Uploadify insecure manner upload - uploadify

Does anyone knows?
My web server requiring auth, while uploading a file i've got window with auth. Even if I'll put username and pass application is crashed.

This is due to a known bug in Flash that sends IE cookies regardless of the browser that is hosting the plugin, thus borking your authentication/authorization scheme.
Here is an asp.net based workaround. It is plainly written and can easily be ported to your environment.

Related

Cookies in MS Teams Tab application

I've been trying to work out authenticating users into my app, which is running inside a MS Teams Tab application, and I'm having issues in mobile.
To authorize requests in the application, we just need to have a cookie in place that the server sets when the user authenticates. So for this to work inside Microsoft Teams, I've been trying to just send the token to the iframe and set the cookie. Everything works pretty well on web and desktop, but on mobile (I've tested only with iOS so cannot really tell about Android), the cookie doesn't work at all.
I've tried to set some test cookies and read them, and it doesn't work. So my question is if there is a way to work with cookies in mobile? Is it an issue on my end or has it been disabled in the web view that loads the tab? Is there a way around it or any suggestion that would help solve my problem?
Thanks for the help!

Aurelia: How to get user's window's username

I'm not sure if this is even possible. I need to be able to get the users windows username. We are all on an intranet, so I don't have to worry about cross platform issues.
Does Aurelia have windows authentication?
Aurelia runs completely in the browser, so it doesn't have any way to support windows auth (unless the browser supports it). But there's no reason you can't send the user's username via an API call.

How to create an FB app without a secure canvas URL

I have a simple app I want to create, which allows you to place any website within your Facebook page on a tab.
Previously, I could just do this without a secure canvas URL, but now it is telling me that I must have this to create the app.
Is there a way around this, as the app does not take any info from anybody, it just shows a site from my server on the page.
Short answer: No. You do not need to provide an encrypted connection if the app runs in sandbox mode but otherwise it is mandatory.
Well, actually people using secure browsing will just see an error message at the moment but judging from recent announcements apps without an encrypted connection will be blocked a bit further down the road.

Problem with Security Information Message Pop Up Box

I am having great issues trying to debug a page on a web application used internally on an intranet. When entering the page the "Security Information" Pop Up Box appears. The whole application is running under https.
To try and debug the issue, I have used Fiddler, and looked at the urls for every component, javascript, css, images, and user control components. Everything I have seen from Fiddler shows that the urls start with required https!
So, I am completely confused why this message should be shown - it appears everything the page is posted back.
Does anyone have any idea why this should be happening and/or have another tool that could help me?
Thanks
I'm pretty sure that what you are seeing is the result of a self-signed certificate. If a certificate you're using isn't trusted by a known certificate authority (Verisign or a similar company) your web browser can't verify that it comes from a trusted source.
Also, look at what the error is saying, because it usually tells you which part of the security verification failed.

Windows Authentication doesn't prompt for login

I've had Windows Authentication setup on an area of our website for some time now, and it has worked flawlessly so far.
Recently, the login prompt stopped appearing and went straight to "Page cannot be displayed" for some reason.
While connected to our network, the page works fine.
Outside our network, users are supposed to receive a login prompt but they now do not, instead receiving the "page cannot be displayed" error.
Why would this suddenly occur, and how is it fixed? I have tried removing the virtual directory and re-adding it but nothing seems to work.
The strange thing is this is only happening in IE - Google Chrome works fine (I receive the login prompt).
Is there a setting or something inside of IIS that disables this login prompt or something? It is strange it is an IE specific issue as well - there were no changes to the state of IE from one day when it was working to the next where it wasn't.
Anyone have ideas on what might be causing this?
Thanks
Oddly enough, I'd wonder why you were getting the login prompt before now.
If you're logged in to Windows and the site you're browsing to uses Windows Auth, IE will automatically try to pass the logged in user's credentials to the site (this all depends on your domain configuration/trust setup...something may have changed with those settings at the domain level that changed the behavior of your IE).
Chrome/Firefox/Safari don't have this functionality, which is why you're still getting a login prompt.
There is a checkbox in internet options->advanced tab to enable/disable Windows Authentication, but you said that there were no changes. Either way it is something to check.
It sounds like you are hitting a security setting in IE.
IE stops windows authentication information from being sent to sites that you do not trust.
You could try adding the site to your list of trusted sites.
You can start by taking a network trace both Internally and Externally, reproduce the issue and see if the request actually reaches the web server. Also, check the IIS logfile for the "Page Cannot Be Displayed" response.
Let me know if that helps or if you have more questions.
Regards,
Vivek.
You need to take a network capture (www.fiddlercap.com) to get any real help with this.
IE supports the "Negotiate" protocol in addition to NTLM; Chrome and other browsers typically only support NTLM.

Resources