I have some problems consuming an external webservice from a CRM 2013 Online(sandbox) plug in, my problem is with "EnvironmentSecurity". I try to do the same with a console, and everything run fine... I call the webservice like this:
NetworkCredential myCred = new NetworkCredential();
myCred.Domain = "dom";
myCred.UserName = "user";
myCred.Password = "pass";
CredentialCache credsCache = new CredentialCache();
credsCache.Add(new Uri(webAddress), "Basic", myCred);
HttpWebRequest http = (HttpWebRequest)HttpWebRequest.Create(webAddress);
http.PreAuthenticate = false;
http.UseDefaultCredentials = true;
HttpWebResponse response2 = (HttpWebResponse )http.GetResponse();
The error is this:
System.Security.SecurityException: Request for the permission of type
'System.Security.Permissions.EnvironmentPermission, mscorlib, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
I'm afraid, you cannot make a call to local services(hosted in your local server) with a plugin registered in sandbox. Instead, please host the service with a named web address that requires DNS name resolution.
The following web access restrictions apply to this sandbox capability.
Only the HTTP and HTTPS protocols are allowed.
Access to localhost (loopback) is not permitted.
IP addresses cannot be used. You must use a named web address that requires DNS name resolution.
Anonymous authentication is supported and recommended. There is no provision for prompting the logged on user for credentials or saving those credentials.
You could host your service in Azure/ Webserver with valid Website Address.
For more information, Please visit this link.
Related
What I have:
WAS traditional 9.0 with EJB web service;
webservice client - java application;
SSL configured for only 9449 port as described here (one way http://www.ibm.com/developerworks/webservices/tutorials/ws-radsecurity3/ws-radsecurity3.html)
I need SSL mutual authentication, so I go to Quality of protection (QoP) settings, and set Client authentication = Required.
Up to this point all works fine.
Problem is that my EJB application needs client certificate's common name to obtain a user ID, which it will use in business logic. And here I failed.
Code snippet (web service side):
MessageContext context = wsContext.getMessageContext();
HttpServletRequest req = (HttpServletRequest)context.get(MessageContext.SERVLET_REQUEST) ;
System.out.println("!! isSecure " + req.isSecure());
X509Certificate[] certificates = (X509Certificate[]) req.getAttribute("java.servlet.request.X509Certificate");
if (null != certificates && certificates.length > 0) {
...
} else {
System.out.println("!! Empty certificates");
}
isSecure returnd true, but I get "Empty certificates" message.
My guess is maybe the reason is in following. When I output the SSL configuration used on 9449 port, the first line is "com.ibm.ssl.clientAuthenticationSupported = false" while through Admin Console it is set as Required.
com.ibm.websphere.ssl.JSSEHelper jsseHelper = com.ibm.websphere.ssl.JSSEHelper.getInstance();
java.util.Properties props = jsseHelper.getProperties("WebServiceConfigure");
System.out.println("!!! WebServiceConfigure = " + props.toString());
You might want to try the "direct connect" certificate properties. This was created to address intermediate (SSL-terminating) proxies (like a web server with plug-in) that issued a certificate different than the ultimate client. This property is
com.ibm.websphere.ssl.direct_connection_peer_certificates
You can determine whether you're getting the certificate from direct connect peer or proxied peer via com.ibm.websphere.webcontainer.is_direct_connection.
See also: WAS 9 doc page.
Getting this error while calling the service.
401 - Unauthorized: Access is denied due to invalid credential
I tried creating a NtlmAuthenticator class which extends Authenticator
and passing on the credentials with DOMAIN\USERNAME and PASSWORD format.
Also set Authenticator.setDefault(ntlmAuthenticator). Doesnt't works out.
Any response would be very helpful.
On following the Oracle documentation found out that NTLM can be used with proxies or servers, but not with both at the same time.
Used apache CXF and this time it worked.
Added the below code
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(36000);
//httpClientPolicy.setAllowChunking(false);
http.setClient(httpClientPolicy);
I need to write a web service and host it in Azure. This service in turn consumes another service from an external site. Therefore, my azure-hosted service is a client to this externally-hosted service. When I make a request of the other service, I need to include a client-side certificate in my request.
Has anybody successfully done this? Is it possible to install a certificate in a web instance in azure? Would it survive the instance restarting? If so, pointers would be appreciated.
I have never worked with client-side certificates (even on a "real" client) so please forgive me if this is a newbee question.
The certificates that are uploaded in the cloud service (see the certificates tab under that cloud service in azure portal), which will host your webrole, will be available in the VM of that webrole. So you can access it from the certificate store and use it while making the external web service call.
A sample is given in this stackoverflow post.
Accessing a web service and a HTTP interface using certificate authentication
You can either add certificate via azure management portal, and azure will add it to machine certificate store once it deploy your application on the VM, or you can keep it with your application, for example as embedded resource and load it manually and use with your webservice call. Like this :
private X509Certificate2 GetAuthCertificate()
{
var assembly = Assembly.GetExecutingAssembly();
Stream stream = null;
var resources = assembly.GetManifestResourceNames();
foreach (var resource in resources)
{
if (resource.EndsWith(certificateFilename))
{
stream = assembly.GetManifestResourceStream(resource);
break;
}
}
if (stream == null)
throw new Exception("Certificate not found in embedded rersources");
using (var ms = new MemoryStream())
{
stream.CopyTo(ms);
var result = new X509Certificate2(ms.ToArray(), "password", X509KeyStorageFlags.Exportable);
return result;
}
}
I'm trying to set up a cfexchangeconnection to our office365 server to retrieve calendar settings but can't get the connection settings right.
If i do:
<cfexchangeconnection
action = "open"
connection = "exCon"
server = "outlook.office365.com"
username = "email#address"
password = "**********"
port="995">
I get 500: Could not log in to the Exchange server. Verify server name, username, and password.
I don't know if this means its an auth issue or whether I just got the server name wrong
If I take the port setting off I get the same error.
The server name is the one provided for setting up mail using imap or pop. The username is just the email and the password is obvious....
Switching the protocol to https I get the following error:
Cannot access Exchange server as a web application at outlook.office365.com.
Ensure that the Exchange web application is configured in IIS and Web Service Extension for the Exchange server is allowed. HTTP response code : 404
The below configuration worked for me. You have to install the certificate using keytool.exe. Make sure to add the serverversion, and select 2010. Also, make sure to specify https protocol. The default is 2007.
<cfexchangeconnection action="open"
username="#username#"
password="#password#"
mailboxname="#mailboxname#"
server="outlook.office365.com"
protocol="https"
serverversion="2010"
connection="testconn1"
formBasedAuthentication="true"
formBasedAuthenticationURL="https://outlook.office365.com/owa/auth/owaauth.dll">
I have a client program that consumes a web service. It works quite well in a number of installations. Now I have a situation where a new customer connects to the internet via a proxy server, and my program's attempt to access the web service gets the "HTTP status 407: Proxy authentication required" error.
I thought that all the configuring of internet access, including proxy server address, port number and authentication would be done in the Control Panel Internet Options, and that I wouldn't have to worry about that in the code, or even in the app.config, of the Web Service client.
Have I got it all wrong?
What I have done in the mean time is give the user the chance to configure the proxy user name and password, and then in my code I do the following:
webServiceClient.ClientCredentials.UserName.UserName = configuredUsername;
webServiceClient.ClientCredentials.UserName.Password = configuredPassword;
But I don't know that this is the right thing. Because it seems to me that the above ClientCredentials would refer to the web service binding/security, not to the internet proxy server.
I suppose I can try it at the customer, but I'd rather be sure of what I'm doing first.
I found out how to do this thing, with the help of a contributor to another forum which in the flurry of trying all sorts of things I've forgotten. So thank you to that now forgotten person.
Here's the code that worked in the end (suitably disguised, but gives the right idea):
BasicHttpBinding binding = new BasicHttpBinding("APISoap"); /* APISoap is the name of the binding element in the app.config */
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Basic;
binding.UseDefaultWebProxy = false;
binding.ProxyAddress = new Uri(string.Format("http://{0}:{1}", proxyIpAddress, proxyPort));
EndpointAddress endpoint = new EndpointAddress("http://www.examplewebservice/api.asmx");
WebServiceClient client = new WebServiceClient(binding, endpoint);
client.ClientCredentials.UserName.UserName = proxyUserName;
client.ClientCredentials.UserName.Password = proxyPassword;