I realize there are similar questions like this posted, but none I've read are applicable to my situation/resolved my issue.
I'm using Microsoft Azure and Visual Studio 2015 Pro. Google OAuth2 authenticates fine with a Google account using Visual Studio 2015 for localhost. However, when I publish to Microsoft Azure I receive the error "REDIRECT_URI_MISMATCH" after selecting the Google account I would like to use to authenticate.
I have the Google OAuth2 ID and Google OAuth2 Secret stored in the Authorization/Credentials Azure console under Google for authentication method. These credentials match the credentials I am using to test locally with Visual Studio 2015 which is successful for authentication.
What could possibly be causing this URI mismatch error even though I've checked over and over that the redirect URI referenced in the browser matches the redirect URI I've entered within the Google URI Redirect section of the console? Please see linked screenshots for the error and the URI information (placeholder/substitute site name used for privacy).
Note: I do know that within Visual Studio it asked me to add a firewall rule to allow my local IP for when I publish (I think to do with the Database). Irrelevant red herring? Just thought I'd mention it just in case.
Google Error: redirect_uri_mismatch
Google Console: Listed Redirect URIs
Credit truly goes to #WilliamDenniss
Further Research: Using a proxy filter the actual request information showed Microsoft Azure was not utilizing the correct parameter (even though it was correct in the Microsoft Azure console) for client_id (as William Denniss suggested) and the browser (Google Chrome) was reporting the correct credentials in the error returned as well as (surprisingly) the correct information in the address bar. I suspect this was a glitch to do with sessions/cache - it's worth noting I am using the newer somewhat unfinished Azure Console that Microsoft is converting to.
Solution: I not only had to create new credentials within Google Console for the project I had created and match these new credentials in Microsoft Azure console but also clear my entire cache/cookies etc. in order for the correct parameter for client_id to be sent/used, which I again verified using a proxy filter. Only after I did all of the above that I mentioned did the error resolve itself.
Related
I'm learning asp.net core and I was following tutorials about identity and external login providers. I have succeded to create extrenal google and ms accounts for testing and locally it is working fine.
I have published test app to my VPN IIS public server to see how it is working (I have other apps there), but I started to have some illogical issues and I don't understand where the problem is.
I can sign in with ms account or google account to one computer.
If i try the same on other computer I'm getting "error 400 redirect_uri_mismatch" with google and almost the same for msaccount:
AADSTS50011: The redirect URI 'https://myserver/mysite/signin-microsoft' specified in the request does not match the redirect URIs configured for the application.
Just to add that, on msaccount response, I can see clause that 'Reply address did not match because of case sensitivity'. But that is nonsense because I have signed in with other msaccount (have 2 private accounts for google and for ms for testing) onto different computer and there was working fine.
Just to be sure I have entered proper casing return url address to azure dev portal, and same was happening. it seems like after app publish, first pc which gets msaccount / google user over external login blocks other pc..
I don't understand why extrenal login is working for one pc. First what comes to mind is that beacuse it is a test project and I have not verified domain (etc..) on google / microsoft and that there are some limitations for signing users in (perhaps need to pay??).
But, please, can someone confirm this? Or someone have the idea what is happening?
Tnx!
Renato
Locally, my api is working fine but in the Azure apim when i add these lines in the controller (to access my RavenDB) i get an internal server error 500.
Here is the startup configuration:
i'm also using AzureKeyVault to get the certificate to access my RavenDB.
I added the apim's IP in the allowed IPs of RavenDB Cloud, without success.
The question is, how can i fix that ?
Feel free to ask in case you need more informations.
EDIT
I recently had more information about the error 500
Problem solved
Waiting for #TinyWang to write his anwser instead of a comment.
You can find the things that worked for me in the comments.
To sum up here and end this case:
According to the error message, we can see it comes from the error route in the server but not something wrong with azure apim. We can use kudu for azure web app to check the folder structure of server.
And as op said in the comment above, he chose to uploaded the certificate to the server.
I uploaded the certificate in the App Service of Azure using kudu in
the C:\home\site\wwwroot> - Finally, i changed the x509KeyStorageFlags
from DefaultKeySet to MachineKeySet
I have developed a bot using the Microsoft Bot Framework in C#, and am in the process of trying to deploy it to a webserver instead of Azure. The web server runs Windows Server 2012 R2 and has IIS 8.5 installed. The bot works fine locally and can be tested there using the emulator without any problems.
I have configured a site in IIS on the web server for the bot and deployed the bot code there, as well as configured the app ID and password. When using the "test connection" facility on the Bot Framework site, I am given an "Unauthorized" message.
Can anybody advise on where I may be going wrong, or share their experiences with debugging these kinds of errors? Bot Framework does not seem to provide a terribly good debugging experience, unfortunately.
https://chatbot.xxxxxxxxinsight.com/
These are the common issues that users run into:
Your bot’s cloud endpoint URL is not correct. Make sure you have
included the path at the end of the URL (e.g. /api/messages).
Your bot’s endpoint is not HTTPS or is not trusted by the Bot Framework
Channel Emulator. Your bot must have a valid, chain-trusted certificate.
The bot is configured without a Microsoft App Id or a Microsoft App
Password.
Your Microsoft App Id or Microsoft App Password are incorrect.
See the full auth troubleshooting guide here.
If you are still getting Unauthorized error message you should check the follwing
Microsoft App Id and Microsoft App Password in appsettings.json file
in your project folder. (appsettings.json refers to .NET Core Bot
Framework Development)
Check the channels inside your Azure Bot (in Azure Portal), and
check the allowed channels.
This should get your bot in running state. Make sure to pass App ID and Password with the URL in Emulator to connect to your bot.
If you are missing your Microsoft App Password, please comment below.
I am getting started with the Microsoft Bot Framework, and tried running the very basic app from the getting started tutorial using the emulator.
When I send the message, I get the error : 401 Unauthorized
Things I have done
I have corrected the URL in the emulator to match the correct URL of the app.
Have deleted the APP ID and APP password from the emulator fields.
I assume I don't need to worry about https yet, since I am running locally (localhost).
Microsoft Bot Framework Document says that when you're running in the localhost add your localhost with the correct port and ask you to keep empty in the app id and the app pass.
But if you have added you your app id and and pass to web.config file, make sure to add them to your emulator as well. Otherwise you will get 401 - Unauthorized error.
This has me feeling pretty lame. I'm trying to learn how to do the 'oAuth2 dance' and in order to see it working i wanted to get a trivial demo site up and running and logging in via twitter. i've seen a demo where it's as easy as creating a new web mvc project, making sure 'individual user accounts' is the auth mode, and un-commenting the two auto-generated lines to enable twitter auth in Startup.Auth.cs. i should then be able to hit the login page of the completely stock, boilerplate web project, and click the 'Twitter' button that's now visible under "Use another service to log in."
however, when i do this - unlike the demo i saw - i get a certificate error:
The remote certificate is invalid according to the validation procedure.
Exception Details: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
Now, i don't claim to deeply understand how certs work, but i've checked and i have a certificate for 'localhost' and i've verified it as being associated with my user account and the computer account user the cert mgr tool in MMC (it even reads 'IIS Express Development Certificate'). i also see 'localhost' under 'trusted root cert authorities'.
i immediately don't know what else to check...i'm not even 100% sure that it's complaining about my localhost cert (as opposed to that of twitter?); i'm not even sure what server address the internals of the Microsoft.Owin.Security.Twitter code is trying to hit?...
One thing i noticed while looking at my user certs is that were a bunch that seemed to be installed by fiddler that were issued by 'DO_NOT_TRUST_FiddlerRoot', including one for localhost. I tried to disable this cert, however, and didn't make any difference. i can't imagine installing fiddler would so thoroughly disable your system configuration, anyway. that said, i 've tried it with and without fiddler running and nothing works.
what could possibly be causing this? i still have a lot to get done and i'm stuck in the starting gate. i feel ridiculous that i can't even get auto-generated MS sample code to run on my machine....argh.
thanks.
Have you registered your site to Twitter as well as obtain an app secret/key? Refer to this to get your answers.
http://www.asp.net/web-api/overview/security/external-authentication-services#TWITTER.