on the emulator it does 2 uploads at a time. Is this how it works on the actual device? Can I programmatically change this behavior?
Can I count on the uploads going out in the order that I submitted them? I seem to be getting conflicting results in my testing.
When I inspect the BackgroundTransferService in my application, does it contain requests from other apps as well or just mine?
Do I need to reconnect events for all the BackgroundTransferRequest objects when coming back from being tombstoned? What about coming back from being reactivated?
Do I need to disconnect events from the BackgroundTransferRequest when I remove it from the BackgroundTransferService.Requests collection?
When I try to upload a non-existing URL:Port (on the localhost), the TransferStatus is reported as WaitingForNonVoiceBlockingNetwork. The upload never actually completes/fails. Is this how it is on the device? Should I remove the request when it encounters this TransferStatus?
You cannot influence the behaviour of the BTS. If you don't like the way it works you can write the transfer functionality as part of your own application but then you have to handle running in the background yourself.
There is no guarantee on sequence.
The BTS may be handling requests from other apps but you won't be able to see the details. Requests() will only return details for your app.
Surely a quick test will tell you this.
It's good practice to.
Have you checked the TransferError property whe you reach this situation? This is a perfectly valild status in other situations and so you shouldn't treat this as a automatic fail.

Oracle CRM On-Demand - Use Tasks Status to update Service Request Status

We're using CRM On-Demand for our Service Group and I'm running into an application limitation and am wondering if anyone has a workaround or just some general ideas on how to accomplish our goal.
In the application, our major focus is around the Service Request and driving for users to create Tasks for all Activities related to working towards closure. For example, a customer calls in and we need a technical resource to make a return call to diagnose the issue in detail, so a Task is assigned to that resource. Once that Task has been marked as completed, I'd like the Status to be updated. I tried creating a workflow using JoinFieldValue(), which wasn't working. I tried a more basic approach and tried to just have a field on the Service Request be populated with the Status of the Task, but that did not work either.
Upon further investigation in the Help File, there is a relationship from the Activity object to the Service Request object, but not one the other way.
So, has anyone else run into this limitation and found some other method to have a Status change on the Task update the Status of a Service Request?
(Also, I'd like to try and avoid writing a custom web service for this purpose, which is why I'm trying to use the tools in the app)
Thanks in advance for any ideas!
actually, if I well understood your issue is related on workflow cross object.
OCOD doesn't manage this type of workflow when you need to use workaround.
In order to cover a cross object worklflow you have many possibilities:
webservices as you said, but you could imagine a js code that will run WS and hosted directly into OCOD (in R19 you could hoste that in Client Side extension). That could be a good solution
Another one could be using Report with a custom look up functionnality with the usage of "Callback" function
I would prefer the 1st solution.

Handle concurrent file download with flex/blazeDs/Spring

I'm currently working on a Flex3/blazeDS/Spring/MySQL project.
In this, some users needs to download some import logs. Problem is that given the singleton concept around spring, if 2 users ask for a download at the same time, the servlet responsible for export file creation may cross content between the 2 asked files.
I'm not that much familiar with spring but from what i've been reading around it seems that the solution lies in saying that the servlet is in "Request" scope so there will be a new one created for each download request instead of having a singleton.
Does anyone have ever done something like this before? Every tutorials i've seen so far explains how to handle file download request but it never talks about the fact that 2 users asking for a download may have some issues...
Thanks for any leads on how to fix this.
Each user will receive his own thread, and you should not have any problems unless using member variables (which is a bad practice anyway). If not, I do not see any problem, but it would help if you can post your code.

Resources