How to access the secured "HTTPS" webservice in Windows Phone 7. The secured certificate is not given, I should either skip or ignore the error message. Any help?
The site you're accessing needs to have a valid certificate from an issuer recognised by the platform. The latest list of these issuers I've seen is here.
push notifications from authenticated services
Note Geotrust will give you a 30 day trial certificate which is handy for testing.
Related
I'm trying to integrate facebook login into an app just for learning purposes but it seems that facebook made some changes recently that allows only https.
Here's the error when I try to log in with facebook:
Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://
Some people suggested to go to Facebook Login -> Settings and disable 'Enforce HTTPS for Web OAuth Login'. However, it seems that the recent update on facebook disabled this option.
Anyone found a work around this problem?
Enforce HTTPS
This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019. Most major cloud application hosts provide free and automatic configuration of TLS certificates for your applications. If you self-host your app or your hosting service doesn't offer HTTPS by default, you can obtain a free certificate for your domain(s) from Let's Encrypt.
I need help regarding Identity Server on the following:
Do reference tokens use Signing Certificate?
On http://localhost application is working fine, on binding to a public URL with https, the login call returns a token, but consecutive WebApi(client) calls return "401 - Authorization has been denied for this request". Is it because of SSL certificate or due to NLB (two different Identity servers are deployed on the backend) - I am using Entity framework for storing the reference tokens. Do multi domain SSL certificate (SAN) work fine for Identity Server?
Do I need to add machine keys on both Identity server config files to sync or is this requirement only for JWT approach?
Thanks.
Our project(web application C# ASP.NET MVC3) is hosted on IIS 7.5 and we use certificate authentication. So we have SSL-require configured IIS.
Now we have a business task to allow some users to use our system. And there is no way to provide client certificates for them. In that case we need to use some additional authentication model (user-password or ntdomain based).
I don't know how to realize such model:
User gets on our project url;
If he has valid client certificate - we let him iteract with our application;
If he hasn't cert we show him a login form with "user-password";
If we use SSL-required configured IIS users would not be able to iteract with application without valid certificate at all right? And how to authenticate with certificate if IIS is configured with SSL-Accept?
Maybe you can configure two sites on your IIS? One with SSL and another without it? Your url will point to the SSL enabled site, and when a user without a valid certificate arrives you use some backup code to send him to the SSL free site?
Just guessing actually... I think this probably deserves a more meditated answer...
The problem was not so large as i thought before. IIS provides a check box to require certificate even if combobox(in SSL options of web application) is set to Accept instead of require. In that case IIS tries to get certificate at first. And if there is no cert it lets the user to iteract with application. And we can make custom authentication on that level.
With MVC (v.3+) there is nice way to use IAuthorizationFilter in that case
We have ASP.Net generic handlers that support HTTPS requests only.
Example: https://{domainname}/userservice/getfriends.ashx
Please suggest a solution for processing the https requests in Winows Phone 7.1 using HttpWebRequest. When I am binding the https images (for example https://{domainname}/userserivce/23232.jpg only), it's raising the error.
Is your SSL certificate signed by a Root Certification Authority trusted by Windows Phone (example: Verisign) or is it a self-signed certificate?
If it's not from a valid trusted root certification authority, export the signing root certificate, send it by email to the device, and then install the certificate; check this answer for more info.
I have doubt in Windows 7 Phone Application Development.
I need to acess the web service using HttpWebRequest in SSL How can I configure HttpWebRequest as for SSL and allow if Certificate is InValid..
For Example:
I need to Acess API "www.example.com?value=stringVale" and I will get a response as XML and I need to Process It.
when I Give a URI as "https://www.example.com/mainPage.php?Value=stringVale" I get an Breaking Issue.
so How can I access webservice using HttpRequest with SSL Layer.. with InValid Certificate?
Thanks
Dinesh
You need to have a certificate issued by an authority that is recognised by the platform.
This is the latest list I've seen (posted by Shaun Taulbee) in this thread.
push notifications from authenticated services
You can get a 30 day trial cert that's handy for testing from GeoTrust.