All my attempts to make working, as is, the sample "AppModelv2-WebApp-OpenIDConnect-DotNet" have failed yet.
Redirection from Azure AD process seems occuring, a token is even present but "Request.IsAuthenticated" is always false.
I have checked and checked again that the required elements are correct, like the Client ID, the tenant , the URL to be redirected to . No errors of any sort are notified, I just get the homepage with the same sign in button. Access to the claims is never allowed.
Any idea?
Help would be greatly appreciated.
Access tokens option has been added but same result
Newest
I have upload my demo, you just need to replace ClientId,Tenant and redirectUri.
Regarding the value of Tenant, you can use TenantID or common. The difference is that when you use TenantID, this app can only be used by users under this tenant. common can support other tenants.
UPDATE
When you want to deploy your app. You need to modify web.config file and Redirect URIs in portal like my screenshoots.
Test Pic:
PRIVIOUS
After reading your problem description, it is not clear why the problem occurred.
You can follow my steps to try again, I will show you step by step, your problem should be solved.
First add App Registrations in the portal.
In the portal, add or modify Redirect URIs, the default value is https://localhost:44368/, and enable Access tokens and ID tokens.
Modify the ClientId value of web.config in the project. ClientId is copied from the portal.
Set breakpoints in the HomeController.cs and Index.cshtml files, as in the screenshot below.
F5 run the project, see screenshots for the next steps, there will be a few notes.
Step1. Start with default page Home/Index.
Step2. Click Sign in with Microsoft, it will jump into breakpoint in HomeController.cs file. Because not sign in,so Request.IsAuthenticated is false.
Step3. When you input your account and pwd, it will redirect to Home/Index. Before that it will jump to breakpoint in Index.cshtml file. You can see the value of Request.IsAuthenticated after success login. It's true now.
Step4. Then you can see Index page.
Related
We had a working application, we went through the go-live process, and everything was running live for several days. Then we started getting SSL errors, and we saw that the nuget package for the DocuSign package had an update (I believe this was all for the 11/13/2019 2019 certificates auto-update), so we updated our code, but now every request returns the USER_LACKS_MEMBERSHIP error for every token-authenticated request.
Things I can confirm are not the issue:
We have authenticated the app via account.docusign.com and the oauth signature impersonation scope, and the testing and live paths are in the API approved Redirect URIs.
We have the correct base path in the configuration (https://na3.docusign.net, as shown on our Apps and Keys page)
The base path did not change after we get the token back (The BaseUri on the Account object matches what we started with)
We are using the correct user for the configuration (The value labeled "API Username" in the Apps and Keys page is entered as "IMPERSONATED_USER_GUID" in appsettings.json and successfully used in creating the token as parameter UserID, which also matches our user account's ID shown in the backend, so we are not confusing it with TARGET_ACCOUNT_ID or CLIENT_ID, and shuffling those around causes errors much earlier at the token generation step).
We only have one user: the administrator of the DocuSign account. Their ID appears in the API configuration labeled as "API Username". The DocuSign administration backend doesn't display a membership tab anywhere for us to correct any possible issues with a user lacking membership. As far as I can tell, Membership is a higher tier account option than what we're paying for, so I'm confused how we could be having problems with a feature we haven't bought.
We get this error for checking envelope status. We get this error for trying to create new envelopes. We get this error for trying to get Account information. The only thing we can do is get an authentication token, but then that token can't be used to make any further authenticated requests.
Is there anything I'm missing that could be causing this other than some database error on DocuSign that I can't correct through the tools available to me? The package update changed the order of which class constructor accepts the ApiClient object, and there's a new AccessToken field on the Configuration class (which I filled out, but doesn't seem to have any effect, since we're still adding the Authorization/Bearer header manually). I'm out of ideas on what to try next.
Are you using the production environment or the demo environment?
I suspect that what's happening is that you are getting them mixed. As the baseUrl should not be demo.docusign.net etc. if you're using production (as indicated by your na3.docusign.net address) but you must ensure that the same account/user from production is also used.
So, the 4 things to check:
userId
accountId.
baseURI
authURI (account-d.docusign.com vs. account.docusign.com)
All of these should match and be for the same account in the same env.
The Facebook documentation has this page called Posting as a Page which I've been following.
I followed the instructions on how to obtain an "immortal" access token for the Page.
I've used the Access Token Debugger to check my token is correct. It has the right AppID, the right ProfileID (for the page), and the right UserID (for the owner of the page). It expires "Never", it is valid, and it has the right scopes: manage_pages, publish_pages, publish_actions, public_profile.
I then used the Facebook SDK for .NET to make the call to the API to post to the Page.
var facebookClient = new FacebookClient(accessToken);
facebookClient.Post(string.Format("{0}/feed", profileID), new
{
message = message
});
The post appears on the Page and if I hover "globe" icon to see it's visibility/accessibility it says "public".
So, it worked right? Well ... no.
It turns out only users assigned a role in the Facebook App can see that post, despite it looking like a normal post and saying it's public. For any other users or those who are not signed in it simply doesn't appear.
The documentation page Page Access Tokens and Permissions says:
Your app might not need to request these permissions because people posting are already set up with a role in your app's dashboard. If this is the case you do not need to submit your app for review. See the Roles tab in App Dashboard.
I notice it says "people" which is a touch ambiguous. Does that mean only Users can publish to a Page without being reviewed? You can't publish as the Page itself without the review?
I've tried adding the page to the "Developers" and "Testers" roles for the app using the Pages ProfileID, but it says it can't resolve that to a UserID or name. That makes sense, roles are for people rather than pages.
EDIT 1:
I've tried using the "Embed Post" function and that gave me a link to the post. I tried using the link with a user that can't see the post and got:
It's not expired, as the users that can see it can still see it. It's interesting that it says you might not be in the audience that can view it, but it's set to public which I believe means everyone should see it.
You need to make your app “live” (see top of Status&Review tab), otherwise content created through it will only be visible to people with a role in the app.
(This has nothing to do with permission review.)
I need to test score's post to facebook but it requires publish_actions permission. I use the last version of Facebook SDK for Unity3D. Is it possible to get publish_actions permission without review of my application? I tried to get this permission using
FB.Login( "publish_actions", LoginCallback );
But FBResult of LoginCallback always returns error (403 forbidden) when I try to post score. I also tried to use test users of facebook sdk to test it but with no luck (the same problem - 403 forbidden). I read here that I as admin can use all permissions without review. But how?
These are the steps you need to do to get more permisions for your development access token:
Go to the following URL: 'https://developers.facebook.com/tools/explorer/'
From the dropdown near the top, select the application you want to get extended permissions for
Click on 'Get Acces Token'
Select all the permisions you want (including publish_actions)
Copy the access token generated in the text field besides it, and use it inside Unity when it prompts you for an access token.
Hope this sorts it out for you. If any step is not clear, let me know
I am using google OAuth 2.0 and facebook for login in my asp.net MVC-4 website. I am struggling with a strange issue since quite long. The issue is:
When i click on google login button or facebook login button , i was redirected to google or facebook login page where i enter my login credentials. After that i was redirected to /Account/ExternalLoginCallback Action (which i set as a redirect_uri in facebook and google app settings). But i was redirected twice to /Account/ExternalLoginCallback.
I inserted a break point at ExternalLoginCallback action. At first redirection everything goes well and a ExternalLoginConfirmation view show and then again automatically same action (ExternalLoginConfirmation) was called and this time [second time] i got an exception i.e. 404 bad request.
My question is why i am redirecting twice at /Account/ExternalLoginCallback Action ????
Please help me i done everything but didn't find any solution and worst thing is i dont know which thing cause the second redirection to /Account/ExternalLoginCallback Action .
If you post the code from the account controller, we might help. However, my thinking is, either you are clicking the button too fast twice, or, there is a duplication of code in the account controller calling Oauth twice.
I had the same problem and managed to solve it with "Chrome Dev Tool".
Just call "Inspect Element" or Ctrl-Shift-I and check out what is causing the second redirect:
1) Set "Preserve Log" checkbox and "Disable cache"
2) Show only "Documents" (optional)
3) See that "settings/socias_connections/" is called twice (Ofcourse it would be a different link for your site)
4) See "Initiator" column. So first time it was just a redirect. And for the second time it was initiated by my own script, which tried to remove "#" from the urls. (my silly mistake :)
I've wrapped some code around my project to enable user authentication. It seems to be using FormsAuthentication as well as .NetCasAuthentication. When a user wants to login, I redirect them to an external page whose URL is saved in
DotNetCasClient.CasAuthentication.FormsLoginUrl, and that, after a successful login attempt, sets the User.Identity object. So far so good.
Now, how do I properly sign the user out?
I've tried
FormsAuthentication.SignOut()
Expiring a couple cookies as suggested here
And even explicitly nullifying the User object: HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(string.Empty), null);
But when I send another request to my application, it's still able to find that user's information somewhere.
Does CasAuthentication save to a cookie? Or is it more likely that it's in some unique location as defined by the external login page? I have the option of redirecting to the corresponding external logout page, but I don't know how to do that without redirecting to it and leaving my application, and I don't want to do that.
Thanks for reading.
I'm still not quite sure what was causing the phantom log out, but I was able to fix the issue I was having.
I included an iframe in my application's login and logout pages, whose sources (src) are pointed at the external login and logout pages, respectively. To tell CAS where to redirect to after validating FormsAuthentication credentials, I had to append at the end of the login iframe's src url a query string that looks like ?TARGET=http%3a%2f%2fsome.url.aspx
(The target url is escaped.
'%3a' is url encoding for a colon (:) and '%2f' is a forward slash (/))
So, say, the external login url was https://www.externalsite.com/login and I wanted to redirect to my welcome page http://www.mysite.com/welcome.aspx after logging in, my application's login page iframe src would need to be
`https://www.externalsite.com/login?TARGET=http%3a%2f%2fwww.mysite.com%2fwelcome.aspx`
After doing that, everything seems to be working fine.
I couldn't find documentation for the TARGET query string, but it seems to be related to the 'targetService' parameter described here.