I am using SignalR behind a node.js proxy and I get this error:
{"error":"An unexpected error occurred during connection handshake. AggregateException: One or more errors occurred. (Value cannot be null. (Parameter 'userName'))"}
Is SignalR trying to authenticate the connection because I already added [AllowAnonymous] or proxy server causes messages to be malformed because I used JSON transfer format to make sure messages are readable so I can see if there is any issue.
Firefox logs:
Backend
services.AddSignalR(config =>
{
config.MaximumReceiveMessageSize = 10 * 1024 * 1024; // 10 mega-bytes
config.StreamBufferCapacity = 50;
config.EnableDetailedErrors = true;
}).AddNewtonsoftJsonProtocol();
React-Native SignalR
const signalR = new signalRBuilder.HubConnectionBuilder()
.withUrl(prefixUrl('/log'))
.configureLogging(LogLevel.Trace)
.withAutomaticReconnect()
.withHubProtocol(new JsonHubProtocol())
.build();
signalR.start();
React-native project:
repository
To run: npm run web
.NET web application
when redirecting using an application you may lose header information which can cause some errors in signalR
Related
I'm running a self contained dotnet app on a windows 2019 to execute a simple httpclient get on a remote machine using mTLS with a client certificate.
I am loading the client certificate in the application by passing a p12 keystore filepath, which has the certificate keypair and chain.
Executing this get on powershell with invoke-restmethod on the windows 2019 server works, which means the certificate loads properly and the server certificate is validated by accessing the certificate store.
Also, running the application locally works! so that means that both client and server certificates and chains are valid and my dotnet framework can access the local windows store.
Here is the simple call that is causing the issue:
var certificate = new X509Certificate2(filePath, password);
Console.WriteLine($"Certificate found in keystore: {certificate.FriendlyName}. {certificate.Thumbprint}. {certificate.Subject}.");
var handler = new HttpClientHandler();
var httpClient = new HttpClient(handler)
handler.ClientCertificates.Add(certificate);
var result = httpClient.GetAsync("https://urltoserverwithvalidmTLS").GetAwaiter().GetResult();
The exception i get is:
Exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090304): The Local Security Authority cannot be contacted
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
App is published with:
--configuration Release -r win-x64 --self-contained true
and csproj targets netcoreapp3.1 framework
At this point i have no clue why this is not working. Any help would be appreciated.
This was related to a combination of two issues related to ssl protocols. Dotnet httpclient defaults to an invalid TLS protocol on windows 2019.
Setting the SslProtocols to Tls12 resolved this.
The other issue is that windows 2019 does not work with ephemeral key when creating tls connections.
Setting the connection flag to X509KeyStorageFlags.PersistKeySet resolved this.
Here is a sample http client that works on windows 2019 with .net6:
var certificate = new X509Certificate2(filePath, password, X509KeyStorageFlags.PersistKeySet);
var handler = new HttpClientHandler();
handler.SslProtocols = SslProtocols.Tls12;
handler.ClientCertificates.Add(certificate);
var httpClient = new HttpClient(handler);
var result = await httpClient.GetAsync(https://pathToYourSecureUrl);
This is how do the connection part.
componentDidMount() {
const hubUrl = "https://192.168.1.106:45455/messagingHub";
const connectionHub = new signalR.HubConnectionBuilder()
.withUrl(hubUrl)
.configureLogging(signalR.LogLevel.Information)
.build();
connectionHub.start().catch(err => console.log(err)); }
Before I post the error, It's not because of cors or anything related to the api. Api was started on my laptop and I used Conveyor by Keyoti to expose it to my local network and I installed Conveyor by Keyoti SSL certificate on my phone that shouldn't be a problem. And I was able to connect to the SignalR hub on my PC using a small console application I made and I was able to send messages and recieved them. So problem is on React Native part. About React Native I used expo cli, so it was a quick start react native.
This is the errors I get:
Http Warning
3 Errors I get
And my Package.json
I decided to build a web service(app) for Apache Spark with Apache Livy.
Livy server is up and running on localhost port 8998 according to Livy configuration defaults.
My test program is a sample application in Apache Livy documentation: https://livy.incubator.apache.org/docs/latest/programmatic-api.html
While creating LivyClient by LivyClientBuilder class,
client = new LivyClientBuilder().setURI(new
URI("http","user:info","localhost",8998,"","",""))
.build();
I got "URI is not supported by any registered client factories" exception:
Exception in thread "main" java.lang.IllegalArgumentException: URI 'http://%5Bredacted%5D#localhost:8998?#' is not supported by any registered client factories.
at org.apache.livy.LivyClientBuilder.build(LivyClientBuilder.java:155)
at Client.<init>(Client.java:17)
at Client.main(Client.java:25)
I found out client instance stays null in LivyClientBuilder class.
client = factory.createClient(uri, this.config);
factory is an instance of LivyClientFactory interface.
The only class which implements the interface is RSCClientFactory.
In RSCClientFactory we have this piece of code:
if (!"rsc".equals(uri.getScheme())) {
return null;
}
I've tried "rsc" instead of "http", this is the error:
2018-09-15 11:32:55 ERROR RSCClient:340 - RPC error.
java.util.concurrent.ExecutionException: javax.security.sasl.SaslException: Client closed before SASL negotiation finished.
javax.security.sasl.SaslException: Client closed before SASL negotiation finished.
at io.netty.util.concurrent.AbstractFuture.get(AbstractFuture.java:41)
at org.apache.livy.rsc.rpc.Rpc$SaslClientHandler.dispose(Rpc.java:419)
at org.apache.livy.rsc.JobHandleImpl.get(JobHandleImpl.java:60)
at org.apache.livy.rsc.rpc.SaslHandler.channelInactive(SaslHandler.java:92)
at Client.main(Client.java:39)
Apache Livy is running on http://localhost:8998 then I think we need submit our jar file to this address, but I don't understand "rsc" there.
I would appreciate if anyone guides me about these problems.
You just need to pass your URL as a String:
LivyClient client = new LivyClientBuilder()
.setURI(new URI("http://localhost:8998"))
.build();
After that you can add your *.jar file with:
client.addJar("file://...yourPathToJarHere.../*.jar");
or
client.uploadJar(new File("...."));
It depends on your cluster configuration. You can find full java API description here: https://livy.incubator.apache.org/docs/latest/api/java/index.html
The only class which implements the interface is RSCClientFactory.
Just add livy-client-http to your classpath.
https://github.com/apache/incubator-livy/blob/412ccc8fcf96854fedbe76af8e5a6fec2c542d25/client-http/src/main/java/org/apache/livy/client/http/HttpClientFactory.java#L29
https://github.com/apache/incubator-livy/blob/56c76bc2d4563593edce062a563603fe63e5a431/examples/src/main/java/org/apache/livy/examples/PiApp.java#L79
Docs: https://livy.incubator.apache.org/docs/latest/programmatic-api.html
I need to make calls to a rest API service via BizTalk Send adapter. The API simply uses a token in the header for authentication/authorization. I have tested this in a C# console app using httpclient and it works fine:
string apiUrl = "https://api.site.com/endpoint/<method>?";
string dateFormat = "dateFormat = 2017-05-01T00:00:00";
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("token", "<token>");
client.DefaultRequestHeaders.Add("Accept", "application/json");
string finalurl = apiUrl + dateFormat;
HttpResponseMessage resp = await client.GetAsync(finalurl);
if (resp.IsSuccessStatusCode)
{
string result = await resp.Content.ReadAsStringAsync();
var rootresult = JsonConvert.DeserializeObject<jobList>(result);
return rootresult;
}
else
{
return null;
}
}
however I want to use BizTalk to make the call and handle the response.
I have tried using the wcf-http adapter, selecting 'Transport' for security (it is an https site so security is required(?)) with no credential type specified and placed the header with the token in the 'messages' tab of the adapter configuration. This fails though with the exception: System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
I have tried googling for this specific scenario and cannot find a solution. I did find this article with suggestions for OAUth handling but I'm surprised that even with BizTalk 2016 I still have to create a custom assembly for something so simple.
Does anyone know how this might be done in the wcf-http send adapter?
Yes, you have to write a custom Endpoint Behaviour and add it to the send port. In fact with the WCF-WebHttp adapter even Basic Auth doesn't work so I'm currently writing an Endpoint Behaviour to address this.
One of the issues with OAuth, is that there isn't one standard that everyone follows, so far I've had to write 2 different OAuth behaviours as they have implemented things differently. One using a secret and time stamp hashed to has to get a token, and the other using Basic Auth to get a token. Also one of them you could get multiple tokens using the same creds, whereas the other would expire the old token straight away.
Another thing I've had to write a custom behaviour for is which version of TLS the end points expects as by default BizTalk 2013 R2 tries TLS 1.0, and then will fail if the web site does not allow it.
You can feedback to Microsoft that you wish to have this feature by voting on Add support for OAuth 2.0 / OpenID Connect authentication
Maybe someone will open source their solution. See Announcement: BizTalk Server embrace open source!
Figured it out. I should have used the 'Certificate' for client credential type.
I just had to:
Add token in the Outbound HTTP Headers box in the Messages tab and select 'Transport' security and 'Certificate' for Transport client credential type.
Downloaded the certificate from the API's website via the browser (manually) and installed it on the local servers certificate store.
I then selected that certificate and thumbprint in the corresponding fields in the adapter via the 'browse' buttons (had to scroll through the available certificates and select the API/website certificate I was trying to connect to).
I discovered this on accident when I had Fiddler running and set the adapter proxy setting to the local Fiddler address (http://localhost:8888). I realized that since Fiddler negotiates the TLS connection/certificate (I enabled tls1.2 in fiddler) to the remote server, messages were able to get through but not directly between the adapter and the remote API server (when Fiddler WASN'T running).
I have the following code to access a webservice using a Client certificate. All seems to work fine when I run this code in a console application. If I try to run it from a web application running in IIS 7. I get the error "The request was aborted: Could not create SSL/TLS secure channel."
This is the code :
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3 | System.Net.SecurityProtocolType.Tls; //from other stackoverflow case
System.Net.ServicePointManager.Expect100Continue = true; //from other stackoverflow case
db2wsService service = new db2wsService();
service.Url = this.WebserviceUrl;
HttpServerUtility server = HttpContext.Current.Server;
X509Certificate certificate = new X509Certificate(server.MapPath(this.CertificatePath), this.CertificatePassword);
service.ClientCertificates.Add(certificate);
service.PreAuthenticate = true;
//do some stuff here to call webservices
I had same encountered problem. this solution is winhttpcertcfg. if you search about using on the google , you will find it.