How to specify a user id and password for Visual Studio Code with an authenticating proxy?
I've seen the Proxy Server Support on the main VS Code site, but this only mentions two settings ...
"http.proxy": "http://10.203.0.1:5187/"
"http.proxyStrictSSL": false
I've set these, but still no luck, e.g. I can't install extensions ... can't even get a list of them
I suspect it's our proxy, as it needs a user id and password :-(
So how can you set these values?
Set credentials inside the proxy url:
http://username:password#10.203.0.1:5187/
WARNING: Setting your password in plaintext in a file can easily lead to your account being compromised. Further it might violate your companies data security guidelines. https://cwe.mitre.org/data/definitions/256.html
If you don't want to store your credentials in the settings file, fiddler can be used to proxy the call to the proxy. Furthermore, I believe the above only works for proxy servers using basic authentication, the following should work for NTLM.
VSCode Open Settings File:
%APPDATA%\Code\User\settings.json
add the following:
{
"http.proxy": "http://127.0.0.1:8888",
"http.proxyStrictSSL": false
}
Fiddler Confirm fiddler settings:
Fiddler Ensure Fiddler set to automatically authenticate:
VSCode Extensions should now be online:
Update
This is now no longer required following implementation of PR #22369 which was implemented in version 1.15 Proxy server authentication.
In my case I still needed to add:
"http.proxyStrictSSL": false
My favorite response here is David Martin's suggestion of using Fiddler. But in case that is not something you want to undertake, below is how to set your credentials for the proxy.
To specify DOMAIN + username + password: (It will likely not work with a slash, so use %5C in the place of the slash as shown below)
// The proxy setting to use. If not set will be taken from the http_proxy and https_proxy environment variables
"http.proxy": "http://DOMAIN%5Cusername:password#proxy_name_or_ip:port",
"https.proxy": "http://DOMAIN%5Cusername:password#proxy_name_or_ip:port",
// Whether the proxy server certificate should be verified against the list of supplied CAs.
"http.proxyStrictSSL": false,
To specify just username + password:
// The proxy setting to use. If not set will be taken from the http_proxy and https_proxy environment variables
"http.proxy": "http://username:password#proxy_name_or_ip:port",
"https.proxy": "http://username:password#proxy_name_or_ip:port",
// Whether the proxy server certificate should be verified against the list of supplied CAs.
"http.proxyStrictSSL": false,
The venerable CNTLM could help you. You give it your credentials, tell it about the upstream proxy, run it on your local machine, then point VS to the proxy at http://localhost:3128.
http://cntlm.sourceforge.net/
It's a handy solution for any application that doesn't support authenticated proxies.
I really like the solution David Martin posted (further below) using Fiddler, however I wanted to figure out how to use http.proxyAuthorization and here is my solution considering you are OK to have credentials saved in base64 encoded format in the settings.json file.
WARNING: Saving credentials in base64 encoded format is certainly better than plain text, however consider base64 encoding as obfuscation not an encryption and the account can still be compromised - use at your own risk. Consider modifying the ACL of the settings file to reduce read access to it.
Step 1: Encode your credentials using the code below:
var s = #"DOMAIN\user:pass";
var bytes = System.Text.Encoding.UTF8.GetBytes(s);
Console.WriteLine(Convert.ToBase64String(bytes));
RE9NQUlOXHVzZXI6cGFzcw==
Step 2: Update VS Code settings by adding http.proxyAuthorization using the base64 encoded value from above:
{
"https.proxy": "https://internal-proxy.corp.net:8080",
"http.proxyAuthorization": "Authorization: Basic RE9NQUlOXHVzZXI6cGFzcw=="
}
Step 3: Secure the settings.json by updating it's ACL
Since you have stored credentials in the file to increase the security you can modify the ACL of the settings file by removing the local administrators group - make sure only you can read this file. I used the following PowerShell script to remove the local admin group for example:
#Requires -Version 5.1
# PowerShell 5.1 min version required for the code below
$settings = "$env:appdata\Code\$env:username\settings.json"
$acl = (Get-Item $settings).GetAccessControl('Access')
$acl.SetAccessRuleProtection($true,$true) # removes the ACL inheritance
$accesToRemove = $acl.Access | ?{ $_.IsInherited -eq $false -and $_.IdentityReference -eq 'BUILTIN\Administrators' }
$acl.RemoveAccessRule($accesToRemove)
Set-Acl -AclObject $acl $settings
Please take ref to this article.
https://taeguk.co.uk/blog/working-in-visual-studio-behind-the-firewall/
Let’s assume my NTLM login is DOMAIN\User Name and my password is P#ssword!
The format for the credentials needs to be DOMAIN\User Name:P#ssword!, but you need to URL Encode the user name and password.
A simple online URL encoded can translate your username and password to: DOMAIN%5CUser%20Name and P%40ssword!.
Piece all this info into a single string like so: http://DOMAIN%5CUser%20Name:P%40ssword!#proxy-cluster.fqdn.local:8881
Then add this into your User Settings in File, Preferences against the "http.proxy" value:
// Place your settings in this file to overwrite the default settings
{
"http.proxy": "http://DOMAIN%5CUser%20Name:P%40ssword!#proxy-cluster.fqdn.local:8881"
}
"http.proxy": "http://DOMAIN//USER:PASSWORD#wsg.test.com:8080".
Do not forget to add the port.
Use the below command and replace the username,password and ip address of you proxy:port
PS C:\Users\rathakrishnan> npm config set proxy http://username:password#172.18.10.27:3128
PS C:\Users\rathakrishnan> npm install -g #angular/cli
in Visual Studio Code (my version is 1.32.3) you write a request, i.e.
### my request
GET https://defdomain.prefix.com/app/resource
Authorization: bXl1c2VyOnVzZXIyMkBwYXNzd29yZA==
Wherefore the Authorization header is of type "Basic base64encoded" and consists of
myuser:user22#password (username:usercredentials) base64 encoded. Thats all.
Related
I want to setup libzmq plaintext authentication for my pub server. How can I do that??
The official doc is too simple. http://api.zeromq.org/4-1:zmq-plain. I set ZMQ_PLAIN_SERVER = 1, But I don't know how to set username and password to the socket.
In Java, I can use
public ZAuth configurePlain(String domain, String filename)
To specify an auth file, then I put usernames and passwords in it like the following:
username1=password1
username2=password2
...
I found czmq has a similar operation http://czmq.zeromq.org/czmq4-0:zauth which I failed to see
the equivalent in libzmq.
How to do basic authentication for the request in web load performance tool?
You are doing the right thing, but need to change the order - move the Password and username settings above the wlHttp.Post command.
Add before calling the post command
//StartAuthentication
wlHttp.OverrideAuthorizationHeader = true;
wlHttp.Header["Authorization"] = "Basic XXXXXX";
//EndAuthentication
If the password contains #, ImapMailReceiver failed to return host correctly.
for example:
username: abc#gmail.com
password: abc#123
host: imap.gmail.com
Final URI string
imap://abc#gmail.com:abc#123#imap.gmail.com:993/INBOX
then, ImapMailReceiver identify host as 123#imap.gmail.com
I checked this thread but I use JavaConfig way to create ImapMailReceiver where as the thread is about XML config way.
Any way to walk around of this issue?
Thanks!
UPDATE
Final URI string with encoding
imap://abc%40gmail.com:abc%40123#imap.gmail.com:993/INBOX
in this case, I got AuthenticationException.
May be above information help you to understand the problem.
UPDATE 1
above was an issue from Gmail. One need to enable LESS SECURE APP security option in Gmail to fix Authentication related issue.
RFC 1738 says:
Within the user and password field, any ":", "#", or "/" must be encoded.
I expect you already know how URL encoding works. If you want a refresher, page 18 of the same document is a good place to start.
I encountered the same problem with an Office 365 account, where the user name is like 'your-user#your-company.com' and the host is 'outlook.office365.com'. Without encoding the user name, 'your-company.com' is used as the host, which leads to the following (a bit misleading) error:
javax.mail.AuthenticationFailedException: failed to connect, no password specified?
Activating debugging with mail.debug=true ...
mailProps.put("mail.debug", "true");
receiver.setJavaMailProperties(mailProps);
... gives us the parameters used for the connection to the mail server.
DEBUG IMAPS: protocolConnect returning false, host = your-company.com, user = your-user, password = <null>
To resolve the issue, I used URLEncoder.encode for the username and password, e.g.:
...
new StringBuilder("imaps://")
.append(URLEncoder.encode(mailSettings.getUser(), StandardCharsets.UTF_8.toString()))
.append(":")
.append(URLEncoder.encode(mailSettings.getPassword(), StandardCharsets.UTF_8.toString()))
...
is there a config option to disable this;
dialog when visiting a URL and passing credentials in the URL, e.g.
https://user:password#protected-site.com/
Setting the somewhat hidden network.http.phishy-userpass-length to 1024 fixed it.
user_pref("network.http.phishy-userpass-length", 1024);
See http://forums.mozillazine.org/viewtopic.php?f=38&t=156433 for more information.
I need to redirect anyone with a mobile user agent to a file called mobile.php.
My web hosting provider, Net Registry uses the Zeus web server.
Here's the script I've written from my research
RULE_1_START:
# get the document root
map path into SCRATCH:DOCROOT from /
match IN:User-Agent into $ with iPad|iPod|iPhone|Android|s+Mobile
if matched then
set OUT:Location = /mobile.php
endif
RULE_1_END:
I used the instructions on my host's site.
I pasted that into their console and it has worked to do redirects. Net registry have some odd console thing that you submit and it takes 10 minutes to update the zeus server config (annoying as hell).
Anyway my issue is that it redirects me to the wrong location:
So if you visit the site, with a user agent string that contains ipad|ipod|android|\s+mobile then you will trigger it ()
It takes me here:
http://example.com.au/mobile.php,%20catalog/index.php
I can't work out how to fix that, or why that happens because at the moment this file exists:
http://example.com.au/mobile.php
as does this one:
http://example.com.au/index.php. Contents of this file are:
<?php header("Location: catalog/index.php");
Any ideas on how I can make this work more like an apache .htaccess url Rewrite?
the official Zeus documentation
Fixed it by changing
set OUT:Location = /mobile.php
to
set URL = /mobile.php
From the manual...
Using Request Rewrite Scripts
To use the request rewriting functionality, create a script in the Zeus Request
Rewrite Scripting Language. The script contains instructions telling the
Virtual Server how to change the URL or headers of requests that match specified criteria.
The Virtual Server compiles the script, and (if the rewrite functionality is
enabled) uses it every time it receives a request. It runs the commands in the
script, changing the URL if it matches the specified criteria. Once the script is
finished, the Virtual Server continues processing the resulting URL.Zeus Web Server 4.3 User Guide
142 Configuring URL Handling
When changing the URL, the rewrite functionality can only change the local
part of it, that is, the part of the URL after the host name. For example, if a
user requests http://www.myhost.com/sales/uk.html, the rewrite
functionality can only make changes to /sales/uk.html. This means that
you cannot use the rewrite functionality to change the request to refer to a
file on another Virtual Server.
For example, the following script illustrates how to change requests for any
HTML files in the /sales directory so that the user receives them from the
/newsales directory instead:
match URL into $ with ^/sales/(.).html
if matched set URL=/newsales/$1.html
The rewrite functionality can also change the HTTP headers that were received
with a request, and create new HTTP headers to be returned to the user. For
example, the following script changes the HTTP host header, so that a request
for www.mysite.com/subserver is redirected to the Subserver
www.subserver.mysite.com:
match URL into $ with ^/([^/]+)/(.)$
if matched then
set IN:Host = www.$1.mysite.com
set URL = /$2
endif