Currently ActiveMQ server accepts any username, password I supply from ActiveMQConnectionFactory. User authentication doesn't work.
In JAVA I used this:
String messageBrokerUrl = "tcp://localhost:61616";
ActiveMQConnectionFactory connectionFactory = new ActiveMQConnectionFactory("admin", "xyz", messageBrokerUrl);
connection.start();
this.session = connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
DestinationSource ds = connection.getDestinationSource();
Set<ActiveMQQueue> queues = ds.getQueues();
As you can see username password combination do not match. Still works for me.
Username: admin, password: admin is the correct combination.
Thanks.
Related
I am working on a requirement where I need to validate user with active directory account.
For this I have used LdapConnection with NetworkCredential and PrincipalContext and in all cases I am able to validate user without SSL.
But I need to use validate user with SSL. I have also used the correct port i.e 636/TCP LDAP SSL
Following is the code I did with PrincipalContext
using (principalContext = new PrincipalContext(ContextType.Domain, ldapServerIp, null, ContextOptions.Negotiate | ContextOptions.SecureSocketLayer, userName, password))
{ bool isCredentialValid = principalContext.ValidateCredentials(userName, password);}
Following is code I did with
using (ldapConnection = new LdapConnection(ldapServerIp))
{
var networkCredential = new NetworkCredential(_username, _password, ldapServerIp);
ldapConnection.SessionOptions.SecureSocketLayer = true;
ldapConnection.AuthType = AuthType.Negotiate;
ldapConnection.Bind(networkCredential);
}
Does anyone have did this earlier successfully. If there is any solution that will be very helpful.
Both of those should work just fine, as long as you specify the LDAPS port (usually 636). So your ldapServerIp variable should be set to something like example.com:636.
I use this tutorial Microsoft Email Configuration for .net Core,
Everything works correctly, something I wonder. In the traditional smtp setup we were specifying the password along with the email, why doesn't the SendGrid system require a password for email?
Traditional smtp setup we enter password with email as below.
var smtpClient = new SmtpClient
{
Host = "smtp.gmail.com", // set your SMTP server name here
Port = 587, // Port
EnableSsl = true,
Credentials = new NetworkCredential("from#gmail.com", "password")
};
But I didn't understand this tutorial SendGrid does not want password just only want mail adress.
var client = new SendGridClient(apiKey);
var msg = new SendGridMessage()
{
From = new EmailAddress("Joe#contoso.com", "Joe Smith"),
Subject = subject,
PlainTextContent = message,
HtmlContent = message
};
msg.AddTo(new EmailAddress(email));
Another question,
If I changed email name ("Joe#contoso.com") and send email, The message sends by Joe. If I change the email address to microsoft, it sends email on behalf of microsoft why ?.
From = new EmailAddress("Joe#contoso.com", "Joe Smith"),
or
From = new EmailAddress("Joe#microsoft.com", "Microsoft"),
Okay I know SendGridKey stores SendGrid Api key but what does "SendGridUser" do ?
public class AuthMessageSenderOptions
{
public string SendGridUser { get; set; }
public string SendGridKey { get; set; }
}
Thanks.
The API key that you're using to connect is unique to you. This is why it should be kept secret. Sendgrid identifies you through the API key instead of an email/password combination.
I'm trying to connect to ActiveMQ Amazon broker via SSL. My application is written in C#.
Previously, I connected via TCP to localhost ActiveMQ broker, which worked:
using Apache.NMS;
using Apache.NMS.ActiveMQ;
using Apache.NMS.ActiveMQ.Commands;
void Connect()
{
String brokerUri = "activemq:tcp://" + host + ":" + port + "? transport.useLogging=true&wireFormat.maxInactivityDuration=0&userName=myUsername&password=myPassword";
NMSConnectionFactory factory = new NMSConnectionFactory(brokerUri);
IConnection connection = factory.CreateConnection();
connection.Start();
}
To connect to ActiveMQ Amazon broker via SSL, I have modified the code in the following way:
void Connect()
{
String brokerUri = "ssl://" + host + ":" + port + "? transport.useLogging=true&wireFormat.maxInactivityDuration=0&userName=myUsername&password=myPassword";
SslTransportFactory transportFactory = new SslTransportFactory();
Uri uri = new Uri(brokerUri);
ITransport transport = transportFactory.CreateTransport(uri);
transport.Command = Command;
transport.Exception = Exception;
transport.Start();
ConnectionFactory factory = new ConnectionFactory(brokerUri);
IConnection connection = factory.CreateConnection();
Connection con = (Connection)connection;
con.ITransport = transport;
con.Start(); => Here the exception is thrown: User name [null] or password is invalid.
}
private void Exception(ITransport sender, Exception command)
{
}
private void Command(ITransport sender, Command command)
{
}
However, upon starting the connection, User name [null] or password is invalid. Exception is thrown.
Please advise.
You're currently passing user credentials via the URI. However, I don't see any reference to username or password in the URI reference documentation. Also, the fact that the exception indicates the user name is null indicates the user credentials in your URI are simply being ignored.
Instead you should pass the user credentials in the CreateConnection method as documented here, e.g.:
IConnection connection = factory.CreateConnection("myUsername", "myPassword");
We have been using Amplify and Cognito to register our users for an Angular6 application deployed to Lambda. The client wanted to transition from email to username as primary user identification. So we created a new user pool / client. I don't have visibility into the configuration settings, I was simply given new user pool, identity pool, and client id's. Then I changed the code for application signup to look like this:
return from(Auth.signUp({
'username': username, // was email
'password': password,
attributes: { // added these
'email': email,
'phone_number': phone_number,
'family_name': name,
'birthdate': DOB,
'custom:last_4_ssn': SSN // custom attribute
}}));
The response I'm getting with no other changes made is: Unable to verify secret hash for client. Google claims the problem is that secretAccess is currently an unsupported configuration, but the guy who has access to these services swears to me that nowhere is secretAccess configured in our setup.
I apologize for not having access to the configuration, but is there any other possible reason to receive this error?
That error is probably originating from the fact that the app client you are connected to has an associated secret key. When you create a user pool app client, it generates a secret by default:
Right now, with React-Native Amplify you have to use an app client that does not have a secret key generated. So when you create a new app client with your desired attributes, make sure the "Generate client secret" box is unchecked.
The solution is to pass secret_hash along with the adminAuthInitiate Request. And to calculate the secret hash you can use the following method:
public static String calculateSecretHash(String userPoolClientId, String userPoolClientSecret, String userName) {
final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
SecretKeySpec signingKey = new SecretKeySpec(
userPoolClientSecret.getBytes(StandardCharsets.UTF_8),
HMAC_SHA256_ALGORITHM);
try {
Mac mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
mac.init(signingKey);
mac.update(userName.getBytes(StandardCharsets.UTF_8));
byte[] rawHmac = mac.doFinal(userPoolClientId.getBytes(StandardCharsets.UTF_8));
return Base64.getEncoder().encodeToString(rawHmac);
} catch (Exception e) {
throw new RuntimeException("Error while calculating ");
}
}
How to Pass Secret_Hash
Map<String, String> authParams = new HashMap<>(2);
authParams.put("USERNAME", <username>);
authParams.put("PASSWORD", <password>);
authParams.put("SECRET_HASH", calculateSecretHash(cognitoClientId, cognitoClientSecret, <username>));
AdminInitiateAuthRequest authRequest = new AdminInitiateAuthRequest()
.withClientId(userPool.getClientId()).withUserPoolId(userPool.getUserPoolId())
.withAuthFlow(AuthFlowType.ADMIN_NO_SRP_AUTH).withAuthParameters(authParams);
AdminInitiateAuthResult result = cognito.adminInitiateAuth(authRequest);
auth = result.getAuthenticationResult();
I am new to LDAP authentication. I want to authenticate the users with their LDAP credentials.
For that I got the application credential from server so that I can authenticate other users.
My credential as application user are as:
Test LDAP Server IP: xx.xx.xx.xx
Port: 389
Bind DN:uid=uidxx,ou=applications,dc=dcxx
password: passxx
For authenticating the this user, I have written the code as
public String ldap()
{
String value=null;
SearchControls constraints= new SearchControls();
Hashtable<String, String> env= new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldap://xx.xx.xx.xx:389");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,"uid=uidxx, ou=applications, dc=dcxx");
env.put(Context.SECURITY_CREDENTIALS,"passxx");
try {
DirContext ctx = new InitialDirContext(env);
value = "Done with it";
}
catch(AuthenticationException e)
{
value = "Invalid User name or password";
}
catch (NamingException e) {
e.printStackTrace();
value = "Exception occurred";
}
return value;
}
I got return value as "Done with it"
Now i want to authenticate other user whose mail id and password is known to me.
Its like i want authenticate other users using their mailid, password, and for that i got uidxx and passxx to authenticate them.
How should i do that?
Not getting much help from the other sources.
Thank you
When authenticating against LDAP common work flow is
Bind to LDAP using credentials you have. This user have to have at least read-only access to subtree with users. Often it is ou=People, ou=Domain, dc=com or similar.
Query LDAP server for user's DN (here is where ANR might be useful)
Try to bind to LDAP using user's DN and password supplied to your application
This works because it is very common to give every user RW rights to his object in database. Very useful if you want user to be able to change their own password.