Develop Reference

DocuSign account cannot get JWT token

I have two accounts of DocuSign, both have the same config on the Setting section. But the first one even though expires of the trial still can send the envelopes. The second one gets invalid_request when I tried to get the JWT token base on client_id, user_id, and private_key.
Do we need to enable some config to allow it? Thanks in advance.

A couple of things:
Are you using a trial (login via www.docusign.net) or developer demo account (login via demo.docusign.net)? You should only use developer demo accounts while developing with DocuSign.
To get a free developer demo account click the link at the top right of the developer center page. Demo accounts do not expire, but their envelopes that are over 30 days old are automatically deleted.
invalid_request can be cause by a number of different issues. Additional information is available in the body of the response. Please see what it is and then edit your question to add the information.
Added
For JWT invalid_request errors, the recommended steps are:
Get the DocuSign code example running with JWT grant. For C#, this repo.
Once that works, you'll know that the problem is in your code, not in the settings of the integration key (the client id), the private key, etc.
Check that your computer's clock settings are correct--the timezone and the day/date. These are used by JWT.
Check that you are specifying a user's guid id to be impersonated. This is also referred to as a user's "API User Id"
Check the body of the API response for additional debugging information.
If you receive the error "consent_required", that is good news since it indicates that your JWT grant was correct, except that the person being impersonated hasn't yet granted consent to be impersonated. To fix, see this blog post.

C# GMAIL API Service Account Modify - unauthorized_client

I am just starting out with the c# Google.Apis.Gmail.V1 classes and using a service account to read a mailbox.
My code works fine when I use the following snippet
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(ServiceAccountEmailAddress)
{
User = "abc#test.domain.com",
Scopes = new[] { "https://www.googleapis.com/auth/gmail.readonly" }
}.FromCertificate(certificate));
With that code I can call the following successfully
if (credential.RequestAccessTokenAsync(CancellationToken.None).Result)
{
}
But I need to modify the email messages so I changed the scope from
https://www.googleapis.com/auth/gmail.readonly
to
https://www.googleapis.com/auth/gmail.modify
I now get an exception when requesting the access token
{"Error:\"unauthorized_client\", Description:\"Unauthorized client or scope in request.\", Uri:\"\""}
I have checked the service account (*.iam.gserviceaccount.com) in the Google Developers Console and I have tried all options for permissions including OWNER which should give me Full access to all resources but no joy.
I think I am just missing a simple step but I am unsure of where to look next.

TL;DR
I would read through this, but here is the short version. I know this is an older post, but hopefully it finds you!
If you have not updated/white-listed the service account's privileges/scopes in the Google Admin Console you will need to do that, make sure the domain has API access enabled, make sure the service account is setup properly, when creating the "certificate" object be aware its parameters so that it is being instantiated correctly, check the permissions on the account being impersonated and finally make sure you've made an appropriate Google Apps service account key (could have easily made an inappropriate key type.)
White-listing Google APIs in the Admin Console
This gives the Google Apps service account the abilityto use whatever scopes you provide in your Google Apps domain.
Login to the Google Apps Admin Console by using the following link.
https://admin.google.com/
The Google Apps user account must have sufficient privileges to modify domain related settings. It does not have to be the account used to create the Google Apps project in the developer console. If the account does not have privilege you will be directed to a completely different screen with no options to click on varying domain controlling web apps like "Security", "Roles", "Support", "Groups" and etc. Instead you'll dumped onto a page that shows things like "Gmail", "Drive", "Docs" and etc. that is typical user apps. The current link it drops you at is https://apps.google.com/user/hub
Click “Security.”
Click “Show more” option at the bottom of the security options list.
Click “Advanced Settings” to get the more options.
Select the “Manage API client access” link.
Now certain API scopes must be white-listed for the desired service account. In the “Client Name” text box provide the service account’s client ID. The client ID is obtained in the developer console. In the “One or more API scopes” add the desired scopes; comma delimited.
Note, if there are existing scopes they will be removed so be sure to re-add any that will be needed.
Enable Domain Wide API Access
Login to the Google Apps Admin Console by using the following link.
https://admin.google.com/
Go to the “Security” page.
Under “API reference” section
Make sure that “Enable API access” is enabled.
Creating an Appropriate Google Apps Service Account Key (Probably this)
Go to the Google Developer Console. Login as the Google Apps user that created the Google Apps project/service account. https://console.developers.google.com/
Navigate to the particular project with which you created the service account.
Click the "Service Account" button on the left of the project's page to bring up a page with all of the project's service accounts.
Click the vertical ellipse widget all the way to the right of the desired service account's row. Select “Create Key.”
Select .p12 key as it looks like this is what you're trying to use. Click "Create." Be sure to protect this key.
I have found that if the key is not created this way then it leaves open the possiblity for making either an API key or an OAuth 2.0 client/user key. These are the wrong types of keys to use in this case you would need to have created a service account key. The way outlined above forces you to create a service account key.
Modifying the Existing Google Apps Service Account's Settings
I'm not going over how to setup the actual service account, one thing you may need in your case is to make sure that the service account has domain wide delegation enabled. This is toggled in the Google Developer Console. Should be pretty easy to find.
Code
You do not provide your entire code base for creating the token, so just want to add a few things you might be doing improperly.
Make sure when you create the certificate that the secret you provide is the default "notasecret" string. This secret is currently the default value provided by all keys distributed by Google and is immutable during key creation. I had a link to prove this, but have since lost it.
X509Certificate2 certificate = new X509Certificate2(certificateFilePath, "notasecret", X509KeyStorageFlags.Exportable);
Just trying to advocate proper coding. While I have found some bugs in the past with Google's constant values that required additional string manipulation (adding additional slashes.) You should really be using the string constants that they provide in place of literals. I only say to use these because it provides a layer of abstraction, who is to say Google will never change the literal; unlikely.
In your case the new scope is:
GmailService.Scope.GmailModify
While the old scope was:
GmailService.Scope.GmailReadonly
Otherwise, everything code wise looks good to me.
Another thing to try would be to make sure that the actual Google Apps user account being impersonated by the service account has sufficient privileges. I would suspect a different error if this were the case, would be getting a 403 in the response instead. Anyway, in your case this is the "abc#test.domain.com" account. Once again you would go to the Google Admin Console, check its roles make sure it has sufficient roles checked for whatever it is you're trying to do. I don't know what specifically you'll need in this case, best bet would be to give it the same permissions as the "Super Admin" role then remove permissions as you go to see what it might actually need. Otherwise, if possible just give it "Super Admin."
If I was a gambler I would put my money on an inappropriately created service account key. I just recently ran into this and it was the only thing that produced the same exact error you're receiving. Other things would get me the same "Description" value in the response token, but not the same "Error" value. I'm not really even sure how the culprit key was made, because I didn't make it. I just know the fix was to recreate a new key with the steps above and that fixed the issue.

DNN PayPal settings checking receiver_email

On one of the pages of my DNN website I've set up a BuyNow button inside a HTML/Text module. The button does a POST on submit to the PayPal Sandbox URL. I've also set up a REST based service which PayPal is going to post the IPN information to.
In this service I'm sending a POST with the cmd_notify parameter and get back the information associated to the transaction.
At this point I would like to check whether the receiver_email parameter which PayPal sends coincides with my seller email adress from inside the Sandbox account. However I don't want to hardcode the value for the latter. I've noticed that DNN has a "Payment Settings" section under Admin->Advanced Settings.
[TL;DR]
How can I programatically access the PayPal email address info stored at Admin->Advanced Settings->Payment Settings from back-end webservice C# code? Is this possible?

This is stored in the HostSettings table as a setting key named "ProcessorUserId":
select * from hostsettings where settingname='ProcessorUserId'
Programmatically, if you're inside DNN you can access it through:
DotNetNuke.Common.Globals.HostSettings(KEY)
that is:
string pid= DotNetNuke.Common.Globals.HostSettings("ProcessorUserId");
Hope it helps,
al.

anonymous Identification enabled true not working

I need support... I set up in web.config the tag:
<anonymousIdentification enabled="true" cookieless="UseCookies" />
with profile, membership and forms authentication with all the neccesary information. If I log a User with the proper credentials I see in aspnet_Users table the logged user.
On the other hand, when I access the website - and the cookie is set up for anonymous in the browser with info .ASPXANONYMOUS - everything worked ok in the browser but not in the database.
aspnet_Users table only register logged users but not anonymous users on it. any help will be appreciated.
brgds, sebastian.
additional info: pro.asp.net4 in csharp edition 2010 says:
"aspnet_Users table Lists user names and maps them to one of the applications in
aspnet_Applications. Also records the last request date and time
(LastActivityDate) and whether the record was generated automatically for
an anonymous user (IsAnonymous). Anonymous user support is discussed
later in this chapter (in the section “Anonymous Profiles”)."
"ASP.NET provides an anonymous identification feature that fills this gap. The basic idea is that the
anonymous identification feature automatically generates a random identifier for any anonymous user.
This random identifier stores the profile information in the database, even though no user ID is
available. The user ID is tracked on the client side using a cookie (or in the URL, if you’ve enable
cookieless mode). Once this cookie disappears (for example, if the anonymous user closes and reopens
the browser), the anonymous session is lost and a new anonymous session is created.
Anonymous identification has the potential to leave a lot of abandoned profiles, which wastes space
in the database. For that reason, anonymous identification is disabled by default. However, you can
enable it using the element in the web.config file"
this is what I´m looking for...

the asp.net sql membership api only logs to that table if the user actually logs in. If it is an anonymous user that is just passing by the site, it will not log to that table. They must login by calling Memberhip.ValidateUser(...)

User won't appear in aspnet users AFAIK, but the stuff you track should be in the profiles table. My understanding is the user data gets created when the user registers and then the profile data gets migrated.

Old username in Active Directory

I have WCF service with Windows authentication. To identify client user on the service side I'm using following code: ServiceSecurityContext.Current.PrimaryIdentity.Name.
That returns me string in the form: 'domain\janedoe'.
Jane Doe became married and changed last name. Active Directory administrator also renamed her user id. So now she logs into AD as 'domain\janesmith'.
My issue is that ServiceSecurityContext.Current.PrimaryIdentity.Name still returns old one - 'domain\janedoe'.
Do you have some suggestions on where to start with this ?

There is some caching mechanism in Active Directory.
Maybe this link will help you link

I had a similar problem with a web app I was running in IIS 6. The only thing that would ever work for me to clear the cache was to restart the server. Our AD admin was completely unhelpful/out of his depth so I eventually just re-wrote the page to grab the sid. Then if I needed the username I would do an LDAP query on the sid to get the user name.

How about using Softerra LDAP Browser (the free version 2.6) to see what attributes are available and to see which field could have possibly been read from?
Then you could investigate further; maybe the change of her name did not cover all necessary attributes.
Addition:
Also, if you have multiple domain controllers that replicate their information, there could be some delay, until they all have up-to-date data.