this is maybe my last chance to make it work... We are developing an integration with MS Navision at a customer site and therefore we got some webservices. I have added them as service reference and need to use NTLM (there is no other possibility) auth with username and password.
in app.config i have:
<binding name="IncomingDoc_Binding">
<security mode="Transport" >
<transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="IncomingDoc_Binding1" />
in code i have this:
ServiceReference1.IncomingDoc_PortClient port = new ServiceReference1.IncomingDoc_PortClient();
port.ChannelFactory.Credentials.Windows.ClientCredential.UserName = "user#domain";
port.ChannelFactory.Credentials.Windows.ClientCredential.Password = "password";
port.ChannelFactory.Credentials.Windows.AllowNtlm = true;
port.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
port.Create(ref doc);
this is working on my local machine but not when i transfer it to the customer server which is in domain. On my side it started working with AllowNtlm=true. But even VS says it is deprecated.
Most solutions on web include setting something on the server side, that is no chance for me, the NAV team have zero knowledge about it and were just able to activate the webservice, even with a totally stupid self signed certificate which includes only an alias.
That is why i have decided to go with c# application, the evironment which we have there uses strange hybrid of javascript and java and we were not able to ignore the certificate errors and with all tests we are getting 400 Bad request. The only tool able to work with that well in customer's environment is SOAP UI. Http requests with headers and xml copied from there however return Bad request as well. Connected service is the only better way which is working but only from my machine outside the domain.
Is it somehow possible to allow NTLM from policy? Or a workaround in c#?
Thanks!
Honza
Related
I'm developing ASP.NET Core MVC web app (.NET 5) with allowing HTTPS. The main goal is to get a web app with SignalR support with other devices to send/receive messages with a bit of security using HTTPS.
In project properties -> Debug tab -> Web Server Settings -> Enable SSL is checked.
In project-name/.vs/project-name/config/applicationhost.config file I have these bindings in web app's site node:
<binding protocol="http" bindingInformation="*:44903:localhost" />
<binding protocol="https" bindingInformation="*:44367:localhost" />
<binding protocol="https" bindingInformation="*:44367:127.0.0.1" /><!-- added by me -->
<binding protocol="https" bindingInformation="*:44367:10.128.0.75" /><!-- added by me -->
When I run the web app using visual studio https://localhost:44367 is opened with lock icon in browser's address bar. If I open https://127.0.0.1:44367 or https://10.128.0.75:44367, the web site is opened, but with warning icon and "not secure" message in address bar.
Using SignalR client in the same machine, I can connect to https://localhost:44367/hub. If I try to connect with SignalR to https://127.0.0.1:44367/hub or https://10.128.0.75:44367/hub client I get this exception:
The SSL connection could not be established, see inner exception.
Inner exception:
The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch
How can I solve this problem, even if it is to be able to use the 10.128.0.75 address?
This is the first time I`m toying with PhoneGap, so I actually never needed Cross Origin Resource Sharing (CORS) before.
It is by default blocked, and the options I found in the web are either hacks or insecure.
My question is: What is the best or proper way to accomplish server integration using PhoneGap?
Bear in mind:
I need session control serverside to keep the user logged in
The request is coming from a file in PhoneGap's webview so origin = null
I'm using PHP serverside and have full control over it
<access origin="*" /> is already added to config.xml (it enables me to reach out for the server, but doesn't guarantee it will respond to a cross-origin request)
A long search on the web lead me to:
Access-Control-Allow-Origin *
Access-Control-Allow-Credentials true
But I understood they're rather unsafe, specially combined.
I could save the user session ID locally, but that seems hacky and unsafe.
There's also JSONP to the rescue, but that also seems hacky, unsafe and won't persist my session ID.
I could use a proxy server, but that seems far from optimal and as I understand it'll be hard to prevent an attacker to not use this same proxy server to perform the same operations.
Hi you can disable security to browser and use it.
Please find the link for disabling security for chrome.
[Disable same origin policy in Chrome
I'm using signalR 0.5.3, my web application is located at localhost:1234, my hub is at localhost:5678, which means same host name and different ports. Both are on IIS 7 Express, Windows 7.
When I add this to web.config of my hub server.
<add name="Access-Control-Allow-Origin" value="*" />
The Google Chrome's console yells:
The 'Access-Control-Allow-Origin' header contains the invalid value 'http://localhost:1234, *'.
But when I remove that config, it yells:
No 'Access-Control-Allow-Origin' header is present on the requested
resource.
I searched all over the solution to make sure that there was nowhere to have
Response.AppendHeader("Access-Control-Allow-Origin", "*");
or
map.UseCors(CorsOptions.AllowAll);
Does anyone know why hub server keeps returning 2 orgins and how to tell it to do the right job?
Thanks in advance.
To enable cross-domain SignalR requests with SignalR 0.5.3, you should call MapHubs as follows:
RouteTable.Routes.MapHubs(new HubConfiguration() { EnableCrossDomain = true });
Manually manipulating the Access-Control-Allow-Origin header is likely to cause problems since SignalR will set the header for you if you enable cross-domain access in MapHubs.
IAppBuilder.UseCors is OWIN middleware provided by the Microsoft.Owin.Cors NuGet package. This middleware is not compatible with SignalR 0.5.3, but can be used with newer versions of SignalR which don't have the EnableCrossDomain option.
I go over some other common SignalR cross-domain pitfalls in the following answer: Cross-domain will not work with a SignalR PersistentConnection
I'm probably missing something but till now haven't figure it out.
I have a MVC application which listens on the web default port (i.e. 80), at the end of the interaction with the user, it sends an ajax post request (using jquery) to a WCF 4 REST service which listens on port 90, sadly enough, I'm not allowed to do so because of the brower same origin policy security issue.
I read that Chrome, Safari and firefox support by default the CORS protocol which allow cross domain requests.
In my server I've added to the response's headers the following: Access-Control-Allow-Origin,Access-Control-Allow-Methods,Access-Control-Allow-Headers and Access-Control-Max-Age.
from what I saw all the cors plugins handle microsoft xdr object and doesn't change the xhr default behavior.
Any help will be appriciated,
Thanks,
Ron
Hey stewe thanks for the reply, adding the headers to the service response didn't do the trick.
But the following did (Cors solution):
a) I was using jquery v 1.5.1 and found out that someone report a bug related to cross domain requests which was fixed in later version.
b) In the Service web config I've decalred the following:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*"/>
<add name="Access-Control-Allow-Headers" value="Content-Type"/>
</customHeaders>
</httpProtocol>
This sln relevant only for browsers which support CORS protocol (i.e. not IE) for that we can use easyxdm.
Eventually, I've decided not to expose my service to the user, but through an UI.
Thanks,
Ron
I have a .NET application which makes SOAP web service calls to a 3rd-party web service.
While debugging the application in Visual Studio, I would like to monitor the outbound HTTP requests using Fiddler2 or a similar tool?
Is this possible? How can it be done?
Update 2011.02.09 - the web service is 3rd-party, not localhost.
Should be possible. I have been using Fiddler to debug my web service (REST) calls and it shouldn't be different with SOAP.
Note that you will need to use IIS and not the visual studio development server. Make sure that you use the machine name instead of localhost and that fiddler is set to capture all processes.
Fiddler can't intercept traffic through localhost, however this blog indicates a workaround to make Fiddler capture localhost traffic.
EDIT: To answer your question, yes Fiddler can capture SOAP just fine.
Change the url pointing to your service, replace the word "localhost" with "ipv4.fiddler" and the requests should go through fiddler.
Add the following code to your App.config and the response traffic should show in Fiddler.
<system.net>
<defaultProxy>
<proxy bypassonlocal="false" usesystemdefault="true" />
</defaultProxy>
</system.net>
Add this after tag to your web.config , I tried that and it worked
<system.net>
<defaultProxy
enabled = "true"
useDefaultCredentials = "true">
<proxy autoDetect="False" bypassonlocal="False" proxyaddress="http://127.0.0.1:8888" usesystemdefault="False" />
</defaultProxy>
</system.net>
you can find this from this telerik article