Am I missing something here?
Does new-webserviceproxy not support proxy credentials?
Corporate environments invariably use proxy servers to talk to the rest of the web and I can't seem to get new-webserviceproxy to talk through ours. I get a 407 proxy authentication required error in return - the credentials argument is for credentials to the webservice not for the proxy.
Unfortunately, this cmdlet has no support for proxy credentials. You may want to try using the code posted here by Lee.
http://www.leeholmes.com/blog/2007/02/28/calling-a-webservice-from-powershell/
He uses NET.WebClient namespace and hence it is possible to add proxy credentials to the connect-WebService code.
Related
I can not get the Rest API to work with Basic Authentication like in the guide i.e. https://myAppID:javascript-key=myJavaScriptKey#api.parse.com/1/classes/GameScore/Ed1nuqPvcm.
I can make it work if I use curl and pass the keys via HTTP Headers, however I'm trying to use a WebHook from another service and I don't have the ability to send HTTP headers.
2 issues when trying locally:
http(s) does not work even locally.
http gives me error:unauthorized.
I'm using parse-server installed via npm globally but don't see a place to add cert.
Please help!
I was able to use http local and remote using the format http://myAppId:myMasterKey#mydomain.com:1337/parse/classes/myClass and it worked fine. If you use Postman you have to turn on Basic Auth in the header section.
I'm trying to connect to our TFS with the Eclipse Plugin using this tutorial: https://msdn.microsoft.com/en-us/library/jj155782(v=vs.120).aspx
Unfortunately I get different error messages (depending on what I do):
#1
URL: http://< my TFS-URL >/tfs
Result: "The soap endpoint /Servies/v1.0/Registration.asmx could not be contacted. HTTP status: 404"
#2
URL: http://< my TFS-URL >/tfs/DefaultCollection
Result: "Basic credentials are only supported over HTTPS secure connections"
#3
URL: https://< my TFS-URL >/tfs (doesn't matter if DefaultCollection is there or not)
Result after about 2 minutes of waiting - I can't login at all: "Unrecognized SSL message, plaintext connection?"
The URL and the credentials are 100% right, I can connect in the browser but it wont work with Eclipse.
We are using TFS2013 and my plugin version is 14.0.2.2015... if that is somewhat important.
The problem is staring you in the face:
URL: http:///tfs/DefaultCollection Result: "Basic credentials are only supported over HTTPS secure connections"
You need to either set up TEE to not care if you send credentials over plain-text (which is bad and I strongly recommend against, but can be accomplished by setting the com.microsoft.tfs.client.allowInsecureBasic environment variable), or set up HTTPS.
Enabling Basic authentication and setting up HTTPS is something your TFS administrator will have to do.
There are other options (like Kerberos authentication) if you have your Mac joined to a Windows domain, but HTTPS + Basic authentication is probably the easiest if you don't.
I have a self-hosted owin web api service on a test environment, and to give it a better name I use a domain alias, and ARR.
My web api runs on port 8888, and uses Windows Authentication. I have configured my arr to run under testserver:80 with anonymous authentication. I want to deploy a service on the box that will pool the webapi for data. When I try to visit testserver from my web browser on my desktop it works fine. However, when I remote into that box and try to hit testserver it prompts me for credentials. Even if I type them correctly it still will issue me a 401. If I go to localhost:8888 the site will work.
Since, I'd prefer to use the pretty name for the server in my service how do I correct this issue. How do I get it to pass credentials on the same box through ARR?
You might have have an issue with LSA loopback checking.
You get the 401 because ARR forwards your Windows Authentication to localhost, which is not allowed (default setting).
Try to disable LSA loopback checking (restart most probably required). If that works you can limit the disabling of loopback checking to specific websites (to prevent security holes).
See You receive error 401.1 when you browse a Web site that uses Integrated Authentication and is hosted on IIS 5.1 or a later version for more information on the LSA loopback check and how to disable it completely or only for specific hostnames.
I have a system in which I use Kerberos with simple delegation to have an AD user's credentials forwarded from a website to a downstream HTTP REST service using integrated Windows authentication. All servers are Windows Server 2012 R2.
This works great.
The issue comes when I started doing Powershell remoting to the same servers that my backend HTTP service runs on. Enter-PSSession makes a Kerberos auth request for the WSMan service on the target machine. AD sees this request, and encrypts the requested ticket with the identity that my custom HTTP service runs as, which the WSMan service obviously cannot use, and remoting fails.
I know it's possible to force IE to do port-specific SPN requests (via KB908209), but I have not been able to have the 2nd hop (i.e. the IIS-brokered request) to do a port-specific request. Nor have I been able to get powershell to make a port-specific request on 5985 for WSMan.
To make things more concrete:
Client browser makes a request to ServerA. Browser makes a Kerberos ticket request to AD for HTTP/ServerA, which is granted and then sent to ServerA.
ServerA wants to make a delegated request to http://ServerB:15200.
ServerA makes a request to AD for a Kerberos ticket for SPN HTTP/ServerB. It does not make a request for SPN HTTP/ServerB:15200. I want it to.
If I have my SPN set up as HTTP/ServerB:15200, simple delegation in IIS fails, but powershell remoting works. If I have my SPN set up as HTTP/ServerB, simple delegation works but powershell remoting fails. If I have my SPN set up as HTTP/ServerB:5985, nothing works.
I am totally stumped at this point -- doesn't seem like delegation and per-port SPNs play nicely together?
You can workaround this by setting up an alias for ServerB, give the HTTP/ServerBAlias SPN to the IIS account and HTTP/ServerB to the PS account, and then make ServerA send its requests to ServerBAlias. Or use the FQDN (e.g. ServerB.domain.local) in one SPN and the NETBIOS in the other (e.g. ServerB).
Or, you can look at how this person hosted WinRM in IIS with a custom account.
Do you have ms-DS-Allowed-to-Delegate-to attribute for HTTP/ServerA set to the list of HTTP/ServerB and HTTP/ServerB:15200?
IIS Media Services 4.1:
I have a dedicated website setup on my win 7 dev box. I'm testing the REST service with Windows Auth turned on from both calls from a browser as well as a test C# winform app. Using the browser I try to hit http://iismediatestsite/services/smoothstreaming/publishingpoints.isml I get challeneged (good) but when I put in my domain creds I get into a loop where it keeps prompting for creds. My domain account is an admin on this box. If I use my test app I set UseDefaultCredentials to true but I get a 401 returned.
Using Basic Auth works fine with both clients.
Any ideas?
TIA
Okay apparently this is caused by an issue when authenticating by NTLM via a loopback address. It is better explained and a workaround provided here:
http://support.microsoft.com/kb/896861