Why does Azure's HealtchCheck service's request give a different result? - asp.net-core

My ASP.NET application has the healthcheck service enabled with the default options, so a request to /hc returns "healthy" and that's all. The application itself requires an authenticated user.
services.AddHealthChecks();
app.UseHealthChecks("/hc");
In Azure, the webapp's health check is configured to /hc. This works fine for other webapps but on this particular one, I get a weird behavior as shown in these logs:
2022-12-08T15:38:32.753925985Z: [INFO] my-app : [ff3978bc-25c6-45f3-8d5e-134d7501ae3f] Incoming request on /hc
2022-12-08T15:38:32.753952886Z: [INFO] my-app : [ff3978bc-25c6-45f3-8d5e-134d7501ae3f] Request to TokenService: Endpoint my-app.azurewebsites.net, Port (null), Path /hc, Query , Method GET, UserAgent HealthCheck/1.0
2022-12-08T15:38:32.754763126Z: [INFO] my-app : [ff3978bc-25c6-45f3-8d5e-134d7501ae3f] Returning response for Site , Endpoint my-app.azurewebsites.net, Port (null), Path /hc, Method GET, Result = 404
2022-12-08T15:38:45.032379314Z: [INFO] info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
2022-12-08T15:38:45.033372564Z: [INFO] Request starting HTTP/1.1 GET http://my-app.mycompany.net/hc?manualtest - -
2022-12-08T15:38:45.033419666Z: [INFO] info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
2022-12-08T15:38:45.033428067Z: [INFO] Request finished HTTP/1.1 GET http://my-app.mycompany.net/hc?manualtest - - - 200 - text/plain 0.3773ms
Why does the request from UserAgent HealthCheck/1.0 involves the TokenService and then fails with a 404 status? If I manually call the /hc endpoint with a browser (for example the request with ?manualtest), curl or another application, it answers properly with a 200 status and "Healthy" body.
It's not a big deal but it's annoying because Azure thinks my webapp is unhealthy.

Just to highlight on what App Service does with Health checks
Further App Service Always ON also generate periodic (every 5min) probes to app instances and causing failed requests with error 404, and this can be found in Application Insights.
You may try rewriting the Always on path by referring this blog:
404 response code caused by App Services– AlwaysOn feature might be helpful
Also check this official document on Health checks in ASP.NET Core for relevant coding
You might refer to Azure App Service Health check details

Related

Azure API management always returning 404 resource not found

I have an API instance in AZURE where the configurations are as below.
API endpoint : corol.abpparking.domain.com
API suffix : myaboutpage
Backend Webservice URL : http://10.20.10.2:8080/api/v1/
What works
If i call the webservice URL directly as below for the operation GET to /about, i get response code 200
http://10.20.10.2:8080/api/v1/about
Response: 200
What does not work
If i perform the same operation via APIM, i get a 404 resource not found.
http://corol.abpparking.domain.com/myaboutpage/about
Response: 404 Resource not found
I could not figure our what could be the reason. Note that i do not have any basepath in the Swagger definition.
Make sure to check that your API in Azure APIM is configured to accept HTTP in addition to HTTPS. You can set this in API settings, on the same page where you set API backend URL

How to use JMeter for Login Authentication through Identity server 5.2 for ASP.Net MVC Web Application

I am trying to do the performance test for the ASP.Net MVC Web Application,
the Application is working with the Identity Server 5.2 to Login authentication.
I'm facing problem with login through the identity server.
Jmeter Version: 5.1.1
Description of the case:
Open URL of the website.
It will redirect you to the Identity website
Fill username and password
Log in to the application
Final URL will be the same as in point 1.
I was following the instruction below,
https://www.youtube.com/watch?time_continue=10&v=hGkrSFKcj10
base on this I created a Jmeter test plan
Test Plan
Thread Group
First HTTP Req - GET the "https://CorrectURL.com/
Assertion
View result three
Second HTTP Req - Post the username and Password on the https://identity.com/core/identityTokenUniqueForEverySingleLogin
Assertion
View result three
First HTTP request was successful:
I received Sampler Results:
HTTP Request - GET the Identity-0 Response code: 301
HTTP Request - GET the Identity-1 Response code: 302
HTTP Request - GET the Identity-2 Response code: 302
HTTP Request - GET the Identity-3 Response code: 302
HTTP Request - GET the Identity-4 Response code: 200
Second response:
Because every time Identity token is different, I don't know how can I take the token and use it during login.
Also what kind of information do I need to do the HTTP POST?
Can I Find then somewhere in Development tool?
I used also BlazeMeter to record the login process but when I'm running it again I'm receiving:
Response code: 405 Method Not Allowed
Response code: 500 Internal Server Error
Any advice will be appreciated
Looking into Identity Server documentation it appears to be using a cookie therefore my expectation is that adding a HTTP Cookie Manager should solve the problem (at least partially).
Not knowing the details of your Identity Server configuration details and seeing request/response sequence it is hard to come up with the comprehensive instructions, however my expectation is that it is the matter of simple correlation to wit:
Open your application login page (make sure that HTTP Cookie Manager is there)
Open identity server
Extract the token from the response if needed using a suitable JMeter PostProcessor and save the value into a JMeter Variable
Use the JMeter Variable from the step 3 instead of recorded hard-coded token

Failure response with status "201" and error message "Created" When invoking WLAuthorizationManager.obtainAccessToken

Environment:
Windows Server 2012 R2
JRE 1.8.0_101
IBM WAS Liberty Core 8.5.5.5
IBM MFP 8.1
Apache Web server
We have set up the UAT with the above environment. We have deployed our application on the server, have deployed adapter for user authentication and a resource adapter to fetch the data.
When we invoke an adapter procedure without security (unprotected) the app is fetching the data. But when we try to invoke an adapter procedure with default scope or with a custom scope Instead of triggering the challenge handler, we are getting failure response with error status ‘201’ and error message ‘Created’.
Another observation is that, when the WLAuthorizationManager.ObtainAccessToken is invoked with default scope or with push.mobileclient, it is giving the same failure response with error status ‘201’ and error message ‘Created’. The same application works fine in the development environment.
When I try to obtain a token from postman using https://domain:port/mfp/api/az/v1/token and pass the scope, grant_type and the necessary authorization header, it is providing the valid response with token. But from the app when we try by obtain token it is given failure response.
Failure response
{"status":201,"statusText":"Created","responseText":"","responseHeaders":{"connection":"Keep-Alive","content-language":"en-US","content-length":"0","date":"Fri, 17 May 2019 05:42:45 GMT","keep-alive":"timeout=5, max=100","location":"/mfp/api/registration/clients/1e746550-e804-4ee7-88ba-b99896qqqqpwo","server":"Apache/2.4.39 (Win64) OpenSSL/1.1.1b","via":"1.1 ","x-powered-by":"Servlet/3.0"},"errorMsg":"Created","errorCode":"201"}
201 is not a response code that is expected from the /token endpoint. This is very likely coming from an intermediate element in your topology. You've mentioned about the Apache Web Server as part of the configuration - is this sending the 201 ?
Moreover, the actual response from the server shows "server":"Apache/2.4.39 (Win64) OpenSSL/1.1.1b"
So, here is what you can do
a. Try bypassing the web server and see if resolves the issue - in all likeliness, it should.
b. Validate the configuration settings of the Apache Web server to see why the 201 is being returned.
Late to the party, but for anyone that is still running into this error:
Install the following interim fix: 8.0.0.0-MFPF-IF202006151151
This solved the error for me. Seems to be a bug in MobileFirst, took me ages to find.

customsd service does not hit server for GetSessionId call

This is essentially a duplicate of Can not add account for custom Sonos service, but there's no accepted answer and I am not able to add a comment to ask if they ever resolved their issue.
I've inherited a project and am trying to add the development service. I've configured it via /customsd.htm, set the header policy to Session ID, have both secure and insecure endpoints working.
When I go to add the channel, I see the request for strings.xml. However, I never see any requests come in for getSessionId. Meanwhile the SONOS reports "Account Not Found. ***** server did not recognize your login information." I am able to make the request with SoapUI, and I get a valid response.
If it's worth mentioning, I am in SONOS' beta program and am on version 6.2, build 31926010 (Mac desktop app).
UPDATE:
While I'm not sure there's anything useful here, looking at logs at [deviceIP]:1400/support/aggregate, I see the following. Note that the redacted URL and IP do resolve. IP is for a loadbalancer, URL is behind it.
Feb 28 11:07:42 Sonos[84168] <![CDATA[<]]>Error<![CDATA[>]]>: (SCLib) dns(1): [redacted URL] -<![CDATA[>]]> [redacted IP]
Feb 28 11:07:42 Sonos[84168] <![CDATA[<]]>Error<![CDATA[>]]>: (SCLib) control_client(1): getSessionId failed, res = 1000, tvStart = 1456679262 s 250163 us, m_tvConnectDone = 1456679282 s 250162 us, m_tvDone = 1456679302 s 250162 us, tvNow = 1456679262 s 509982 us
Feb 28 11:07:42 Sonos[84168] <![CDATA[<]]>Error<![CDATA[>]]>: (SCLib) soap(1): - param username = [redacted username]
UPDATE #2:
I inspected the packets via Wireshark, and behavior of the production service and development one seem the same except that for the production service, the controller / my computer kicks off a POST request to the Sonos before the server hangs up. That process, outlined in red in the attached image, does not occur for the customsd service.
I also experimented with using the production service endpoints in the customsd configuration, but that request failed in the same manner. FWIW, all ssl_validation tests pass just fine, as do various content tests.
For want of a trailing slash...
I finally sorted this, and it was incredibly minor. In the customsd configuration, my endpoint urls did not have a trailing slash. Adding them made it all work.
I finally realized this when I decrypted the calls the controller made to the server for both the production service and my customsd service registered to the production endpoints. The call made by the customsd service was getting back the load balancer's 400 error. The only difference between the calls were the headers, specifically:
Production service: POST / HTTP/1.1
Dev service : POST HTTP/1.1
LB properly said the call was invalid. Adding the trailing slash made it all work.
For what it's worth, I'm pretty sure the URLs without trailing slashes worked both via curl and, I believe, via SoapUI. The Sonos controller requires them, however.

Strategy for CORS - issue with IE10 : xhr status returns 0 for HTTP 401

I have the following setup on my server:
Apache HTTP Server is serving a BackboneJS frontend application
Apache Tomcat is serving a Java based backend (CORS enabled).
Everything is running on a single server that I have full control over.
I'm currently using com.thetransactioncompany.cors.CORSFilter in the Java based backend to enable CORS. Everything seens to be working fine.
My frontend has the following code to redirect the user to the login page in case an un-authenticated REST call occurred:
$.ajaxSetup({
statusCode: {
401: function(){
window.location.replace('/#login');
},
403: function() {
window.location.replace('/#denied');
}
},
cache: false
});
Everything works fine on all major browsers except for IE10.
In IE10, when the non-authenticated users calls the REST serverm the server returns an HTTP 401 (as it should). The XHR object I'm seeing in the IE debugger hoewever seems to have translated this into status = 0. (On chrome you can cleary see that it has status = 401.
This appears to be a bug in IE10 where IE10 is treating HTTP status 401 as a network error. The console shows:
SCRIPT7002: XMLHttpRequest: Network Error 0x80070005, Access is denied
Is there a way to workaround this ?
I can add handling for statusCode 0 in the ajaxSetup but that seems more of a hack.
Is there a way to disable CORS altogether through some kind of Apache / Tomcat configuration ?
Currently my apache configuration is setup using vhosts so that the following public URLs map their corresponding internal hostname / ports.
http://mywebapp.com -> http://myrealservername:8080/ -> /var/www/http
http://myrestapi.com -> http://myrealservername:8088/ -> /usr/local/tomcat/webapps/restapi
Would it be possible / advisable to have Apache
continue serving the static webapp from http://mywebapp.com/restapi
exposing the REST API on http://mywebapp.com/restapi (keeping it "inside" the webapp).
If such a setup were possible I wouldn't need CORS anymore ? It would keep things a lot simpler while increasing browser support ?