MVC4 OpenID Provider Action is not invoked as per URI in XRDS - asp.net-mvc-4

I am trying to develop an OpenID Provider for Single Sign On capability in my company. I have little experience with either MVC 4 or the DotNetOpenAuth library.
I am trying to build the provider based on the examples downloaded from http://www.dotnetopenauth.net/site.
My provider is not invoked by the relying party but it does not invoke the URI mentioned in the Xdrs. The URI is being formed as
http://localhost:54589/OpenId/provider
but the action for this url (the Provider action) is not being invoked. If I access this URL directly from the browser then it shows the view in the browser.
Below is the Xrds
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
xmlns:xrds="xri://$xrds"
xmlns:openid="http://openid.net/xmlns/1.0"
xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="10">
<Type>http://specs.openid.net/auth/2.0/server</Type>
<Type>http://openid.net/extensions/sreg/1.1</Type>
<Type>http://axschema.org/contact/email</Type>
<URI>http://localhost:54589/OpenId/Provider</URI>
</Service>
</XRD>
</xrds:XRDS>
I am not sure whether this is an MVC problem OR I am not using DotNetOpenAuth correctly.
Update
On Debugging I found that my MVC razor Xrds.cshtml is being called but the relying party does not redirect to the URI exist in Xrds. I also made sure that I am setting the Request.ContentType as application/Xrds+xml. Below is my code
public ActionResult Index()
{
if (Request.AcceptTypes.Contains("application/xrds+xml"))
{
ViewData["OPIdentifier"] = true;
return RedirectToAction("Xrds");
}
return View();
}
public ActionResult Xrds()
{
ViewData["OPIdentifier"] = true;
Response.ContentType = "application/xrds+xml";
return View("Xrds");
}
When I see the request and response in Fiddler, it come back with result 200 where it should be 302.
Does this mean that the xrds is not going back to relying party in proper format?
Here the fiddler trace
GET http://localhost:4856/login.aspx?ReturnUrl=%2fMembersOnly%2fDefault.aspx HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://localhost:4856/
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Accept-Encoding: gzip, deflate
Host: localhost:4856
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcbWFoZXNoLmNoYXVkaGFyaVxEb3dubG9hZHNcRG90TmV0T3BlbkF1dGgtNC4yLjIuMTMwNTVcRG90TmV0T3BlbkF1dGgtNC4yLjIuMTMwNTVcU2FtcGxlc1xPcGVuSWRSZWx5aW5nUGFydHlXZWJGb3Jtc1xsb2dpbi5hc3B4?=
X-Powered-By: ASP.NET
Date: Mon, 11 Mar 2013 08:59:07 GMT
Content-Length: 9430
------------------------------------------------------------------
POST http://localhost:4856/login.aspx?ReturnUrl=%2fMembersOnly%2fDefault.aspx HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://localhost:4856/login.aspx?ReturnUrl=%2fMembersOnly%2fDefault.aspx
Accept-Language: en-GB
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: localhost:4856
Content-Length: 964
Connection: Keep-Alive
Pragma: no-cache
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/8.0
X-AspNet-Version: 4.0.30319
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcbWFoZXNoLmNoYXVkaGFyaVxEb3dubG9hZHNcRG90TmV0T3BlbkF1dGgtNC4yLjIuMTMwNTVcRG90TmV0T3BlbkF1dGgtNC4yLjIuMTMwNTVcU2FtcGxlc1xPcGVuSWRSZWx5aW5nUGFydHlXZWJGb3Jtc1xsb2dpbi5hc3B4?=
X-Powered-By: ASP.NET
Date: Mon, 11 Mar 2013 08:59:14 GMT
Content-Length: 10382

Related

New to VBA : MSXML2.XMLhttp strips session cookies from POST response

I am very new to VBA and trying to scrape through a website. So far I have been able to get cookies from initial get request and use them in POST for a successful login. The next step is to capture the session and user cookies and use them in the subsequent requests.
Unfortunately, this is where my problem begins.
Post successful login I am using .getAllResponseHeaders() to capture all headers but it seems the two cookies (Set-Cookie: xf_user AND Set-Cookie: xf_session) are missing and hence I am not able to capture them for later use. For comparison and easier understanding, I am posting the fiddler (correct) response and response captured by vba (incorrect).
I am not sure what am I doing wrong. Please suggest any options, I am happy to take an alternate approach. I am sure I am very close to success, just need your expert advice.
Fiddler Response
HTTP/1.1 303 See Other
Date: Thu, 30 Apr 2020 04:55:14 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Thu, 30 Apr 2020 04:55:24 GMT
Location: https://f95zone.to/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, max-age=0
Set-Cookie: xf_user=19872%2CUsOoxkBS4bzvLttbYhWkicE-JFQ-vBWo2L68LEVS; expires=Fri, 30-Apr-2021 04:55:24 GMT; Max-Age=31536000; path=/; secure; HttpOnly
Set-Cookie: xf_session=nlJRIrZOrbAiQGVAo_wRJhDSKBsy7wKz; path=/; secure; HttpOnly
Strict-Transport-Security: max-age=15768000
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 58beab553a76fea5-MEL
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id: 026b0969420000fea583bd8200000001
Content-Length: 0
VBA Response
date: Thu, 30 Apr 2020 13:47:02 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 13:47:01 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, no-cache, max-age=0
strict-transport-security: max-age=15768000
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri=""https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct""
server: cloudflare
cf-ray: 58c1b6504d3dfe8d-MEL
alt-svc: h3-27="":443""; ma=86400, h3-25="":443""; ma=86400, h3-24="":443""; ma=86400, h3-23="":443""; ma=86400
cf-request-id: 026cf0462f0000fe8d47804200000001
Snippet From My Code
Set objXMLHTTPSearch = CreateObject("MSXML2.XMLHTTP")
objXMLHTTPSearch.Open "POST", "https://f95zone.to/login/login", False
objXMLHTTPSearch.setRequestHeader "Accept", "text/html, application/xhtml+xml, image/jxr, */*"
objXMLHTTPSearch.setRequestHeader "Accept -Language", "en -US"
objXMLHTTPSearch.setRequestHeader "User-Agent", "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"
objXMLHTTPSearch.setRequestHeader "Content-type", "application/x-www-form-urlencoded"
objXMLHTTPSearch.setRequestHeader "Accept -Encoding", "gzip , deflate"
objXMLHTTPSearch.setRequestHeader "Host", "f95zone.to"
objXMLHTTPSearch.setRequestHeader "Content-Length", Len(dataSTR)
objXMLHTTPSearch.setRequestHeader "Connection", "Keep -Alive"
objXMLHTTPSearch.setRequestHeader "cache -Control", "no-cache"
objXMLHTTPSearch.withCredentials = True
objXMLHTTPSearch.send dataSTR
statusSearch = objXMLHTTPSearch.status
fetchHeader = objXMLHTTPSearch.getAllResponseHeaders()

Download Page Txt using webclient vb.net

Im trying to download a simple web page as text using Weblcient but all time i get a problem,
i think the problem in the user-agent but when i set one for the weblclient i get the same problem
the page httpheader Capture :
GET /wp-json/binlist/v1/441442/?_wpnonce=335f68c9e2 HTTP/1.1
Host: binlist.org:443
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: _ga=GA1.2.1639241798.1540059335
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.0.1617 Safari/537.36
HTTP/1.1 200
access-control-allow-headers: Authorization, Content-Type
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
allow: GET
alt-svc: quic=":443"; ma=86400; v="43,39"
cache-control: max-age=0
content-encoding: gzip
content-length: 221
content-type: application/json; charset=UTF-8
date: Sat, 22 Jun 2019 10:02:14 GMT
expires: Sat, 22 Jun 2019 10:02:13 GMT
host-header: 192fc2e7e50945beb8231a492d6a8024
link: <https://binlist.org/wp-json></https:>; rel="https://api.w.org/"
server: nginx
set-cookie: wpSGCacheBypass=0; expires=Sat, 22-Jun-2019 09:02:13 GMT; Max- Age=0; path=/
status: 200
vary: Accept-Encoding
x-cache-enabled: True
x-content-type-options: nosniff
x-proxy-cache: MISS
x-robots-tag: noindex
x-wp-nonce: 335f68c9e2
my code :
Private Sub Button4_Click(sender As Object, e As EventArgs) Handles Button4.Click
Dim webClient As New System.Net.WebClient
webClient.Headers("User-Agent") = "Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0 (via ggpht.com GoogleImageProxy)"
Dim result As String = WebClient.DownloadString("https://binlist.org/wp-json/binlist/v1/441442/?_wpnonce=a7ddc554d3")
RichTextBox3.Text = result
End Sub

Sending POST Requests using Postman(Chrome plugin), but receiving GET request-why?

I'm sending a POST request via POSTMAN, but my server (WebServer) is receiving it as a GET request - can anyone think why this can happen? Here is some info from postman (part of the URL/hostnames annonymised):
POST /blaa/DescriptionEntities/description HTTP/1.1
Host: blaaa
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: 3901995b-78a0-598f-40d2-83b09e09d12e
id=20&description=hi
The code:
#POST
#Path("description")
#Consumes(MediaType.APPLICATION_FORM_URLENCODED)
#Produces({MediaType.APPLICATION_JSON,MediaType.APPLICATION_XML})
public DescriptionEntity createDescriptionEntity(MultivaluedMap<String,String>map){
System.out.println(map.getFirst("id"));
System.out.println(map.getFirst("description"));
return null;
}
The Server (WebSphere):
No operation matching request path "/blaa/DescriptionEntities/description" is found, Relative Path: /description, HTTP Method: GET, ContentType: */*, Accept: */*,. Please enable FINE/TRACE log level for more details-is anyone able to kindly help here.
Not sure how to set the log level here either(I'm new to this).The relative path at the class level is "DescriptionEntities" Thanks so much.
EDIT- this is the whole class (minus import statements-it's completely experimental and ignore non related errors):
#Path("DescriptionEntities")
public class DescriptionEntityResource {
private DescriptionEntityRepository descriptionEntityRepository=new DescriptionEntityRepository();
#Path("description")
#POST
#Consumes(MediaType.APPLICATION_FORM_URLENCODED)
#Produces({MediaType.APPLICATION_JSON,MediaType.APPLICATION_XML})
public DescriptionEntity createDescriptionEntity(MultivaluedMap<String,String>map){
System.out.println(map.getFirst("id"));
System.out.println(map.getFirst("description"));
return null;
}
}
And the URL in Postman: http://blaa/DescriptionEntities/Description
EDIT: Server.xml
<server description="new server">
<!-- Enable features -->
<featureManager>
<feature>jndi-1.0</feature>
<feature>json-1.0</feature>
<feature>localConnector-1.0</feature>
<feature>appSecurity-2.0</feature>
<feature>ssl-1.0</feature>
<feature>servlet-3.1</feature>
<feature>jaxrs-2.0</feature>
<feature>jpa-2.1</feature>
<feature>jsf-2.2</feature>
<feature>jsp-2.3</feature>
</featureManager>
<httpEndpoint host="*" httpPort="80" httpsPort="443" id="defaultHttpEndpoint" sslOptionsRef="endpointSSLOptions"/>
<sslOptions id="endpointSSLOptions" sslRef="endpointSSL"/>
<ssl enabledCiphers="TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 " id="endpointSSL" keyStoreRef="customKeyStore"/>
<keyStore id="defaultKeyStore" password="annonymised"/>
<basicRegistry/>
<mimeTypes>
<type>svg=image/svg+xml</type>
</mimeTypes>
<httpSession useContextRootAsCookiePath="true" cookieSecure="true" />
<logging consoleLogLevel="INFO"/>
<applicationMonitor updateTrigger="mbean"/>
<webApplication id="annonymised" location="annonymised" name="annonymised"/>
EDIT: Network traffic (using fiddler):
POST /blaa/DescriptionEntities/description HTTP/1.1
Host: blaa
Connection: keep-alive
Content-Length: 20
Cache-Control: no-cache
Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.8
EDIT: The GET request:
GET /blaa/DescriptionEntities/description HTTP/1.1
Host: blaa
Connection: keep-alive
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Accept: */*
Accept-Encoding: gzip, deflate, sdch, br
Accept-Language: en-US,en;q=0.8
Cookie: IBMISP=b645ef125eca11e6aeed1341c031a83e- b645ef125eca11e6aeed1341c031a83e-0801740c1b0bc161a63c23e998bba6ec; CoreM_State=83~-1~-1~-1~-1~3~3~5~3~3~7~7~|~~|~~|~~|~||||||~|~~|~~|~~|~~|~~|~~|~~|~; CoreM_State_Content=6~|~~|~|; optimizelyEndUserId=oeu1470813611355r0.3187708418093793; ajs_user_id=null; ajs_group_id=null; amplitude_idibm.com=eyJkZXZpY2VJZCI6Ijk0ZGZlZWE0LTg4NjEtNDMzNi04Yzk5LWMyZWMwNjMxOGZmNFIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTQ3MDgxMzY4MDQ4MCwibGFzdEV2ZW50VGltZSI6MTQ3MDgxMzY4MDQ5MCwiZXZlbnRJZCI6MSwiaWRlbnRpZnlJZCI6MSwic2VxdWVuY2VOdW1iZXIiOjJ9; ajs_anonymous_id=%22b645ef125eca11e6aeed1341c031a83e%22; intercom-id=19922b40-fb41-4744-9dfb-89d6875c0294; UnicaNIODID=enSkfJ02Gh7-Z3dNjvn; optimizelySegments=%7B%222753990332%22%3A%22gc%22%2C%222757810742%22%3A%22search%22%2C%222762380326%22%3A%22false%22%2C%223081321317%22%3A%22none%22%2C%223855873690%22%3A%22referral%22%2C%223859505928%22%3A%22none%22%2C%223860673668%22%3A%22gc%22%2C%223861195110%22%3A%22false%22%7D; optimizelyBuckets=%7B%7D; cvo_sid1=EEHN9V3GC6UB; cvo_tid1=BF-jgeF2_Y4|1470813613|1471260957|0; mmcore.tst=0.794; mmapi.store.p.0=%7B%22mmparams.d%22%3A%7B%7D%2C%22mmparams.p%22%3A%7B%22mmid%22%3A%221502797170504%7C%5C%22716298243%7CCgAAAApStaCTtQ0AAA%3D%3D%5C%22%22%2C%22pd%22%3A%221502797170506%7C%5C%22-1893569528%7CCgAAAAoBQlK1oJO1DfyoSkgDAOpF09EAxdNIDwAAABoXwicJwdNIAAAAAP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FAAZEaXJlY3QBtQ0DAAAAAAAAAAAAAP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwAAAAAAAUU%3D%5C%22%22%2C%22srv%22%3A%221502797170510%7C%5C%22ldnvwcgus01%5C%22%22%7D%7D; __auc=f59597cf1567352a7c8a1f92cde; _ga=GA1.2.1447575942.1471939647; CoreID6=67988125510914708136127&ci=50200000|Bluemix_51040000|IBMTESTW3_51040000|HR_50200000|IBM_GlobalMarketing_50200000|devwrkscon_50200000|ESTKCS_50200000|DWNEXT; utag_main=v_id:01567352a47a000fc70d49709b1a04072002b06a00718$_sn:4$_ss:0$_st:1471941446924$dc_visit:4$_pn:7%3Bexp-session$ses_id:1471937020076%3Bexp-session$dc_event:19%3Bexp-session$dc_region:eu-central-1%3Bexp-session$ttd_uuid:f57e787f-a10b-48bc-833c-add2cf0e063d%3Bexp-session; 50200000_clogin=v=1&l=1471937020&e=1471941448777
EDIT: I have purged this little test project for now as I can't figure out what's wrong. I may try another time a little further down the line. Still curious as to what went wrong though so let me know if you spot anything obvious. Thanks everyone

Adding cache control directive to HTTP response header

I am trying to add Cache-Control: no-cache, no-store to HTTP response header. I put the following to Web.config:
<configuration>
<system.webServer>
<staticContent>
<clientCache cacheControlMode="DisableCache" />
</staticContent>
</system.webServer>
</configuration>
It yields Pragma: no-cache directive in the header.
CONNECT ...:443 HTTP/1.0
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Connection: Keep-Alive
Content-Length: 0
Host: ...
Pragma: no-cache
Is this equivalent to Cache-Control: no-cache? How do change Web.Config to produce Cache-Control: no-cache, no-store in the HTTP header on IIS 8.5? Thanks in advance.

So nginx is not interpreting folded headers correctly?

HTTP/1.1 header field values can be
folded onto multiple lines if the
continuation line begins with a space
or horizontal tab. All linear white
space, including folding, has the same
semantics as SP. A recipient MAY
replace any linear white space with a
single SP before interpreting the
field value or forwarding the message
downstream.(quoted from here)
Here's my server side script,which just dumps the cookie content:
var_dump($_COOKIE);exit;
Here comes my test,please pay attention to the cookie part:
GET /logtest.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.17) Gecko/20110420 AlexaToolbar/alxf-2.11 Firefox/3.6.17
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Cookie: A=t;
artDate=t
Cache-Control: max-age=0
HTTP/1.1 200 OK
Server: iis/8.0
Date: Mon, 23 May 2011 12:38:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.3.2
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
27
array(1) {
["A"]=>
string(1) "t"
}
0
GET /logtest.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.17) Gecko/20110420 AlexaToolbar/alxf-2.11 Firefox/3.6.17
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Cookie: A=t;
artDate=t
Cache-Control: max-age=0
HTTP/1.1 200 OK
Server: iis/8.0
Date: Mon, 23 May 2011 12:38:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.3.2
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
27
array(1) {
["A"]=>
string(1) "t"
}
0
GET /logtest.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.17) Gecko/20110420 AlexaToolbar/alxf-2.11 Firefox/3.6.17
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Cookie: A=t;artDate=t
Cache-Control: max-age=0
HTTP/1.1 200 OK
Server: iis/8.0
Date: Mon, 23 May 2011 12:38:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
X-Powered-By: PHP/5.3.2
Set-Cookie: ZDEDebuggerPresent=php,phtml,php3; path=/
47
array(2) {
["A"]=>
string(1) "t"
["artDate"]=>
string(1) "t"
}
0
It's a known issue that doesn't have a high priority.