Continue from our previous post "Posting compressed data in JSON format to the ASP.NET website using WinForm", in HttpWebRequest, there is a property called "AutomaticDecompression" (boolean) which is able to decompress the server response without extra codes.
Now, the question is that if we set this property to true, does it compress the data before sending it to the web server? After research and confirm that it does not compress the data before sending.
Below is the sample code to upload the data after
string url = "http://localhost:30000/myHandler.ashx";
System.Net.HttpWebRequest req = System.Net.WebRequest.Create(url) as System.Net.HttpWebRequest;
req.ContentType = "text/json";
req.Method = "POST";
req.AutomaticDecompression = System.Net.DecompressionMethods.GZip
| System.Net.DecompressionMethods.Deflate;
// generate dummy data.
string s = "";
for (int i = 0; i < 100; i++)
{
s += Guid.NewGuid().ToString();
}
using (System.IO.StreamWriter w = new System.IO.StreamWriter(req.GetRequestStream()))
{
w.WriteLine("helo me.." + s);
}
In the ASHX handler, you may verify the content length that has been submitted from the client:
public class myHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
System.Diagnostics.Debug.WriteLine(string.Format("{0}-header=>"
+ context.Request.ContentLength.ToString(),
DateTime.Now.ToString("d/MMM/yy @ HH:mm:ss.fff")));
context.Response.ContentType = "text/plain";
context.Response.Write("Hello World");
}
public bool IsReusable
{
get
{
return false;
}
}
}
Sunday, May 27, 2018
Saturday, April 21, 2018
Posting compressed data in JSON format to the ASP.NET website using WinForm
We have posted an article on how to post JSON data from WinForm to ASP.NET/ASHX in 2015 (as shown below). In the earlier article, it does not optimize the payload size and reduce the communication time.
http://laucsharp.blogspot.my/2015/07/posting-data-in-json-format-to-aspnet.html
In order to speed up the communication between the WinForm client and ASP.NET/ASHX, we must reduce the payload size.To do that, the contents must be compressed before we upload the data and decompress upon receiving it.
There are 2 compression algorithms for HTTP/HTTPS communication: gzip and deflat.
Here is the code to compress the contents with GZip algorithm. You need this code in both WinForm and ASP.NET/ASHX.
public static void GZip(Stream stream, string data)
{
byte[] b = System.Text.Encoding.UTF8.GetBytes(data);
GZip(stream, b);
}
public static void GZip(Stream stream, byte[] data)
{
using (var zipStream = new GZipStream(stream, CompressionMode.Compress, true))
{
zipStream.Write(data, 0, data.Length);
}
}
To decompress the GZip contents. You need this code in both WinForm and ASP.NET/ASHX.
public static string GUnZipToString(Stream stream)
{
byte[] b = GUnZip(stream);
return System.Text.Encoding.UTF8.GetString(b);
}
public static byte[] GUnZip(Stream stream)
{
using (var zipStream = new GZipStream(stream, CompressionMode.Decompress, true))
using (MemoryStream ms = new MemoryStream())
{
zipStream.CopyTo(ms);
return ms.ToArray();
}
}
In the WinForm app, we used to write the JSON data directly to the HttpWebRequest like this:
// write the json data into the request stream.
using (StreamWriter writer = new StreamWriter(request.GetRequestStream()))
{
writer.Write(json_data);
}
In order to reduce the payload, we should write the compressed data by doing this:
// to indicate we accept gzip content.
request.Headers.Add(HttpRequestHeader.AcceptEncoding, "gzip");
// to indicate that the content is compressed using gzip algorithm.
request.Headers.Add("Content-Encoding", "gzip");
GZip(request.GetRequestStream(), json_data);
In the ASP.NET/ASHX, we used to read the contents like this:
// get the contents from the request stream
Stream stream = context.Request.InputStream;
using (StreamReader r = new StreamReader(stream))
{
s = r.ReadToEnd();
}
Now, we have to read the contents and then decompress it. "Content-Encoding" is the indicator whether the contents is in GZip, deflat or not compress.
if (HelperFunc.IsGZipContent(context))
{
// read the compressed content.
s = GUnZipToString(context.Request.InputStream);
}
else
{
// get the contents from the request stream
Stream stream = context.Request.InputStream;
using (StreamReader r = new StreamReader(stream))
{
s = r.ReadToEnd();
}
}
Here is the function to check whether the contents is compressed in GZip format. Please take note that the sample codes in this article did not support "deflat" algorithm.
public static bool IsGZipContent(System.Web.HttpContext ctx)
{
string enc = ctx.Request.Headers["Content-Encoding"];
if (string.IsNullOrEmpty(enc))
{
return false;
}
return enc.ToLower().Contains("gzip");
}
You will find more information about the static and dynamic compression in IIS:
https://docs.microsoft.com/en-us/iis/configuration/system.webserver/httpcompression/
To find out why we need to compress the data, please refers to the following link:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Compression
http://laucsharp.blogspot.my/2015/07/posting-data-in-json-format-to-aspnet.html
In order to speed up the communication between the WinForm client and ASP.NET/ASHX, we must reduce the payload size.To do that, the contents must be compressed before we upload the data and decompress upon receiving it.
There are 2 compression algorithms for HTTP/HTTPS communication: gzip and deflat.
Here is the code to compress the contents with GZip algorithm. You need this code in both WinForm and ASP.NET/ASHX.
public static void GZip(Stream stream, string data)
{
byte[] b = System.Text.Encoding.UTF8.GetBytes(data);
GZip(stream, b);
}
public static void GZip(Stream stream, byte[] data)
{
using (var zipStream = new GZipStream(stream, CompressionMode.Compress, true))
{
zipStream.Write(data, 0, data.Length);
}
}
To decompress the GZip contents. You need this code in both WinForm and ASP.NET/ASHX.
public static string GUnZipToString(Stream stream)
{
byte[] b = GUnZip(stream);
return System.Text.Encoding.UTF8.GetString(b);
}
public static byte[] GUnZip(Stream stream)
{
using (var zipStream = new GZipStream(stream, CompressionMode.Decompress, true))
using (MemoryStream ms = new MemoryStream())
{
zipStream.CopyTo(ms);
return ms.ToArray();
}
}
In the WinForm app, we used to write the JSON data directly to the HttpWebRequest like this:
// write the json data into the request stream.
using (StreamWriter writer = new StreamWriter(request.GetRequestStream()))
{
writer.Write(json_data);
}
In order to reduce the payload, we should write the compressed data by doing this:
// to indicate we accept gzip content.
request.Headers.Add(HttpRequestHeader.AcceptEncoding, "gzip");
// to indicate that the content is compressed using gzip algorithm.
request.Headers.Add("Content-Encoding", "gzip");
GZip(request.GetRequestStream(), json_data);
In the ASP.NET/ASHX, we used to read the contents like this:
// get the contents from the request stream
Stream stream = context.Request.InputStream;
using (StreamReader r = new StreamReader(stream))
{
s = r.ReadToEnd();
}
Now, we have to read the contents and then decompress it. "Content-Encoding" is the indicator whether the contents is in GZip, deflat or not compress.
if (HelperFunc.IsGZipContent(context))
{
// read the compressed content.
s = GUnZipToString(context.Request.InputStream);
}
else
{
// get the contents from the request stream
Stream stream = context.Request.InputStream;
using (StreamReader r = new StreamReader(stream))
{
s = r.ReadToEnd();
}
}
Here is the function to check whether the contents is compressed in GZip format. Please take note that the sample codes in this article did not support "deflat" algorithm.
public static bool IsGZipContent(System.Web.HttpContext ctx)
{
string enc = ctx.Request.Headers["Content-Encoding"];
if (string.IsNullOrEmpty(enc))
{
return false;
}
return enc.ToLower().Contains("gzip");
}
You will find more information about the static and dynamic compression in IIS:
https://docs.microsoft.com/en-us/iis/configuration/system.webserver/httpcompression/
To find out why we need to compress the data, please refers to the following link:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Compression
Tuesday, February 6, 2018
To check if the web server is able to handle TLS1.2
You can find lots of information on how to enable the TLS 1.2 in Windows/IIS server. Somehow, their article left out the steps on how to verify if the TLS 1.2 really has been enabled.
Here is the step:
1. Make sure that you have install openssl utility.
2. Run the following command in command prompt.
cd\
cd OpenSSL-Win64\bin
openssl s_client -connect google.com:443 -servername google.com -tls1_2
If TLS1.2 has been enabled, you will see the SSL client cert and session ID appear in the response.
You may test to see if any other TLS version has been enabled or disable.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
Here is the step:
1. Make sure that you have install openssl utility.
2. Run the following command in command prompt.
cd\
cd OpenSSL-Win64\bin
openssl s_client -connect google.com:443 -servername google.com -tls1_2
If TLS1.2 has been enabled, you will see the SSL client cert and session ID appear in the response.
You may test to see if any other TLS version has been enabled or disable.
- -tls1
- -tls1_1
- -ssl3
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"Enabled"=dword:00000001
Tuesday, January 23, 2018
Enforcing TLS1.2
TLS 1.2 has been in born since 2008 and yet many of us did not know about it until new requirement came to us...
To enforce the TLS 1.2 in a website, you need to add a Global.asax and then add the following line:
void Application_Start(object sender, EventArgs e)
{
System.Net.ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)3072;
}
Once the above code has been added, all HTTP request will be served in TLS 1.2 that includes the web service (ASMX) and HTTP request call to external website. And make sure that the project is compiled under .Net 4.6 and everything will be ok.
Notes: your program will work with TLS1.2 only. An exception will be thrown if the server does not enabled TLS 1.2.
There is a catch... if some other app is consuming the resource on your website, they must be on TLS 1.2 as well. Otherwise they will fail to make any connection to your website.
To enforce the TLS 1.2 in a website, you need to add a Global.asax and then add the following line:
void Application_Start(object sender, EventArgs e)
{
System.Net.ServicePointManager.SecurityProtocol = (System.Net.SecurityProtocolType)3072;
}
Once the above code has been added, all HTTP request will be served in TLS 1.2 that includes the web service (ASMX) and HTTP request call to external website. And make sure that the project is compiled under .Net 4.6 and everything will be ok.
Notes: your program will work with TLS1.2 only. An exception will be thrown if the server does not enabled TLS 1.2.
There is a catch... if some other app is consuming the resource on your website, they must be on TLS 1.2 as well. Otherwise they will fail to make any connection to your website.
Subscribe to:
Posts (Atom)