I have configured authorization via certificate. When I use NamespaceManager to GetSubscription works fine, but when I try execute any method from MessagingFactory I receive System.UnauthorizedAccessException.
string connectionString = CloudConfigurationManager.GetSetting("Microsoft.ServiceBus.ConnectionString");
var namespaceManager = NamespaceManager.CreateFromConnectionString(connectionString);
SubscriptionDescription subscriptionDescription = namespaceManager.GetSubscription("testTopic", "testSubscription"); // executed properly
var messagingFactory = MessagingFactory.CreateFromConnectionString(connectionString);
var exist = namespaceManager.TopicExists("TestTopic"); // throws exception
Stack trace:
System.UnauthorizedAccessException was unhandled
HResult=-2147024891
Message=The remote server returned an error: (401) Unauthorized. Authorization failed for specified action: Manage..TrackingId:d8648c5a-5185-41c8-b787-72332403b7d9_*******,TimeStamp:2014-07-14 08:34:22
Source=Microsoft.ServiceBus
What's the matter?
For use NamespaceManager you must be in ManageUsers in Service Bus Namespace. To add user to existing namespace you can use ps Set-SBNamespace
You must be in the ManageUsers list in Service Bus Namespace or have the Authorization rule that gives you the Manage right on the Topic that you are getting the subscriptions for.
Related
Using NLog webservice target
https://github.com/nlog/NLog/wiki/WebService-target
I am getting a 401 when the target api is using windows auth.
Error Error when sending to Webservice: ws Exception: System.Net.WebException: The remote server returned an error: (401) Unauthorized.
If I allow anonymous, it all works
Im trying to use impersonation in the call to the logging step. However, the above exception is generated in the NLog internal log file (i turned that on).
if (user.ImpersonateValidUser())
{
try
{
Logger logger = LogManager.GetCurrentClassLogger();
LogEntry l = new LogEntry()
{
AppName = "MyTestController",
LoggedOnDate = DateTime.Now,
LogMessage = "this is a test",
LogType = 1,
ServerName = "dev-test3"
};
logger.Error(l);
}
}
How can I call a webservice target that uses windows auth?
Unfortunately the Webservice target isn't supporting authentication. You could use the LogReceiverService target, see also How can I enable Security in LogReceiverService (NLog)
i'm trying to send message with the RMSPushNotificationsBundle with gcm Android.
I'm getting this error:
Uncaught exception 'RuntimeException' with message 'OS type rms_push_notifications.os.android.gcm not supported'
It's about to add an handler, in the class Notifications when sending a message :
$notifPush = new RMS\PushNotificationsBundle\Service\Notifications();
use RMS\PushNotificationsBundle\Message\AndroidMessage;
$message = new AndroidMessage();
$message->setMessage('oh it\s a new Week');
$message->setDeviceIdentifier('xxxxxxx');
$message->setGCM(true);
$notifPush->addHandler('android','gcm');
$notifPush->send($message);
When you're using it with symfony as a bundle the handlers are added automatically if you've configured the os in the config.yml (see docs).
If not, there's a handler class for every OS; you need to instantiate, configure and add it.
Example:
$iosHandler = new \RMS\PushNotificationsBundle\Service\OS\AppleNotification(ADD_CONFIG_PARAMS_HERE);
$notifPush->addHandler('rms_push_notifications.os.ios', $iosHandler);
Scenario is a Silverlight client using Wcf service & custom authentication. To mitigate the 500/200 status code problem (avoid EndPointNotFound exception) I've applied the SilverLightFaultBehaviour. However, this does not work with UserNamePasswordValidator - When a FaultException is thrown from Validate(), it is not caught by the SilverLightFaultMessageInspector's implementation of BeforeSendReply.
So far, the only workaround I've found is using the alternative client stack instead ( WebRequest.RegisterPrefix("http://", WebRequestCreator.ClientHttp);), but there are complications with using it which can no longer be ignored as a lot of our clients are on virtual machines, the silverlight client keeps crashing ( Silverlight 5 - Debugging npctrl.dll crash , http://communities.vmware.com/thread/394306?tstart=0 ).
My primary motivation is that I want to be able to distinguish a failed login from a connection error (the following code is from a client-side async callback method, and only works with the Client stack):
if (e.Error is MessageSecurityException)
{
this.HasLoginFailed.Value = Captions.Login_FailedLogin;
}
else
{
this.HasLoginFailed.Value = Captions.Login_FailedConnection;
}
Is there any other way of modifying the message sent when throwing a FaultException from UserNamePasswordValidator? Or any conceptually different way of doing custom authentication rather than what I am using which enables me to modify the message status or to keep it 200, or just to be able to distinguish a connection failure from bad credentials?
my server-side code for usernamepassword reg:
var serviceCredential = host.Description.Behaviors.Find<ServiceCredentials>();
serviceCredential.UserNameAuthentication.UserNamePasswordValidationMode =
UserNamePasswordValidationMode.Custom;
serviceCredential.UserNameAuthentication.CustomUserNamePasswordValidator =
new MyValidator();
When you throw a FaultException from MyValidator, it is wrapped as the InnerException of a MessageSecurityException, that's probably why you weren't able to catch it directly as a FaultException.
To add some information to the fault you are throwing, what you can do is adding a FaultCode:
throw new FaultException(
"Invalid user name or bad password.",
new FaultCode("BadUserNameOrPassword")
);
Then, catch the exception client-side and retrieve your FaultCode:
try { ... }
catch (MessageSecurityException e)
{
FaultException fault = (FaultException) e.InnerException;
String faultCode = fault.Code.Name;
// you can now display a meaningful error with the faultCode
}
I hope it will help!
I am loosely following the method in WCF The Right Way ... The Manual Way to setup my WCF Service.
I have a manually generated proxy class that looks like this:
// Setup a client so we can call our web services.
public class EmployeeClient :IEmployeeService
{
private readonly IEmployeeService EmployeeChannel;
public EmployeeClient(Binding binding, string address)
{
var endpointAddress = new EndpointAddress(address);
EmployeeChannel = new ChannelFactory<IEmployeeService>
(binding, endpointAddress).CreateChannel();
}
public EmployeeResponse SaveOrUpdateEmployee(EmployeeContract employee)
{
return EmployeeChannel.SaveOrUpdateEmployee(employee);
}
}
I then want to call some of these services. But I don't want to use any config files (I am setting up some integration tests and I don't want more dependencies than needed.)
I am currently trying to call them like this:
serviceHost = SelfServiceHost.StartupService();
employeeClient = new EmployeeClient(new BasicHttpBinding(),
SelfServiceHost.StartUpUrl);
EmployeeResponse employeeResponse = employeeClient.SaveOrUpdateEmployee(emp);
When I do that I am getting this exception:
System.ServiceModel.ProtocolException: Content Type text/xml; charset=utf-8 was not supported by service http://localhost:8090/EmployeeService. The client and service bindings may be mismatched. ---> System.Net.WebException: The remote server returned an error: (415) Cannot process the message because the content type 'text/xml; charset=utf-8' was not the expected type 'application/soap+xml; charset=utf-8'..
What do I need to do to get a call to my service working with code only?
From what you dessribe the binding is not configured in a compatible way.
I suspect that the WCF host has wsHttpBinding and your client-side has BasicHttpBinding or similar...
see http://social.msdn.microsoft.com/forums/en-US/wcf/thread/f29cd9c8-3c89-43d2-92ae-d2a270ab86b9/
Near the bottom of this article (MSDN) in a section entitled "The following code example demonstrates how to use delegation." where MSDN shows an example of how to perform delegation. I have tried to take this example and apply it to my code. In my situation, I have a client app (WCFTestClient), a middle service and a back end service. The goal is is to have the client execute a WCF exposed method on the middle service which in turn calls another method on the back end service. I'm trying to get the identity of the execution on both middle service and back end service to be that of the user executing the client:
Client ----> Middle Service ----> Back End Service.
Here is the exception that occurs on the "channel.PreparePolicy" invocation:
Could not load file or assembly 'System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' or one of its dependencies. Either a required impersonation level was not provided, or the provided impersonation level is invalid. (Exception from HRESULT: 0x80070542)
Here is my code, taken most directly from the example. I did add one line that differs from the MSDN example in my attempt to debug channelFactory.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Delegation;
but to no effect.
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public void PreparePolicy(string requestGuid, string policyName, ulong version)
{
WindowsIdentity callerWindowsIdentity = ServiceSecurityContext.Current.WindowsIdentity;
if (callerWindowsIdentity == null)
{
throw new InvalidOperationException
("The caller cannot be mapped to a Windows identity.");
}
using (callerWindowsIdentity.Impersonate())
{
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Message;
Uri uri = new Uri(String.Format("net.tcp://{0}:{1}/App", "10.192.12.159", 8080));
EndpointAddress backendServiceAddress = new EndpointAddress(uri);
ChannelFactory<Service> channelFactory = new ChannelFactory<Service>(binding, backendServiceAddress);
channelFactory.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Delegation;
Service channel = channelFactory.CreateChannel();
channel.PreparePolicy("alkdjf", policyName, version);
}
}
I was using the WCFTestClient as my client in this scenario. Turns out its not enabled to allow delegation. I wrote my own client and enabled it for delegation and everything worked fine.