I want to use MPNS in my windows phone app and we are going to authenticate the webservice which is sending the push to clients.
I have the done the all steps that are needed for MPNS authentication.
Uploaded the certificates on my WindowsPhone dev dashboard.
Created the channel name with the common name of my certificates
Getting the return URI with https:// thats mean my push channel is authenticated
Adding certificates to my WebRequest header
But when I am going to send push message and send webrequest but I am getting "The remote server returned an error: (403) Forbidden." response. I have read that I am doing something wrong with my request and not adding certificate properly.
Here is my code for Request Header
X509Certificate2 Cert = new X509Certificate2(Server.MapPath("Certs/abc.crt"), "password");
request.ClientCertificates.Add(Cert);
We have verisign ssl and i am testing this from my visual studio IIS. Its not hosted on any server right now and even not configured in IIS and no SSL configured for IIS.
Is that the issue or something else.
There's no unique answer for your problem.
However, when you add a client certificate to your request you only add the public key to it. The server will then respond with a challenge signed with your public key (see client certificate authentication) and you need to decipher and respond to it with your private key. If this authentication process fails, you will get a 403 forbidden.
Therefore, you must ensure that the .pfx/.p12 (containing your private key, public certificate, intermediate CA and Root CA certificates) is imported to your local machine certificate store and that your IIS server has access to it.
Because there are so many variables related to Windows, you can use Curl instead for testing purposes. Note that you must convert your .pfx/.p12 to .pem first (use openssl).
curl --cert P:\cert.pem:PASSWORD -v -H "Content-Type:text/xml" -H "X-WindowsPhone-Target:To
ast" -H "X-NotificationClass:2" -X POST -d "<?xml version='1.0' encoding='utf-8'
?><wp:Notification xmlns:wp='WPNotification'><wp:Toast><wp:Text1>My title</wp:Te
xt1><wp:Text2>My subtitle</wp:Text2></wp:Toast></wp:Notification>" https://am3.n
otify.live.net/unthrottledthirdparty/01.00/push_uri_here
Once you get that working, you may face the same problem as me: some notifications are being sent correctly and some others are rejected with a 403 forbidden for no apparent reason. See this thread:
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/383617ab-eafe-45fb-92cc-5e4b25a50e7f/authenticated-push-notifications-failing-randomly-403-forbidden?forum=wpnotifications
and the same here:
https://stackoverflow.com/questions/23805883/windows-phone-authenticated-push-notifications-failing-randomly-403-forbidden
Related
I'm able to verify the webhook using glitch from the getting started:
https://glitch.com/edit/?fbclid=IwAR2YTjZuGGM9Hi6T_v1eZh_nV6_HY3RYn_8lll4gY1REa_bJy6ZAuq6tkKQ#!/whatsapp-cloud-api-echo-bot
my local server (in a subdomain with https enabled) has the same behavior as glitch and show "WEBHOOK_VERIFIED" on the log for the request:
/webhook?hub.mode=subscribe&hub.verify_token=xpto123&hub.challenge=123
but when try to verify my local server the request from meta does not reach the server.
chrome showing that the connection to the server is secured
After more tests I found that my local server was been blocked by the ISP, understood it after test with another connection.
I made my own server and had tried ngrok and other programs to run it from local host with https redirect but whatsapp doesn't allow the use of those programs.
In the end, my error was that the URL HAS to end in /webhook or else, it won't even send the request. Then it'll send a GET request and you have to return the hub.challenge query param after making sure that the provided token from them is the one you set up. This is my code using NodeJS
if(req.query['hub.verify_token'] === process.env.VERIFY_TOKEN) return res.status(200).send(req.query['hub.challenge'])
I have deployed the java service (Spring-boot) under the docker container and have been using embedded tomcat with SSL configurations specified in application.properties file.(I am using cert.pem file generated by let's encrypt authority.)
Before making the service https, I was receiving webhooks from Twilio but as soon as I make my services https secured, I stopped receiving callbacks.
In Twilio console, debugger events shows following error:
Twilio was unable to fetch content from: https://example.com:8081/twilio/room-events
Error: Handshake failure: certificate exception
While sending events -> Twilio receiving error:
Msg "Video: Callback request was unsuccessful"
httpResponse "502"
and in header:
X-Twilio-WebhookAttempt 2
X-Twilio-WebhookRetriable true
X-Twilio-Reason Certificate exception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Content-Length 462
Content-Type text/html
I won't be able to find any solution as I don't have idea about what is happening here.
To resolve the error, I have tried adding certificates in the keystore to resolve the issue (DigicertGlobalRootCA.cert) (source:https://support.twilio.com/hc/en-us/articles/360007853433-Troubleshooting-Certificate-Errors-from-the-Twilio-REST-API)
But it is not resolved yet.
I am using this MultiValueMap<String,String> as a request parameter with POST request to receive the events.
PS : When I am using it in a local with the ngrok setup. it's working perfectly fine.
Thank you for your help.
I was using the cert.pem file provided by the Let's encrypt. Instead of cert.pem, fullchain.pem needs to be used in order to communicate with the external world.(In java keystore)
Used the below URL to find out the SSL validation:
https://www.sslshopper.com/ssl-checker.html
Took reference from this wonderful article for getting information about the certificate chain.
https://medium.com/#superseb/get-your-certificate-chain-right-4b117a9c0fce
I have a client that authenticates to API platform, token is generated and send back to client. Client embed the token in the requests header, but still have a 401 error return from the server : JWT not found. It is in the header thougth (verified with FIrefox)
Have you already had this issue ? (further posts without response).
Is there a possibility Apache or firewall blocks the token ?
How can I find the issue source?
NB: the excat same config was working well on dev server in local. Just clone the git to server and and made acomposer made a composer install. I tried to reinstall lexik, regenrate the .pem.... nothing work
Thank you for your help
I am requesting from iOS 9 device to https:// URL where iOS receiving error code -1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “example.com” which could put your confidential information at risk."
Which already mentioned on
https://developer.apple.com/library/content/technotes/tn2232/_index.html#//apple_ref/doc/uid/DTS40012884-CH1-SECGLOSSARY
FYI : The same request is working on iOS 10 & 11 devices with 200 Ok Response. Also i have already handled the challenge methods in my HTTP Class using NSURLSession API.
Here Server is using self signed certificate.
I am trying to send a response to an HTTPS request, using FiddlerCore.
I need things to work like this: I put some fake URL in browser, like https://my_url_that_doesnt_exist.com/, then I intercept this request with FiddlerCore and respond to it with my data. But I only see a CONNECT and the host URL. I know this is because of HTTPS and Fiddler being a proxy. But is there a way to get the real full URL and be able to respond to HTTPS request, using FiddlerCore?
Also I use this code to create a root certificate if it's missing:
if (!Fiddler.CertMaker.rootCertExists())
{
if (!Fiddler.CertMaker.createRootCert())
{
throw new Exception("Could not create a certificate.");
}
}
also, I use these startup settings:
FiddlerCoreStartupFlags fcsf = FiddlerCoreStartupFlags.Default | FiddlerCoreStartupFlags.DecryptSSL|FiddlerCoreStartupFlags.AllowRemoteClients;
and CONFIG.IgnoreServerCertErrors = true;
This HTTPS request is not visible in Fiddler itself. I mean when I try some non-existent URL to which I'd like my app to respond with some custom content. It's also HTTP, not HTTPS, and Fiddler itself contains the following in response:
[Fiddler] DNS Lookup for "my_url_that_doesnt_exist.com" failed. The requested name is valid, but no data of the requested type was found
But if I use some existing HTTPS URL, like google plus or anything like that, I can see the HTTPS and all the request details.
So the question follows: How can I intercept HTTPS request to a non-existent URL and serve my content instead?
I can provide any additional details if needed.
Also makecert.exe is in the same folder where all my binaries are.
The problem is that HTTPS traffic flows through a CONNECT tunnel, and by default that secure traffic won't be sent if creating the CONNECT tunnel to the target server doesn't first succeed. Of course, if that target server doesn't exist, you end up with a DNS error in creating the tunnel, so the secure requests are never sent.
The workaround is to tell Fiddler to tell the client that the CONNECT tunnel was created, without even trying to contact the server. Do so by adding this inside the BeforeRequest handler:
if (oSession.HTTPMethodIs("CONNECT"))
{
oSession.oFlags["x-replywithtunnel"] = "GenerateTunnel";
return;
}