Google OpenId: No OpenID endpoint found (intermittent) - asp.net

Usually using the Google OpenId works fine, thousands of times a day, then it will start intermittently going wrong and timing out for an hours or so (some requests will validate but not all). Repeated validation will eventually work.
Error messages are:
Event code: 200000
Event message: No OpenID endpoint found. : https://www.google.com/accounts/o8/id
Sequence contains no elements
Adding in log4net yields:
DotNetOpenAuth.Yadis:
Error while performing discovery on: "https://www.google.com/accounts/o8/id":
DotNetOpenAuth.Messaging.ProtocolException:
Error occurred while sending a direct message or getting the response.
---> System.Net.WebException: The operation has timed out
at System.Net.HttpWebRequest.GetResponse()
at DotNetOpenAuth.Messaging.StandardWebRequestHandler.GetResponse
(HttpWebRequest request, DirectWebRequestOptions options)
in c:\...\Dot...Core\Messaging\StandardWebRequestHandler.cs:line 127
--- End of inner exception stack trace ---
at DotNetOpenAuth.Messaging.StandardWebRequestHandler.GetResponse
(HttpWebRequest request, DirectWebRequestOptions options)
in c:\...\Dot...Core\Messaging\StandardWebRequestHandler.cs:line 175
at DotNetOpenAuth.Messaging.UntrustedWebRequestHandler.GetResponse
(HttpWebRequest request, DirectWebRequestOptions options)
in c:\...\Dot...Core\Messaging\UntrustedWebRequestHandler.cs:line 250
at DotNetOpenAuth.Yadis.Yadis.Request
(IDirectWebRequestHandler requestHandler,
Uri uri, Boolean requireSsl, String[] acceptTypes)
in c:\...\Dot...OpenId\Yadis\Yadis.cs:line 172
at DotNetOpenAuth.Yadis.Yadis.Discover
(IDirectWebRequestHandler requestHandler, UriIdentifier uri, Boolean requireSsl)
in c:\...\DotNetOpenAuth.OpenId\Yadis\Yadis.cs:line 63
at DotNetOpenAuth.OpenId.UriDiscoveryService.Discover
(Identifier identifier, IDirectWebRequestHandler requestHandler,
Boolean& abortDiscoveryChain)
in c:\...\DotNet...OpenId\OpenId\UriDiscoveryService.cs:line 51
at DotNetOpenAuth.OpenId.IdentifierDiscoveryServices.Discover
(Identifier identifier)
in c:\...\Dot...OpenId\OpenId\IdentifierDiscoveryServices.cs:line 58
at DotNetOpenAuth.OpenId.RelyingParty.AuthenticationRequest.Create
(Identifier userSuppliedIdentifier, OpenIdRelyingParty relyingParty,
Realm realm, Uri returnToUrl, Boolean createNewAssociationsAsNeeded)
in ...OpenId.RelyingParty\OpenId\RelyingParty\AuthenticationRequest.cs:line 364
And
DotNetOpenAuth.Http WebException:
Timeout from https://www.google.com/accounts/o8/id, no response available.
Any ideas?

It sounds like you need to fix your network latency. It seems highly unlikely that Google would be the bottleneck here.
You may also want to increase the HTTP timeouts on your end to reduce the failure rate. The full set of options is available here. Specifically you're probably looking for:
<untrustedWebRequest
timeout="00:00:10"
readWriteTimeout="00:00:01.500" />
Check out the configurations link to see the context of where this goes.

We recently ran into this same issue. Having read several different scenarios and having gone through the trace steps I finally concluded, as I have seen elsewhere that this problem can be caused by a DNS server issue. In our case we had a production server that has been in use for over 18 months and just recently started getting the same issue as mentioned above, but it was very consistent on this one server. Another server on a another network and our development computers did not have any issues.
Long story short I changed the primary DNS for the production server to Google's public DNS, 8.8.8.8 and it instantly started working. I had manually flushed the DNS cache on the production server prior to this (without positive outcome) so it leads me to believe the DNS server (provided by our hosting center) had a bad cache entry that was ultimately causing the problem.
Hope this helps someone else who runs across this scenario.

Related

SignalR negotiate fails (Bad Gateway)

Someone any idea, I’ve been struggling with this for some time.
I'm using SignalR (Asp.net 5). when I try to debug local (ISS 10.0 express) everything is working fine. SignalR is working (Long poll).
Now when I publish the app to Azure it I can access : .azurewebsites.net/signalr/hubs
but I cannot access .azurewebsites.net/signalr/hubs/negotiate
it returns:
The specified CGI application encountered an error and the server terminated the process.
When my web app calls $.connection.hub.start() it will fail.
GET XHR http://xxxx.azurewebsites.net/signalr/negotiate [HTTP/1.1 502 Bad Gateway]
I’m running out of idea's. Don't know how I can get more debug information.
Small selection of my ‘already tried’ list:
Set $.connection.hub.url path manual to http://xxxx.azurewebsites.net/signalr/
Enable/Disable websockets
Removed forwardWindowsAuthToken from the web.config httpPlatform
EDIT:
Now getting more details on this error:
CryptographicException: The data protection operation was unsuccessful. This may have been caused by not having the user profile loaded for the current thread's user context, which may be the case when the thread is impersonating.
Still absolutely no idea how to solve this!
Solved by using appBuilder.UseAesDataProtectorProvider();
(from Owin.Security.AesDataProtectorProvider;)
I have no idea if this is the best solution.

Web Api 2 Self Host with identity individual account

I have been trying to create a web api 2 that is secure with individual account.
So I can easily create WebApi2 with individual account, see link below
http://www.asp.net/vnext/overview/authentication/individual-accounts-in-aspnet-web-api
And Self hosting is easy to do.
http://www.asp.net/web-api/overview/hosting-aspnet-web-api/use-owin-to-self-host-web-api
But I cannot figure out how to combine the solutions.
Far as I got was adding a console app to a webapi2. Which seems to run. But whenever I try and get the access token it returns
An unhandled exception of type 'System.Net.WebException' occurred in System.dll
Additional information: The remote server returned an error: (500) Internal Server Error.
If anyone knows of a solution that would be great. Thanks
This post is way old, but to anyone else who is having this issue and finds this question, I was able to get past the 500 Error by adding app.UseWebApi(config); after setting up config, as mentioned in this post:
http://odetocode.com/blogs/scott/archive/2013/07/24/self-hosting-webapi-with-katana.aspx
HOWEVER, I'm now getting a 401, unauthorized request for all of my requests, even though I have a valid token and I'm sending it the same way I did that worked in the non-self-hosted WebApi2 app. but I'm one step closer anyways.

reCaptcha validation with timeout exception

I am using reCaptch in my MVC 3 web app running in the localhost.
Things were working fine few weeks back but suddenly failing.
Suddenly getting this error.
if(!ReCaptcha.Validate(_config.RecaptchaPrivateKey)){ <-- times out here
//process other fields in the form
}
As soon as I fill the form and hot submit I get this error :
The operation has timed out
Description : An unhandled exception occurred during the execution of the current ...
Exception Details : System.Net.WebException: The operation has timed out
Is this a proxy issue?
Is this because my site on localhost runs on port 3316?
localhost:3316/user/signup
I saw some posts that suggests that reCAPTCHA expects port 80 but my app runs on port 3316
What can be the issue?
Thanks
I got around this by creating proxy class that inherits IWebProxy.
Then specifying to use this proxy when internal, I had to transform it out for other environments that didn't need to use it.
See this question and accepted answer:
Is it possible to specify proxy credentials in your web.config?
The above link took some finding, so I favourited it for future use.

Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies

scene description:
my program is implemented by flex+java+blazeDS+activeMQ,it subscribe the jms message from activeMQ by Flex Consumer,Currently i deliver two tomcat in
the same Server,them are all contains my program ,and the ActiveMQ is in another server,now time i open the two applications in the same kind of browser,such
as IE or Chrome,whatever,the url just like http://localhost:8080/HelloWord/index.html, http://localhost:8181/HelloWord/index.html
Problem:
the first application url is http://localhost:8080/HelloWord/index.html, i open it in ie,and it can subscribe message very well,but when i open the second
second application whose url is http://localhost:8181/HelloWord/index.html in ie, accident happens,two of the applications cannot subscribe message.
error log:
1.flex client log(flash.log):
Detected duplicate HTTP-based FlexSessions, generally due to the remote host disabling session cookies. Session cookies must be enabled to manage the client connection correctly
2.java console log:
flex.messaging.client.FlexClientNotSubscribedException: The client has no active subscriptions over endpoint 'my-polling-amf'.
at flex.messaging.client.FlexClient.throwNotSubscribedException(FlexClient.java:1789)
at flex.messaging.client.FlexClient.pollWithWait(FlexClient.java:967)
at flex.messaging.endpoints.BasePollingHTTPEndpoint.handleFlexClientPoll(BasePollingHTTPEndpoint.java:538)
at flex.messaging.endpoints.AbstractEndpoint.handleFlexClientPollCommand(AbstractEndpoint.java:1151)
at flex.messaging.endpoints.AbstractEndpoint.serviceMessage(AbstractEndpoint.java:965)
at flex.messaging.endpoints.AbstractEndpoint$$FastClassByCGLIB$$1a3ef066.invoke()
at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:692)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
at org.springframework.flex.core.MessageInterceptionAdvice.invoke(MessageInterceptionAdvice.java:66)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.adapter.ThrowsAdviceInterceptor.invoke(ThrowsAdviceInterceptor.java:124)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.Cglib2AopProxy$FixedChainStaticTargetInterceptor.intercept(Cglib2AopProxy.java:576)
at flex.messaging.endpoints.AMFEndpoint$$EnhancerByCGLIB$$3ae4b8ad.serviceMessage()
at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:103)
at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:166)
at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:291)
at flex.messaging.endpoints.AMFEndpoint$$EnhancerByCGLIB$$3ae4b8ad.service()
at org.springframework.flex.servlet.MessageBrokerHandlerAdapter.handle(MessageBrokerHandlerAdapter.java:108)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:771)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:563)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:286)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:272)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1730)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
the test i have done:
1.FlexClient.getInstance().id = UIDUtil.createUID(); invalid
2.FlexClient.getInstance().id = null; invalid
3.use different kinds of browser,one use Ie,the other use Chrome, to open the two applications,them are ok;
4.one server one tomcat, use the same kind brower ie to open them ,them are ok;
5.use customer AMFChannel in flex MXML or the default AMFChannel definition in flex-config.xml, invalid;
network friends's advance:
1.http://blogs.adobe.com/lin/2011/05/duplication-session-error.html
2.http://stackoverflow.com/questions/7659775/duplicate-session-error-when-perform-proxy-lookup
the two is invalid;
is there anybody meeting this situation before? any advice i will appreciate.
Today I ran into a Flex Session Problem as well and encountered this SO question.
Well, the question is quite old, so I guess the original poster probably does not require any help any more, but for whoever stumbles across this post, I maybe the following info could help you.
A Flex App requires a valid session ID from the web app container (here tomcat), and it binds the clientOID found in the actual AMF request to this sessionID.
So the problem of the original poster probably was that he tried to use the same session ID on two tomcat instances, that will not work since every tomcat instance keeps the sessions for itself and in memory.
My problem was that I had a recorded jmeter test and it would not accept the combination of clientID in the recorded AMF message and sessionID in the URL.
However, the AMF error message that is returned contains a valid new session ID in the header section. The AMF header of that error message looks like that (at least for me):
Version: 3
(Header #0 name=AppendToGatewayUrl, mustUnderstand=true)
";jsessionid=OLD_SESSION_ID;jsessionid=NEW_SESSION_ID"
So what I did is to extract the new session ID from the AMF header and used that for the rest of the requests.
hope this is useful to anyone...

ORA-29270: too many open HTTP requests

Can someone help me with this problem that occurs whenever you run a TRIGGER, but works in a normal PROCEDURE?
TRIGGER:
create or replace
procedure testeHTTP(search varchar2)
IS
Declare
req sys.utl_http.req;<BR>
resp sys.utl_http.resp;<BR>
url varchar2(500);
Begin
url := 'http://www.google.com.br';
dbms_output.put_line('abrindo');
-- Abrindo a conexão e iniciando uma requisição
req := sys.utl_http.begin_request(search);
dbms_output.put_line('preparando');
-- Preparandose para obter as respostas
resp := sys.utl_http.get_response(req);
dbms_output.put_line('finalizando response');
-- Encerrando a comunicação request/response
sys.utl_http.end_response(resp);
Exception
When Others Then
dbms_output.put_line('excecao');
dbms_output.put_line(sys.utl_http.GET_DETAILED_SQLERRM());
End;
close your user session and then the problem is fixed.
Internal there is a limit from 5 http requests.
Might a problem is the missing: utl_http.end_response
or an exception in the app and not a close from the resp object.
modify the code like that:
EXCEPTION
WHEN UTL_HTTP.TOO_MANY_REQUESTS THEN
UTL_HTTP.END_RESPONSE(resp);
you need to close your requests once you are done with them, it does not happen automatically (unless you disconnect form the db entirely)
It used to be utl_http.end_response, but I am not sure if it is the same api any more.
Usually we need UTL_HTTP.END_RESPONSE(resp); to avoid of ORA-29270: too many open HTTP requests, but I think I reproduced the problem of #Clóvis Santos in Oracle 19c.
If web-service always returns status 200 (success) then too many open HTTP requests never happens. But if persistent connections are enabled and web-service returns status 404, behavior becomes different.
Let`s call something that always return 404.
First call of utl_http.begin_request returns normally and opens new persistent connection. We can check it with select utl_http.get_persistent_conn_count() from dual;. Second call causes an exception inside utl_http.begin_request and persistent connection becomes closed. (Exception is correctly handled with end_response/end_request).
If I continue then each odd execution returns 404 normally and each even execution gives an exception (handled correctly of course).
After some iterations I get ORA-29270: too many open HTTP requests. If web-service returns status 200 everything goes normally.
I guess, it happens because of the specific web-service. Probable it drops persistent connection after 404 and doesn't after 200. Second call tries to reuse request on persistent connection but it doesn't exist and causes request leak.
If I use utl_http.set_persistent_conn_support (false, 0); once in my session the problem disappears. I can call web-service as many times as I need.
Resolution:
Try to switch off persistent connection support. Probable, on the http-server persistent connections work differently for different requests. Looks like a bug.

Resources