I'm fairly new to HTTPS/SSL/TLS and I'm a bit confused over what exactly the clients are supposed to present when authenticating with certificates.
I have performed following process and it works well in SOAP UI
I have generated .jks file using java keystore command. Using this .jks file
I have generated a .crt file.
I have shared .crt file generated above with the server team for whitelisting it.
I have a JSON request that I need to pass to the server and get JSON response back.
Set Authorization to basic and pass it in the header of every request.
Set ClientID and ClientSecretKey in the header for every request.
All the above process works well in SOAP UI.
Following is the json request I am passing
{
"requestMsg":"B6FFF4C33AFBAA30D51DE049CB3CA4357E32C632DFBC7D7CA0461920F765980A6632943AD811B7E20205696C6A26105E24F7A2FC85979CDE1352BD35DEA620C594CC8A4B58FF408FD8967F69D6F970C186028ED5BD6A089B9F13924D2F9B44811027DA9039EA7136D4EA57D73584A0FFE2BCB990A25AE701EFF5042F3C709992C0C57BCEE0B8B651918ACE684BCE645D6A4A222A90EAA06A3A8D175A5A0E58EBACB8E1BBCBE98814D03B416FBC241C01E3CCA530E7ED1033AA639BA81A7B458562FFAF1B1D80DE098466DD0BBF95E50550501614BC9706C3943705BDF37108376CCD6FD46A00CECC1D4166A0CFCA02B7",
"agentInstitutionId":"YS01"
}
8) When I am trying to do same using my .net web application, the below are the issues which I am facing
How to Pass .crt certificate along with HTTP web request.
Settings for configuring it in IIS.
Is there any URL or steps that need to be done for attaching .crt file with
each request. ( please give pointwise steps)
Related
I have an ASP.NET Web API deployed on Azure App service.
I am experiencing following error: For one specific business object my Web API's GET method is returning Internal server error, while for other business objects the same GET method is working fine.
When I debugged my Web API it turned out, that valid business object is returned, but… GET method was triggered multiple times (and on client side I see that it is called only once)
This is an excerpt where Web API is called from client code
// Create HTTP transport objects
HttpRequestMessage httpRequest = new HttpRequestMessage();
httpRequest.Method = HttpMethod.Get;
httpRequest.RequestUri = new Uri(url);
// Set Credentials
if (this.Credentials != null)
{
cancellationToken.ThrowIfCancellationRequested();
await this.Credentials.ProcessHttpRequestAsync(httpRequest, cancellationToken).ConfigureAwait(false);
}
HttpResponseMessage httpResponse = await this.HttpClient.SendAsync(httpRequest, cancellationToken).ConfigureAwait(false);
Besides - if I try to open that same url from browser (e.g.: https://myservice.com/api/businessObject/xxx) - request is performed only once (as it should) and correct results (Json) is displayed in browser.
Any suggestions what to try to figure why call from client side (for specific object) results in multiple Web API service executions and how to fix this?
My Web API service is deriving from System.Web.Http.ApiController
I got some information from exception, but it doesn't seem to be very helpful
Exception thrown: 'Microsoft.Rest.TransientFaultHandling.HttpRequestWithStatusException' in Microsoft.Rest.ClientRuntime.dll The thread 0x27fc has exited with code 0 (0x0)
EDIT
I got some information from Azure Log stream, but that information does not seam to make sense… because this problem happens for one specific business object (and only when requested from my application - not failing from web browser), other business objects are working fine so I don't see how this could be related to access / web.config file...
IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
IIS was not able to process configuration for the Web site or application.
The authenticated user does not have permission to use this DLL.
..
Ensure that the NTFS permissions for the web.config file are correct and allow access to the Web servers machine account.
Check the event logs to see if any additional information was logged.
Verify the permissions for the DLL.
Install the .NET Extensibility feature if the request is mapped to a managed handler.
Create a tracing rule to track failed requests for this HTTP status code
[![enter image description here][1]][1]Currently I'm reading a client certificate from the external client and then validating in apim using policies which is done using
<policies>
<inbound>
Now when the request is valid and must attach the servercertificate along with the request and then send it back to the client.
How must this be done? can you please help.
Since you're putting certificate into a header you could simply bin64 encode it. You should be able to do it either by accessing RawData property or calling Export on it.
I'm using Google Apis, instead of Google Sign In, to connect to Google on my app because I'm developping with Xamarin.
This is the library I'm using : https://github.com/xamarin/google-apis
When I'm logging in, i get this error :
Authentication Error
Unexpected character '<'. At line 1, column 0.
Maybe it's because my AccessTokenUrl is not good, but I've tried many things. I know for a fact that my ClientId, my RedirectUrl and my Secret are okay.
When logging in, Google asks correctly for the good permissions that I want, but after I accept, this is when I receive the error.
I've tried finding the request to see if there was the '<' in it but had no luck accessing it.
Is there a good way to connect to Google with Xamarin using this library or I'm just doing something bad?
Should I just do it nativaly on iOS and Android?
Thanks
I just encountered a similar problem using Xamarin.Auth to hit a custom OAuth service (i.e. not Google). In my case, the accessTokenUrl pointed to an action on a controller that was entirely protected by the [Authorize] attribute. Naturally, the user was required to login before hitting the /oauth/authorize endpoint using a web browser, but the request to /oauth/token to exchange the resulting authorization code for an access token was not inside the same web browser/session. It was trying to get back token data in JSON format but was being redirected to an HTML login screen. Once I changed the token endpoint for anonymous access, things started working (Note: A valid authorization code cannot be obtained without authenticating).
General Recommendations
The error message strongly suggests that the response coming back is HTML (or at least some form of XML). This could be an authentication redirect as it was in my scenario, or possibly some sort of error page. I would first start by setting up a proxy. I used Charles Proxy to uncover some interesting information. You will need to configure SSL on the proxy to see anything except high level information. This will show the exact requests coming out of your app to the OAuth application.
Another technique I used was simulating the requests that the OAuth2Authenticator would be making in a web browser and/or Postman. The first request would be to authorize:
https://your.domain.here/oauth/authorize?client_id=<some_client_id>&redirect_uri=https%3A%2F%2Fyour.domain.here%2F&response_type=code&scope=<some_scope>&state=<some_state>
That endpoint should be protected, so you will likely be redirected to something like this:
https://your.domain.here/Account/Login?returnurl=%2Foauth%2Fauthorize%3Fclient_id%3D<some_client_id>%26redirect_uri%3Dhttp%253A%252F%252Fyour.domain.here%252F%26response_type%3Dcode%26scope%3D<some_scope>%26state%3D<some_state>
After authenticating, the authorize endpoint should redirect to your redirect URI with the authorization code and state included as query string parameters. You will use the code in the next step.
Lastly, using a fresh web browser (i.e. new session), you should hit the token endpoint with your new authorization code and other client information.
https://your.domain.here/oauth/token?client_id=<some_client_id>&client_secret=<some_secret>&grant_type=<your_grant_type>&code=<your_authorization_code>&redirect_uri=https%3A%2F%2Fyour.domain.here%2F
If the response is not JSON data, it should give you an indication about what is failing with Xamarin.
Got the same error.
Solved by using https://accounts.google.com/o/oauth2/token as AccessTokenUrl
I am using ASP.NET 4.0 and need to return a SOAP (XML) Response to a JSON variable within javascript on the page. Than I would like to be able to call the variable and it's properties as you would with any JSON variable. The Soap Web Service (.asmx) file is not on the server where I need to build the client-side (receiving the request and putting it into a JSON variable). Also, to make this more complicated, the XML Request that gets send to the Web Service needs to send a UserName and Password to be able to return the items.
The URL for the Web Service is here: http://ws.idssasp.com/members.asmx?wsdl
Figured I would create a Visual Studio Web Application Project (C#), which I was able to do and connect to the Web Service just fine, however, This needs to be on a page that javascript uses to output the items that come from the methods of the web service. So, a .aspx file would not work in this case, since it would need to output only the result of the web service response in a JSON variable within a tag (probably in the head of the page, but doesn't matter to me where). Or it could dynamically create a .JS file (which would probably be better, since it would be cached and wouldn't need to call the web service multiple times if the js file exists on my server). However, I'm not sure on what to build in Visual Studio to accomplish this? And I'm not sure on how it would be used to output it onto the page. I suppose the JSON variable could also be stored within a Members.json file on the server and could just call that to load up the json needed.
How to return a JSON array from SOAP, XML, Response... after sending a request to another server with UserName and Password in the header of the SOAP Request. There is a page here that explains the XML needed for the Request and what the response will look like: http://ws.idssasp.com/members.asmx?op=GetMemberList&pn=0
On this same page, they show you how to do it via PHP, but PHP is not available, and only have ASP.NET 4.0 available to me. Here is their PHP way of doing it:
$clientWS = new SoapClient('http://ws.idssasp.com/Members.asmx?wsdl');
$namespaceWS = 'http://ws.idssasp.com/Members.asmx';
$dmsClientU = '';
$dmsClientP = '';
$headerBodyWS = array('UserName' => $dmsClientU, 'Password' => $dmsClientP);
$headerWS = new SOAPHeader($namespaceWS, 'AuthorizeHeader', $headerBodyWS, false);
$clientWS->__setSoapHeaders(array($headerWS));
$results = $clientWS->GetMemberList();
print_r( $results );
How would I be able to do the same thing here is ASP.NET 4.0, but instead of returning the XML result, return a JSON variable that gets used within a script tag on the page?
Or maybe I am overthinking this and there is a better solution?
If you are connecting to the web service and retrieving objects without issues, you should be able to construct JSON objects out of the properties of the SOAP responses.
I suggest creating a web service in ASP.NET, converting the SOAP response to JSON in the C# server code, then using AJAX in the JavaScript of your page to retrieve the JSON from your web service. Basically, you would be creating your own specialized conversion web service for your project that sits in the middle.
Keep the credentials you need server-side for your .asmx conversion service. Whatever you do, do not put credentials in the client-side JavaScript for a web service call, even if it lets you avoid writing server-side code.
For some reference on ASP.NET web services:
http://msdn.microsoft.com/en-us/library/bb398998%28v=vs.100%29.ASPX
http://msdn.microsoft.com/en-us/library/bb763183%28v=vs.100%29.ASPX
I'm on IIS 6 and I have an ASP.Net 4.0 site that's a single page to serve as a SOAP reverse proxy. I have to modify the return content in order to delete a trouble node from the response and add a tracking node.
In order to facilitate its function as a reverse proxy for all addresses, I have the 404 on the server set to a custom "URL" of "/default.aspx" (the page for my app)
For requests without a payload, it works perfectly - such as for ?WSDL Urls. It requests the proper URL from the target system, gets the response and sends it back - it's pretty utterly transparent in this regard.
However, when a SOAP request is being made with an input payload, the Request.InputStream in the code is always empty. Empty - with one exception - using SOAPUI, I can override the end point and send the request directly to /default.aspx and it will receive the input payload. Thus, I have determined that the custom 404 handler is - when server-side transferring the request - stripping the payload. I know the payload is being sent - I have even wiresharked it on the server to be sure. But then when I add code to log the contents of Request.InputStream it's blank - even though Request.ContentLength shows the right content length for the original request.
I've also been looking for a good way to use ASP.Net to intercept the requests directly rather than allowing the normal IIS 404 handler to take care of it but even with a wildcard mapping, I can't seem to get the settings right nor am I fully confident that it would help. (But I'm hoping it would?)
Finally, I don't have corporate permission to install MVC framework.
Thus, I need either some configuration for IIS I am missing to make this work properly or some other method of ensuring that I get the request payload to my web page.
Thanks!
What about using an HTTP Handler mapped to all requests?
You'll need to add a wildcard application mapping as detailed here and correctly configure your HTTP Handler.