Getting .NET Client to recognize authentication session cookie - authentication

I am using "RememberMe=true", and would like my service client to re-use the open session if it's available. I got the bulk of the code from the link below - this code works but authentication fails every time at first and re-authenticates. Do I have to send the ss-pid cookie somehow?
One more note: this is a WinForms client accessing my servicestack service.
ServiceStack JsonServiceClient OnAuthenticationRequired
My code
Private Shared _UserName As String = "xxxxx"
Private Shared _Password As String = "yyyyy"
Private Shared _clientAuthenticationRequested As New Action(Of WebRequest)(AddressOf InteractiveAuthentication)
Public Shared ReadOnly Property ServiceClient() As JsonServiceClient
Get
If _serviceClient Is Nothing Then
_serviceClient = New JsonServiceClient(ServiceContext.ServiceUrl)
_serviceClient.OnAuthenticationRequired = _clientAuthenticationRequested
_serviceClient.UserName = _UserName
_serviceClient.Password = _Password
//service requiring authentication
Dim v = _serviceClient.Get(Of Tonto.Svc.Model.AppConstants)(
New Tonto.Svc.Model.AppConstants())
End If
Return _serviceClient
End Get
End Property
Private Shared Sub InteractiveAuthentication(sourcerequest As System.Net.WebRequest)
Dim v = _serviceClient.Send(Of ServiceStack.AuthenticateResponse)(
New ServiceStack.Authenticate() With {
.UserName = _UserName,
.Password = _Password,
.RememberMe = True})
End Sub

You can't have the client remember your session between the creation of clients out of the box. The RememberMe option will not work here, as the client does not have a persistent cookie store like a web browser.
You can however access the cookie store of the client, after you have authenticated then read the session value cookie, and restore it in future client instances. Essentially you provide the persistence layer.
Sorry it's c# not VB. But I think the concept should be clear enough.
var host = "http://localhost:9001";
JsonServiceClient client = new JsonServiceClient(host);
// Authenticate with the service
client.Post(new Authenticate { UserName = "test", Password = "password" });
// Read the session cookie after successfully authenticating
var cookies = client.CookieContainer.GetCookies(new Uri(host));
var sessionCookieValue = cookies["ss-id"].Value;
// Store the value of sessionCookieValue, so you can restore this session later
client = null;
So if you were to save the ss-id value to a file, you can restore the value when the application is started, then add it back into the client's cookie store before making requests.
// Another client instance ... we will reuse the session
JsonServiceClient anotherClient = new JsonServiceClient(host);
// Restore the cookie
anotherClient.CookieContainer.Add(new Cookie("ss-id", sessionCookieValue, "/", "localhost"));
// Try access a secure service
anotherClient.Get(new TestRequest());

Related

Hangout OAuth - Invalid Scope : Some requested scopes cannot be shown

I am facing the below error while generating token for service account for the Hangout Scope - https://www.googleapis.com/auth/chat.bot.
Where i receive 400 response code after making a post request to this url -
https://www.googleapis.com/oauth2/v4/token
the params are
Content-Type:application/x-www-form-urlencoded
httpMode:POST
body:grant_type=jwt-bearer&assertion=assertion-token
Note:This was completely working fine. Suddenly am facing this issue.
cross verified: jwt generation,service_account_id and etc...
Error Response : { "error": "invalid_scope", "error_description": "Some requested scopes cannot be shown": [https://www.googleapis.com/auth/chat.bot]}
code for generating assertion:
//FORMING THE JWT HEADER
JSONObject header = new JSONObject();
header.put("alg", "RS256");
header.put("typ", "JWT");
//ENCODING THE HEADER
String encodedHeader = new String(encodeUrlSafe(header.toString().getBytes("UTF-8")));
//FORMING THE JWT CLAIM SET
JSONObject claimSet = new JSONObject();
claimSet.put("iss","123#hangout.iam.gserviceaccount.com");
claimSet.put("sub","one#domain.com");
claimSet.put("scope","https://www.googleapis.com/auth/chat.bot");
claimSet.put("aud","https://oauth2.googleapis.com/token");
long time = System.currentTimeMillis() / 1000;
claimSet.put("exp",time+3600);
claimSet.put("iat",time);
//ENCODING THE CLAIM SET
String encodedClaim = new String(encodeUrlSafe(claimSet.toString().getBytes("UTF-8")));
//GENERATING THE SIGNATURE
String password = "secretofkey", alias = "privatekey";
String signInput = encodedHeader + "." + encodedClaim;
Signature signature = Signature.getInstance("SHA256withRSA");
String filepath = "/check/PrivateKeys/hangoutPKEY.p12";
KeyStore kstore = KeyStore.getInstance("PKCS12");
fis = new FileInputStream(filepath);
kstore.load(fis, password.toCharArray());
KeyStore.PrivateKeyEntry pke = (KeyStore.PrivateKeyEntry) kstore.getEntry(alias, new KeyStore.PasswordProtection(password.toCharArray()));
PrivateKey pKey = pke.getPrivateKey();
signature.initSign(pKey);
signature.update(signInput.getBytes("UTF-8"));
String encodedSign = new String(encodeUrlSafe(signature.sign()), "UTF-8");
//JWT GENERATION
String JWT = signInput + "." + encodedSign;
String grant_type = URLEncoder.encode("urn:ietf:params:oauth:grant-type:jwt-bearer");
reqBody = "grant_type=" + grant_type + "&assertion=" + JWT;
public static byte[] encodeUrlSafe(byte[] data) {
Base64 encoder = new Base64();
byte[] encode = encoder.encodeBase64(data);
for (int i = 0; i < encode.length; i++) {
if (encode[i] == '+') {
encode[i] = '-';
} else if (encode[i] == '/') {
encode[i] = '_';
}
}
return encode;
}
Does anyone have any idea, where am going wrong?
Short answer:
You are trying to use domain-wide authority to impersonate a regular account. This is not supported in Chat API.
Issue detail:
You are using the sub parameter when building your JWT claim:
claimSet.put("sub","one#domain.com");
Where sub refers to:
sub: The email address of the user for which the application is requesting delegated access.
I noticed that, if I add the sub parameter to my test code, I get the same error as you.
Solution:
Remove this line from your code in order to authorize with the service account (without impersonation) and handle bot data:
claimSet.put("sub","one#domain.com");
Background explanation:
Chat API can be used for bots to manage their own data, not to manage end-user data. Therefore, you can only use a service account to act as the bot, without impersonating an end-user.
From this Issue Tracker comment:
At the present moment, Chat API can only be used to manage bot-related data (listing the spaces in which the bot is included, etc.). Using domain-wide delegation to manage regular users' data is not currently possible.
Feature request:
If you'd like to be able to access regular users' data with your service account and domain-wide delegation via Chat API, you are not alone. This feature has been requested before in Issue Tracker:
Accessing the Google Chats of regular users using domain-wide delegated permission and service account credentials
I'd suggest you to star the referenced issue in order to keep track of it and to help prioritizing it.
Reference:
Using service accounts
Delegating domain-wide authority to the service account
Preparing to make an authorized API call

Azure AD/Token/Certificates/SQL - I'm lost

I started a company 3 months ago and there is no software (CRM+other business tasks) that meets my needs. Reluctantly I decided to write my own 2 months ago and it is now 80% complete! I've been pointed here to Stack Overflow throughout my journey many times and you guys have been a great help -- first and foremost thank you! I've been able to stay quiet until now...
The problem:
I have connection strings all over the place with SQL Authentication username/password exposed. My business partner is across the country so I need to give him access and open a port etc. I've made the move to Microsoft Azure (all setup with a VPN gateway, VM's are running and linked with Azure AD) to lockdown the environment a bit. I'd like to take full advantage of what it offers and use Active Directory for authentication on login (MFA) and then use the token in my query strings removing the need for a hard coded connection string with username/passwords...
I've done a lot of research and it seems I can accomplish what I want but I can't quite figure it out.
App is written in VB.net and most Microsoft docs on the topic are in C#, requiring edits to the app.xaml.cs file which doesn't exist in vb.net, and even if I got around that piece i'm not sure how to configure the sql connection strings to use the token.
Once I get this out of the way I can get back to finishing the software so I can get on the phone and help us take off before the money runs out! Your help is greatly appreciated!
EDIT :
I'm going this route because from what I've found, I can't use Authentication = Active Directory Integrated in my sql string because my AD is not federated (no on-premise ADFS), Active Directory Password still requires the sql admin setup in Azure to be in the sql string. I looked at key vaults which while doing research led me to registering my app which seems to be exactly what I want and where my questions is derived. Microsoft provides a great example downloadable project but again its in C#...If there is a recommendation on a different option i'm all ears...
EDIT 9/3/19 -- A lot of circling and research...I need to convert this code from c# to vb.net. More information on what the below is and how it is broken down from its creator : https://colinsalmcorner.com/post/configuring-aad-authentication-to-azure-sql-databases
public async Task<string> GetAccessTokenAsync(string clientId, string clientSecret, string authority, string resource, string scope)
{
var authContext = new AuthenticationContext(authority, TokenCache.DefaultShared);
var clientCred = new ClientCredential(clientId, clientSecret); << CAN I MAKE THESE (ClientId, ClientSecret) TIED TO TEXTBOXES FOR USERNAME/PASSWORD ON MY APPLICATION?
var result = await authContext.AcquireTokenAsync(resource, clientCred);
if (result == null)
{
throw new InvalidOperationException("Could not get token");
}
return result.AccessToken; <<WHAT DOES RETURN DO HERE?
}
AND
public async Task<SqlConnection> GetSqlConnectionAsync(string tenantId, string clientId, string clientSecret, string dbServer, string dbName)
{
var authority = string.Format("https://login.windows.net/{0}", tenantId);
var resource = "https://database.windows.net/";
var scope = "";
var token = await GetTokenAsync(clientId, clientSecret, authority, resource, scope);
var builder = new SqlConnectionStringBuilder();
builder["Data Source"] = $"{dbServer}.database.windows.net";
builder["Initial Catalog"] = dbName;
builder["Connect Timeout"] = 30;
builder["Persist Security Info"] = false;
builder["TrustServerCertificate"] = false;
builder["Encrypt"] = true;
builder["MultipleActiveResultSets"] = false;
var con = new SqlConnection(builder.ToString());
con.AccessToken = token;
return con;
}
I can understand that you want to use Azure AD access token to connect to Azure SQL DB. Based on the docs you provided and my own research , for now, we can use Azure AD service principle to get access token to connect to Azure SQL only.
I believe you have did some research on it already and find the codes to implement it using C# SDK. However there is no VB.net code sample to do it which confused you .
Honestly , I am not so familiar with VB.net , but I still implemented a demo to do that for you , pls refer to the code below :
Imports System.IO
Imports System.Net
Imports System.Text
Module Module1
Sub Main()
Dim tenant = ""
Dim client_id = ""
Dim username = ""
Dim password = ""
Dim client_secret = ""
Dim sqlserverName = ""
Dim dbname = ""
Dim dbConn = New SqlClient.SqlConnection
dbConn.ConnectionString = "Data Source=" + sqlserverName + ".database.windows.net;Initial Catalog=" + dbname + ";Connect Timeout=30"
dbConn.AccessToken = getAccessToken(tenant, client_id, client_secret, username, password)
Console.WriteLine("User: " + username)
Console.WriteLine("access token value:" + dbConn.AccessToken)
dbConn.Open()
Dim sqlQuery = "select ##version"
Dim Result = New SqlClient.SqlCommand(sqlQuery, dbConn).ExecuteScalar()
Console.WriteLine("query result from Azure SQL : " + Result.ToString)
Console.ReadKey()
End Sub
Function getAccessToken(tenant, client_id, client_secret, username, password) As String
Dim request As HttpWebRequest
request = HttpWebRequest.Create("https://login.microsoftonline.com/" + tenant + "/oauth2/token")
request.Method = "POST"
request.ContentType = "application/x-www-form-urlencoded"
Dim requestBody =
"grant_type=client_credentials" +
"&client_id=" + client_id +
"&client_secret=" + WebUtility.UrlEncode(client_secret) +
"&username=" + WebUtility.UrlEncode(username) +
"&password=" + WebUtility.UrlDecode(password) +
"&resource=https%3A%2F%2Fdatabase.windows.net%2F"
Dim encoding As New UTF8Encoding
Dim byteData As Byte() = encoding.GetBytes(requestBody)
request.ContentLength = byteData.Length
Dim postreqstream As Stream = request.GetRequestStream()
postreqstream.Write(byteData, 0, byteData.Length)
postreqstream.Close()
Dim result = request.GetResponseAsync().GetAwaiter().GetResult()
Dim result_str = New StreamReader(result.GetResponseStream()).ReadToEnd
Dim tokenResp As TokenResponse = Newtonsoft.Json.JsonConvert.DeserializeObject(Of TokenResponse)(result_str)
Return tokenResp.access_token
End Function
Public Class TokenResponse
Public Property token_type As String
Public Property expires_in As String
Public Property ext_expires_in As String
Public Property expires_on As String
Public Property not_before As String
Public Property resource As String
Public Property access_token As String
End Class
End Module
Pls refer to the steps below to create associated Azure AD apps and fill all params to run it :
Creating a Azure AD app in your tenant ,type its name and click register directly, in my case , the app name is DBadmin:
Note its application ID :
Creating a client secret for this app and note the secret :
Adding Azure SQL user login permission to this app :
Grant permission as an admin:
Go to "Groups" blade ,create an Azure AD group , adding the app we just created at same time :
Go to the Azure SQL server that you want to access , and adding the group we just created in to Azure AD admin of SQL server :
Remember to click save after adding .
Ok, we have done all configs here , just modify the params in code to try to connect to your Azure SQL .
Code result :
Hope it helps . Anyway If you just want to hide connection string in your config file.Key vault should be the best choice for you .

How to new a new access token from a refresh token using vb.net?

I don't know if you can help me understand the right way forward with this issue. I need to provide a little bit of background first.
I have a VB.Net Console Utility that uses the Google V3 Calendar API. This utility has the following process to authenticate:
Private Function DoAuthentication(ByRef rStrToken As String, ByRef rParameters As OAuth2Parameters) As Boolean
Dim credential As UserCredential
Dim Secrets = New ClientSecrets() With {
.ClientId = m_strClientID,
.ClientSecret = m_strClientSecret
}
'm_Scopes.Add(CalendarService.Scope.Calendar)
m_Scopes.Add("https://www.googleapis.com/auth/calendar https://www.google.com/m8/feeds/ https://mail.google.com/")
Try
credential = GoogleWebAuthorizationBroker.AuthorizeAsync(Secrets, m_Scopes,
"user", CancellationToken.None,
New FileDataStore("PublicTalkSoftware.Calendar.Application")).Result()
' Create the calendar service using an initializer instance
Dim initializer As New BaseClientService.Initializer() With {
.HttpClientInitializer = credential,
.ApplicationName = "~~~~~~~~~~"
}
m_Service = New CalendarService(initializer)
rStrToken = credential.Token.AccessToken.ToString()
rParameters.AccessToken = credential.Token.AccessToken
rParameters.RefreshToken = credential.Token.RefreshToken
Catch ex As Exception
' We encountered some kind of problem, perhaps they have not yet authenticated?
Return False
End Try
Return True
End Function
This part of the application process works fine. The data store file gets created and once the user has authenticated it all seems to just work find from there on. The user will be able to update the calendar without any further authenticating on there part.
Now, I also have a part of my MFC (the main application) project that sends emails for the user. This uses the following CkMainManW library.
For the most part that works too. If the user has correctly set up their credentials it is fine. However, if they are using GMail, then I do things slightly differently. This is to avoid the need to have the "Allow third party apps" option to be ticked in the Google account.
So, for GMail users, we send emails like this:
mailman.put_SmtpUsername(strUsername);
mailman.put_OAuth2AccessToken(strGoogleToken);
As you can see, I use the OAuth2AccessToken. This actual value passed is the credential.Token.AccessToken.ToString() value stored from when the user authenticated. Now, I have since understood that this actual token only lasts for one hour. This would explain why some users have to repeatedly run my calendar authentication again to get a new access token.
Clearly, when I do the calendar authentication which uses the data store file, it does something under the hood the avoid the user being asked all the time to authenticate.
Now, I have read this tutorial about using the Chilkat Library for this. I notice now that in the sample code it has a comment:
// Now that we have the access token, it may be used to send as many emails as desired
// while it remains valid. Once the access token expires, a new access token should be
// retrieved and used.
So, with all the background, how do I resolve my issue? So I have a data store file that contains the original access token from when they authorised and a refresh token. This file was created by the VB.Net command line module.
By the sounds of it, the Chilkat routine needs an access token that is valid. So, what is the right way for me to get an updated access token from the refresh token, so that when I send emails it won't fail after an hour?
Update
I am getting myself confused. I changed my code so that it called the DoAuthentification call above to get the refresh token and access token. But I am finding that the actual data store file is not getting revised. The text file is not being revised.
I have to revoke access and then do the authentication to get the data store file revised. And it is only once it has been revised that the access token will work for sending emails.
I think I have found the solution. I saw this answer:
https://stackoverflow.com/a/33813994/2287576
Based on the answer I added this method:
Private Function RefreshAuthentication(ByRef rStrAccessToken As String, ByRef rStrRefreshToken As String) As Boolean
Dim parameters As New OAuth2Parameters
With parameters
.ClientId = m_strClientID
.ClientSecret = m_strClientSecret
.AccessToken = rStrAccessToken ' Needed?
.RefreshToken = rStrRefreshToken
.AccessType = "offline"
.TokenType = "refresh"
.Scope = "https://www.googleapis.com/auth/calendar https://www.google.com/m8/feeds/ https://mail.google.com/"
End With
Try
Google.GData.Client.OAuthUtil.RefreshAccessToken(parameters)
rStrAccessToken = parameters.AccessToken
rStrRefreshToken = parameters.RefreshToken
RefreshAuthentication = True
Catch ex As Exception
RefreshAuthentication = False
End Try
End Function
I am not sure if I need to pass in the existing access token or not before refreshing. But either way, the tokens get updated and I can proceed with sending emails.
FYI, in the end it became apparent that I did not need any bespoke Refresh at all because the system manages it for you under the hood.
Private Async Function DoAuthenticationAsync() As Task(Of Boolean)
Dim credential As UserCredential
Dim Secrets = New ClientSecrets() With {
.ClientId = m_strClientID,
.ClientSecret = m_strClientSecret
}
Try
credential = Await GoogleWebAuthorizationBroker.AuthorizeAsync(Secrets, m_Scopes,
"user", CancellationToken.None,
New FileDataStore("xxx.Calendar.Application"))
' Create the calendar service using an initializer instance
Dim initializer As New BaseClientService.Initializer() With {
.HttpClientInitializer = credential,
.ApplicationName = "yy"
}
m_Service = New CalendarService(initializer)
Catch ex As Exception
' We encountered some kind of problem, perhaps they have not yet authenticated?
' Can we isolate that as the exception?
m_logger.Error(ex, "DoAuthenticationAsync")
Return False
End Try
Return True
End Function
I have not required any bespoke Refresh of tokens for a long time now.

Unable to access claims or saml attributes via Kentor.AuthServices.Owin in MVC

I am building an .net 4.5 MVC application which connects to a Shibboleth-based SAML IdP, to provide single-sign-on functionality. To do this I am using the Kentor.AuthServices.Owin middleware.
The IdP service in question requires use of encrypted assertions, which the latest build of Kentor.AuthServices doesn't support. Instead I had to use the Raschmann-fork of it here https://github.com/Raschmann/authservices/tree/78EncryptedAssertion (v0.8.1), then tried ..Raschmann/authservices/tree/Release (v0.10.1).
(Using ..Raschmann/authservices/tree/master (v0.12.1) - or indeed any of the KentorIT Kentor.AuthServices builds - results in loginInfo being null within ExternalLoginCallback.)
Using the above allows me to login/register on the application via the IdP. However, when ExternalLoginCallback is called, the ExternalClaims or Claims objects within loginInfo.ExternalIdentity don't contain any claims.
I have captured and decrypted the SAML response from the IdP and have confirmed that it is sending information (such as firstname, lastname, DoB, etc.) back to my application once I have logged in.
How can I access the SAML data that is being returned?
ConfigureAuth within Startup.Auth.vb:
Public Sub ConfigureAuth(app As IAppBuilder)
' Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(AddressOf ApplicationDbContext.Create)
app.CreatePerOwinContext(Of ApplicationUserManager)(AddressOf ApplicationUserManager.Create)
app.CreatePerOwinContext(Of ApplicationSignInManager)(AddressOf ApplicationSignInManager.Create)
app.UseCookieAuthentication(New CookieAuthenticationOptions() With {
.AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
.Provider = New CookieAuthenticationProvider() With {
.OnValidateIdentity = SecurityStampValidator.OnValidateIdentity(Of ApplicationUserManager, ApplicationUser)(
validateInterval:=TimeSpan.FromMinutes(30),
regenerateIdentity:=Function(manager, user) user.GenerateUserIdentityAsync(manager))},
.LoginPath = New PathString("/Account/Login")})
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie)
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5))
app.UseTwoFactorRememberBrowserCookie(DefaultAuthenticationTypes.TwoFactorRememberBrowserCookie)
app.UseKentorAuthServicesAuthentication(New KentorAuthServicesAuthenticationOptions(True))
AntiForgeryConfig.UniqueClaimTypeIdentifier = Global.System.IdentityModel.Claims.ClaimTypes.NameIdentifier
End Sub
ExternalLoginCallback within AccountController.vb:
<AllowAnonymous>
Public Async Function ExternalLoginCallback(returnUrl As String) As Task(Of ActionResult)
Dim loginInfo = Await AuthenticationManager.GetExternalLoginInfoAsync()
If loginInfo Is Nothing Then
Return RedirectToAction("Login")
End If
Dim externalIdentity = Await AuthenticationManager.GetExternalIdentityAsync(DefaultAuthenticationTypes.ExternalCookie)
' Sign in the user with this external login provider if the user already has a login
Dim result = Await SignInManager.ExternalSignInAsync(loginInfo, isPersistent:=False)
Select Case result
Case SignInStatus.Success
Dim user = Await UserManager.FindAsync(loginInfo.Login)
If user IsNot Nothing Then
'user.FirstName = loginInfo.ExternalIdentity.FindFirst(ClaimTypes.Name).Value
'user.Email = loginInfo.ExternalIdentity.FindFirst(ClaimTypes.Email).Value
Await UserManager.UpdateAsync(user)
End If
Return RedirectToLocal(returnUrl)
Case SignInStatus.LockedOut
Return View("Lockout")
Case SignInStatus.RequiresVerification
Return RedirectToAction("SendCode", New With {
.ReturnUrl = returnUrl,
.RememberMe = False
})
Case Else
' If the user does not have an account, then prompt the user to create an account
ViewBag.ReturnUrl = returnUrl
ViewBag.LoginProvider = loginInfo.Login.LoginProvider
Return View("ExternalLoginConfirmation", New ExternalLoginConfirmationViewModel() With {
.Email = loginInfo.Email
})
End Select
End Function
The owin pipeline is quite complex. To debug this I'd suggest that you insert a small breakpoint middleware immediately before the UseKentorAuthServicesAuthentication() call.
app.Use(async (context, next) =>
{
await next.Invoke();
});
Sorry for using C#, but I assume you can find the equivalent VB syntax.
Run the application and authenticate. Right before you trigger the Idp to post the response back, put a breakpoint on the closing bracket of the code snippet above. Then investigate the content of the context.Authentication.AuthenticationResponseGrant. That's the actual output form Kentor.AuthServices. Are the claims present there?
If they're not, then there's a bug in AuthServices. Please report it as an issue on the GitHub Issue tracker and I'll have a look.
If the claims are indeed present at that point, but lost later, you may be a victim of the Owin Cookie Monster.

JavaMail, Exchange Server and “no login methods supported”

I'm trying to read contents of a mailbox, using JavaMail and IMAP.
No SSL, only plain IMAP.
My code is like this:
// Connection default properties
Properties props = new Properties();
props.setProperty("mail.imap.timeout", "5000");
props.setProperty("mail.imap.connectiontimeout", "5000");
props.setProperty("mail.pop3.timeout", "5000");
props.setProperty("mail.pop3.connectiontimeout", "5000");
props.setProperty("mail.smtp.timeout", "5000");
props.setProperty("mail.smtp.connectiontimeout", "5000");
// Get session
Session session = Session.getDefaultInstance(props, null);
session.setDebug(true);
// Get the store
Store store = session.getStore(account.getProtocol()); // returns "imap"
String username = account.getUsername();
String password = account.getPassword();
String host = account.getHost();
store.connect(host, username, password);
// Get folder
Folder folder = store.getFolder("INBOX");
folder.open(Folder.READ_ONLY);
FlagTerm ft = new FlagTerm(new Flags(Flags.Flag.SEEN), false);
Message messages[] = folder.search(ft);
System.out.println("Ci sono " + messages.length + " messaggi da leggere");
Here is what i get:
https://www.dropbox.com/s/zbqh7gt3xqgobo7/imap_error.png
It seems that Exchange server is rejecting my login trials...i'm stuck with this and can't understand how to proceed further.
Anyone can help?
The server is configured not to allow 'LOGIN' on plaintext ports.
Note the CAPABILITY response: LOGINDISABLED, and no alternative AUTH methods are presented. You will likely need to connect with SSL encryption.
On the other hand, I don't know why they'd keep open the plaintext port if it can't be used....