Converting to SSL Trashing datasource - ssl

Got my web site pretty much set the way I needed it and so went ahead and converted the site to SSL installing a certificate and then rebuilt my project and pushed it up to the sub folder figuring that would be it. It wasn't the case!
What I have is a two tier'd web site with a landing site that is Anonymous and then a application sub site in a subfolder which uses Windows authentication. The landing site/page works fine yet but when you click on the link to launch the web app and initiate the web app in the sub folder where the Windows authentication is taking place, you are prompted for credentials as you should but upon validation you get this error:
Server Error in '/CInTrac' Application.
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for
user 'NT AUTHORITY\ANONYMOUS LOGON'.
Source Error:
An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the exception
can be identified using the exception stack trace below.
Stack Trace:
[SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.]
Now admittedly this is my first time setting up SSL so I'm sure that there are things that I could be missing here and so I've likely made some mistakes here but what one earth would cause this to act this way. There is no anonymous calls in the code at all and this runs fine in VS on the desktop. It did run fine prior to setting up the certificate on the server
Any suggestions would be greatly appreciated!
Thanks
Ken...

For some reason, I had to switch to using Basic Authentication with ASP.NET Impersonation enabled (Impersonating the authenticated user) in order to get this to work with the SSL certificate in place. After doing so all was fine.

Related

Domain glassfish requires authentication with the realm 'dolmen'

In my work I give support to users, and the following problem has been sent to me.
Logs Jenkins: (Automated tests that run in the night)
[HttpAuthenticationRequestFilter$UPDCredentialsProvider] Domain
request authentication with the realm 'dolmen'
Logs Server:
23/01/2018 01:28:25.637 [http-thread-pool-8080(15)] WARN java.util.logging.Logger.doLog WEB9102: Web Login Failed:
com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception
23/01/2018 01:28:25.646 [http-thread-pool-8080(29)] ERROR java.util.logging.Logger.doLog jdbcrealm.invaliduserreason
Via asadmin I've checked that the realm dolmen exists
asadmin> list-auth-realms
Authentication failed with password from login store: /root/.asadminpass
Enter admin password for user "admin">
admin-realm
file
certificate
dolmen
pnf-realm
Command list-auth-realms executed successfully.
asadmin>
What could be the problem?
UPDATE 1)
I was able to reproduce the error in SOAPUI. During the call to the web service, I noticed that if I change a letter in the login user or password, I can see the error message : " request authentication with the realm 'dolmen'"
Log SOAPUI:
But as you can see, in the image "Log SOAPUI:" I also have a HTTP 401.
In SoapUI Preferences, I notice that the option "Authenticate Preemptively" was disable. After enable the option "Authenticate Preemptively" I was able to finish a test in my local machine without error.
In the machine where Jenkins is installed (Where the Automated tests run in the night), I notice that the file soapui-preferences.xml does not exist. So maybe the solution for the problem is here.
I'm waiting for a time frame to be able to test without impacting testers.
I will keep you posted.
UPDATE 2)
To get rid of this problem I've rebuild my glassfish domain.

ASP.NET Core Auth0 - Unable to unprotect the message.State

We have Auth0 enabled for a site and it has been working well for quite some time.
All of a sudden when I enter the site and get redirected to Auth0 to enter my crendentials (and press login), I get faced with a screen with the following message.
An unhandled exception occurred while processing the request.
Exception: Unable to unprotect the message.State.
MoveNext AggregateException: Unhandled remote failure.
MoveNext
If I repeatedly refresh my site with /signin-auth0 at the end of the url the same error screen is shown.
Now when I repeated all steps from start (meaning entering my site) it all of a sudden work. What's this error anyway?
This was resolved by the Auth0 team as a bug in Auth0's transmission of the state parameter for social logins, notably Google. Things should be working normally again.

fail to authenticate after deployment

I have a web application using glassfish and form authentication (j_security_check). All the passwords and usernames are stored in a javaDB (derby). I was able to log into the system while developing on the localhost and now that I deployed the app to AWS whenever I try to log in with a user (I have checked that the user actually exists in the DB), I always get the same error (that i normally get when entering wrong details) i.e. WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed.
Any ideas what it might be? I don't even know what info to provide since the issue doesn't even throw an exception or something. thanks

Sharepoint: OpenSearch common forms/cookie authentication

I have an OpenSearch provider that I am trying to integrate with Sharepoint (Online). This provider is protected by authentication.
Sharepoint supports Cookie or Form authentication for OpenSearch. When I give a url with login page and click Enter Credentials it shows my page, I enter my credentials and it shows popup asking if authentication was successful. I clicked yes and then it gives the following error:
"An error occurred when communicating with the remote server. This may be because the URL provided was malformed or the site might be unavailable or it could not be reached within the specified timeout or the proxy settings are not configured."
I have tried multiple sites, including for example google:
https://accounts.google.com/ServiceLogin?hl=fr&continue=https://www.google.fr/%3Fgfe_rd%3Dcr%26ei%3D9j-lVdXLMYXF8AesrK-4Dg%26gws_rd%3Dssl#identifier
Do you know if there are some required configuration on the site?

HTTP Error 401.0 - Unauthorized in IIS 8.5

There are quite a lot of threads and questions about this issue. However, non-of them helped me.
I have got an MVC4 app running on IIS8 without any probblem. I need to move this app to Windows 2012 R2 Server which has IIS8.5.
Whichever user I give access to folder, I still get following exception.
HTTP Error 401.0 - Unauthorized
You do not have permission to view this directory or page.
Most likely causes:
The authenticated user does not have access to a resource needed to process the request.
Here is the error trace screenshot
Regarding IIS Site Setup, Anonymous Authentication and Forms Authentication are enabled.
Lastly, I have given Server\IIS_USERS, App Pool Account, IUSR, Server\Users readn and write access to make it work, but still same error.
Could anyone help me with this please?
Thanks.