I have a web .NET service. I can connect this web service from web browsers.
If I write service address first web browser ask username and password than service is connected.
If I connect this web service with delphi. There is error message:
Error message is "401 Unauthorized"
I am using:
RESTResponse1
RESTRequest1
RESTClient1 and HTTPBasicAuthenticator 1.
HTTPBasicAuthenticator1 has username and password and RestClient add Authenticator.
But I can not connect web service
How can I connect it?
To find out the reason for the missing (or wrong) authentication you can use the developer / debug mode in most web browsers. You could also use Wireshark or a HTTP proxy.
Check the response headers of the server. They include information about all supported authentication modes (see RFC 2616)
Related
I use Oauth2 to access a database in a cloud.
The code is developed in .net core 2.0.
The redirect urls are:
"AuthRedirectUri": "http://localhost:44378/auth/callback", "PostRedirectUri": "http://localhost:44378/myapp/Index",
I get connected to the database when the app runs on the visual studio (iis express). However, when the app is published on the local server (Windows Server 2012.R2) I receive an "invalid request" message from the third party web app. The published app is on http://localserver:80/. The solutions I have found in the web are redirecting to the localhost which doesn't work in my case.
Which hostname/port should be used to receive the callback code on the server? Shall I change anything in the iis or the server?
The solutions I have found in the web are redirecting to the localhost which doesn't work in my case.
Which hostname/port should be used to receive the callback code on the server? Shall I change anything in the iis or the server?
As far as I know, the redirect url should be your application's domain or IP address which could be access by someone outside your server.
Normally, we will use your server's public IP address and add your IIS application's port as the url(If you have the domain, you you should bind this url with domain address).
I suggest you could find this url and access from internet to make sure you could access the web application.
Then you could use this IP address and port plus sepcial fomat as the redirect url.
I just created an REST API in API Connect and the endpoint works when I test it in the APIC assemble tab. It requires a client id and client secret. When I send a request through Postman, I currently get a “Could not get any response” message from when I try to add them as header values or OAuth authorization. I’m using the request endpoint that’s displayed when I hit the debug button from the successful response on the Assemble tab. Is this the correct endpoint to use? How do I properly include the client id and client secret in a Postman request?
If you get a "Could not get any response in Postman", that means that Postman can't reach the destination of the request.
There are several reasons for that:
Is it an intranet or internet endpoint?
Are you using a proxy? (check proxy config)
Is the hostname resolvable? (try ip)
If it is an https
endpoint, with a self signed certificate, check if you have SSL
Certificate verification enabled (Settings-> general)
On the other hand, to send the client-id and client-secret headers, just click on Headers tab and add both (see the following picture)
Please check the below things to get access to API Connect published services.
Service needs to be allowed to invoke from postman(System from which you are invoking.)
Please check the web-api MPGW service titled in DataPower default domain created when you configure your API connect with DataPower have you created an access control list in the front-side-handler.
Please disable the SSL configuration in the postman, sometime this may create a problem(since the service exposed from API Connect will be with SSL)
From the error you are getting, I suspect there is no connection or only one-way traffic is enabled which means you are blocking response. If there is an issue with the request parameters you are sending, an error will be different saying, wrong client id or client secret.
Testing API which is on-boarded from API Connect will be straightforward or same we invoke other rest services.
Thx Srikanth
I needed to include the client id and client secret in the headers using the correct name for them, which is specified when creating/editing the api under the 'Security Definitions' category as 'Parameter Name'.
I was also hitting the wrong endpoint. To find the correct endpoint click the hamburger icon in the upper left of api connect website, select dashboard, click on the environment you want such as sandbox or dev, click settings, click gateway, then you'll see the endpoint.
Is it possible that the XPages REST component returns 401 HTTP status code after invalid authentication? Now it returns 200 and the server login page.
My NSF app is used only as a REST service interface to serve the backend application data.
It may be possible to do this using an "Override Session Authentication" web rule in the Directory. I believe that that's intended for cordoning off parts of a server like this that shouldn't use session authentication.
Starting with Domino 9.0.1 FP10 there is now a notes.ini configuration that forces Domino to return HTTP 401 Unauthorized when serving the login page:
DOMINO_FORCE401_WITH_HTML_LOGIN_PAGE=1
I am using strophe.js for implementing XMPP to connect using google account. I am already using Google OAuth for login into my application using the OAuth token.
How do I use the X-OAUTH2 mechanism to make the <auth> request using strophe, rather than providing the password for the authentication to the XMPP service.
Google's documentation for the X-OAUTH2 authentication states this is the initial <auth> request to make:
<auth xmlns="urn:ietf:params:xml:ns:xmpp-sasl"
mechanism="X-OAUTH2"
auth:service="oauth2"
xmlns:auth="http://www.google.com/talk/protocol/auth">
base64("\0" + user_name + "\0" + oauth_token)
</auth>
I'm starting to building a client using strophe, to which I'm new too. I guess you'll need to use a proper BOSH connection manager to authenticate to xmpp server with oauth2. I know punjab is popular, you could try to use that, but I'm looking at Node BOSH, as mentioned here XMPP client Not connecting - using Node Bosh server
I have a web application (gwt) that is running on a tomcat application server. This web application consumes several web services (login, application data transfer, queries, etc.). The web service client on the tomcat is implemented as apache axis2 web service client.
For user log on I provide a form in the web application with username and password. This data are transmitted via web service to authenticate the user.
It is planned to change the hole authentication mechanism to client certificated based authentication. The authentication still should be done on the web service provider side.
So my system has three relevant components: the web client, the tomcat application server and the web service provider.
Every user of the application has its own private client certificate (PKI Token, X.509- Auth-Cert). When the user connects to the web application his certificate is requested.
How can I forward the client certificates for use in the web services? (The tomcat will not be responsible for authentication).
1.) Is there a way to intercept the request and extract the client certificates before authentication error occurred?
I found some information about Servlet Filters what sounds really good, but I’m not sure where to implement it to intercept the certificates before they are verified against tomcats keystore.
2.) If it is possible, how can I pass after the client certificate to the web service?
Thank you for reading
No, not really. The real piece used in authentication is the private key associated with the certificate, not just the certificate itself. And, typically, you have no way of retrieving that from the web client. Therefore, you cannot really pass-through the credentials you receive from a web client on to the web service client. The certificate itself is readily available, but is useless for authentication without the corresponding private key.