500 internal server error while authenticating Microsoft graph - flask-oauthlib

I am using python and flask for making web pages. I am trying to authenticate Microsoft graph but its giving an error. Please see the picture below:

Use debug mode to see debug information.
Flask > 1.0, use FLASK_ENV=development.
Flask < 1.0, use FLASK_DEBUG=1.
Flask-OAuthlib itself doesn't support proxy. You can try https://github.com/lepture/authlib it uses requests for OAuth client. Requests support proxy http://docs.python-requests.org/en/master/user/advanced/#proxies

Related

Does NTLM Authentication no longer work with the latest Postman native app 6.0.10

I keep getting 401 Forbidden response testing our IIS based WebAPI calls using my Windows credentials in Postman version 6.0.10. Is there a workaround for this in Postman without using a hack like running Fiddler as a proxy in the background?
Maybe try without the ssl certificate.
https://www.getpostman.com/docs/v6/postman/launching_postman/settings

ASP.NET Unauthorized in Postman using IIS Express, but works in Chrome

I am trying to test an ASP.NET Web Api locally using IIS Express. When I use Chrome and hit the url (localhost:5000/api/test, for example) the json displays fine, but when using Postman I keep getting unauthorized 401.2 when hitting the same url. The api controller has Anonymous access on the route.
On the error message, one of the likely causes is:
Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reach the Web server.
Is Postman somehow changing the headers?
[2019 Update]
Got the same issue, I couldn't debug an ASP Core 2.1 API using Postman when running on the local machine using IIS Express. I kept on having "Could not get any response" despite it was working fine on a browser.
Following troubleshooting steps explained here PostmanLabs Github, I noticed into Postman console that this was coming from a certificate issue.
Disabling SSL Verification from Postman Settings > General allowed the request to pass through.
Looks like it's your proxy.
I haven't found the proxy setting in postman. So I deleted postman for Win and installed postman for Chrome. Possibly Postman gets the environment from Chrome.
Anyway the resolution is to use Postman for Chrome instead of Postman for Win.
I have a localhost WebAPI site up with IIS Express (HTTPS). Postman started to respond as expected to GETs and POSTs after I changed (in Postman)
File --> Settings --> Proxy
to: "Use the system proxy"
and turning on: "Respect HTTP_PROXY ...".
I had earlier set up a custom proxy that wasn't working with HTTPS.

How do I capture https requests with Postman native app using Windows 10?

I am using the Postman native app on Windows 10 and am struggling with trying to capture https requests. Postman's Documentation for this is for Mac and not Windows.
In particular, I am working on a web application that creates a session cookie upon login that needs to be included in most requests in order to be authorized. When I was using the Chrome App, Postman Interceptor achieved this (see https://stackoverflow.com/a/32436131/3816779).
Here's what I've tried so far:
Turn on the Proxy in Postman with port 5555.
Configured windows to send http and https requests through Postman's proxy server (127.0.0.1:5555).
This allows http requests to be captured in Postman
But when trying to connect to https sites, I get an error
Here are my Postman settings if that helps.
Update I ended up switching back to the Chrome App, which uses the "Interceptor" instead of a "Proxy Server" to capture traffic.
Unfortunately, capture https requests with postman native app is impossible in some case according to the official doc: Capturing HTTP requests
Note: for the Postman native apps, request captures over HTTPS will not work if the website has HSTS enabled. Most websites have this check in place.
Postman's proxy now supports HTTPS traffic - https://blog.postman.com/postmans-proxy-now-fully-supports-https-endpoints/
Once you install a CA certificate that Postman generates for your installation, capturing HTTPS requests should be seamless.
Disclaimer: I work at Postman
With Google Chrome i don't know how to fix the issue. But you can use to open the web page for example IE..
EDIT:
Or MAYBE you can start Google Chrome with parameter --ignore-certificate-errors to ignore the error message.
Postman Interceptor is available for Postman native apps which supports both features:
1. Capturing requests
2. Syncing cookies
Learn more here.
Just check HTTPS in setting and will work for you

The HTTP verb POST used to access path '/UploadedImages' is not allowed."

Testing Fine-Uploader and get the following trying to upload images. It's on a testbox and I have rights to the folder. I am not running under IIS as most of these errors when searching google have to do with IIS. Any ideas.
I am using asp.net / c# and I am not using URL Rewriting.
The error suggests that the "/UploadImages" endpoint is not configured to accept POST requests (probably only GET requests). You'll need to update your server configuration appropriately so that POST requests are accepted.

Help getting Net::HTTP working with authentication in Ruby

I'm trying to get a Ruby script to download a file off a server, but I'm getting a 401.2 from IIS:
You do not have permission to view
this directory or page using the
credentials that you supplied because
your Web browser is sending a
WWW-Authenticate header field that the
Web server is not configured to
accept.
I've checked that basic auth is enabled. Is there something special about how Ruby handles basic auth? Is there a way for me to see what the server actually gets and what the headers say is acceptable?
This is my code:
Net::HTTP.start(url, port) {|http|
req = Net::HTTP::Get.new('/file.txt')
req.basic_auth 'username', 'password'
response = http.request(req)
puts response.body
}
Snippet from the Microsoft website
HTTP 401.2: Denied by server configuration
Description
The client browser and IIS could not agree on an authentication protocol.
Common reasons
* No authentication protocol (including anonymous) is selected in IIS. At least one authentication type must be selected. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
253667 (http://support.microsoft.com/kb/253667/ ) Error message: HTTP 401.2 - Unauthorized: Logon failed due to server configuration with no authentication
* Only Integrated authentication is enabled, and an older, non-Internet Explorer client browser tries to access the site. This happens because the client browser cannot perform Integrated authentication. To resolve this problem, use one of the following methods:
o Configure IIS to accept Basic authentication. This should only occur over SSL for security purposes.
o Use a client browser that can perform Integrated authentication. Internet Explorer and new versions of Netscape Navigator and Mozilla Firefox can perform Integrated authentication.
* Integrated authentication is through a proxy. This happens because the proxy doesn't maintain the NTLM-authenticated connection and thus sends an anonymous request from the client to the server. Options to resolve this problem are as follows:
o Configure IIS to accept Basic authentication. This should only occur over SSL for security purposes.
o Don't use a proxy.
You should also try to look at ruby-httpclient - Simple HTTPClient library for Ruby which can use NTLM auth.

Resources