I'm trying to make a call to a wcf service from an Azure function hosted in Azure. The wcf service requires a certificate.
I'm able to call to wcf service when I do debug in local machine (I import successfully the cert) but in Azure I got the error "The HTTP request was forbidden with client authentication scheme 'Anonymous'."
I believe this is due to missing certificate in Azure side.
I try to upload the .cer to Public Key Certificates (.cer) but still doesn't work. My Function app still returns the same error "The HTTP request was forbidden with client authentication scheme 'Anonymous'."
Please let me know how to make my request accept in wcf service?
It would be nice if we have solution in Azure Portal rather than doing PowerShell.
Note: I use the same certification and source code when I do debug in local machine and when I publish to Azure Function.
Thank you.
thank you for your time.
The issue has been resolved in WCF side. The WCF guy adds the Azure Function IP address to the white list and it works. It's nothing to do with Azure Function.
Looks like the same issue with this one.
Related
I've written a simple WebAPI Service (hosted with OWIN in a Windows Service) and put the [Authorize] attribute on the POST-method. As I understand, only "known" users can now access the service (don't worry, I know, all known users is not really safe yet).
My test client works fine so far when the host and the client are located on the same machine (f.ex. my workstation). However when I deploy the service on a server machine, and try again to call the service, I get a HTTP 400 failure when using the System.Net.Http.HttpClient and set httpClientHandler.UseDefaultCredentials=true, or a HTTP 401 when I use System.Net.WebClient and set webClient.UseDefaultCredentials=True.
So it seems the authentication mechanism acts different depending if the service is hosted local or remote.
For test reason I've also tried to set the credential explicit with user and password, but with exactly the same result.
However, what do I miss here? Any suggestions?
Thank you in advance!
verify the machine keys.
If the authorization server and the resource server are not on the same computer, the OAuth middleware will use the different machine keys to encrypt and decrypt bearer access token. In order to share the same private key between both projects, we add the same machinekey setting in both web.config files.
https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
I'm trying to debug an Azure App Service .Net backend project that has authentication/authorization enabled for database API access. Attempting to use it results in 401 Unauthorized.
I have set, as suggested elsewhere, the MobileServiceClient object's AlternateLoginHost to point to the remote Azure service so that it would be relied on. In the App Service project, I have copied SigningKey from the Kudu settings page (https://[servicename].scm.azurewebsites.net) and have set ValidAudience and ValidIssuer to the app service address (https://[servicename].azurewebsites.net/). ConfigureMobileApp() calls UseAppServiceAuthentication with the Web.config local values, then UseWebApi is called.
I've looked at the requests and responses with Fiddler, and they have the X-ZUMO-AUTH token. I've switched between the local vs. remote service, and the remote service will accept the token while the local service rejects it.
I'm not sure where to go from here. Did I miss something? Is there anything else to check?
It turns out that there is an incompatibility in the Azure App Service library with System.IdentityModel.Tokens.Jwt v5. I discovered this by trying to use the token validation method manually, which presented a TypeLoadException for System.IdentityModel.Tokens.JwtSecurityToken.
Unfortunately, the exception doesn't appear in the debug log during normal debugging.
This incompatibility appears to be a known issue, but the dependency in the NuGet package doesn't note it. (https://github.com/Azure/azure-mobile-apps-net-server/issues/195)
I just setup azure CDN endpoint. Pointed to my origin server. This works with http protocol. But the same files when i try https - it returns a 502 - bad gateway error. How do i troubleshoot and fix the problem?
A very similar setup works perfectly on another endpoint with HTTPs.
I think you may need to do is to serve your CDN assets over HTTPS. To do this you'll need to enable HTTPS within the Azure Portal
if still not then:
You can't yet use your own domain/SSL certificate with Azure CDN although there is a big request for this on the Azure Feedback Site.
If you've created a CDN for an Azure Cloud Service (e.g. http://[yourapp].cloudapp.net/cdn/) it's important that you create a self-signed certificate for your Azure domain ([yourapp].cloudapp.net). If you're using Azure Virtual Machines this can be done through IIS.
This caught us out recently when we enabled HTTPS for an origin server that did have an SSL certificate but it was for our own custom domain and not the *.cloudapp.net one.
for details click on http://benfoster.io/blog/azure-cdn-https
I have a wcf service that run on a server. I have two clients that connecs to the service. We use username and password to authenticate the client.But I recreated the certificate in the same location as previous using PluralSight Software
But after configuring the client to connect to the service I have got following error.
The identity check failed for the outgoing message. The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint)' for the target endpoint
I got the above error when I tried to login to the service. I have shared my configuration details here.. any help would be appreciated.
CLIENT APP.CONFIG VIA WCF CONFIGURATION EDITOR
SERVICE WEB.CONFIG VIA WCF CONFIGURATION EDITOR
I found the answer. This happens because if you create a new certificate on server which wcf service host then you need to update the service reference in client application. so it will update the app.config file of the client application with latest identity value.
I have a WCF client from which i am supposed to communicate to a thirdparty web service whose url and wsdl is disclosed.The third party WebService(.asmx) uses https. All I am doing is trying to add service reference from my dev environment ,but unable to succeed.So i went ahead and used SOAPUI to test the service where i am able to fire a request and got a response.
Is it not possible in VS2010 to add the service reference in order to access the metadata of a HTTPS web service ? Since this is the first time I am using HTTPS ,i would be glad if some one can guide me the right way ?
#Aron :I tried to get the same by using a web browser and i selected proceed anyway option then it takes me to the WSDL page.
I will assume that you are running your development server on your local dev machine. You should check the actual address that the IIS server is setup for. Open up the page in your web browser. You will have a page that asks you if you want to proceed anyway, DONT.
View server certificate.
Here is the GMail certificate. Notice the "issued to:". This means that the certificate is only for https://mail.google.com. If another server tried to use it for another address you would have the same error.
So you want to use whatever is in there as your https://{my issued to}/Webservice.asmx