I am wokring on a website (.NET Framework 4.6.1) and we implemented OIDC authentication (IdentityServer4). The implementation is very basic, nothing fancy just some code challange and token validation. We tested it and it worked real nice on both Edge and FireFox.
Then we were asked to implement "acr_values" parameter for MFA. In the authentication configuration, specifically inside RedirectToIdentityProvider (which is part of Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationNotifications), we add the specified "acr_values" parameter the following way (the value itself is set in a config file, and its similar to "xyz:asd:wtf:qwe"):
n.ProtocolMessage.AcrValues = authCfg.AcrValues
In a very similar setup (by similar i mean almost identical) it is working without any issues. For my setup it only works in Firefox. When trying in Edge we get AuthenticationFailed (which is also a Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationNotifications) with the following error:
2021-05-26 13:00:08.0633 ERROR MT.Translate.Startup
OIDC-Notification: AuthenticationFailed:
2021-05-26 13:00:08.0633 ERROR MT.Translate.Startup Value cannot
be null. Parameter name: s
2021-05-26 13:00:08.0633 ERROR MT.Translate.Startup
-TargetSite-------------------------------
2021-05-26 13:00:08.0633 ERROR MT.Translate.Startup Byte[]
FromBase64String(System.String)
2021-05-26 13:00:08.0633 ERROR MT.Translate.Startup
-Source-----------------------------------
2021-05-26 13:00:08.0633 ERROR MT.Translate.Startup mscorlib
In development enviroment the behaviour is a bit different. We do not get AuthenticationFailed, because after verifying the login information IdentityServer's redirection does nothing, but return us to the same login screen.
To summerize, without "acr:values" MFA was not working, but otherwise it was working in both Edge and Firefox. After implementig "acr_values" Firefox was working with MFA but not in Edge. So we rolled back to the previous version, where we have no "acr_values" and now MFA works with Edge and Firefox too.
The error does not make any sense to me. There is no parameter called "s", at least I have never heard of it in the context of authentication. The fact that without the necessary code it works does not make any sense to me. Also how can it work on Firefox and not on Edge?
Bonus Objective: Only in Edge a png is not appearing. It was not touched and in every other browser it shows up. How and why is my question.
Thank you for reading my post and I am looking forward to any insight what is happening.
Some code snippets:
oicdAuthOpt.Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = n =>
{
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Authentication && AppSettingsKey.AuthCodeChallangeEnabled.Enabled)
{
// generate code verifier and code challenge
var codeVerifier = CryptoRandom.CreateUniqueId(32);
string codeChallenge;
using (var sha256 = SHA256.Create())
{
var challengeBytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(codeVerifier));
codeChallenge = Base64UrlEncoder.Encode(challengeBytes);
}
// set code_challenge parameter on authorization request
n.ProtocolMessage.Parameters.Add("code_challenge", codeChallenge);
n.ProtocolMessage.Parameters.Add("code_challenge_method", "S256");
if (AppSettingsKey.MultiFactorAuthEnabled.Enabled)
n.ProtocolMessage.AcrValues = authCfg.AcrValues ?? n.ProtocolMessage.AcrValues;
// remember code verifier in cookie (adapted from OWIN nonce cookie)
// see: https://github.com/scottbrady91/Blog-Example-Classes/blob/master/AspNetFrameworkPkce/ScottBrady91.BlogExampleCode.AspNetPkce/Startup.cs#L85
RememberCodeVerifier(n, codeVerifier);
}
logger.Debug("OIDC-Notification: RedirectToIdentityProvider Called");
//if signing out, add the id_token_hint
if (n.ProtocolMessage.RequestType == OpenIdConnectRequestType.Logout)
{
logger.Debug(" RequestType=" + OpenIdConnectRequestType.Logout);
var idTokenHint = n.OwinContext.Authentication.User.FindFirst("id_token");
if (idTokenHint != null)
{
logger.Debug(" IdTokenHint got from n.OwinContext.Authentication.User");
n.ProtocolMessage.IdTokenHint = idTokenHint.Value;
}
logger.Debug(" IdTokenHint=" + n?.ProtocolMessage?.IdTokenHint);
}
return Task.CompletedTask;
},
Code for the IndentityServer is on their github (Quickstart).
For authorization middleware we made a custom System.Web.Mvc.AuthorizeAttribute.
public override void OnAuthorization(AuthorizationContext filterContext)
{
try
{
if (AppSettingsKey.LoginEnabled.Enabled && AppSettingsKey.OpenIdConnectSSOEnabled.Enabled)
{
var cookie = HttpContext.Current.Request.Cookies["oidc.default"];
if (cookie == null)
{
logger.Debug("oidc.default is null -> HandleUnauthorizedRequest");
base.HandleUnauthorizedRequest(filterContext);
}
else
{
if (CookieKeyStore.Instance.CheckIfContains(cookie.Value))
{
if (!CookieKeyStore.Instance.isExpired(cookie.Value))
{
logger.Debug("oidc.default is not expired:" + cookie.Value + " -> OnAuthorization");
//requires oidc.default and ASP.NET_SessionID cookies
base.OnAuthorization(filterContext);
}
else
{
logger.Debug("oidc.default is expired:" + cookie.Value + " -> HandleUnauthorizedRequest");
base.HandleUnauthorizedRequest(filterContext);
}
}
else
{
logger.Debug("insert oidc.default into the KeyStore:" + cookie.Value + " -> OnAuthorization");
CookieKeyStore.Instance.HandleCookies(cookie);
base.OnAuthorization(filterContext);
}
}
}
else
base.OnAuthorization(filterContext);
}
catch (Exception e)
{
logger.Error(e, "Exception while overriding the OnAuthorization method.");
}
}
"oidc.default" is our custom cookie configured into OIDC.
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
CookieName = "oidc.default",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager(),
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnResponseSignOut = context =>
{
CookieKeyStore.Instance.Clear(context.Request.Cookies["oidc.default"]);
}
}
});
We've created a custom CAF receiver. When we try to switch audio tracks, the receiver player works properly just for the first request. If we try to make other requests, we are able to see the correct EDIT_TRACK_INFO_REQUEST (with the correct audio TrackId) on the receiver side, but the audio doesn't change.
We replicate the same behavior on web/IOS/ANDROID senders with different assets.
Does anyone have any suggestion?
Thanks in advance.
---Additional details:
Smooth Streaming manifest audio track snippet, notice that Language doesn't follow RFC specification
<StreamIndex Name="audio101_spa" Language="spa" Type="audio" Subtype="AACL" QualityLevels="1" Chunks="0" Url=".../QualityLevels({bitrate})/Fragments(audio101_spa={start time})">
<QualityLevel Bitrate="96000" Index="0" FourCC="AACL" SamplingRate="22050" Channels="2" BitsPerSample="16" PacketSize="4" AudioTag="255" CodecPrivateData="1390"/>
<StreamIndex Name="audio102_eng" Language="eng" Type="audio" Subtype="AACL" QualityLevels="1" Chunks="0" Url=".../QualityLevels({bitrate})/Fragments(audio102_eng={start time})">
<QualityLevel Bitrate="96000" Index="0" FourCC="AACL" SamplingRate="22050" Channels="2" BitsPerSample="16" PacketSize="4" AudioTag="255" CodecPrivateData="1390"/>
On receiver side actually on PLAYER_LOAD_COMPLETE we perform custom handling of tracks:
//custom RFC mapping from values that comes from
const tracksLabelsObj = {
"spa": { name: "Español", lang: "es" },
"eng": { name: "Inglés", lang: "en" },
"ita": { name: "Italiano", lang: "it" }
...}
and we perform mapping and handling of audio track
for (i = 0; i < request.media.tracks.length; i++) {
trackLanguage = tracksLabelsObj[request.media.tracks[i].language];
if (((request.media.tracks[i].type == 'AUDIO') || (request.media.tracks[i].type == 'TEXT')) && (trackLanguage != undefined)) {
//change labels and code
request.media.tracks[i].name = trackLanguage.name;
request.media.tracks[i].language = trackLanguage.lang;
}
}
We founded on documentation also another way to handle this, using:
playerManager.setMessageInterceptor(
cast.framework.messages.MessageType.EDIT_AUDIO_TRACKS, request => {...
if (request.media != null) {
console.log("CHROMECAST: EDIT AUDIO TRACKS - Changing media tracks");
for (i = 0; i < request.media.tracks.length; i++) {
trackLanguage = tracksLabelsObj[request.media.tracks[i].language];
if (((request.media.tracks[i].type == 'AUDIO') || (request.media.tracks[i].type == 'TEXT')) && (trackLanguage != undefined)) {
//Cambio labels lingua
request.media.tracks[i].name = trackLanguage.name;
request.media.tracks[i].language = trackLanguage.lang;
}
}
}
...}
But we can't handle it correctly, any suggestion also on this?
For internal testing, we also used this clear streaming that has the same behavior - http://harmonic.e2e.purpledrm.com.edgesuite.net/Content/SS/VOD/yjO9VXw7-ElephantsDreamH264720p/ElephantsDream.ism/Manifest
Many thanks.
I'm trying to create a new contact using GData .Net Api.
I've got an AccessToken using the newer Google.Apis.
This acces token works alright to get,update and delete contacts, but if I try to create one I receive a 401 Unauthorized response.
This is the code I use to add my contact :
if (string.IsNullOrEmpty(FullName))
{
FullName = string.Format("{0} {1}", FirstName, LastName);
if (string.IsNullOrEmpty(FullName))
{
ThrowTerminatingError(new ErrorRecord(
new ArgumentException("Please provide a name for the contact"),
null, ErrorCategory.InvalidArgument, null));
}
}
Contact = new Contact
{
Name = new Name
{
GivenName = FirstName,
FamilyName = LastName,
FullName = FullName
},
Content = "Notes",
};
foreach (var m in Emails)
{
Contact.Emails.Add(new EMail(m));
}
RequestSettings settings = new RequestSettings(applicationName, AuthentParameters);
ContactsRequest cr = new ContactsRequest(settings);
var feedUri = new Uri(string.Format("{0}{1}/full/", Scope, Domain));
cr.Insert(feedUri, Contact));
The following atom feed is sent using POST method to http://www.google.com/m8/feeds/contacts/(my domain)/full/ :
<?xml version="1.0" encoding="utf-8"?>
<entry xmlns="http://www.w3.org/2005/Atom" xmlns:gd="http://schemas.google.com/g/2005">
<gd:name>
<gd:givenName>Guillaume</gd:givenName>
<gd:familyName>Davion</gd:familyName>
<gd:fullName>Guillaume Davion</gd:fullName>
</gd:name>
<gd:email address="gudavion#test.info" />
<category term="http://schemas.google.com/contact/2008#contact" scheme="http://schemas.google.com/g/2005#kind" />
<content type="text">Notes</content>
</entry>
Headers are :
Content-Type: application/atom+xml; charset=UTF-8
Authorization: Bearer ya29.(access token)
GData-Version: 3.0
Thanks to anyone who could help me.
I managed to make it work with two things :
First, changing the way I construct the feed uri :
var feedUri = new Uri(ContactsQuery.CreateContactsUri(Domain));
And second adding a label to the email :
Contact.Emails.Add(new EMail(m) { Label = "Default" });
With this, the add goes smoothly.
I am using the adwords api to generate reports.
Please bear with me as I am not too familiar with the same.
I am using version v201409 of the api.
I get the report columns for KEYWORD_PERFORMANCE_REPORT using getReportFields.
I then try to download the report using a subset of those columns.
For KEYWORD_PERFORMANCE_REPORT I get the error:
Cannot select a combination of Device and
AssistClicks,AssistClicksOverLastClicks,AssistImpressions,AssistImpressionsOverLastClicks,AveragePageviews,AverageTimeOnSite,BounceRate,Bounces,ClickAssistedConversionValue,ClickAssistedConversionValueLong,ClickAssistedConversionValueNonMoney,ClickAssistedConversions,ClickAssistedConversionsOverLastClickConversions,ImpressionAssistedConversionValue,ImpressionAssistedConversionValueLong,ImpressionAssistedConversionValueNonMoney,ImpressionAssistedConversions,ImpressionAssistedConversionsOverLastClickConversions,LastClickConversions,LastClicks,NewVisitors,Pageviews,PercentNewVisitors,VisitDuration,Visits,
Type: ReportDefinitionError.INVALID_FIELD_NAME_FOR_REPORT.
The question is: How do I find out a valid set of combinations of columns without going through a trial and error process.. Is there any documentation which will help me with the same.
I looked at the columns for KEYWORD_PERFORMANCE_REPORT in http://developers.guge.io/adwords/api/docs/appendix/reports and exclude the colums which the api said were "not compatible". Got a similar error.
Thanks
N.B> If I try this code with the columns provided in the online example it works and downloads the report as expected.
The code is:
`
String[] columnNames = {
"ConversionRateManyPerClickSignificance",
"ConversionRateSignificance",
"ViewThroughConversionsSignificance",
"AccountCurrencyCode",
"AccountDescriptiveName",
"AccountTimeZoneId",
"AdGroupId",
"AdGroupName",
"AdGroupStatus",
"AssistImpressions",
"AssistImpressionsOverLastClicks",
"AverageCpc",
"AverageCpm",
"AveragePageviews",
"AveragePosition",
"AverageTimeOnSite",
"BiddingStrategyId",
"BiddingStrategyName",
"BiddingStrategyType",
"CampaignId",
"CampaignName",
"CampaignStatus",
"ClickAssistedConversionsOverLastClickConversions",
"ClickAssistedConversionValue",
"Clicks",
"ClickSignificance",
"ClickType",
"ConversionManyPerClickSignificance",
"ConversionRate",
"ConversionRateManyPerClick",
"Conversions",
"ConversionSignificance",
"ConversionsManyPerClick",
"ConversionTypeName",
"ConversionValue",
"Cost",
"CostPerConversion",
"CostPerConversionManyPerClick",
"CostPerConversionManyPerClickSignificance",
"CostPerConversionSignificance",
"CostSignificance",
"CpcBid",
"CpcBidSource",
"CpmBid",
"CpmSignificance",
"CriteriaDestinationUrl",
"Ctr",
"CtrSignificance",
"CustomerDescriptiveName",
"CvrSignificance",
"Date",
"DayOfWeek",
"Device",
"ExternalCustomerId",
"FinalAppUrls",
"FinalMobileUrls",
"FinalUrls",
"FirstPageCpc",
"Id",
"ImpressionAssistedConversions",
"ImpressionAssistedConversionsOverLastClickConversions",
"ImpressionAssistedConversionValue",
"Impressions",
"ImpressionSignificance",
"IsNegative",
"KeywordMatchType",
"LabelIds",
"Labels",
"Month",
"MonthOfYear",
"PlacementUrl",
"PositionSignificance",
"PrimaryCompanyName",
"QualityScore",
"Quarter",
"SearchExactMatchImpressionShare",
"SearchImpressionShare",
"SearchRankLostImpressionShare",
"Slot",
"TrackingUrlTemplate",
"UrlCustomParameters",
"ValuePerConversion",
"ValuePerConversionManyPerClick",
"ViewThroughConversions",
"Week",
"Year"
};
public static void downloadConsolidatedReportFile(String[] columnNames, final ReportDefinitionDateRangeType forDateRange, final ReportDefinitionReportType reportDefinitionReportType, final String to) throws Exception {
com.google.api.ads.adwords.lib.jaxb.v201409.Selector selector = new com.google.api.ads.adwords.lib.jaxb.v201409.Selector();
selector.getFields().addAll(Lists.newArrayList(columnNames));
ReportDefinition reportDefinition = new ReportDefinition();
reportDefinition.setReportName("Report " + reportDefinitionReportType.value() + " for dateRange " + forDateRange.value());
reportDefinition.setDateRangeType(forDateRange);
reportDefinition.setReportType(reportDefinitionReportType);
reportDefinition.setDownloadFormat(DownloadFormat.CSV);
ReportingConfiguration reportingConfiguration = new ReportingConfiguration.Builder()
.skipReportHeader(true)
.skipReportSummary(true)
.build();
session.setReportingConfiguration(reportingConfiguration);
reportDefinition.setSelector(selector);
BufferedWriter bw = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(to)));
String mccId = session.getClientCustomerId(); //The id from ads.properties file
Collection<Client> clientIds = getClientAccountIds(mccId);
try {
for (Client cl : clientIds) {
BufferedReader reader = null;
String customerId = cl.id;
String name = cl.name;
session.setClientCustomerId(cl.id);
try {
ReportDownloadResponse response =
new ReportDownloader(session).downloadReport(reportDefinition);
if (response == null || response.getHttpStatus() != 200) {
handleError(response);
}
BufferedInputStream bs = new BufferedInputStream(response.getInputStream());
reader = new BufferedReader(new InputStreamReader(bs));
String line = null;
log.info("getting " + reportDefinition.getReportType().value() + " for " + customerId+" "+name);
reader.readLine(); //Skip the first line of column names
while ((line = reader.readLine()) != null) {
bw.write(line + "\n");
}
} catch (DetailedReportDownloadResponseException e) {
log.error("An error was thrown downloading report for Customer id: " + customerId+" "+name, e);
//We have to do this as we have to filter out the mcc id. An exception is thrown by MCC id
if (e.getType().equals("ReportDefinitionError." + ReportDefinitionErrorReason.CUSTOMER_SERVING_TYPE_REPORT_MISMATCH.getValue())) {
continue;
} else {
throw e;
}
} catch (Exception e) {
log.error("An error was thrown downloading report for Customer id: " + customerId+" "+name, e);
throw e;
} finally {
if (reader != null) {
reader.close();
}
}
}
} finally {
if (bw != null) {
bw.flush();
bw.close();
}
}
}
`
None of the columns you mentioned in the comment below are used.
Check the following documentation.
https://developers.google.com/adwords/api/docs/appendix/reports/keywords-performance-report#activeviewcpm
For some fields "Not compatible with the following fields" option is provided. Click on that option to check the combinations that are not compatible
The following columns are not selectable in the Keywords Performance Report in v201409:
AssistClicksOverLastClicks
Bounces
ClickAssistedConversionValueLong
ClickAssistedConversionValueNonMoney
ImpressionAssistedConversionValueLong
ImpressionAssistedConversionValueNonMoney
LastClickConversions
LastClicks
NewVisitors
Pageviews
VisitDuration
Visits
Suggest you try removing them and trying again. Failing that, post some code so we can see how you are making the call.
For future reference the AdWords Ad Hoc Reporting docs provide a downloadable CSV file for each of the report types listing the allowed metrics, attributes and segments.
I got an same issue with you. And from my understandings, there's no API to identify which column combinations are valid in adwords so far.
So I check whether the combination is valid or not before download the file by requesting real AWQL.
If the dummy AWQL returns error such as Adwords: Reporting Error: HTTP code: 400, error type: 'ReportDefinitionError.INVALID_FIELD_NAME_FOR_REPORT', trigger: 'Cannot select a combination of ActiveViewCpm and ConversionCategoryName,ConversionTrackerId,ConversionTypeName', field path: 'ActiveViewCpm', then I modify the combination of columns by using the error details through trial and error.
I don't know if this is the best way...
Can anyone help me in fixing this issue. I know it was already asked but none of those answers helped me as I tried all of them. Anyway I hope a new solution will come up which is going to fix my problem.
It works & sends emails when I try to send emails using host smtp.gmail.com but can't send emails using host smtpout.secureserver.net. I have a valid smtp server account too.
The exception I got is here:
Unable to read data from the transport connection: net_io_connectionclosed...
web.config:
<appSettings>
<add key="fromMail" value="notification#abc.com" />
<add key="fromPassword" value="abc" />
<add key="smtpHost" value="smtpout.secureserver.net" />
<add key="smtpPort" value="465" />
</appSettings>
I also tried this in web.config:
<system.net>
<mailSettings>
<smtp from="notification#abc.com">
<network host="smtpout.secureserver.net" port="25" userName="notification#abc.com" password="abc"/>
</smtp>
</mailSettings>
</system.net>
but no luck at all...:(
Code:
public static sendMail(String toAddress, string body, string subject,string bcc,string cc)
{
String fromAddress = ConfigurationSettings.AppSettings["fromMail"];
String fromPassword = ConfigurationSettings.AppSettings["fromPassword"];
String smtpHost = ConfigurationSettings.AppSettings["smtpHost"];
String smtpPort = ConfigurationSettings.AppSettings["smtpPort"];
SmtpClient client = new SmtpClient();
client.Port = Convert.ToInt32(smtpPort);
client.DeliveryMethod = SmtpDeliveryMethod.Network;
client.UseDefaultCredentials = false;
client.EnableSsl = true;
client.Host = smtpHost;
client.EnableSsl = true;
client.Credentials = new System.Net.NetworkCredential(fromAddress, fromPassword);
MailMessage mail = new MailMessage(fromAddress, toAddress);
mail.Subject = subject;
mail.Body = body;
mail.BodyEncoding = Encoding.UTF8;
mail.IsBodyHtml = true;
if(attachments != null && attachments.Count() > 0)
{
foreach(var attach in attachments)
{
mail.Attachments.Add(attach);
}
}
if(!string.IsNullOrEmpty(bcc))
mail.Bcc.Add(bcc);
if (!string.IsNullOrEmpty(cc))
mail.CC.Add(cc);
try
{
client.Send(mail);
}
catch (SmtpException exception)
{
// Console.WriteLine("Mail Sending Failed");
return "Mail Sending Failed"+ exception.Message;
}
return "ok";
}
}
Please help me guys...Thanks in advance...
Also someone in forums got the same error. He said that the problem is with his SMTP server. If the same problem in my case, how would I know that the problem lies within my SMTP server?
I am sharing my codes with you as i tried all of them too.
Here is my configuration in app.config file
<system.net>
<mailSettings>
<smtp deliveryMethod="Network" from="xxx#gmail.com">
<network defaultCredentials="false" enableSsl="true" host="smtp.gmail.com" port="587" userName="xxx#gmail.com" password="xxx" />
</smtp>
</mailSettings>
And here is my c# codes (this is a console application)
Console.Write("Sending test mail...");
using (SmtpClient client = new SmtpClient())
{
try
{
client.Send("ramazandonmez#yandex.com.tr", "ramazan.donmez#euromsg.com", "Test Message Subject", "Test Message Body");
Console.WriteLine("test mail sended");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
Console.ReadLine();
I hope this help.