iis requests authentication when using a domain name on the local machine - authentication

I'm trying to develop a very simple asp.net web-forms site, using Yahoo! as an external identity provider. The user clicks on a link to Yahoo!, and after identifying on Yahoo! login page, Yahoo! redirect the user to the site with a token identifying the user as a URL parameter.
When I'm on localhost, it works fine. The problem is Yahoo redirects to a domain, which also points to my machine (it's actually a no-ip.org sub-domain). At this point, IE pops a message saying "The server at Default: admin/1234 requires a username and password". No password that I enter satisfies it, and the request is not reaching the application.
How do I get rid of this message, and let the request get throu to my application?
I'm pretty certain I don't have an "admin" user on the system.
The whole thing is just two pages, one with a link to Yahoo! and one landing page to which Yahoo! redirects. It's only purpose is to collect the token, for an unrelated library i'm working on.
I'm running on Win7 Home edition, with IIS 7.5, Visual Studio 2012 Web Express and .NET 4.5.
Thanks.

Related

Google OAuth2 for authentication redirect hangs

I've implemented a simple OAuth2 for Authentication login system that is working reliably on my dev server using a localhost redirect uri.
When testing from a production server, with updated redirect uri, the Google account permission interface opens up for the user logging in. After authorizing account access, the browser just hangs on "Waiting for accounts.google.com..." and doesn't go anywhere. At this point, I can see that the application has been granted access to my profile by viewing account permissions on my Google account dashboard.
If I change the redirect uri to an invalid one, I do get the invalid redirect uri Google error message back, so it looks like the redirection cannot reach my redirect uri. I can reach the reditect uri directly through a browser though. Any pointers?
Had a similar problem trying to create a "Login with Google" App. Since this was my first Google App, and I was also just first using the social networking setups in the software package which I bought BEFORE the Google API had changed, I was at a complete loss as where to start.
It finally dawned on me to redirect Google (via the App settings in the developer console) to a test web page on my site (instead of the page defined by the software package,) and all worked as expected, meaning Google redirected properly to the test page (which was actually just my root index.php). This told me that because the Google API had changed, my software package functionality was obsolete, and I needed to explore the code there.

DotNetOpenAuth redirection URL results to page not found

I have deployed a service using DotNetOpenAuth library.
The service authenticates against 4 providers (Google, Yahoo, Windows and Facebook)
I am having a problem with Windows and Facebook (Oauth protocol)
My services works fine when accessed through any browser. It redirects to the correct provider after selection, authenticates and replies back with the email address.
But the service does not work when accessed through a Mobile device. Using mobile, when I select Windows/Facebook, it redirects me to the login page. After providing my credentials, the service returns but the redirection of the url leads to page not found.
The url that is redirected seems like: http://mydomain.com/facebook.aspx?code=a_very_long_string
I get a message that page not found on the browser of the Android phone. The same code works fine when accessed through the browser of a desktop/laptop (Windows 7).
Please let me know if I am missing anything to make the service work for the mobile phone
I am able to resolve this issue. It turns out I cannot use server.Urlencode() .Net function before doing a custom redirection.
If I use it, the app breaks in the mobile platform. Removing it, fixed the issue and the url is successfully redirected.
I was doing a custom redirection after the authentication is successful and encoding the url. But seems that it breaks the application.
Not sure if it is a limitation in DotNetOpenAuth library or it is a limitation of the mobile browser.

Mac - Launch desktop application from browser passing parameters

I have written a click-once deployed application in .Net that runs on windows machines. I had a requirement to launch the application from a browser so that I can pass information to the application based on the current browser session (the HTTPHeadercontains a single-sign-on id that needs to be passed to the application so it can call secured web services).
So the click-once application is provided as a link on a jsp, and the required id is passed as a querystring parameter in the link, which the click once application can read).
Now I need to make similar functionality available for Mac users. Is there any way to do this that doesn't require Java? I would like to write in Objective C, but then the question of how to trigger the launch of the application from the browser, passing the necessarily information remains.
The flow is:
User hits link to our site
User is routed to single sign-on authentication form
User submits form and is redirected to our site (with id embedded in HTTPHeader)
Server builds page with a link to Click Once application with id appended as a querystring parameter
User clicks link, click once deployed app is downloaded and executed with full trust on the users computer (the app is signed with a code signing cert).
Application runs locally on users computer and calls RESTful web services on server passing the single-sign-on ID as a cookie along with the web request which allows the request to make it through.
I would appreciate any ideas that point me down the right path, as I am primarily a windows developer.
Thanks!
I just saw your request to my original post on this topic.
The need for this was put on the back burner for a time, but the solution that we will probably pursue is to have a server-side process that modifies the delivered Zip or DMG file on-the-fly. The additional information would be inserted into the application's Info.plist file. This will not invalidate the cryptographic signature, and does not require anything additional to be downloaded.

How to Clear Live ID Cookies

So we are using ADFS in a public facing SharePoint 2010 site. One of the supported logins is via Live ID. We have found that if a user logs into Live ID site like Hotmail prior to reaching our site, the following happens:
Our site thinks that the user is not logged in because the ADFS LS cookie is not present
When we click on Sign In and ADFS redirects us to Live ID, the Live ID login process detects its cookie and automatically logs us in using the prior user's email. We actually want to use another email address.
Even if we clear our cookies, the above behavior persists
We have tried the following on Windows 7 successfully:
Clear the browser cookies
Delete all files from %userprofile%\AppData\Roaming\Microsoft\Windows\Cookies\
And then Live ID correctly asks the user to login.
However, the above folder does not exist in a Windows 8 computer where this behaviour can be reproduced in IE 10.
So I really need to know the name and location of the Live ID cookie so I can hunt for it and destroy it to get the sign in prompt.
The ideal solution is that ADFS destroy the cookies correctly. The ADFS team is building a diagnostic page to delete their cookies but I do not think they will be able to destroy the Live ID cookie as it is not from their domain. If I can find its location, we can live with manual instructions for now.
Update
Found an answer. The trick is to go to live.com and click on signout first and then go to the SharePoint application. Not the best solution, but it works.
Update Found an answer. The trick is to go to live.com and click on signout first and then go to the SharePoint application. Not the best solution, but it works

Retrieving Page from HTTPS Website

I am registered user of a website that provides stock quotes values and I want to create a desktop application where in I will display the stock updates of a specific quotes.
For that, I need to parse a web page which is visible only when I login to the website. If I try to access that page, without logging in, it redirects me to the login page.
The Website does not provide any API for developing such a client application. Is there any way I can login to the website using the desktop client and thus access the required web page?
Regards,
TheLameProgrammer
You'll need to first do a HTTP POST to the login page, store the cookies that come back, then pass these along with any furture request you make.
Same as the browser does.
Hopefully this question is in earnest and not spam but the answer is no