I am trying to make MVC4 facebook application using VS 2012 Facebook template. When I run the application keep on getting "Given URL is not permitted by the application configuration.: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains."
Got following configuration in the web.config
<add key="Facebook:AppId" value="7XXXXXXX64" />
<add key="Facebook:AppSecret" value="e7066XXXXXXXX344" />
<add key="Facebook:AppNamespace" value="mynotepadapp" />
<add key="Facebook:AuthorizationRedirectPath" value="~/Home/Permissions" />
<add key="Facebook:VerifyToken:User" value="" />
I have added www.example.com in my host file. What I am missing here? Also I tried site URL and Canvas URL with out "www". Didnt work either.
Here is what I did to make mvc4 template to work with localhost
You dont change hosts file, leave that one as it is
on Facebook app configuration page under settings > Basic
App Domains is Empty
Canvas url/Canvas Secure url: https: // localhost : port number/ (sorry stackoverflow wont let me write the url properly)
SiteUrl same as canvas url
Your Sandbox mode should be enabled if using localhost
Make sure your Canvas and canvas secure are both https and ends with /
In Web.config, write your appkey, appsecret and appnamespace
Note: there is no place where you need to enter example.com
Hope it helps
Related
I'm working my way through the Sustainsys documentation for configuring an Asp.Net WebForms app. But I'm not getting redirected to the idP login page. What am I missing?
<sustainsys.saml2 entityId="http://localhost/wingtip-toys"
returnUrl="https://localhost/wingtip-toys"
authenticateRequestSigningBehavior="Never"
publicOrigin="https://localhost/wingtip-toys"
validateCertificates="false">
<identityProviders>
<add entityId="http://localhost:8080/auth/realms/wingtip-toys"
signOnUrl="http://localhost:8080/auth/realms/wingtip-toys"
metadataLocation="http://localhost:8080/auth/realms/wingtip-toys/protocol/saml/descriptor"
loadMetadata="true" allowUnsolicitedAuthnResponse="false">
</add>
</identityProviders>
<compatibility unpackEntitiesDescriptorInIdentityProviderMetadata="true" />
</sustainsys.saml2>
The redirection just attempts to stay internal to the application, ~/login.aspx
Thanks
Update the forms auth tag to redirect to /Saml2/Signin.
I am spinning a big wheel now. please shed some light.
Reverse proxy is working with Apache. So, when I access https://hostname/app/default.html, it opens Tomcat app url. No issue.
The tomcat app currently redirects to https://hostname/app/login.html which has a login box.
1) Do I need to disable UserDatabase on Tomcat server.xml ?
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
2) Is this Shibboleth configuration correct ?
But, when I try configure this with OKTA- Shibboleth(3.0), it's looping OKTA SSO url.
In shibboleth2.xml
<ApplicationDefaults id="default"
entityID="https://hostname/shibboleth-sp"
REMOTE_USER="userid" >
<SSO entityID="http://www.okta.com/~~~~">
OKTA's metadata is downloaded and located with shibboleth2.xml file.
cert is also generated and placed in the same folder.
3) Is this OKTA configuration correct ?
In OKTA widget configuration menu,
- Single sign on url :https://hostname/Shibboleth.sso/SAML2/POST
- recipient url : https://hostname/Shibboleth.sso/SAML2/POST
- destination url :https://hostname/Shibboleth.sso/SAML2/POST
- audience restriction :https://hostname/shibboleth-sp <-- above SP entityID
- default relay state : ??
right now, when I click on the widget on OKTA, it's looping.
https://hostname/Shibboleth.sso/SAML2/POST
contains SAML response.
then, it redirects to OKTA SSO url. It never ends.
https:// xxx.oktapreview.com/app/xx_reverse_proxy_/xxxx/sso/saml?SAMLRequest=~~~&RelayState=~~~
This contains SAML request but it looks like this.
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://hostname/Shibboleth.sso/SAML2/POST"
Destination="https://okta sso/sso/saml"
ID="xx"
IssueInstant="2018-11-02T15:39:24Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://hostname/shibboleth-sp
</saml:Issuer>
<samlp:NameIDPolicy
AllowCreate="1"/>
Is this Issuer url correct? Why is it looping and how to fix ?
Re Q#1: You only need Tomcat users if you're going to protect an application with it, such as the Tomcat manager. Otherwise, no.
Re Q#2: You list <SSO entityID="http://www.okta.com/~~~~"> but Destination="https://okta sso/sso/saml" from the SAML. You might want to check http/https. This is a very common cause of looping. Eliminate any potential http/https inconsistency.
FWIW Issuer looks correct to me... that's what you specify in entityID="https://hostname/shibboleth-sp"
We are releasing a new version of our Web app and in the process doing a branding change with a new domain also.
Both our apps are hosted in Azure.
Current App - Cloud Service
New App - Azure Website
What I want to achieve is redirect any old links from the old domain to the new domain while keeping the url portion.
Example:
User visits
https://my.currentdomain.com/any/link
and will be directed to
https://my.newdomain.io/any/link
Do I do a CNAME from currentdomain to newdomain and then a URL Rewrite in my web.config??
Thanks!
Update - I've test this locally and it does what I'm looking for. I'll just point the cname of the old domain to the new domain and this redirect should pick up the links.
<rule name="Redirect to new domain" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_HOST}" matchType="Pattern" pattern="^olddomain(:\d+)?$" />
</conditions>
<action type="Redirect" url="https://my.newdomain.io/{R:1}" redirectType="Permanent" />
</rule>
The fact that you host your application in Azure has minimal to no impact on the solution you are going to find.
When you do such things, you usually want to also keep all the credits that you have in the search engines. And you can only achieve that if your https://my.current.domain.com/any/link does a HTTP 301 Redirect Permanent to the new location.
Depending on the size and complexity of your project this can be a trivial task or not so easy.
One option, which is valid only if you want to redirect few (like a dozen) links. You can do that directly in your Web.Config file:
<location path="any/link">
<system.webServer>
<httpRedirect enabled="true" destination="https://my.newdomain.io/any/link" httpResponseStatus="Permanent" />
</system.webServer>
</location>
This of course makes no sense when you have a bunch of links, or even a whole CMS behind the scenes. If this is the case, I would opt-in for writing a custom HTTP Module for IIS. This module will have the sole purpose of inspecting the incoming URI and either let it further, or generate HTTP 301 redirect.
If you are using the latest and the greatest from Microsoft, the same (custom HTTP Module) can be achieved with a custom OWIN Middleware.
If it is just domain change, all paths and query strings are to be kept, check out this good article how can you do this with URL Rewrite under IIS.
add this code to your header file:
<script type="text/javascript">
// Get Current URL
var url = window.location.href;
// Replace domain in URL
var newurl = url.replace("olddomain.com", "newdomain.com");
// Redirect to new URL
document.location = newurl;
</script>
I've got an azure website (at http://ekpowestore.azurewebsites.net/) that won't show a Facebook like button in Explorer or Firefox. It does in Chrome and Safari. Yet if I change the address to https (as in https://ekpowestore.azurewebsites.net/), the Like and Share buttons render just fine.
Liking an https isn't the same as http. I guess I can refer folks to the https site, but I'm still curious about what the root cause is.
Of course, I tried about 100 different things before finally throwing up a nearly empty page on my azure site.
seems your page returns 307 "Internal Redirect" while trying to load the Facebook script on HTTP request. I am not sure, but you possibly used "Protocol relative" referencing on your javascript like
js.src = "//connect.facebook.net/en_US/sdk.js";
which will redirect the action with using the current protocol (https://connect.facebook.... if you are using HTTPS or to HTTP). Could you please try to replace it with full url to give it a try ?
eg.
js.src = "https://connect.facebook.net/en_US/sdk.js";
I give up. This isn't the actual answer to the o.p., so I won't mark it as such. But it is what I did to address the problem - So perhaps someone will find this useful.
Note that I did take the entire app down to just an html doc with a facebook like plugin in it - No other dependencies - And yet then still IE and FF no love, Safari and Chrome fine. This was both using a protocol relative Facebook path (i.e. - "//connect.facebook.net/en_US/sdk.js") and a specified https path (i.e. "https://connect.facebook.net/en_US/sdk.js")
So rather than fight the http - https mixed content war that Gaurav pointed out may have been happening with the Facebook reference, I changed the Azure site so it always forwards http to https. Problem solved, moving on ('problem solved' being slightly different than 'question answered').
Added a web.config file consisting of the following worked for me:
````
<system.webServer>
<validation validateIntegratedModeConfiguration="false" />
<rewrite>
<rules>
<rule name="Redirect HTTP to HTTPS" stopProcessing="true">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther"/>
</rule>
</rules>
</rewrite>
</system.webServer>
I have a Facebook canvas app developed in /net using C# and the latest Facebook SDK 5.xyz
Everything was working fine when i had the app was running a website where all files were on root directory ( http://localhost:81/ ).
Now I had to move (adapt) my app to run from a subdir of an existing website ( http://localhost:81/MySiteFacebook/ )
in web.config i have
<handlers>
<add name="facebookredirect" path="facebookredirect.axd" verb="*" type="Facebook.Web.FacebookAppRedirectHttpHandler, Facebook.Web" />
But this way is not working, while the Authorization is doing the redirect i see in url:
http://www.facebook.com/dialog/oauth/?scope=user_about_me,publish_stream,email&state=STATEHASHHER&client_id=CLIENTIDHERE&redirect_uri=http://localhost:81/facebookredirect.axd
if i manulay add in the url at redirect_uri the subdir and come with: http://localhost:81/MySiteFacebook/facebookredirect.axd
The redirect works fine, it sends me to my registration page.
Given this behavior i went back to my web.config and added the /MySiteFacebook/facebookredirect.axd to the 'path' of the handled.
Guess what? it is not adding this path to the redirect_uri.. ? :(
Any idea? please , Thanks.
You're changing the web.config in the wrong place, you should be editing the urls in the facebookSettings such as:
<facebookSettings appId = "{app_id}" appSecret = "{app_secret}"
canvasPage = "http://apps.facebook.com/{canvas_page}/"
canvasUrl = "http://localhost:81/MySiteFacebook"
secureCanvasUrl = "https://localhost:81/MySiteFacebook" />