UNAUTHORIZED_CLIENT ABP Framework - abp

My client site is broadcasting from 10.0.0.70. api broadcasts from localhost:44376 on the same machine.
10.0.0.70:4200 opens but when I click login it leads to http://localhost:44376/account/login site but 500
Internal Server Error
I am getting an UNAUTHORIZED_CLIENT error.

Probably you changed the appsettings endpoints to 10.0.x from localhost after running dbmigrator causing your client still registered with localhost:4200 redirect uri.
That's why you're getting UNAUTHORIZED_CLIENT error. I assume you are at the beginning of the project; you can delete your db and run db migrator again with your updated settings.
You can also check application logs for exact error messages; identityserver errors are logged detailed in log file.

This usually happens when CORS URL defined in the ClientCorsOrign database table is not valid. eg https:///www.domain.co.za is valid while https:///www.domain.co.za/app is not valid. So to accurate identitify cause of this error, open Logs in Identity api, in my case the CORS url was invalid..

Related

For certain Idp only Acs URL sends the 500 error and unfortunately nothing is logged or returned so as to understand what exactly is happening

I am using Sustainsys.Saml2 library in Asp net core 2
Whenver my client hits the request throught their IDP(let it be SP initiated or Idp initiated) it gives them 500 error.
We are clue less what exactly failing.
Is there any way by which we can log /see the exception thrown at our ACS URL https://localhost:5000/KM/Acs
Client's Idp is not accessible outside their corporate network.
On the other hand we tested same code with 3 different Idp and it works perfectly.
The Sustainsys.Saml2 library logs errors to the Asp.Net Core logging framework, check those logs.

gsutil notification watchbucket returns "BadRequestException: 400 No valid domain for WebHook callback: https://https://..."

Following the instructions in https://cloud.google.com/storage/docs/object-change-notification#_Authorize_Endpoint I'm trying to set a watchbucket notification.
I'm running:
gsutil notification watchbucket https://-------.appspot.com gs://-----
(with my real application id and bucket)
The error string reported by gsutil suggest an internal bug:
BadRequestException: 400 No valid domain for WebHook callback: https://https://...
Note the double https:// in the error report
trying to remove the https:// ends with an error:
CommandException: The application URL must be an https:// URL.
I believe I've done all the things needed. I'm working with a service account of the application. the application URL is listed in https://console.developers.google.com/project/ywz-gcs-watch/apiui/notification. The service account has access to the watch bucket (tried it also with a bucket belong to the application project)
Is that a gsutil bug?
I've faced the exactly same problem here. The issue was that my allowed domain was registered like 'https://example.com' while it should be 'example.com'.
Go to your google developer console and open your project page.
In the sidebar on the left, click APIs & auth, then click Push.
Double check if your domain is correct. If not, enter just the domain without the protocol part and wait a few minutes before test again. Hope it helps!
Kindly Regards,
Vinícius Miasato

How to debug sporadic 403 connection issues with angular-signalr-hub and windows authenitification

I am using signalR with signalr-hub and a windows authentication ASP.net Web Api project.
I have created two hubs in my project that both subscribe to the stateChanged and errorHandler listeners. Sometimes, the page loads without issue, but other times a 403 connection issue is thrown. The error message is as follows:
Error: No transport could be initialized successfully. Try specifying a different transport or none at all for auto initialization.
This is sometimes followed by the error message:
Error: Error during start request. Stopping the connection.
responseText: "Unrecognized user identity. The user identity cannot change during an active SignalR connection."
I believe that the error is caused by a race condition with windows authentication. That when the browser is first loaded the connection is anonymous by default, then signalR starts to connect, then windows auth returns the actual user, then SignalR notes that the connection has changed mid request and throws an error.
I have so far looked in trying to delay the connection to signalR with a $timeout to wait for Windows Auth first, but this only seemed to create more frequent errors.
I will look to supply more information with this question soon, in the meantime, I would appreciate any general ideas in how to solve\ get around\ debug this issue.
The solution is to disable anonymous authentication. Otherwise if SignalR is connecting and authentication transitions from anonymous to user authentication whilst the signalr request is processing, then an error is thrown.
Anonymous authentication can be disabled in web.config as follows:
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
...
I found this answer here: answer

How to handle ERR_INSECURE_RESPONSE?

My AngularJS app uses $http.get() with https urls. If the server is using a self-signed certificate Chrome will reject the request and log an error ERR_INSECURE_RESPONSE to the console.
I would like to capture this specific error and prompt the user to configure their server with a valid certificate.
I've tried $http.error and $httpProvider.interceptors to get information about this error, but no relevant information is available in the error parameters.
I understand that Chrome is rejecting the request rather than the server, but using Angular, is there anyway to capture that Chrome has rejected the request with error ERR_INSECURE_RESPONSE?
I had the same issue in my ionic Project, but there is No way to overcome this issue clientside, this is security issue, go to server settings for SSL configuration, change DHPARAMS to 2048 bit key, that solved my issue,
Note : my server is amazon s3
I've been struggling with this for a while, trying to figure how to get a type of error in the $http error callback and show a helpful message to users. However, there seem to be no way to determine this specific error, the only way to determine it is to check whether the response.status is equal to -1 (this happens if the request was interrupted for some reason) - but it also might be -1 in other cases, like missing internet connection. So eventually I edited the error message, shown on status -1, to explain user what might be wrong.
Also, in my case users have to enter the server address, so in addition I added checking whether it's not an IP address (IP addresses cannot have valid SSL certificate, only self-signed, which would cause aforementioned error):
if (server_url.match(/^(?:[0-9]{1,3}\.){3}[0-9]{1,3}/)) {
// Show error message like "only domain names are allowed"
}
Hope that helps.

Google API app engine redirect uri

can someone point me in the right direction re: redirect uri
right now i have app hosted on appspot (nothing done or uploaded to it at this point)
"Error: Server Error
The server encountered an error and could not complete your request.
If the problem persists, please report your problem and mention this error message and the query that caused it."
do i need to upload anything for this to work?
https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu&
client_id=8819981768.apps.googleusercontent.com&
client_secret={client_secret}&
redirect_uri=https://oauth2-login-demo.appspot.com/code&
grant_type=authorization_code
i just want to authenticate so that i can use the calendar api
Do upload the application. I am not sure what you mean by saying that the app is hosted on appspot but nothing done or uploaded at this point. So, first make sure that you have uploaded a version of your application.
The OAuth process is redirecting the flow if I understand correct to oauth2-login-demo.appspot.com and you must have registered this callback url when setting up your application.
So it seems that the redirection is probably taking place but you are seeing the General Exception that is normally thrown by App Engine.
You should look into the Admin Console -> Logs for your application to understand the reason for the failure. You might get some information there about the cause.
If there is a problem with your code, it will point that in the logs. Alternately, put in some exception handlers and bump up the Log Level to INFO in your logging.properties to have a better chance of tracking down the root case.

Resources