after days of failed attempts and research i need your help.
i'm trying tocall a web service to get a Token, the webservice it's protected by a certificate.
I have the .pem file with password and I converted it into .p12 using the mmc command to import it on IIS
If i call the https page by browser i can access easly, so the certificate it's ok.
If i try to connect with "curl" command on dos all work correctly
The problem is when i try to use the classic asp
I receive this error message:
msxml6.dll error '80072f7d'
An error occurred in the secure channel support
this is the code
Dim oRequest
Set oRequest = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
oRequest.setOption(2) = 13056
oRequest.setOption(3) = "LOCAL_MACHINE\My\" & CERIFICATE_NAME
oRequest.setTimeouts 10000, 10000, 10000, 10000
msURL = WEBSERVICE_HTTPS_URL
oRequest.Open "GET", msURL, False,USERNAME,PASSWORD
oRequest.setRequestHeader "Authorization", "Basic " & Base64Encode("USERNAME:PASSWORD")
oRequest.setRequestHeader "User-Agent", Request.ServerVariables("HTTP_User-Agent")
oRequest.setRequestHeader "Content-Type", "text/html;charset=ISO-8859-1"
oRequest.send
any advice is appreciated,
Salvatore
Related
i'm trying to call my api flask on postman or on google chrome and i always get this:
POSTMAN :
Could not get any response
There was an error connecting to 192.168.1.178:5000/.
Why this might have happened:
The server couldn't send a response:
Ensure that the backend is working properly
Self-signed SSL certificates are being blocked:
Fix this by turning off 'SSL certificate verification' in Settings > General
Proxy configured incorrectly
Ensure that proxy is configured correctly in Settings > Proxy
Request timeout:
Change request timeout in Settings > General
Google chrome
Ce site est inaccessible
192.168.1.178 a mis trop de temps à répondre.
This looks like an issue with your flask server or could be related to the authentication method or missing data in your request.
What you can do is use the Postman Console to debug your outgoing request to the server.
What you can look for is:
Check the URL (in your case I think it's an IP address) of the request
Check the request method, for eg. 'GET', 'POST' - you might be calling the request with the wrong method.
Check the authentication method and credentials
Check the request body and headers.
And so on.. make sure you fulfill all the requirements of a complete request.
You can also put print statements in your flask server and see if the endpoints are being called (if it's a local server).
while trying to do a requests call on a in-house web-service, I am getting the following error message, whereas I have put in the PEM certificate file and have specified it
r = requests.get(url, cert=cert)
and the error response I get is
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL] PEM lib (_ssl.c:2603)
I dont have access to export the private key for personal certificate which might help in resolving this issue. Is there any other way to bypass it or point it to the certificate and provide authentication?
The url opens up in browser from my computer totally fine without asking for user credentials or anything for authorization.
I am using version 0.6.4 of google-api-client ruby gem to query Google Admin Directory API.
Here is my session in ruby console:
require 'rubygems'
require 'google/api_client'
SERVICE_ACCOUNT_CLIENT_ID = "SOME_STRING.apps.googleusercontent.com"
SERVICE_ACCOUNT_EMAIL = "SOME_STRING#developer.gserviceaccount.com"
SERVICE_ACCOUNT_PKCS12_FILE_PATH = "/path/to/privatekey.p12"
key = Google::APIClient::KeyUtils.load_from_pkcs12(SERVICE_ACCOUNT_PKCS12_FILE_PATH, 'notasecret')
asserter = Google::APIClient::JWTAsserter.new(SERVICE_ACCOUNT_EMAIL, "https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly", key)
client = Google::APIClient.new
client.authorization = asserter.authorize
dir_api = client.discovered_api('admin', 'directory_v1')
resp = client.execute(:api_method => dir_api.chromeosdevices.list, :parameters => {'customerId'=>SERVICE_ACCOUNT_CLIENT_ID})
resp.body
=> "{\n \"error\": {\n \"errors\": [\n {\n \"domain\": \"global\",\n \"reason\": \"badRequest\",\n \"message\": \"Bad Request\"\n }\n ],\n \"code\": 400,\n \"message\": \"Bad Request\"\n }\n}\n"
I am probably missing something obvious here but it is unclear from the error response what is missing in the request. Would appreciate any help/pointers in the right direction.
Thanks.
I got a similar response in my C# program, listing users in my domain.
I still haven't resolved it but so far I managed to get the same error message in
The APIs Explorer https://developers.google.com/apis-explorer/#p/admin/directory_v1/
when trying to do the same request there and omitting any value for domain.
That led me to believe that I somehow needed to add the domain to my request in my C#-code and by trial and error I THINK I found how to do it in C#.
But my suggestion is to try your API request in the APIs Explorer and then se if you could get the same error message there by NOT submitting the value for domain, as I think that's what the error-message means.
I've had the same problems. I've wrote an example gist which explains how to set it up:
https://gist.github.com/thomaswitt/7468182
Steps are:
Go to Google Cloud Console (https://cloud.google.com/console)
Create Service Account with P12 File
Enable the Admin SDK in APIs.
Create a Project
Create a registered app within this project
Go to section 'Certificate' and generate a key
Download the JSON file as well
Go to the Apps Console > Security > Extended > 3rdPartgy OAuth
(https://admin.google.com/AdminHome?#OGX:ManageOauthClients)
Add an API Client. Client name is value of client_id in the JSON
file, API Scope is https://www.googleapis.com/auth/admin.directory.user.readonly
I found that #JoBe's answer was pretty much on track. In Ruby, using the Google-Api-Client gem, you need to pass a hash to list_users, with the domain. i.e.
UserService.list_users(domain: 'mydomain.com').
I am trying to send and receive messages from a local workgroup machine (Windows 7), call it the 'client', to Service Bus 1.0 set up on a workgroup server (hosted on AWS EC2). After many trials and research I'm unable to send messages from the client machine to the server. I've followed a number of articles that appear to indicate that it is possible to do, but I cannot resolve the authentication issue I'm seeing.
Connecting to Windows Server Service Bus on AWS
Microsoft Service Bus on a Windows Workgroup
I note the Microsoft system requirements appears to indicate that it is "not supported" and "not possible". My question is can this be done, and has anyone had success? Any help would be greatly appreciated.
msdn.microsoft.com/en-us/library/windowsazure/jj193011(v=azure.10).aspx
My attempts include using either the WindowsTokenProvider and OAuthTokenProvider. I get the same result:
System.UnauthorizedAccessException: The token provider was unable to provide a security token while accessing 'https://xx.xx.xx.xx:9355/ServiceBusDefaultNamespace/$STS/Windows/'. Token provider returned message: ''. ---> System.IdentityModel.Tokens.SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://xx.xx.xx.xx:9355/ServiceBusDefaultNamespace/$STS/Windows/'. Token provider returned message: ''. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
The Service Bus namespace is set up with AddressingScheme "Path" for a workgroup install. And the client side connection string includes the IP to reach the server, and I've set a RemoteCertificateValidationCallback before creating the queues.
Endpoint=sb://xx.xx.xx.xx/ServiceBusDefaultNamespace;StsEndpoint=https://xx.xx.xx.xx:9355/ServiceBusDefaultNamespace;RuntimePort=9354;ManagementPort=9355;WindowsUsername=SBUser;WindowsDomain=[NotUsed];WindowsPassword=[Password]
Code to attach to the remote queue and send a message is as follows:
ServiceBusConnectionStringBuilder connBuilder = new ServiceBusConnectionStringBuilder(ConfigurationManager.AppSettings["Microsoft.ServiceBus.ConnectionString"]); // Gets the connection string above
TokenProvider tokenProvider = WindowsTokenProvider.CreateWindowsTokenProvider(connBuilder.StsEndpoints, new NetworkCredential(connBuilder.WindowsCredentialUsername, connBuilder.WindowsCredentialPassword));
MessagingFactorySettings messagingFactorySettings = new MessagingFactorySettings();
messagingFactorySettings.TokenProvider = tokenProvider;
MessagingFactory messagingFactory = MessagingFactory.Create(connBuilder.GetAbsoluteRuntimeEndpoints(), messagingFactorySettings);
requestQueue = messagingFactory.CreateQueueClient("RequestQueue");
...
requestQueue.Send(sendMessage); // Fails here
The server account is SBUser with a password and I have left the domain/host specified blank on the token provider. I note that the Event Viewer on the server shows the authentication being attempted is the client's user account not the one from the token provider. Why is this? I'm obviously missing something in order to authenticate on the server.
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: [ClientLogin]
Account Domain: [ClientMahcine]
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Appreciate any help. Thanks.
Try with the OAuthTokenProvider and make sure that connBuilder is passing the right values.
TokenProvider tokenProvider = TokenProvider.CreateOAuthTokenProvider (connBuilder.StsEndpoints, new NetworkCredential(connBuilder.WindowsCredentialUsername, connBuilder.WindowsCredentialPassword));
Once you try this, please, reply with the exception you get in your client. Also, in the server, search for a event in the Service Bus section that would give more details about the exception.
With that information we should continue to the next step.
Did you get to the bottom of this?
I have managed to get around the exact same issue by setting the Fully Qualified domain name of the server that the certificate is bound to in the client machine hosts file.
So where you have entered the IP address in the connection string, you should instead enter 'AMAZONA-PQxxxxx'. And in your hosts file, have the 'AMAZONA-PQxxxxx' resolve to the IP address.
we had the same issues. Server W2k12R2, standalone, Workgroup; Client Windows 7, same Workgroup.
It's necessary to have the same user accounts on both systems. Looks like this is some kind of "authentication proxy stuff" running.
Take a look at the compatibility matrix mentioned above:
http://msdn.microsoft.com/en-us/library/windowsazure/jj193011(v=azure.10).aspx
Thank you,
Holger
I am working on a Sharepoint Application with Office 365. It is an Auto Hosted App and I want to get the file (excel) stream from document library so i can use openXML to perform further operations. I am getting the exception "The remote server returned an error: (403) Forbidden."
here is the code:
Microsoft.SharePoint.Client.File file = GetTheFileFromTheDocLibrary("excelfile.xlsx");
ClientContext clientContext = new ClientContext(Session["SPHostUrl"].ToString());
FileInformation fInfo = SP.File.OpenBinaryDirect(clientContext, file.ServerRelativeUrl);
// The remote server returned an error: (403) Forbidden.
using (MemoryStream memoryStream = new MemoryStream())
{ // other code
Note: the same code is working in a Provider Hosted Application.
I would recommend moving away from Auto-Hosted as soon as possible based on the announcement that we made last month http://blogs.office.com/2014/05/16/update-on-autohosted-apps-preview-program/
Provider Hosted Apps are the way to go for your scenario and you say there is no error which is great news.
I had a similar problem with a Provider Hosted App and it was a missed, wrong or empty ClientId inside the .config file.
Example:
<appSettings>
<add key="ClientId" value="xxxxx-xxx-xxx-xxx-xxxx" />
...
</appSettings>