I am using the PayPal .Net SDK (got it from github) in my Asp.Net MVC5 web application. Everything worked well while testing in the sandbox environment. Everything is stored in the web.config file:
<settings>
<add name="mode" value="sandbox"/>
<add name="connectionTimeout" value="360000"/>
<add name="requestRetries" value="1"/>
<add name="clientId" value="my rest app sandbox client id"/>
<add name="clientSecret" value="my rest app sandbox client secret" />
</settings>
What I have done for going live is getting the live credentials of the REST App from the paypal developer portal. I then chnaged the web.config settings to:
<settings>
<add name="mode" value="live"/>
<add name="connectionTimeout" value="360000"/>
<add name="requestRetries" value="1"/>
<add name="clientId" value="my rest app live client id"/>
<add name="clientSecret" value="my rest app live client secret" />
</settings>
When I run my web application in the live mode, it fails when calling the oAuth token generation:
string clientRequestsToken = payPalTAuthToken.GetAccessToken();
I am getting an IdentityException while the line of code above is executed.
Am I missing something ? do I need to configure anything else for going live with the PayPal REST APIs ?
I have read that when using the Classic APIs, a certificate needs to be generated and installed on the consumer server to encrypt the credentials, but I would assume this is only relevant for the Classic APIs, not for the REST APIs.
Thx for your help !
Sam
You could find information about moving from sandbox to live over here:
https://github.com/paypal/PayPal-NET-SDK/wiki/Frequently-Asked-Questions#how-do-i-target-the-live-or-sandbox-paypal-services
We are adding more and more FAQs to help developers resolve issues faster. Let us know, or update yourself, if you have any FAQ, that you want answered, or help us answer.
Related
Hoping someone can help maybe please?
I have a web app created using ASP.Net Core 2.2 Razor pages.
When the project was created the Auth was selected as part of the project creation.
When published to production, and when logged in, the session sometimes only lasts seconds before effectively dying and logging you out.
It is on shared hosting but has a dedicated app pool (which i read somewhere it would maybe need).
I have tried both of the following in web.config of the published app but makes no difference (both were found in various place in Google searches).
<system.web>
<sessionState timeout="300" mode="InProc" />
</system.web>
And also
<system.web>
<sessionState mode="StateServer" stateConnectionString="tcpip=loopback:42424" cookieless="false" timeout="300" />
</system.web>
Any information greatly appreciated.
I have an ASP MVC 4 application which uses a 3rd party HTTP module for security. When using Windows authentication it will attempt to automatically log you in, if that fails, then it will redirect you to a custom login page.
This has been working fine for previous ASP Webforms and MVC 2-4 applications, but for this particular application it is failing to automatically log the user in.
The application's virtual directory has all of the authentication modes disabled (anonymous etc) except for Windows authentication which is enabled. I have also checked that the provider is Negotiate and NTLM.
The web.config is a pretty standard one that you get from the MVC template and I have tried various web.config changes to system.web and system.webServer (and changing app pool's pipeline mode) such as:
<system.web>
<authentication mode="Windows"/>
and also adding
<authorization>
<allow users="*" />
<deny users="?" />
</authorization>
But in each case the security module cannot get the user name. The module attempts to get the user name via HttpContext.Current.Request.ServerVariables["REMOTE_USER"], but I have also modified it to use HttpContext.Current.User.Identity.Name and in both cases it is blank.
Since this module has been working fine for years and still works for other applications on the same server, I believe it is an IIS or Web.config configuration issue. I have tried creating a new virtual directory and it has the same error.
Is there any additional configuration required or another reason why it is not working for this particular application?
The solution was to add the following to my the appSetting section in my web.config
<add key="autoFormsAuthentication" value="false" />
<add key="enableSimpleMembership" value="false"/>
</appSettings>
This is the first time that I have needed to add such a thing, so I am not sure why it is necessary, but it does work.
I have a simple REST Web Service. I have tried to implement SimpleWebToken security therefor I created a custom SecurityTokenHandler with overridden CanreadToken and ReadToken then I registered it in web.cofig file.
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<clear/>
<add type="TestTokens.SimpleWebTokenHandler, TestTokens"></add>
</securityTokenHandlers>
<audienceUris>
<clear/>
<add value="http://mytestrealm/"/>
</audienceUris>
</identityConfiguration>
I thought that CanReadToken() is always called, in order to make sure that the incoming request can be handled.
Why it is not called?
IFAIK, this collection of security handlers is only called when the WIF plumbing needs it. This can be p.e. when you offer a WS-Trust service. It is not called on all requests.
That is correct, WIF plumbing can be used to authenticate users. It looks like you are looking for more of a WebAPI solution. I would recommend using Jwt tokens as everyone seems to be leaning that way. Have a look here:
http://www.cloudidentity.com/blog/2013/06/06/the-json-web-token-handler-for-net-4-5-reaches-ga/
We put in some features that help when validating jwt's for WebAPI's.
I am hosting a SL4 application using WCF RIA services on IIS6 and I am using windows authentication. Log is something like:
/.../ClientBin/NameOfWebApp-AuthenticationDomainService.svc/binary/GetUser ... 404 0 2
Having previously set up this application on another 2003 server succesfully, I had the experience to configure .NET Framework 4. I mean I used "aspnet_regiis", "servicemodelreg", "httpcfg", etc. I have even created a new web site afterwards to make sure everything is in place. In fact, when I try to access my actual domain service using web browser, everything is working. So I believe WCF is correctly set up. I checked:
web service extensions for .net framework v4 is allowed
.svc extension is configured to v4 aspnet_isapi.dll
anonymous access is disabled, only integrated windows authentication is enabled as at most one authentication scheme is allowed.
I can't see the reason why it is working on one server and not working on another. The fact is, I am going to make this installation on another critical production server and I have to make sure there are no surprises.
Do you have any ideas?
Additional info:
I guess since WCF is working in general, there is a problem with domain service host which handles service calls without svc files. I have the following settings already in my web.config:
<system.web>
<httpModules>
<add name="DomainServiceModule" type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule, System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"/>
</httpModules>
</system.web>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="DomainServiceModule"
preCondition="managedHandler"
type="System.ServiceModel.DomainServices.Hosting.DomainServiceHttpModule,
System.ServiceModel.DomainServices.Hosting, Version=4.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</modules>
</system.webServer>
Has anyone solved this issue with IIS6?
I am destined to answer my own questions. Having .svc extension set to use aspnet_isapi.dll is not enough, Verify that file exists setting should not be checked. That is what DomainServiceModule is for.
i'm trying to secure some WCF services. I'd like to use IIS or the Web.config todo all of the heavy lifting/configuration if possible. I don't want to embed anything in my code - thought I know that may not be feasible. If possible, I'd like to achieve this without having to resort to AspCompatibilityMode :(
I'm using a custom BasicHttp binding with TransportCredential enabled.
This works fine. Any valid domain or machine account seems to validate against the service.
My problem is I only want users from specific windows groups to be able to access my service. I wanted to use ACLs on the actual folders to achieve this, but I don't think it is possible.
Would appreciate your help!
Thanks
TM
In your web.config try the following:
<authentication mode="Windows" />
<identity impersonate="false" />
<authorization>
<allow users="MYDOMAIN\YourGroup" />
<deny users="*" />
</authorization>
This will block it at the web config level. You can also put an ACL on your folder. Note the Windows authentication and the impersonate = false means that it is the users credentials that are being used to access the directory.