Paged LDap search fails with "The requested attribute does not exists" - c#

I need to get the 'employeenumber' of all the employees whose 'epersonstatus=REMOVE' using an Ldap search implemented using .NET/C# like:
var connection = new LdapConnection("foo.bar.com:389");
connection.AuthType = AuthType.Anonymous;
connection.SessionOptions.ProtocolVersion = 3;
connection.Bind();
var request = new SearchRequest(
"dc=root,dc=com",
"(epersonstatus=REMOVE)",
SearchScope.Subtree,
new string[] { "employeenumber" });
Since there are thousands of entries I am using paged requests as proposed here:
http://dunnry.com/blog/PagingInSystemDirectoryServicesProtocols.aspx
I have also checked that the server supports paged requests as proposed here:
iPlanet LDAP and C# PageResultRequestControl
Once the flow reaches:
SearchResponse response = connection.SendRequest(request) as SearchResponse;
I get a DirectoryOperationException with message "The requested attribute does not exist".
By running the same query on a LDap client like softerra I get the entries (a thousand) and
the error.
Some help would be greatly appreciated.

I had a similar issue.
When using paged search, I got the exception "The server does not support the control. The control is critical.", when using non-paged search I received results (at least as long as the filter restricted the maximum number).
However I found out, that the error message is misleading - The problem was buried in the authentication.
Using AuthType.Basic (or AuthType.Anonymous) I received the error. Bus as soon as I switched to AuthType.Ntlm it worked.
Hope this helps...

Related

Microsoft.Azure.CognitiveServices.Language.SpellCheck NuGet not working with Bing Search API (unauthorized)

I'm using .net-core3.1 with Microsoft.Azure.CognitiveServices.Language.SpellCheck NuGet package. I've read through entire documentation around Bing/cognitive API but I still find it very confusing as there are multiple APIs doing the same thing.
I got the API key from Microsoft.BingSearch on portal.azure.com and I'm using the free subscription. My subscription should however be valid as I am already using their LUIS without problems. Azure links to https://learn.microsoft.com/en-us/bing/search-apis/bing-spell-check/quickstarts/rest/python for quick start but this does not work for me ("https://api.bing.microsoft.com/v7.0/SpellCheck" url gives me "NotFound" using the code below with my key).
code sample:
var x = new SpellCheckClient(new ApiKeyServiceClientCredentials("<API_KEY>"));
// endpoints I tried:
// x.Endpoint = "https://westeurope.api.bing.microsoft.com/v7.0/spellcheck";
// x.Endpoint = "https://cognitiveservices.azure.com/bing/v7.0";
// x.Endpoint = "https://api.bing.microsoft.com"; -- Not found
// x.Endpoint = "https://cognitiveservices.azure.com"; -- The requested name is valid, but no data of the requested type was found.
var y = await x.SpellCheckerWithHttpMessagesAsync("gona");
Using default endpoint gives me Unauthorized error code.
Anyone has any idea on how to use this API?
You are right, the endpoint seems to be wrong. As you can see in the documentation here, regarding this value:
Supported Cognitive Services endpoints (protocol and hostname, for
example: "https://westus.api.cognitive.microsoft.com",
"https://api.cognitive.microsoft.com").
So if you are using West Europe, it should be "https://westus.api.cognitive.microsoft.com"
You can also check your API key by directly testing the console here: https://westeurope.dev.cognitive.microsoft.com/docs/services/5f7d486e04d2430193e1ca8f760cd7ed/operations/57855119bca1df1c647bc358
Choose your resource region (the one selected during key creation on Azure portal)
Set your key value in "Ocp-Apim-Subscription-Key" field
Edit the "text" value in the query parameters
Run the request

Show more than 5000 records from CRM in C#

I am trying to understand how FetchXml works (or any other method) because I want to retrieve and process more than the limit of 5000 records that CRM returns on the api call below.
My base url looks like this: http://crm.domain.com:1234/api/data/v8.0/
the resource is: emails
and query options are: $top=50000&$filter=description ne null and not contains(sender, '#not-interesting.com')
I'm trying to copy the code from
https://learn.microsoft.com/en-us/previous-versions/dynamicscrm-2016/developers-guide/gg327917(v=crm.8)?redirectedfrom=MSDN
but I'm having issues with creating the OrganizationServiceProxy object like this:
var creds = new ClientCredentials();
creds.UserName.UserName = CrmApiUsername;
creds.UserName.Password = CrmApiPassword;
using (var _serviceProxy = new OrganizationServiceProxy(
new Uri(CrmApiBaseAddress), null, creds, null))
{
// This statement is required to enable early-bound type support.
_serviceProxy.EnableProxyTypes(); // ...
I'm getting an error:
Metadata contains a reference that cannot be resolved: 'http://crm.domain.com:1234/data/v8.0/?wsdl&sdkversion=90'.'
WebException: The remote server returned an error: (404) Not Found.
You mixed up these two:
Web API - which was available after v8.0
2011 endpoint - which is deprecated now but was available for really long time
Read more
When you use web api the url will be like: https://yourcrm.crm#.dynamics.com/api/data/v8.0/
In case of Organization Service Proxy still the 2011 endpoint: https://yourcrm.crm.dynamics.com/XRMServices/2011/Organization.svc
For breaking the 5000 records limitation & getting more than 5k records, the pagination concept has to be used. How to fetch more than 5000 entities from CRM
For more ideas, I have answered in this SO thread about other options.

Unable to return user favorites via Tableau REST API

UPDATE: Sept 2019.
This API call now works as intended.
Issues on the Tableau end appear to have been resolved and the call now returns the correct data.
===============================================================
I'm using the Tableau REST API via C# to try and get a list of users favorites.
I know the user has some, because its me.
I have tried using API Version 2.8,3.0, 3.1 and 3.2 with little to no joy.
2.8 and 3.0 respond with:
<?xml version='1.0' encoding='UTF-8'?>
<tsResponse xmlns="http://tableau.com/api" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tableau.com/api http://tableau.com/api/ts-api-2.8.xsd"> //3.0.xsd when using API Version 3.0
<favorites/> //There should be a plethora of favorites of all varieties in here.
</tsResponse>
3.1 and 3.2 give me a (404) Not found.
The code i have in c# is:
public static string QueryFavourites(string APIVersion, string AuthToken, string SiteID, string UserID)
{
string result = "";
try
{
string url = $#"{Server}/api/{APIVersion}/sites/{SiteID}/favorites/{UserID}";
// Create the web request
WebRequest request = WebRequest.Create(url) as WebRequest;
request.PreAuthenticate = true;
request.Headers.Add($"x-tableau-auth: {AuthToken}");
// Get response
using (WebResponse response = request.GetResponse())
{
// Get the response stream
StreamReader reader = new StreamReader(response.GetResponseStream());
// Read the whole contents and return as a string
result = reader.ReadToEnd();
}
return result;
}
catch(Exception E)
{
logger.Error("Error! System Says: " + E.Message);
return result;
}
}
I know the method works, as it is used for multiple other API calls using a different URL for each (depending on the call).
Does anyone know if its an issue on the tableau end or on my end?
Apparently it should work with Tableau server 2.8 or above, which we have. (i think we're running 2018.1)
Is anyone able to get a list of favorites for a user using tableau REST API?
Where am i going wrong?
(I have also posted the question on Tableau Forum.)
UPDATE:
I have included the CURL and Headers of the request, as well as the results, in the screenshots below. (I use 'Restlet Client' more than 'Postman' so screenshots are from the former.) ID's and authentication tokens have been removed as they are sensitive information, and i don't think my company would be happy with me putting them on the public facing internet.
All ID's and auth keys are in the correct case and presented correctly. They are used in several other API calls with success and are pulled direct from Tableau via the API.
The exceptions, i have found out are the inability to find the version of the API that i am calling. so v2.6 - v2.8 and v3.0 all "work". Other versions return a 404001 VERSION_NOT_FOUND error.
The approach i would take is:
Query a user on the site. (the user that has the favorites)
Check if the user is actually: the same user you are authenticated as; and the same user you are gonna query for favorites
If they are the same, try adding a favorite with the REST API (DataSource, View or Workbook)
Get the favorites for the user, the datasource/view/workbook you added as a favorite should be in there.
If you want to Update the user, Add user to site or Add user to Group, I've added links to the documentation
You can do these things with Postman/tool of your choice.
What you can also try is ensuring the user that is querying another user (or the same) is a server admin (just to be safe), and making sure that you are a member of the same site of another (or the same) user.
Hope this helps!
EDIT: Maybe you can try adding a new user with group regular to a site, ensuring that you are a member of the site too. Afterwards adding a favorite and getting the favorites for the user of group regular. If that doesnt work u can verify whether its impossible to get favorites for users of group regular as well, besides admins.
Finally found out what was happening.
It doesn't work as intended.
It will only return user favorites for the user that is authenticated in the authentication token, regardless of what user id you put in the request.
Had a call with Tableau support and accidentally figured it out, when we switched authenticated user.
I will leave this here in case anyone else comes across the same issue.

Kerberos Token asks to be called again to complete the context

I am attempting to obtain a Kerberos Token from a C# Application (not web-based, a standalone executable).
I have referred to this question to figure out how to do it, but even trying both answers, I get the same problem.
When I reach the GetToken line (using Furkat's answer as a reference here), I get an exception:
KerberosRequestorSecurityToken securityToken = tokenProvider.GetToken(TimeSpan.FromMinutes(1)) as KerberosRequestorSecurityToken;
Here is the exception and the nested innerExceptions:
Exception: The NetworkCredentials provided were unable to create a Kerberos credential, see inner exception for details.
innerException: Authenticating to a service running under a user account which requires Kerberos multilegs, is not supported.
innerException: The function completed successfully, but must be called again to complete the context
I have some serious problems trying to find any examples of this working for a non-web based application, the StackOverflow question I linked is pretty much the closest I've got to getting what I need.
I also have problems figuring out exactly how things are supposed to work, since I can't get an example to work on my side. I'm looking for some sort of unique token for the user, that can then be passed to a SAML POST call to a server for Single Sign On. What will this token look like? Is it right to use TokenImpersonationLevel.Impersonation, instead of Identification here? (Identification gives me the same problem).
So my question is about my error and how to fix it, but I would really appreciate an explanation with the answer, telling me about the context (what was going wrong, what I misunderstood, etc).
Here's my complete Method. It's in Proof-Of-Concept stage right now, so forgive the temporary bad naming and ugly code. I'm making lots of trial-and-error.
public string Method5()
{
try
{
var userName1 = new WindowsPrincipal(WindowsIdentity.GetCurrent()).Identity.Name;
var domainName = userName1.Split('\\').First();
var userName = userName1.Split('\\').Last();
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
var domain = Domain.GetCurrentDomain().ToString();
using (var domainContext = new PrincipalContext(ContextType.Domain, domain))
{
string spn = UserPrincipal.FindByIdentity(domainContext, IdentityType.SamAccountName, userName).UserPrincipalName;
KerberosSecurityTokenProvider tokenProvider = new KerberosSecurityTokenProvider(spn, TokenImpersonationLevel.Impersonation, CredentialCache.DefaultNetworkCredentials);
KerberosRequestorSecurityToken securityToken = tokenProvider.GetToken(TimeSpan.FromMinutes(1)) as KerberosRequestorSecurityToken;
string serviceToken = Convert.ToBase64String(securityToken.GetRequest());
return serviceToken;
}
}
catch (Exception ex)
{
return "Failure";
}
}
The error indicates that you are requesting a Kerberos User2User token. The multileg bit is correct, but somewhat misleading. The issue is that AD determines it's a U2U request and makes the API return a specific error, indicating it's U2U and requires a retry with different parameters. .NET doesn't understand this retry, hence the error.
The reason you're requesting a U2U token is because you're calling the token provider asking for it to request a token to access the given SPN, which in this case is just an ordinary user. This is generally not useful in client/server applications.
KerberosSecurityTokenProvider tokenProvider = new KerberosSecurityTokenProvider(spn, TokenImpersonationLevel.Impersonation, CredentialCache.DefaultNetworkCredentials);
What this code is doing is saying for a user that has been inferred by impersonation or authentication previously, request a token so that user can access a remote service {SPN}. A token is only useful for a single user to a single service. You can't just collect a token and user it everywhere. This is not how Kerberos-proper works. Kerberos determines the name of that service by the SPN. In this case it already knows who the caller is.
So, the correct solution is:
var identity = Thread.CurrentPrincipal.Identity; // domain\username1
var spn = "host/someservice.domain.com";
var tokenProvider = new KerberosSecurityTokenProvider(spn);
var securityToken = tokenProvider.GetToken(TimeSpan.FromMinutes(1)); // token for username1 to host/someservice.domain.com

Facebook Graph API {id}/feed?limit=x - restrict to messages since a certain message id

I have a small problem, I am working on an aggregation application that is collecting messages from pages in realtime.
This is working fine, but I get the same message on every call and then filter out the messages that I have already seen manually.
This means that a large amount of data is being transferred every time I make a call to the graph api.
Is there a way to limit the message as messages since this message id?
currently using the c# Facebook SDK
var fb = new FacebookClient("access_token");
dynamic parameters = new ExpandoObject();
parameters.limit = _facebookMessagesToRetrieveAtATime.ToString(CultureInfo.InvariantCulture);
//Want to add a new param here to say messages since this id.
var facebookUrl = String.Format("{0}/feed", "Page ID");
dynamic resp = fb.Get(facebookUrl, parameters);
Thanks in advance.
You can use the since url parameter in your calls, as described at https://developers.facebook.com/docs/graph-api/using-graph-api/v2.1#paging
This would make it necessary that you store somewhere in your application the timestamp when you last requested the respective feed
This would yield in
var facebookUrl = String.Format("{0}/feed?since={last_update_timestamp}", "Page ID");
where {last_update_timestamp} is the timestamp (unixtime in seconds) of the last update.

Categories