I am getting error message below after I deploy my app on a new environment.
{
"error":"invalid_client",
"error_description":"AADSTS70002: Error validating credentials. AADSTS50011: The reply address 'http://xxxx/' does not match the reply address 'https://xxxx' provided when requesting Authorization code.\r\nTrace ID: d3f9a8ba-cadd-491c-a983-a56230f95900\r\nCorrelation ID: 9666214a-74f9-444c-92b6-edc8d42ec383\r\nTimestamp: 2018-04-25 10:00:49Z",
"error_codes":[70002,50011],"timestamp":"2018-04-25 10:00:49Z",
"trace_id":"d3f9a8ba-cadd-491c-a983-a56230f95900",
"correlation_id":"9666214a-74f9-444c-92b6-edc8d42ec383"
}
I checked the ReplyURL and it is correctly set as https://xxxx.
In config the ida:PostLogoutRedirectUri is https://xxxx/
Url used for navigation is https://xxxx
Does anyone know where it is retrieving the http://xxxx ?
Thanks.
The issue here, which it seems that you have noticed, is that one url has a trailing backslash (/), while the other does not.
The reply url for authentication must match exactly what is registered on the app, therefore the trailing backslash (/) must be included everywhere.
Note that a trailing slash may be added to your reply url depending on the libraries and variable format used for storing that value.
For example:
PS C:\Users\shtabriz> $redirectUri = New-Object system.uri("https://myreply")
PS C:\Users\shtabriz> $redirectUri.AbsoluteUri
https://myreply/
I would just use the trailing slash everywhere you have your reply url to avoid this issue.
Is there any easy way to configure smtp for episerver forms? (iam using 4.0)
I want the form owner and potentially the user to get a confirmation mail.
Update
I tried to add a smtp settings in web.config
<mailSettings>
<smtp deliveryMethod="Network">
<network defaultCredentials="false" enableSsl="true" host="smtp.gmail.com" port="587" userName="***" password="***" />
</smtp>
</mailSettings>
</system.net>
And in episerver the form is configured:
I dont know if it should work, but i decided to read the logs and its complaining:
System.FormatException: The specified string is not in the form required for an e-mail address.
at System.Net.Mail.MailAddressParser.ParseAddress(String data, Boolean expectMultipleAddresses, Int32& index)
at System.Net.Mail.MailAddressParser.ParseAddress(String data)
at System.Net.Mail.MailAddress..ctor(String address, String displayName, Encoding displayNameEncoding)
at EPiServer.Forms.Implementation.Actors.SendEmailAfterSubmissionActor.SendMessage(EmailTemplateActorModel emailConfig)
However, its really hard to guess which string its complaining about since all ive done seems right to me. Any ideas?
Ok, so it works. I dont know why i thought i could enter whatever i wanted at the "from" address. Make sure its a correct email address and it works just fine.
If you want an email address from a form field you can select it by its name like this.
I used the example in this page to add a user to an Active Directory group, but I get an exception with the message "Server is unwilling to process the request" when executing
dirEntry.Properties["member"].Add(userDn);
I had a similar issue where I was trying to add a member to a group. Specifically trying to add a group to a group and getting the same helpful error 'The server is unwilling to process the request' The answer provided by the OP did not work for me.
For me, the reason I was unable to add a group to my group was because the group I was trying to add members to was a 'global' scoped group whereas it needed to be a 'universal' scoped group. Hope this helps someone.
This question took me a lot of time to solve. First of all, the error message looks like a joke. Second, there is nothing more, just that message.
Anyway, I managed to fix it by:
Making sure that userDn contains the whole path (e.g., "LDAP://server-address/CN=" + userDn + ",OU=optional,DC=your-domain,DC=com". This is actually very important, if you don't supply the full path it will throw an Exception from HRESULT: 0x80005000.
Replacing dirEntry.Properties["member"].Add(userDn); by entry.Invoke("Add", new object[] { userDn });
Then I wanted to remove a user and I expected entry.Invoke("Remove", new object[] { userDn }); to work. However, this devilish AD will only work if you use lower case "remove", so entry.Invoke("remove", new object[] { userDn }); worked for me.
I got this generic error message when my path did not match the forest domain name. For example, if my forest domain name is ad.example.com, and I am trying to create a group with path CN=Users,DC=example,DC=net one has .com the other has .net - they don't line up. I would need to correct my group to match. My group path should then be CN=Users,DC=example,DC=com.
ldapwiki.com describes potential causes for "The server is unwilling to process the request". Check ExtendedErrorMessage property of your exception to figure out what applies. In my case "00002145: SvcErr: DSID-031A1254, problem 5003 (WILL_NOT_PERFORM)". The following line resolved the issue:
ent.Properties["groupType"].Value = 8;
I had missed to set groupType and so attempted to nest a universal group in a global group. Find more information on groupType attribute in ldapwiki.com
Just look out, because the start of the .properties("distinguished Name") can be different than the .properties("cn"). If the user is created with a , or ; in the .properties("cn"), the start of the .properties("distinguished Name") will be the username with \, or \;.
This can give an error if u are trying to add a user you found by use of .properties("cn") to a Group.
After many days searching i find the problem. when you add user in group you must set "distinguished Name" not LDAP path.
You must write like this:
ent.Properties["member"].Add("CN=YourUserName,OU=optional,DC=yourdomain,DC=com");
This is wrong code:
ent.Properties["member"].Add("LDAP://CN=YourUserName,OU=optional,DC=yourdomain,DC=com");
Also when you do remove mast to save this rule
ent.Properties["member"].Remove("CN=YourUserName,OU=optional,DC=yourdomain,DC=com");
P.S. ent is DirectoryEntry object of group
When registering as a new user on our custom DotNetNuke website, if we enter a password that is incorrect an error message displays stating "The password specified is invalid. Please specify a valid password. Passwords must be at least 7 characters in length and contain at least 0 non-alphanumeric characters.".
Is there any way that this error message can be edited, as well as the rules? So for instance we want there to be at least one number in the password and for it to be between 8 and 10 characters. Can this be done? And where could I do it?
Thanks
I've just found out how to do it from this post: http://www.dotnetnuke.com/Resources/Forums/forumid/89/postid/218801/scope/posts.aspx
Looks like its all editable from the web.config file
In CakePHP config.php the salt is blank '' , so during saving password which mechanism cakephp use to produce password?
Which core file contains that procedure to generate hashed/md5 password?
I think it uses something like Security::hash(password);
If you search for ".salt" in the core files you should be able to find out that it is used in several places like so:
$check = Security::hash(serialize($fieldList) . $unlocked . Configure::read('Security.salt'));
(SecurityComponent)
and so:
$this->key = Configure::read('Security.salt');
(CookieComponent)
So an empty salt would simply have the affect of "no salt" for saving passwords.
although this can have sideeffects with cookies. An empty key might cause trouble.
Why would you want to omit the salt here, anyway?