I have a web site in IIS that its Authentication mode is set to Windows.
I need to call a URL in that site using restsharp :
var client = new RestClient(item.Url);
var request = new RestRequest("/account/Menu", Method.GET);
request.AddParameter("SSO_Token", token);
client.PreAuthenticate = false;
client.Authenticator = new RestSharp.Authenticators.NtlmAuthenticator(new NetworkCredential(username, password, domain));
// I also tried following codes with no luck:
// client.Authenticator = new RestSharp.Authenticators.NtlmAuthenticator();
// client.Authenticator = new RestSharp.Authenticators.NtlmAuthenticator(username, password);
var response = client.Execute(request);
now the problem is I get this error:
HTTP Error 401.1 - Unauthorized
You do not have permission to view this directory or page using the credentials that you supplied.
I'm sure the provided credential is correct.
This fixed it for me: https://www.codeproject.com/Questions/4043926/Why-is-my-API-throws-an-error-when-using-authentic
request.UseDefaultCredentials = true;
Related
I am trying to send envelope using docuSign, but having error while get authorization_code which need to get access_Token.
Please help me to get authorization_Code and access_Token.
I am using ASP.Net web forms and .NET framework 4.5.2
DocuSign.eSign.dll 5.2.0
DocuSign.Integration.Client.dll 1.7.2
Request:
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature&client_id=4f464e25-6425-4ea6-915b-aa9bac5b8ce7&redirect_uri=https://account-d.docusign.com/ds/login?authType=JWT
Response:
The redirect redirect_uri is not registered properly with DocuSign
string RedirectURI = "https://account-d.docusign.com/ds/login?authType=JWT";
string ClientSecret = "****";
string IntegratorKey = "****";
Uri oauthLoginUrl = GetAuthorizationUri(IntegratorKey, scopes, RedirectURI, OAuth.CODE, null);
WebRequest request = WebRequest.Create(oauthLoginUrl);
WebResponse response = request.GetResponse();
public Uri GetAuthorizationUri(string clientId, List<string> scopes, string redirectUri, string responseType, string state = null)
{
string formattedScopes = (scopes == null || scopes.Count < 1) ? "" : scopes[0];
StringBuilder scopesSb = new StringBuilder(formattedScopes);
for (int i = 1; i < scopes.Count; i++)
{
scopesSb.Append("%20" + scopes[i]);
}
UriBuilder builder = new UriBuilder("https://account-d.docusign.com")
{
Scheme = "https",
Path = "/oauth/auth",
Port = 443,
Query = BuildQueryString(clientId, scopesSb.ToString(), redirectUri, responseType, state)
};
return builder.Uri;
}
Please make sure that the specified redirect URI is configured under the redirect URI section for the integration key that is being used. Please keep in mind that the same exact redirect URI has to be used when using your authentication URL.
The specified section is found under Settings > Apps and Keys > Click on your integration key > Edit
I would also recommend creating a new integration key, since you have shared it publicly on this thread.
I need to create web request to specific page in SharePoint Online using Access Token in order to get certain Header information, but I keep getting 403 and I'm not sure why. After toying with access requests some more, I managed to only get 403 using clientContext, and 401 using Postman.
I can get response from grah api in my app and with postman using access token, but the problem is I need to do a web request to get real web page headers like SpRequestDuration and SPIISLatency.
I've followed steps to create my Azure AD and application.
I request user login to get authentication code for my application
loginScopes = [
'User.Read.All',
'Directory.Read.All',
'Group.Read.All',
'Sites.Read.All',
'Reports.Read.All'
'offline_access',
'https://www.sharepoint.com/AllSites.FullControl'
];
const encodedScopes = encodeURIComponent(loginScopes.join(' '));
const encodedRedirectUri = encodeURIComponent(redirectUri);
let url = `https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?
response_type=code&
client_id=${clientId}
&redirect_uri=${encodedRedirectUri}
&scope=${encodedScopes}
&prompt=select_account`;
After this returns authentication code I create ConfidentialClientApplication with authority : 'https://login.microsoftonline.com/organizations' and with my application clientId, secret, redirect etc. With newly created ConfidentialClientApplication I acquire token silently with scope '{tenantUrl}/AllSites.FullControl'and another token with other scopes.
Now with access token I successfully create ClientContext, which retrieves data from sharepoint site and I can easily make a graph API request and everything will be fine. But the problem is with creating a WebRequest to a specific site (example. {tenantUrl}/SitePages/Forms/ByAuthor.aspx)
var manager = new AuthenticationManager();
var clientContext = manager.GetAzureADAccessTokenAuthenticatedContext(tenantUrl, accessToken);
clientContext.Load(clientContext.Site);
clientContext.Load(oWebsite.Lists);
clientContext.ExecuteQuery(); // Works fine
var request = clientContext.WebRequestExecutorFactory.CreateWebRequestExecutor(clientContext,{tenantUrl}/SitePages/Forms/ByAuthor.aspx).WebRequest;
request.Method = "GET";
//request.Headers.Add("Authorization", $"Bearer {accessToken}");
clientContext.ExecutingWebRequest += delegate (object sender, WebRequestEventArgs e)
{
e.WebRequestExecutor.WebRequest.Headers.Add("Authorization", "Bearer " + accessToken);
};
await request.GetResponseAsync(); // Throws 403
with sharepoint online
string siteUrl = ConfigurationManager.AppSettings["siteURL"];
SecureString passWord = new SecureString();
string pass = ConfigurationManager.AppSettings["userPassword"];
string user = ConfigurationManager.AppSettings["userName"];
foreach (char c in pass.ToCharArray()) passWord.AppendChar(c);
ClientContext clientContext = new ClientContext(siteUrl);
clientContext.Credentials = new SharePointOnlineCredentials(user, passWord);
return clientContext;
without
clientContext.ExecutingWebRequest
My team has an ASP.NET MVC-based website and WebAPI that is protected by passive federated authentication. It all works properly. The problem we're having is that we need to test the website and the web API after an automated deployment. How can we authenticate and get the FEDAUTH cookie to the website from automated test code, assuming that the test code is run by a user authorized to access the website?
You can have your Web API support active authentication. It requires some work to change the configuration and authentication handler, but it will make your web API easily accessible from a program client as well. If you just want to get a FEDAUTH cookie in your automated test code, the following code sample can work. It mimics a browser to post the user token to the website and get a cookie back.
// The code needs the STS server and the website url
var stsUrl = "https://your_STS";
var serviceUrl = "https://your_Service";
// Use Windows Credential to get the token
var binding = new WSHttpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
var factory = new WSTrustChannelFactory(binding, stsUrl) { TrustVersion = TrustVersion.WSTrust13 };
// Override current login user credential if needed:
// factory.Credentials.Windows.ClientCredential = userCredential;
var rst = new RequestSecurityToken
{
RequestType = RequestTypes.Issue,
KeyType = KeyTypes.Bearer,
AppliesTo = new EndpointReference(serviceUrl)
};
RequestSecurityTokenResponse rstr;
var token = factory.CreateChannel().Issue(rst, out rstr);
var fedSerializer = new System.IdentityModel.Services.WSFederationSerializer();
var rstrContent = fedSerializer.GetResponseAsString(rstr, new WSTrustSerializationContext());
// After this the security token is acquired and saved in rstrContent
var client = new HttpClient();
// Initiate a request to the service, which will be redirected to STS. Read WS fed fields from redirected URL.
var response = client.GetAsync(serviceUrl).Result;
response.EnsureSuccessStatusCode();
var redirectQuery = response.RequestMessage.RequestUri.Query;
var queryParams = System.Web.HttpUtility.ParseQueryString(redirectQuery);
// construct a authentication form
var formData = new Dictionary<string, string>
{
{"wa", queryParams["wa"]},
{"wresult", rstrContent},
{"wctx", queryParams["wctx"] },
};
// post the authentication form to the website.
response = client.PostAsync(serviceUrl, new FormUrlEncodedContent(formData)).Result;
response.EnsureSuccessStatusCode();
// After this, the auth cookie is set in this HttpClient that you can use to access your service
I am using ASP.NET Web API and Google.Apis.Drive.v2 Client Library for .NET to upload files to users Drive.
All examples of using the Drive Client Library for .NET require a authentication flow. But how should I create the DriveService when I already know the access token?
Despite the fact that have been 2 years since the question has been asked, today I've encountered the same situation and my solution is:
var valid_token = "Pass_the_valid_token_here";
var token = new Google.Apis.Auth.OAuth2.Responses.TokenResponse()
{
AccessToken = valid_token,
ExpiresInSeconds = 3600,
Issued = DateTime.Now
};
var fakeflow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = "fakeClientId",
ClientSecret = "fakeClientSecret"
}
});
UserCredential credential = new UserCredential(fakeflow, "fakeUserId", token);
var serviceInitializer = new BaseClientService.Initializer()
{
//ApplicationName = "Storage Sample",
HttpClientInitializer = credential
};
DriveService service = new DriveService(serviceInitializer);
Update
You could create your own custom token but the issue with this is going to be that the client library will not be able to refresh your access without the refresh token.
var token = new Google.Apis.Auth.OAuth2.Responses.TokenResponse()
{
AccessToken = valid_token,
ExpiresInSeconds = 3600,
Issued = DateTime.Now
};
var authorization = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = new ClientSecrets
{
ClientId = "lientId",
ClientSecret = "ClientSecret"
}
});
var credential = new UserCredential(authorization, "user", token);
The issue you are going to have with this is that the client library is not going to be able refersh the access token after it has expired since you are not supplying a refresh token its only going to work for an hour.
The answer from Svetoslav Georgiev has so far worked well for me - Can't thank you enough. Google really don't help themselves with the lack of .Net (Asp Core) samples etc. Anway, one problem I did run into was that of referer restriction, so a addition/slight modification to the answer - Once you have the "service" and want to say upload a file, you need to set the referer on a buried HttpClient property...
FilesResource.CreateMediaUpload uploadRequest;
byte[] byteArray = Encoding.UTF8.GetBytes(html);
using (var stream = new MemoryStream(byteArray))
{
uploadRequest = service.Files.Create(fileMetadata, stream, "text/html");
uploadRequest.Service.HttpClient.DefaultRequestHeaders.Referrer = new Uri($"{baseUrl}");
uploadRequest.Fields = "id";
var progress = uploadRequest.Upload();
if (progress.Exception != null)
{
throw progress.Exception;
}
var file = uploadRequest.ResponseBody;
.... do what you will with file ....
}
I'm developing a ASP WebAPI (ASP MVC 4) application with a WPF (.NET 4.0) client, using Visual Studio 2012. The client needs to login to the server. I use FormsAuthentication with an authentication cookie to login. The login already works fine in ASP MVC.
The problem is that, although the login is sucessfully executed on the server and the cookie is sent back to the client, the cookie is not sent in subsequent calls to the server, even though the CookieContainer is reused with the auth cookie set.
Here is a simplified version of the code:
CLIENT
public async Task<UserProfile> Login(string userName, string password, bool rememberMe)
{
using (var handler = new HttpClientHandler() { CookieContainer = this.cookieContainer })
using (var httpClient = new HttpClient(handler))
{
httpClient.BaseAddress = new Uri("http://localhost:50000/");
httpClient.DefaultRequestHeaders.Accept.Add(
new MediaTypeWithQualityHeaderValue("application/json"));
var result = await httpClient.PostAsJsonAsync("api/auth/login", new
{
username = userName,
password = password,
rememberMe = rememberMe
});
result.EnsureSuccessStatusCode();
var userProfile = await result.Content.ReadAsAsync<UserProfile>();
if (userProfile == null)
throw new UnauthorizedAccessException();
return userProfile;
}
}
public async Task<ExamSubmissionResponse> PostItem(Item item)
{
using (var handler = new HttpClientHandler() { CookieContainer = this.cookieContainer })
using (var httpClient = new HttpClient(handler))
{
httpClient.BaseAddress = new Uri("http://localhost:50000/");
var result = await httpClient.PostAsJsonAsync("api/Items/", item);
}
}
SERVER
[HttpPost]
public HttpResponseMessage Login(LoginModel model)
{
if (this.ValidateUser(model.UserName, model.Password))
{
// Get user data from database
string userData = JsonConvert.SerializeObject(userModel);
var authTicket = new FormsAuthenticationTicket(
1,
model.UserName,
DateTime.Now,
DateTime.Now.AddMinutes(10 * 15),
model.RememberMe,
userData
);
string ticket = FormsAuthentication.Encrypt(authTicket);
var cookie = new CookieHeaderValue(FormsAuthentication.FormsCookieName, ticket);
var response = Request.CreateResponse(HttpStatusCode.Created, userModel);
response.Headers.AddCookies(new CookieHeaderValue[] { cookie });
return response;
}
return null;
}
First I debugged the problem using Fiddler2 (I used the base address as "http://localhost.fiddler:50000/" to view local traffic). Then I suspected that fiddler might be interfering, so I just debugged with Visual Studio 2012.
What I have tried and verified:
The server is reached by the Login method
The user is sucessfully authenticated with the data sent from the client
The cookie is set on the server
The cookie is in the response (verified with fiddler)
The cookie is in the CookieContainer after the operation. There is a strange thing here: the domain of the cookie in the container is set as "localhost" (verified with VS2012 debugger). Shouldn't it be "http://localhost:50000" ? When I try to get the cookies of the container using cookieContainer.GetCookies(new Uri("http://localhost:50000")) it returns nothing. When I try it using cookieContainer.GetCookies(new Uri("localhost")) it gives me an invalid Uri error. Not sure what's going on here.
The cookie is in the container just before the PostItem request is made. The container is correctly set in the HttpClient when the statement httpClient.PostAsJsonAsync is reached.
The cookie is not sent to the server (I checked it with fiddler and in the Application_PostAuthenticateRequest method in the Global.asax.cs, verifying this.Request.Cookies)
I suspect the cookie is not being sent due to a domain mismatch in the CookieContainer, but why the domain is not set as it should in the CookieContainer in the first place?
Your problem is that you are not setting any path on the cookie that you send back from your Web Api controller.
There are two things that control where cookies are sent:
The domain of the cookie
The path of the cookie
Regarding the domain, the consensus seems to be that the port number should no longer (but still might) be a factor in evaluating the cookie domain. See this question for more info about how port number affects the domain.
About the path: Cookies are associated with a specific path in their domain. In your case, the Web Api is sending a cookie without specifying it's path. By default the cookie will then be associated with the path of the request/response where the cookie was created.
In your case the cookie will have the path api/auth/login. This means the the cookie will be sent to child paths (for lack of a better term) of this path but not to parent or sibling paths.
To test this, try:
cookieContainer.GetCookies(new Uri("http://localhost/api/auth/login")
This should give you the cookie. So should this:
cookieContainer.GetCookies(new Uri("http://localhost/api/auth/login/foo/bar")
These on the other hand will not find the cookie:
cookieContainer.GetCookies(new Uri("http://localhost/")
cookieContainer.GetCookies(new Uri("http://localhost/api/")
cookieContainer.GetCookies(new Uri("http://localhost/api/auth/")
cookieContainer.GetCookies(new Uri("http://localhost/api/auth/foo")
cookieContainer.GetCookies(new Uri("http://localhost/api/Items/")
To fix the issue, simply add the path "/" (or perhaps "/api") to the cookie before sending the resonse:
...
string ticket = FormsAuthentication.Encrypt(authTicket);
var cookie = new CookieHeaderValue(FormsAuthentication.FormsCookieName, ticket);
cookie.Path = "/";
var response = Request.CreateResponse(HttpStatusCode.Created, userModel);
response.Headers.AddCookies(new CookieHeaderValue[] { cookie });
...