.Net Reactor is a relatively good obfuscation tool than VS that comes with many easy to use, has been also accompanied our growth, although not perfect obfuscation tool, but also considered good, at least to some extent, on a certain degree of protection against DLL process.
But recently it reflects our customers in the mixed frame deletion when there is no schedule to achieve the delete operation, due to mixing framework is based on a distributed development method such Web API / WCF, and therefore ordinary track differently, for the Web API One way is to use a broader implementation of centralized data management in the cloud, it is relatively common debugging, added some difficulty, you need the server (in this chapter show that Web API operations) for debugging, as well as the client interface joint commissioning process.
Benpian essay describes how the encounter-based interface for distributed processing of data when analyzing the problem the wrong way and gradually narrow the scope of the investigation, a final settlement of the issue analysis process.
1 occurrence, localization issues
When we have problems, often need to locate an error has occurred in that part, first we need to be tracked to debug the client and server, first we need to track Web API layer corresponding to the controller whether the operation to obtain the corresponding record to be deleted ID value.
When the previous functional tests we found that all delete operations are a problem can not be deleted, so it may not be passed ID value, or the conversion process there is a problem.
Our server deletes the interface shown below.
/// <Summary> /// The ID of the specified object, the specified object is deleted from the database (for integer primary key) /// </ Summary> /// <param name = "Key"> specified object ID </ param> /// <returns A> execute successful return <c> to true </ c> , otherwise <c> false </ c> . </ Returns> [HttpPost] public Virtual CommonResult the Delete (the KeyInfo keyInfo, String token, String Signature, String timestamp, String the nonce, String AppID) { //Check if the user has permission, otherwise an exception is thrown MyDenyAccessException Base .CheckAuthorized (AuthorizeKey.DeleteKey, token, Signature, timestamp, nonce, AppID); CommonResult the Result = new new CommonResult (); the try { IF (! KeyInfo = null ) { the Result. Success = baseBLL.Delete (keyInfo.id); } } the catch (Exception EX) { LogTextHelper.Error (EX); // error log result.ErrorMessage = ex.Message; } return result; }
Wherein KeyInfo class is a class we define the entity, the code is defined as follows.
/// <Summary> /// ID for deletion target /// </ Summary> [the Serializable] public class the KeyInfo { /// <Summary> /// ID Primary /// </ Summary> public Object ID { GET ; SET ;} }
We debugging Web API controller when KeyInfo parameter values can not be obtained, as shown in the interface.
KeyInfo it may not be deserialized, or is not KeyInfo passed over, we track the corresponding interface, should have been in the direction of the client POST ID information submitted, can not be submitted over.
This is submitted for client capture processing operations, had wanted to use Fiddler to crawl, but seems unable to crawl Fiddler direct request inclusion localhost through proxy settings are not successfully processed, instead of previously used very smoothly HttpAnalyzer , you can run directly crawl, and very convenient.
Through the above operation, we found that did not submit data to the controller inside, and therefore exclude the possibility of anti-serialized object when Web API controllers lost value, but the client did not submit data to come .
2, target specific loss position value
So we go back inside a unified approach to the deletion of a look, have Delete and Delete2 similar operation, corresponding to different types of treatment.
We found that treatment here, is passed directly to the ID to build up an anonymous object, and then serialized as JSON string submitted to the Web API controller processing. Mainly be deleted on the interface through a unified call, pass the ID to the corresponding interface for processing.
In the system permission module, delete the user operation as an example, its interface ends the processing code is as follows.
The code above I added a line to record the ID of the content is obtained by logging, you can see the delivery ID to the interface processing.
So see, the problem in dealing with inside the interface, which is probably due to the operation of the confusion I used DLL, resulting in anonymous resolve a problem of class.
We first rewrite delete specific type of interface operations, tracking what the problem.
In order to effectively test our problems here, we compared the canceled check and red check, the compiled code for testing.
Comparing the results, we can see before and after the confusion, different data interfaces available, it can be confusing to know cause anonymous class handles a problem.
So, we have all the relevant DLL, remove the corresponding confuse this option run to get the right result.
And that we confuse cause of the .Net Reactor anonymous class handles the processing and analysis problems, mainly related to the local capture process client localhost address, with a more user-friendly HttpAnalyzer to analyze whether the data submitted in question, or data analysis problems, positioning problems of the border, and then gradually to the interface and the interface part of the analysis.
Due to the DLL error problems caused confusion in general is not easy to infer, so as many factors may affect the list, one by one test solution, slowly narrowing the scope to obtain a solution to the problem.