Our application is deployed in Liberty PCF and it is ADFS configured. If we try to access the swagger UI, we are getting the error as "Can't read from server. It may not have the appropriate access-control-origin settings.". and in network console showing,
Status Code: 401 Unauthorized
{"error_description":"OpenID Connect client failed the request...","error":401}
IF, we remove the ADFS configuration in this application then swagger ui is loading properly.
Here my questions are,
How to skip authorization for swagger UI? or
How to handle ADFS authentication for Swagger UI?
Your answer is more valuable. Thanks in advance.
Related
How do I configure SignalR to Authenticate/Authorize to a server that is must be protected by Windows Authentication. There appears to be no way to make the JavaScript Client send Credentials with the request.
Windows authentication should be handled by the browser and you should not have to do anything special. The problem is that Chrome does not seem to handle Windows Authentication correctly. There is a thread on github that contains more details.
Also, SignalR MVC 5 Websocket no valid Credentials seems still to apply as the issue is browser related (i.e. external to SignalR).
I have followed all the steps mentioned in the following link to implement oAuth authentication for connecting to VSO:
https://www.visualstudio.com/en-us/integrate/get-started/auth/oauth
It involves creating a azure web site and the token in returned to it which is used for further processing.
My requirement is to create a service which will connect to VSO using oAuth authentication and fetch/create the work items.
I want to know how to configure the call back url in case of using a service.
Firstly, please take note that: Right now, it is only supported to register web application, it is impossible to register a WCF service project.
If you would like to register a web application and would like to get the call back URL, please check my reply in this link for the detailed steps: callbackurl while connecting to vso using oAuth
I have two separate projects
MVC Web App
MVC Web API
I have published both on my IIS 7.5
My Web App is hosted on 7172 port
and Web API is hosted on 7171 port
Strangely iam not able to call jquery.ajax() from my web app (7172) to web api (7171) port. It gives me 405 Method not found error code.
But if i write the same jquery.ajax() in my web api project (7171) and call web api method then it work fine and returns data.
I want to call web api from my web app.
Any suggestion would be appreciated.
Thanks in advance.
This has to do with the Same Origin Policy. By default, you can't execute an AJAX call to another domain (both on name, port and protocol).
If you want to enable this you should use Cross-origin resource sharing (CORS). CORS can be used with Web API by installing a (prerelase) NuGet package: Microsoft ASP.NET Web API Cross-Origin Support
This package allows you to configure which domains can call your service. You can find a walk trough here Enabling Cross-Origin Requests in ASP.NET Web API. In essence it comes down to adding attributes to your controllers like this:
[EnableCors(origins: "http://myclient.azurewebsites.net", headers: "*", methods: "*")]
You're running into the same-origin/cross-domain security policy. The port used is part of the origin calculation. A bit of Javascript loaded from (say) localhost:80 cannot make an AJAX request to localhost:8080, because the port numbers don't match. The 405 error you're getting is almost certainly coming from your Web App, not the API - check the server logs for the app, and you'll see the ajax hit in there.
I'm using the WCF Web API (the latest version, which I think is 0.5, obtained from the VS2010 Ultimate integrated package dependency GUI).
I've got a simple API class exposed and in each method I'm making a call that performs authorization against the user. When the user is unauthorized, I throw an HttpResponseException with the 401/unauthorized code.
This works, and you can see that at some point in the Http Handler chain, the 401 was trapped. The problem is that the site in which the API resides contains ASP.NET Forms authentication... and so when it sees the 401, it tries to forward my client request to the logon page.
How do I disable this behavior for a particular sub-directory within my site? I've tried setting a location of "api" always allowing users... but I still throw a 401 which still causes ASP.NET to try and redirect me to the logon page.
I'm sure I'm just missing a simple configuration setting that tells forms auth to ignore requests for the /api/* directories, but I can't find any information on it.
I have described the problem and it's solution here (with Preview4): Basic Authentication with WCF Web API hosted in IIS / Getting a 404 - Disable Forms Authentication Redirection
I'm looking for a complete step-by-step guide or a sample project about implementing a RESTful Service using .NET 4.0 using Custom Basic Authentication over HTTPS hosted in IIS.
I've been googling about it for 3 days and I could only find either an implementation with WCF 3.5 which is very different, or without Custom Basic Authentication, or without SSL.
Basically I implemented my REST service on WCF 4, and added SSL, but I can't use a custom authentication using my custom users database.
Any references would be really appreciated.
It's not currently possible using the available WCF extension points.
It is possible with custom HTTP module allowing basic authentication against custom credential store. Built-in module in IIS supports only windows accounts.
I wrestled with this for a while and ended up just implementing basic auth in my service. Check WebOperationContext.Current.IncomingRequest.Headers for an 'Authorization' header. If it's missing or the credentials don't match set the challenge header and return a 401 status:
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException<string>("Username and password needed", HttpStatus.Unauthorized);
That's enough to trigger a browser to prompt the user for credentials. See https://www.rfc-editor.org/rfc/rfc2617 for more on basic auth, http://ithoughthecamewithyou.com/post/Basic-HTTP-auth-for-an-IIS-hosted-WCF-4-RESTful-service.aspx for more on this frustrating missing capability.