Background:
Trying to find and use a library in Ruby which will enable access to an OData feed from MS Project Online. The purpose is to be able to read the information about what projects and resources have been stored in the Project management system.
Problem:
Have located two main Ruby gems for ODATA access
Ruby-Odata: OData Client Library
Odata: OData
The service which is trying to be accessed is via HTTPS; typically like https://mysite.sharepoint.com/sites/pwa/_api/ProjectData/Projects This will also have a username and password due to it being an authenticated service. But the problem is that the authentication fails, although when using this same service via an Excel data connection I'm able to access the list of Projects
Tests:
The code attempt, using Odata, looks like:
# https://github.com/visoft/ruby_odata
require 'ruby_odata'
svc = OData::Service.new "https://blogfodder.sharepoint.com/sites/pwa/_api/ProjectData/Projects/",{:username => "blah", :password => "xxxxxx"}
svc.Projects
Running this code produces the following error:
/Users/grantsayer/.rvm/gems/ruby-2.2.0#odata/gems/rest-client-1.8.0/lib/restclient/abstract_response.rb:74:in `return!': 403 Forbidden (RestClient::Forbidden)
This of course shows that authentication is a problem. The issue is that I'm able to execute this connection via Excel, and also in a web browser, just not over the API.
The alternative library (Odata) whilst not producing an authentication error ends up with no data being returned.
Suggestions are welcome.
Related
** the application is hosted on server and the API if prodding the headers. I want to read that headers to get the user name (who is accessing the application)**
I am trying to setup development environment to integrate Google sign-in on Android using Web Authenticator in Xamarin Essentials.
In the Web API project, same AuthController is included described in this article. It is running on https://localhost:44311/api
To call the API from emulator, API url is referenced as https://10.0.2.2:43411/api as described in this article.
Now, I am able to call the API url using await WebAuthenticator.AuthenticateAsync(apiUrl, callbackUrl)
But, when API tries to invoke Google authentication via await Request.HttpContext.ChallengeAsync(scheme);, below error is returned from Google.
Error 400: invalid_request, device-id and device-name are required for
the private IP: https://10.0.2.2:4311/signin-google
As I understand, it is expecting request originated from the server instead of IP address like https://<servername>
Whole situation comes down to be able to access the webservice using name (or localhost) to be used in both emulator and Google redirect uri.
I'd like to know if it is possible to simulate the oAuth(1,2) authentication flow. I'd like to test without the need to connect to the provider itself. It should be possible as it is just some communication exchange. I'm not looking for something like this where they still communicate with remote server. I'd like to be completely offline, when testing.
Maybe I can run my own oAuth server. I should be using Google oAuth services so the server should behave same like they do. Does google provide some code for their oAuth server, or is it possible to create some fake server. Note the test should be more integration test. I would like to command the server to return some predefined responses. Switching to live oAuth providers will be just changing the remote URL.
Maybe just some http server is ok, I just need to care about the proper format of communicated messages.
Take a look at Client Side REST Tests section of Spring Reference docs. With this support you can easily fake the server and record desired behaviour into MockRestServiceServer.
Here are some examples I created.
Please see steps below to mock OAuth2 token to be used for faster local development using SOAPUI.
Steps:
Create a REST soapUI project, create a POST resource for URL "http://localhost:9045/oauth/token".
Create a Mock Service for above resource.
Create a Mock response as shown below, you can add your own parameters and values depending on your requirements.
{
"access_token":"MockOauth2TokenForLocaldevelopmentnTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
"token_type":"bearer",
"expires_in":35999,
"scope":"read write",
"jti":"4d540b94-1854-45fa-b1d6-c2039d94b681"
}
Start the mock service.
Test using your local REST POST request.
Mock Response:
Mock Oauth2 SOAPUI testing:
We are working on an internal MVC3 app that purely uses Windows Authentication. There's a view that does an AJAX call to a controller action that does some processing before calling a web service. The problem we are running into is that if Anonymous access is turned off (as in Windows Authentication is on), calling the service from the controller actions results in a 401: Unauthorized error.
We have run into a problem of the double hop issue where credentials aren't passed correctly from server to server when calling a service within a service. I'm wondering if the AJAX call is somewhat mimicing the same behavior and not transmitting the correct Windows credentials to the controller which then doesn't pass the correct credentials to the web service.
I've seen some posts that shows how to pass a username and password along with the jQuery call but nothing mentions, an effective way, to bring along Windows Authentication with it.
Has anyone run into a similar issue? We would rather not leave Anonymous access on the web service as it is somewhat sensitive data that we would like to control access to.
Do you have identity impersonation turned on as described in this question:
How to get Windows user name when identity impersonate="true" in asp.net?
A colleague did some research over the weekend and determined it may have something to do with Kerberos authentication setup on the server as well as the jQuery call. In order to get around it, we just refactored the web service into a library that the application just references. We made it a web service initially as we thought in the future this data would need to be accessed from other applications. Running into this issue, we will most likely make it into a NuGet package.
Thanks for the comments.
Since the Google Search API has been deprecated, I'd like to use the Bing Search API (now a Windows Azure API) in my Ruby apps.
However, Azure has a strange authentication pattern where you build a query URI, paste it into a browser, pass the key into the password box of the standard HTTP authentication box, and make POST to see the results. I assume this generates a signature and passes it in the header somehow. I'd like to do the complete process in Ruby and skip the browser portion if possible.
I found one example in the source of an obscure Windows Azure storage gem, but I can't figure out how tthey're building the signature and make the call. Is there a simple way to do basic HTTP auth in Ruby?
I went ahead and used Faraday's built in basic authentication scheme like so:
connection = Faraday.new "http://api.something.com/1/dudez"
connection.basic_auth "username" "password"
connection.get
I want to recommend the RestClient gem for this. I've used it with great success for GET'ing and POST'ing across domains. If you really have to act like a browser to implement the API, you can always use Capybara.
I'm sorry I haven't tried the Azure API myself, or I would give an example. :)
I recall doing this previously with another Azure API but am unable to find the code.
Look here for the details of the signature process:
http://msdn.microsoft.com/en-us/library/windowsazure/ee395415.aspx
I'm unable to find immediately if the Azure API uses the SharedSignature method
The way to sign a request to Windows Azure blob storage thru the REST API is described here: http://msdn.microsoft.com/en-us/library/dd179428.aspx.
Basically, you don't authenticate by simply adding some credentials in a HTTP header, you have to sign your request with the secret key that is associated to your storage account.