Visual Studios 2005 Addin Setup

The process to get a VS Addin working is divided into two steps

1. Create a Extensibility project
Step 1: Launch Visual Studio.

Step 2: Click File -> New -> Project.

Step 3: Select “Visual Studio Add-in” from the New Project dialog (under Other Project Types -> Extensibility as shown below) and give the project a name. In this case I’ve named the project BuildCompleteSample.



Step 4: Visual Studio Add-in Wizard: Click next.

Step 5: Visual Studio Add-in Wizard (Page 1 of 6): Select “Create an Add-in using Visual C#” and click next.

Step 6: Visual Studio Add-in Wizard (Page 2 of 6): Deselect “Microsoft Visual Studio 2005 Macros” and click next.

Step 7: Visual Studio Add-in Wizard (Page 3 of 6): Add a name and description and then click next. For this sample I set them as shown below:

Name: Platform Builder - Build Complete Sample
Description: This sample shows how to generate an action when a build is completed.

Step 8: Visual Studio Add-in Wizard (Page 4 of 6): Select “I would like my Add-in to load when the host application starts” and click next.

Step 9: Visual Studio Add-in Wizard (Page 5 of 6): Click next or fill in the information to be included in the About dialog box if you wish.

Step 10: Click finish.

Step 11: Open Connect.cs and scroll to the bottom and add a private member variable to store a reference to the BuildEvents.

private BuildEvents _buildEvents;

Step 12: Modify the OnStartupComplete method to get the reference to the BuildEvents and register an OnBuildDone event handler.

public void OnStartupComplete(ref Array custom)
{
_buildEvents = _applicationObject.Events.BuildEvents;
_buildEvents.OnBuildDone += new _dispBuildEvents_OnBuildDoneEventHandler(_buildEvents_OnBuildDone);
}

Step 13: Implement the event handler and add code to start your favorite sound. There are a lot of ways to play sounds but the following is a very simple way that gets the job done for this sample.

///

/// The method that handles the on build done event.
///

/// Represents the scope of the build.
/// Represents the type of build action that is occurring, such as a build or a deploy action.
private void _buildEvents_OnBuildDone(vsBuildScope Scope, vsBuildAction Action)
{
if (Action == vsBuildAction.vsBuildActionBuild)
{
// Get the path to the executing assembly
System.Windows.Forms.DialogResult done;
if(Action == vsBuildAction.vsBuildActionBuild)
done = System.Windows.Forms.MessageBox.Show("Build Done"); }
}

Step 14: Compile the add-in

2. Create a setup

Step 1. Goto File -> Add -> New Project

Step 2. Other Project Type -> Setup and Deployment -> type in the name of the project.

Step 3. Select Application Folder -> right Click -> Add -> Project Output.

Step 4. Select Application Folder -> right Click -> Add -> Assembly.

Step 5. Select and Add 'extensility.dll' from the .Net tab.

Step 6. Select Application Folder -> right Click -> Add -> Assembly.

Step 7. Repeat step 6&7 for all the .dll files required for the addin project (in this case I added "System.Windows.Forms.dll"

Setp 8: Build The project

You will get a msi and an exe at the target directory.

Reffernces :
Setup&Deployment
VS Addin

Organize Windows Files

A windows application which can display files categorically like music, picture etc from a list of locations.

Application Settings :
1) List of locations to search for files.
2) List of categories (label).
3) List of extensions under a category.


Application Capabilities :
1) Delete
2) Drag & Drop to copy/paste files to other locations
3) Rename
4) Open

Auto Web Surfing

Dated: 11 Apr 2008
As i have multiple mailing account, i always feel the need to login so that the account doesnt expire. A solution would be to auto login. This can span not only to mail server but to any site where login is required.

Design Details

Register a site.
Provide login details.
Record various step's followed during the logged in time.

Furthermore there can also be a option to save snapshot/html of the data viewed.



References

Web Browser/Content in a C# Application

Code Project Article - Capture IE Page Snapshot

Application Vulnerability(Threat Modeling)

An important part of developing a more secure application is to understand the threats to it. Microsoft has developed a way to categorize threats(STRIDE):
Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of authority
The sections below briefly describe these threats and how they apply to Web applications.

1)Spoofing
To spoof is to impersonate a user or process in an unauthorized way. At its simplest, spoofing can mean typing in a different user's credentials. A malicious uses might also change the contents of a cookie to pretend that he or she is a different user or that the cookie comes from a different server.

In general, you can help prevent spoofing by using stringent authentication. Any time someone requests access to non-public information, be sure they are who they say they are. You can also help defend against spoofing by keeping credential information safe. For example, do not keep a password or other sensitive information in a cookie, where a malicious user can easily find or modify it.

2)Tampering
Tampering means changing or deleting a resource without authorization. One example is defacing a Web page, where the malicious user gets into your site and changes files. An indirect way to tamper is by using a script exploit. A malicious user manages to get code (script) to execute by masking it as user input from a page or as a link.

A primary defense against tampering is to use Windows security to lock down files, directories, and other Windows resources. The application should also run with minimum privileges. You help guard against script exploits by not trusting any information that comes from a user or even from a database. Whenever you get information from an untrusted source, take steps to be sure it does not contain any executable code.

3)Repudiation
A repudiation threat involves carrying out a transaction in such a way that there is no proof after the fact of the principals involved in the transaction. In a Web application, this can mean impersonating an innocent user's credentials. You can help guard against repudiation by using stringent authentication. In addition, use the logging features of Windows to keep an audit trail of any activity on the server.

4)Information Disclosure
Information disclosure simply means stealing or revealing information that is supposed to be private. A typical example is stealing passwords, but information disclosure can involve access to any file or resource on the server.

The best defense against information disclosure is to have no information to disclose. For example, if you avoid storing passwords, malicious users cannot steal them. An alternative to storing passwords is to store only a hash of the password. When a user presents credentials, you can hash the user's password and compare only the hashes of the two. If you do store sensitive information, use Windows security to help secure it. As always, you should use authentication to help ensure that only authorized users can access restricted information. If you must expose sensitive information, it is recommended that you encrypt the information when stored and use Secure Sockets Layer (SSL) to encrypt the information when sent to and from the browser.

5)Denial of Service
A denial of service attack is to deliberately cause an application to be less available than it should be. A typical example is to overload a Web application so that it cannot serve ordinary users. Alternatively, malicious users might try to simply crash your server.

IIS enables you to throttle applications, which means that it limits the number of requests it will serve. You might be able to deny access to users or IP addresses known to be malicious. Keeping your applications online is a matter of running robust code. You should test your application thoroughly and respond appropriately to error conditions wherever possible.

6)Elevation of Privilege
An elevation of privilege attack is to use malicious means to get more permissions than normally assigned. For example, in a successful elevation-of-privilege attack, a malicious user manages to get administrative privileges to your Web server, giving himself or herself access to any data on the server as well as control over server capabilities.

To help protect against elevation of privilege, run the application in a least-privilege context if practical. For example, it is recommended that you do not run ASP.NET applications as the SYSTEM (administrative) user.