I have a application on local network with window authentication. Application is working fine. There is a old version of application too that is running on the same network. New application will replace old one later on. But for time being i need service to be exposed for old application. What i did is i made an API in the same application where window authentication is being used. Now the problem is that i don't want any kind of authentication on Web API but i am unable to test it by any tool like postman and fiddler. When i hit the URI it shows 401 error. Even i have to give windows credentials in browser to test it. After window authentication in browser service is running fine but i want to without window authentication.
I have tried many things like i put [allowanonymous] attribute on controller level. I put location tag with anonymous users in web.config file but nothing is working for me.
Can anyone tell me is it possible to do this and how?
Related
I need to set up my .Net 5 web app so that it can connect to a SAML 2.0 login server at this internal site: [login.antares.eng.edu].
I am using this library to help me: https://www.itfoxtec.com/IdentitySaml2
I followed the directions on that site and added the required code to my Startup.cs and added an AuthController.cs controller,
but now I am unsure of how to proceed next.
To try and educate myself on how to work with SAML, I loaded up a website at
[starmaps.cosmos.n.edu] that I know uses the same SAML 2.0 login server that I need to use [login.antares.eng.edu].
When I first load the website, starmaps.cosmos.n.edu, it automatically goes to the SAML server at: login.antares.eng.edu
Using the browser developer tools, I can see the following is being sent:
https://login.antares.eng.edu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=aZZAbsIwEEV%2FJwI%2BcUh5pWQgUVBVJNpGhHbRTWWcASwltuaZ9PH3dYBWdNOVrdHc11NnPEbZ1E4MWjqYNby3gBQsFxP2msut2g3VVZzK4SDu96GK81F6He%2F6w1GeVpm82gKLnsGjtmbCsiRl0RKxhaVBkoZCKc2yuNeLs3zTuxaDXKSjJO2%2FsGgRHtFG0lF4IHIoOHcS0VlPidNECVQt15XjztudroGXs%2FtVxtdQaQ%2BKeFk%2BsujWegVH8AnbyRqhAyiCjX6H30rhLVll6xttKm32E9Z6I6xEjcLIBlCQEp25CAHE9tSE4m6zKeLisdywaIYIvkOdW4NtA74E%2F64VPK1XF%2FAd88EiQZU4aawjmyjb8YT0D%2BcekHesfRT52iQS3SeLPpvaoDhu4H6wd02BpuOuWxwH7S%2F0%2F4vlTwY1LQLpmWrML3xOxk21BPFyUdhaq69oVtf2Y%2B5RRhgo%2BTbMk09Psr9fZvoN&RelayState=https%3A%2F%2Fstarmaps.cosmos.n.edu%2FMapperRun%2FPages%2FMain.aspx
I am not exactly sure what is going on, but I need my web app to do the same.
How can I get my web app using the ITfoxtec library to do this?
Thanks!
You need to decorate the controller or action with the [Authorize] attribute to require authentication and automatically start the login sequence.
Like this in the sample:
https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/blob/master/test/TestWebAppCore/Controllers/HomeController.cs#L15
Alternatively, you can add this requirement generally in Startup.cs/Program.cs.
As per my understanding, when user visits a url of a SPA application, the whole application is downloaded including any static html,assets and javascript. Can someone please clarify what role does the host web server play from there on? If after download of all the assets, I turn off the web server the application does not work. But ideally, it should work because now all the code to create any views is with the client already in form of javascript files. Let's assume there are no API calls for data.
Yeah it will work
If the application is fully loaded in browser it will work even after you turned off or disconnect the web server
Web Server No Need after the client has downloaded all the assets
I just created a webform that is hosted in my Azure subscription. I set it up with authenication via my works Azure directory for authenticating users. In debug this works fine and I am able to login with my work credentials and then view the website via local host.
I have published this to my Azure and it says it is running and working fine. So when I try to connect to the website it continuously redirects me to the localhost resulting in an error.
I have checked the web config.
Here is the google network chain of events when it occurs.
I am really lost as to what is wrong and what I need to do to fix this so any help would be greatly appreciated. I'm sorry I can't offer more but I don't even know what is wrong to begin with or where to look. Is there some setting in Azure that I need to add the website too?
I have solved this issue. Since it was such a pain I will keep this up as I couldn't find any answers on this. It was actually quite simple.
You have two options. The one I did and which worked was changing the publish profile as below:
Add the domain where the authentication is occurring. So if you have your web app hosted by a different azure account that which is authenticating the users, use the one that is authenticating.
This will create two versions of your app on the site one for local host and one for the actual site.
The second option(I have not tried this but it should work) is to go to the Azure account where you are authenticating the users and go to applications and then configure. Change the APP URL from local host to the url you are trying to get to.
Here is an excellent link that explains how to do this clearly.
Click this link for detailed explanation
I also had this issue and took these steps to resolve
navigate to the app registration in AAD
Open the manifest
Change the ReplyUrl to the url of the app (e.g. http://appname.azurewebsites.net)
Then I got the error
Bad Request - Request Too Long HTTP Error 400. The size of the request headers is too long.
Next I cleared all cookies from the browser, and this changed the error to just
Bad Request
So I went back to that ReplyUrl and changed it to https://appname.azurewebsites.net/.auth/login/aad/callback and now it appears to work.
Note I also had to make sure I didn't have the site open in any other tabs before it started working
I had this issue when I switched an app from our company Azure over to a customer's Azure. In my case I'd forgotten to update the ida:ClientId, ida:AADInstance and ida:TenantId, which then meant that the value I'd set for ida:PostLogoutRedirectUri was ignored (I think) and instead my app redirected to localhost.
Once I changed those ida values to the values from the app settings and subscriptions settings on our customer's Azure it all worked as expected.
It took a while to track down all the values in Azure portal as they are all called something different, or aren't named at all:
ClientId can be found at Azure Active Directory > App Registrations > YourAppName. It's called 'Application ID' in Azure
Domain can be found on Azure Active Directory > Overview. It's currently in the top left in the format somename.onmicrosoft.com
TenantId this is the Azure AD instance ID, get that from Azure Active Directory > Properties and then it's called 'Directory ID'
I spent a lot of time trying to work out where the localhost port that was being redirected to was in the code, but it simply isn't there as far as I can see, so I have no idea how Azure was choosing what localhost address to redirect to!
You need to set another parameter in configuration that is replyUrl and assign to your web app, other wise it takes the url from which it was originated.
I was able to fix this by changing my Startup.Auth.cs file redirectUri from "https://localhost:44316/" to https://myapp.com/
I have a client pc which accesses my website (CRM). The client PC is running an API toolkit as a background service and is accessed via SOAP calls, nothing tricky just standard Web Reference and some server-side methods to invoke the API toolkit's methods.
Everything is great when running the web application on my local IIS. The reference in the web.config points the address to localhost:8080 which is the address of the server. Having a custom web.config with a dynamic service url for all clients is not an option. I tried setting the url property so when the web application is started it retrieves the client machine's hostname and change the url property of the service reference however, this would only work if all the computers were on the company domain. The below reference is what works on my local pc, changing it manually to my hostname fails when run from the server and not my local dev IIS.
<applicationSettings>
<CRMIntegration.Properties.Settings>
<setting name="CRMIntegration_AgentBridgeService_WebserviceAgentBridgeService"
serializeAs="String">
<value>http://localhost:8080/AgentBridge</value>
</setting>
</CRMIntegration.Properties.Settings>
Despite several different ways of trying to map the service to the proper client it still fails to work.
(I'm thinking):
Create a method or function to set the correct path to the client pc's web service, strip out the web.config reference and write an extend the web reference class to override where the generated reference.cs is getting it's url property.
I have seen examples of this being done with the exact same API toolkit by several SaaS CRM's so I know it can be done. I don't have a clue what direction to look in after searching for a couple days.
Any help is appreciated.
The solution was easier than expected. I had two routes: use jquery with xml or an undocumented querystring in the api. I chose the querystring and all is well.
I have am asp.net 3.5 web site with a asmx web service and a test aspx page (the page tests the web service using javascript).
I need to run this site with anonymous authentication, so I setup the site in IIS as such.
Now, if I am trying to open the test page in the browser, I get 401.3-Unauthorized error.
Any ideas what should I do to fix it? Do I have to give read access for the physical file to Anonymous Login?
Also, what version of IIS are you using? Also if you are using the IIS mgr and you check anonymous authentication, you need to give it a valid username and password, have you done this?
A 403 can mean several things. It can mean you don't have authentication correctly configured, or it can mean that the ASP.NET worker process does not have rights to access the pages (the security is set to only allow you to access them, for instance). There are other scenarios as well, but these are the two most common.