Creating simple asp.net core 2.0 web api application (RESTful services only) that uses windows authentication. In my controller I defined a simple test method which just returns the username (json format). When I used a restful client such as fiddler and invoke this method, e.g. http://localhost/webapi/testservice, I get a 401 Unauthorized error. However when I put that url in a Web browser, it invokes successfully and returns the user back.
My question is, why does invoking the service work on the browser but not in a REST client like Fiddler? Is there an additional header I need to add in the client when invoking the service?
Related
When I setup an ASP.Net Core MVC application, and add in the AspNetCore Authentication libraries, it handles the handshakes for OAuth 2 and OIDC's Code Authentication Flow.
However, I need to configure my Identity Provider with the callback URL to send the code to my application.
Assuming my Application is hosted at https://example.com/myapp/home what would be the callback URL that I should say my application is expecting the IDP to call?
The default callback URL for AddOpenIdConnect in ASP.NET core is
/signin-oidc
In your case (Depending on your configuration) it could be:
https://example.com/signing-oidc
You can if necessary, customize the URL that the handler is looking for using the CallbackPath property.
What happens when it is called is the following:
I am new to Identity server and wants to secure my two apps (MVC, Webapi) using it.
I have seen the example where we can invoke the webapi from MVC action method and SetBearerToken that was issued to the the MVC application. I am referring the below sample:
https://identityserver.github.io/Documentation/docsv2/overview/mvcGettingStarted.html
This is typical example of server to server communication where we are using access token issued to the MVC app for Web api.
In the same scenario, I want to call webapi from Javascript client(fro ex Angular or any one) using same access token.
"I want to pass the the access token issued to the MVC application to call WebAPI from JavaScript"
How can I utilize the token that was issued to my MVC application from the JavaScript client?
Thanks
They should be treated as different client in my opinion, I guess they are different site? For your Javascript client you should be able to find example here , you can use the javascript lib that provided in the example or write one yourself
Once you get the token, then you can call your API using AJAX, where you might face CORS problem if your webapi is on a different domain, well...that is different topic.
Hope that helps
I have a question about enabling cross-domain calls.
I have a WCF Rest service that is hosted in xyz domain. I am able to test these REST APIs from Advanced Rest Client, Postman and Fiddler. I also have a WPF application that actively calls these API which is hosted in a different domain (say abc domain) which works fine in getting responses.
However, when I created a new Angular web application and a Windows Service (deployed on abc domain), and tried calling the APIs from these two components, I am getting a 405 error.
Can someone explain:
How REST clients always are able to successfully establish a connection?
How does my WPF successfully connects to the WCF service even though
its on a different domain?
Why is my Windows Service/Web App not able to talk to WCF?
I assume that the issue here is caused by the preflight request. The browser issues this OPTIONS verb request to ask the server if the origin is allowed to call the API in a non-safe manner.
If your WCF REST service does not deal with this request, the WCF runtime will try to dispatch the request to your service implementation.
However, if the runtime does not find a method to call for this verb, it will return a 405 Method Not Allowed response.
I've dealt with this in the past by using an IOperationInvoker implementation, installed via an IOperationBehavior. This article describes a slightly different way of doing basically the same.
I've set up a ACS domain with a Relaying Party to Authenticate a WCF Service. On my client (website), I want to link to the Hosted Login Page that ACS provides for my Relaying Party. I have the Return URL configured to respond to the same page, but whenever it returns the page currently throws this error:
A potentially dangerous Request.Form value was detected from the
client (wresult="<t:RequestSecurityTo...")
How to do retrieve this SWT token and parse it to send off to the WCF service?
The ASP.NET request validation feature is kicking in here (because of the angle brackets). Either turn off request validation for the page or when on .NET 4.5 you can set the request validation mode in web.config to 4.5.
Or use this: http://leastprivilege.com/2010/07/24/wif-asp-net-4-0-and-request-validation/
I would also recommend using SAML instead of SWT. Since this is what WCF understands by default.
When i try to invoke a WCF service from an asp.net application (RP) which is authenticated by another asp.net application(IP) , I'm getting an error message with content of Login page (It is trying to reach the login page because it could not authenticate the request).
Identity Provider : _http://localhost/AuthenticatonWS/Login.aspx
Relying party Website : _http://localhost/RPWebsite/Default.aspx
WCF Service : _http://localhost/RPWebsite/Service1.svc
(In my solution I'm calling service1.svc from default.aspx.cs)
I don't want the service to be anonymous. Currently the site (RPWebsite) uses STS and trusts local Identity provider, but in production it can trust any external identity provider thru ADFS.
Can any one guide me how i can pass the token information to the service from aspx page, I did try several examples from internet but i could not get it working.
The problem could very well be that the RPWebsite uses ClaimsAuthorizationModule in <system><httpModules> or <system.webserver><modules> in web.config. This causes any web service call to be redirected to the STS for authentication, as if it were an interactive browser request, as you observed.
Alternatively, this module can be added in the WIF-specific section of web.config, that is, in <microsoft.identityModel><service>, and in this case this module is only used for claims-based WCF web service calls. You add it in the following form: <claimsAuthorizationManager type="MyNamespace.CustomClaimsAuthenticationManager, MyAssembly"/>. (This type must extend ClaimsAuthorizationManager, as described in the WIF documentation page "ClaimsAuthenticationManager, ClaimsAuthorizationManager, and OriginalIssuer".)
Reference: Vittorio Bertocci, "Programming WIF", p. 43.
I think there are several options:
Using Persistent Authentication Cookies that support multiple client sessions. Or support sharing session between your RP and WCF service, so that WCF can re-utilized the authentication cookies issued for RP when RP makes a call to WCF service. To be honest, I have never tried to implement this in action. It is just my theory.
Create an separate authentication service which require no user-interaction (such as entering username/password). And then you have plenty of way to call WCF from your RP:
From your RP, ask the authentication service to issue a token for WCF; attach the token into request header of WCF call (e.g.: Authorization); then call WCF service. This requires a custom HttpModule to accept custom request header containing token at WCF service.
From your RP, you can also store UserName/Password, or an unique user identity claim which could identify the user; attach those information into request header of WCF call (e.g.: Authorization); then call WCF service. This also requires custom HttpModule to accept custom request header at WCF service.
I would recommend the second option, which you could find more useful information and guideline from Dominick Baier's blog.
Just my 2 cents.