Can I declare credentials only once for a REST API? - powerquery

I am using Power Query within Power BI Designer to query a REST API. The first request is to:
http://domain/httpAuth/app/rest/server
which returns:
<server>
<builds href="/httpAuth/app/rest/builds"/>
</server>
From there I use Power Query to query http://domain/httpAuth/app/rest/builds in order to get a list of builds and then iterate over the list of builds, calling each one in turn. The format of the URL for each build is:
http://domain/httpAuth/app/rest/builds/id:buildId
The problem is I'm getting prompted to enter credentials for every single request. This is tedious and unworkable (we have a lot of builds).
Is there a way to define the credentials once for (say) stub http://domain/httpAuth/app/rest and have every resource under that stub use the same credentials?

At the moment there is no direct way to do this for HTTP sources. A workaround for now is to connect to the root source first (http://domain/httpAuth/app/rest/builds or just http://domain/) and set the credentials there.
If you trust all of the data sources you are connecting to, you can also disable the firewall by going to the Workbook Settings dialog and selecting the Ignore option for Fast Combine.
EDIT: Sorry, I misread the question. In the case of credentials, connect to the root source first and set the credential there. This credential should be used for the remaining URLs.

I believe you can set an Authorization Header and set it with your request.
(Apologies for for the Wiki link - http://en.wikipedia.org/wiki/Basic_access_authentication)

Related

coturn cannot find credentials of user

I was trying to deploy a simple TURN server using coturn.
When I test it on Trickle ICE (turn:rtc.jackxujh.me:3478 [webrtc:mighty]), Trickle ICE says "Authentication failed?".
The coturn server keeps reporting this error:
ERROR: check_stun_auth: Cannot find credentials of user
Here is the complete turnserver.conf I am using (by uncommenting lines of the coturn sample conf):
external-ip=39.108.74.114/XXX.XXX.XXX.XXX #(XXX is internal IP)
fingerprint
lt-cred-mech
use-auth-secret
static-auth-secret=XXXXXXXX... #(XXX is the secret)
realm=rtc.jackxujh.me
user=webrtc:0xXXXXXXXX... #(XXX is the key)
cert=/etc/letsencrypt/live/rtc.jackxujh.me/cert.pem
pkey=/etc/letsencrypt/live/rtc.jackxujh.me/privkey.pem
mobility
I find a related discussion on GitHub, but I don't feel there is a solution at the end.
In fact, I am confused whether my conf file is using TURN REST API or not.
Meanwhile, I tried to check if there was a user named webrtc in turndb, by using # turnadmin -l, but the output was nothing. (Is this command correct?)
In fact, I am confused whether my conf file is using TURN REST API or not.
I can confirm You use REST API because use-auth-secret is set
use-auth-secret
So you need to use a unixtimestamp as username, and the hashed password..
user=timestamp:userid
password=base64(hmac(secret key, user)
Read more about the difference of Long-Term-Credential and REST:
https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf
If you want to use normal username/password use the long-term-credential so remove use-auth-secret
and set it statically or in db
user=username1:key1
turnadmin
turnadmin -l
list static and db users.
So in case of REST is correct the empty list.

SonarQube API: Retrieving a list of users assigned to a project permission?

I'm trying to find a list of users for a specific project (by projectKey) who possess the issueadmin permission. I've found a documented API that gets me pretty close:
api/permissions/search_project_permissions
but the response that I get back only has summary information: counts of groups/users for each permission type.
search_project_permissions response
Does anybody know if there's a way to get to the login details for the users?
There is an "internal" web service (meaning it could change without notice!) that does this. You'll use it like so:
http://myserver.myco.com/api/permissions/users?projectId=[project guid]&permission=issueadmin
In Web API interface use the "Show Internal API" checkbox at the top of the left column to see it.
just noticed in Sonarqube v6.7 it works as follows:
https://sonarqube.dhl.com/api/permissions/users?projectKey=<KEY>
https://sonarqube.dhl.com/api/permissions/users?projectKey=<KEY>&permission=issueadmin
https://sonarqube.dhl.com/api/permissions/users?projectKey=<KEY>&permission=issueadmin&permission=scan
All possible permissions are (reg. Browse, See Source Code, Administer Issues, Administer and Execute Analysis):
admin
codeviewer
issueadmin
scan
user

How to remove SSRS credentials in Visual Studio 2008

I have a question similar to this one, but I am using VS 2008 and an Oracle database (with Oracle SQL Developer). How do I get rid of the report credentials in VS? Thank you.
One of the easiest ways to get rid of this is to supply a username and password for the database in question on the reporting server. The URL is usually something like http://localhost/reports. Usually, users created for this type of connection have minimal read-only rights needed for the specific report. The disadvantages to this type of connection is that it's a one-user-fits-all situation. But because of the error message you are getting, it appears that your wish is to supply a specific user name and password rather than use Windows security--which is just fine.
To get here, click Security from the report drop-down list on the main page. Then, click the Credentials stored securely on the report server. Then, here's an issue that get's lots of folks--click the Apply button at the bottom to save the changes. Sometimes the Apply button is not visible and you need to scroll down to click it.
Now, if you're accessing your report through ReportViewer in VS then the following link may provide some help:
http://www.sql-server-performance.com/2012/accessing-ssrs-reports-report-viewer-web-page/
Alternately, you can create or add to a web.config file:
https://msdn.microsoft.com/en-us/library/microsoft.reporting.webforms.ireportservercredentials.aspx
p.s. based on our chat, try adding the following to your web.config connection string--if you have one(with the respective user name and password)--if, indeed you're using Oracle's ODP.net:
providerName="Oracle.ManagedDataAccess.Client" connectionString="User Id=oracle_user;Password=oracle_user_password
http://www.oracle.com/technetwork/topics/dotnet/downloads/odpnet-managed-nuget-121021-2405792.txt
I have not figure out how to solve this from the database. What I did was, comment out this line of code from the XML of the report:
<Prompt>Specify a user name and password for data source XXX</Prompt>
If you have the correct credential info in the <value> tag, your report should be loaded with username and password parameters without problems.

CORs rule not found when putting data in azure storage

So I have a site where I upload large video files using html 5 to azure storage using an sas signature. It seems to work fine on most systems and browsers but doesn't seem to work on iPhones. I finally routed the call through fiddler via proxy and got the response from the storage server.
Here is the CORs rule I have set up.
What am I missing here?
Good evening,
There are a few things I would like you to try simultaneously, when you get a chance:
1. Change your Allowed Headers to: "Origin,X-Requested-With,Content-Type,Accept,Authorization,Accept-Language,Content-Language,Last-Event-ID,X-HTTP-Method-Override, x-ms-*". NOTE: You may not need all of these, but for now, add them all to see if we can get it working.
2. Change your Allowed Methods to: NONE, PUT, OPTIONS
3. Set the Max Age (seconds) field to 0
4. Create another rule, and do not have a comma-separated list of allowed origins. Make a separate rule for each origin. (I've heard of certain browsers not liking the CSV).
Once all is said and done, if the above does not work, try removing "Authorization" from the allowed headers since it looks like you are not using that (but first, try it with it).
Please let me know if you make any progress with the above ideas.

No more recaptcha global key option?

I am curious if there's still possibility to create global keys for reCaptcha.
Documentation points it is possible, but I can find no way - no such option is there whenever I add a site.
Google made reCaptcha Global URL possible again in 2016 for the I'm not a Robot checkbox:
https://developers.google.com/recaptcha/docs/domain_validation
Now to get the keys to work on every URL you have to go to: "Advanced Settings" for your key, and untick the "Domain Name Validation" box:
https://www.google.com/recaptcha/admin
This is a security hole, so you are required to check the hostname field in your JSON response and reject any solutions that are coming from unexpected sources:
https://developers.google.com/recaptcha/docs/verify#api-response
This option has dissapeared. In fact, google is deleting that info from documentation step by step. There is an issue
Maybe we can ask to reopen that option, or at least, to obtain some info why this option its gone
Well the Secure Token would be the way to do this:
"A reCAPTCHA key is normally tied to a set of individual domains. However, you might have a large number of hosted domains and would like to have one key working on all of them - the solution is the secure token."
https://developers.google.com/recaptcha/docs/secure_token
A similar question (How can I use reCAPTCHA v2 on a large number of domains?) has a PHP sample and a Java sample is in GitHub https://github.com/google/recaptcha-java/tree/master/appengine

Resources