I'm having trouble adding a connection in the Kusto.Explorer desktop app 1.0.3.949. I can login via Web UI but in the desktop app it gives me this error:
This normally represents a permanent error, and retrying is unlikely to help.
Please provide the following information when contacting the Kusto team # https://aka.ms/kustosupport :
DataSource='https://m1explorer.westus.kusto.windows.net/v1/rest/mgmt',
DatabaseName='NetDefaultDB',
ClientRequestId='KD2RunCommand;5723fa83-9dd5-48fe-a1ee-5d4ddb7f9cd9',
ActivityId='74b41f5e-be7c-46be-88f5-dae1a6d35c30,
Timestamp='2020-08-02T18:48:13.6846740Z'.
In other applications such as the Kuskus VSCode extension or even the Web UI, the problem seems to be that it uses the "common" tenant/authority id as a default. Is there a way to specify the tenant id when adding the connection? It says you can import an .xml file but I'm not sure where or how this can be generated.
Thanks,
Steven
Please try approach described at:
https://learn.microsoft.com/en-us/azure/data-explorer/kusto/tools/kusto-explorer#control-the-user-identity-connecting-to-kustoexplorer
The default security model for new connections is AAD-Federated
security. Authentication is done through the Azure Active Directory
using the default AAD user experience.
If you need finer control over the authentication parameters, you can
expand the "Advanced: Connection Strings" edit box and provide a valid
Kusto connection string value.
For example, users with a presence in multiple AAD tenants sometimes
need to use a particular "projection" of their identities to a
specific AAD tenant. Do this by providing a connection string, such as
the one below (replace words IN CAPITALS with specific values):
Data Source=https://CLUSTER_NAME.kusto.windows.net;Initial Catalog=DATABASE_NAME;AAD Federated Security=True;Authority Id=AAD_TENANT_OF_CLUSTER;User=USER_DOMAIN
Related
I have used the techniques in the RealmTask tutorial (https://realm.io/docs/tutorials/realmtasks/ ) to get a demonstration of synchronisation with the Realm Object Server working. However, as mentioned in realm mobile platform, how to connect while offline? , it is difficult to find design guidelines on realising a robust app in the presence of intermittent network connectivity. For example, the network might not be available when the app is first run, and in the tutorial example I think the login attempt would just time out after say 30 seconds.
From various sources, I have tried to outline an implementation approach on the client and have come up with the following:
=============================================================
At start-up of app
Create login credentials with
SyncCredentials.usernamePassword()
Check whether user credentials already exist using
SyncUser.all
If so, get the correct user using the appropriate key (UserId)
If a user is obtained, get the Realm configuration using
realmConfiguration = Realm.Configuration(SyncConfiguration(user, realmURL))
Attempt a log-in with
SyncUser.logIn with SyncCredentials
On completion, put the following on the main DispatchQueue (async)
realmConfiguration = Realm.Configuration(SyncConfiguration(user, realmURL))
if not logged in, repeat login attempts every N minutes until successful? E.g. to handle the situation when the network is unavailable when the app is started, but then becomes available?
Launch the rest of the app, making realmConfiguration available.
However, only access the Realm if realmConfiguration has been set up. Design the app so that it handles the scenario of realmConfiguration not being set up.
=============================================================
Is the above approach sensible, or is there a better solution?
Katsumi from Realm here. Our RealmTasks demo application may help you.
https://github.com/realm-demos/realm-tasks/tree/master/RealmTasks%20Apple
First, check whether the user has logged in or not at launched the app.
if configureDefaultRealm() {
window?.rootViewController = ContainerViewController()
window?.makeKeyAndVisible()
} else {
window?.rootViewController = UIViewController()
window?.makeKeyAndVisible()
logIn(animated: false)
}
https://github.com/realm-demos/realm-tasks/blob/master/RealmTasks%20Apple/RealmTasks%20iOS/AppDelegate.swift#L35
If the user has been logged in before, you can use user object that was cached before. (SyncUser.current or SyncUser.all)
If there is no cached user object (The user is the first time to use the app, or the user re-installs the app), show login view to signing up/in.
The former case (Use the cached user object) doesn't require network access, so you don't need to care about the offline situation.
The latter case (The user should signing up/in) requires network access, in that case, the best practice depends on the specification of the app. It is enough to show a just alert view that indicates requiring network for some apps, or use standalone Realm and then migrate synced realm after the app will be online.
I have created my first Facebook app in R. Its purpose is solely to retrieve marketing data from my Facebook pages. So far I have created this (no authentication problems):
require("Rfacebook")
load("fb_oauth")
## Start retrieving insight from VivaraDE
rawinsightsDE<-getInsights(object_id= "my_id", token = fb_oauth,
metric="page_impressions", period = "days_28", version="2.6")
When running this, R does return:
Error in FUN(X[[1L]], ...) :
No data available. Are you the owner of this page? See ?getInsights.
I have an administrator role in my app (obviously) and an admin role on the page desginated by my_id.
I suspect I will have to alter some config somewhere. What am I missing?
You need read_insights permission from the page admin (you in this case), before you can access these metrics.
Any more common permissions I need to include, so I won't stumble upon some more rejections?
Nah, don’t ask for permissions “just to be on the safe side” – that will only give problems in review (if the app is supposed to be used by the general public at one point?), if they see you asking for permissions without actually using them.
I’d rather suggest you use Graph API Explorer first to test out the request you want to make; its debug feature usually displays a message in such cases as to what permission is missing to get the requested data.
I have been working with Oracle SOA Suit 12c human task component. However, I have created a simple bpel processs that takes one input for human intervention and response required by the user assigned. The project deployed successfully to weblogic domain soa_server1. Now the web service is being tested by oracle em->soa_server->composite application. When the user login to worklist, the task is being populated but when he clicks on task, it shows a login form rathar than the huam task form(the jsf/jspx) page.
Additional Details
Weblogic Server 12c, SOA Quick Start 12c(12.2.2.1.0) installed and weblogic domain configured using database. JDeveloper version 12c.
Below is the screenshot of worklist
Can anyone please look in to this, what's the issue??
Issue was related to user assignment in Human Task dedinition.
Double click on human task in your composite.
Go to assignments(user assignment)
My mistake- I had set the owner as weblogic and trying to access the task in worklist with user 'level1'
SOLUTION THAT WORKED FOR ME
Either leave blank to owner text filed or specify all users whom task is being assigned or users who manually clam task.
I haven't tried but probably of you have hierarchy set for users then it might require only top level person to be specified in owner section.
I had a different issue the url in the humantask configuration was pointing to some random name and not the server host name changing that worked
I'm currently finishing my website in ASP.NET MVC with azure AD login.
For this website, some pages are only accessible by admins. For this, I made a new group that's named testAdmins and when I check if the user can access to a page, I use this :
ClaimsPrincipal principal = User as ClaimsPrincipal;
if (principal.Claims.Any(x => x.Type == "groups" && x.Value == "id of testAdmins")){ //code }
And it's working fine with my user witch is in this group.
But when I change the id of testAdmins with the value of the real group of admins (Admins) I'm going to use when the site will be deployed and witch I'm not in, the server is not showing anything for 40 sec and then I got this message :
An exception of type 'System.Web.HttpException' occurred in
System.Web.dll but was not handled in user code
Additional information: Unable to connect to SQL Server database.
Can someone explain me what's going on ?
Thanks in advance
PS : I made some more test... When my user is in the group it works fast but when it's not it takes 2 min and do the error message... if someone as no idea what is the problem, did anyone have a way to make different access from user wich are in a special group from Azure Active Directory ?
Provide the whole stacktrace and relevant source code line (the full stacktrace includes file names and line numbers!). The issue you are facing is very common for on-boarding developers (on-boarding to ASP.NET 4.0+).
Your project is based on the default project template for ASP.NET 4.0 (or later), which by default creates the website with "Local User Accounts". This template creates an Entity Framework db context and local models for the user authentication / authorization. This also creates some settings in your web.config to define connectin strings (or instruct the default one) for the EF.
On top of that template you added the neccessery Azure AD authentication details - either through the right click menu (Configure Azure AD Authentication - available in VS 2015) or manually by including a bunch of NuGet packages. Thus you (without knowing) created a nasty mix of FBA (Forms Based Authentication) - dictated by the local accounts, and OpenID Connect - dictated by Azure AD authentication.
The SQL Server error comes from that FBA (or local user accounts setting) config. And there is no easy way to remove it.
Because I see you are just playing around and testing out things, I would warmly recommend that you start over with a new project and be careful by your second step of the wizard (available in both VS 2013 and VS 2015) - Click on "change authentication" and chose "No authentication":
On this clean project, you can add your Azure AD authentication and everything will work and you will not see any SQL Server Errors (well it depends how you configure your Azure AD Auth - some of the wizzards - namely the one of Multi-tenant also creates EF context).
This probably isnt an issue with SiteCore per se but I've included it for completeness. I have sitecore 6.3 running under IIS7 using a custom identity for the app pool. I cant get Sitecore to write its logging information (using the default log4net settings) to the eventlog. I've followed the advice here: http://logging.apache.org/log4net/release/faq.html#Why%20doesn%27t%20the%20EventLogAppender%20work? and although it works fine when I make the custom identity a member of the administrator's group I need to find a way to get it working in production without such a security hack.
The weird thing is that I have a MSI that installs it (running under an account which IS a member of the administrator's group) and creates the correct registry keys in the eventlog for me and yet despite that, I am still getting the following error when I run the application using the custom identity (without it being a member of administrators).
log4net:ERROR DOMConfigurator: Could not create Appender [EventLogAppender] of type [log4net.Appender.EventLogAppender]. Reported error follows.
System.Security.SecurityException: Requested registry access is not allowed.
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at System.Diagnostics.EventLog.GetEventLogRegKey(String machine, Boolean writable)
at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly)
at System.Diagnostics.EventLog.DeleteEventSource(String source, String machineName)
at log4net.Appender.EventLogAppender.ActivateOptions()
at log4net.Repository.Hierarchy.DOMHierarchyConfigurator.ParseAppender(XmlElement appenderElement)
The Zone of the assembly that failed was:
MyComputer
log4net:ERROR DOMConfigurator: Appender named [EventLogAppender] not found.
Thinking I could narrow it down to a registry permission issue I granted Everyone full permissions to the following registry key and subkeys but it didnt work either: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
The custom identity is a member of the following groups:
Event Log Readers
IIS_USERS
Performance Monitor Users
I've also seen the following question which seems to ask the same thing. The Microsoft article seems to suggest it might be a problem with ACLs on an event log and gives examples on how you can change SSDLs but I'd rather avoid that if at all possible.
EDIT:
I have another server running where the log is being populated fine. The custom identity was a member of administrators so I revoked that and rebooted, trying to purposely break it but I cant. Config is identical on both boxes and same identity used to run the MSI which creates the registry keys. Have run procmon on both (after doing a IISReset and spinning up the app pool again) to examine registry activity. Strange thing is - on the box that works you get 477 name not found records for my event source in the wrong places (Application, and a different Custom EventLog "MyCompany"). No hits for the place where it is logging which is "MyCompany\MyCompany.SiteCore". Whilst on the box which is broken, it does appear to be requesting to read the right key (albeit only 6 times) but you then get the Log4Net registry access error.
As I understand it EventStores are stored in the registry, so you only need write permission to registry to create or delete an EventStore. This is usually only needed once and most applications create this as part of the install procedure so that the application does not need to be run as Administrator during normal execution.
However your error message (in the question) includes the method DeleteEventSource from which I would deduce/guess that the EventSource does exist but is wrong in some way. So perhaps this is currently registered as writing to the event log named MyCompany and you are now trying to change it to "MyCompany\MyCompany.SiteCore" which requires you to delete the old eventsource and create a new one.
So it sounds like your installation routine is creating a different EventSource from the one that your application is actually using.
If that doesn't help, then I would suggest enabling internal logging for Log4net (but obviously not to the eventlog) which will probably give you more information.
Giving full permission to the registry key is not enough.
According to Microsoft
To create an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.
The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a SecurityException is thrown.
Starting with Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses the security log, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.
I think, contrary to the Apache documentation, log4net DOES need write access to the registry – or at least it does in my case. To prove this, I backed up the registry on the server where it wasnt working and granted IIS administrator privileges before spinning up sitecore. Sure enough it started logging away to the eventlog nicely and then when I exported the registry again to run a diff, there WAS a difference.
The value for the eventlogmessage file on my event source had been updated from:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
To
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll
So I assumed that merely changing this value in the registry by hand would work.
But it didn’t.
So I ran procmon on the two servers I have: A=the working one, B=the failing one. Sure enough, on server B I have a line which says:
Operation: RegOpenKey, Path: HKLM\System\CurrentControlSet\Services\EventLog, Desired Access:Read/Write, Result: ACCESS DENIED.
I’ve traced through with Server A and in exactly the same place, the key is requested with Desired Access:Read.
Conclusion:
It seems unavoidable that I will need to grant my app pool identity administrator privileges in production for at least enough time to programatically do the necessary registry writes the first time from within log4net. I dont know why administrator; I have tried granting Full permissions to the entire eventlog node in the registry for my custom app to no avail. It seems to do something which I cannot identify or pin down. I will then revoke this privilege immediately after it starts to log and monitor whether subsequent installs knock out the functionality afterwards. (Hopefully not).
If anyone has any insight into this behaviour it would be greatly appreciated.