Currently I have configured my application with Kerberos authentication for a specific user's in jboss-eap by specifying users name in standalone.xml and it's working fine. But wants to configure the same on the basis of the ldap i.e users in a AD will able to authenticate directly and i need not to specify the username in standalone.xml.
Standalone.xml working fine:- Specifying the username in stanadalone.xml
<security-domains>
<security-domain name="SPNEGO" cache-type="default">
<authentication>
<login-module code="SPNEGO" flag="required">
<module-option name="serverSecurityDomain" value="host"/>
</login-module>
</authentication>
<mapping>
<mapping-module code="SimpleRoles" type="role">
<module-option name="saurabhgupta#ECO.COM" value="User"/>
</mapping-module>
</mapping>
</security-domain>
<security-domain name="host" cache-type="default">
<authentication>
<login-module code="Kerberos" flag="required">
<module-option name="debug" value="true"/>
<module-option name="storeKey" value="true"/>
<module-option name="refreshKrb5Config" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="keyTab" value="/spengo/jboss-eap-6.2/bin/krb.keytab"/>
<module-option name="principal" value="HTTP/vm428.eco.com#ECO.COM"/>
</login-module>
</authentication>
Standalone.xml:- To configure ldap
<security-domains>
<security-domain name="SPNEGO" cache-type="default">
<authentication>
<login-module code="SPNEGO" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="serverSecurityDomain" value="host"/>
</login-module>
<login-module code="LdapExtended" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://AD IP:389"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="CN=siddharth,CN=Users,DC=eco,DC=com"/>
<module-option name="bindCredential" value="password"/>
<module-option name="baseCtxDN" value="CN=Users,DC=eco,DC=com"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
<module-option name="allowEmptyPasswords" value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="host" cache-type="default">
<authentication>
<login-module code="Kerberos" flag="required">
<module-option name="debug" value="true"/>
<module-option name="storeKey" value="true"/>
<module-option name="refreshKrb5Config" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="keyTab" value="/spengo/jboss-eap-6.2/bin/krb.keytab"/>
<module-option name="principal" value="HTTP/vm428.eco.com#ECO.COM"/>
</login-module>
</authentication>
</security-domain>
My environment consists of:- linux server with JBoss EAP 6.2 client station with Windows 7 64bit + Chrome Windows Server 2008 Active Directory (act as KDC)
But facing an error of 401 in browser window.
**Error:-** JBWEB000065: HTTP Status 401 -
--------------------------------------------------------------------------------
JBWEB000309: type JBWEB000067: Status report
JBWEB000068: message
JBWEB000069: description JBWEB000121: This request requires HTTP authentication.
--------------------------------------------------------------------------------
JBoss Web/7.2.2.Final-redhat-1
Did anyone have this problem and solve it somehow?
Related
I am trying to implement authentication and authorization for webservice using WS-Security UsernameToken .
Camel version 2.17
Jboss fuse 6.3
Jboss RAP 6.4.17
I have stored my username, password, and role in application realm of the JBoss EAP server.
Iam getting nullpointer in org.apache.wss4j.common.cache.EHCacheManagerHolder
am i missing anything in configuration?
Project location in GIT:
https://github.com/ravi21588/SO/tree/master/authenticationpoc
Soap Request with ws-secutiry headers :
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:exam="http://Example.org">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>Harish</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">5p[#rnZc!mB[)]8{</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<exam:Add>
<!--Optional:-->
<exam:a>10</exam:a>
<!--Optional:-->
<exam:b>11</exam:b>
</exam:Add>
</soapenv:Body>
</soapenv:Envelope>
Server.log :
18:15:30,688 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-127.0.0.1:8443-1) Interceptor for {http://Example.org}CalculatorService#{http://Example.org}Add has thrown exception, unwinding now: java.lang.NullPointerException
at org.apache.wss4j.common.cache.EHCacheManagerHolder.getCacheManager(EHCacheManagerHolder.java:106)
at org.apache.cxf.ws.security.cache.EHCacheUtils.getCacheManager(EHCacheUtils.java:49) [cxf-rt-ws-security-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.ws.security.cache.CXFEHCacheReplayCache.<init>(CXFEHCacheReplayCache.java:37) [cxf-rt-ws-security-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.ws.security.wss4j.WSS4JUtils.getReplayCache(WSS4JUtils.java:126) [cxf-rt-ws-security-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.getReplayCache(WSS4JInInterceptor.java:637) [cxf-rt-ws-security-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.configureReplayCaches(WSS4JInInterceptor.java:404) [cxf-rt-ws-security-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessageInternal(WSS4JInInterceptor.java:237) [cxf-rt-ws-security-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:171) [cxf-rt-ws-security-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:80) [cxf-rt-ws-security-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:254) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:218) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.17.Final-redhat-4.jar:7.5.17.Final-redhat-4]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_151]
Server logs after vadim suggetion implementation:
10:01:40,322 WARNING [org.apache.cxf.phase.PhaseInterceptorChain] (http-127.0.0.1:8080-4) Interceptor for {http://Example.org}CalculatorService#{http://Example.org}Add has thrown exception, unwinding now: org.apache.cxf.interceptor.security.AuthenticationException: Authentication failed (details can be found in server log)
at org.apache.cxf.interceptor.security.JAASLoginInterceptor.handleMessage(JAASLoginInterceptor.java:171) [cxf-core-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) [cxf-core-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) [cxf-core-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:254) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:234) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:208) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:160) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:180) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:299) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.doPost(AbstractHTTPServlet.java:218) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]
at org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:274) [cxf-rt-transports-http-3.1.5.redhat-630310.jar:3.1.5.redhat-630310]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.17.Final-redhat-4.jar:7.5.17.Final-redhat-4]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.24.Final-redhat-1.jar:7.5.24.Final-redhat-1]
at java.lang.Thread.run(Thread.java:748) [rt.jar:1.8.0_151]
To do that you can use your own extension from org.apache.cxf.interceptor.security.JAASLoginInterceptor
In general it is very simple. You need to provide to JAASLoginInterceptor an instance of org.apache.cxf.interceptor.security.NamePasswordCallbackHandler.
You have to do 3 steps:
Step1: Interceptor:
package com.foo.security;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.interceptor.security.JAASLoginInterceptor;
import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
public class CustomJAASLoginInterceptor extends JAASLoginInterceptor {
#Override
protected CallbackHandler getCallbackHandler(String name, String password) {
return new NamePasswordCallbackHandler(name, password, "setCredential");
}
}
Step2: Then in Camel-Cxf endpoint (or in CXF bus for it) define that interceptor:
<cxf-core:inInterceptors xmlns:cxf-core="http://cxf.apache.org/core">
<spring:bean id="authenticationInterceptor"
class="com.foo.security.CustomJAASLoginInterceptor">
</spring:bean>
</cxf-core:inInterceptors>
Step3: Again in the same Camel-Cxf endpoint (or in CXF bus for it) delegate message authentication out of WSS4J to JAASLoginInterceptor:
<cxf-core:properties>
<!-- delegate message authentication out of WSS4J to JAASLoginInterceptor -->
<spring:entry key="ws-security.validate.token" value="false" />
<!-- ... other properties -->
<cxf-core:properties>
After all it works seamlessly with JBoss EAP JAAS for users defined in EAP Application realm.
UPDATE 1:
It looks like you have to define in standalone.xml (or domain.xml) additional security domain and Login module for ApplicationRealm. I'm not sure which one is responsible for WebServices so, what I have in my standalone.xml
<subsystem xmlns="urn:jboss:domain:security:1.2">
...
<security-domain name="jboss-web-policy" cache-type="default">
<authentication>
<login-module code="RealmDirect" flag="optional">
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
<authorization>
<policy-module code="Delegating" flag="required"/>
</authorization>
</security-domain>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="RealmDirect" flag="optional">
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
<authorization>
<policy-module code="Web" flag="sufficient"/>
<policy-module code="Delegating" flag="sufficient"/>
</authorization>
</security-domain>
I do not see more differences in my working standalone.xml vs. default one provided with EAP installation.
UPDATE 2
So working WSSE header (built by SoapUI) looks like:
<soap:Header xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-45417D5A3EF19629C315173319098351">
<wsse:Username>my_username</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">my_password</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">qY0N9DfYcd7kQfBkfNilRw==</wsse:Nonce>
<wsu:Created>2018-01-30T17:05:09.835Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
P.S. It also works with no nonce nor timestamp, but it is better to use them.
I am trying to understand how log4net works so I've added this to my app.config (I should add that Console Appender and FileAppender work perfectly, I only have trouble with the AdoNetAppender).
How can I debug this, to see if at least the connection to db succeeds?
The problem is the INSERT statement isn't executed.
I should add the
Data Source=MyWorkgroup\SQLEXPRESS;Initial Catalog=MyNewDatabase;User ID=juan;password=juan,
works perfectly when I try to connect to SQL Server manually, so not sure if that's the problem.
Also, the ConnectionType was taken from the official site:
https://logging.apache.org/log4net/log4net-1.2.11/release/sdk/log4net.Appender.AdoNetAppender.ConnectionType.html
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="log4net"
type="log4net.Config.log4netConfigurationSectionHandler, log4net"/>
</configSections>
<log4net>
<appender name="AdoNetAppender"
type="log4net.Appender.AdoNetAppender">
<bufferSize value="10" />
<connectionType value="System.Data.SqlClient.SqlConnection, System.Data, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<connectionString value="Data Source=MyWorkgroup\SQLEXPRESS;Initial Catalog=MyNewDatabase;User ID=juan;Password=juan;Pooling=False" />
<commandText value="INSERT INTO Logs([logDate],[logThread],[logMessage]) VALUES(getdate(),'1','1')" />
<commandType value="Text" />
</appender>
<root>
<level value="DEBUG"/>
<appender-ref ref="AdoNetAppender"/>
</root>
</log4net>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
</configuration>
Later edit (after using the debug method recommended by David):
haacked.com is indeed extremely interesting, great tip! However, it seems that it's describing what I'm instructing log4net to log, but not the result of those actions(?), if I'm reading this well (no failed/or succeeded?)
e.g.
log4net: Setting Property [ConnectionType] to String value
[System.Data.SqlClien t.SqlConnection, System.Data,
Version=1.0.3300.0, Culture=neutral, PublicKeyToke n=b77a5c561934e089]
log4net: Setting Property [ConnectionString] to String value [Data
Source=MyWorkgroup\SQLEXPRESS; Initial
Catalog=MyNewDatabase;
User ID=juan; Password=juan;
Pooling=False] log4net: Setting Property [CommandText] to String value [INSERT INTO Logs([logDate],[logThread],[logMessage]) VALUES(getdate(),'1','1')] log4net:
Setting Property [CommandType] to CommandType value [Text] log4net:
Created Appender [AdoNetAppender] log4net: Adding appender named
[AdoNetAppender] to logger [root]. log4net: Hierarchy Threshold []
Piece of code that helped me obtain this info (in case the site should become unavailable) is:
<appSettings>
<add key="log4net.Internal.Debug" value="true"/>
</appSettings>
<system.diagnostics>
<trace autoflush="true">
<listeners>
<add
name="textWriterTraceListener"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="C:\temp\log4netdiagn.txt" />
</listeners>
</trace>
</system.diagnostics>
Pretty straightforward question.
I have a table on a SQL Server Database that has an field with a DbType of XML.
I would like to write to that field using the format of Log4Net's XML layout WITHOUT writing a custom appender; using the in-the-box AdoNetAppender.
Below is my current code, however, when it attempts to log, it will insert a record, but the "Exception" field will be blank.
(I've simplified the code for the purpose of this question; it used to write to many other fields using the pattern layout. I've confirmed that the Appender does work and that log4net is configured properly, I'm just trying to log to a dbtype of XML using log4net's included XMLLayout.)
<appender name="AdoNetAppender_SqlServer" type="log4net.Appender.AdoNetAppender">
<bufferSize value="1" />
<connectionType value="System.Data.SqlClient.SqlConnection, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
<ConnectionStringName value="CONNECTIONSTRING"/>
<commandText value="dbo.TestLog_Insert #Exception = #Exception" />
<parameter>
<parameterName value="#Exception"/>
<dbType value="XML"/>
<size value="4000"/>
<layout type="log4net.Layout.XMLLayout" value="%exception" />
</parameter>
<filter type="log4net.Filter.LevelRangeFilter">
<levelMin value="INFO"/>
<acceptOnMatch value="true"/>
</filter>
<filter type="log4net.Filter.DenyAllFilter"/>
</appender>
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm looking for example of Silverlight 5 RIA services with authentication with active directory,
that can be downloaded and that works
Thanks in advance.
I have not found a complete downloadable example. The easiest way is to create a new Silverlight Business Application and then make the following changes to the 3 files specified (Web.config, App.xaml.cs, User.cs):
App.xaml.cs
Comment out (or remove) the following lines:
//webContext.Authentication = new FormsAuthentication();
Uncomment the following lines:
webContext.Authentication = new WindowsAuthentication();
User.cs
add the [ProfileUsage...] statement to the public partial class user so it looks like the following:
public partial class User : UserBase
{
[ProfileUsage(IsExcluded=true)] ///NEEDED FOR WINDOWS/ACTIVE DIRECTORY LOGON
public string FriendlyName { get; set; }
}
Web.config:
Comment out (or remove) the following lines:
<!--<authentication mode="Forms">
<forms name=".AuthenticationTest_ASPXAUTH" timeout="2880" />
</authentication>-->
Uncomment the following lines:
<authentication mode="Windows"/>
Comment out (or remove) the following lines:
<!--<roleManager enabled="true" defaultProvider="DefaultRoleProvider">
<providers>
<clear />
<add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" />
<add name="DefaultRoleProvider" type="System.Web.Providers.DefaultRoleProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</roleManager>
<profile defaultProvider="DefaultProfileProvider">
<properties>
<add name="FriendlyName" />
</properties>
<providers>
<add name="DefaultProfileProvider" type="System.Web.Providers.DefaultProfileProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" applicationName="/" />
</providers>
</profile>
<membership defaultProvider="DefaultMembershipProvider">
<providers>
<add name="DefaultMembershipProvider" type="System.Web.Providers.DefaultMembershipProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/" />
</providers>
</membership>
<sessionState mode="InProc" customProvider="DefaultSessionProvider">
<providers>
<add name="DefaultSessionProvider" type="System.Web.Providers.DefaultSessionStateProvider, System.Web.Providers, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" connectionStringName="DefaultConnection" />
</providers>
</sessionState>-->
<!--<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>-->
Add the following lines:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="winAuthBasicHTTPBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="AuthenticationTest.Web.AuthenticationServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
<services>
<service behaviorConfiguration="AuthenticationTest.Web.AuthenticationServiceBehavior" name="System.Web.ApplicationServices.AuthenticationService">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="winAuthBasicHTTPBinding"
contract="System.Web.ApplicationServices.AuthenticationService">
</endpoint>
</service>
</services>
</system.serviceModel>
I have created a simple WCF-Service which I want to be accessible via https. The WCF-Service uses a UserNamePasswordValidator, customBinding and UserNameOverTransport as authentication mode. I run it in the IIS7.5 where I have created a self-signed server certificate.
I try to connect to that service with an Silverlight 4 application. I create a Service Reference in my Silverlight 4 app, and VS 2010 automatically creates the needed code (so obviously it is able to connect to the service and get the information).
When I call the WCF, I get a SecurityException with no infos about the reason.
I have fiddler running to see what is happening.
GET https://my.server:8099/clientaccesspolicy.xml 404 Not Found (text/html)
GET https://my.server:8099/crossdomain.xml 200 OK (text/xml)
So the GET for the crossdomain.xml seems to be the last call to the server.
The crossdomain.xml looks as follows:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>
The exception happens, when base.EndInvoke(...) is called on the client and the ExceptionMessage is the following:
{System.Security.SecurityException ---> System.Security.SecurityException: Sicherheitsfehler
bei System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
bei System.Net.Browser.BrowserHttpWebRequest.<>c_DisplayClass5.b_4(Object sendState)
bei System.Net.Browser.AsyncHelper.<>c_DisplayClass2.b_0(Object sendState)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
bei System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
bei System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)}
Here is my UserNamePasswordValidator. Note, that included a logger for debugging reasons. Strange thing is, that the logger never writes anything, so it seems, that the Validate function isn't even called.
namespace ServiceConfiguratorDataSource
{
public class UserCredentialsValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (userName != "xyz" || password != "xyz")
{
logging.Logger.instance.StatusRoutine("LogOn Error: " + userName);
throw new FaultException("Credentials are invalid");
}
else
{
logging.Logger.instance.StatusRoutine("LogOn Success: " + userName);
}
}
}
}
Here is the Web.config of my WCF-Service:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="ServiceConfiguratorDataSource.Service" behaviorConfiguration="ServiceConfiguratorDataSourceBehaviour">
<endpoint address="" binding="customBinding" bindingConfiguration="ServiceConfiguratorCustomBinding" contract="ServiceConfiguratorDataSource.IService" />
</service>
</services>
<bindings>
<customBinding>
<binding name="ServiceConfiguratorCustomBinding">
<security authenticationMode="UserNameOverTransport"></security>
<binaryMessageEncoding></binaryMessageEncoding>
<httpsTransport/>
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceConfiguratorDataSourceBehaviour">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ServiceConfiguratorDataSource.UserCredentialsValidator,ServiceConfiguratorDataSource" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
and here the ServiceReferences.ClientConfig
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinding_IService">
<security authenticationMode="UserNameOverTransport" includeTimestamp="true">
<secureConversationBootstrap />
</security>
<binaryMessageEncoding />
<httpsTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://my.server:8099/ServiceConfiguratorDataSource/Service.svc" binding="customBinding" bindingConfiguration="CustomBinding_IService" contract="WCFDataProvider.IService" name="CustomBinding_IService" />
</client>
</system.serviceModel>
</configuration>
I'm out of ideas what might be the cause of the problem.
Thanks in advance,
Frank
Does you clientaccesspolicy.xml allow https?
Here is example.
The working clientaccesspolicy.xml -> Tipp from Samvel Siradeghyan
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="https://*"/>
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>