I have a service, written in VB, with some user settings. Two of these are an oauth access / refresh token, and I need to keep storing the new token, so whenever that is updated, I write the settings away again.
Can anyone tell me where those settings are stored on my PC? I can see that the app.exe.config file is not being updated, and it's not being read when I start the service. I don't have a folder in users\username\appdata\local for the service name, nor in roaming, nor in locallow.
I tried using installutil to uninstall and re-install my service, hoping that might cause it to use the settings in app.exec.config, but it did not, it's still trying to use a token that's long out of date from somewhere.
If I paste a new token pair into my app.exe.config, I can see that the service is not reading it. It is reading an old token from when I was last working on it / testing it, and getting an expiry error because I've used a new token pair in a desktop test version of the app.
I seem to be going round and round in circles trying to find where these settings are stored. The annoying thing is that I've had it working, and "sometimes" it will pick up the new token and everything works. But I soon need to install it on the customers PC, and I'm concerned that I'll have another fruitless morning of it using old tokens and not being able to renew them. I'm sure this is something I just don't understand, but I'd rather not go to storing them in a local file if I don't have to. The first answer that comes up on here reveals that others have similar issues and generally resort either to their own storage or the registry, but it is an 11-year-old answer. I'm using VS 2019, if that makes any difference.
This is the code I use to store the new token away, if it helps:
My.Settings.RefreshToken = newToken ' this is returned in the refresh request
My.Settings.Save
When my code opens, it loads the settings in a similar way:
accessToken = My.Settings.AccessToken
refreshToken = My.Settings.RefreshToken
tokenExpires = My.Settings.Expiry
Even if I edit my app.exe.config file to contain "*" in the expiry field, it is still somehow finding the expiry date/time from the previous time the service successfully ran. So it clearly isn't retrieving the information from that file any more.
To close this off, the comment by #Jimi earlier on held the key. The settings that are updated by the service are stored in a file called user.config which in my case is in c:\windows\syswow64\config\systemprofile\appdata and then my application name.
Related
I was creating an API for TD Ameritrade (my first time creating or dealing with APIs) and I needed to put in my own call back URL. I know that callback URL is where the API sends information to and i heard that I can just use my localhost API. I scoured the internet and I dont know how that would work and I was wondering if i can just use http://localhost?
Sorry if I seem like a noob because I am
In short, yes.
Follow the excellent directions at
https://www.reddit.com/r/algotrading/comments/c81vzq/td_ameritrade_api_access_2019_guide/. (Even with them, I spent excessive time on trial and error!)
Since stackoverflow has a limit of 8 links in a response, and the localhost text string looks like a link, I’m showing it with the colon replaced by a semicolon, i.e., http;//localhost to reduce the link count. Sorry.
I used the Chrome browser after first trying Brave, which did not work for, possibly because of my option selections.
Go to https://developer.tdameritrade.com/user/me/apps
Add a new app using http;//localhost (delete existing app if there is one).
Copy the resulting consumer key text string (AKA client_id or OAuth User ID).
Go to https://developer.tdameritrade.com/content/simple-auth-local-apps, follow instructions. Note: leading/trailing blanks were inserted by MSWord due to copy/paste of the auth code, which had to be manually deleted after wasting excessive time identifying the problem. The address string looks like:
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost&client_id=ConsumerKeyTextString%40AMER.OAUTHAP
This returns a page stating the server refused to connect, but the address bar now contains a VeryLongStringOfCharacters in the address bar:
https;//localhost/?code= VeryLongStringOfCharacters
Copy the contents of the address bar, go to https://www.urldecoder.org/, decode the above, and extract the text after “code=”. This is your refresh_token
Go to: https://developer.tdameritrade.com/authentication/apis/post/token-0, fill out the fields with
grant_type=authorization_code
refresh_token=<<blank>>
access_type=offline
code=RefreshTokenTextString
client_id=ConsumerKeyTextString#AMER.OAUTHAP
redirect_uri=http://localhost
Press SEND.
If the resulting page starts with HTTP/1.1 200 OK, you have succeeded.
Try updating your redirect to:
redirect_uri=https://localhost
They may require https now and you need a colon instead of a semicolon. Everything looks correct. This process generally takes me more then one attempt, and 15 minutes to an hour to get my refresh token squared away every 90 days.
dont use #AMER.OAUTHAP in client_id
If you generate a new code and based on that try to get a new access token. it should work.
I've been using Netlify for storing 100% of my app (both frontend and backend) for the last three months. So far, so good.
The only problem now is that I need to store a custom property for each user (say, the phone number), and apparently Netlify Identity doesn't support this (only email, name and roles https://www.netlify.com/docs/identity/).
I don't want to change the whole app to migrate to another hosting provider just for this detail (actually, I can't, it's for a client and I just don't have time), because it works great, but at the same time I need it.
Can you think of any workaround to this? The less "hackish", the better, but I understand that I'm going beyond the intended use of Netlify Identity.
So it actually does look like Netlify's GoTrue API has a specific endpoint for updating custom user data. After a user is created, you can update metadata by including it as "data" within an authenticated PUT request to /user.
PUT /user
{
"data" {
"custom_key": "value",
}
}
See https://github.com/netlify/gotrue for more info.
There are dozens of ways to do this, so I'll talk about two generally applicable ways now:
the most "generally capable" one is probably using lambda functions: https://www.netlify.com/docs/functions . This lets you run dynamic code, such as "store to database hosted elsewhere" or "email to our office manager to update a spreadsheet" or even "commit to our closed git repo so it's available in-code" (last one is probably a worst practice, but is possible). You can similarly use a function to read that data back out without exposing API tokens (code example: https://github.com/netlify/code-examples/tree/master/function_examples/token-hider)
you could have the data gathered via a form submission (https://www.netlify.com/docs/form-handling). I'd probably use zapier.com to receive a notification of the form submission (https://www.netlify.com/docs/form-handling/#notifications). Zapier can of course connect to just about anything on the planet :) . Getting the data back out if you want to show it in your UI is a bit more of a challenge, but you could use the above mentioned functions if you need to connect to some private data store to pull it out. Or for an MVP, just not show it, only let people enter/update it ;)
I'm trying to add a URL to my system startup. I want to do this via the registry because it fits some other things I'm hoping to do later. Here's my code at the moment;
My.Computer.Registry.SetValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\", "LinkLoad", "https://www.url.link")
I'm trying to do this via vb.net if at all possible. I have given the application administrative privileges but for some reason this hasn't work. The new registry key isn't in position (and to be honest I'm not 100% sure this would work in loading the webpage!).
[FYI the link in the above code is junk, I didn't think it was important to include the actual link I want to load!)
Background
In our Apache configuration we use mod-auth-external (previously on Google Code) to invoke PAM authentication.
Now there is a request for proper handling of shadow-based password expiration:
If password is before warning period Apache should respond with HTTP status code 200. Nothing new here.
If password is in warning period (its validity end is near) Apache should respond with HTTP status code 200, but include somehow information about the warning period.
If password is in expiration period (it is no longer valid but user can still change it on his own) Apache should respond with HTTP status code 401 and include somehow information about expiration period.
If password is beyond expiration period (it is no longer valid and account was locked, administrator must unlock it) Apache should respond with HTTP status code 401 and include somehow information about the locked state.
(There are also corner cases of page missing or some other errors. It is not clear what to do then. But it seems that solving above points would allow to solve those corner cases as well.)
Our PAM authenticator (used through mod-auth-external) is able to differentiate those cases by adjusting return values. That we already have.
The problem is however how to get information from the authenticator to the associated action serving the page (either actual page with 200 status code or 401 error document).
Current investigations
It should be noted that there is significant difference between requirement 2 and requirements 3 and 4.
Requirements 3 and 4 alone are somewhat easier because they both involve our mod-auth-external authenticator returning error (access denied). So we only need to know how to get that error code in 401 error page. I even raised issue on that on mod-auth-external page.
Requirement 2 is much more difficult. In that case our authenticator must return 0 (access granted) and still somehow propagate information about the warning to whatever gets served in the end.
Logs parsing
Obvious (and ugly) idea is to parse logs. mod-auth-external description on Google Code Wiki mentions that authenticator return value gets written to Apache syslog. Also whatever authenticator prints to standard error stream gets logged as well.
This could be used to pass information from authenticator to some other entities.
The difficulty here is that it is not clear how to do it safely. What to print to be sure that "the other entity" will match properly current request with log entry. Mere URL doesn't seem to be enough since there can be multiple requests for the same URL at the same time. While I don't see anything more useful in what authenticator gets.
Another issue here is that it seems that to be able to parse the logs you have to have some non-trivial code running for "the other entity". And this complicates things further since how should we do it?
Another idea
If we could make the authenticator somehow modify "request session" (or whatever, maybe just environment? - I don't know, I'm new to Apache) to add arbitrary data to it we would be (almost) at home.
Our authenticator would somehow store "password status" and also possibly days remaining to the end of warning/expiration period (if applicable). Then upon serving 401 error page we would retrieve that back and use it to dynamically generate content of the page.
Or even better we would have it stored in session so that the other end could read that data directly. (For cases where it is not simply a browser showing page.)
But so far I fail to see how to do that.
Do you have any idea how to meet those requirements?
For over a month I got no answer here. Nor on GitHub issue that I opened for mod-auth-external.
So I ended doing a custom modification to our mod-auth-external. I don't like modifying third party software but this one seems dead anyway. And also it turned out we are using pretty old version (2.2.9 which I upgraded to 2.2.11, the last in 2.2.x line). Which already had some customizations anyway.
I explained details of the solution in a comment to my GitHub issue so I will not repeat them here.
I will however comment on shadow details as they were not mentioned there.
I had two choices: either use getspnam function to retrieve shadow data or to parse messages generated by PAM. First attempts based on getspnam function but in the end I used PAM messages. I didn't have strong reasons for any of those. However I decided to propagate in HTTP response not only shadow status but any PAM message that was generated and so it seemed easier to follow that way.
I'm trying to put a simple app on windows store. I made a fail attempt once, I submitted an app which failed to pass WACK, eventually it failed on submission too. Even then, when I try to package an app with my developer account logged in, I get a performance launch error.
Even on a blank app. also right after I create package logged in, my app's package name and provider fields on appmanifest are changes too. app's package name changes to the first app I submitted, and the provider changes to I guess my developer account's key.
I deleted my failed submission on dashboard, deleted all the names I reserved, including the failed one. But even when I reserve a new name and package my app with that name, my package name still changes to the very first one and fails on wack.
BUT, when I create package of my app WITHOUT logging in, I mean without associate with windows store, I can package my app with the name I want and pass the WACK. I hope anyone can help me with this.
Edit: C# application.
I had this happen too, it seems like WACK got confused and kept trying to verify the wrong version. The following steps resolved it for me:
Uninstall the app from your development PC (as in, go to start page,
right click on the app and select uninstall).
Reboot the dev PC.
Select "Local Machine" and "Release".
Start debugging wait for it to
have started up completely and then stop debugging.
Pretty sure that only one or two of those steps are actually needed, but not sure which ones.
I'm not completely sure I understand your issue, but let me try...
First, what is the failure that you got when you submitted to the Store and when you ran the WACK? You mentioned a "performance launch error". If you are failing the performance test, check out this article for tips to help. Some examples:
Package content locally (or cache it) when possible, so you don’t have to pull resources from a network during launch.
Load and do only what you need on launch. You can load other data and do other work asynchronously in the background or when you actually need it.
Use a "dirty bit" when saving data on suspend, so you only save data that has changed. (Rather than re-serializing your app’s state if that data hasn’t changed, create a Boolean flag variable (or “dirty bit”) which signals that your data has been modified, and only re-serialize when the data has changed.)
Use bytecode caching if you are developing in JavaScript, so each JS file has bytecode created once and not every time the app launches. To enable this, make sure all JavaScript files are UTF8 encoded with a byte-order mark (BOM) and are statically referenced in the root of your HTML start page.
If this is not the error that the WACK and your Store certification is failing with, please see this blog post and the related blog posts that it links to, to see if your failure is covered there.
Secondly, your issue with associating your code with your reserved name in the Windows Store:
also right after I create package logged in, my app's package name and
provider fields on appmanifest are changes too.
This behavior is expected. When you associate your app package with the Windows Store, it will change the "Package name" and the publisher in your appxmanifest. But that's okay! The "Package name" is just what the Windows Store uses as an internal identifier for your app package, and the "Package display name" (right below it in the appxmanifest) is what your end users will see. Set the "Package display name" to what you want.