Has anyone successfully used the System.Net.HTTPWebRequest with Active Directory authentication in a DotNetNuke website? I have looked around and found several references to HTTPWebRequest and Active Directory authentication, but none seem to have the special sauce. I have tried uncountable variations of the attributes/methods, without success.
The development environment I am working in is a Windows 2003 Server that acts as a backup PDC and runs IIS 6.0. The website is running DotNetNuke 4.9.4 with Active Directory authentication (also tried it in DNN 5.1.4) and is working great for login. However, one of the modules does a HTTPWebRequest to process files and it is faling with a 401 Unauthorized error.
The most basic of code I have tried:
Dim webReq As HttpWebRequest = DirectCast(WebRequest.Create(sURL), HttpWebRequest)
webReq.Timeout = 30000
Dim credential As New NetworkCredential(sUserName, sPassword)
Dim credentialCache As New CredentialCache()
credentialCache.Add(New Uri(sURL), "NTLM", credential)
webReq.Credentials = credentialCache
webReq.KeepAlive = True
webReq.Accept = "/"
I have tried adding PreAuthenticate.
I have also tried registry key modifications, including this one:
Changes to NTLM authentication for HTTPWebRequest in Version 3.5 SP1
All without success. Each time I get the dreaded 401:
The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
I have also created a simple aspx page with the following int he code behind:
Dim requestUrlString As String = "http://adtestsite/somepage.aspx"
Dim webReq As HttpWebRequest = DirectCast(WebRequest.Create(requestUrlString), HttpWebRequest)
Dim nc As New NetworkCredential("UserName", "Password", "OurDomainName")
Dim webResponse As System.Net.HttpWebResponse = DirectCast(webReq.GetResponse, HttpWebResponse)
If webResponse.StatusCode = HttpStatusCode.OK Then
Response.Write("Yes!")
Else
Response.Write("NO!")
End If
I get a "NO!" everytime with the 401 error.
I am beating my head against the wall on this one. If anyone has the recipe for the secret sauce, PLEASE let me know!
What is the OS platform of the server that HttpWebRequest is connecting to?
Related
I have a problem with "Microsoft.Data.SqlClient.SqlException: 'Login failed: The HTTP request was forbidden with client authentication scheme 'Anonymous'." I can't find a example that is run.
var sqlConnectionString = #"
Data Source=xxxxx.crm4.dynamics.com;
Initial Catalog=xxxxx;
User ID=<the app id>;
Password=<the secret>;
Authentication=ActiveDirectoryServicePrincipal;";
using var cn = new SqlConnection(sqlConnectionString);
cn.Open();
Where is my mistake? Why use the connection the http scheme? Where can I this configure?
Thanks a lot for every idea. I am despairing :-o
i am trying to configure an sso connection in my python script.
here's my code:
import sqlalchemy
def get_snowflake_engine(warehouse="ETL", environment=None):
username = ‘userx#domainx.com'
account = ‘accountx
database = ‘dbx’
authenticator = 'externalbrowser'
return sqlalchemy.create_engine(
f"snowflake://{username}:#{account}/{database}?authenticator={authenticator}&warehouse={warehouse}"
)
engine = get_snowflake_engine(environment='production')
connection = engine.connect()
try:
result = connection.execute('SELECT NOW()').fetchall()
print(result)
finally:
connection.close()
engine.dispose()
i expect my browser to pop with an authorisation form (we use google for sso)
and i get a messeage on the terminal, but nothing happens on the browser:
Initiating login request with your identity provider. A browser window should have opened for you to complete the login. If you can't see it, check existing browser windows, or your OS settings. Press CTRL+C to abort and try again...
after a while i get an exception
any advice?
using MacOS, Pycharm
BTW i configured on DataGrip a connection using authenticator = 'externalbrowser' and it works as expected.
TIA
I had a similar problem, the connector logs showed that it was missing the AWS region in the connection URL (eu-west-1 in my case) so I fixed by adding:
...
region = 'eu-west-1'
...
return sqlalchemy.create_engine(
f"snowflake://{username}:#{account}.{region}/{database}?authenticator={authenticator}&warehouse={warehouse}"
)
This resulted in the browser authentication window opening in browser and the query returning successfully.
I am trying to post a file to a URL programmatically. This URL is protected by its own username/password.
I have inherited this URL (or application) - so it is in my ownership. It is basically a web application used to host some files.
I have created an HttpClient which takes HttpPost consisting of the URL and file to be uploaded.
this.httpClient = new DefaultHttpClient();
this.httpClient.getCredentialsProvider().setCredentials(new AuthScope(this.host, this.port), new UsernamePasswordCredentials(this.username, this.password));
HttpResponse response = this.httpClient.execute(httpPost, this.context);
HttpEntity resEntity = response.getEntity();
log("Received HTTP response: " + response.getStatusLine().getReasonPhrase(), LogLevel.INFO.getLevel());
But somehow weblogic authentication blocks it and I receive "Unauthorized" response. If I use the username/password of weblogic admin console, then authentication is fine but fails while uploading since the URL is protected by a different credential(Same as the one I am trying to upload with).
Any idea what am I doing worng? Why weblogic is asking for its own authentication?
I found the solution for this issue. I needed to set enforce-valid-basic-auth-credentials equal to false in domain config.xml . This bypasses weblogic authentication and the application authentication kicks in.
I have a Windows Server 2016 TechnicalPreview 3 with a configured ADFS vNext, as first client I have created an MVC Application as a ReplingPartyTrust.
The authentication with the ADFS work really well with the MVC Application.
Now to the problem: I have written a Native Application (WPF) which i want to authenticate against the ADFS.
The Steps i did are:
To inform the ADFS of my new WPF Client i ran the the following PowerShell Script:
Add-ADFSClient -ClientType Public -Name “MyClient” -ClientId “E1CF1107-FF90-4228-93BF-26052DD2C714” -RedirectUri “https://E1CF1107-FF90-4228-93BF-26052DD2C714/redir´”
To authenticate the client (Code-Wise) i used the following NuGet-Package:
Microsoft.IdentityModel.Clients.ActiveDirectory (3.5 (Alpha))
Then I wrote the following code:
string authority = "https://win2016preview.server.local/adfs/ls";
string resourceURI = "https://adfs.server.local/MyMVCApp";
string clientReturnURI = "https://e1cf1107-ff90-4228-93bf-26052dd2c714/redir";
string clientID = "E1CF1107-FF90-4228-93BF-26052DD2C714";
var ac = new AuthenticationContext(authority, false);
var ar = await ac.AcquireTokenAsync(resourceURI, clientID, new
Uri(clientReturnURI),
new PlatformParameters(PromptBehavior.Auto, new
WindowInteropHelper(this).Handle));
With this code, the client should authenticate at the ADFS (over OAuth i think) and prompt the user to enter his organisation credentials.
If i run the application this window appears:
I choose Yes (Ja) and the credential prompt opens. In the same time the following exception occures
In the event log if the server ADFS the following error message appears:
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthAuthorizationUnauthorizedClientException: MSIS9321: Received invalid OAuth request. The client 'E1CF1107-FF90-4228-93BF-26052DD2C714' is forbidden to access the resource 'https://adfs.server.local/MyMVCApp.
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthAuthorization.OAuthAuthorizationRequestContext.ValidateCore()
at Microsoft.IdentityServer.Web.Protocols.ProtocolContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthAuthorization.OAuthAuthorizationProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GatherDeviceSecurityToken(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
As far as i can tell, the ADFS recognizes the Client Id and tries to authenticate it. But the ADFS rejects the Client.
Did i forget to configure something? The client should just prompt the user, which authenticates against the ADFS, so the client can habe the AuthenticationToken.
I hope you can follow me. Thank you in advance!
The solution is very simple :)
Add the property IssuanceAuthorizationRules (Add-ADFSRelyingPartyTrust )
-IssuanceAuthorizationRules '=> issue (Type = "http://schemas.microsoft.com/authorization/claims/permit" value = "true");'
I have written a WebApp, which is deployed on Google AppEngine. I am trying to fetch a url in my app.. It shows the following error:
Firewall Notification - Your access has been blocked by firewall
policy 732. If you have any further concerns, please contact your
network administrator for more information.
This is how I am fetching the url.. Am I doing something wrong here?
URL url = new URL(urlString);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setConnectTimeout(REQUEST_TIME_OUT);
conn.setReadTimeout(REQUEST_TIME_OUT);
conn.setDoOutput(true);
int length = dataToBePost.length();
conn.setRequestProperty("Content-Length", (String.valueOf(length)));
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(dataToBePost);
wr.flush();
InputStream inStream = conn.getInputStream();
//using inStream now
NOTE: This is happening only when I deploy my app on Google AppEngine, and if I deploy my app on my local server, it works fine.
The url which I am trying to fetch is outside from Google Cloud/AppEngine network..
Is there any specific thing I have to do to make it work on AppEngine?
This is a Fortinet Firewall notification.
That mean that your administrator blocked you that website.
I don't think Google use Fortinet, they have their own technology. BTW that sound correct as you are able to connect to it when localhost, and your IT block certain connection, like this one.
Source: I have the same at work. Good luck!