We have problem getting message from Hub when we're in Microsoft Edge.
The connection is established, sending message from Client -> Server works as expected, but we're not receiving any response from server push. The same code works in Chrome & Firefox though.
Below is some code that we're using:
JS:
$.connection.hub.start()
.done(function () {
$.connection.myHub.server.broadcastMessage().done(function (data) {
console.log("broadcastMessage result: " + data); //work as expected when client request data from server, server does return the data
});
})
.fail(function () {
console.log("Connection failed!");
});
$.connection.myHub.client.showMessage = function (msg) {
alert(msg); //not working, in Microsoft Edge we're not receiving anything, this function is not triggered at all
};
C#:
public string BroadcastMessage() {
Clients.All.showMessage("ABC");
return "Hello World";
}
We're not completely unable to receive any broadcast 100% of the time though, however it does happens 95% of the time.
Although we're not able to receive any broadcast from server, but subsequent request from Client -> Server works as expected.
public override Task OnConnected() are not hit when we're in Edge too, but the code block does hit when we're in Chrome / Firefox.
Any idea? Is this a problem with SignalR or Edge?
P/S: We're using JQUERY 3.3.1 & SignalR 2.3.0
UPDATE 1:
We tried to remove everything and made a empty project to see if it's a problem with SignalR. Apparently if it's a completely new project, SignalR doesn't have this problem, but after I implemented Form Authentication, the problem starts to happen, I'm guessing is it because sometime when server trying to broadcast message to client, it's not authenticated or the cookies are not set?
Below is the code we used to implement our Forms Authentication:
Global.asax
protected void Application_AuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.User != null)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (HttpContext.Current.User.Identity is FormsIdentity identity)
{
FormsIdentity id = identity;
FormsAuthenticationTicket ticket = id.Ticket;
string userData = ticket.UserData;
string[] roles = userData.Split(',');
HttpContext.Current.User = new GenericPrincipal(id, roles);
}
}
}
}
Web.Config
<authentication mode="Forms">
<forms name="LoginCookie" loginUrl="/Account/Login" protection="None" path="/" defaultUrl="/Account/Login" timeout="3600" />
</authentication>
Code in Web.Config to block folder access
<location path="CMS/Admin" allowOverride="true">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*" />
</authorization>
</system.web>
</location>
The sample page were placed inside /CMS/Admin.
Try to change your c# code in:
public string BroadcastMessage() {
IHubContext context = GlobalHost.ConnectionManager.GetHubContext<myHub>();
context.Clients.All.showMessage("ABC");
return "Hello World";
}
Without IHubContext context = GlobalHost.ConnectionManager.GetHubContext<myHub>(); i don't able to work with signalR
Related
In my ASP.NET MVC 5 application, I use emails (System.Net.Mail) primarily for account authentication. It's worked perfectly until recently, and I have no idea what happened. I didn't change anything even slightly related to emails, as far as I know.
When I try to step into the SendAsync call in the controller, it transfers control back to the browser where it hangs indefinitely. Eventually I have to stop and restart the application pool just to access any page, which takes a couple minutes (usually it can be turned back on almost instantly).
I have it set up to use a Google app password, which is a requirement (you get an error about security otherwise). It doesn't seem to even get as far as Google, since the new app password hasn't been used.
I've tried the TLS port as well as the SSL port. Last time I got it working was using TLS.
Web.config:
<configuration>
<appSettings>
<add key="SmtpUsername" value="email#gmail.com" />
<add key="SmtpPassword" value="AppPassword" />
<add key="SmtpSender" value="email#gmail.com" />
<add key="SmtpHost" value="smtp.gmail.com" />
<add key="SmtpPort" value="587" /> <!-- SSL: 465, TLS: 587 -->
<add key="SmtpEnableSsl" value="true" />
</appSettings>
</configuration>
Email code:
public class EmailClient : SmtpClient
{
public EmailClient()
{
UseDefaultCredentials = false;
Host = WebConfigurationManager.AppSettings.Get("SmtpHost");
Port = int.Parse(WebConfigurationManager.AppSettings.Get("SmtpPort"));
EnableSsl = bool.Parse(WebConfigurationManager.AppSettings.Get("SmtpEnableSsl"));
Credentials = new NetworkCredential(WebConfigurationManager.AppSettings.Get("SmtpUsername"),
WebConfigurationManager.AppSettings.Get("SmtpPassword"));
DeliveryMethod = SmtpDeliveryMethod.Network;
Timeout = 30000; // Waiting 30 seconds doesn't even end the "loading" status
}
}
public class EmailMessage : MailMessage
{
private bool isBodyHtml = true;
public EmailMessage(string subject, string body, string recipients)
: base(WebConfigurationManager.AppSettings.Get("SmtpSender"), recipients, subject, body)
{
IsBodyHtml = isBodyHtml;
}
public EmailMessage(string subject, string body, IEnumerable<string> recipients)
: base(WebConfigurationManager.AppSettings.Get("SmtpSender"), string.Join(",", recipients), subject, body)
{
IsBodyHtml = isBodyHtml;
}
}
public static class Email
{
/// <param name="recipients">Comma-delimited list of email addresses</param>
public static async Task SendAsync(string subject, string body, string recipients)
{
using (EmailMessage msg = new EmailMessage(subject, body, recipients))
using (EmailClient client = new EmailClient())
{
await client.SendMailAsync(msg);
}
}
/// <param name="recipients">Collection of email addresses</param>
public static async Task SendAsync(string subject, string body, IEnumerable<string> recipients)
{
using (EmailMessage msg = new EmailMessage(subject, body, recipients))
using (EmailClient client = new EmailClient())
{
await client.SendMailAsync(msg);
}
}
}
Usage:
public class TestController : BaseController
{
public async Task<ActionResult> Test()
{
await Email.SendAsync("TEST", "test", "anaddress#gmail.com");
return View(); // Never reaches this point
}
}
OP here. As some answers allude, there was nothing wrong with my code. I'm not sure which of the below I had changed without retesting, but this is what you must have to use Gmail SMTP:
Use TLS port 587
Set SmtpClient.EnableSsl to true
Enable MFA for the Google account and use an app password for the SmtpClient.Credentials. I needed to enable MFA to create an app password.
Please note the Documentation and see the Gmail sending limits. under Gmail SMTP server section.
Your code looks fine, the only thing I see is that you are enabling SSL, but using the port distained for 'TLS' so users who will use the SSL method, will engage in an issue.
Beside from that, nothing appears to the eye.
There is standard way to send emails from ASP.NET.
web.config
<system.net>
<mailSettings>
<smtp deliveryMethod="Network">
<network defaultCredentials="false" enableSsl="true" host="smtp.gmail.com" password="password" port="587" userName="user#gmail.com"/>
</smtp>
</mailSettings>
</system.net>
.cs
var smtp = new SmtpClient(); // no other code.
var msg = CreateEmailMessage();
//I use try... catch
try{
smtp.Send(msg);
//return true; //if it is a separate function
}
catch(Exception ex){
//return false;
//use ex.Message (or deeper) to send extra information
}
Note that Gmail doesn't except a sender other than username. If you want your addressee to answer to another address then use
msg.ReplyToList.Add(new MailAddress(email, publicName));
I have a .net 2.0 application using Forms Authentication with AD and have a directory for documents which has been configured using a web.config file -
<system.web>
<authorization>
<deny users="?"/>
<allow roles="Security Alerts - Admin"/>
<deny users="*"/>
</authorization>
</system.web>
When testing locally if I run the app and put the FQDN for a document /site/documents/Document1.pdf I am returned to the login page but when I have the site on a server I am able to open the PDFs without any problem. How can I force this so that if a user was to saves the URL of a document and tried to access it directly they would be forced to the login page to authenticate themselves first?
I have the same config for an ADMIN folder which includes aspx pages and works correctly and directs the users the Login page first, is it something to do with the doc type being a pdf as opposed to aspx pages.
Thanks in advance.
By default, .NET authentication does not work on static files such as pdfs.
You need to implement an HTTP Handler to serve your files if the user is authenticated.
It sound like your current authentication is set up and working correctly, so I won't go over the basics of setting that up.
Below is the relevant code which applies to your scenario taken from Kory Becker's helpful article here:
http://www.primaryobjects.com/2009/11/11/securing-pdf-files-in-asp-net-with-custom-http-handlers
You'll obviously have to alter the paths, namespaces and logic to suit your environment (e.g. IIS version) and/or specific file type requirements.
Step 1 - Create a FileProtectionHandler class which implements IHttpHandler
public class FileProtectionHandler : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
switch (context.Request.HttpMethod)
{
case "GET":
{
// Is the user logged-in?
if (!context.User.Identity.IsAuthenticated)
{
FormsAuthentication.RedirectToLoginPage();
return;
}
string requestedFile = context.Server.MapPath(context.Request.FilePath);
// Verify the user has access to the User role.
if (context.User.IsInRole("Security Alerts - Admin"))
{
SendContentTypeAndFile(context, requestedFile);
}
else
{
// Deny access, redirect to error page or back to login page.
context.Response.Redirect("~/User/AccessDenied.aspx");
}
break;
}
}
}
public bool IsReusable { get; private set; }
private HttpContext SendContentTypeAndFile(HttpContext context, String strFile)
{
context.Response.ContentType = GetContentType(strFile);
context.Response.TransmitFile(strFile);
context.Response.End();
return context;
}
private string GetContentType(string filename)
{
// used to set the encoding for the reponse stream
string res = null;
FileInfo fileinfo = new FileInfo(filename);
if (fileinfo.Exists)
{
switch (fileinfo.Extension.Remove(0, 1).ToLower())
{
case "pdf":
{
res = "application/pdf";
break;
}
}
return res;
}
return null;
}
}
Step 2 - Add the following sections to your web.config file (with appropriate path/namespace modifications)
<httpHandlers>
...
<add path="*/User/Documents/*.pdf" verb="*" validate="true" type="CustomFileHandlerDemo.Handlers.FileProtectionHandler" />
</httpHandlers>
<system.webServer>
...
<handlers>
<add name="PDF" path="*.pdf" verb="*" type="CustomFileHandlerDemo.Handlers.FileProtectionHandler" resourceType="Unspecified" />
...
</handlers>
</system.webServer>
I have the following code in a SignalR method on a remote server:
string connectionString = "Data Source=xxx.eee.eee.sss.com\sql01,1433;Initial Catalog=dbname;Integrated Security=SSPI";
using (SqlConnection connection = new SqlConnection(connectionString)) {
//throws error when IE calls but not from chrome
//Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
connection.Open();
...
}
Web.config:
<configuration>
<configSections></configSections>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<customErrors mode="Off" />
<authentication mode="Windows" />
<identity impersonate="true" />
</system.web>
IIS 7 Setup:
Authentication: Only two Enabled (everyone else disabled)
1. ASP.NET Impersonation
2. Windows Authentication
C# SignalR code:
[assembly: OwinStartup(typeof(mynamespace.Startup))]
namespace mynamespace {
public class Startup {
public void Configuration(IAppBuilder app) {
app.Map("/signalr", map => {
map.UseCors(CorsOptions.AllowAll);
var hubConfiguration = new HubConfiguration {
// EnableJSONP = true
};
hubConfiguration.EnableDetailedErrors = true;
map.RunSignalR(hubConfiguration);
});
GlobalHost.HubPipeline.RequireAuthentication();
}
}
}
The client JavaScript code:
function getData(caller, callback, cmdType, cmdText, args) {
var connection = $.hubConnection(Globals.DatabaseLocation + Globals.RequestApplicationPath.replace('/', '') + "/");
connection.logging = true;
var Hub = connection.createHubProxy('SignalR');
connection.start()
.done(function () {
Hub.invoke("GetData", cmdType, cmdText, args)
.done(processJSON)
.fail(function (error) {/*...*/ });
})
.fail(function (error) {/*...*/ });
function processJSON(message) {/*...*/ };
}
I have been stuck on this one for awhile any help would be greatly appreciated.
Update:
I did some more investigation: I had 3 other developers test in chrome, IE10, and IE11 and none of them get any errors. The authentication and impersonation setup outlined above works for all of them making cross domain calls and they get their data. I am the only one getting the error and I am only getting it in IE. Chrome works for me.
SOLUTION
My working solution can be found in the answer or in my update two.
1) Now make sure, for testing on localhost, that you have setup windows firewalls for inbound on the localhost port. Port forwarding on the router if you have one.
2) Then you need to tell IIS Express that its okay that the request comes from outsite the localhost:
Find Documents\IISExpress\config and edit applicationhost.config. Find your site in the list and remove the localhost from the binding.
<site name="S-Innovations.TrafficTheory.Web2" id="1591449597">
<application path="/" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="G:\Documents\Visual Studio 2012\Projects\S-Innovations.TrafficTheory\S-Innovations.TrafficTheory.Web2" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:909090:localhost" />
</bindings>
</site>
2a) ISS need to run as administrator, running visual studio as administrator also starts iss as admin...
3) Locate your ip, www.myip.com and change the ACS return uri to : http://90.90.90.90:909090/api/federation/
4) change the webbroker to use your ip also:
WebAuthenticationResult webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(
WebAuthenticationOptions.None,
new Uri("https://traffictheory.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2flocalhost%3a48451%2f"),
new Uri("http://99.99.99.99:909090/api/federation/end"));
Everything worked for me like this. I got a hello world passed on to my metro app as the token.
Problem
I have set up a WCF Service and a Metro App.
The WCF service is set up to authenticate using Azure ACS.
I made a Console Application that works with the WebService and ACS:
static void Main(string[] args)
{
try
{
// First start the web project, then the client
WebClient client = new WebClient();
var token = RetrieveACSToken();
client.Headers.Add("Authorization", token);
client.Headers.Add("Content-type", "text/xml");
var url = new Uri("http://traffictheory.azurewebsites.net/UserService.svc/Users");
//var url = new Uri("http://localhost:4000/UserService.svc/Users");//
Stream stream = client.OpenRead(url);
StreamReader reader = new StreamReader(stream);
String response = reader.ReadToEnd();
Console.Write(response);
}
catch (Exception ex)
{
Console.Write(ex.Message);
}
Console.ReadLine();
}
private static string RetrieveACSToken()
{
var acsHostName = ConfigurationManager.AppSettings.Get("ACSHostName");
var acsNamespace = ConfigurationManager.AppSettings.Get("ACSNamespace");
var username = ConfigurationManager.AppSettings.Get("ServiceIdentityUserName");
var password = ConfigurationManager.AppSettings.Get("ServiceIdentityCredentialPassword");
var scope = "http://traffictheory.azurewebsites.net/";
//var scope = "http://localhost:4000/";//
// request a token from ACS
WebClient client = new WebClient();
client.BaseAddress = string.Format("https://{0}.{1}", acsNamespace, acsHostName);
NameValueCollection values = new
NameValueCollection();
values.Add("wrap_name", username);
values.Add("wrap_password", password);
values.Add("wrap_scope", scope);
byte[] responseBytes =
client.UploadValues("WRAPv0.9", "POST", values);
string response =
Encoding.UTF8.GetString(responseBytes);
string token = response
.Split('&')
.Single(value =>
value.StartsWith("wrap_access_token=",
StringComparison.OrdinalIgnoreCase))
.Split('=')[1];
var decodedToken = string.Format("WRAP access_token=\"{0}\"", HttpUtility.UrlDecode(token));
return decodedToken;
}
I face two problems now when i want to use it from my Metro App.
First one is unrelated to the service and is about the WebAuthenticationBroker.
1)
When i use
WebAuthenticationResult webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(
WebAuthenticationOptions.None,
new Uri("https://s-innovations.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2ftraffictheory.azurewebsites.net%2f"),
new Uri("https://s-innovations.accesscontrol.windows.net")
);
I am able to log in using, LiveID, Facebook ect. Not google because ACS dont include the ID correctly. But I dont get any kind of token back or Claims. I only get:
https://s-innovations.accesscontrol.windows.net/v2/wsfederation?wa=wsignin1.0
https://s-innovations.accesscontrol.windows.net/v2/facebook?cx=cHI9d3NmZWRlcmF0aW9uJn...cmFmZmljdGhlb3J5LmF6dXJld2Vic2l0ZXMubmV0JTJmJmlwPUZhY2Vib29rLTM1NTk5MjQ2NzgxNzc5OQ2&code=AQDagvqoXQ.......
How do I get the claims like in the end of this movie:
http://channel9.msdn.com/Events/BUILD/BUILD2011/SAC-858T
His app works!
2)
The console app shown above get authenticated and get the token to pass to the service when calling the API, how do i get this token from within the metro app.
UPDATE
I created the controller as suggested:
[HttpPost]
public ActionResult End()
{
return Json("Hello World");
}
I have put in a break point to see if it get it. No hit yet.
WebAuthenticationResult webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(
WebAuthenticationOptions.None,
new Uri("https://traffictheory.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2flocalhost%3a48451%2f"),
new Uri("http://localhost:909090/Federation/End"));
On my Relying Party Application i ahave
Realm http://localhost:909090/
Return Url: Nothing (have tried http://localhost:909090/Federation/End )
The response data contains : http://localhost:909090/Federation/End right now.
UPDATE 2
I also tried with an api controller as you shown in another post:
public class FederationController : ApiController
{
public HttpResponseMessage Post()
{
var response = this.Request.CreateResponse(HttpStatusCode.Redirect);
response.Headers.Add("Location", "/api/federation/end?acsToken=" + ExtractBootstrapToken());
return response;
}
public string Get()
{
return "hello world";
}
protected virtual string ExtractBootstrapToken()
{
return "Hello World";
}
}
Now the login screen just hang and ends with a service you looking for is not ready right now (or something like that).
acs return url http://localhost:48451/api/Federation
WebAuthenticationResult webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(
WebAuthenticationOptions.None,
new Uri("https://traffictheory.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2flocalhost%3a909090%2f"),
new Uri("http://localhost:909090/api/federation/end"));
The WebAuthenticationBroker simply keeps browsing until the next requested page is the one specified by the callbackUri parameter. At that point it returns the final URL to you so if you want to get anything back it needs to be encoded in that URL.
In the ACS control panel for the relying party you need to specify a return url that is somewhere on your site. For example https://traffictheory.azurewebsites.net/federationcallback. Then create a controller to handle accept a post to that URL. The post will have a form field wresult which is some xml that will contain the token returned from ACS.
You can then send the token back to the WebAuthenticationBroker by redirecting to https://traffictheory.azurewebsites.net/federationcallback/end?token={whatever you want to return}
You would then need to change the usage of the authentication broker to the following:
var webAuthenticationResult = await WebAuthenticationBroker.AuthenticateAsync(
WebAuthenticationOptions.None,
new Uri("https://s-innovations.accesscontrol.windows.net:443/v2/wsfederation?wa=wsignin1.0&wtrealm=http%3a%2f%2ftraffictheory.azurewebsites.net%2f"),
new Uri("https://traffictheory.azurewebsites.net/federationcallback/end")
);
// The data you returned
var token = authenticateResult.ResponseData.Substring(authenticateResult.ResponseData.IndexOf("token=", StringComparison.Ordinal) + 6);
My controller for handling the authentication callback post looks like this.
public class FederationcallbackController : ApiController
{
public HttpResponseMessage Post()
{
var response = this.Request.CreateResponse(HttpStatusCode.Redirect);
response.Headers.Add("Location", "/api/federationcallback/end?acsToken=" + ExtractBootstrapToken());
return response;
}
protected virtual string ExtractBootstrapToken()
{
return HttpContext.Current.User.BootstrapToken();
}
}
The BootstrapToken() extenion method is part of the wif.swt NuGet package. By default WIF doesn't save anything to the bootstrap token property you need to enable it by including the saveBootstrapTokens="true" attribute on the <service> element under <microsoft.identityModel> in your web.config. Mine looks like this:
<microsoft.identityModel>
<service saveBootstrapTokens="true">
<audienceUris>
<add value="http://localhost:3949/" />
</audienceUris>
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="https://xyz.accesscontrol.windows.net/v2/wsfederation" realm="http://localhost:3949/" reply="http://localhost:3949/" requireHttps="false" />
<cookieHandler requireSsl="false" path="/" />
</federatedAuthentication>
<issuerNameRegistry type="Microsoft.IdentityModel.Swt.SwtIssuerNameRegistry, Wif.Swt">
<trustedIssuers>
<add name="https://readify.accesscontrol.windows.net/" thumbprint="{thumbprint}" />
</trustedIssuers>
</issuerNameRegistry>
<securityTokenHandlers>
<add type="Microsoft.IdentityModel.Swt.SwtSecurityTokenHandler, Wif.Swt" />
</securityTokenHandlers>
<issuerTokenResolver type="Microsoft.IdentityModel.Swt.SwtIssuerTokenResolver, Wif.Swt" />
</service>
</microsoft.identityModel>
I am running a webpage that needs to be able to read the login id of the current user. Here is the code I am using:
string id = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
Currently this returns the correct login but when I use it in this method:
protected Boolean isPageOwner()
{
string id = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
alert("User: " + id);
if (id.Equals(pageOwnerID))
{
return true;
}
if (accessPermission.ContainsKey(id))
{
return true;
}
return false;
}
the method returns false even though the id returned is identical to pageOwnerID. I'm really not sure which part of this I am having a problem with.
On a side note, my login id is of the form string1/string2 but the code retrieves it as string1 + string2 without the slash.
Any advice is appreciated.
Regards.
Try using this to retrieve the username....
if (System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
string username = System.Web.HttpContext.Current.User.Identity.Name;
}
It sounds like windows authentication is not being used - you need to disable anonymous access and enable windows integrated security.
Add this to your web.config...
<system.web>
<authentication mode="Windows"/>
<authorization>
<deny users="?"/>
</authorization>
</system.web>
If you need the current logged in user's identity from within any layer (or Project in your solution) then use:
string userId = Thread.CurrentPrincipal.Identity.GetUserId();