I am running a json restapi service on ubuntu with symfony2 framework.
Everything was working fine but for security and performance reasons we moved to amazon ec2 with rds.
Now i am facing a strange problem if i call the api with curl it works ok until i use some characters on the body parameters like accents (´).
i copy and paste the /etc/php5 and /etc/apache2 config folder from the old server to the new server, still not working.
i also match the locale on both server. debugging the symfony2 request object i realize that the parameterbag object when using an special character like (á) is empty for all the parameters.
Related
I am working in one of the applications running on .NET Framework 4.6.1, where I am trying to get dns name (on server) and on local, both having 'https' protocols.
Locally I am accessing my application with https://localost:44301/ however request object is showing me http://127.0.0.1
On Server I am accessing with https://dns.com/ however logs are showing me http://127.0.0.1 - running instances behind ALB.
Code:
var host = System.Web.HttpContext.Current.Request.Url;
I am calling this on Startup.cs class.
I see my browser has and showing https://localhost:44301, however code is showing http://127.0.0.1 as mentioned above.
My code is running on .NET Framework 4.6.1 and unable to find anything more with HttpRequest object.
Question - How can I get correct DNS name or localhost:44301 from request object or using some other mechanism.
I have built a Rest API for a database on a web server, using PHP and MySQL. The URL is rewritten (using .htaccess) to be passed to my api.php code, which cuts up the URL parts and decides which data to return. As some fields for the query are optional, I have used an asterisk to have my api code skip that field and handle the next one.
This works fine when retrieving data in a browser and it also works when using AJAX calls. But when I use the exact same URL to retrieve data in an XSL transform, the server returns a 503 code. It seems that the asterisks I am using in my Rest API are causing the 503, but only when called from the XSL.
To make things even less understandable, pointing the XSL to a copy of the entire Rest API that runs on my localhost works fine with the asterisks.
I am trying to understand where the difference is. Does a web browser encode characters in a specific way before the request is sent to the server? Does a DNS server change the URL so that it never reaches my api code? Is the handling by the public web server correct and my localhost not? Unfortunately, I cannot check what happens to the URLs before they are passed to my api code, as it runs on a hosted domain, where I cannot open the access logs.
My IdentityServer4 instance returns deformed schema for the urls in the reponse of the well-known configs. Here is the response that I get from
http://www.server.meetcorepoint.com/.well-known/openid-configuration
{"issuer":"http://\\www.server.meetcorepoint.com","jwks_uri":"http://\\www.server.meetcorepoint.com/.well-known/openid-configuration/jwks","authorization_endpoint":"http://\\www.server.meetcorepoint.com/connect/authorize","token_endpoint":"http://\\www.server.meetcorepoint.com/connect/token","userinfo_endpoint":"http://\\www.server.meetcorepoint.com/connect/userinfo","end_session_endpoint":"http://\\www.server.meetcorepoint.com/connect/endsession","check_session_iframe":"http://\\www.server.meetcorepoint.com/connect/checksession","revocation_endpoint":"http://\\www.server.meetcorepoint.com/connect/revocation","introspection_endpoint":"http://\\www.server.meetcorepoint.com/connect/introspect","frontchannel_logout_supported":true,"frontchannel_logout_session_supported":true,"backchannel_logout_supported":true,"backchannel_logout_session_supported":true,"scopes_supported":["openid","profile","api1","offline_access"],"claims_supported":["sub","name","family_name","given_name","middle_name","nickname","preferred_username","profile","picture","website","gender","birthdate","zoneinfo","locale","updated_at"],"grant_types_supported":["authorization_code","client_credentials","refresh_token","implicit","password"],"response_types_supported":["code","token","id_token","id_token token","code id_token","code token","code id_token token"],"response_modes_supported":["form_post","query","fragment"],"token_endpoint_auth_methods_supported":["client_secret_basic","client_secret_post"],"subject_types_supported":["public"],"id_token_signing_alg_values_supported":["RS256"],"code_challenge_methods_supported":["plain","S256"]}
Here is the mvc client http://www.mvc.meetcorepoint.com and when I click to authenticate with the idsr4 the client throws exception Unable to parse host name and fails to do authentication because it can't parse the urls.
Note the \\ appended to the schema in each url of the response. All urls are invalid. Both the idsr4 and the mvc client are hosted on Amazon Linux. The two projects that I use are both from the official sample projects on GitHub https://github.com/IdentityServer/IdentityServer4.Samples/tree/release/Quickstarts/5_HybridFlowAuthenticationWithApiAccess
I am using version 2.0.4 of dotnet core.
On localhost the idsr4 works as expected and returns the appropriate response without additional double backslashes.
What is causing the wrong url schemas and how to fix this ? Feel free to test the identity server yourself on the live servers.
I have developed an application that allows MSA (Microsoft Account) authentication. I have registered my app here: https://apps.dev.microsoft.com.
When testing my app locally, I can access my app with no problem at my SSL URL of https://localhost:44300, and MSA works fine. When I registered my app, I used https://localhost:44300/signin-microsoft as the Redirect URI.
Problem: I can also access my app at https://127.0.0.1:44300, as one would expect. However, MSA here doesn't work. The error page says, We're unable to complete your request.
Microsoft account is experiencing technical problems. Please try again later. And the URL of the error page reveals that the error is with a mismatch in the Redirect URI: https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.
In the Microsoft Apps page, when I try to update the Redirect URI from https://localhost:44300/signin-microsoft to https://127.0.0.1:44300/signin-microsoft, it doesn't allow me to save my change and it shows me this error: Your URL can't contain a query string or invalid special characters, and it provides a 'Learn More' link: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-v2-limitations#restrictions-on-redirect-uris
After reading the info in this link, I see nowhere that a URI like mine (https://127.0.0.1:44300/signin-microsoft) would be an unacceptable URL, as I'm not breaking any of their rules: I have no invalid characters, no query strings, etc.
My research: Looking online, people are getting the Your URL can't contain a query string or invalid special characters because they are actually using a query string or invalid special characters, such as in this link: https://social.msdn.microsoft.com/Forums/en-US/4f638860-ea57-4f0e-85e0-b28e1e357fe2/office-365-app-authorization-redirect-uri-issue?forum=WindowsAzureAD. I couldn't find a case where someone has entered a valid URI and they weren't allowed to save it.
Why I need 127.0.0.1 to work: I need to expose this website, which is running on my local box. In order to have the website running without having an instance of Visual Studio opened all the time, I'm using csrun to host my website in Azure local fabric (by the way, my app is an Azure Cloud Service, with a ASP.NET MVC 5 app as a web role). I followed this instruction for csrun: http://www.bardev.com/2013/03/12/how-to-deploy-application-to-windows-azure-compute-emulator-with-csrun/. Using csrun, it allowed me to host my website in https://127.0.0.1:444 (but, as with https://127.0.0.1:44300, MSA doesn't work). My end goal is to expose this website with a public URL using ngrok (https://www.sitepoint.com/use-ngrok-test-local-site/), so that anyone can access my site.
Therefore, my main question is: how can I have the Redirect URI be https://127.0.0.1:44300/signin-microsoft instead of https://localhost:44300/signin-microsoft?
Make sure you access this portal through https://identity.microsoft.com as this is the only way the steps below will work.
You can get around this error right now by adding the reply URL through the manifest. Login to the portal, select the app you want to configure, and scroll down and hit the Edit Application Manifest button. Then you can add your https://127.0.0.1:44300/ to the replyUrls field.
There's some funny behavior that will only allow this right now if you only register other localhost reply Urls. If this is the only reply URL you need then it shouldn't be a problem.
We have an API, routed with Attributes, and registered first in our start up method with config.MapHttpAttributeRoutes();
This works fine locally.
However on the test environment the Api routes are not matching a request, and instead are tried to be matched via the default MVC router. The default MVC route is registered at the end of our start up method.
I've triple checked the config transforms, even the deployed web.config to ensure there are no url rewrites getting in the way.
The requests are simple JSON requests.
Anyone have any pointers as to anything else that could cause the Api routes to be ignored on remote environments only?
Thanks
Turns out it was due to old libraries in the bin folder on the remote server.
The lesson here is to make sure deleted files are also deleted in the build process, or to manually delete them.