I am integrating a .Net application with Work-front, I am supposed to create a new user in work-front from API. I have tried the steps mentioned in the link and my code https://{mycompany}.attasksandbox.com/attask/api/user?updates={emailAddr:testuserAPI#domain.com,firstName:testuser,lastName:API}&username=myname#domain.com&password=password&method=post
From my console application I get internal server error 500. From fiddler I get parse error.
https://{mycompany}.attasksandbox.com/attask/api/5.0/user?updates={"emailAddr":"testuserAPI#domain.com","firstName":"testuser","lastName":"sample","roleID":"testrole","password":"pwd123res"}&method=post&sessionID=sdfdsdf1
Above code gives unrecognized URI format: too many parts - exception
Though my requirement is to authorise using API key, I was trying possible ways of achieving it.But I am not able to create in any of the ways.However, I am able to create from UI, which confirms my ID has rights to create user. I did look into API explorer and could see named functions,but whats the approach?Is there any documentation for these complete steps? My search was in-vain. Please suggest as I am new bee to workfront. Thanks in advance!
Update 1:
I was able to create a user via the API authorising by both API key and sessionID. The parameter I missed to pass is username (not necessarily an existing username). My code is -
https://{mycompany}.attasksandbox.com/attask/api/user?updates={"firstName":"Test","lastName":"API","username":"TestAPI#domain.com","emailAddr":"test2#test.com"}&method=post&apiKey=t---------------------u
My first step is resolved. There are 2 more steps which I need to perform. Calling named action - assignUserToken. I tried the code as below and it didn't work
https://{mycompany}.attasksandbox.com/attask/api/5.0/user/ID=4556ffs3324?action=assignUserToken&apiKey=t---------------u&method=put
ID is value returned while creating a user. Error returned is -
{"error":{"class":"java.lang.IllegalArgumentException","message":"null objCode"}}
Can you share the syntax of calling this named action?
Hi Your call has a few things wrong with It
1st you are calling
api/5.0
this needs to be
api/v5.0
2nd you are calling
api/v5.0/user/ID=4556ffs3324
it should be
api/v5.0/user/4556ffs3324
Other then that I dont see anything else wrong with the call.
Creating a user via API is a 3 step process as mentioned in the link but it doesn't have syntax. The syntax and steps are as below.
Create user -
https://{yourcompany}.attasksandbox.com/attask/api/user?updates={"firstName":"Test","lastName":"API","username":"TestAPI#domain.com","emailAddr":"test#domain.com"}&method=post&apiKey=-----0l
This would return a uniqe ID on response. Use this ID value for next step.
Assign userToken -
https://{mycompany}.attasksandbox.com/attask/api/v5.0/user/12345?action=assignUserToken&apiKey=d---l&method=put
ID value is 12345. This would further return a token. Use this token value for next step.
Complete userRegistration- https://{mycompany}.attasksandbox.com/attask/api/v5.0/user/12345?action=completeUserRegistration&updates={"firstName":"Test","lastName":"API","token":"0--ab","title":"testUser","newPassword":"Password01"}&method=put&apiKey=dqy---3
That completes all the process. Now check in workfront UI.
Related
I used the labelled tool to train my model and got the model ID. Then I tried to make an API call (https://westeurope.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-preview/operations/AnalyzeWithCustomForm) and use this model ID to analyse form but got the error code 202. My resource (Form Recognizer cognitive service) is in West Europe. Any idea what might be wrong with my request? If I click on the Operation-location from the response, then I see the error code 401.
Is there anywhere I can find a source code for a blob triggered azure function so I can use the model ID I have created using the labelling tool? Thanks.
A 202 response is not an error code, instead it means that your first POST API call was successful. The next step would be to make a GET call (https://westeurope.dev.cognitive.microsoft.com/docs/services/form-recognizer-api-v2-preview/operations/GetAnalyzeFormResult) using the Operation-Location from your response and the same subscription key you used before.
I'm using .net package Google.Apis.Sheets.v4 Client Library. Everything was fine, but last time (about a week ago) there is an error: The request is missing a valid API key. [403] when I'm trying to batchGet with 150+ ranges in a query. If I split my query to 25 ranges in a single query, it could be ok, also it could return the same error at one of them. Sometimes it works without any splitting, but usually I get an error.
I'm absolutely sure that my API key is valid and I've tried another keys, another spreadsheets, but nothing has changed.
Some of the answers in this SO post have point to handle this 403 error.
First thing, make sure that you have permission to call the specific spreadsheet and enable the Sheets API in your developer console. Another thing, try to change the privacy settings of this spreadsheet to public and checked if you can access it now. You will usually get 403 error when you have missed or incorrect configuration in Authorizing Requests. Make sure to use proper scope if you are authorizing requests with OAuth 2.0
Check this conversation.
Instead of google.sheets({version: 'v4', oAuth2Client})
use google.sheets({version: 'v4', auth: oAuth2Client})
I have an MVC 3 application, in which I am using actionMailer to send out emails (to the C drive for now) for Password reset etc.
The problem is I can send the e-mail and password reset no problem however there is nothing to stop the user from using that same email over and over again.
So I believe I need to send a token with the e-mail.
I've being trying to use...
var token = WebSecurity.GeneratePasswordResetToken(email);
I get following error...
You must call the "WebSecurity.InitializeDatabaseConnection" method before you call any other method of the "WebSecurity" class. This call should be placed in an _AppStart.cshtml file in the root of your site.
UPDATE: Basically I'm looking for the steps involved in doing the above for an MVC 3 application!
I have no webpages tables in my database and would prefer not to have to add such tables now.
I have searched around the web and keep getting answers related to MVC 4, which as far as I can understand as built-in facility for the above.
I have webMatrix.WebData in place in my references folder, and have set "CopyToLocal = true".
If anyone as any advice can you please be as detailed as possible in your suggestions, also I can post up whatever additional code needed. Please keep in mind this is MVC 3 application.
My application has 3 pages associated with it. Here are their id's :
151500351683665 (Community page)
143448712494935 (Community page)
563925353640654 (Application page)
Using the facebook C# SDK, I'm trying to execute GET on those pages using the following url format :
graph.facebook.com/{pageId}
http://graph.facebook.com/563925353640654 -> Error
http://graph.facebook.com/143448712494935 -> Ok
http://graph.facebook.com/151500351683665 -> Ok
I'm successful when it comes to the community pages, however I'm getting a Unsupported GET request (100) when trying to access the Application page in this manner. I'm not sure what's going on this started to occur recently, the whole thing worked without passing any access tokens as I thought that this was public information :/
Any ideas?
Note: Until lately I was able make the forementioned GET requests without any access tokens - since I believe I was accessing public information. Right only unable to access a single page.
Copying the answer from this SO thread
This error occures due to several problems in the permissions of your page
1. Go to edit page->manage permission
Check Age restrictions: 13+
2. Go to basic information -> Start Type:: set to launched
I am developing an application in which I am displaying products in a grid. In the grid there is a column which have a disable/enable icon and on click of that icon I am firing a request through AJAX to my page manageProduct.aspx for enabling/disabling that particular product.
In my ajax request I am passing productID as parameter, so the final ajax query is as
http://example.com/manageProduct.aspx?id=234
Now, if someone (professional hacker or web developer) can get this URL (which is easy to get from my javascript files), then he can make a script which will run as a loop and will disable all my products.
So, I want to know that is there any mechanism, technique or method using which if someone tries to execute that page directly then, it will return an error (a proper message "You're not authorized or something") else if the page is executed from the desired page, like where I am displaying product list, then it will ecxecute properly.
Basically I wnat to secure my AJAX requests, so taht no one can directly execute them.
In PHP:
In php my colleague secure this PHP pages by checking the refrer of the page. as below:
$back_link = $_SERVER['HTTP_REFERER'];
if ($back_link =='')
{
echo 'You are not authorized to execute this page';
}
else
{
//coding
}
Please tell me how to the same or any other different but secure techique in ASP.NET (C#), I am using jQUERY in my app for making ajax requests.
Thanks
Forget about using the referer - it is trivial to forge. There is no way to reliably tell if a request is being made directly or as a response to something else.
If you want to stop unauthorised people from having an effect on the system by requesting a URL, then you need something smarter then that to determine their authorisation level (probably a password system implemented with HTTP Basic Auth or Cookies).
Whatever you do, don't rely on http headers like 'HTTP_REFERER', as they can be easily spoofed.
You need to check in your service that your user is logged in. Writing a good secure login system isn't easy either but that is what you need to do, or use the built in "forms authentication".
Also, do not use sequential product id's, use uniqueidentifiers, you can still have an integer product id for display but for all other uses like the one you describe you will want to use the product uniqueidentifier/guid.