I've configured 2 sites on IIS with windows authentification
I'm able to consume each site. But If I try to fetch from the test Web Site an URL of the Default Web Site, I obtain a 401 UnAuthorize.
do I need to do something in order to transmit the authentification ?
best regards
Related
I have just developed a PERN stack SPA where the app and the server are both hosted on Heroku. The SPA uses Azure authentication (MSAL). Everything works well and user on authentication is redirected to our SPA hosted on Heroku.
Now the API which is built is still not secure. Anyone having the endpoints can access and manipulate data in our database. Can anyone guide with the current structure how can I authorize my server API's hosted on heroku with Azure AD credentials.
Example : https://my-first-app.herokuapp.com/getusers
The example API above can by used by anyone to get results, how can I prevent this and only allow users logged in to my SPA to use the API's only.
To protect your node API you can use:
express-jwt
passport
For the SPA keep using MSAL to get access tokens for your API/resource.
I have web api that uses windows authentication. I've created my own Active Directory Server and a separate IIS Server. I have registered the IIS server to the domain but for some reason I'm getting a 401 issue when I use the API URL in my Javascript.
But works when using it directly from web browser
Please note that this is the same code (javascript, SQL Server, and ASP.NET Web Api) I'm developing at work. The only difference are the url for LDAP and domain. I have tried everything from changing Windows Authentication Providers. I'm just curious if I need to add my machine as a trusted to the Active Directory which I'm not sure how. I have added the Active Directory User to the IIS with Full Control but still no luck.
My site uses spring social (1.1.6.RELEASE) and spring social facebook (2.0.3.REALEASE) to let users to sign in with their Facebook accounts.
Recently, Facebook requires all websites to use HTTPS based URIs for "Valid OAuth Redirect URIs". Here is what I have for "Valid OAuth Redirect URIs" at Facebook:
https://www.example.com/signin/facebook https://localhost/signin/facebook
I followed the suggestion at https://jira.spring.io/browse/SOCIAL-447 and have custom classes for FacebookConnectionFactory and OAuth2Template so that redirect URIs can start with https.
Everything works correctly on my laptop. However, I am unable to get it work for the site on the internet.
Here is the environment of my system: A load balancer device distributes requests to two Dell boxes. The loadbalancer takes HTTPS requests and sends HTTP requests to boxes.
Here is what I experience on the internet site: when I click the Facebook button to start authentication with Facebook, I am directed to Facebook login. After entering correct username and password, I am redirected my site, but with an exception: Here is the exception message:
Response body: {"error":{"message":"Can't Load URL: The domain of this
URL isn't included in the app's domains. To be able to load this URL,
add all domains and subdomains of your app to the App Domains field in
your app
settings.","type":"OAuthException","code":191,"fbtrace_id":"GeA8sXoebS3"}}
I have example.com in the App Domains field at Facebook, but it still fails. Does the system setup (including the load balancer) play a role here? I believe so, but cannot figure out how to fix it? Spent quite an amount of time and no success.
Any suggestion and info would be really appreciated.
Update
My site has been using SSL for a long time. It's authentication with Facebook was working before, but now it is not because of "https" requirement Facebook recently imposed.
We want to implement SSO in our multiple application
eg : abc.domain.com/app1 and abc.domain.com/app2.
We have configured ADFS on our server. WE have used WS federation authentication. Our both app are aware of claim based authentication.
Scenario we want to achieve,
1. Make login on app abc.domain.com/app1 using ADFS WS federation authentication.
2. We have successfully authenticated in this domain.
3. Now make request on abc.domain.com/app2. It should be login automatically in this app.
Actioned:
Both app URLs are added on relying party trust in ADFS.
We have added Endpoint URL of 1st app abc.domain.com/app1
Both app refer same ADFS metadata URL.
We have achieved this in our local environment. In local system these two different app are running on different port
1. localhost:44313
2. localhost:44330
When we make successfully login on localhost:44313 and request on localhost:44330 then user also authenticated for this app as well and displayed as logged in.
This scenario is not working fine for the live environment. Our live URL structure is same as mentioned above (abc.domain.com/app1, abc.domain.com/app2) but it's not working there.
Any help would be appreciated!
What errors do you see in the event log?
If you have two different apps, you need two different RP on ADFS.
Also you need to run both on https.
Do you have https on your live environment?
I'm currently stuck in a situation where by I have created a ASP Web API project and deployed in separately from my main MVC application, which uses the Thinktecture identity server for federated authentication.
The problem that i'm facing has to do with the web api cors support. More specifically, i authenticate my self in the mvc application but then when it sends requests to the web api i get the following error:
XMLHttpRequest cannot load XXX. The request was redirected to 'https://localhost/idsrv/issue/wsfed?wa=wsignin1.0&wtrealm=http%3a%2f%2floca…assive%2..., which is disallowed for cross-origin requests that require preflight.
The error makes sense, because the request doesn't contain the Http headers that are needed by the WSFederationAuthenticatioModule to verify that i'm already logged on.
Is there any possible workaround that I'm not aware of?
As far as I see you have 3 issues here:
1. How to enable WIF authentication with the Web API.
For this you should use Thinktecture.IdentityModel.45 (or the one for MVC 5 - Thinktecture.IdentityModel) that exists as a NuGet package. See the sample here: Web Api security sample
After that you'll have to send the token in a security header in the Ajax request.
If your MVC site and your Web Api are not on the same domain then you'll have to handle CORS issues
For issues 2 & 3 see: Dog fooding our api authentication
This Should also give you a good idea of how to use the security token received in your MVC site to authenticate with your Web API.