I have some issues with an ASMX web service running on Win XP with IIS 5.1. The IIS is set up with Integrated Windows Authentication and with anonymous access disabled. (When I have anonymous access enabled, everything works as a charm.)
However, when I turn of anonymous access and run with only Integrated Windows Authentication on my IIS, I get the following exception:
The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.
This exception is generated from my really simple console application that I'm using just to test the concept:
BasicHttpBinding binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows; // .None;
binding.UseDefaultWebProxy = false;
EndpointIdentity spn = EndpointIdentity.CreateSpnIdentity("WORKGROUP/VirtualXP-91051");
Uri uri = new Uri("http://169.254.91.91/MyWebSite/MyService.asmx");
EndpointAddress address = new EndpointAddress(uri, spn);
MyServiceSoapClient client = new MyServiceSoapClient(binding, address);
client.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
String req = "( the request string is blanked out.. ;) )";
string resp = client.ReqAddressData(req);
Console.WriteLine(resp);
Console.ReadLine();
The interesting part of App.config:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
This isn't rocket science, so I must be missing something obvious. I've done some searching here on SO, and eve though I can find many similar questions I've found nothing that solved my problem.
Related
I have local website with subdomains like:
localhost:55307
aaa.localhost:55307
bbb.localhost:55307
It works perfectly except authorization - if I log in in localhost:55307 I'm not logged in aaa.localhost:55307 because my subdomains are treated as separate domain. I looking for solution but I can't find any for Asp Identity (Form authentication in MVC 4 it's useless).
Based on some questions and answers in SO I did:
Edit CookieAuthenticationOptions class in Startup.Auth.cs as below:
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
CookieDomain = ".localhost",
ExpireTimeSpan = new TimeSpan(0,12,0,0,0),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
Get MachineKey from IIS Manager and add to web.config:
<system.web>
<authentication mode="None" />
<machineKey validationKey="61D42DE996486DEA64CEA26C0373C547E0D07108789662C2D2E15210A65C475925055009D962FEB3D5D93E9BEA3E3717187F1BCBF63E386EB198F641E6157044" decryptionKey="06CF7C1C31BDBD4E7056D0F3531BE253E98A658B50974155" validation="SHA1" decryption="Auto"/>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" maxRequestLength="1073741824" />
</system.web>
Now i can login but cookies aren't shared - I still logged in one subdomain.
PS. I now that there is a lot of similar questions in StackOberflow but no one of them is about MVC 5 and ASP Identity and no of them got solutions.
I have an asmx web service, which I am trying to verify client certificate:
var cert = Context.Request.ClientCertificate.Certificate;
if (cert == null || cert.Length == 0)
{
throw new ArgumentException("certificate can not be found");
}
My testing code is like this in a console app:
ServiceReference1.PortfolioImportSoapClient import = new ServiceReference1.PortfolioImportSoapClient();
X509Certificate2 x509 = new X509Certificate2(#"D:\zurichpdf\publickey.cer");
import.ClientCredentials.ClientCertificate.Certificate = x509;
var model = new ServiceReference1.PortfolioMessageModel();
model.ClientID = 1;
import.ImportTransactionPortfolio(model);
What I can see is that from the console app, the client certificate is included. But at the server side, Context.Request.ClientCertificate.Certificate is empty.
I checked the config file, it has something like this:
<basicHttpBinding>
<binding name="PortfolioImportSoap" >
</binding>
</basicHttpBinding>
Can someone tell me why the x509 certificate is not passed to my asmx web service? Should I set some security mode here as well?
Many Thanks
I have an MVC web applicationt that has been confuigured to connect to ADFS to authenticate users and get a security token. The application then needs to call a WCF service using that security token.
The config of the web app is
<system.identityModel>
<identityConfiguration saveBootstrapContext="true">
<claimsAuthenticationManager type="MvcApplication1.Security.ClaimsTransformer, MvcApplication1" />
<claimsAuthorizationManager type="MvcApplication1.Security.AuthorisationManager, MvcApplication1" />
<audienceUris>
<add value="https://edd05rgard.hd.dev/adfsproto/web/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="49F27C0DD1044D73011894450727E3C3E55DA428" name="http://EDV05TESTADFS1.hdtest.hd.dev/adfs/services/trust" />
</trustedIssuers>
</issuerNameRegistry>
</identityConfiguration>
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://edv05testadfs1.hdtest.hd.dev/adfs/ls/"
realm="https://edd05rgard.hd.dev/adfsproto/web/"
reply="https://edd05rgard.hd.dev/adfsproto/web/"
requireHttps="true" />
</federationConfiguration>
This successfully gets the token from ADFS and I can transform claims within the app as expected.
I then try to make a call to a WCF service using the supplied security token:
BootstrapContext bootstrapContext = ClaimsPrincipal.Current.Identities.First().BootstrapContext as BootstrapContext;
var binding = new WS2007FederationHttpBinding(WSFederationHttpSecurityMode.TransportWithMessageCredential);
binding.Security.Message.IssuedKeyType = SecurityKeyType.BearerKey;
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Message.IssuerAddress = new EndpointAddress("https://edv05testadfs1.hdtest.hd.dev/adfs/ls");
var endpoint = new EndpointAddress("https://edd05rgard.hd.dev/adfsproto/service/ClaimsService.svc");
var factory = new ChannelFactory<IClaimsService>(binding, endpoint);
factory.Credentials.SupportInteractive = false;
factory.Credentials.UseIdentityConfiguration = true;
var context = (BootstrapContext)((ClaimsIdentity)Thread.CurrentPrincipal.Identity).BootstrapContext;
var channel = factory.CreateChannelWithIssuedToken(context.SecurityToken, endpoint);
var result = channel.GetClaimsWithDelegation();
When this code is executed the last line causes an exception:
An error occurred when processing the security tokens in the message.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ServiceModel.FaultException: An error occurred when processing the security tokens in the message.
Am I calling the service in the correct way? How can I investigate the errors in the security token?
Setting up elmah has been relatively painless for me. Until I tried to use the email facility. I have read through all the previous questions on the subject but just can't get it going. Here are the relevant entries in my web.config file . This just represents one of the many attempts that I have made, this one using gmail and . What am I doing wrong?
<elmah>
<errorMail
from="myusername#gmail.com"
to="me#myemail.com"
subject="elmah exception"
async="true"
smtpPort="0"
useSsl="true" />
</elmah>
<system.net>
<mailSettings>
<smtp deliveryMethod ="Network">
<network
host="smtp.gmail.com"
port="587"
userName="myusername#gmail.com"
password="..." />
</smtp>
</mailSettings>
</system.net>
<httpModules>
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah"/>
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" />
</httpModules>
EDIT
Just to prove the settings, I have managed to successfully send an email from my app using gmail. The settings used were equivalent and yet I still cannot get elmah to send an email. Hers is the code snippet.
MailMessage mailObj = new MailMessage();
mailObj.Subject = "gmail test";
mailObj.From = new System.Net.Mail.MailAddress("myusername#gmail.com");
mailObj.To.Add("test#myemail.com.au");
mailObj.Body = "Test Email";
SmtpClient smtpClient = new SmtpClient("smtp.gmail.com");
NetworkCredential basicCredential = new NetworkCredential("myusername#gmail.com", "mypassword");
smtpClient.UseDefaultCredentials = false;
smtpClient.Credentials = basicCredential;
smtpClient.Port = 587;
smtpClient.EnableSsl = true;
smtpClient.Send(mailObj);
Even some confirmation that it all appears correct would be useful.
the port is 465 and the protocol is SSL.
Did you consider any ill effects from GMail's 2-factor authentication? I was just having this problem and created an application-specific password for my development work.
I'm having serious problems with creating a Web service in Visual Studio 2010 (Framework 4).
Anyway, I have to use a Oracle membership provider (I have installed "Oracle Providers for ASP.NET 4 11.2.0.2.0', which modifies the framework's machine.config), but I can not connect to the membership.
My code in web.config is as follows:
<configuration>
<connectionStrings>
<remove name="OraAspNetConString"></remove>
<add name="OraAspNetConString" connectionString="User Id=USUARIO;Password=PASSWORD;Data Source=DATABASENAME;" providerName="Oracle.DataAcces.Client"/>
</connectionStrings>
<system.web>
<membership defaultProvider="OracleMembershipProvider" userIsOnlineTimeWindow="30"/>
<roleManager defaultProvider="OracleRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All"/>
<authentication mode="None"/>
<authorization>
<allow users="*"/>
</authorization>
I also added the reference 'System.Web.ApplicationServices' to my project.
To test the connection to the membership of Oracle I have put this code in one of the OperationContract that has my web service:
MembershipUserCollection userC = Membership.GetAllUsers();
sample.StringValue += " - " + userC.Count;
bool resp = Membership.ValidateUser(id, id2);
The obtained MembershipUserCollection always appears without users. UserC.Count always equals zero.
The parameters 'id' and 'id2', username and password respectively, are used to validate (that is a poor use, I know) but always returns false.
Anybody can help me with this?
Thanks a lot.
PD: Authentication mode is 'None', I've tried with 'Forms' and still not working.
Problem solved.
I needed to put the name of the application (applicationName) on the label of the membership and role manager providers (in the file machine.config).
:-)