Trying to install phpLDAPadmin 1.2.5 from https://github.com/leenooks/phpLDAPadmin.git but running into an issue.
On the one hand it seems to have installed (at least partly) correct, because from an ssh window I can login using "elinks http://localhost/phpLDAPadmin" (or https, works both). I can click the link 'login' and then enter my credentials in the form.
On the other hand, when I want to open the site on my work laptop, I can click the login link all I want, but it will not display a login form. It will hang on a progress bar reading "Loading Login..."
No error is thrown in the nginx error log, no error is thrown in the browser from timeout or anything, and I cannot really see anything relevant in the phpLDAPadmin debug log. But of course, I might be missing something :-)
Any help on getting this to work is most appreciated.
System info
OS: ubuntu 20.04
Web server: nginx 1.18.0
PHP version: 7.4.3
pla version: 1.2.5
OpenLDAP/slapd: 2.4.49
A firewall on the network level will block any port 389 traffic coming from the internet (i.e. my home office) to the server, but I imagine a web interface will communicate strictly over port 443, correct?
/var/www/html/phpLDAPadmin/config/config.php
$config->custom->debug['level'] = 255;
$config->custom->debug['syslog'] = true;
$config->custom->debug['file'] = '/tmp/pla_debug.log';
$config->custom->appearance['hide_template_warning'] = true;
$servers = new Datastore();
$servers->newServer('ldap_pla');
$servers->setValue('server','name','LDAP for MYSITE');
$servers->setValue('server','host','127.0.0.1');
$servers->setValue('server','port',389);
$servers->setValue('server','base',array('dc=ldap,dc=MYSITE,dc=nl'));
$servers->setValue('login','auth_type','session');
$servers->setValue('login','bind_id','cn=admin,dc=ldap,dc=MYSITE,dc=nl');
$servers->setValue('login','bind_pass','***');
$servers->setValue('server','tls',false);
/etc/nginx/sites-enabled/www.conf
# Redirect alle http naar https
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name MYSITE;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/MYSITE/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/MYSITE/privkey.pem; # managed by Certbot
return 301 https://www.MYSITE$request_uri;
}
server {
listen 443 ssl default_server;
server_name www.MYSITE;
# SSL configuration
ssl_certificate /etc/letsencrypt/live/www.MYSITE/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.MYSITE/privkey.pem; # managed by Certbot
root /var/www/html;
index index.php index.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include fastcgi.conf;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_index index.php;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
# Logging
access_log /var/log/nginx/www_access.log;
error_log /var/log/nginx/www_error.log warn;
}
/tmp/pla_debug.log
[0.000] common(0214-001): : Application (1.2.5) initialised and starting with (a:0:{}).
[0.001] functions(0130-001): app_error_handler: Entered (8192|Function get_magic_quotes_gpc() is deprecated|/var/www/html/phpLDAPadmin/lib/common.php|299|a:18:{s:4:"_GET";a:0:{}s:5:"_POST";a:0:{}s:7:"_COOKIE";a:0:{}s:6:"_FILES";a:0:{}s:3:"app";a:8:
[0.000] ds(0684-017): Datastore::Instance: Entered ()
[0.000] ds(0651-017): Datastore::getServerList: Entered (NOARGS)
[0.000] ds(0441-017): .DS::getIndex: Entered (NOARGS|1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] ds_ldap_pla(0645-017): ldap_pla::isSessionValid: Entered (NOARGS)
[0.000] ds(0493-017): DS::inactivityTime: Entered (NOARGS)
[0.000] ds(0287-017): DS::isLoggedIn: Entered (NOARGS)
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] ds(0287-017): DS::isLoggedIn: Entered (user)
[0.000] ds(0457-017): DS::getMethod: Entered (user)
[0.000] ds(0133-017): DS::getAuthType: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0157-017): DS::getLogin: Entered (user)
[0.000] ds(0457-017): DS::getMethod: Entered (user)
[0.000] ds(0133-017): DS::getAuthType: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|bind_id)
[0.000] ds(0133-017): DS::getAuthType: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0157-017): DS::getLogin: Entered (anon)
[0.000] ds(0457-017): DS::getMethod: Entered (anon)
[0.000] hooks(0054-257): run_hook: Entered (post_session_init|a:0:{})
[0.000] hooks(0060-257): run_hook: Returning, HOOK not defined (post_session_init)
[0.000] cmd(0037-128): : Ready to render page for command [,welcome.php].
[0.000] ds(0441-017): .DS::getIndex: Entered (NOARGS|1)
[0.000] page(0030-129): page::__construct: Entered (1)
[0.000] config_default(0705-003): Config::isCommandAvailable: Entered (cmd|oslinks)
[0.000] functions(3245-001): isAjaxEnabled: Entered (NOARGS)
[0.000] page(0236-129): page::block_add: Entered (body|OBJECT:block)
[0.000] page(0369-129): page::display: Entered (NOARGS)
[0.000] page(0097-129): page::pageheader_print: Entered (NOARGS)
[0.000] page(0143-129): page::head_print: Entered (NOARGS)
[0.000] functions(0351-001): cmd_control_pane: Entered (top)
[0.000] config_default(0705-003): Config::isCommandAvailable: Entered (cmd|oslinks)
[0.000] config_default(0705-003): Config::isCommandAvailable: Entered (cmd|oslinks)
[0.000] config_default(0705-003): Config::isCommandAvailable: Entered (cmd|oslinks)
[0.000] config_default(0705-003): Config::isCommandAvailable: Entered (cmd|oslinks)
[0.000] config_default(0705-003): Config::isCommandAvailable: Entered (cmd|oslinks)
[0.000] page(0179-129): page::control_print: Entered (NOARGS)
[0.000] functions(0351-001): cmd_control_pane: Entered (main)
[0.000] config_default(0705-003): Config::isCommandAvailable: Entered (script|purge_cache)
[0.000] config_default(0705-003): Config::isCommandAvailable: Entered (script|show_cache)
[0.000] page(0207-129): page::tree: Entered (NOARGS)
[0.000] config_default(0817-003): Config::getServerList: Entered (NOARGS)
[0.000] ds(0651-017): Datastore::getServerList: Entered (1)
[0.000] config_default(0817-003): Config::getServerList: Entered (NOARGS)
[0.000] ds(0651-017): Datastore::getServerList: Entered (1)
[0.000] ds(0441-017): .DS::getIndex: Entered (NOARGS|1)
[0.000] ds(0441-017): .DS::getIndex: Entered (NOARGS|1)
[0.000] ds(0441-017): .DS::getIndex: Entered (NOARGS|1)
[0.000] Tree(0043-033): Tree::getInstance: Entered (1)
[0.000] functions(0911-001): get_cached_item: Entered (1|tree)
[0.000] functions(0921-001): get_cached_item: Returning ()
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] Tree(0030-033): Tree::__construct: Entered (1)
[0.000] ds(0157-017): DS::getLogin: Entered ()
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] HTMLTree(0029-033): HTMLTree::draw: Entered (NOARGS)
[0.000] Tree(0096-033): Tree::getServer: Entered (NOARGS)
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] HTMLTree(0161-033): HTMLTree::draw_server_name: Entered (NOARGS)
[0.000] Tree(0096-033): Tree::getServer: Entered (NOARGS)
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] HTMLTree(0559-033): HTMLTree::getDepth: Entered (NOARGS)
[0.000] Tree(0096-033): Tree::getServer: Entered (NOARGS)
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] ds(0287-017): DS::isLoggedIn: Entered ()
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] ds(0120-017): DS::getName: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (server|name)
[0.000] ds(0493-017): DS::inactivityTime: Entered (NOARGS)
[0.000] ds(0287-017): DS::isLoggedIn: Entered (NOARGS)
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] ds(0287-017): DS::isLoggedIn: Entered ()
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] ds(0133-017): DS::getAuthType: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] HTMLTree(0515-033): HTMLTree::draw_login_link: Entered (NOARGS)
[0.000] Tree(0096-033): Tree::getServer: Entered (NOARGS)
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] ds(0441-017): .DS::getIndex: Entered (NOARGS|1)
[0.000] functions(1013-001): get_custom_file: Entered (1|login_form|)
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] ds(0072-017): .DS::getValue: Entered (custom|pages_prefix)
[0.000] functions(1024-001): get_custom_file: Returning (login_form)
[0.000] ds(0441-017): .DS::getIndex: Entered (NOARGS|1)
[0.000] functions(3245-001): isAjaxEnabled: Entered (NOARGS)
[0.000] ds(0120-017): DS::getName: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (server|name)
[0.000] HTMLTree(0559-033): HTMLTree::getDepth: Entered (NOARGS)
[0.000] Tree(0096-033): Tree::getServer: Entered (NOARGS)
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] ds(0287-017): DS::isLoggedIn: Entered ()
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] ds(0120-017): DS::getName: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (server|name)
[0.000] HTMLTree(0559-033): HTMLTree::getDepth: Entered (NOARGS)
[0.000] Tree(0096-033): Tree::getServer: Entered (NOARGS)
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] ds(0287-017): DS::isLoggedIn: Entered ()
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] HTMLTree(0559-033): HTMLTree::getDepth: Entered (NOARGS)
[0.000] Tree(0096-033): Tree::getServer: Entered (NOARGS)
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] ds(0287-017): DS::isLoggedIn: Entered ()
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] AJAXTree(0212-033): AJAXTree::draw_javascript: Entered (NOARGS)
[0.000] HTMLTree(0544-033): HTMLTree::draw_javascript: Entered (NOARGS)
[0.000] page(0297-129): page::body: Entered (NOARGS)
[0.000] page(0321-129): page::footer_print: Entered (NOARGS)
[0.000] common(0214-001): : Application (1.2.5) initialised and starting with (a:3:{s:3:"cmd";s:10:"login_form";s:9:"server_id";s:1:"1";s:4:"meth";s:4:"ajax";}).
[0.001] functions(0130-001): app_error_handler: Entered (8192|Function get_magic_quotes_gpc() is deprecated|/var/www/html/phpLDAPadmin/lib/common.php|299|a:15:{s:4:"_GET";a:3:{s:3:"cmd";s:10:"login_form";s:9:"server_id";s:1:"1";s:4:"meth";s:4:"ajax
[0.000] ds(0684-017): Datastore::Instance: Entered (1)
[0.000] ds(0694-003): Datastore::Instance: Returning instance of database (1)
[0.000] ds_ldap_pla(0645-017): ldap_pla::isSessionValid: Entered (NOARGS)
[0.000] ds(0493-017): DS::inactivityTime: Entered (NOARGS)
[0.000] ds(0287-017): DS::isLoggedIn: Entered (NOARGS)
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] ds(0287-017): DS::isLoggedIn: Entered (user)
[0.000] ds(0457-017): DS::getMethod: Entered (user)
[0.000] ds(0133-017): DS::getAuthType: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0157-017): DS::getLogin: Entered (user)
[0.000] ds(0457-017): DS::getMethod: Entered (user)
[0.000] ds(0133-017): DS::getAuthType: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|bind_id)
[0.000] ds(0133-017): DS::getAuthType: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0157-017): DS::getLogin: Entered (anon)
[0.000] ds(0457-017): DS::getMethod: Entered (anon)
[0.000] hooks(0054-257): run_hook: Entered (post_session_init|a:0:{})
[0.000] hooks(0060-257): run_hook: Returning, HOOK not defined (post_session_init)
[0.000] cmd(0037-128): : Ready to render page for command [login_form,/var/www/html/phpLDAPadmin/htdocs/login_form.php].
[0.000] ds(0441-017): .DS::getIndex: Entered (NOARGS|1)
[0.000] page(0030-129): page::__construct: Entered (1)
[0.000] ds(0431-017): DS::isReadOnly: Entered (NOARGS)
[0.000] ds(0157-017): DS::getLogin: Entered ()
[0.000] ds(0457-017): DS::getMethod: Entered ()
[0.000] config_default(0705-003): Config::isCommandAvailable: Entered (script|login_form)
[0.000] ds(0120-017): DS::getName: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (server|name)
[0.000] ds(0133-017): DS::getAuthType: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_type)
[0.000] ds(0441-017): .DS::getIndex: Entered (NOARGS|1)
[0.000] ds(0072-017): .DS::getValue: Entered (login|auth_text)
[0.000] ds(0072-017): .DS::getValue: Entered (login|attr)
[0.000] ds(0072-017): .DS::getValue: Entered (login|bind_dn_template)
[0.000] ds(0072-017): .DS::getValue: Entered (login|attr|)
[0.000] ds(0072-017): .DS::getValue: Entered (login|bind_id)
[0.000] ds_ldap_pla(0189-017): ldap_pla::isAnonBindAllowed: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|allowed_dns)
[0.000] ds(0072-017): .DS::getValue: Entered (login|anon_bind)
[0.000] ds_ldap_pla(0198-017): ldap_pla::isAnonBindAllowed: Returning (1)
[0.000] ds_ldap_pla(0189-017): ldap_pla::isAnonBindAllowed: Entered (NOARGS)
[0.000] ds(0072-017): .DS::getValue: Entered (login|allowed_dns)
[0.000] ds(0072-017): .DS::getValue: Entered (login|anon_bind)
[0.000] ds_ldap_pla(0198-017): ldap_pla::isAnonBindAllowed: Returning (1)
[0.000] functions(3245-001): isAjaxEnabled: Entered (NOARGS)
[0.000] page(0236-129): page::block_add: Entered (body|OBJECT:block)
[0.000] page(0334-129): page::show: Entered (BODY|1|)
[0.000] page(0297-129): page::body: Entered ()
/var/log/nginx/www_access.log | grep login
127.0.0.1 - - [14/Jun/2021:12:03:00 +0200] "GET /phpLDAPadmin/htdocs/cmd.php?cmd=login_form&server_id=1 HTTP/1.1" 200 5097 "https://localhost/phpLDAPadmin/htdocs/index.php" "ELinks/0.13.1 (textmode; Linux 5.4.0-73-generic x86_64; 253x68-2)"
127.0.0.1 - - [14/Jun/2021:12:03:09 +0200] "POST /phpLDAPadmin/htdocs/cmd.php HTTP/1.1" 302 5 "https://localhost/phpLDAPadmin/htdocs/cmd.php?cmd=login_form&server_id=1" "ELinks/0.13.1 (textmode; Linux 5.4.0-73-generic x86_64; 253x68-2)"
MYIPADDRESS - - [14/Jun/2021:12:12:29 +0200] "GET /phpLDAPadmin/htdocs/images/default/login.png HTTP/2.0" 200 654 "https://www.MYSITE/phpLDAPadmin/htdocs/index.php" "Mozilla/5.0 (iPad; CPU OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/91.0.4472.80 Mobile/15E148 Safari/604.1"
MYIPADDRESS - - [14/Jun/2021:12:12:31 +0200] "GET /phpLDAPadmin/htdocs/cmd.php?cmd=login_form&server_id=1&meth=ajax HTTP/2.0" 200 570 "https://www.MYSITE/phpLDAPadmin/htdocs/index.php" "Mozilla/5.0 (iPad; CPU OS 14_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/91.0.4472.80 Mobile/15E148 Safari/604.1"
MYIPADDRESS - - [14/Jun/2021:12:30:14 +0200] "GET /phpLDAPadmin/htdocs/cmd.php?cmd=login_form&server_id=1&meth=ajax HTTP/2.0" 200 570 "https://www.MYSITE/phpLDAPadmin/htdocs/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36"
/var/log/nginx/www_error.log
Exactly nothing...
Related
I am working on Microsoft.Bot.Builder for Teams for Search Message extension. My code is working fine in Local and Dev environment. But for production, I can see that OnTeamsMessagingExtensionQueryAsync not even get hit. I did remote debugging, it never reaches there and also I dont see any logs as well. I see that code reaches to the constructor(TeamsBot : TeamsActivityHandler) only. and then back to BotController api endpoint await _adapter.ProcessAsync(Request, Response, _bot);.
Can anyone help? I am clueless here. My Bot id and password is correct , the api endpoint is on Https. This was working yesterday and now it stopped. Below are the logs:
2022-12-21 08:09:06.421 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request starting HTTP/1.1 POST https://teams.Myonline.app/api/messages application/json;+charset=utf-8 1130
2022-12-21 08:09:06.421 +00:00 [Information] Microsoft.AspNetCore.Routing.EndpointMiddleware: Executing endpoint 'My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp)'
2022-12-21 08:09:06.421 +00:00 [Information] Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Route matched with {action = "Post", controller = "Bot", page = ""}. Executing controller action with signature System.Threading.Tasks.Task PostAsync() on controller My.Office365.TeamsApp.Controllers.BotController (My.Office365.TeamsApp).
2022-12-21 08:09:06.422 +00:00 [Information] Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Executing action method My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp) - Validation state: Valid
2022-12-21 08:09:06.422 +00:00 [Information] Microsoft.Bot.Builder.Integration.AspNet.Core.IBotFrameworkHttpAdapter: ProcessActivityAsync
2022-12-21 08:09:06.423 +00:00 [Information] Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Executed action method My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp), returned result Microsoft.AspNetCore.Mvc.EmptyResult in 1.128ms.
2022-12-21 08:09:06.423 +00:00 [Information] Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Executed action My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp) in 1.4924ms
2022-12-21 08:09:06.423 +00:00 [Information] Microsoft.AspNetCore.Routing.EndpointMiddleware: Executed endpoint 'My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp)'
2022-12-21 08:09:06.423 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request finished HTTP/1.1 POST https://teams.Myonline.app/api/messages application/json;+charset=utf-8 1130 - 401 - - 2.0425ms
2022-12-21 08:09:06.969 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request starting HTTP/1.1 GET https://teams.Myonline.app/ - -
2022-12-21 08:09:06.970 +00:00 [Information] Microsoft.AspNetCore.Routing.EndpointMiddleware: Executing endpoint '/_Host'
2022-12-21 08:09:06.970 +00:00 [Information] Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Route matched with {page = "/_Host", action = "", controller = ""}. Executing page /_Host
2022-12-21 08:09:06.970 +00:00 [Information] Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Executing an implicit handler method - ModelState is Valid
2022-12-21 08:09:06.970 +00:00 [Information] Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Executed an implicit handler method, returned result Microsoft.AspNetCore.Mvc.RazorPages.PageResult.
2022-12-21 08:09:06.971 +00:00 [Information] Microsoft.AspNetCore.Mvc.RazorPages.Infrastructure.PageActionInvoker: Executed page /_Host in 1.0016ms
2022-12-21 08:09:06.971 +00:00 [Information] Microsoft.AspNetCore.Routing.EndpointMiddleware: Executed endpoint '/_Host'
2022-12-21 08:09:06.971 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request finished HTTP/1.1 GET https://teams.Myonline.app/ - - - 200 - text/html;+charset=utf-8 1.3705ms
2022-12-21 08:09:07.361 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request starting HTTP/1.1 POST https://teams.Myonline.app/api/messages application/json;+charset=utf-8 1128
2022-12-21 08:09:07.361 +00:00 [Information] Microsoft.AspNetCore.Routing.EndpointMiddleware: Executing endpoint 'My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp)'
2022-12-21 08:09:07.361 +00:00 [Information] Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Route matched with {action = "Post", controller = "Bot", page = ""}. Executing controller action with signature System.Threading.Tasks.Task PostAsync() on controller My.Office365.TeamsApp.Controllers.BotController (My.Office365.TeamsApp).
2022-12-21 08:09:07.361 +00:00 [Information] Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Executing action method My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp) - Validation state: Valid
2022-12-21 08:09:07.361 +00:00 [Information] Microsoft.Bot.Builder.Integration.AspNet.Core.IBotFrameworkHttpAdapter: ProcessActivityAsync
2022-12-21 08:09:07.362 +00:00 [Information] Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Executed action method My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp), returned result Microsoft.AspNetCore.Mvc.EmptyResult in 1.2481ms.
2022-12-21 08:09:07.362 +00:00 [Information] Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker: Executed action My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp) in 1.4749ms
2022-12-21 08:09:07.362 +00:00 [Information] Microsoft.AspNetCore.Routing.EndpointMiddleware: Executed endpoint 'My.Office365.TeamsApp.Controllers.BotController.PostAsync (My.Office365.TeamsApp)'
2022-12-21 08:09:07.363 +00:00 [Information] Microsoft.AspNetCore.Hosting.Diagnostics: Request finished HTTP/1.1 POST https://teams.Myonline.app/api/messages application/json;+charset=utf-8 1128 - 401 - - 2.0420ms
Tell me, please, I do not quite understand why it is not possible to get cookies when requested through a script. After authorization, there should, in theory, be cookies, I think it would be possible to remember and send them in the next request, so that the authorized user is then passed through the script to the account and to other closed (inaccessible for unauthorized users) pages each time. Cookies are received through the browser, but not through running a script that simulates sending data from a form. I get empty cookies: <RequestsCookieJar []>
import requests
from fake_useragent import UserAgent
url = https://proza.ru/cgi-bin/login/intro.pl' # form data handler address
ua = UserAgent()
session = requests.Session()
responce = session.post(
url, {
'block': '',
'username': 'somelogin',
'password': 'somepassword',
}, headers = {
'User-Agent': ua.chrome,
})
print(responce.cookies) # I get empty cookies: <RequestsCookieJar []>
print (responce.status_code) # 200
print (responce.headers)
#{'Server': 'QRATOR', 'Date': 'Fri, 21 Aug 2020 08:41:50 GMT', 'Content-Type': 'text/html; charset=windows-1251', 'Transfer-Encoding': 'chunked', 'Connection': 'keep-alive', 'Keep-Alive': 'timeout=15', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache', 'X-Frame-Options': 'SAMEORIGIN'}
# Then I thought of doing something like this request for closed pages each time so that authorization would not be lost:
session.get('https://proza.ru/2018/03/07/…', cookies=responce.cookies)
I've got an Identity Server (using IdentityServer4), a Web API that uses the Identity Server for authorization, and a Xamarin application that is using the Identity Server to log-in and authenticate the API.
When I run all three parts locally from Visual Studio I'm able to login using the Xamarin app, obtain a token, and use that token to make API calls. However, when I publish the Identity Server to a web server (on the same network), it fails at the point that it tries to get the token. So, it shows the login page, appears to accept the login, but the POST to get the token fails with the 401 Unauthorised error in the response.
I've also configured the Identity Server to allow Swagger to connect for testing the API, and that does allow me to sign in (using Implicit) using the Identity Server installed on a Web Server.
This is the method that does the POST in the Xamarin app (mostly copied from the eShopOnContainers example):
public async Task<TResult> PostAsync<TResult>(string uri, string data, string clientId, string clientSecret)
{
HttpClient httpClient = CreateHttpClient(string.Empty);
if (!string.IsNullOrWhiteSpace(clientId) && !string.IsNullOrWhiteSpace(clientSecret))
{
AddBasicAuthenticationHeader(httpClient, clientId, clientSecret);
}
var content = new StringContent(data);
content.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");
HttpResponseMessage response = await httpClient.PostAsync(uri, content);
await HandleResponse(response);
string serialized = await response.Content.ReadAsStringAsync();
TResult result = await Task.Run(() =>
JsonConvert.DeserializeObject<TResult>(serialized, _serializerSettings));
return result;
}
Here's the calling method for getting the token:
public async Task<UserToken> GetTokenAsync(string code)
{
string data = string.Format("grant_type=authorization_code&code={0}&redirect_uri={1}&code_verifier={2}",
code, WebUtility.UrlEncode(Settings.Service.IdentityCallback), _codeVerifier);
var token = await _requestProvider.PostAsync<UserToken>(
Settings.Service.IdentityTokenEndpoint, data, Settings.Service.IdentityClientId, Settings.Service.IdentityClientSecret);
return token;
}
The uri is "http://myserver:5002/connect/token" and headers are:
Accept: "application/json"
Authorization: "Basic SW5zdGVtLkFDSVMuTW9iaWxlOnNlY3JldA=="
ContentType: "application/x-www-form-urlencoded"
The log on the web server gives me this:
info: IdentityServer4.ResponseHandling.AuthorizeInteractionResponseGenerator[0]
Showing login: User is not authenticated
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 3.4723ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://myserver:5002/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCompany.App.Mobile%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520app_api%2520offline_access%26redirect_uri%3Dhttp%253A%252F%252Fmyserver%253A5002%252FAccount%252FRedirect%26nonce%3D0dc5d79410db46739c798ce004ac89b8%26code_challenge%3DAuKmnO1hMcoEK3VeVNiVDka2U5F23HBnR0_MtxeWA3c%26code_challenge_method%3DS256%26state%3D031db7b77c7249aebb6f7ae205dac016
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Route matched with {action = "Login", controller = "Account"}. Executing action IdentityServer4.Quickstart.UI.AccountController.Login (Company.IdentityServer)
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Executing action method IdentityServer4.Quickstart.UI.AccountController.Login (Company.IdentityServer) with arguments (/connect/authorize/callback?client_id=Company.App.Mobile&client_secret=secret&response_type=code%20id_token&scope=openid%20profile%20app_api%20offline_access&redirect_uri=http%3A%2F%2Fmyserver%3A5002%2FAccount%2FRedirect&nonce=0dc5d79410db46739c798ce004ac89b8&code_challenge=AuKmnO1hMcoEK3VeVNiVDka2U5F23HBnR0_MtxeWA3c&code_challenge_method=S256&state=031db7b77c7249aebb6f7ae205dac016) - Validation state: Valid
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action method IdentityServer4.Quickstart.UI.AccountController.Login (Company.IdentityServer), returned result Microsoft.AspNetCore.Mvc.ViewResult in 0.3611ms.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Login.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Login executed in 1.7974ms.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action IdentityServer4.Quickstart.UI.AccountController.Login (Company.IdentityServer) in 2.4715ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 3.1044ms 200 text/html; charset=utf-8
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://myserver:5002/css/site.css
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /css/site.css was not modified
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 0.6236ms 304 text/css
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://myserver:5002/lib/bootstrap/js/bootstrap.js
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /lib/bootstrap/js/bootstrap.js was not modified
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 0.3461ms 304 application/javascript
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://myserver:5002/lib/jquery/jquery.js
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /lib/jquery/jquery.js was not modified
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 0.2798ms 304 application/javascript
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://myserver:5002/icon.png
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /icon.png was not modified
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 0.2655ms 304 image/png
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://myserver:5002/lib/bootstrap/css/bootstrap.css
info: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[6]
The file /lib/bootstrap/css/bootstrap.css was not modified
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 0.26ms 304 text/css
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 POST http://myserver:5002/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCompany.App.Mobile%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520app_api%2520offline_access%26redirect_uri%3Dhttp%253A%252F%252Fmyserver%253A5002%252FAccount%252FRedirect%26nonce%3D0dc5d79410db46739c798ce004ac89b8%26code_challenge%3DAuKmnO1hMcoEK3VeVNiVDka2U5F23HBnR0_MtxeWA3c%26code_challenge_method%3DS256%26state%3D031db7b77c7249aebb6f7ae205dac016 application/x-www-form-urlencoded 712
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Route matched with {action = "Login", controller = "Account"}. Executing action IdentityServer4.Quickstart.UI.AccountController.Login (Company.IdentityServer)
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
Executing action method IdentityServer4.Quickstart.UI.AccountController.Login (Company.IdentityServer) with arguments (IdentityServer4.Quickstart.UI.LoginInputModel, login) - Validation state: Valid
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[10]
AuthenticationScheme: idsrv signed in.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action method IdentityServer4.Quickstart.UI.AccountController.Login (Company.IdentityServer), returned result Microsoft.AspNetCore.Mvc.ViewResult in 1.0902ms.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[1]
Executing ViewResult, running view Redirect.
info: Microsoft.AspNetCore.Mvc.ViewFeatures.ViewResultExecutor[4]
Executed ViewResult - view Redirect executed in 10.0474ms.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
Executed action IdentityServer4.Quickstart.UI.AccountController.Login (Company.IdentityServer) in 12.3805ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 13.1928ms 302 text/html; charset=utf-8
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://myserver:5002/connect/authorize/callback?client_id=Company.App.Mobile&client_secret=secret&response_type=code%20id_token&scope=openid%20profile%20app_api%20offline_access&redirect_uri=http%3A%2F%2Fmyserver%3A5002%2FAccount%2FRedirect&nonce=0dc5d79410db46739c798ce004ac89b8&code_challenge=AuKmnO1hMcoEK3VeVNiVDka2U5F23HBnR0_MtxeWA3c&code_challenge_method=S256&state=031db7b77c7249aebb6f7ae205dac016
info: IdentityServer4.Hosting.IdentityServerMiddleware[0]
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback
info: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint[0]
ValidatedAuthorizeRequest
{
"ClientId": "Company.App.Mobile",
"ClientName": "App Mobile",
"RedirectUri": "http://myserver:5002/Account/Redirect",
"AllowedRedirectUris": [
"http://myserver:5002/Account/Redirect"
],
"SubjectId": "eb194e4a-a2f7-482c-8c43-204567ebd591",
"ResponseType": "code id_token",
"ResponseMode": "fragment",
"GrantType": "hybrid",
"RequestedScopes": "openid profile app_api offline_access",
"State": "031db7b77c7249aebb6f7ae205dac016",
"Nonce": "0dc5d79410db46739c798ce004ac89b8",
"SessionId": "0ed1a950919c3b368e1249ec74e35f2c",
"Raw": {
"client_id": "Company.App.Mobile",
"client_secret": "secret",
"response_type": "code id_token",
"scope": "openid profile app_api offline_access",
"redirect_uri": "http://myserver:5002/Account/Redirect",
"nonce": "0dc5d79410db46739c798ce004ac89b8",
"code_challenge": "AuKmnO1hMcoEK3VeVNiVDka2U5F23HBnR0_MtxeWA3c",
"code_challenge_method": "S256",
"state": "031db7b77c7249aebb6f7ae205dac016"
}
}
info: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint[0]
Authorize endpoint response
{
"SubjectId": "eb194e4a-a2f7-482c-8c43-204567ebd591",
"ClientId": "Company.App.Mobile",
"RedirectUri": "http://myserver:5002/Account/Redirect",
"State": "031db7b77c7249aebb6f7ae205dac016",
"Scope": "openid profile app_api offline_access"
}
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler[10]
AuthenticationScheme: idsrv signed in.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 40.3114ms 302
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
Request starting HTTP/1.1 GET http://myserver:5002/Account/Redirect
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
Request finished in 0.9519ms 404
The address "http://myserver:5002/Account/Redirect" doesn't actually exist because the client is a Xamarin app, so I don't think the 404 at the end is an issue. There doesn't seem to be anything in the log for the call to obtain the token.
Here's the Client config for the Identity Server:
new Client
{
ClientName = "ACIS Mobile",
ClientId = "Instem.ACIS.Mobile",
AllowedGrantTypes = GrantTypes.Hybrid,
ClientSecrets =
{
new Secret("secret".Sha256())
},
RedirectUris = {$"{identityUri}/Account/Redirect"},
RequireConsent = false,
RequirePkce = true,
PostLogoutRedirectUris = {$"{identityUri}/Account/Redirecting"},
AllowedCorsOrigins = { "http://xamarinapp" },
AllowedScopes = new List<string>
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
IdentityServerConstants.StandardScopes.OfflineAccess,
"acis_api"
},
AllowOfflineAccess = true,
AllowAccessTokensViaBrowser = true
},
new Client
{
ClientName = "Swagger UI",
ClientId="swaggerui",
AllowedGrantTypes=GrantTypes.Implicit,
AllowAccessTokensViaBrowser=true,
RedirectUris = { $"{webApiUri}/oauth2-redirect.html" },
PostLogoutRedirectUris={ $"{webApiUri}/" },
AllowedScopes =
{
IdentityServerConstants.StandardScopes.OpenId,
IdentityServerConstants.StandardScopes.Profile,
IdentityServerConstants.StandardScopes.Email,
"acis_api"
}
}
The Identity server startup configuration is pretty simple:
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddIdentityServer()
.AddInMemoryClients(Config.GetClients(Configuration))
.AddInMemoryIdentityResources(Config.GetIdentityResources())
.AddInMemoryApiResources(Config.GetApiResources())
.AddTestUsers(Config.GetUsers())
//.AddDeveloperSigningCredential();
.AddSigningCredential("some certificate thumbprint", System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, NameType.Thumbprint);
services.AddAuthentication()
.AddMicrosoftAccount(options =>
{
options.ClientId = "someclientid";
options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
options.ClientSecret = "somesecret";
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseIdentityServer();
app.UseStaticFiles();
app.UseMvcWithDefaultRoute();
}
In IIS I've configured it to allow Anonymous and Basic authentication.
This is pretty much all new to me and I was making progress until this point, but I can't see any reason why it's giving me the 401 Unauthorized error, and I can't even see anything in any logs to give me anything to go on.
Edit:
I found a log file with more information:
2019-01-08 12:08:51 172.26.2.174 POST /Account/Login ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCompany.App.Mobile%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520app_api%2520offline_access%26redirect_uri%3Dhttp%253A%252F%252Fmyserver%253A5002%252FAccount%252FRedirect%26nonce%3Ddc06cb800d6f4f729df03a986ff2f165%26code_challenge%3DN343zy63pcw_E75ET0HZQWGU_5ALC6H6sXt836z6mzo%26code_challenge_method%3DS256%26state%3D86f26cf6a5184d9a8263aac954711819 5002 - 172.16.190.147 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+WebView/3.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/64.0.3282.140+Safari/537.36+Edge/17.17134 http://myserver:5002/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCompany.App.Mobile%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520app_api%2520offline_access%26redirect_uri%3Dhttp%253A%252F%252Fmyserver%253A5002%252FAccount%252FRedirect%26nonce%3Ddc06cb800d6f4f729df03a986ff2f165%26code_challenge%3DN343zy63pcw_E75ET0HZQWGU_5ALC6H6sXt836z6mzo%26code_challenge_method%3DS256%26state%3D86f26cf6a5184d9a8263aac954711819 302 0 0 156
2019-01-08 12:09:49 172.26.2.174 GET /connect/authorize/callback client_id=Company.App.Mobile&client_secret=secret&response_type=code%20id_token&scope=openid%20profile%20app_api%20offline_access&redirect_uri=http%3A%2F%2Fmyserver%3A5002%2FAccount%2FRedirect&nonce=dc06cb800d6f4f729df03a986ff2f165&code_challenge=N343zy63pcw_E75ET0HZQWGU_5ALC6H6sXt836z6mzo&code_challenge_method=S256&state=86f26cf6a5184d9a8263aac954711819 5002 - 172.16.190.147 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+WebView/3.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/64.0.3282.140+Safari/537.36+Edge/17.17134 http://myserver:5002/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCompany.App.Mobile%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520app_api%2520offline_access%26redirect_uri%3Dhttp%253A%252F%252Fmyserver%253A5002%252FAccount%252FRedirect%26nonce%3Ddc06cb800d6f4f729df03a986ff2f165%26code_challenge%3DN343zy63pcw_E75ET0HZQWGU_5ALC6H6sXt836z6mzo%26code_challenge_method%3DS256%26state%3D86f26cf6a5184d9a8263aac954711819 302 0 0 593
2019-01-08 12:10:33 172.26.2.174 POST /connect/token - 5002 Company.App.Mobile 172.16.190.147 - - 401 1 1326 50
2019-01-08 12:10:33 172.26.2.174 GET /Account/Redirect - 5002 - 172.16.190.147 Mozilla/5.0+(Windows+NT+10.0;+WOW64;+WebView/3.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/64.0.3282.140+Safari/537.36+Edge/17.17134 http://myserver:5002/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3DCompany.App.Mobile%26client_secret%3Dsecret%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520app_api%2520offline_access%26redirect_uri%3Dhttp%253A%252F%252Fmyserver%253A5002%252FAccount%252FRedirect%26nonce%3Ddc06cb800d6f4f729df03a986ff2f165%26code_challenge%3DN343zy63pcw_E75ET0HZQWGU_5ALC6H6sXt836z6mzo%26code_challenge_method%3DS256%26state%3D86f26cf6a5184d9a8263aac954711819 404 0 0 15
It's the connect/token line that has the 401 error.
I had Basic Authentication enabled in IIS for the Identity Server. Once I turned that off, it works fine.
I am trying to establish a secure connection for my mobile app using Identity server 3 and Xamarin. I have a web app that works perfectly using the identity server but can’t for the life of me get it working with mobile. I have it asking for credentials, logging in and getting an access token. However when I try to make a call using the token I still get HttpContext.User.Identity.IsAuthenticated as false and the call fails.
I created a new client in the identity server for the mobile app and have it as the following:
new IdentityServer3.Core.Models.Client
{
Enabled = true,
ClientName = "MyMobile Mobile App",
ClientId = "myMobile",
ClientSecrets = { new Secret("myMobileSecret".Sha256()) },
Flow = Flows.Hybrid,
RedirectUris = new List<string>
{
…
},
PostLogoutRedirectUris = new List<string>
{
…
},
RequireConsent = false,
AllowAccessToAllScopes = true,
RequireSignOutPrompt = false
}
My code is as follows:
var authorizeRequest = new AuthorizeRequest(GlobalSetting.Instance.IdentityEndpoint);
var dic = new Dictionary<string, string>();
dic.Add("client_id", GlobalSetting.Instance.ClientId);
dic.Add("client_secret", GlobalSetting.Instance.ClientSecret);
dic.Add("response_type", "code token");
dic.Add("scope", "openid profile roles");
dic.Add("redirect_uri", GlobalSetting.Instance.IdentityCallback);
dic.Add("nonce", Guid.NewGuid().ToString("N"));
_currentCSRFToken = Guid.NewGuid().ToString("N");
dic.Add("state", _currentCSRFToken);
var authorizeUri = authorizeRequest.Create(dic);
LoginWebView.Source = authorizeUri;
On response…
private async Task NavigateAsync(string url)
{
var unescapedUrl = System.Net.WebUtility.UrlDecode(url);
if (unescapedUrl.StartsWith(GlobalSetting.Instance.IdentityCallback))
{
LoginWebView.IsVisible = false;
var authResponse = new AuthorizeResponse(url);
if (!string.IsNullOrWhiteSpace(authResponse.Code))
{
var userToken = await _identityService.GetTokenAsync(authResponse.Code);
string accessToken = userToken.AccessToken;
if (!string.IsNullOrWhiteSpace(accessToken))
{
Authorization.AccessToken = accessToken;
Authorization.IdToken = authResponse.IdentityToken;
Application.Current.MainPage = _homePage;
}
}
}
…
}
public async Task<UserToken> GetTokenAsync(string code)
{
string data = string.Format("grant_type=authorization_code&code={0}&redirect_uri={1}&code_verifier={2}", code, WebUtility.UrlEncode(GlobalSetting.Instance.IdentityCallback), _codeVerifier);
var token = await _requestProvider.PostAsync<UserToken> (GlobalSetting.Instance.TokenEndpoint, data, GlobalSetting.Instance.ClientId, GlobalSetting.Instance.ClientSecret);
return token;
}
And then when I make a call…
RestClient rest = new RestClient(GlobalSetting.DefaultBaseUrl);
var request = new RestRequest("Partner/GetMyItem", Method.POST);
request.AddParameter("detail", MyEnumValue.ToString());
//tried both of the following…
request.AddParameter("Authorization", string.Format("Bearer {0}", Authorization.AccessToken), ParameterType.HttpHeader);
rest.AddDefaultHeader("Authorization", string.Format("Bearer {0}", Authorization.AccessToken));
IRestResponse res = rest.Post(request);
Function…
[HttpPost]
[ValidateInput(false)]
[AuthAttribute(Roles = …)]
[HandleForbidden]
public string GetMyItem(MyEnum detail)
In the server identity log I have the following…
2018-07-23 14:03:11.508 +00:00 [Information] Start authorize request
2018-07-23 14:03:11.508 +00:00 [Information] Start authorize request protocol validation
2018-07-23 14:03:11.508 +00:00 [Information] "Authorize request validation success"
"{
\"ClientId\": \"myMobile\",
\"ClientName\": \"myMobile App\",
\"RedirectUri\": \"https://localhost:44000/\",
\"AllowedRedirectUris\": [
\"https://localhost:44000/\",
...
],
\"SubjectId\": \"unknown\",
\"ResponseType\": \"code token\",
\"ResponseMode\": \"fragment\",
\"Flow\": \"Hybrid\",
\"RequestedScopes\": \"openid profile roles\",
\"State\": \"a971d692ae8f424493966023f5934b70\",
\"Nonce\": \"ec42d50463cc418dacbd04f1c43873d0\",
\"Raw\": {
\"client_id\": \"myMobile\",
\"client_secret\": \"myMobileSecret\",
\"response_type\": \"code token\",
\"scope\": \"openid profile roles\",
\"redirect_uri\": \"https://localhost:44000/\",
\"nonce\": \"ec42d50463cc418dacbd04f1c43873d0\",
\"state\": \"a971d692ae8f424493966023f5934b70\"
}
}"
2018-07-23 14:03:11.524 +00:00 [Information] User is not authenticated. Redirecting to login.
2018-07-23 14:03:11.524 +00:00 [Information] End authorize request
2018-07-23 14:03:11.524 +00:00 [Information] Redirecting to login page
2018-07-23 14:03:11.524 +00:00 [Debug] Protecting message: "{\"ReturnUrl\":\"https://....net/identity/connect/authorize?client_id=myMobile&client_secret=myMobileSecret&response_type=code%20token&scope=openid%20profile%20roles&redirect_uri=https%3A%2F%2Flocalhost%3A44000% 2F&nonce=ec42d50463cc418dacbd04f1c43873d0&state=a971d692ae8f424493966023f5934b70\",\"ClientId\":\"myMobile\",\"AcrValues\":[],\"Created\":636679513915083066}"
2018-07-23 14:03:11.570 +00:00 [Information] Login page requested
2018-07-23 14:03:11.570 +00:00 [Debug] signin message passed to login: "{
\"ReturnUrl\": \"https://...net/identity/connect/authorize?client_id=myMobile&client_secret=myMobileSecret&response_type=code%20token&scope=openid%20profile%20roles&redirect_uri=https%3A%2F%2Flocalhost%3A44000% 2F&nonce=ec42d50463cc418dacbd04f1c43873d0&state=a971d692ae8f424493966023f5934b70\",
\"ClientId\": \"myMobile\",
\"IdP\": null,
\"Tenant\": null,
\"LoginHint\": null,
\"DisplayMode\": null,
\"UiLocales\": null,
\"AcrValues\": [],
\"Created\": 636679513915083066
}"
2018-07-23 14:03:11.570 +00:00 [Information] rendering login page
2018-07-23 14:03:12.007 +00:00 [Information] CSP Report endpoint requested
2018-07-23 14:03:12.007 +00:00 [Information] CSP Report data: "{\"csp-report\":{\"document-uri\":\"https://...net/identity/login?signin=df9bdfc781a634b806ecc6555e9989ca\",\"referrer\":\"\",\"blocked-uri\":\"\",\"violated-directive\":\"script-src 'self'\",\"original-policy\":\"default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src *; font-src font-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; report-uri https://devs3server.azurewebsites.net/identity/csp/report\",\"effective-directive\":\"script-src\",\"status-code\":200,\"source- file\":\"https://devs3server.azurewebsites.net/identity/login?signin=df9bdfc781a634b806ecc6555f9989ca\"}}"
2018-07-23 14:03:12.007 +00:00 [Information] Rendering 204
2018-07-23 14:03:26.772 +00:00 [Information] Login page submitted
2018-07-23 14:03:26.803 +00:00 [Information] Login credentials successfully validated by user service
2018-07-23 14:03:26.803 +00:00 [Information] Calling PostAuthenticateAsync on the user service
2018-07-23 14:03:26.819 +00:00 [Information] issuing primary signin cookie
2018-07-23 14:03:26.819 +00:00 [Information] redirecting to: https://....net/identity/connect/authorize?client_id=myMobile&client_secret=myMobileSecret&response_type=code token&scope=openid profile roles&redirect_uri=https:%2F%2Flocalhost:44000% 2F&nonce=ec42d50463cc418dacbd04f1c43873d0&state=a971d692ae8f424493966023f5934b70
2018-07-23 14:03:26.866 +00:00 [Information] Start authorize request
2018-07-23 14:03:26.881 +00:00 [Information] Start authorize request protocol validation
2018-07-23 14:03:26.881 +00:00 [Information] "Authorize request validation success"
"{
\"ClientId\": \"myMobile\",
\"ClientName\": \"my Mobile App\",
\"RedirectUri\": \"https://localhost:44000/\",
\"AllowedRedirectUris\": [
\"https://localhost:44000/\",
...
],
\"SubjectId\": \"2957b247-43ed-4aea-b5b4-c0a76a613942\",
\"ResponseType\": \"code token\",
\"ResponseMode\": \"fragment\",
\"Flow\": \"Hybrid\",
\"RequestedScopes\": \"openid profile roles\",
\"State\": \"a971d692ae8f424493966023f5934b70\",
\"Nonce\": \"ec42d50463cc418dacbd04f1c43873d0\",
\"SessionId\": \"3e67194d4c5ba7d1c8586948377f9fe7\",
\"Raw\": {
\"client_id\": \"myMobile\",
\"client_secret\": \"myMobileSecret\",
\"response_type\": \"code token\",
\"scope\": \"openid profile roles\",
\"redirect_uri\": \"https://localhost:44000/\",
\"nonce\": \"ec42d50463cc418dacbd04f1c43873d0\",
\"state\": \"a971d692ae8f424493966023f5934b70\"
}
}"
2018-07-23 14:03:26.881 +00:00 [Information] Creating Hybrid Flow response.
2018-07-23 14:03:26.881 +00:00 [Information] Creating Implicit Flow response.
2018-07-23 14:03:26.881 +00:00 [Debug] Creating access token
2018-07-23 14:03:26.881 +00:00 [Debug] Creating JWT access token
2018-07-23 14:03:26.912 +00:00 [Debug] Adding client "myMobile" to client list cookie for subject "2957b247-43ed-4aea-b5b4-c0a76a613942"
2018-07-23 14:03:26.912 +00:00 [Information] End authorize request
2018-07-23 14:03:26.912 +00:00 [Information] Redirecting to: https://localhost:44000/
2018-07-23 14:03:28.950 +00:00 [Information] Start token request
2018-07-23 14:03:28.950 +00:00 [Debug] Start client validation
2018-07-23 14:03:28.950 +00:00 [Debug] Start parsing Basic Authentication secret
2018-07-23 14:03:28.950 +00:00 [Debug] Parser found secret: "BasicAuthenticationSecretParser"
2018-07-23 14:03:28.950 +00:00 [Information] Secret id found: "myMobile"
2018-07-23 14:03:28.950 +00:00 [Debug] Secret validator success: "HashedSharedSecretValidator"
2018-07-23 14:03:28.950 +00:00 [Information] Client validation success
2018-07-23 14:03:28.950 +00:00 [Information] Start token request validation
2018-07-23 14:03:28.950 +00:00 [Information] Start validation of authorization code token request
2018-07-23 14:03:28.950 +00:00 [Information] Validation of authorization code token request success
2018-07-23 14:03:28.950 +00:00 [Information] Token request validation success
{
"ClientId": "myMobile",
"ClientName": "my Mobile App",
"GrantType": "authorization_code",
"AuthorizationCode": "dc7be1793efe246ca817d7d35298b355",
"Raw": {
"grant_type": "authorization_code",
"code": "dc7be1793efe246ca817d7d35298b355",
"redirect_uri": "https://localhost:44000/",
"code_verifier": ""
}
}
can someone please help me get a xamarin mobile app to work with identity server 3 to call apis?
Your API needs to be registered as a client with your Identity Server as a resource scope.
Then, you need to wire up bearer authentication in your API's middleware by using UseBearerTokenAuthentication. This is necessary so that the API can authorize incoming requests that are using the Authorization header with the Bearer Schema.
Finally, your mobile app needs to request that scope when issuing an authentication request. However, you also need to make sure your that Mobile app client is registered with that scope in Identity Server
I am trying to get user to login using flask-login.
Login code:
def signin(self, email, password):
user = None
userLoggedIn = False
private_key = self.get_private_key(email, password)
if private_key:
public_key = self.get_public_key(email, private_key)
if public_key:
user = userManager.findUser(email)
if user:
userManager.changeUserPassword(email, password)
userManager.changeCloudAccessKeys(email, public_key, private_key)
else:
user = userManager.addUser(email, password, public_key, private_key, True)
userLoggedIn = True
if userLoggedIn:
login_user(user, remember=False)
userId = user.get_id()
identity_changed.send(current_app._get_current_object(),identity=Identity(userId))
return True
return False
Logout code:
def signout(self):
from flask import session
logout_user()
session.clear()
identity_changed.send(current_app._get_current_object(),identity=AnonymousIdentity())
self.remove_logged_user()
And I decorate the views with #login_required,so that user can do things only when they are logged in:
#app.route("/do_things",methods=["GET"])
#login_required
def do_things():
pass
In Chrome,everything worked well.If user didn't log in,then the views decorated by #login_required will not be accessed.
But in Firefox,after I logged out,I can still "do things".I check the Firefox cookie and find out that there is a "remember_token" in cookie session:
Response cookie:
session:1q2w3e4r...
httponly:true
path"/"
Request cookie:
remember_token:""username#gmail.com|8c5873f3748b8f5d18e9bd10cd5e9ee678a9a0a9e0a406fccce982825a7a57f167025341d102ee59cbecbfc20f5dae597ca66e92e5e4926f9aa64c6c244788b1""
session:1q2w3e4r...
I find out that Firefox saved my user email in remember_token and included it into the http requset.So that the views in flask still think I have logged in .
How can I clear the user information in Firefox after I do log out in flask?
You can remove the remember_token cookie by setting the cookie of the response with a expires date in the past, like the code below
logout_user()
session.clear()
yesterday = datetime.datetime.now() + datetime.timedelta(days=-1)
out = jsonify(success=True, message="success")
out.set_cookie('remember_token', '', expires=yesterday)