I have developed an application that allows MSA (Microsoft Account) authentication. I have registered my app here: https://apps.dev.microsoft.com.
When testing my app locally, I can access my app with no problem at my SSL URL of https://localhost:44300, and MSA works fine. When I registered my app, I used https://localhost:44300/signin-microsoft as the Redirect URI.
Problem: I can also access my app at https://127.0.0.1:44300, as one would expect. However, MSA here doesn't work. The error page says, We're unable to complete your request.
Microsoft account is experiencing technical problems. Please try again later. And the URL of the error page reveals that the error is with a mismatch in the Redirect URI: https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.
In the Microsoft Apps page, when I try to update the Redirect URI from https://localhost:44300/signin-microsoft to https://127.0.0.1:44300/signin-microsoft, it doesn't allow me to save my change and it shows me this error: Your URL can't contain a query string or invalid special characters, and it provides a 'Learn More' link: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-v2-limitations#restrictions-on-redirect-uris
After reading the info in this link, I see nowhere that a URI like mine (https://127.0.0.1:44300/signin-microsoft) would be an unacceptable URL, as I'm not breaking any of their rules: I have no invalid characters, no query strings, etc.
My research: Looking online, people are getting the Your URL can't contain a query string or invalid special characters because they are actually using a query string or invalid special characters, such as in this link: https://social.msdn.microsoft.com/Forums/en-US/4f638860-ea57-4f0e-85e0-b28e1e357fe2/office-365-app-authorization-redirect-uri-issue?forum=WindowsAzureAD. I couldn't find a case where someone has entered a valid URI and they weren't allowed to save it.
Why I need 127.0.0.1 to work: I need to expose this website, which is running on my local box. In order to have the website running without having an instance of Visual Studio opened all the time, I'm using csrun to host my website in Azure local fabric (by the way, my app is an Azure Cloud Service, with a ASP.NET MVC 5 app as a web role). I followed this instruction for csrun: http://www.bardev.com/2013/03/12/how-to-deploy-application-to-windows-azure-compute-emulator-with-csrun/. Using csrun, it allowed me to host my website in https://127.0.0.1:444 (but, as with https://127.0.0.1:44300, MSA doesn't work). My end goal is to expose this website with a public URL using ngrok (https://www.sitepoint.com/use-ngrok-test-local-site/), so that anyone can access my site.
Therefore, my main question is: how can I have the Redirect URI be https://127.0.0.1:44300/signin-microsoft instead of https://localhost:44300/signin-microsoft?
Make sure you access this portal through https://identity.microsoft.com as this is the only way the steps below will work.
You can get around this error right now by adding the reply URL through the manifest. Login to the portal, select the app you want to configure, and scroll down and hit the Edit Application Manifest button. Then you can add your https://127.0.0.1:44300/ to the replyUrls field.
There's some funny behavior that will only allow this right now if you only register other localhost reply Urls. If this is the only reply URL you need then it shouldn't be a problem.
Related
I have an assignment that reads "You want to use your web browser to fetch a web page from a site called "www.wagstaff.info". Its web server is at TCP port 8080, and the page you are looking for is called "horse.html".Give the URL that you enter into the navigation field of your web browser."
My first thought is that I want to write "www.wagstaff.info/" and then somehow query the web server for the object and retrieve it if it finds it, but i'm not sure if this is the right approach / how to do this.
I actually entered this site and I think the port is miswritten and it should be 80. I tried making a TCP connection to this site with port 80 and it works. I made a GET request for /horse.html and I got 404 Not Found, which makes me believe the page /horse.html doesn't exist on this site in actuality, but it doesn't have to, the assignment just uses the site as an example. But how would I make such a query/request not in cmd using telnet, but instead using the web browser and entering a URL?
If i'm on the correct path here, then, in other words, what do I type after "www.wagstaff.info/" to query for an object (or page) "/horse.html"? I would expect to get a 404 not found in my web browser, but to me it would mean I have a correct solution.
i would write the following: www.wagstaff.info:8080/horse.html
the www.wagstaff.info is the domain name that is then resolved to an actual ip address (like 192.168.0.1) what comes after the colon would be the port you're attempting to connect to and everything after that would be the path to the file you're trying to fetch.
I have a firebase project that loads properly unless I type the url to my project with www. in front.
This works:
https://myproject.firebaseapp.com
This returns an error:
https://www.myproject.firebaseapp.com
Your connection is not private
Attackers might be trying to steal your information from
www.myproject.firebaseapp.com (for example, passwords, messages, or
credit cards). Learn more NET::ERR_CERT_COMMON_NAME_INVALID
Attempt to resolve
I followed the "Learn More" in the error above and it seems that
the error might be that firbase by default sets up
myproject.firebaseapp.com but not www.myproject.firebaseapp.com.
I then checked the firebase app in the hosting console (i.e. https://console.firebase.google.com/project/myProjectNameHere/hosting/main)
and it does show only the non-www version, but adding the www version here does not seem possible since I do not own the firebaseapp domain so I cannot add the provided TXT file at this point to the DNS records.
Does anyone know why this is occurring and how to get the project to load when www. is added to the url?
Thank you in advance!
This is not supported.
To give some technical detail, wildcard SSL certificates are only valid for a single level; so *.firebaseapp.com but not *.*.firebaseapp.com. In addition, this is (in my estimation) entirely unnecessary as it simply makes the URL longer.
What I would encourage you to do is purchase a domain name for use with your Firebase Hosting site, and connect it. Read "Connect a Custom Domain" in our docs for more info.
I am trying to use the anonymous meeting provided with in the UCWA sample code. The developer sandbox works fine when I use the metio.net domain but when I try to use my companies domain we get a error message: "Service does not allow a cross domain request from this origin". So when I went to use the Anonymous meeting join and changing the domain with in the AnonMeeting.js to my companies domain I get the same error. I tried the only other option available on the index page, which is My own topology. I used my Skype for business login and gives me the 403 error with the same console message "Service does not allow a cross domain request from this origin". At the company I am at we use Skype for business online.
When we enter the URL http://lyncdiscover.domain.com we get to the xml tree fine but if its https we need to accept the invalid certificate. Once we do this and try to reopen the UCWA sample site we get the same cross domain error.
I would like to know if we can change the url to http within the api. Also assistance in making the anonymous chat work for my domain[or even metio.net] with in the sample code. Thank you anyone for helping me with this
You need to add the location you are hosting your application to the allowed list of your company's SfB servers. I would assume you are hosting your application in localhost. Metio.net is whitelisted for that, hence it works for the metio.net environment.
-- Since I was flagged for pasting the relevant Url link last time with Microsoft published details, I am copying the content from the website ucwa.skype.com --
Allowed Domains
Allowed domains refers to those hosting a UCWA web application.
The samples will indicate that the host domain is not on the allowed list by alerting the following string, sent by the server in the headers of a 403 response:
Service does not allow a cross domain request from this origin.
Viewing the Allowed List
From the Skype for Business Server Management Shell on each server (front end, edge, and director), execute the following command:
Get-CsWebServiceConfiguration | select -ExpandProperty CrossDomainAuthorizationList
Editing the Allowed List
From the Skype for Business Server Management Shell on each server (front end, edge, and director), execute the following commands (replacing the text in {} with your values):
$x = New-CsWebOrigin -Url "https://apps.contoso.com"
Set-CsWebServiceConfiguration -Identity "{YOUR_IDENTITY}" -CrossDomainAuthorizationList #{Add=$x}
If you do not know the value of Identity for your Skype for Business Server, you can run the following command to see all identities configured on the server:
Get-CsWebServiceConfiguration | select identity
Why are all the Site Settings links which have a {AnyToken} in the url returning a connection reset error in my SharePoint 2013 application?
Examples:
Master pages and page layouts
https://hostmane/_layouts/15/RedirectPage.aspx?Target={SiteCollectionUrl}_catalogs/masterpage
Content and structure
https://hostmane/_layouts/15/sitemanager.aspx?Source={WebUrl}_layouts/15/settings.aspx
The error message is:
This site can’t be reached
The connection was reset.
ERR_CONNECTION_RESET
I figured out the problem was not in the SharePoint application.
The error happens every time the link has an accolade "{}" in the URL, for example:
https://domain/_layouts/15/sitemanager.aspx?Source={WebUrl}_layouts/15/settings.aspx
Even if I add a dummy query string:
https://domain/?test={test}
But when I encode the accolade changing { to %7B and } to %7D, both URLs work fine:
https://domain/_layouts/15/sitemanager.aspx?Source=%7BWebUrl%7D_layouts/15/settings.aspx
https://domain/?test=%7Btest%7D
Also, when I test it locally in the server via Remote Desktop using a localhost address it works even with an unencoded accolade. For example,
http://localhost:1000/default.aspx?test={test}
Based in those observations, I assigned the problem to network security responsible and he created a rule in the firewall to avoid blocking an access attempt when there are unencoded accolade characters in the URL.
I set up my own hosted phabricator, everything is working fine (Diffusion repo etc)
I ran into problem after I installed arcanist on my dev box and run 'arc install-certificate', got exception as following:
rying to connect to server...
LOGIN TO PHABRICATOR
Open this page in your browser and login to Phabricator if necessary:
http:///conduit/login/
Then paste the API Token on that page below.
Paste API Token from that page: cli-e644viducdcccrge4i7zo5nfa66d
Usage Exception: The token "cli-e644viducdcccrge4i7zo5nfa66d" is not a valid API Token. The server returned this response when trying to use it as a token: ERR-CONDUIT-CORE: Attempting to access attached data on PhabricatorUser (via getAwayUntil()), but the data is not actually attached. Before accessing attachable data on an object, you must load and attach it.
I am wondering what's might go wrong? Thank you very much for your insights!
I've seen this problem occur many times with our users. In every case so far, the problem has been that users have set up the phabricator uri incorrectly.
Suggestion:
Check your project .arcconfig or your global .arcrc files (if you're doing this outside a project).
Verify that the URI to your Phabricator site is correct. The typical issue I've seen is accessing using http:// rather than https://