I have a one page ASP.NET 4.0 C# script running. In debug mode my script works just fine but when I publish it, it seems like it is not sending the credentials when making the WebRequest.
The following is the code I am using, I have tried a bunch of things but I keep getting a 401 Unauthorized when I am using my published version of the script. BTW I am using IIS 7
WebRequest fwRequest = HttpWebRequest.Create(fwURL);
fwRequest.UseDefaultCredentials = true;
//fwRequest.Credentials = CredentialCache.DefaultCredentials;
HttpWebResponse myHttpWebResponse = (HttpWebResponse)fwRequest.GetResponse();
While debugging, your project use your credentials, but when you publish it it will use the credentials of ASP.NET user, or the credentials set in IIS configuration.
So no, you can not pass credentials of your client to another web service/appliaction unless you convince him/her to pass username-password to your application (Except that both web apps are on the same machine).
Related
I have to send credentials to authenticate on the server (windows authentication) for my application:
with-credentials = true
The problem is that my clients are mobile devices, and I can't tell to the server in Access-Control-Allow-Origin the origin domains.
I would like to do that:
Access-Control-Allow-Origin = *
But I know it is not possible because of security issues.
How can I do that with HTTP?
PS: I am using a server in ASP.NET and clients are made with Ionic (Angular). Currently, I am using a temporary solution:
Access-Control-Allow-Origin = localhost:8100
But when I will deploy the application it won't work on real devices.
From enable-cors.org:
CORS In ASP.NET
If you don't have access to configure IIS, you can still add the header through ASP.NET by adding the following line to your source pages:
Response.AppendHeader("Access-Control-Allow-Origin", "*");
See also: you can also Configure IIS6 / IIS7
Reference Taken
Sometimes you need to check this wihtin your AuthorizeAttribute
// pre-flight request (OPTIONS) are always ok.
// https://stackoverflow.com/questions/26296779/chrome-v37-38-cors-failing-again-with-401-for-options-pre-flight-requests#28235624
if (actionContext.Request.Method == System.Net.Http.HttpMethod.Options)
{
return true;
}
I have an application that generates a web request to Facebook Graph API to get a share count from an external page. I have been using this code for over a year without issue, and suddenly, the share count is not working when the request is made from .NET. However, if I make the request from a web browser, it works just fine. My code is as follows:
string fbLink = "https://graph.facebook.com/?id=" + externalLink + "&fields=og_object%7Bengagement%7D&access_token=<token_removed>";
WebClient client = new WebClient();
string fbString = client.DownloadString(fbLink);
This code still appears to be working fine, in that the request is made, and FB responds with no errors. In fact, it responds back with correct page id, and details. However, the share count is zero.
Here is where it gets a little bit weird. On my localhost development machine, the code works fine and returns the proper share count. However, if I run the code on my actual server (an AWS EC2 instance), the share count shows zero.
If I open Chrome and run the request from the browser, the share count displays as expected.
If I open Internet Explorer 11, and run the request from the browser, the counter shows zero. HOWEVER, if I log in to Facebook from IE11, and then run the request to FB Graph API, the response shows the correct page count.
This is very confusing to me, as it appears the reason the counter has stopped working, has to do with cookies, or maybe the browser being logged into FB. This should not be the case as I am using an APP token ID, and I wouldn't expect to need to be logged into FB in order to make a request to Graph API.
Does anybody have any ideas why my request/code in .NET worked just fine for a year and a half, and just stopped working? Or why the requests work fine on my localhost and not my live server?
After spending considerable time on this issue, I have fixed the issue. There is a FB authentication cookie that was being transmitted through a web browser query. The cookie name was "XS" and the value was a long string that is used as a sessionId for my specific login. If I created this cookie in my web request in C# code, I get the proper response with correct # of shares.
WebClient client = new WebClient();
client.Headers.Add("Cookie", "xs=<removed>;");
I have no idea why I have to do this, only on my EC2 server. Nowhere in FB's documentation does it say you have to spoof a valid logged in authentication string cookie in order to obtain correct Share Count results from a request to it's Graph API, but there you have it. A workaround at least.
Currently I have a slack button in my WPF application that opens a webpage and asks for user for access.
System.Diagnostics.Process.Start("https://slack.com/oauth/authorize?scope=client&client_id=XXXXXXXXXXXXXXXXXXXXXX");
After authorizing, the page gets redirected to a URL which has a generated code in the parameter that I need to get a token later on. The problem is how do I get this code. For now I have set the the redirect URL to, www.slack.com. And the following url is generated.
https://slack.com/?code=8XXXXXXXXXXXXXXX.XXXXXXXXXXXXXX5&state=
How do get the code back into my application. I am using the following but am not getting the response I need and this executes before the user can even authorize.
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(URL);
var response =req.RequestUri.ToString();
Alternative solutions and suggestions would be good to implement my authorization for a desktop application using C#.
As part of the oauth process Slack will call your application using the redirect url and return the code parameter. So you the redirect URL needs to point to your application. Not to slack.com.
You will need to read the url parameters that your application as been called with. In C# that can be done with code = Request.QueryString["code"];
Your c# application needs to run as ASP script on a webserver that is accessible from the Internet, so that Slack can reach it.
In order to use Slack for authentication your application needs to implement the complete oauth process as described here.
I try to run a web service which gets a list of pages and then should try to print this pages as pdf sites.
The problem is now, that the service has to authenticate. Because the HTTP server which hosts the pages is inside an intranet zone.
The service runs on an IIS7 and is written in C#.
Thanks for helping.
-lony
Hopefully this should help;
PRB: "Access Denied" Error Message When You Call a Web Service While Anonymous Authentication Is Turned Off
Update:
Sorry misunderstood your question, would you not use the HTTP Authorization header to do this? Something like;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("url");
request.Credentials = new NetworkCredential("username", "Password");
I am developing a WP application for which the webservices are implemented in .NET using SOAP client. I have implemented the SOAP client in my WP app using "Add service reference" option.
Now the problem is, there are two different client classes one for the Login functionality and the other for all other queries. Login is working fine and returning me true or false and nothing else. And the other client class is used to make different queries which are all working fine and getting some data from server. After testing I observed that the response is independent of the logged in user( ie server sending same data irrelevant of the logged in user). And hence it is clear that the session is not maintained and the server is sending some anonymous data.
Some one help me on how to maintain the session in the SOAP client.
Note: I cannot ask the web service providers on this. :(
Finally I figured out how to maintain cookie based session in Windows phone apps
Thanks to Mike for his guidance.
For all those who are wondering about the different ways of maintaining session in WP app,
there is a class called CookieContainer which helps to maintain cookie data for us.
Usage:
First create a global instance of CookieContainer class ( I created in App.xaml.cs)
//In App.xaml.cs
CookieContainer cookieContainer = new CookieContainer();
And then assign it to every request we make to the server from our app.
MySoapClient client = new MySoapClient();
client.CookieContainer = (App.Current as App).cookieContainer;
client.LoginAsync("username", "password");
Again for any other request in the app
MyOtherSoapClient anotherClient = new MyOtherSoapClient();
anotherClient.CookieContainer = (App.Current as App).cookieContainer;
anotherClient.PostDataAsync("somedata");
The same rule also applies for normal WebClient and HttpWebRequest classes also.
Happy Coding :)