DEV Community: vchaindz

REST API to Run PowerShell from a ASP.Net C# Webapp

vchaindz — Wed, 01 Mar 2023 12:41:08 +0000

Do you need to run PowerShell scripts from a web application?

I asked myself the same and quickly realized that there are some really nice benefits to doing so.

PowerShell is very flexible, easy to use, and has plenty of integrations built-in or available
REST APIs are the most popular way to integrate applications with web services. Having a REST endpoint to the outside would allow you to consume pre-defined PowerShell scripts from anywhere using a Browser, curl, or any other REST scripting or development language.
You can change the PowerShell script without changing and compiling c# source code
it could run as part of an existing Microsoft IIS server or as a Docker container

So I decided to develop a boilerplate that can be used to on Windows and Linux, as part of an IIS, standalone using IIS express or a Docker container.

In case you know already everything about REST APIs, please skip the next 2 sections and jump to the overview.

Introduction to REST APIs

REST stands for Representational State Transfer. It is an architectural style of web services that defines how web services interact with clients. A REST API is a web service that uses the REST architecture to provide an interface for applications to access web services.

A REST API is a set of web services that allow applications to access data stored on a server. The data is usually in the form of JSON or XML.

REST APIs are becoming increasingly popular because they are easy to use and can be used to access data from multiple sources.

REST APIs allow developers to access data from web services and other sources in a uniform way. This makes it easier to develop applications that require data from multiple sources.

REST APIs are also popular because they are secure and can be used for authentication. Authentication is the process of verifying the identity of a user or a client. REST APIs can be used to authenticate users and restrict access to data.

Benefits of Using a REST API to Run PowerShell

Using a REST API to run PowerShell scripts has several benefits.

First, it is easy to develop a web application using a REST API. The API provides a uniform way to access data, so it is easier to develop applications that require data from multiple sources.

But it’s much harder to develop a whole application in .net. Here comes the PowerShell.

Second, a REST API can be used to authenticate users and restrict access to data. This is important when running PowerShell scripts as they can be used to access sensitive data. It can also nicely be used to hide credentials and make the PowerShell script itself inaccessible from the outside.

Finally, a REST API provides a convenient way to run PowerShell scripts. The API can be used to access data from multiple sources in a uniform way. This makes it easier to develop applications that require data from multiple sources.

Overview of Developing a WebApp with a REST API to Run PowerShell

Developing a web application with a REST API to run PowerShell scripts is a straightforward process. First, the necessary components of the web application must be developed. This includes the C# web application that provides the REST API and the Powershell script.

The components must be coded and integrated into a single web application. The web application can then be run on an IIS server or a Docker container.

C# WebApp component development

The C# web application is the first component of the web application. The C# web application is responsible for providing the interface for the web application. It is also responsible for handling user input, authenticating users, and providing access to data.

Let’s start with a new project — I use Visual Studio Community — ASP.NET Core Web API, so it can run also in a Docker container.

In the next step let’s check “Enable Docker” using the Linux OS and uncheck “Use controllers” to have the most simple Web App.

That produces already a good project structure and we can directly jump into the C# code:

As we want to use PowerShell commands out of the Web application, you need to install 2 packages to fit all needs (IIS and Docker). Therefore jump to the Package Manager Console and install the packages.

install-package System.Management.Automation
run install-package Microsoft.PowerShell.SDK

Program.cs — the Web application itself

The Progam.cs file that comes with the new project contains a sample weather forecast that you can simply overwrite completely.

Here comes the code that:

listens to REST API calls on /pwsh
allows you to send 2 arguments (string) to the PowerShell script
reads the PowerShell script script.ps1 that resides inside of the project
Runs the script.ps1 PowerShell script with the 2 arguments
Returns an error or the PowerShell result

using System.IO;
using System.Management.Automation;

var builder = WebApplication.CreateBuilder(args);

// Add services to the container.

var app = builder.Build();

app.MapGet("/pwsh", (string arg1, string arg2) =>
{
string _filePath = Path.GetDirectoryName(System.AppDomain.CurrentDomain.BaseDirectory);
// read file content
string myScript = File.ReadAllText(_filePath + "/script.ps1");

var result = PowerShell.Create().AddScript(myScript)
.AddParameter("arg1", arg1)
.AddParameter("arg2", arg2)
.Invoke();
if (result.Count > 0)
{
foreach (var PSObject in result)
{
return PSObject.ToString();

}

}
return "error occured";

});

app.Run();

Now you can create the PowerShell script as a new file in the project.

Hint: Of course, you can either use a script path outside of the project folder or overwrite the file later on using docker -v mapping.

Powershell script development

The second component of the web application is the Powershell script. The Powershell script is responsible for executing the PowerShell commands and returning data to the web application.

The script should be developed in such a way that it is able to execute the necessary commands and return the data in a JSON format that can be processed by the web application.

Simply create the script file named script.ps1 in the project folder.

script.ps1 — the PowerShell script

In this example, we use a very simple PowerShell script that only consumes the 2 arguments and returns these as JSON.

param(
       $arg1,
       $arg2
)

$message = "$arg1, $arg2" | convertto-json

return $message

That is already it and you can start testing the web application and the Powershell script that has been developed.

If all goes well it should look like that.

Run the Web application on an IIS server or a Docker container

Once the web application has been coded and integrated with the REST API, the next step is to run the web application on an IIS server or a Docker container. This will allow the web application to be accessed by users from anywhere in the world.

To build the Docker container you can use the Dockerfile created as part of the project.

Simply clone your repository to a system where Docker is installed, copy the Dockerfile from the project folder to one level above and run:

docker build -f Dockerfile -t rest2pwsh .

Now you can run the Docker container

docker run -it --rm -p 8080:80 rest2pwsh

and test it as well with a browser.

Conclusion

In conclusion, using a REST API to run PowerShell scripts is an efficient and secure way to run PowerShell scripts from a web application. The REST API provides a uniform way to access data from multiple sources, which makes it easier to develop applications that require data from multiple sources. It also provides a secure way to run PowerShell scripts as it can be used to authenticate users and restrict access to data.

The process of developing a web application with a REST API to run PowerShell scripts is straightforward. The necessary components of the web application need to be developed, coded, and integrated into a single web application. The web application can then be run on a IIS server or a Docker container.

If you need to run PowerShell scripts from a web application, then using a REST API to run PowerShell is a great solution. With the right approach, you can unlock the benefits of a REST API to run PowerShell with a C# Webapp.

CodeNotary free trusted timestamping service for Developer

vchaindz — Sat, 30 Jan 2021 09:52:00 +0000

CodeNotary Trusted Timestamping Service

Every build has a story to tell - Tamperproof provenance for your code and CI/CD pipeline

Quickstart here: Code Timestamp

The combination of our free, lightning-fast and always-on timestamp service and the easy to use cli tool, gets you started in a minute.

What means trusted timestamping

Trusted timestamping is the process of securely keeping track of the creation and modification time of a document. Security here means that no one—not even the owner of the document—should be able to change it once it has been recorded provided that the timestamper's integrity is never compromised.
CodeNotary uses its immutable open source database immudb to provide this service that includes cryptographic verification and immutable data history.

Use cases

This timestamping service provides full immutability for all data ever written and unique data checksum ever stored including its history. As a trust level comes with the timestamp, you can change your mind over time (unsupport, untrust) without touching the code or binary. As the complete trust and timestamping history is stored for any digital identity (SHA-256 checksum), you can easily create workflows and decision trees in your CI/CD recipes.

There are plenty of different use cases:

Add a trusted timestamp to code
Add an immutable timestamp to electronic signatures
Seal the data integrity and your trust level at a given point in time
Prove the existence of elecronic data at a specific point in time
CI/CD integration - notarize all outgoing assets, authenticate all incoming
Store provenance for you own sources
Unsupport deprecated versions of your software and run update checks bases on the latest timestamp
Revoke trust (untrust) at any time without the need to touch your code or binaries
Trust or remove trust for digital assets and act on the status (within your script or pipeline)
Simply timestamp files and sources to doublecheck at any time in the future if these are still the same (backup/restore)

Simply request your API key and get started within a minute! This service is free forever and was built using Open Source!

Notarized assets information is stored in a tamperproof ledger with cryptographic verification backed by immudb, the immutable database.

Obtain an API Key

To provide access to our timestamping service a valid API Key is required. If you don't have one yet, simply signup here CodeNotary Timestamp
This API Key is bound to your email address and it's required during vcn login.

Quick start

Installer In case you use Linux or macOS, the quickest start is our install script:

bash <(curl https://getvcn.codenotary.com -L)

You can also download the latest release

Login to timestamp.codenotary.com

vcn login --lc-host timestamp.codenotary.com # type in your API key when requested
# or setting the API key
VCN_LC_API_KEY=<Your-API-Key vcn login --lc-host timestamp.codenotary.com

Notarize existing digital objects Once you have an account you can start notarizing digital assets to give them an identity.

vcn n <file|dir://directory|docker://dockerimage|git://gitdirectory>

Authenticate digital objects You can use the command as a starting point.

vcn a <file|dir://directory|docker://dockerimage|git://gitdirectory>

Tip: the timestamping and verification calculates a SHA256, so larger files might take a bit longer depending on your system.

For detailed command line usage, just run vcn help.

Usage

Wildcard support and recursive notarization

It's also possible to notarize assets using a wildcard pattern.

With --recursive flag the utility can recursively notarize inner directories.

vcn n "*.md" --recursive

Notarization

Start with the login command. vcn will walk you through login and importing up your secret upon initial use.

vcn login --lc-host timestamp.codenotary.com

Once your secret is set, you can notarize assets like in the following examples:

vcn notarize <file>
vcn notarize dir://<directory>
vcn notarize docker://<imageId>
vcn notarize podman://<imageId>
vcn notarize git://<path_to_git_repo>
vcn notarize --hash <hash>

Change the asset's status:

vcn unsupport <asset>
vcn untrust <asset>

Authentication

vcn authenticate <file>
vcn authenticate dir://<directory>
vcn authenticate docker://<imageId>
vcn authenticate podman://<imageId>
vcn authenticate git://<path_to_git_repo>
vcn authenticate --hash <hash>

To output results in json or yaml formats:

vcn authenticate --output=json <asset>
vcn authenticate --output=yaml <asset>

Automated environments

Simply set up your environment accordingly using the following commands:

export VCN_LC_API_KEY=Your-API-Key

Once done, you can use vcn in your non-interactive environment using:

vcn login --lc-host timestamp.codenotary.com
vcn notarize <asset>

Other commands like untrust and unsupport will also work.

Examples

Authenticate a Docker image automatically prior to running it

First, you’ll need to pull the image by using:

docker pull hello-world

Then use the below command to put in place an automatic safety check. It allows only verified images to run.

vcn authenticate docker://hello-world && docker run hello-world

If an image was not verified, it will not run and nothing will execute.

Summary

This new and free forever service enables hundreds of use cases for developers and DevOps engineers.
We're keen to learn about your use case! Just reach out to us in the chat or by email - CodeNotary

Store data tamperproof using the Python SDK for immudb — the blazing fast, OSS immutable db

vchaindz — Tue, 22 Sep 2020 18:08:17 +0000

The Python SDK for immudb

Prerequisites

immu-py assumes there is an existing instance of the immudb server up and running.

You can skip the Setup immudb part, if you have immudb already running.

Setup immudb

immudb is lightweight, high-speed immutable database for systems and applications. immudb is open source under the Apache v2.0 License.

With immudb you can track changes in sensitive data in your transactional databases and then record those changes indelibly in a tamperproof database. immudb makes sure that not just the latest data, but the complete history of, say, your debit/credit transactions is stored unchangeable.

Setup immudb

If you haven't setup immudb yet, this is the time to do so. You only need to start immudb either as a process, a service or a docker container.

It's up to you if you want to build the Docker /images/blog yourself based on the Dockerfiles in the GitHub repository or use the prebuild ones on Dockerhub.

immudb is using the following defaults:

Auth user: immudb
Auth password: immudb
Service Port: 3322 (immudb)
Metrics Port: 9497 (Prometheus exporter)

immudb Dockerhub

docker run -it -d -p 3322:3322 -p 9497:9497 — name immudb codenotary/immudb:latest

standalone Binaries

Each release provides all binaries for different operating systems. you can find these here: immudb releases

If you want to build the binariesyourself, simply clone this repo and run one of the following commands based on your operating system.

# Linux
GOOS=linux GOARCH=amd64 make immudb-static
# macOS
GOOS=darwin GOARCH=amd64 make immudb-static
# Microsoft Windows
GOOS=windows GOARCH=amd64 make immudb-static

Then you can run immudb

# run immudb in the foreground 
./immudb
# run immudb in the background 
./immudb -d

install immudb as a service

# install immudb service 
./immudb service install
# check current immudb service status 
./immudb service status
# stop immudb service 
./immudb service stop
# start immudb service 
./immudb service start

Introduction Python SDK for immudb

immu-py implements a grpc immudb client. A minimalist API is exposed for applications while cryptographic
verifications and state update protocol implementation are fully implemented by this client.
Latest validated immudb state may be kept in the local filesystem when using default rootService,
please read immudb research paper for details of how immutability is ensured by immudb.

Installation

Install the package using pip:

    pip install git+https://github.com/codenotary/immu-py.git

Then import the client as follows:

    from immudb.client import ImmudbClient

Note: immu-py is currently hosted in [Github Packages].

Supported Versions

immu-py supports the latest immudb release.

Quickstart

Hello Immutable World! example can be found in immudb-client-examples repo.

Step by step guide

Creating a Client

The following code snippets shows how to create a client.

Using default configuration:

    client = ImmudbClient()

Setting immudb url and port:


    client = ImmudbClient("mycustomurl:someport")
    client = ImmudbClient("10.105.20.32:8899")

User sessions

Use login and logout methods to initiate and terminate user sessions:

    client.login("usr1", "pwd1");

    // Interact with immudb using logged user

    client.logout();

Encoding

Please note that, in order to provide maximum flexibility, all functions accept byte arrays as parameters. Therefore, unicode strings must be properly encoded.
It is possible to store structured objects, but they must be serialized (e.g., with pickle or json).

Creating a database

Creating a new database is quite simple:

    client.createDatabase(b"db1");

Setting the active database

Specify the active database with:

    client.useDatabase(b"db1");

If not specified, the default databased used is "defaultdb".

Traditional read and write

immudb provides read and write operations that behave as a traditional
key-value store i.e. no cryptographic verification is done. This operations
may be used when validations can be post-poned:

    client.set(b"k123", b"value123");
    result = client.get(b"k123");

Verified or Safe read and write

immudb provides built-in cryptographic verification for any entry. The client
implements the mathematical validations while the application uses as a traditional
read or write operation:

    try:
        client.safeSet(b"k123", new byte[]{1, 2, 3});
        results = client.safeGet(b"k123");
    Except VerificationException as e:
        # Do something

Multi-key read and write

Transactional multi-key read and write operations are supported by immudb and immupy.
Atomic multi-key write (all entries are persisted or none):

    normal_dictionary = {b"key1": b"value1", b"key2": b"value2"}
    client.setAll(normal_dictionary);

Atomic multi-key read (all entries are retrieved or none):

    normal_dictionary = {b"key1": b"value1", b"key2": b"value2"}
    results_dictionary = client.getAll(normal_dictionary.keys())
    # Or manually
    client.get([b"key1", b"key2"])

User management

Users can be added and granted access to databases.

Adding a user

The


 functions create a new users and grants the specified permission to a database.


```python
user='newuser'
password='Pw1:pasdfoiu'
permission=immudb.constants.PERMISSION_RW
database='defaultdb'

client.createUser(user, password, permission, database)

The database must exists at the time the user is created. The password must be between 8 and 32 characters in length, and must have at least one upper case letter, a symbol and a digit.

Permission are defined in immudb.constants and are:

PERMISSION_SYS_ADMIN
PERMISSION_ADMIN
PERMISSION_NONE
PERMISSION_R
PERMISSION_RW

Changing password

The user must must provide both old and new password:

newPassword="pW1:a0s98d7gfy"
resp=client.changePassword(user, newPassword, oldPassword)

It is applied the same password policy of user creation.

User list

To get the list of user created on immudb, simply call


:


```python
resp=client.listUsers()
print(users.userlist.users)

Closing the client

To programatically close the connection with immudb server use the shutdown operation:

    client.shutdown();

Note: after shutdown, a new client needs to be created to establish a new connection.

Contributing

We welcome contributions. Feel free to join the team!

To report bugs or get help, use GitHub's issues.

immudb is an open source, high-speed immutable database for systems and applications

vchaindz — Sun, 31 May 2020 10:36:14 +0000

immudb is a lightweight, high-speed immutable database for systems and applications, written in Go.
With immudb you can track changes in sensitive data in your transactional databases and then record those changes permanently in a
tamperproof immudb database. This allows you to keep an indelible history of sensitive data, for example debit/credit card transactions.

Traditional transaction logs are hard to scale and are mutable. So there is no way to know for sure if your data has been compromised.

As such, immudb provides unparalleled insights retroactively of changes to your sensitive data, even
if your perimeter has been compromised. immudb guarantees immutability by using a Merkle tree structure internally.

immudb gives you the same cryptographic verification of the integrity of data written with SHA-256 as a classic blockchain without the cost and complexity associated with blockchains today.

Why immudb?

immudb has 4 main benefits:

immudb is immutable. You can add records, but never change or delete records.
Data stored in immudb is cryptographically coherent and verifiable, like blockchains, just without all the complexity and at high speed.
Anyone can get started with immudb in minutes. Whether you're using node.js, Java, Python, Golang, .Net, or any other language. It's very easy to use and you can have your immutable database running in just a few minutes.
Finally, immudb is Open Source. You can run it on premise, or in the cloud. It's completely free. immudb is governed by the Apache 2.0 License.

immudb can be ran on Linux, FreeBSD, Windows, and MacOS, along with
other systems derived from them, such as Kubernetes and Docker.

Components

immudb is the server binary that listens on port 3322 and provides a gRPC interface
immugw is the intelligent REST proxy that connects to immudb and provides a RESTful interface for applications. We recommend to run immudb and immugw on separate machines to enhance security
immuadmin is the admin CLI for immudb and immugw. You can install and manage the service installation for both components and get statistics as well as runtime information.
immuclient is the CLI client for immudb. You can read, write data into immudb from the commandline using direct or interactive mode.

The latest release binaries can be found here

We always welcome feedback and contribution!

Further information

You can find a complete documentation here

License

immudb is Apache v2.0 License.