I am using Sagepay InFrame Server integration. and I am using windows authentication and when I am calling the Sagepay from my portal page (on click of the payment button),I am getting below error. and When I tried with the Forms Authentication, it is working fine.
Could you please help me to sort out this issue?
Thanks.
This is occurring because Sage Pay cannot reach your NotificationURL. You should make sure that your NotificationURL is externally visible on the internet, without authentication.
Related
I know this might be a very unusual question but I have been using IdentityServer 4 on .Net Core 2.1 for quite a while, serving all sorts of different APIs/Clients/Mobile Apps with connection to the internet at 'all times'.
Now I have encountered an interesting scenario where a User will have access to the internet and be able to authenticate with IdentityServer once but might not have access to internet after an X amount of time (X could be minutes/hours/days), but I still need to authenticate that user and login to use the 'offline features' of the app (even after closing the app).
I have thought about caching some credentials to then verify that the user is valid or using a system where I send an SMS code to then verify the user has the right phone (But that will only work if the app is on a mobile device, hence, not ideal). I'm still not set on any of the options.
I just wanted to ask if anyone else has encountered a similar problem like this, any suggestions would be appreciated. Please have in mind that the user may be logged out after using the app and still needs to be authenticated even if there is no internet connection. I like IdentityServer4 quite a lot, so I will prefer to keep it that way, and My App is developed using Xamarin Forms (iOS, Android, UWP), and the IdentityServer instance is on the cloud.
Thanks a lot for the help, any suggestion is appreciated.
Since only your service will know how to authenticate someone using their server-side credentials how about using the local secure platform features of the device (Secure Enclave, SafetyNet, whatever Windows does)?
The end result is that the user can use their already-configured PIN / fingerprint / faceprint to access your app, all backed by tamper-proof security hardware.
This also gives you the option to allow users to sign in only using their local credential by unlocking a previously stored refresh token. My banking app works like this for example - modern phones are really quite secure by default.
If you want to get fancy you could also enroll their device as a WebAuthn authenticator in your IdentityServer4 service and they could then use the same method to authenticate with the server when necessary.
I'm working on a website that needs to be authenticated to via windows authentication in iis. To access this website you are required to login using windows authentication on another site.
I want to pass that windows authentication to my website so they do not need to log in. is this possible? and how? Ive looked through impersonation and keroberos but they dont seem to by what I'm looking for. The site also needs to have the correct credentials because the windows user is a parameter to get sql information for each individual user.
Thanks for the reply!, after a few hours of trial and error i found that it is paritally browsers issues and partially authentication issues. In firefox and chrome the authentications persist through, but not in IE. The solution was to change the authentication to windows authentication, then change the provider to Negotiate:kerberos in the authentication Configuration in IIS.
I am developing a mobile application using Worklight, in which when a user signs in after authentication he should not sign in again and again. Could you please tell me how to keep the user logged in?
Check out the 'Form based authentication in hybrid applications' project in the Getting Started page: http://www.ibm.com/developerworks/mobile/worklight/getting-started.html#GS_security
There is also another feature of Worklight called 'heartbeat' which keeps your session alive by sending a simple request to the server. This also happens automagically without need configuration. It can be configured see here for more information (http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/index.jsp?topic=%2Fcom.ibm.worklight.installconfig.doc%2Fadmin%2Fc_optimizing_and_tuning_of_ibm_wl_server.html&resultof%3D%2522%2568%2565%2561%2572%2574%2562%2565%2561%2574%2522%2520).
Can you give more context to your question so the community can help figure out the problem? What version of Worklight are you using?
Folks,
I just moved to VS 2012 from VS 2010. I am still figuring out the new SimpleMembershipProvider and OAuth provider.
After creating a default "Internet" project, I enabled Google client. It seems now I can login using either local username/password or Google authentication.
I would appreciate it if someone can help me understand the following:
I would like only authorized users to login. It seems any Google user is able to login at the moment. How do I prevent this?
I would like to set it up such that although anyone can request for "registration," only admins will decide who is allowed to access the system. How can I achieve this?
Is there a way to completely get rid of local username/password and just use Google authentication instead?
Thank you in advance for your help.
Regards,
Peter
Did you look at Using OAuth Providers with MVC 4
There is a tutorial witch shows how you authenticate with Facebook account (with Google will be same), but authorization process need some "wizard". And after success registatrion wizard user is allow to access website. Of course you will have to change above wizard to your needs.
I have an WinJS metro application that I'm using to connect to a remote webservice that same domain. I read up on the app manifest capability (well the little that is present online) and was hoping that I would be able to use the logged in users credentials to access this webservice without requiring them to login.
I'm trying to authenticate to the webservice via a post using a contentType: "application/x-www-form-urlencoded;charset='utf-8'". This application was previously a website that would prompt the user for login credentials in the authentication step using the aforementioned post. In the WinJS metro application I'm effectively using the same code (minor tweaks) to achieve the same result.
Has anyone had experience with Enterprise Authentication in a WinJS metro application and could better explain what types of resources I would/wouldn't have access to. I'm hoping this isn't specific to accessing things like file shares and intranet sites.
I had this exact issue as well. After ensuring the following Capabilities were enabled in the package.appxmanifest:
Enterprise Authentication
Internet (Client)
Private Networks (Client & Server)
I had to still add the URL of our web service to Internet Explorer's list of Intranet Sites. Only then did the prompt go away.