There is a web user interface through which user is posting csr text in the website. there is a textbox in which user paste the csr text that is generated by a tool.
Previously i was validating the text , by checking if there is
---Begin Request --- and ---End Request---- present in the text.
But
---Begin Request ---
blah blah
---End Request----
is not a valid CSr text, But it is validated by my site since it contains the begin and end tag. How can i validate the CSR text, IS there any web api present to which i can send the request and it can validate the request and send the response back.
request = new CX509CertificateRequestPkcs10();
request.InitializeDecode("Actual csr", EncodingType.XCN_CRYPT_STRING_BASE64REQUESTHEADER);
replace "Actual CSR" with the csr provided by the user.
you can use the above method which will validate if it is a valid BASE64 Request or not.(i.e. a valid CSR)
Related
I'm trying to connect my ASP.NET Core 3.1 web app with Yahoo. To do this, I have to set up Authorization with OAuth. I have followed a few different guides, including:
https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html
https://www.yogihosting.com/implementing-yahoo-oauth-2-0-in-csharp-and-asp-net/
I have set up my app in Yahoo, with the configuration found in the below picture:
I then have my code set up to send the authorization request to Yahoo with the following code:
public void YahooAuth()
{
string id = configuration["YahooClientId"];
string returnUrl = "https://www.fantasysimmer.com/FootballSimulator/Sim";
string url = $"https://api.login.yahoo.com/oauth2/request_auth?client_id={id}--&response_type=code&redirect_uri={returnUrl}";
Response.Redirect(url);
}
When this code is ran however, I get an error page with a message "Developers: Please specify a valid client and submit again.", and the URL displays:
https://api.login.yahoo.com/oauth2/error?client_id={Client_ID}--&error=unauthorized_client&error_description=invalid+client+id
I double and triple checked the Client ID, and the client ID in the URL is the same as in my Yahoo App's profile. I'm wondering now, is there an extra step that I missed in registering my app, or is there something wrong with my code?
Edit: Progress is made! The dashes after the client id must have been part of the example, or otherwise were an error. When I removed that, I started getting a new error, saying to enter in a valid request. It had something to do with my return url, because replacing that with 'oob' made it go through.
So there were two errors. The first was that the "--" after the client id were not supposed to be there. I'm not sure why in yahoo's example they have them there, but they aren't needed. The second reason is that my return uri was capitalized in my code, but not capitalized in my app settings. Now it works!
I have a intranet application which i'm able to login using username/password.
Im trying to access the same application using python requests passing my username/password but that does not work. Its a difficult task to get a application support.
Meanwhile, I want to see if I can login using the session the web application created which is in my other browser.
How can I just pass the session using the requests module.
You may need to send data among username and password (usually this data is generated randomly by the server and are inside <input type="hidden"> form elements) which we prevent the CSRF (cross-site request forgery) attack. You may also need to send cookies the Web server send to you.
So, to solve your problem you need to:
Create a requests session to handle cookies;
Request the login page (where the form is) and extract CSRF data;
Post CSRF data among your credentials to the form action URL.
The code will be like this:
import requests
LOGIN_URL = '...' # put URL here
# replace 'user' and 'pass' with form field names for credentials
CREDENTIALS = {'user': '...', 'pass': '...'}
session = requests.session()
# get cookies and CSRF data
response = session.get(LOGIN_URL)
csrf_data = ... # extract data from response.text in a dict
# post data
csrf_data.update(CREDENTIALS)
# you may change LOGIN_URL below with form's 'action' URL if they differ
response = session.post(LOGIN_URL, data=csrf_data)
# now check response.text to see if you're logged in
There are many ways to extract CSRF data, such as: simple string manipulation, regular expressions or more specialized libraries such as lxml and BeautifulSoup (it depends on your input HTML and familiarity with the methods).
My asp.net application is in Web Server A and displays and let download MS-Word or PDF documents that are stored in Web Server B.
For security reasons, I was advised to encrypt and decrypt those documents when serving them up on the webserver A.
Could anyone give me some clue on how to do that?
I've never seen some utility before. My code just give value to a link control and let the user to click on it to display a MS-Word or PDF document, like:
Dim RemoteFolder As String
Dim RemoteFileName As String
RemoteFolder = "http://192.168.32.98/Application/Documents/"
RemoteFileName = "MyWordDocument.doc"
lnkOpenDocument.NavigateUrl = RemoteFolder + RemoteFileName
Using SSL might help, that protects all request/responses between the two servers. Otherwise .Net does have a encryption/decryption library under System.Security:
http://support.microsoft.com/kb/307010 also see this previous post What's the easiest way to encrypt a file in c#?
you can always grab the file from the user, encrypt using one of the above methods, and drop the encrypted file on webserver B. when reading it rather than link directly to the .doc file, link to another asp.net page, pass the ID of the file into that new page and have it pull the file from Webserver B decrypt it and display to the user.
I'm creating a gateway app which will control access to various other apps (tools).
On visiting the site the user is identified and a list of tools they have access to is displayed. Clicking the link takes the user to the tool. The URL is affixed with a token as a querystring. The token is encrypted.
On arriving at the tool site the system checks to see if there is a querystring with a token. It checks to see if the token is valid (the date is part of the encryption). If OK then the token is also saved as cookie which is valid for 8h and access is granted.
If the user hits the Tool site directly from a bookmark the system once again checks to see if there is a token and that it is valid. If no token is passed as a querystring then the system will see if it still has a valid cookie. If there is no valid token or cookie the site invokes a response.redirect to the gateway together with two querystrings t and r. t is the tool's numeric ID and r is the Tools URL.
What should happen is that the user will be redirected to the Gateway which will check to see if the user has access to tool id t and if the have redirect back to r with a fresh token appended as a querystring.
My code has the following....
Private GatewayURL As String = "http://GatewayURL/default.aspx?t=2&r="
Private ToolURL As String = "http://ToolURL/default.aspx"
In my page load I have….
…
If AuthenticationPass = False Then
'We are not authenticated...
Response.Redirect(GatewayURL & ToolURL, True)
End If
…
Unfortunately when this is triggered I get the following error...
Invalid path for child request 'http://GatewayURL/default.aspx'. A virtual path is expected.
I've run out of ideas on resolving this.... any help appreciated.
You should URL encode your query string parameters:
Response.Redirect(GatewayURL & HttpUtility.UrlEncode(ToolURL), True)
so that you redirect to:
http://GatewayURL/default.aspx?t=2&r=http%3A%2F%2FToolURL%2Fdefault.aspx
instead of:
http://GatewayURL/default.aspx?t=2&r=http://ToolURL/default.aspx
The second is a pretty broken url.
How one could do / where in Plone source code could be an example code for sending out MailHost emails
Message payload is a text string, not template
Sends out plaintext email, utf-8 encoded, both subject and message
From: header is set correctly having both name and email address visible
This doc could help :
http://plone.org/documentation/manual/upgrade-guide/version/upgrading-plone-3-x-to-4.0/updating-add-on-products-for-plone-4.0/mailhost.securesend-is-now-deprecated-use-send-instead