I'm implementing Auth0 ROPC in a .NET 4.5.2 ASP.NET WebForms application. There is no Startup.cs or OWIN involved. I send in my credentials to the AuthenticationAPI client provided in the [Auth0 .NET SDK][1].
var result = await AuthenticationApiClient.GetTokenAsync(new ResourceOwnerTokenRequest
{
ClientId = ClientId,
ClientSecret = ClientSecret,
Scope = Scope,
Realm = Realm,
Username = <Username>,
Password = <Password>
});
I am able to get a response locally, but when deployed in a Windows 2016 server authentication fails with the following message:
Message: IDX20804: Unable to retrieve document from: 'https://mytenantname:443/.well-known/openid-configuration'., StackTrace: at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.d__22.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.d__12.MoveNext()
I have the TLS1.2 set in place in the code. I have also setup the proxy to access Auth0. The configuration Url https://mytenantname:443/.well-known/openid-configurationin fact returns the JSON configuration when accessed in a browser in the server, with traffic routed via the proxy.
I also have user management activities using Auth0 like user creation and update which work as expected from the site hosted in the server
[1]: https://auth0.github.io/auth0.net/
Related
im running a simple web application testing out the TeamFoundation.Services.Client along side VisualStudio.Services.Common and launching the app via IIS Express is no problem but when I try to do the same using Local IIS I get this error:
Microsoft.VisualStudio.Services.Common.VssUnauthorizedException: 'VS30063: You are not authorized to access http://mytfs:8080.
This exception was originally thrown at this call stack:
Microsoft.VisualStudio.Services.Common.VssHttpMessageHandler.SendAsync(System.Net.Http.HttpRequestMessage, System.Threading.CancellationToken)
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
Microsoft.VisualStudio.Services.Common.VssHttpRetryMessageHandler.SendAsync(System.Net.Http.HttpRequestMessage, System.Threading.CancellationToken)
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
System.Net.Http.HttpClient.FinishSendAsyncBuffered(System.Threading.Tasks.Task<System.Net.Http.HttpResponseMessage>, System.Net.Http.HttpRequestMessage, System.Threading.CancellationTokenSource, bool)
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
...
[Call Stack Truncated]
I don't understand what the problem is.
This is the debug profile in which im trying to launch it:
This is the code where I get the error:
internal const string vstsCollectioUrl = "http://myTFS:8080/tfs/MyCollection";
//Prompt user for credential
VssConnection connection = new VssConnection(new Uri(vstsCollectioUrl), new VssAadCredential("{user}", "{password}"));
//create http client and query for resutls
WorkItemTrackingHttpClient witClient = connection.GetClient<WorkItemTrackingHttpClient>();
The VssAadCredential class by default takes the credentials of the person running the tool and does not honor the username and password parameters actually in .net core projects, similar to this ticket. So you can't use Azure Active Directory Authentication like this, and it's not recommended to use AAD Authentication for REST services in SOAP service.
As a workaround you can try windows Authentication:
VssConnection connection = new VssConnection(new Uri("http://instanceName:8080/tfs/OrgName/"), new WindowsCredential(new NetworkCredential("xxx", "xxx")));
Initially, I setup my ASP.NET Core project with authentication from Azure Active Directory through Visual Studio. It executed without error. After cloning to another PC the authentication keeps throwing Bad Request error. Tracing down the stack I got the following exception:
System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<RedeemAuthorizationCodeAsync>d__21.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.<HandleRemoteAuthenticateAsync>d__19.MoveNext()
For sure all the setup of AAD in the portal are kept default and no configuration value changed after committing/cloning. Could someone please offer some solution for this?
Based on the error message, the error was occurred at the RedeemAuthorizationCodeAsync, however it doesn’t show the real reason for the 400 error.
To narrow down this issue, I suggest that you use the Fiddler to capture the http request and response, then you can find the root cause for this issue by review the exact error message.
I am trying to access my application deployed in IIS8. after successful authentication i am ending up with following error.
Server Error in '/' Application.
The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Cryptography.CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[CryptographicException: The requested operation cannot be completed. The computer must be trusted for delegation and the current user account must be configured to allow delegation.
]
System.Security.Cryptography.ProtectedData.Protect(Byte[] userData, Byte[] optionalEntropy, DataProtectionScope scope) +504
System.IdentityModel.ProtectedDataCookieTransform.Encode(Byte[] value) +89
[InvalidOperationException: ID1074: A CryptographicException occurred when attempting to encrypt the cookie using the ProtectedData API (see inner exception for details). If you are using IIS 7.5, this could be due to the loadUserProfile setting on the Application Pool being set to false. ]
System.IdentityModel.ProtectedDataCookieTransform.Encode(Byte[] value) +1082947
System.IdentityModel.Tokens.SessionSecurityTokenHandler.ApplyTransforms(Byte[] cookie, Boolean outbound) +95
System.IdentityModel.Tokens.SessionSecurityTokenHandler.WriteToken(XmlWriter writer, SecurityToken token) +809
System.IdentityModel.Tokens.SessionSecurityTokenHandler.WriteToken(SessionSecurityToken sessionToken) +109
System.IdentityModel.Services.SessionAuthenticationModule.WriteSessionTokenToCookie(SessionSecurityToken sessionToken) +206
System.IdentityModel.Services.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequestBase request) +1124
System.IdentityModel.Services.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args) +103571
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +92
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +165
Have a look at https://github.com/brockallen/BrockAllen.MembershipReboot/issues/106
This solved the issue for us :
http://brockallen.com/2013/02/18/configuring-machine-key-protection-of-session-tokens-in-wif-and-thinktecture-identitymodel/
I am running an MVC web site on Windows Azure and using RavenDB embedded. If the web site is "cold" (unloaded from the Azure instance), I get the following error message on the first hit to the web site:
Server Error in '/' Application.
Failure writing to log file
Description: An unhandled exception occurred during the execution of
the current web request. Please review the stack trace for more
information about the error and where it originated in the code.
Exception Details:
Microsoft.Isam.Esent.Interop.EsentLogWriteFailException: Failure
writing to log file
Source Error:
An unhandled exception was generated during the execution of the
current web request. Information regarding the origin and location of
the exception can be identified using the exception stack trace below.
Stack Trace:
[EsentLogWriteFailException: Failure writing to log file]
Microsoft.Isam.Esent.Interop.Api.Check(Int32 err) +21
Microsoft.Isam.Esent.Interop.Api.JetInit(JET_INSTANCE& instance) +23
Raven.Storage.Esent.TransactionalStorage.Initialize(IUuidGenerator
uuidGenerator, OrderedPartCollection`1 documentCodecs) +309
[InvalidOperationException: Could not open transactional storage:
C:\DWASFiles\Sites\reflix\VirtualDirectory0\site\wwwroot\App_Data\Data]
Raven.Storage.Esent.TransactionalStorage.Initialize(IUuidGenerator
uuidGenerator, OrderedPartCollection`1 documentCodecs) +443
Raven.Database.DocumentDatabase..ctor(InMemoryRavenConfiguration
configuration) +994
Raven.Client.Embedded.EmbeddableDocumentStore.InitializeInternal()
+313 Raven.Client.Document.DocumentStore.Initialize() +463 Reflix.MvcApplication.InitializeRavenDB(String dataDirectory, Boolean
rethrowException) +135 Reflix.MvcApplication.Application_Start()
+131
[HttpException (0x80004005): Could not open transactional storage:
C:\DWASFiles\Sites\reflix\VirtualDirectory0\site\wwwroot\App_Data\Data]
System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext
context, HttpApplication app) +9859441
System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr
appContext, HttpContext context, MethodInfo[] handlers) +118
System.Web.HttpApplication.InitSpecial(HttpApplicationState state,
MethodInfo[] handlers, IntPtr appContext, HttpContext context) +172
System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr
appContext, HttpContext context) +336
System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr
appContext) +296
[HttpException (0x80004005): Could not open transactional storage:
C:\DWASFiles\Sites\reflix\VirtualDirectory0\site\wwwroot\App_Data\Data]
System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +9873784
System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
+101 System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest
wr, HttpContext context) +254
Version Information: Microsoft .NET Framework Version:4.0.30319;
ASP.NET Version:4.0.30319.18033
If I wait a minute or two, the web site comes up fine. So clearly this is a first-start issue. Anyone have any ideas how to resolve the problem?
My configuration:
MVC 4
.NET 4.5
RavenDB 2.0.2360
Update: The Azure team is looking at this as a possible defect with the Azure Websites. More updates as soon as I hear anything.
This was confirmed as a bug in Azure Websites, which has now been rolled out. I don't have any additional details, but the site now works (8/30/2013) and I have made no structural changes to the code.
Look at the event log, it will give you more info.
It looks like something is prevent proper write to the logs, check permissions, in particular, you may have CREATE_FILE permission, but not WRITE permission
I'm currently working on an Silverlight 3 project, I'm using 2 machines to test it.
"harbinger" is the web server running Win7 + IIS . I've deployed the webpage and the WCF webservice to that machine.
I've entered the following url's in my browser :
http://harbinger:43011/UserService.svc
http://harbinger:43011/UserService.svc?wsdl
and got pages load expected contents for both
Next I've decided to check if I can call the webservice from my machine, I've added the ServiceReference, executed a call to one of the methods and .... BOOM :
System.ServiceModel.CommunicationException was unhandled by user code
Message="An error occurred while trying to make a request to URI 'http://harbinger:43011/UserService.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details."
StackTrace:
at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
at System.ServiceModel.ClientBase`1.ChannelBase`1.EndInvoke(String methodName, Object[] args, IAsyncResult result)
at Energy.USR.UserServiceClient.UserServiceClientChannel.EndGetAllUsers(IAsyncResult result)
at Energy.USR.UserServiceClient.Energy.USR.UserService.EndGetAllUsers(IAsyncResult result)
at Energy.USR.UserServiceClient.OnEndGetAllUsers(IAsyncResult result)
at System.ServiceModel.ClientBase`1.OnAsyncCallCompleted(IAsyncResult result)
InnerException: System.Security.SecurityException
Message=""
StackTrace:
at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
InnerException: System.Security.SecurityException
Message="Security error."
StackTrace:
at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.<>c__DisplayClass5.<EndGetResponse>b__4(Object sendState)
at System.Net.Browser.AsyncHelper.<>c__DisplayClass2.<BeginOnUI>b__0(Object sendState)
InnerException:
Can someone explain what just happened? What do I need to do to avoid this?
See this blog post - I think that's the root cause of your problem:
Enabling cross-domain calls for Silverlight apps on self-hosted web services
or this one here:
WCF and Silverlight with cross-domain issue
Without any special policy files, you won't be able to call cross-domain in Silverlight.