Hiding logic on localhost-based html/aspx ...

[Ted Singh]

(I apologize in advance if this is an obvious question, my experience is more
with console or client-only apps)

I am trying to build an web-based HTML UI, which will work with a web-server
on the same machine (i.e., http://localhost/...). However, I do not want the
logic source to be visible to the user to prevent customer support problems,
intellectual property issues, etc. The requirements strictly call for a
web-based UI running initially on the same machine as the web-server for the
first several releases - otherwise I would just do a Windows app.

What is the best method of doing this? If I add C#/VB.NET scripting to an
ASPX page -- can I hide this scripting in some way (e.g., a compiled ASPX or
is there such a thing)? Or do I/can I create a C# class library, which is
callable from the ASPX page? Or is there even a better way?

One collegue has recommeded Cassini as a lite-weight solution -- will the
best solution work with Cassini or do I have to use IIS?

Thanks in advance for your replies.

 

[Jason Brown [MSFT]]

ASPX server-side code is not viewable to the client. this is inherent in
server-side frameworks like ASP and ASP.NET (and PHP, JSP, etc..)


--
Jason Brown
Microsoft GTSC, IIS

This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[Ted Singh]

Thanks, but I knew that ASP code is not visible to the client, but since the
ASP file is on the same computer, the user could conceivably go look at the
logic if he knows where to look, right?

Ted

 

[Bob Barrows [MVP]]

To start:
There was no way for you to know it, but this is a classic asp newsgroup.
While you may be lucky enough to find a dotnet-savvy person here who can
answer your question, you can eliminate the luck factor by posting your
question to a group where those dotnet-savvy people hang out. I suggest
microsoft.public.dotnet.framework.aspnet.

To answer your question: yes, since the file exists on the user's machine,
there is no dependable way to prevent its source from being revealed. Even a
compiled dotnet application can be decompiled, even if you use the
obfuscator that comes with VS.Net.

So that deals with the server-side code issues.

If you have any logic in your client-side code, all bets are off. There is
absolutely no way to hide client-side code from end users, short of using
COM-based dll's (and even then, clever people are out there...).

Bob Barrows

 

[Tom B]

If you have control over the systems, you could set the NTFS Permissions to
the IIS folders to restrict access to only the web service.

TomB

 

[Paxton]

(I apologize in advance if this is an obvious question, my experience is more
with console or client-only apps)

I am trying to build an web-based HTML UI, which will work with a web-server
on the same machine (i.e., http://localhost/...). However, I do not want the
logic source to be visible to the user to prevent customer support problems,
intellectual property issues, etc. The requirements strictly call for a
web-based UI running initially on the same machine as the web-server for the
first several releases - otherwise I would just do a Windows app.

What is the best method of doing this? If I add C#/VB.NET scripting to an
ASPX page -- can I hide this scripting in some way (e.g., a compiled ASPX or
is there such a thing)? Or do I/can I create a C# class library, which is
callable from the ASPX page? Or is there even a better way?

One collegue has recommeded Cassini as a lite-weight solution -- will the
best solution work with Cassini or do I have to use IIS?

Thanks in advance for your replies.

IIRC, Cassini is the sample web server that comes free with Microsoft's
WebMatrix ASP.Net authoring tool (also free). Deploying applications to
it is not recommended. It has no security, authentication,
authorisation etc, etc. That rather leaves you with IIS.

P

 

[Jason Brown [MSFT]]

Ah, right. I see what you mean. yes, this is true. you could use the MS
Script encoder, in classic ASP or you could compile your ASP.NET logic into
DLLs, but this is not a strong solution. is there a particular reason you're
doing this as a web-based UI on the local machine when a windows forms UI
would probably give you more power?


--
Jason Brown
Microsoft GTSC, IIS

This posting is provided "AS IS" with no warranties, and confers no
rights.