Created a custom web service that is deployed as a farm solution to SP2013. Added managed path to ISAPI folder for this service in the VS Project.
Added C:\inetpub\wwwroot\wss\VirtualDirectories\80
<location path="_vti_bin/FCWebServices.svc">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
Also added C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\ISAPI\web.config
<location path="FCWebServices.svc">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
Calling from IE or Chrome the appropriate path "http://host/_vti_bin/FCWebServices.svc/GetOffCanvasNavigation" -- I get a the expected data back as a HTTP 200. Calling from JQuery $.ajax call I get a 401 (just calling the webservice method itself, even with any SP2013 API calls commented out).
I would like for this web service call to be anonymous and it will be on a public facing SharePoint 2013 site.
Here is the headers dump of the web request:
Request URL: http://host/_vti_bin/FCWebServices.svc/GetOffCanvasNavigation
Request Method: OPTIONS
Status Code: 401 / Unauthorized
- Request Headers
Accept: */*
Accept-Encoding: gzip, deflate
Access-Control-Request-Headers: content-type, accept
Access-Control-Request-Method: GET
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 0
Host: fcit-mcvm2
Origin: file:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2486.0 Safari/537.36 Edge/13.10586
- Response Headers
Access-Control-Allow-Origin: *
Content-Length: 16
Content-Type: text/plain; charset=utf-8
Date: Mon, 06 Jun 2016 14:50:50 GMT
Location: /_login/default.aspx?ReturnUrl=%2f_vti_bin%2fFCWebServices.svc%2fGetOffCanvasNavigation
MicrosoftSharePointTeamServices: 15.0.0.4569
request-id: eb85839d-472b-d06e-9fc9-c1e40fcec15a
Server: Microsoft-IIS/8.5
SPIisLatency: 155
SPRequestDuration: 1336
SPRequestGuid: eb85839d-472b-d06e-9fc9-c1e40fcec15a
WWW-Authenticate: NTLM
X-Content-Type-Options: nosniff
X-FRAME-OPTIONS: SAMEORIGIN
X-MS-InvokeApp: 1; RequireReadOnly
X-Powered-By: ASP.NET
Console error logged:
HTTP401: DENIED - The requested resource requires user authentication.
(XHR): OPTIONS - http://host/_vti_bin/FCWebServices.svc/GetOffCanvasNavigation
Any ideas what I need to do to eliminate the 401's?
Mark
I ended up creating a Web API2 solution outside of sharepoint and integrated with CSOM. In order to accomplish what I wanted to do originally, I would have had to do a lot of header hacking and work around's in SharePoint and hope it did not break.
Related
I have created an employee portal for the company I work for but am having an issue on rewriting my Internal Hostname with the Portal's Hostname for a Content-Type of "multipart/mixed".
Below is the content I am trying to replace.
HTTP/1.1 202 Accepted
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips
Content-Type: multipart/mixed; boundary=294D9B061EABA796BC8484AAC5CB4BB90
dataserviceversion: 2.0
Content-Length: 604
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Date: Sun, 16 Sep 2018 16:03:06 GMT
Connection: keep-alive
X-Akamai-Staging: ESSL
--294D9B061EABA796BC8484AAC5CB4BB90
Content-Type: application/http
Content-Length: 436
content-transfer-encoding: binary
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 339
dataserviceversion: 2.0
{"d":{"results":[{"__metadata":{"id":"https://www.internalhostname.abc/sap/opu/odata/sap/ZABC_MY_PAYSTUBS_SRV/ConcurrentEmploymentSet('anotherValue')","uri":"https://www.internalhostname.abc/sap/opu/odata/sap/ZABC_MY_PAYSTUBS_SRV/ConcurrentEmploymentSet('anotherValue')","type":"ZABC_MY_PAYSTUBS_SRV.ConcurrentEmployment"},"Pernr":"anotherValue","AssignmentText":""}]}}
--294D9B061EABA796BC8484AAC5CB4BB90--
I am using the Apache HTTP 2.4. And am familiar with the Substitute command.
I have a section:
<Location "/sap">
SetOutputFilter INFLATE
AddOutputFilterByType SUBSTITUTE application/http
AddOutputFilterByType SUBSTITUTE application/json
AddOutputFilterByType SUBSTITUTE application/xml
AddOutputFilterByType SUBSTITUTE multipart/mixed
Substitute 's|www.internalhostname.abc|portal.abc.com|ni'
</Location>
Background
Specs:
OctoPrint 1.3.4 (master branch)
Apache/2.4.10 (Debian) using mod_proxy
I'm trying to run a reverse proxy on my Apache server to OctoPrint as is specified in the developer's Reverse proxy configuration examples.
This is my Apache proxy configuration inside my vhost:
<Location "/3d">
AuthType Basic
AuthName "-----------"
AuthBasicProvider file
AuthUserFile "------------------"
Require user -------------
ProxyPass "http://192.168.------:5000"
ProxyPassReverse "http://192.168.------:5000"
RequestHeader set X-SCRIPT-NAME /3d/
RequestHeader set X-SCHEME https
</Location>
However, on successfully loading the OctoPrint interface through the proxy, I am unable to login, getting the error:
POST https://-----------/3d/api/login 400 (Bad Request) in the network tab on Chrome.
Here's the request headers of both the proxy:
POST /3d/api/login HTTP/1.1
Host: -------------
Connection: keep-alive
Content-Length: 16
Authorization: Basic -----------------
Origin: ----------------
User-Agent: --------------
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
X-Api-Key: -------------------
Referer: https://----------/3d
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.8
Cookie: session_P443=----------------; PHPSESSID=-------------; JSESSIONID=dummy
And directly from the local IP (not through the proxy):
POST /api/login HTTP/1.1
Host: 192.168.0.-------:5000
Connection: keep-alive
Content-Length: 16
Origin: http://192.168.0.------:5000
User-Agent: -------------
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/javascript, */*; q=0.01
Cache-Control: no-cache
X-Requested-With: XMLHttpRequest
X-Api-Key: --------------
Referer: http://192.168.0.------:5000/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
Cookie: session_P5000=-------------------------------
Question
What is causing this POST https://-----------/3d/api/login 400 (Bad Request) error and how do I fix?
Thanks ahead!
Nevermind, Mod_Security was blocking the POST request for containing JSON.
Look at the logs dummy.
I have a project which is protected by std AuthUserFile-directive in .htaccess.
Everything is quite simple and has already been fine on another server. Here is the content of my .htaccess:
The .htaccess:
AuthName "Adminbereich"
AuthType Basic
AuthUserFile /srv/www/passwords/.htpasswd-office
<Files *.php>
require valid-user
</Files>
The .htpasswd-office gets accessed. If I call http://user:pass#host/ I get in. If I just call http://host/ I get this message immediately ...
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
... without any login-box showing. What could be the cause of this?
This is a example-header from here: http://www.pagetutor.com/keeper/mystash/secretstuff.html
HTTP/1.1 401 Authorization Required
Date: Thu, 01 Nov 2012 21:38:27 GMT
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
WWW-Authenticate: Basic realm="My Secret Area"
Accept-Ranges: bytes
Content-Length: 343
Content-Type: text/html
And this is my header:
HTTP/1.1 401 Authorization Required
Date: Thu, 01 Nov 2012 21:36:41 GMT
Server: Apache/2.2.20 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
The magic WWW-Authenticate: Basic realm="..." is missing and I have no idea why...
I use the standard ubuntu (11.10) apache (2.2.20) without any modifications...
I have a strange issue whereby including the following syntax in my Apache 2.4.1 httpd.conf causes "502 Bad Gateway" errors when retrieving swf files via HAproxy:
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript text/javascript
When I remove this config line the 502 Bad Gateway error goes away.
The server returns these response headers on a successful request:
Date: Wed, 11 Apr 2012 20:24:12 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8
200 OK
I fixed this by updating to Apache 2.4.2 (there was a mod_deflate seg fault bug in 2.4.1) and adding:
Header append Vary User-Agent
Beneath the AddOutputFilterByType line.
I have a really weird issue. I have an IIS6 backend server.
If a site on IIS is configured to .net 2.0/3/3.5 then apache does a great job.
If the site is configured to .net 4.0, apache serves up a 400 bad request.
I've attached http headers and I can see the correct apache and correct iis server is hit, and the correct site on the iis server.
If i go directly to the server it works great to in both modes.
It's just the combination of apache (https) connecting to IIS6 (http) running a .net 4.0 site.
Here's some packet samples
Failing request
GET http://www.domain.com/ HTTP/1.1
Host: www.domain.com
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Via: 1.1 domain.com
X-Forwarded-For: [ipaddress]
X-Forwarded-Host: www.domain.com
X-Forwarded-Server: domain.com
Connection: Keep-Alive
Failing response
HTTP/1.1 400 Bad Request
Connection: close
Date: Fri, 11 Mar 2011 02:24:34 GMT
Content-Type: text/html; charset=utf-8
Working Request
GET / HTTP/1.1
Host: www.domain.com
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.127 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Connection: Keep-Alive
Working Response
HTTP/1.1 302 Found
Date: Fri, 11 Mar 2011 02:29:12 GMT
Location: /Account/Login/?ReturnUrl=%2f
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 146
These two requests are for the same site, one via proxy one direct. The only thing I can see of any significance is the value for each get. One is a path and the other is a domain and path. But as I mentioned, all I have to do I switch the website in IIS6 to use the 2.0 runtime and not the 4.0 runtime.
Anyne got any ideas about what might be the problem?
The answer to this question was a mistake in the configuration of the virtualhost in apache
I had to comment out the ProxyRemote directive that i had in there by mistake.