i have a problem i cant host a my web api to public access. For Example, someone from outside to do some requests and get a response. I tried with IIS configuration, all samples try from the GTS, and then there is no movement. Can anyone post me full specs what i need to do to have for example
https://myipaddress:5001/api/ping
visible on public and someone from another machine can execute this request and get a response
IIS is meant for local development. What you want to do is to publish your application. There are many hosting providers, but if we stick to Microsoft, you can use Azure to publish your application:
https://learn.microsoft.com/en-us/azure/app-service/quickstart-dotnetcore?tabs=net60&pivots=development-environment-vs
It is paid, however you can register to get temporary free access to test the solution.
Related
I would like to ask you if you know how to make (at least idea) check on my internal Web (c# .netcore) if I can reach AppInsights.
The purpose is to check if firewall is blocking reachable to AppInsights.
Thank you. Problem is that my web is changing places of hosting - its a reason why I need web (cshtml) visualization if I can reach AppInsights.
Any ideas?
Thank you
There are a few ways you can try:
Method 1:
If the web project has been configured with application insights, just run the web project, and then nav to azure portal -> your application insights, see if the telemetry data are collected; Or you can use tools like Fiddler, when running the web project, check the response of application insights.
Method 2:
Check if these firewall exceptions are set, sample like below:
https://dc.services.visualstudio.com:443
For more details, you can refer to this doc and this doc.
I'm new to azure, and I'm trying to setup a single page website(web api 2). How can I limit access to my services so only my website can use it?
I know that I can use app services to setup my web applications/services but as far as i understand it will be open to everyone.
I also read about APIs, but Api management service seems very expensive and advanced for such a simple task. Is there any options? Am I in the wrong track?
Update
Ok, I saw the link for filtering based on IP. But as I've mentioned that single page application also is hosted on Azure. There is no static IP. If that is the way, I still need to know how you will find out about the IPRange.
App Service to use different authentication providers Azure Active Directory,Facebook,Google,Microsoft,Twitter.
We can set any type of Authentication/Authorization in the Azure Portal.More info about how to use authentication for API Apps in Azure App Service, please refer to document.
I have been scratching my head how to solve the issue described below.
So, the company where I work uses Visual Studio Team Services (was Visual Studio Online), and it is integrated/connected to our AD, meaning that If I log in to my workstation I can log in to Team Services without authenticating myself, like SSO.
I'm going to create an application which communicates to Team Services via Team Services SOAP and WebApi clients and here is the problem. I need a user to be able to communicate with Team Services and doing stuff (reading data, creating work items, creating test suits, etc.). I see little chance to convince IT to create a user only for this. They going to reject my request due to security risks.
The application architecture looks this:
browser: angularjs application, spa, calling only the WebApi service
server: WebApi service, which is responsible to communicate with Team Services and transforming data back and forth between the client and Team Services.
database: persisting data for later analysis
There is an idea in my mind, where I can get somehow the windows credentials from the OS and push it down to the server which uses it to communicate with Team Services. In Team Services, we will see that the particular user did things.
The question, how is possible that? The articles I have found searching for something similar, always mention .Net MVC app where I need to modify the web.config in order to get the credentials. But, in my architecture there is no .Net MVC app running on local machines. There is only a SPA running in browsers.
Or my architecture is not fit for this purpose? Shall I rework it and using MVC app to be able to get the credentials and working with them? But, the question still stands, how can I pass the credentials through the calls calling Team Services?
Do you know blog entries dealing with cases like above?
Thanks for any help in advance!
I think you have a bit of confusion over your terms. The SPA (Single Page App) has javascript code delivered by the server to the browser that calls the .NET WebApi code. In order to get the browser to use Kerberos/Windows Authentication you need to add
<system.web>
<authentication mode="Windows" />
</system.web>
to your web.config on the server where the .NET app is running (under IIS).
From here...
http://www.asp.net/web-api/overview/security/integrated-windows-authentication
"On the client side, Integrated Windows authentication works with any browser that supports the Negotiate authentication scheme, which includes most major browsers. For .NET client applications, the HttpClient class supports Windows authentication:"
Then the browser will do the rest for you and the HttpContext.CurrentUser in the .NET code on the server will be set to the windows user of the clients browser.
Here's a bit of a back story, feel free to skip to the problem below.
We have a handful of web applications exposed to the outside world (as opposed to ONLY on our internal business network) and these applications are using HTML5 for the offline capabilities. We also had IIS configured for Windows Authentication ONLY (no outside parties use our applications), thus we were issuing the challenge directly against our AD. With a recent update to Chrome for iOS, it broke the NTLM authentication (instead of prompting for use credentials, it just displayed a 401 unauthorized exception page) so we started looking at alternative solutions.
We figured we could leverage our current external ADFS/O365 access thus the user experience would be the same across all external facing applications (not just web apps).
We ended up adding OWIN to our WebForms app to use ADFS authentication and it works from a perspective of you can see the redirect to our external login page and then back to the web app. However, there is an additional problem. To get this to work, we had to DISABLE Windows Authentication in IIS and ENABLE Anonymous Authentication. Also, in the Web.Config in <system.web> we added <authorization><deny users="?" /></authorization>
PROBLEM
Since our applications are using HTML5 and are available offline, we are also using Web API to handle the push of data from the client device to the central system. When we moved to our "SSO type" solution, the POST methods in Web API started crashing. Turns out the line HttpContext.Current.User.Identity.Name stopped working.
How can I get the current authenticated [signed in] user when the user returns to the network and sync's their data? I'm not even sure what the best approach is here, I've tried a few different suggestions from SO and Google, but none seem to work. How does one get the current user in Web API with Owin using Federated Services?
I followed this Microsoft Azure Mobile Service Authentication Tutorial, to try to add a server authentication function for my Windows Store C# app. However, after completing every step, when I run my app, it showed that the application cannot connect to the service.
I found this useful blog tallking about troubleshooting Azure Authentication issues in Azure Mobile Service. To troubleshoot, I type the link in the firefox web browser: myServiceUrl/login/aad, but I receive the error response:
Authorization has been denied for this request.
I also followed the same tutorial to test with Google Log in. It turns out to work properly. And when I type the link: myServiceUrl/login/google, the web browser directed me to the google log in page, unlike the Unauthorization error message when I type in myServiceUrl/login/aad.
Although google log in works out fine, but it is desired for us to use Azure Active Directory authentication. Could anyone tell us what could possibly be wrong? Any troubleshooting suggestions are also appreciated. Thank you.
The "Application cannot connect to the service" error comes from whenever the Web Authentication Broker in Windows receives an error response from the resource it is trying to reach. There are a couple of issues that can cause this, and I'll try and address the most common ones.
I noticed the tutorial you linked to is for the .NET backend. If you are using the Mobile Services .NET backend, there is an extra step required to configure the AAD server flow, and it's a common cause of the issue being described. In the tutorial, it's under the title "Configure your .NET mobile service for AAD login." On the backend project, you will need to install the Mobile Services .NET Backend Security Extension NuGet package. Then, in WebApiConfig.cs, you will need to include
options.LoginProviders.Remove(typeof(AzureActiveDirectoryLoginProvider));
options.LoginProviders.Add(typeof(AzureActiveDirectoryExtendedLoginProvider));
This allows the runtime to use the server flow in addition to the client flow (leveraging the Active Directory Authentication Library) which was first released with the .NET backend.
Pending that, or in the case of the Node runtime, the next thing to do is check the AAD configuration. In the AAD portal, make sure that your application registration uses your mobile service's /login/aad endpoint for the resource URI. It must match exactly the value provided in the Mobile Services portal. This should also be one of the redirect URIs if you are using the Node backend. For .NET, you would use the /signin-aad endpoint for the redirect URI instead.
You should also check that you have copied the Client ID from the AAD registration and pasted it into the Mobile Services portal's Identity Tab. For completeness, the "Allowed Tenants" field should also be filled out, but I don't believe it is the cause of this issue.
Lastly, if your AAD tenant is federated with ADFS, then there is a wide range of issues that could lead to this. The biggest case comes from the WAB needing to be configured for Enterprise Authentication. This typically only causes problems when the device is domain joined / on the corporate network. That behavior is a known bug for the Mobile Services Windows Store SDK, but there is a workaround available. Glad to provide that if needed.