I know this question has been asked many times before but I don't seem to be able to find a solution to my problem.
I had to rename some prototype projects I was working on, and these worked perfectly well before being renamed but since renaming them and creating a new application app pool, I can no longer access my database and keep getting the following error:
Login failed for user 'Domain\\MachineName$'
My Web API and database are on the same machine and I still want to use the AppPool rather than specifying a username and password or use the SystemLocal as it worked before and would like to figure out what's changed.
I can see that the identity of my web API is indeed my domain\me but somehow when it's trying to open the database from the injected repository, I'm getting the above error.
I've checked the following:
My connection string hasn't changed:
data source=MyMachine\SQLInstance;Initial Catalog=MyDatabase;integrated security=SSPI;
I've compared the old AppPool and the new one and they are identical.
I've added my new AppPool to SQL server and granted it access to the database with datareader/datawriter access.
I've added the new AppPool to security for the (renamed) directory folder.
All authentications are disabled in IIS except for Windows Authentication. This part must work since my web api's identity is my domain/me user. I just don't get why it is trying to use the machine name when opening the database.
I've read the following to check if I could find anything else but to no avail:
https://learn.microsoft.com/en-us/iis/manage/configuring-security/application-pool-identities
Login failed for user 'DOMAIN\MACHINENAME$'
Login failed for user 'IIS APPPOOL\ASP.NET v4.0'
Why is my MVC app trying to log into my DB as my machine, and not as the App Pool identity?
Has anyone got any other suggestions?
Thanks.
UPDATE-1:
Odd, I thought I'd try to use my username and password for the new AppPool and yet, I'm still getting the same error.
I figured out the problem. This is really odd and appears to be an issue with IIS.
As mentioned in my question, my web API was set to the new AppPool and I could clearly see it the AppPool set correcly via "Advanced Settings" from the "Action" menu in IIS, but when I right clicked on the Web Api virtual folder and selected "Manage Application|Advanced settings", the AppPool name was set to the DefaultAppPool.
The second I changed it, everything worked as it did before using my new AppPool.
Note:
I also removed the new AppPool from the Security applied on the folder as it didn't seem to have any effect once I changed the above!
It must have been a once off problem as I've just changed my website and changing the AppPool via the "Actions" also displayed correctly when I checked "Manage Application|Advanced settings".
With my outlook.com account I logged in to portal.azure.com and I created a new application. Microsoft has provided a sample app (daemon_console) for quick experiments (in QuickStart guide) and I followed steps provided for the sample app, the app automatically takes the application id and client secret you generated and updates the configuration JSON file (appsettings.json) with this info. I downloaded the code after these steps but when I run the sample app it throws the error "Authorization_IdentityNotFound".
Looks like it is able to fetch the token but following code is throwing the error:
var httpClient = new HttpClient();
var apiCaller = new ProtectedApiCallHelper(httpClient);
await apiCaller.CallWebApiAndProcessResultASync($"{config.ApiUrl}v1.0/users", result.AccessToken, Display);
Microsofts page has step to get Admin consent in two ways:
If you are a global administrator, go to API Permissions page select Grant admin consent for Enter_the_Tenant_Name_Here
Standard user
If you're a standard user of your tenant, then you need to ask a global administrator to grant admin consent for your application. To do this, give the following URL to your administrator:
https://login.microsoftonline.com/common/adminconsent?client_id=my apps client id
I have tried both these options. With the first option, I am able to grant the required permissions. But the issue still exists.
With the second option when I go to the suggested URL it fails with error:
"AADSTS500113: No reply address is registered for the application."
I think this should have been a straightforward process but somehow the app is not able to execute and fails with errors:
"code": "Authorization_IdentityNotFound",
"message": "The identity of the calling application could not be established.",
Please let me know if anyone has tried these steps and has managed to resolve this issue.
Note that I can run "https://graph.microsoft.com/v1.0/users" from graph explorer with my outlook.com account and it works perfectly fine.
I tested it, and at first I was running into the same issue,
its because of the common in the appsettings.json
replace the "Tenant": "common"
with "Tenant": "your Tenant ID",
You can get the tenant ID from the overview page of your app registration Directory (tenant) ID. After you do that, make sure you right click the project and click rebuild. because if I just do a normal run it had it cached and did not update it from common.
I am running Google Translate API in C#.
Running locally on my computer the next code works, but online on a server it throws the following error:
using Google.Cloud.Translation.V2;
TranslationClient client = TranslationClient.Create();
var response = client.TranslateText(sentence, targetLanguage, sourceLanguage: sourceLanguage);
"The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information."
Locally this runs just by installing Cloud SDK Installer which does all the settings, there is no need for authentication in code.
On the server, should I use instead OAuth 2.0 or Service account keys ?
Can someone assist me on how to solve this?
EDIT: Can someone confirm to me if it is necessary to have access to the local server to run commands in command line like here https://cloud.google.com/storage/docs/authentication ? This would be pretty ridiculous, instead of just writing code. For example Youtube API does not require local access.
Follow directions to get json file:
https://cloud.google.com/translate/docs/reference/libraries
Then run this code first:
System.Environment.SetEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS", "c:\mypath\myfile.json");
To generate a private key in JSON or PKCS12 format:
Open the list of credentials in the Google Cloud Platform Console.
OPEN THE LIST OF CREDENTIALS
Click Create credentials.
Select Service account key. A Create service account key window
opens.
Click the drop-down box below Service account, then click New service account.
Enter a name for the service account in Name.
Use the default Service account ID or generate a different one.
Select the Key type: JSON or P12.
Click Create. A Service account created
window is displayed and the private key for the Key type you
selected is downloaded automatically. If you selected a P12 key, the
private key's password ("notasecret") is displayed.
Click Close.
You can find more details here
https://cloud.google.com/storage/docs/authentication
Its all in the errormessage. You have two options
Run the Google Compute Engine on the machine you have your program running on and input your credentials there.
Use a service account and set the "GOOGLE_APPLICATION_CREDENTIALS" environment variable to reference your credentials file (which is a .json file that you can download from the google developer console.)
PS: Do not store your credentials file anywhere on the server where it may be accessed by someone else!
You must download API key from
https://console.developers.google.com/iam-admin/serviceaccounts
After that download .P12 file file to use it in your code
var certificate = new X509Certificate2(#"key3.p12", "notasecret", X509KeyStorageFlags.Exportable);
notasecret is default password
The easiest answer to my question , to avoid local settings on the server, is the third option of using the Translation API described below: using API keys.
This means just a simple POST to an endpoint that has the API key in the link.
https://cloud.google.com/docs/authentication/#getting_credentials_for_server-centric_flow
https://cloud.google.com/docs/authentication/api-keys
Let me first start with saying I've searched for an answer to this question for quite some time...
I'm trying to setup Facebook OAuth to work with my application that is being developed locally on my machine. Everything was working perfect with Facebook authorization UNTIL I moved from using localhost to another domain name (still local to my machine.) Now I'm getting the following error.
Can't Load URL: The domain of this URL isn't included in the app's
domains. To be able to load this URL, add all domains and subdomains
of your app to the App Domains field in your app settings.
My hosts file contains 127.0.0.1 domain.dev (works perfect)
My redirect in my app (using Socialite) is http://domain.dev/auth/facebook/callback
In my Facebook App Settings...
my App Domain is domain.dev
my Site URL is http://domain.dev/
my Valid OAuth redirect URIs is
http://domain.dev/auth/facebook/callback
The URL at the time of the error message is..
https://www.facebook.com/v2.5/dialog/oauth?client_id=XXXXXXXXXXXXXXX&redirect_uri=http%3A%2F%2Fdomain.dev%2Fauth%2Ffacebook%2Fcallback&scope=email&response_type=code&state=0ztcKhmWwFLtj72TWE8uOKTcf65JmePtG95MZLDD
I'm at a loss of what the problem is...
Screen Shot 1
Screen Shot 2
In case someone comes across this and is looking for these settings (like I was)
You have to
On the left hand side, click "+Add Product" and select "Facebook Login" (it was at
the top for me)
See the new settings available on the left hand side
You will now have these OAuth settings on that "Product Settings"
Additional Info: Make sure to add the Callback URL like http://localhost:3000 to the Valid OAuth redirect URIs field on the settings page of Facebook Login
This usually happens if you have entered the wrong details when you created the App in Facebook. Or have you changed a URL's of an existing App?
Can you please recheck the settings of your APP in this page?
https://developers.facebook.com/apps
Select the correct App and click in the edit button;
Check the URLs & paths are correctly entered and are pointing to the site where you have installed Ultimate Facebook plugin.
I had the same problem. I solved it by adding my OAuth redirect URI as a argument to the getAccessToken function call:
$redirectLoginHelper->getAccessToken("https://www.example.com/myfacebookcallback")
If no argument is sent into that function the SDK generates the redirect URI by itself which should work but in my case it didn't.
Hope this helps someone.
Make sure your app is public.
Click on + Add product
Now go to products => Facebook Login
Now do the following:
Valid OAuth redirect URIs : example.com/
Deauthorize Callback URL : https://example.com/facebookapp
Can't Load URL: The domain of this URL isn't included in the app's
domains. To be able to load this URL, add all domains and subdomains
of your app to the App Domains field in your app settings.
I had this issue today, I find the Facebook documentation and SDK disrespectful and arogant towards other developers to say the least.
Besides having the "app domains" in two different locations without much information (3 if you add a "web" platform), you also need to go to app products / facebook login / settings and add your redirect URL under Valid OAuth Redirect URIs
The error says NOTHING about the oauth settings.
Here's what I did to solve this issue:
Basically:
1) Enable "Embedded Browser OAuth Login"
2) Disable "Use Strict Mode for Redirect URIs" and enter a redirect
URI like the way I did.
3) Leave all the rest of the options as they are.
4) Save your changes.
5) Enjoy :)
Facebook has recently disabled the toggle button for 'Use Strict Mode for Redirect URIs', so you need to add exact URI what's being called when you hit login button. For my case it was as shown in screenshot.
It solved the issue for me :)
I had the same problem, and it came from a wrong client_id / Facebook App ID.
Did you switch your Facebook app to "public" or "online ? When you do so, Facebook creates a new app with a new App ID.
You can compare the "client_id" parameter value in the url with the one in your Facebook dashboard.
In my case, things i had to do is only enabling the Embedded Browser OAuth Login
As of 2017-10.
Solution that solved my issue.
Currently that FB renders this surprise.
...app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on...
The settings to adjust are located here https://developers.facebook.com/apps/[your_app_itentifier]/fb-login/.
The trailing slash is important. They must match in your app code and in FB admin settings. So this is a config somewhere in your code (see below how to get any domain name for a dev app):
{
callbackURL: `http://my_local_app.com:3000/callback/`, // trailing slash
}
and here
To get any domain name for an app on a local Windows machine, edit host file. Custom names are good in order to get rid of all those localhost:8080, 0.0.0.0:30303, 127.0.0.0:8000, so forth. Because some third party services like FB sometimes fail to let you use 127.0.0.0 names.
On Windows 10 hosts file is here:
C:\Windows\System32\drivers\etc\hosts
Backup initial file, create a copy with different name (Doesn't work in native Windows CMD. I use Git for Windows, it has many Unix commands)
$ cp hosts hosts.bak
Add this in hosts
127.0.0.1 myfbapp.com # you can access it in a browser http://myfbapp.com:3000
127.0.0.1 www.myotherapp.io # In a browser http://www.myotherapp.io:2020
In order to get rid of port part :3000 set up NGINX, for example.
The way I fixed it: I went to the Valid OAuth Redirect URIs textbox and set the exact URL, not just the domain:
before: https://my-website.com
after: https://my-website.com/facebookoauth/facebooklogin
(the url may be different in your case, check it in the address bar of the browser).
This was caused by the setting Use Strict Mode for Redirect URIs, which was locked in the Yes position.
Most of the time its happen with not insert proper valid OAuth redirect URL in the product section of the FB dashboard.I suggest follow my bellow steps
01.Check the basic setting of the app is okay with bellow picture with you
02.check whether you have add a product
If not you can easily add log in product by clicking + sine as I show in the bellow.
If Yes just got to inside of the product setting.
03.The check whether you have provide valid OAuth redirect URL
Its simple mean what should after login.It is not other than that your call back URl.You can see in my bellow picture I have added several redirect URLs.
have any problem further Watch my video-- >
https://www.youtube.com/watch?v=mdhubrzV5y8&t=3s
Click here Code Project!
Its Code project example. Its working to me
I had the same problem,
I just added the link of my local adress http://localhost/Facebook%20Login%20Test.html to Site URL in my application setting https://developers.facebook.com/apps.
Now it works fine :) I hope this was useful ;)
Nothing really worked for me, until I updated the SDK version I was using. I started with 5.0. Not even 5.4.0 would not work either. When I updated to 5.6.2, it worked flawlessly, despite there being nothing in the changelogs that was relevant!
This option should be enabled in portal:
In case this helps anyone else, this started happening for me on an older site when "Valid OAuth Redirect URIs" became mandatory. The site was still using the V4 PHP SDK and the problem was resolved for me by upgrading to the V5 SDK.
In the App domain section, you are writing your app domain but you also need to add your login domain i.e. the name of html page where you ask user to login. In my case, I was testing it on localhost and the login route was localhost/login, If I only put http://localhost.com in App domain section, I get this error. But after adding http://localhost/login.com, the error was fixed.
and also the App settings has changed in newer version of SDK, in which there is no option for OAuth redirect route. You've to assign the redirect route directly from server side, after successfully getting OAuth token.
This worked for me:
Here's the main thing to understand: Facebook will always check for the "WWW" domain. So make sure www.your_domain.dev is working on your browser first.
It is possible that if you have multiple virtual hosts on your local server, some other virtual host overrides "www.your_domain.dev". So please check that.
Apache will pick the FIRST definition of domain (or ports, or something in these terms - I'm no expert on this, but learned by mistakes).
An easy quick fix for this virtual host overriding is to put "www.your_domain.dev virtual host definition on the very top of the file "httpd-vhosts.conf".
Go to "/apache/conf/https-vhosts.conf" and put this on the very top of the file:
<VirtualHost *:80>
<Directory "C:/your_app_folder_path/">
Options FollowSymLinks Indexes
AllowOverride All
Order deny,allow
allow from All
</Directory>
ServerName your_domain.dev
ServerAlias your_domain.dev
DocumentRoot "C:/your_app_folder_path/"
</VirtualHost>
###### FOR SSL #####
<VirtualHost *:443>
DocumentRoot "C:/your_app_folder_path/"
ServerName your_domain.dev
ServerAlias www.your_domain.dev
SSLEngine on
SSLCertificateFile "conf/ssl.crt/server.crt"
SSLCertificateKeyFile "conf/ssl.key/server.key"
<Directory "C:/your_app_folder_path/">
Options All
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Next: If you are using Windows system, edit your "hosts" file in "C:\Windows\System32\drivers\etc" by adding two lines:
127.0.0.1 your_domain.dev
127.0.0.1 www.your_domain.dev
Next: Restart your Apache server and everything should work now.
I hope this will help you and save your time.
I wasted almost a whole day searching around the web and was pulling my hair out and couldn't find anything helpful until I found this.
The problem, and the answers, keep changing as FB tightens up the login procedure. Today, I started getting this horror message "The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."
The answer was: now FB wants the full redirect uri. So for me, where it used to be just https://www.example.com it now wants https://www.example.com/auth/facebook/callback. This has to go in the "Valid OAuth redirect URIs" field (Developer/Facebook login->setting)
Facebook Login -> Settings -> Valid OAuth redirect URIs -> insert the domains of your redirect url, remember you should add 'https' or http.
eg: if your redirect url is https://xxx.xxx.com/path/callback.do, you only need to enter https://xxx.xxx.com/, it's ok for me.
I had the same problem.....the issu is in the version PHP SDK 5.6.2 and the fix was editing the following file:
facebook\src\Facebook\Helpers\FacebookRedirectLoginHelper.php
change this line
$redirectUrl = FacebookUrlManipulator::removeParamsFromUrl($redirectUrl,['state','code']);
to
$redirectUrl = FacebookUrlManipulator::removeParamsFromUrl($redirectUrl,['state','code','enforce_https']);
This same Facebook error happened to me in the Production environment. The reason was I had 2 apps registered with Facebook (Local, Production) but I hardcoded the Local app ID into the source code and forgot to switch it out for the Production app ID before deployment.
Best practice dictates you shouldn't have the app ID hardcoded into the source code but if you do, do not mismatch your various Facebook app IDs like I mistakenly did.
Using my own local server.
Simply adding http://localhost/my-site as a URL in:
https://developers.facebook.com/apps/YOUR-APP-ID/fb-login/
worked for me.
first step:
use all https://example.in or ssl certificate URL ,
dont use http://example.in
second step:
faceboook application setting->basic setting->add your domain or subdomain
third step:
faceboook application login setting->Valid OAuth Redirect URIs->add your all redirect url after login
fourth step:
faceboook application setting->advance setting->Domain Manager->add your domain name
do all this step then use your application id, application version ,app secret for setup
on Magento 2 Social Login extension, you have to copy Valid OAuth redirect URIs from the panel and add the link to Valid OAuth Redirect URIs field in Client OAuth Settings page at developers.facebook.com
If your game has no server/site (e.g. if you develop for Gameroom like me) - add "https://apps.facebook.com/xxxxxxxxxxxxxxxxx" (put your app ID instead of "xxxxxxxxxxxx") to "Valid OAuth Redirect URIs".
in my case, i solved this issue by adding the full URL and not only the domain as facebook ask. i hope that they will rename it for more clarification.
so the Valid OAuth Redirect URIs should be like so:
Before: https://www.mobile-battles.com
After: https://www.mobile-battles.com/register
The Meta for Developers interface currently provides two places where you can enter the domains for your app: the Basic settings under "App domains", and the Advanced settings under "Domain Manager". The SDK might not recognize your domain if it is listed in just the Domain Manager.
If you are using AWS Cognito then add the URL https://<your-user-pool-domain>/oauth2/idpresponse to the Valid OAuth Redirect URIs in Facebook Login -> Settings
I am just starting out with the c# Google.Apis.Gmail.V1 classes and using a service account to read a mailbox.
My code works fine when I use the following snippet
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(ServiceAccountEmailAddress)
{
User = "abc#test.domain.com",
Scopes = new[] { "https://www.googleapis.com/auth/gmail.readonly" }
}.FromCertificate(certificate));
With that code I can call the following successfully
if (credential.RequestAccessTokenAsync(CancellationToken.None).Result)
{
}
But I need to modify the email messages so I changed the scope from
https://www.googleapis.com/auth/gmail.readonly
to
https://www.googleapis.com/auth/gmail.modify
I now get an exception when requesting the access token
{"Error:\"unauthorized_client\", Description:\"Unauthorized client or scope in request.\", Uri:\"\""}
I have checked the service account (*.iam.gserviceaccount.com) in the Google Developers Console and I have tried all options for permissions including OWNER which should give me Full access to all resources but no joy.
I think I am just missing a simple step but I am unsure of where to look next.
TL;DR
I would read through this, but here is the short version. I know this is an older post, but hopefully it finds you!
If you have not updated/white-listed the service account's privileges/scopes in the Google Admin Console you will need to do that, make sure the domain has API access enabled, make sure the service account is setup properly, when creating the "certificate" object be aware its parameters so that it is being instantiated correctly, check the permissions on the account being impersonated and finally make sure you've made an appropriate Google Apps service account key (could have easily made an inappropriate key type.)
White-listing Google APIs in the Admin Console
This gives the Google Apps service account the abilityto use whatever scopes you provide in your Google Apps domain.
Login to the Google Apps Admin Console by using the following link.
https://admin.google.com/
The Google Apps user account must have sufficient privileges to modify domain related settings. It does not have to be the account used to create the Google Apps project in the developer console. If the account does not have privilege you will be directed to a completely different screen with no options to click on varying domain controlling web apps like "Security", "Roles", "Support", "Groups" and etc. Instead you'll dumped onto a page that shows things like "Gmail", "Drive", "Docs" and etc. that is typical user apps. The current link it drops you at is https://apps.google.com/user/hub
Click “Security.”
Click “Show more” option at the bottom of the security options list.
Click “Advanced Settings” to get the more options.
Select the “Manage API client access” link.
Now certain API scopes must be white-listed for the desired service account. In the “Client Name” text box provide the service account’s client ID. The client ID is obtained in the developer console. In the “One or more API scopes” add the desired scopes; comma delimited.
Note, if there are existing scopes they will be removed so be sure to re-add any that will be needed.
Enable Domain Wide API Access
Login to the Google Apps Admin Console by using the following link.
https://admin.google.com/
Go to the “Security” page.
Under “API reference” section
Make sure that “Enable API access” is enabled.
Creating an Appropriate Google Apps Service Account Key (Probably this)
Go to the Google Developer Console. Login as the Google Apps user that created the Google Apps project/service account. https://console.developers.google.com/
Navigate to the particular project with which you created the service account.
Click the "Service Account" button on the left of the project's page to bring up a page with all of the project's service accounts.
Click the vertical ellipse widget all the way to the right of the desired service account's row. Select “Create Key.”
Select .p12 key as it looks like this is what you're trying to use. Click "Create." Be sure to protect this key.
I have found that if the key is not created this way then it leaves open the possiblity for making either an API key or an OAuth 2.0 client/user key. These are the wrong types of keys to use in this case you would need to have created a service account key. The way outlined above forces you to create a service account key.
Modifying the Existing Google Apps Service Account's Settings
I'm not going over how to setup the actual service account, one thing you may need in your case is to make sure that the service account has domain wide delegation enabled. This is toggled in the Google Developer Console. Should be pretty easy to find.
Code
You do not provide your entire code base for creating the token, so just want to add a few things you might be doing improperly.
Make sure when you create the certificate that the secret you provide is the default "notasecret" string. This secret is currently the default value provided by all keys distributed by Google and is immutable during key creation. I had a link to prove this, but have since lost it.
X509Certificate2 certificate = new X509Certificate2(certificateFilePath, "notasecret", X509KeyStorageFlags.Exportable);
Just trying to advocate proper coding. While I have found some bugs in the past with Google's constant values that required additional string manipulation (adding additional slashes.) You should really be using the string constants that they provide in place of literals. I only say to use these because it provides a layer of abstraction, who is to say Google will never change the literal; unlikely.
In your case the new scope is:
GmailService.Scope.GmailModify
While the old scope was:
GmailService.Scope.GmailReadonly
Otherwise, everything code wise looks good to me.
Another thing to try would be to make sure that the actual Google Apps user account being impersonated by the service account has sufficient privileges. I would suspect a different error if this were the case, would be getting a 403 in the response instead. Anyway, in your case this is the "abc#test.domain.com" account. Once again you would go to the Google Admin Console, check its roles make sure it has sufficient roles checked for whatever it is you're trying to do. I don't know what specifically you'll need in this case, best bet would be to give it the same permissions as the "Super Admin" role then remove permissions as you go to see what it might actually need. Otherwise, if possible just give it "Super Admin."
If I was a gambler I would put my money on an inappropriately created service account key. I just recently ran into this and it was the only thing that produced the same exact error you're receiving. Other things would get me the same "Description" value in the response token, but not the same "Error" value. I'm not really even sure how the culprit key was made, because I didn't make it. I just know the fix was to recreate a new key with the steps above and that fixed the issue.