I am trying to setup GAM using External Authentication.
I created my own procedure (exposed as webservice) to consume the external authentication services and return the &GAMWSLoginOutSDT GAM is expecting.
According to documentation, this procedure has to have exposed Namespace = "GAM" (meaning it has to be "Main Program" with Call Protocol "SOAP", right?)
But, as soon as I set Call Protocol "SOAP", I no longer can access the service URL in the browser:
http://localhost/myApp/app.wslogingam.svc
Is returns an error:
The type 'GeneXus.Programs.app.wslogingam_services,app.awslogingam', provided as the Service attribute value in the ServiceHost directive, or provided in the configuration element system.serviceModel/serviceHostingEnvironment/serviceActivations could not be found.
I have already implemented this solution before for other Apps, but, for this one, I am stuck with this problem.
Maybe it's the genexus version ev3 u2 (beta)? (in previous versions, I used the prefix "a" for the exposed services, now it's "app.")
Can you please help?
GAM instructions I am trying to follow:
http://wiki.genexus.com/commwiki/servlet/hwiki?GAM+External+Authentication%3A+version+1.0,
Finally, I was able to solve the problem by setting the MainProgram of the procedure to "False" (I can still use it for GAM this way).
For some reason, setting it to "true" causes the error above.
Related
We are developing an application to open and edit protected PDF files using the MIP SDK (we're currently using version 1.6.103).
So far, we were able to open files protected with different versions of Microsoft protection, including MicrosoftIRMServices version 1.
We are now hitting a problem with one of our customers. They keep their files on a SharePoint 2016 directory, which is configured to automatically add protection to all files uploaded. All their environment is on-premise and AD RMS Service is used for protection. They do not have Azure IP on server side.
When we download the resulting file and try to open, we create a mipns::FileEngine and then invoke CreateFileHandlerAsync() to create a mipns::FileHandler. This call fails with the following mipns::NetworkError:
NetworkError : Content protected by on prem servers is unsupported., NetworkError.Category=FailureResponseCode, HttpRequest.SanitizedUrl=https://api.aadrm.com/my/v2/enduserlicenses,
As the error suggests, I suspect the issue is with the usage of an on-premise protection.
I thought it might be resolved following the instructions at
https://learn.microsoft.com/en-us/information-protection/develop/quick-app-adrms#configuring-protection-api-in-c-to-use-ad-rms
so, following those instructions, I created the FileEngine with
ProtectionEngine::Settings engineSettings("", authDelegate, "");
engineSettings.SetProtectionCloudEndpointBaseUrl("http://<my server>/_wmcs/licensing");
but so far no success, although the error has changed and is now
NetworkError : The protection service is unavailable., NetworkError.Category=FailureResponseCode, HttpRequest.SanitizedUrl=https://<my server>/my/v1/enduserlicenses,
(where of course <my server> is replaced with a local service)
Am I going in the wrong direction? If not, perhaps I am using the wrong endpoint? How can I find the endpoint URL to be passed to SetProtectionCloudEndpointBaseUrl as suggested in the linked page?
Thanks
This is likely caused by a missing MDE install or MDE SRV record. You'll need to validate that mobile device extensions for AD RMS has been deployed and configured. If it has, you'll also need to validate that the SRV record is in place for any mail suffixes your customer is using. For example, if the RMS service is at RMS.FABRIKAM.COM, but your customer email addresses are #Contoso.com, you'd need an SRV record that looks like _rmsdisco._http._tcp.contoso.com which would then point to the server at RMS.FABRIKAM.COM.
The base URL isn't used in consumption scenarios. It's only for publishing. That said, looks like you've set the _wmcs endpoint, but we expect only the base for AD RMS:
ProtectionCloudEndpointBaseUrl = "https://rms.contoso.com"
That's only required when you don't provide a mip::Identity object when creating the file engine. If you do provide the identity, we'll use the domain suffix to look up the DNS record and chase that referral.
In the latest bot samples, we can see that bot is being added to services collection as below
services.AddTransient<IBot, MyBot>();
but in older samples, we saw below approach
services.AddBot<MyBot>(options => { });
Here I am trying to understand the benefits of adding bot using AddTransient() over using AddBot().
What I know is that internally AddBot uses AddTransient only, then why use AddTransient. Referred remarks section from this link.
You can see in the source code that the AddBot methods are used for automatically adding a bot adapter to DI in addition to the bot and for configuring bot-related options like credentials and error handling. The conventions for using the Bot Builder v4 SDK were very different when those samples were made, and the bot's configuration along with its credentials were loaded from something called a bot file. The current convention for using the SDK is much easier because it takes advantage of ASP.NET Core automatically loading the app's configuration from appsettings.json. Since we're not using AddBot anymore you'll notice that the adapter is added to DI explicitly, and you can configure things like error handling and middleware either by accessing the properties and methods of the adapter directly or by deriving your own adapter class, as seen in the samples.
I have the following scenario:
Server A:abpWeb;
Server B:abpWeb;
A and B are based on MyCompanyName.AbpZero template, abp. Net core version 3.1.1;aspnetboilerplate
Browser access A:abpWeb and B:abpWeb. But after logging in, cookie shared is invalid.
A:User.Identity?.IsAuthenticated equals true after Browser access A:Login;
But refresh B:/index on the browser,B:User.Identity?.IsAuthenticated equals false;
The same browser domain for A and B is the same.
I created two new ASP.NET Core 2.0 MVC apps with ASP.NET Core Identity, using AddDataProtection for the normal shared cookie is ok.
I referred to:
https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?tabs=aspnetcore2x
I am searching for a long time on net. But no use. Please help or try to give some ideas how to achieve this.
Thanks in advance.
The keys that encrypt/decrypt your cookies are probably trying to be written to an invalid folder.
By default AddDataProtection tries to write these keys to:
%LOCALAPPDATA%\ASP.NET\DataProtection-Keys
As long as there is an environment variable being used to create the keys path, you will need to set the following config file setting to true.
Please also see my other answer here:
IIS - AddDataProtection PersistKeysToFileSystem not creating
Fix: Within %WINDIR%\System32\inetsrv\config\applicationHost.config set setProfileEnvironment=true. I think you have to restart IIS as well.
I've been able to create new profiles in IBM Connections 5 using the ProfileAdminService but can't find any documentation on how to flag them as External.
The Social business toolkit doesn't expose the isExternal flag via the Profile object. I've tried to set it manually by
profile.setAsString("snx:isExternal","true");
or
profile.setAsString("isExternal","true");
but the created profile always end up being a normal/internal one.
Is this possible yet via the API?
Thanks
I figured this out over the weekend.
You CAN add external users using the connections ProfileAdminService but you CAN't do it yet using Social Business Toolkit (functionality not there yet)
To make it work I created my own build of SBT and added "userMode" to the ProfileAttributes. Caught me out initially as was looking for isExternal. Should have guessed it was mode as that's the name in the TDI assembly
com.ibm.sbt.services.client.connections.profiles.utils.ProfilesConstants
public enum ProfileAttribute {
GUID("guid", "com.ibm.snx_profiles.base.guid"),
EMAIL("email", "com.ibm.snx_profiles.base.email"),
UID("uid", "com.ibm.snx_profiles.base.uid"),
DISTINGUISHED_NAME("distinguishedName", "com.ibm.snx_profiles.base.distinguishedName"),
DISPLAY_NAME("displayName", "com.ibm.snx_profiles.base.displayName"),
GIVEN_NAMES("givenNames", "com.ibm.snx_profiles.base.givenNames"),
SURNAME("surname", "com.ibm.snx_profiles.base.surname"),
USER_STATE("userState", "com.ibm.snx_profiles.base.userState"),
USER_MODE("userMode","com.ibm.snx_profiles.base.userMode") // <<<added this line
;
`
I've been given a task to create a protocol similar to callto:, that - upon clicking on a link with it - would automatically launch an installed aplication.
I followed the microsoft guide on how a scheme should look like.
My scheme looks like this:
HKEY_CLASSES_ROOT
slican
URL Protocol = ""
DefaultIcon (Default) = "C:\Users\Okabe\Desktop\slican\SlicanP.exe,1"
shell
open
command (Default) = "C:\Users\Okabe\Desktop\slican\SlicanP.exe" "%1""
I thought that was all and tested it with
test link
test telephone link
There was no reaction whatsoever. Internet Explorer asked me if I want to search for a program that can open the content and Chrome responded with nothing, as if I clicked javascript:void(0).
How to get that worked?
Thank you for your help!
The registration you show works perfectly fine for me when I try it on Windows 7. The local app I registered in place of SlicanP.exe ran fine when I invoked a slican: URL from the Start | Run menu, and from within the address bar of Windows Explorer. So the registration works.
Do be aware that Internet Explorer runs in a lower integrity security context, so it may not have rights to run local programs. When I tried to click on an HTML link to a slican: URL, or type a slican: URL in the address bar, IE had trouble executing the local app (even after prompting for permission). I had to run IE as an administrator, then the local app ran just fine.
Also, you really should not be creating a HKEY_CLASSES_ROOT\slican key directly. Create a HKEY_CURRENT_USER\Software\Classes\slican (current user only) or HKEY_LOCAL_MACHINE\Software\Classes\slican (all users) instead. Refer to MSDN for more details:
HKEY_CLASSES_ROOT Key
Merged View of HKEY_CLASSES_ROOT
Update: Since it works in Windows 7, Microsoft probably changed how URL schemes are registered in Windows 8. For instance, phone/store apps use URI activation:
URI activation (XAML).
URI activation (HTML)
The documentation says there are two ways to register a custom URI scheme:
Internet Explorer uses two mechanisms for registering new pluggable protocol handlers. The first method is to register a URI scheme name and its associated application so that all attempts to navigate to a URI using that scheme launch the application (for example, registering applications to handle mailto: or news: URIs). The second method uses the Asynchronous Pluggable Protocols API, which allows you to define new protocols by mapping the URI scheme to a class.
You are doing the first. Try using the second instead.
However, I just noticed that "Asynchronous Pluggable Protocols" is listed on MSDN in the "Legacy APIs" section, and it has the following note:
Third-party protocol implementations won't load in Windows Store apps using JavaScript, or in the Internet Explorer in the new Windows UI.
So it may or may not work in Windows 8.
Update: I just found this:
Guidelines for file types and URIs
In Windows 8, the relationship between apps and the file types they support differs from previous versions of Windows.
Walkthrough: using Windows 8 Custom Protocol Activation
The file type and protocol association model has changed in Windows 8. Apps are no longer able to programmatically set themselves as the default handler for a file type or protocol. Instead, now the user always controls what the default handler is for a file type or protocol.
Your app can use existing protocols for communication, such as mailto, or create a custom protocol. The protocol activation extension enables you to define a custom protocol or register to handle an existing protocol.
Also have a look at this:
Setting mailto: protocol handler programmatically in Windows 8
And this:
Default Programs
if you go to C:\Users\\AppData\Local\Google\Chrome\User Data
You can edit the Local State file
Search for protocol_handler
The syntax here is a key value pair. I usually copy two mailto: and make sure that you set your protocols to false. This will mean that chrome will treat your new protocols as URI_Handler events
If you have troubles with configuring custom URI scheme, you can compare your own configuration with existing one. For example, "HKEY_CLASSES_ROOT/mailto" - most likely you have it already in your system.