I am trying to log in to a Flutter application via SAML, this requires loading a Webview at an https endpoint which will then perform some redirects.
As I am developing this application I need to hit a local https endpoint to start the process, which is backed by a self signed certificate. I also have a self signed CA certificate.
I have added the CA certificate to the Android emulator I am using to test (default emulator from Android Studio) and it appears under the "User" tab under Trusted Credentials. However, when I set the Webview to navigate to my local https endpoint it displays a white screen.
I have tested this further by running MITM proxy, installing their cert at mitm.it (which is also installed as a "User" cert), and navigating the Webview to http://google.com. I can watch the traffic and see that it returns a redirect to https://google.com, but the Webview never loads that page and instead displays the white page again. I believe this is because it doesn't trust the User cert for mitm.
I see 2 possible ways of solving this:
Force webview_flutter to use the User certs and not only System.
Allow webview_flutter to ignore any certificate errors.
Related
I have a web app that uses Firebase for authentication, more specifically it uses the signInWithPopup(provider) method. There is also a desktop client based on Electron which simply loads the same web app. With recent updates this method of authentication stopped working as Electron is regarded as unsecure environment.
Is there a way to open the login popup in the default browser (i.e. Chrome) which is secure, complete the login process there, and return to the Electron app with the login information?
If login popup in default browser, the same issue can happen with security. It needs both ends to be secure.
Can you try to generate certificate and use it in your electron ? Instead of self signed certificate, you can generate through Let’s Encrypt (Authorised CA). Hope this solves your issue.
Environment/Frameworks:
Windows7
asp.net core 2.0 application running in IIS Express in VS2017
IE11, Edge, Chrome
Background:
I have and Asp.net Core 2.0 MVC application that I want to run in such a way that I get prompted to pick a client certificate in order to access the application. In my local computer for testing purposes, I have created a sample fake self-signed certificate as per this article http://dcdevs.blogspot.com/2017/06/iis-express-client-certificates.html, and I have configured my asp.net core 2 application in VS2017 by going to project Properties -> Degub Tab, and checking Enable SSL, then copying the generated URL to the App URL text box.
On the Startup.cs or Program.cs I have NOT added any settings to required SSL, which means to my understanding that IIS Express is serving as proxy to require https then forwarding the requests to Kestrel in a regular http request as per this post ASP.NET Core + IIS + SSL
All in all, when I run the application I get prompted to select a certificate, then I am able to read the certificate and extract information out of it inside a controller. The application comes up, and I can see everything on the Home page with its banner image, but I cannot see the images that are retrieved from a javascript file and then placed on the page with DOM manipulation. This happens in IE11, and Edge, but Chrome just works fine.
Problem:
When I load a page I get prompted to select a certificate and then the page opens, but any javascript that make subsequent requests to load images (static files) hosted on the same application under wwwroot also gets prompted. When I hit F12 and monitor the network calls, this request to static files appear as Aborted in EI11 and Pending in Edge. If I open a new tab and copy the image url, I get prompted for a certificate the first time. If I navigate to different links on the application which invoke other controller's actions the pages just display fine, the main banner image of the site still displays fine. It is just the calls to static files (e.g. images) that cause the prompt for certificate to appear again. As I described above I don't have this problems when I run the application in Chrome.
I added the certificate to my device and to the simulator. If I go to the https site from Safari it works fine. If I try to do the same from my iPad Air it fails with error "the certificate is invalid.You might be connecting to a server that is pretending ..."
Why would it work from Safari but not from my app?
Thanks for any help.
If you already installed/trusted the self-signed certificate on your computer then Safari (your desktop browser) won't prompt you, whereas on iOS you haven't opted to trust the certificate. Note that iOS 7+ does not let you see which certificates you have already trusted, you can only choose "Reset Settings" to remove all trust (silly, I know).
I have made an app that will login automatically in the websites I use daily.
1 of them uses a security certificate which I have installed, when I browse it with IE I can accept the certificate and login, same with chrome, but when I browse with my app it will only show me
Navigation to the webpage was canceled
What you can try:
Refresh the page.
I'm thinking I have to somehow include that certificate on my app but I'm stuck, I've been googling about it but I can't find a straight answer.
I've read that the webbrowser control doesn't support HTTPS which the website I need to login is, if so is there any other way I can access the website within my app, maybe a different webbrowser control?
I'm using VB.net by the way.
some extra info:
I don't own the website so I cannot make any changes there.
I do have valid and legal access to the website using the certificate they issued for me.
The problem was I had browser.ScriptErrorsSuppressed = True
Somehow the browser control was taking the "Accept certificate" messagebox as script error.
this is my problem,
i've installed my ssl certificate on my website in order to use it in my facebook app.
entering the site in https mode is working fine, perfectly, so i create my facebook app, but when i try to install in the canvas i receive this message:
ssl_error_rx_record_too_long
so i think my ssl doesn't work fine with facebook, i'm wondering what type of ssl certificate i need to make my app workin fine.
there is no list of facebook talking about the kind of ssl, anybody can give me more info about this problem?
thak's in advance to all the people that will suggest me something