We've develop a new project of posting Jobs directly to LinkedIn using Job Posting API from within our web application. Our web application is developed in C#.
There is sample code available in LinkedIn Developers for posting of Jobs in C# HERE
I replaced sample "API_KEY" or "API_SECRET" with my original key or secret. But when i execute this code it always give me error : remote server returned an error: (403) Forbidden
I think In order to post jobs, LinkedIn uses OAuth signed calls. OAuth-based authentication is very new for me. so i can not understand reason of this error.
How can i resolve it?
Bunch of Thanks for your valuable help...!!
Related
I have an ASP.NET web app which calls an API to get some data from an ASP.NET Core web app of mine. This worked fine until I added Microsoft sign-in to the ASP.NET Core app. I followed this Microsoft Documentation exactly step-by-step to add the sign-in. The sign-in works perfectly; however, this has caused an issue with the API. Now when the API call is made, I get this error in the console (with the sensitive info replaced by {...}):
Access to XMLHttpRequest at
'https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize?client_id={client_id}&redirect_uri=
{redirect_uri}&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce={nonce}&client_info=
1&x-client-brkrver=IDWeb.1.11.0.0&state={state}&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.10.2.0'
(redirected from {redirect_uri}) from origin {origin} has been blocked by CORS policy:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
I'm certain this issue isn't caused by either of my 2 apps since sending/receiving the data worked prior to adding the sign-in. I've tried looking through the Azure Portal to see if there are any changes that could be made there to fix this issue, but I haven't yet found anything there. What could be causing this issue? Is there anything specific which must be done in the Portal? Does there seem any issue with the super long https://login.microsoftonline.com... URL is it supposed to be that way?
Thank you Tiny Wang. Posting your suggestions as an answer to help other community members.
Integrate Azure AD to your asp.net web app and asp.net core app
here is the image on how the sample app works
You need to register your web api and expose it through scopes which will help in providing permission based access.
When you click on Add Scope, it will prompt for application id uri
if you haven't set you need to set one
api://<application-client-id> default applicationid uri
check this to enable protection to your Web API
I am developing a module to integrate the company's website with several social networks.
I've done it with Instagram, Facebook and Twitter.
I wanted to do the same with LinkedIn.
When i call the API to generate the token i receive the error message:
Postman call
I have searched everywhere and i don't found any indication where i need to go to ask permission to create tokens.
The support of LinkedIn tell me to came here...
Anyone can help me?
Thanks
Perhaps you can try reading more about the LinkedIn client credentials flow in the below link.
https://learn.microsoft.com/en-us/linkedin/shared/authentication/client-credentials-flow?context=linkedin/context
If your application needs to access APIs that are not member specific, use the Client Credential Flow. Your application cannot access these APIs by default. Learn more about LinkedIn Developer Enterprise products to request permission to the Client Credential Flow.
As highlighted in the document, an application will not be having access to client credentials by default and you will have to request access exclusively based on your business need. Most of the LinkedIn APIs require three-legged authentication fetch member related data since most of the data request is directly or indirectly related to a member or owned by a member.
I am accessing to my secure API (secured by identityServer4) from a .Net core mvc application.
When I login with a registred user i get a valid token from token endpoint of IdentityServer BUT when i go to access to API ressource using that token I got 401 response unauthorized, even it's new token and the only restriction to that API ressource is the role X and the user have already that role X.
Do you have please any idea why this is happening?
UPDATE:
Identity server is deployed on two web servers under a load balancer. when using the
Does it have a relation that tokens are stored on In-Mermory of server?
Thank you.
My answer would look like kind of guessing because you don't provide much details.
Since you mentioned the load balancer, make sure that your IdentityServer4 app in both webservers is using the same data protection key.
you should read more about:
services.AddDataProtection()
https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview?view=aspnetcore-3.1
Before you read you can check if this is really the problem or not by simply decoupling or shutting down one of the two web servers and keep only one. then try to refresh the token again and call the api.
This is just a quick answer about a common problem that developers face when they don't take scale out to many (web servers) in their consideration.
otherwise, please mention more details so I can help more :)
Whene using a load balancer we should not use InMemory storage.
The solution for this was to change the way we storing tokens and grants from InMemory storage to database storage.
see the tuto here https://deblokt.com/2019/09/20/02-identityserver4-entityframework/
and here http://docs.identityserver.io/en/release/quickstarts/8_entity_framework.html
I am trying to use Facebook OAuth to authenticate user login in a asp.net web api app.
I am redirected to this page "https://www.facebook.com/common/invalid_request.php" get this error "Your request could not be processed.
Please try again" when logging in via the returned HTML from the ChallengeResult in the web api when hitting the api/Account/ExternalLogin endpoint.
I've already updated the Microsoft.Owin.Security.Facebook NuGet package in the web api but still having the error. I assume that this is a bug (thinking).
I've read an article about external OAuth authentication from:
http://bitoftech.net/2014/08/11/asp-net-web-api-2-external-logins-social-logins-facebook-google-angularjs-app/ but I still get the error.
Any workaround with this? This is my first time working with this.
I'm using VS2013 and Web API 2 to create a self-hosted (using OWIN), RESTful service over SSL using token authentication. Although I'm not a novice developer, this is my first time looking at ASP.NET technologies, so please keep that in mind.
I've got everything more-or-less working except for the authentication and authorisation parts. I fully understand the difference of authenticating a user (who is this user?) and authorising an already authenticated user to access a resource (can this user access this particular resource?).
A very simple overview of my auth process is as follows (makes some assumptions for brevity):
An unknown client connects to the API, e.g. GET api/values.
The server responds with a 401 and this response header: "WWW-Authenticate: Token".
Upon seeing this, the unknown client knows to connect to a different API endpoint here: POST api/auth (routed to the Login function), supplying the username and password.
The server will try to figure out if this is a valid user and can accept or reject the user depending on the validity of the credentials.
(Rejected) The server returns an error status code (403?). End of process.
(Accepted) The server creates a random token (e.g. a GUID) and stores it against the user record. Then it sends the token to the client.
The now authenticated client reconnects to the API, GET api/values, and this time also supplies the token.
The user returns the resource data to the client.
...
The user can log out by connecting to the same API as he used to log in: POST api/auth (this time, his request will be routed to the Logout function). This will remove the token from the server and the client will also have to remove its own token.
As you can see, this is a relatively simple process, but I can't find any concrete and simple examples to understand how best to achieve this with a self-hosted Web API 2.
I don't need to register users or do any password/roles management, etc. and there is no external authentication. All valid users have the same rights to access the resources and they're already created in the system by a separate process over which I have no control (I can only read their credentials for validation). Most examples I found are talking about security frameworks that I don't need, so I've ruled out using any of the following: Basic Authentication, Windows Authentication, Forms Authentication, Individual Accounts, ASP.NET Membership/Identity, OAuth, Thinktecture or any other security framework.
I've read articles about authenticating in a message handler and others about authentication in a custom Authorize attribute filter, while others even suggest I should use the new (in Web API 2) IAuthenticateFilter attribute. This is very confusing. Can you please advise on a very simple way to achieve my auth objectives? Any specific code examples will be greatly appreciated, even if they're just skeleton implementation or pseudocode. I just need some ideas to get me started.
After a lot of googling, I found this article on CodeProject: http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API. While this is not Web API 2 or self-hosted, it has given me a number of ideas on how to proceed.
Someone also posted a comment to that CodeProject article referencing a NuGet package that may interest anyone looking for something similar: https://www.nuget.org/packages/WebApiTokenAuth. In my case, it is a bit much.
Finally, in addition to the authentication options mentioned in the question, there's also the option to write an OWIN middleware to do authentication if self-hosting using OWIN (as per the official MS recommendation). However, I plan to implement this particular form of token authentication with a message handler, as there's more support for this method available than for writing OWIN middleware.