I have embedded web browser control in WinForms app. The user makes some actions on site that doesn't belong to me. At the end (eg. on last page) I need to send confirmation to my server (eg. via web service), that user really did what he was supposed to do.
Right now the application is gathering some data during that process and after making s开发者_StackOverflowome odd stuff with that (ie. security through obscurity) it sends information to my server. The message that is send from app to server is obscured and the application is written in C++, so it's not that easy to decompile it and check what is really send. Additionally user who possible crack the code has opportunity to earn very little amount of money and it's easy to track him. That situation has never occured.
The source code became unmaintanable and I would like to rewrite it using C#. The problem is pretty obvious: even obfuscated code is lot easier to crack than old native C++ binary.
Do you see any "secure" way out? Is there a possibility to get something like digital signature of page that is on web browser control (https connection only)? I don't have any idea how to do that other than taking user credentials of the external page and making actions on server side on his behalf which would be totally unacceptable.
Your question doesn't tell us the scope on how the users get the WinForms app, etc. But I would say that the only "foolproof" way would be to host this logic and code on you own controllable premises. So here's my two (expensive, but doable) suggestions: Publish this application as either:
- a RemoteApp using Remote Desktop Services
- a Published application on a Citrix farm
Again, probably overkill in terms of investments and infrastructure (depending of how widespread this thing is), but nevertheless pretty appealing from a technical point of view since it wold be impossible for any eavesdropping on what kind of data and where you send this information.
精彩评论