I have a WPF app written in c# and it is supposed to work in offline and online both. I have a class that checks for connectivity to web service using following skeleton code :-
var url = "https://somesite.com/mywebservice.svc";
var myRequest = (HttpWebRequest)WebRequest.Create(url);
var response = (HttpWebResponse)myRequest.GetResponse();
if (response.StatusCode == HttpStatusCode.OK)
{
Debug.Write(string.Format("{0} Available", url));
}
else
{
// error
}
The issue is the web service requires authentication and hence an "unauthorized" exception is always thrown. Although the exception means the service is available but it is logged at network level and causes security alarm as the check is every 10 seconds. Is there a way to check the authenticated service availability without use of credentials or any other solution to above problem?
Thank you for the help!
Related
I want to access NiFi and do some actions through external web application created in C# using proxy user request. For that,
I have created C# web application and hosted as secure connection(https).
I need to access NiFi components using its REST API service without authorization token. Added C# web application certificate into NiFi truststore and added certificate name as user (CN=machineName) in NiFi. Also, added "proxy user request" policy for the newly added user.
In C# web application, added "X-ProxiedEntitiesChain = <username>" in header while requesting NiFi API. But it returns "unknown user" error in response. Please find the sample code below,
var httpWebReq=(HttpWebRequest)WebRequest.Create("https://testhost:8080/nifi-api/access");
httpWebReq.Headers["X-ProxiedEntitiesChain"] = "<username>";
httpWebReq.Method = "GET";
var response = (HttpWebResponse)httpWebReq.GetResponse();
var responseString = new StreamReader(response.GetResponseStream()).ReadToEnd();
return responseString;
Based on the available information the most likely problem is that you are not using a properly authorized user.
Check that you are using the proper username, and confirm that it is actually authorized for access.
(And of course make sure you don't just pass the string "username")
I have run into a snag while building a web client that makes use of a RESTful web service using Integrated Windows Authentication.
When I run the client locally (as myself), it works fine, and I see my user id in the IIS logs. But, when I run it remotely, no credentials are passed (i.e. I do not see my user id in the IIS logs), and I get an error that
"The remote server returned an error: (401) Unauthorized."
Both the local and published client call the same service. Also note that the IIS logs show two entries (one without a username and one with a username) when I run it locally. When I run in from the published location, there are still two entries, but neither shows the username.
Below is the code I am using to make the call:
var request = (HttpWebRequest) WebRequest.Create(ConfigurationManager.AppSettings["positionServicePath"] + "?positionNumberSearch=" + searchString);
request.Method = "GET";
request.ContentType = "application/json";
request.UseDefaultCredentials = true;
request.PreAuthenticate = false;
CredentialCache cc = new CredentialCache();
cc.Add(
new Uri(ConfigurationManager.AppSettings["positionServicePath"]),
"Negotiate",
CredentialCache.DefaultNetworkCredentials);
request.Credentials = cc;
// Get the Response
using (var response = request.GetResponse()){
var reader = new StreamReader(response.GetResponseStream());
// Convert the response to objects from Json
var resultList = JsonConvert.DeserializeObject<IEnumerable<PositionModel>>(reader.ReadToEnd());
// Return an empty list, if no data was retrieved
return resultList != null ? resultList.ToList() : new List<PositionModel>();
}
Any help would be greatly appreciated.
I think you have to create IIS user permitted to your project.
Follow this Anonymous Access
Second Option:
Try to enabled anonymous access in Authentication Methods in Microsoft Internet Information Services (IIS).
Step:
1. Open your IIS.
2. In IIS Group:
3. open or select Authentication:
4. Select Anonymous Authentication:
5. On the Left Side select Enabled.
Good Luck!
I found the answer to this issue was the same for the answer to the following Stack Overflow post: Unable to authenticate to ASP.NET Web Api service with HttpClient.
Thank you to those who took the time to look this over!
I have written a simple ASP.Net WebAPI that download a file from an on-prem tfs server using a rest call. The issue is when I connect to this site from my user account(corp domain), and set the credentials in webRequest to CredentialsCache.DefaultCredentials, it works fine since I am a vlid user on the tfs project.
Now someone else in my team wishes to use the same webAPI and when they hit the same url, I could see that its my credentials being used again to download the file.
I suspect this is because of using CredentialsCache.DefaultCredentials in my controller code, but I am not able to find a way using which I should be able to use the client's identity to be used for the download request.
My question is , is there a way to extract the windows identity or network credentials of the remote user(on the same domain) which I can use for Authentication. I am sorry if this is a DUP but I could not find a targetted answer to my question yet. Sample code is pasted below.
var request = (HttpWebRequest)WebRequest.Create(uri);
request.Credentials = CredentialCache.DefaultNetworkCredentials;
try
{
var webResponse = request.GetResponse();
var webStream = webResponse.GetResponseStream();
if (webStream != null)
{
var objReader = new StreamReader(webStream);
return objReader.ReadToEnd()
}
}
I dont know if I understand you correctly but I think impersonation is what you're looking for:
http://msdn.microsoft.com/en-us/library/xh507fc5.ASPX
I have a WCF Rest service that I am trying to integrate with Azure's ACS in order to validate requests from the clients.
I am trying to use one of the tests placed here :
http://msdn.microsoft.com/en-us/library/windowsazure/hh674475.aspx#BKMK_1
This is my code :
string wrapUsername = "account#hotmail.com";
string wrapPassword = "aPass123";
// request a token from ACS
WebClient client = new WebClient();
client.BaseAddress = string.Format("https://glamstsecure.accesscontrol.windows.net");
NameValueCollection values = new NameValueCollection();
values.Add("wrap_name", wrapUsername);
values.Add("wrap_password", wrapPassword);
values.Add("wrap_scope", "uri:WindowsLiveID");
byte[] responseBytes = client.UploadValues("WRAPv0.9/", "POST", values); <- Here i am getting The remote server returned an error: (401) Unauthorized
Scope is supposed to be the authentication authority right?
wrap_scope should be the realm of your relying party application in the ACS portal.
Also, you may want to take a closer look at this solution. It's intended to be used with service identities that you configure in your ACS namespace.
Ia m runing into the same issue when trying to use GoogleId/password. it works fine for ServiceIdentity. But always throws a 401 error when using anything else. Also, Rick Rainey, Can you please elaborate on why the above code can only be used for ServiceIdentities as specified by you?
I have an intranet site which calls a POST method from another server, also on the intranet.
If I set the Authentication mode to Basic Authentication in IIS I can use the following:
HttpWebRequest oReq = (HttpWebRequest)WebRequest.Create(sURL);
oReq.ContentType = "application/x-www-form-urlencoded";
oReq.Method = "POST";
oReq.Timeout = 60000;
...
oReq.Credentials = System.Net.CredentialCache.DefaultNetworkCredentials;
...
try
{
HttpWebResponse oResp = (HttpWebResponse)oReq.GetResponse();
...
}
All of the above works as intended.
However I need to change the security to Windows Authentication in IIS, and once I do I keep getting error 401 unauthorized on this line:
try
{
HttpWebResponse oResp = (HttpWebResponse)oReq.GetResponse();
...
}
That can be fixed by changing the credentials like so:
NetworkCredential creds = new NetworkCredential("username","password","domain");
oReq.Credentials = creds;
But that's not the right way anyway. How can I get the default credentials to work for Windows Authentication also?
If you've got one web site calling out to another, you've got a 2nd hop. This is a kerberos 2nd hop problem.
The intranet site needs permission to call the 2nd site on behalf on the end user.
I'd suggest you use a tool call DelegConfig. I can't recommend it highly enough. Its a simple asp.net application that will tell you what is wrong with your kerberos setup and can tell you how to fix it (or do it itself if you want)
I've found I had to get the client to server authentication working first for it it work, but once thats there it makes working out what wrong with the next hop to UNC/http/sql etc very easy.