I have an identityserver4 which validates tokens sent along with the requests my APIs receive.
To do that I am using identityserver3.accesstokenvalidation.
In startup:
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary<string, string>();
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = Configurations.AuthorizationAuthority,
});
Now I might face cases where server running identityserver4 is shortly (multiple seconds) unavailable.
If this happens the service containing my APIs will not be able to run saying that:
No connection could be made because the target machine actively
refused it
I want my API service to start even if IdentityServer server is not running, is there some kind of configuration Identityserver3.accesstokenvalidation provides to overcome this issue?
Set DelayLoadMetadata to true.
Related
I got this error when I'm using streaming subscription with impersonation.
After the connection opened and receive notification successfully for minutes, it just pops up a bunch of this for almost all subscriptions.
How can I avoid this error?
One or more subscriptions in the request reside on another Client Access server. GetStreamingEvents won't proxy in the event of a batch request., The Availability Web Service instance doesn't have sufficient permissions to perform the request
I need to keep the connection stable and avoid this error.
Sounds like you haven't use affinity https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-maintain-affinity-between-group-of-subscriptions-and-mailbox-server
Also if its a multi threaded application ExchangeService isn't thread safe and shouldn't be used across multiple threads.
I'm deploying my .Net 6, Blazor Server site for the first time on shared hosting. It's all seems to work so far bar two things.
In the browser console (Chrome) I get an error:
Error 1
blazor.server.js:1 WebSocket connection to 'wss://www.mysite.co.uk/_blazor?id=qW5eCRVc_HbgSWt8iESawA' failed:
Information: (WebSockets transport) There was an error with the transport.
Error: Failed to start the transport 'WebSockets': Error: WebSocket failed to connect. The connection could not be found on the server, either the endpoint may not be a SignalR endpoint, the connection ID is not present on the server, or there is a proxy blocking WebSockets. If you have multiple servers check that sticky sessions are enabled.
Warning: Failed to connect via WebSockets, using the Long Polling fallback transport. This may be due to a VPN or proxy blocking the connection. To troubleshoot this, visit https://aka.ms/blazor-server-using-fallback-long-polling.
The page seems to work & I've added all the CSP entries I can find so that's the only error left.
Error 2 is when I call Braintree to capture a payment. That's the only Braintree call & it works fine locally.
Transaction.SubmitForSettlementAsync(transactionId, amount)
gets an exception : The request was canceled due to the configured HttpClient.Timeout of 60 seconds elapsing.
I have no idea why that is & assume is blocking is call. Any help would be appreciated.
For this warning:
Warning: Failed to connect via WebSockets, using the Long Polling fallback transport. This may be due to a VPN or proxy blocking the connection. To troubleshoot this, visit https://aka.ms/blazor-server-using-fallback-long-polling.
see: https://learn.microsoft.com/en-us/aspnet/core/signalr/publish-to-azure-web-app?view=aspnetcore-5.0#configure-the-app-in-azure-app-service
For apps hosted without the Azure SignalR Service, enable:
ARR Affinity to route requests from a user back to the same App Service > instance. The default setting is On.
Web Sockets to allow the Web Sockets transport to function. The default setting is Off.
In the Azure portal, navigate to the web app in App Services.
Open Configuration > General settings.
Set Web sockets to On.
Verify that ARR affinity is set to On.
I am working on a distributed web application using Spring Microservices design pattern where individual services are running on different ports like -
Product Management - domain:8500
User Management - domain:8501
Now If the user calls User Management by opening the URL "domain:8501/some_url" which internally calls Product Management i.e. "domain:8500/some_other_url" and also assume that certificate is self-signed i.e. for the browser, the CA is unknown and hence the exception needs to be manually added in the browser.
In this case, while Chrome works fine, Firefox and IE also probably adds the exception for domain with port and hence for internal call as well it waits internally for the security exception to be added.
As a result, my API calling is failed. Is this a Firefox behaviour or I am doing something wrong?
AJ
Try either using an API gateway or a proxy. You can use Zuul for a proxy. Please go through Zuul starter.
You can even do some more interesting things by having a proxy. Like:
Implementing Security: Implement Validation & Verification as security check over the proxy and can avoid the same over other microservices.
Response Handling: You can alter a generic response from your microservices in proxy for the client(Web/Mobile Browser/Mobile App)
Hope this helps.
I have an API application and a web application (for simplicity on the same server -- I'll do the CORS stuff later).
Windows Server 2012 with IIS 8.5
Websockets installed through "Programs and features"
Firewall turned off
The api is using owin + signalr and has the proper initialization (trimmed it down to find the error):
public void Configuration(IAppBuilder app)
{
GlobalHost.Configuration.TransportConnectTimeout = TimeSpan.FromSeconds(5);
app.MapSignalR();
app.UseWebApi(Startup.CreateConfiguration());
}
private static HttpConfiguration CreateConfiguration()
{
HttpConfiguration configuration = new HttpConfiguration();
configuration.MapHttpAttributeRoutes();
return configuration;
}
Everything seems to work perfectly except connection to the actual websockets. Every time the client tries to establish a connection, there is a timeout and it fails over to SSE (or forever frame/long polling in IE). I increased the timeout to 25 seconds and the same symptoms are occurring.
On the client, I consistently get this error with logging turned on:
SignalR: Connecting to websocket endpoint 'ws://[myurl]'.
SignalR: Websocket opened.
SignalR: **webSockets timed out when trying to connect.**
SignalR: Closing the Websocket.
SignalR: Attempting to connect to SSE endpoint 'http://[myurl]'.
SignalR: EventSource connected.
SignalR: serverSentEvents transport selected. Initiating start request.
SignalR: The start request succeeded. Transitioning to the connected state.
I have tried following the guides provided by the signalR team and I cannot see what I am missing.
Thanks for any help!
UPDATE:
I downloaded a sample and ran it as-is on the server.
Same situation, so this is likely a server configuration setting that I missed along the way. I still have not found what I missed.
You need to enable WebSockets for the website in Server Manager.
http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-websocket-protocol-support
Try establishing a SignalR connection from your Windows Server machine itself. This might have something to do with the network. Perhaps there's a proxy or something in between the client and server that doesn't properly support WebSockets.
If you are inside of a network with a "corporate" firewall, it can screw up the websockets handshake.
But, you can prevent this interference if you access your server over SSL. I've seen this first hand be the cause and solution multiple times for websockets problems in corporate environments.
It may be something with your IIS settings. I saw these on http://www.asp.net/signalr/overview/signalr-20/getting-started-with-signalr-20/supported-platforms
-IIS must be running in integrated mode; classic mode is not supported. Message delays of up to 30 seconds may be experienced if IIS is run in classic mode using the Server-Sent Events transport.
-The hosting application must be running in full trust mode.
Also, it mentioned something about .NET 4.5 being the target framework. Hope this helped.
Scenario:
My Application stands in connection to Web service (Master Server). Sometimes i make calls like login on application startup, where my application sents user credentials to the master server for validating.
So, how do i 1st validate that the answer is from my real server and not a fake local webserver with routed hosts file? And 2nd how do i parse this answer?
I always parsed like this (dummy code):
if($answerFromWebserver == "LOGIN_OK") {
doLogin();
}
Are there better, more safe solutions?
some of the security feature I see/use,
You can allow specific IPs to server, can setup firewall for this.
Setting up SSL/HTTPS will be great benefit to secure transport level.
You can send username/password encrypted with every message, so at server side authentication will took place each time. You can use SOAP header for this.
You can read huge article from ms here on securing services..