I am deploying a Java FX WebView app using Web Start. And I am having trouble authenticating with Google 2 Factor Authentication enabled.
However, It does work correctly for regular authentication (username & password only).
With 2FA: It sends me the Yes/No option to my phone, but once I click yes, the webview doesn't respond.
Now, 2FA in the webview does work when I run the jar locally. It only fails when loaded via Web Start.
The Web Start URL is:
http://aubreigo.info/java/FX-People.jnlp
And the Jar file is located:
http://aubreigo.info/jav/FX-People.jar
So to summarize:
[OK] Standard Authentication
[OK] 2FA running locally (java -jar FX-People.jar)
[FAIL] 2FA running in Web Start
I believe this is a bug in Web Start. Can someone report it?
I have reported this issue to Oracle as a bug with Java Web Start.
Related
Good day everyone!
Background: I have old legacy ASP.NET MVC on premise application running on local windows IIS. I'm investigating ways to integrate this application with Azure AD authentication. As far as I can understand (Windows IIS integration with Azure AD) it's not possible to do it directly because of the Azure AD authentication can be added at the application level only. So I'm thinking integrating one of the MSAL library for adding Azure AD authentication.
Using this windows manual (Quickstart: Add sign-in with Microsoft to a web app), I've downloaded sample windows application (ASP.NET code sample) from this learn page and tried to run it within the Visual Studio 2022 in debug mode on my azure virtual work machine (based on VDI platform).
And Azure AD authentication does not work. When I click "Sign in with windows" button on the start application page, I get the error:
Server Error in '/' Application.The resource cannot be found.
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly.
Requested URL: /login.aspx
This sample works fine on my local laptop in exactly the same state. I suggest that any security utilities might be the reason, but I don't know how to check it. I can't disable security apps on my working machine, and maybe there are any restrictions on the network level I don't even know nothing about.
Could somebody suggest any ways to solve this problem? Or maybe still ways to find the reason of this problem?
Thank you in advanced!
I am facing a problem when using WindowsIdentity.RunImpersonated.
I am running an ASP.NET Core 6 Web API as self-hosted (.exe) and using HTTP.Sys as host (instead of Kestrel). I am impersonating a user before making a HTTP call to another Web API from within this Web API.
Currently logged on user in this Windows 10 box is a domain user who is part of local admin group. The user I am impersonating is the same (currently logged on user).
When running the Web API by double clicking on it
Inside this impersonation, while calling HostBuilder.Build(), the call is failing with an error
System.IO.DirectoryNotFoundException
The path in the exception is of the folder from where this Web API process is running. I checked in the .NET Core code and it is failing in
new PhysicalFileProvider(_hostingEnvironment.ContentRootPath);
When running web API by right click on exe and "Run as admin"
No issues, HTTP call goes to other Web API and proper response is returned.
Even though I am logged on in this Windows machine with Admin privileges, still I have to run the Web API process explicitly as "Run as Admin" to make things work. This is what I am not getting.
Could someone please help here?
I found a lot number of examples how o do this.
https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/hosted-with-azure-active-directory?view=aspnetcore-6.0
And it works fine when I run it locally in debug.
Everything is fine, until I want to publish the application up to an Azure APP Service.
I create an App Service and connect the server registration to it
I add on the client registration the URL of the APP Service https://xxxxx.azurewebsites.net/authentication/login-callback
In Visual Studio 2022 I publish the server application up to the App Service
To my surprise, the application does not work from the published site...
I get the response:
Sign in
Sorry, but we’re having trouble signing you in.
AADSTS700054: response_type 'id_token' is not enabled for the application.
I can not find an example that go all the way to a published APP service...
So what is wrong in my thinking here?
You need to register the app in Azure AD.
Your error message is: "'id_token' is not enabled for the application"
To fix this under Advanced Settings, Implicit grant check the box "ID tokens".
I try to monitor my jdbc requests with ApplicationInsights, already added the SDK to my Java app, works fine with request monitoring.
All I found was to "Install the Application Insights agent for Java" but how should I do this on App Services-Resource? I think I cannot change the startup script.
Regards
In an Azure Web App environment, where you don't have the ability to modify the application server's startup script, installing the Java agent isn't possible and therefore this scenario isn't supported.
There is currently no workaround for this unfortunately.
Thanks,
Harel
I am using System.DirectoryServices namespace to creating user accounts. when I run my webapp in asp.net and in my system, then code worked good. But when I deploy my webapp in my IIS, this failed.
I tested this way:
created a console application that get arguments from commandline and create user for me. When I run console exe directly, user created, but this exe not run from my web application (of course this code work in asp.net and in my system too).
enabling "World Wide Web Publishing Service" to interact with desktop.
Can someone help me?
The issue is related to the user you are executing the code as. When you are running locally or using the console application, the application is using your credentials for authentication. When run under IIS, the typical user is IUser, which has fewer privileges. You may need to grant the additional privileges to the IUser user in order to create the user accounts.