Using NLog webservice target
https://github.com/nlog/NLog/wiki/WebService-target
I am getting a 401 when the target api is using windows auth.
Error Error when sending to Webservice: ws Exception: System.Net.WebException: The remote server returned an error: (401) Unauthorized.
If I allow anonymous, it all works
Im trying to use impersonation in the call to the logging step. However, the above exception is generated in the NLog internal log file (i turned that on).
if (user.ImpersonateValidUser())
{
try
{
Logger logger = LogManager.GetCurrentClassLogger();
LogEntry l = new LogEntry()
{
AppName = "MyTestController",
LoggedOnDate = DateTime.Now,
LogMessage = "this is a test",
LogType = 1,
ServerName = "dev-test3"
};
logger.Error(l);
}
}
How can I call a webservice target that uses windows auth?
Unfortunately the Webservice target isn't supporting authentication. You could use the LogReceiverService target, see also How can I enable Security in LogReceiverService (NLog)
Related
I am trying to connect SharePoint in a console app using SharePoint App-Only Principal Authentication. I've registered the app by creating a clientId and clientSecret, grant the tenant scoped permission and trust. My permission request XML:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
I am using PnP.Framework for authentication but still give me an error 401 unauthorized.
My code are as follow:
using (var clientContext = new AuthenticationManager().GetACSAppOnlyContext(siteUrl, clientId, clientSecret))
{
var web = clientContext.Web;
clientContext.Load(web, w => w.Title);
clientContext.ExecuteQuery();
Console.WriteLine(web.Title);
};
The error I get is:
Unhandled exception. System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.SharePoint.Client.SPWebRequestExecutor.Execute()
at Microsoft.SharePoint.Client.ClientRequest.ExecuteQueryToServer(ChunkStringBuilder sb)
at Microsoft.SharePoint.Client.ClientRequest.ExecuteQuery()
at Microsoft.SharePoint.Client.ClientRuntimeContext.ExecuteQuery()
at Microsoft.SharePoint.Client.ClientContext.ExecuteQuery()
Any help will be appreciated.
I need help configuring an SOAP request with basic authentication (http) in ASP.NET 5.0 Core/ ASP.NET 3.1 Core (VS2019).
I have built an ASP.NET Core Web API (.NET 3.1/5.0) project in order to consume a SOAP service that have basic authentication. But my code fails to send the basic authentication data to the service, when I run the project in VS2019 I get this exception:
Exception thrown: 'System.ServiceModel.Security.MessageSecurityException' in System.Private.CoreLib.dll
An exception of type 'System.ServiceModel.Security.MessageSecurityException' occurred in System.Private.CoreLib.dll but was not handled in user code
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="test"'
The SOAP service is configured by .NET Core "Connected Services" (Microsoft WCF Web Service Reference Provider) with the WSDL.
I'm trying to create the http binding with the following code:
MyService.UpdateReq invoiceInfo = new MyService.UpdateReq();
MyService.JRPClient updateREQ = new MyService.JRPClient();
((BasicHttpBinding)updateREQ.Endpoint.Binding).Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
((BasicHttpBinding)updateREQ.Endpoint.Binding).Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Basic;
updateREQ.ClientCredentials.UserName.UserName = "username";
updateREQ.ClientCredentials.UserName.Password = "pwd";
MyService.ResponseType response = new MyService.ResponseType();
response = updateREQ.UpdateReq(invoiceInfo);
Also I have changed the %PortTypeChannel file with:
private static System.ServiceModel.Channels.Binding GetBindingForEndpoint(EndpointConfiguration endpointConfiguration)
{
System.ServiceModel.BasicHttpBinding result = new System.ServiceModel.BasicHttpBinding();
result.Security.Mode = BasicHttpSecurityMode.Transport;
result.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
result.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Basic;
return result;
But now it fails with other message:
Exception thrown: 'System.ArgumentException' in System.Private.ServiceModel.dll
An exception of type 'System.ArgumentException' occurred in System.Private.ServiceModel.dll but was not handled in user code
The provided URI scheme 'http' is invalid; expected 'https'
I tryed the soap service with soapUI, added the basic authentication to it and it worked.
Thanks
The solution that worked for me was to code to Base64 the user and password:
MyService.JRPClient updateREQ = new MyService.JRPClient(); // SOAP Client
updateREQ.ClientCredentials.UserName.UserName = "username";
updateREQ.ClientCredentials.UserName.Password = "pwd";
MyService.ResponseType response = new MyService.ResponseType();
using (OperationContextScope scope = new OperationContextScope(updateREQ.InnerChannel))
{
var httpRequestProperty = new HttpRequestMessageProperty();
httpRequestProperty.Headers[System.Net.HttpRequestHeader.Authorization] = "Basic " + Convert.ToBase64String(Encoding.ASCII.GetBytes(updateREQ.ClientCredentials.UserName.UserName + ":" + updateREQ.ClientCredentials.UserName.Password));
OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] = httpRequestProperty;
response = updateREQ.UpdateReq(invoiceInfo); // Consume SOAP service
}
We have an issue where our web app calls to CRM via Microsoft.Xrm.Sdk OriganizationServiceProxy are failing to authenticate. The issue appears to be environment specific i.e. the calls work on our DEV web server but fail when the app is promoted to our System Test environment. The code that fails is as follows:
using (var serviceProxy = this.serviceFactory.Impersonate(userProvider.PrincipalUserName).ServiceProxy)
{
var countResult = serviceProxy.RetrieveMultiple(new FetchExpression(query));
int? count = 0;
var entity = countResult.Entities.FirstOrDefault();
if (entity != null)
{
count = (int?)((AliasedValue)entity["activity_count"]).Value;
}
return count.Value;
}
The error that appears in our logs is:
System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)
--- End of inner exception stack trace ---
I have double checked the apppool identity of the IIS site and CRM settings. Is there anything obvious here that we may have missed?
I found the connection to CRM Online was taking the longest time so I create one instance to pass round of the OrganizationServiceProxy with explicit credentials that I can easily switch between environments.
IServiceManagement<IOrganizationService> management = ServiceConfigurationFactory.CreateManagement<IOrganizationService>(new Uri(CrmUrl));
ClientCredentials credentials = new ClientCredentials();
credentials.UserName.UserName = CrmUserName;
credentials.UserName.Password = CrmPassword;
AuthenticationCredentials authCredentials = management.Authenticate(new AuthenticationCredentials { ClientCredentials = credentials });
SecurityTokenResponse securityTokenResponse = authCredentials.SecurityTokenResponse;
OrganizationServiceProxy orgProxy = new OrganizationServiceProxy(management, securityTokenResponse);
orgProxy.EnableProxyTypes();
_xrmService = new XrmServiceContext(orgProxy)
Ok so i tried hosting the simplest oauth sample and the identity server both on iis, i have enable cors on the simplest oauth sample. So when i test the api using the javascript implicit client, on iis express it works flawlessly, it gets the token then when the token is sent the web api checks the token and authorizes the javascript client. the problem happens when i move the javascript imlicit client, the identity server, and the simple oath web api is hosted on iis, the javascript brings back the token correctly but when the token is sent to the web api it always return 401 unauthorized. So is there any configuration i have to add in order to run it on iis. i have made sure that anonymous authentication is the only enab;ed authentication mode. Any help or pointer is deeply appreciate.
I am trying to implement the samples given on iis. thanks for the help
I had the same issue. It was coming from my self signed certificate.
Try adding to your IdentityServerOptions
RequireSsl = false
and switch the WebApi Authority to use http.
Edit
Server Side Configuration
public void ConfigureIdentityServer(IAppBuilder app)
{
//Configure logging
LogProvider.SetCurrentLogProvider(new DiagnosticsTraceLogProvider());
//This is using a Factory Class that generates the client, user & scopes. Can be seen using the exmaples
var IdentityFactory = Factory.Configure("DefaultConnection");
app.Map("/identity", idsrvApp =>
{
idsrvApp.UseIdentityServer(new IdentityServerOptions
{
SiteName = "Security Proof of Concept",
SigningCertificate = LoadCertificate(),
Factory = IdentityFactory,
CorsPolicy = CorsPolicy.AllowAll,
RequireSsl = false
});
});
}
JavaScript
After receiving the token make sure it's inserted in the Authorization Header..
JQuery Example
$.ajax({
url: 'http://your.url',
type: GET,
beforeSend: function (xhr) {
xhr.withCredentials = true;
xhr.setRequestHeader("Authorization", " Bearer " + apiToken);
}
});
WebApi Resource
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
//Location of identity server make full url & port
Authority = "http://localhost/identity",
RequiredScopes = new[] { "WebApiResource" }
//Determines if the Api Pings the Identity Server for validation or will decrypt token by it's self
//ValidationMode = ValidationMode.Local
});
Best way to determine what is happening is enable logging.
I have configured authorization via certificate. When I use NamespaceManager to GetSubscription works fine, but when I try execute any method from MessagingFactory I receive System.UnauthorizedAccessException.
string connectionString = CloudConfigurationManager.GetSetting("Microsoft.ServiceBus.ConnectionString");
var namespaceManager = NamespaceManager.CreateFromConnectionString(connectionString);
SubscriptionDescription subscriptionDescription = namespaceManager.GetSubscription("testTopic", "testSubscription"); // executed properly
var messagingFactory = MessagingFactory.CreateFromConnectionString(connectionString);
var exist = namespaceManager.TopicExists("TestTopic"); // throws exception
Stack trace:
System.UnauthorizedAccessException was unhandled
HResult=-2147024891
Message=The remote server returned an error: (401) Unauthorized. Authorization failed for specified action: Manage..TrackingId:d8648c5a-5185-41c8-b787-72332403b7d9_*******,TimeStamp:2014-07-14 08:34:22
Source=Microsoft.ServiceBus
What's the matter?
For use NamespaceManager you must be in ManageUsers in Service Bus Namespace. To add user to existing namespace you can use ps Set-SBNamespace
You must be in the ManageUsers list in Service Bus Namespace or have the Authorization rule that gives you the Manage right on the Topic that you are getting the subscriptions for.