Upgrading RavenDB from build 2910 to 3599 breaks API key authentication - ravendb

I have just upgraded my production database from build 2910 to build 3599 and it appears that the API Key authentication that was working previously is now broken.
Anonymous access is working when I go to studio without an API key because anonymous access is turned on. Before, if I attempted to connect to studio without an API key I'd get an Unauthorized error. Now, when I attempt to set AnonymousAccess to None then I get an "unauthorized" error although I'm passing the key that worked previously, before my upgrade.
In addition, other clients seem to be using the database fine (all CRUD operations) and it just seems to be studio.
Are there new settings I may be missing in the web.config (running in IIS mode)?
UPDATE
I am able to disable anonymous access and access the new Raven HTML 5 studio with my API key and a properly formatted URL. Is the Silverlight studio client broken in 3.0?

Related

How to implement rfc7662 in .Net Core (Token Introspection for resource servers to obtain information about access tokens.)

I need to implement rfc7662 in Microsoft .Net Core 7 Web API. Is there a library/dependency from Microsoft that provides this functionality?
I found IdentityModel.AspNetCore.OAuth2Introspection but I'm having trouble getting it to work. I get 500 errors and I'm not able to identify the root cause.
Note: It's not JWT Authentication!
I found IdentityModel.AspNetCore.OAuth2Introspection but I'm having trouble getting it to work. I get 500 errors and I'm not able to identify the root cause.

ASP.NET Core Microsoft authentication callbackpage page not found

I have implemented Microsoft authentication using IIS Express and everything worked as expected (like the one from https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-5.0).
However after I publish it to IIS, when a user tries to access the application, instead of the Microsoft login page, I get a page with the message
No webpage was found for the web address: <redirecturl>?code=...
I should mention that there is no other way to login. Only the Microsoft one has to be supported.
After further investigation I found out from where the problem was.
The server was protected and the IIS did not have access to the internet and a proxy was required. Hence the reason on IIS Express was working on the development machine but on the server IIS did not.

Identity server 4 with .Net core

I am trying to use Identity server with .Net Core 2.0 and I am following this guide for that: http://docs.identityserver.io/en/release/quickstarts/6_aspnet_identity.html
I created the Identity server application as per the above link and hosted with 5000 port and also registered a user.
I took client application from the samples and when I click on Secure, it is showing me the Login page of the application which is hosted on 5000 but after clicking on Login nothing is happening.
It is throwing 404 error. Can anyone suggest what am I missing?
As determined in the comments, you need to add Consent related code to your project. The docs are here and sample codebase in QuickStarts is here.

ASP.NET Core 2.0 site POST request resulting in 404 on Azure

I've just upgraded an ASP.NET Core 1.1 web application to 2.0 and tested without issue locally. However, when the site is deployed to Azure a POST request that worked locally results in a 404 (I guess this could be the same for all POST requests, but I'm unable to log-in due to the issue).
Any ideas why this might fail to be working when deployed to Azure but working perfectly when run through IIS Express locally?
I deleted the original deployment slot on Azure and re-created as initially deploying over the slot mixed old 1.1 DLL's with the newer 2.0 DLL's and prevented the site working at all.
Seems I was caught out by poor handling of errors by my web application. I'd assumed that app.UseExceptionHandler("/Error") (I default my HomeController to not require the leading "Home" for /Home/Error) in Startup.cs would redirect to an error page, but for me it is not.
My underlying issue was a database connection error that caused the POST controller method to fail. I was caught out by the response returning a 404 rather than an error status.
I will need to investigate how error handling works in more detail for ASP.NET Core it seems.

Authorization forbidden when using Orbeon eXist DB REST API

I'm new to Orbeon 4.1 and I'm trying to query the Orbeon eXist DB from an external application.
When I query for a form instance I keep getting a "not authorized" error. For example:
GET request:
http://localhost:8080/orbeon/exist/rest/db/orbeon/fr/test-app/test-form/data/9b9b4f73af642fe042ec4cf7b4f03c64fa15fbd4/data.xml
Response:
HTTP Error 403 (Forbidden): The server refused to fulfill the request.
Any ideas what I might be doing wrong?
EDIT:
I ended up installing eXist-db as a stand-alone webapp. Now I can query the eXist-db REST API directly and everything seems to be working fine.
This is because since version 4, services are protected by default, as you most likely don't want your users to be able to access eXist or the persistence services. You can open those services again, but instead, it is better to setup an authorization service, and have whoever calls the services authenticate itself.