Identity Server 4 and BlazorWA X-Frame-Options - identityserver4

I have a Blazor WA Application that is using Identity Server 4 Service for authenticating users. Everything works fine locally. The issue comes when I try and publish to Azure. Since the IDS is published at one address and Blazor at another, i get the X-Frame error when calling from "https://blazor..."
"Refused to display 'https://identity...' in a frame because it set 'X-Frame-Options' to 'sameorigin'."
I've added
builder.Services.AddAntiforgery(options =>
{
options.SuppressXFrameOptionsHeader = true;
});
to the Blazor startup and to the Identity start up (just for giggles) but the error remains.
Any ideas?
TYIA

The short answer is to set the CORS settings in Azure to allow all (*) or the specific URL in question "https://blazor...".
I had done that at one point but for some reason it didn't work. After consulting with an Azure tech we tried it again and it worked.
¯_(ツ)_/¯

Related

Can't invoke server's method from client - Error: An unexpected error occurred invoking 'SignIn' on the server

I'm build a project using SignalR.
As Front I'm using .Net Core, as Back I'm using React.
So in my localhost the project is working, but when i deploy this project i get an error.
In azure I have created:
2 web application - one used for cliend, and the other one for server.
1 Azure SignalR service (i tested it online and it worked)
1 Azure SQL Database
So when i try to invoke Method it now working and show me this error. Someone know how to solve this problem?
Please check this ASP.NET Core SignalR connection
troubleshooting | Microsoft Docs which helps to check errors
that can occur when trying to connectto an ASP.NET Core SignalR hub.
One common cause is that app enforce HTTPS by calling
UseHttpsRedirection in Startup, or enforces HTTPS via URL rewrite
rule.
So If it is the cause try to change the URL on the client side from
"http" to "https". like > .withUrl("https://xxx/HubName")
Also please go through c# - Could not connect to Azure SignalR Hub -
Stack Overflow And check if the signalR url endpoint for client
is correctly given
var signalrUrl = "https://myazuresignalr.service.signalr.net/client/?hub=yourHubName"
Please note that sending the exception this way to the client is
insecure .So try to either throw a HubException or set
EnableDetailedErrors on the server.See HandleErrors when :Use
hubs in ASP.NET Core SignalR | Microsoft Docs
Reference:
Invoke hub's method which throw ArgumentException, client gets
HubException: An unexpected error occurred · Issue azure-signalr ·
GitHub
So the problem was that my Database was empty... the migration did not upload, Update the database solved it.

Having issues getting WordPress running under GAE + Cloud SQL

I tried to set up WordPress under Google App Engine earlier tonight (following the instructions here: https://developers.google.com/appengine/articles/wordpress).
It runs fine locally, but when I push to remote I get a database error (visible at https://wp-dot-frontiermediag.appspot.com/). If we throw on a /wp_admin/install.php you get:
This either means that the username and password information in your
wp-config.php file is incorrect or we can't contact the database server
at :/cloudsql/frontiermediag:fmwp. This could mean your host's database
server is down.
Here's the relevant code in wp-config:
/** MySQL hostname */
if(isset($_SERVER['SERVER_SOFTWARE']) && strpos($_SERVER['SERVER_SOFTWARE'],'Google App Engine') !== false) {
define('DB_HOST', ':/cloudsql/frontiermediag:fmwp');
}else{
define('DB_HOST', 'localhost');
}
frontiermediag:fmwp is showing "Status Runnable" in Developers Console > Cloud SQL.
I did this once before and it worked so I'm not sure what I'm missing here. I thought it might have been because I'm using WP 3.8.1. but rolled back to 3.5.1 and same thing's happening.
Any ideas? frontiermediag is listed as an authorized application on the :fmwp ACL.
This situation happened to me earlier.However, I edited my Cloud SQL instance , and set "Preferred Location" as "Follow App Engine App" from Google Developers Console. This database connection problem was solved in my case.
I tried the instructions with wordpress 3.5.1 and the instructions seem to work for me. The code snippet you have above seems right and I am not sure what could be wrong without looking at rest of your code. Can you try the instructions from the beginning one more time with 3.5.1?
I had this issue, because "Follow App Engine App" doesn't seem to be an option for second generation instances in my case, and so the instance connection name includes the region setting.
Look at the instance details, and under properties, find "Instance connection name". That is the text that should follow :cloudsql/.

Sharepoint 2013 - 404 Not Found while accessing site collection from outside

This question may be a dublicate, but no recent post leads to a working answer for my case.
I have a Sharepoint 2013 running on a Windows Server 2012. Following issue appeared:
I made a new Site-Collection as wiki. Everything (links,...) works fine on the server but when I want to access the wiki from outside (not localhost) the server runs in a 404 Not found error.
http://localhost/sites/wiki/Pages/Home.aspx - works fine(localhost)
http://10.38.0.15/sites/wiki/Pages/Home.aspx - doesn't work.
I checked the IIS settings, all servers are up and running. The log file has no errors in it.
Does anyone know, how to solve this problem?
thx
Jürgen
The most common cause for this is that you don't have the IIS host header configured correctly. The 404 will appear because you are hitting a different IIS web site and not the one you intended to.
If you go into IIS Manager and click on "Sites" in the right hand pane there will be a column called bindings and a column called ID.
IIS will check in the order of ID for the first site that matches. Make sure the default site is stopped. If you see bindings that look like the following:
ID 1: Bindings: *:80
ID 2: Bindings: www.yoursite.com:80
www.othersite.com will match ID 1. Any other site that doesn't specify a port or https: will be directed to ID 2. You need to ensure that the site you are trying to access matches your bindings. The "www.yoursite.com" is added to the site via "New Web Application" in SharePoint. There is a field called Host: in Central Administration. This should match what you are typing from inside and outside the server. If you need the site to respond to multiple names, you need to extend the web application.
Assuming you used the default of claims authentication, here are the instructions for that:
http://technet.microsoft.com/en-us/library/gg276325.aspx
I am not sure if this is still required in Server 2012, but disabling the loopback check might also help, although this usually results in a 401, and repeated attempts to log in. Here are the instructions for that.
http://support.microsoft.com/kb/896861
Сheck the alternate access mapping in SharePoint administrator.
It should be something like this:
http://yourservername default
http://10.10.1.30:80 internet
http:// so on ..

WCF error with hosting of a SL4 Navigation application

I have a SL navigation application, that currently runs on a shared hosting package with a 3rd party ISP. I can login, and register using the ASP.NET membership and role providers.
I have now setup a dedicated server, on which only my app will run. It does not yet have a domain name that points to it... I access it via an IP address.
I've copied the entire site (including the ClientBin and all the XAP's) to the new server, but the Authentication and Registration services don't work... they just return NotFound.
When I check Fiddler on the working site, this service is called :
www.myaddress.com/ClientBin/MyApp-Web-AuthenticationService.svc/binary/Login
which of course succeeds. However, on the other site, the fiddler trace looks the same (because I just copied the site) :
123.123.123.123/ClientBin/MyApp-Web-AuthenticationService.svc/binary/Login
but, the call fails with NotFound. Fiddler reports it as HTTP/1.1 500 Internal Server Error. When I open
http://localhost/ClientBin/MyApp-Web-AuthenticationService.svc/binary/Login
on the server, I get the HTTP/1.1 500, as well as this description :
Handler "svc-Integrated" has a bad module "ManagedPipelineHandler" in its module list
Which leads me to believe that there is something wrong with my IIS config, as the exact same code is working on another system.
What is a "bad module"? How do I fix it?
Normally this type of error is that ASP.Net is not activated or that a handler for svc is not registered or registered correctly.
In your case is looks a bit different. It could be that you have .net framework 4.0 code that you are trying to run in a .net framework 2.0 application pool.
IIS 500 errors often show up with more information in the Windows Event log - if you can somehow get access to that?
Also I've noticed that often the server will actually send debugging output back to the client that everything seems to ignore. Have you checked the entire raw response that is coming back from the server to see if there are any clues there?

Redirect Loop Problem for Web Policy Agent?

I followed the installation guide for an Apache Web Policy Agent, but it always results in an endless redirect loop between web and application server. Firefox says "The page isn't redirecting properly" and Chrome thinks that "This webpage has a redirect loop". The setup is an Apache 2 on port 80 with a small demo app and a Web Policy Agent, and a Tomcat 7 server on port 8080 with an OpenAM server (the former OpenSSO from Sun):
App URL http://hostname.example.com:80/ (App and Agent, running on Apache 2.2.16)
OpenAM Server URL http://hostname.example.com:8080/openam (running on Tomcat 7.0.12)
The Live HTTP Header Firefox plugin shows that the policy agent and the OpenAM server (i.e. the Apache and Tomcat servers) redirect to each other, although the server sets the SSO Token Cookie correctly. The name of the SSO Token Cookie has the default value "iPlanetDirectoryPro". Any idea how to solve the problem?
After a whole week I finally figured it out, with the help of Stackoverflow and the OpenAM Mailing list. There were two main problems: missing log files and missing cookie domains. Installing the OpenAM server and the Web Policy Agent is difficult, there are a lot of log files and many different configuration options. If you select the wrong options, it won't work. It is impossible to make it work without knowing what is going on, which can only be determined by a suitable log file.
Missing Log for Web Policy Agent : The log level must be set in the "Java properties" files. There are two "Java Properties" files for the Web Policy Agent, OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties. The log and debug level which is named com.sun.identity.agents.config.debug.level can and must be defined in both (!) files, and it should be set to the high level, all:4 or all:5. The format is important. Even if you do this, the AgentConfiguration.properties file is only used when the agent is not working in centralized config mode. The profile must be set to "local".
Missing Cookie Domain: Do not forget to enter the right Cookie Domain during the setup of the OpenAM server in the beginning, or add it afterwards if it is missing. On the OpenAM server, go to Configuration > System > Platform and change the Cookie Domain Value to your domain (for instace .example.com) if it is missing. Otherwise the browser will lose your cookie during the redirect process. Somehow I had an empty entry for the cookie domain at the OpenAM server, I guess a forgot a dot (example.com instead of .example.com) so that it was invalid (or something like that).
This troubleshooting site was helpful to locate the problem.
#0x4a6f4672, Your post was absolutely helpful . Some more to add to your answer. The following changes is what i had to do in the config to make it running, at-least getting it running it for alfresco.
com.sun.identity.agents.config.user.mapping.mode=USER_ID(Dont use HTTP_HEADER)
com.sun.identity.agents.config.user.attribute.name=uid
com.sun.identity.agents.config.user.principal=true(Dont use false)
com.sun.identity.agents.config.user.token=SsoUserHeader(Keep it as per what is specified in you application- in my case alfresco)
Now you are not running the Agent in centralised mode but in local mode the setting which is specified for profile attribute can be only set via property file so add the following.
com.sun.identity.agents.config.profile.attribute.fetch.mode=HTTP_HEADER
com.sun.identity.agents.config.profile.attribute.mapping[uid]=SsoUserHeader(whatever you want the header to come in browser as)
As told by 0x4a6f4672, it is difficult to debug and unless you are in local mode , so switch to local mode immediately and start tracing the logs and make the property changes accordingly.

Resources