WebClient.UploadData error: (401) Unauthorized - webclient.uploaddata

I'm getting this error... What is puzzling me is the fact that i do not have any type of security enabled for the page i'm invoking...
WebClient myWebClient = new WebClient();
myWebClient.UploadData(myUrl,"POST", myByteArray);
When i access directly to the page ( on ie ) it works fine, with the WebClient it's not working.
Anyone has a clue on what can be wrong?

IE supports integrated security, which will use your current login credentials as the username and password, so you don't have to manually enter it.
If you are using IE, use Firefox and see if you are prompted for a username and password. Or, in IE, you can go to Tools, Options, Advanced, and uncheck Integrated Windows Authentication.
Most likely, you'll have to configure the web application to support anonymous access, or you'll have to implement security in your WebClient.

If you are struggling to get to the bottom of it Fiddler might shed some light. You will have to manually edit your code to go through the Fiddler proxy, but once that's done you can compare the IE result to the code one.

Related

How to get the response body during a Selenium UI test run

Scenario: Grab the authToken after a login.
Pseudo code | Steps :
Login via UI ( selenium )
grab the authToken via Rest.
Note :
I know how to do this completely via RESTassured or Postman but what would be a good approach to handle this during an automated UI test run.
It's easy to do it manually via Chrome Dev tools but using Java - it's a little bit challenging.
Any help would be nice.
If you have the auth token in the cookie then you can use the below.
# update auth_token below with the correct cookie name
authToken = driver.get_cookie('auth_token')['value']
You can fetch out the token value from the client side. It can be in cookies, local storage or the session storage
Check these value in browser. Open developer tool -- Go to application tab and on the left menu u can find these values for each website
or
Try following js command in the browser console
window.document.cookie
window.localStorage
window.sessionStorage
if u can find your token via any of the above js command , use can use them in selenium.

How to use new enhanced sessions in Parse with users created on cloud code?

I was trying out the new enhanced revocable sessions in Parse on my Android app. It works well when logging in or signing up via email password or facebook but doesn't work well for custom authentication, e.g. google+.
I'm currently logging in the user using the cloud code which also creates the new user when signing up. This does not create a new Session object, that means the new enhanced sessions are not used and it still uses the legacy sessions.
I pass the session token back to client where using the become method the user logs in but it's the legacy sessions.
This feels like the feature is not complete but I would really like to move to the new enhanced sessions with my app. Has anyone worked with them yet? Are there any workarounds using the REST API or by creating the sessions manually and handling them manually? I looked into the JS API but it says it's only read only.
Here's the Blog post on Enhanced Sessions.
Where should I go next?
Yes, I found a solution but it's a workaround, works for my case because I don't support signing up with user/password.
Basically, the solution (cloud code) in semi pseudo-code is:
Fetch the user with master key
Check if user.getSessionToken() has value
if it has, return the session token and do a user.become() in the client as usual
if it's not, here the workaround, do the following:
yourPreviousPromiseInOrderToChainThem.then(function(user)
password = new Buffer(24);
_.times(24, function(i) {
password.set(i, _.random(0, 255));
});
password = password.toString('base64')
user.setPassword(password);
return user.save();
}).then(function(user) {
return Parse.User.logIn(user.get('username'), password)
}).then(function(user) {
var sessionToken = user.getSessionToken();
// Return the session token to the client as you've been doing with legacy sessions
})
That means, I'm changing the user password each time in order to make a remote login and, of course, I know thist can't be applied to all cases, it's enough for app because I don't support login with user/password (only third party logins) but I understand that maybe it's not for all cases.
I got the idea from this official Parse example.
I don't like this solution because I think is not a workaround, it's a mega hack but I think there is no other way to do it currently (either Parse.com or Parse-Server)
If you find other workaround, please, share it :)

Fiddler: Respond to Requests Requiring a Client Certificate

I'm trying to scrape a website that first asks for a certificate. After you are authenticated it then will ask you to provide a username and password. Anyway I'm trying to use fiddler to see what i need to replicate and when i turn on it to "Capture traffic" and then I go to internet explorer and try to access the site it says " Internet Explorer cannot display the webpage " then when i turn off fiddler and try it again it brings me to the login page.
I've tried this link and i tried everything (Turning it into a .cer file and dragging into the folder also tried copy and pasting the code into the rule file to accept the certificate) and neither way worked. Does anyone have any other ideas.
Am I suppose to replace the fiddler root certificate somehow? or is there any solution that someone can suggest?
I figured out this problem. Just incase this trips someone else up. The oSession bit of code needed to be the first line after the OnBeforeRequest line. I don't remember where it was before but it didn't work. Example:
static function OnBeforeRequest(oSession: Session) {
oSession["https-Client-Certificate"]= "C:\\Yourcerfilelocation.cer";
//I omitted the standard code
}
Edit: OnBeforeRequest is a better method to place it instead of OnPeekAtRequestHeaders.

Custom URL parameters lost after OpenAM login redirection

I'm using OpenAM for authentication on my application. I access to my app using such URL:
http://my.company.com/appfolder/appservlet?lang=EN&user=test
On first access, OpenAM agent catches the URL and redirect my browser to the authentication page using this redirection URL:
...openam/UI/Login?goto=http%3A%2F%2Fmy.company.com%3A8080%2Fappfolder
After correct authentication, I'm finally redirected to the following URL:
http://my.company.com/appfolder
This is logic since this is the URL referenced in goto param. But it's not the same than original one: the servlet and custom params (lang and user) are missing.
Any idea how to configure my agent to make it keep servlet and params after redirection ?
take a look at this step of the tutorial "Add Authentication to a Website using OpenAM".
In section "Creating An Access Policy" -> "Wildcard matching" is your answer:
The wildcard * in policy URLs does not match '?'. As such if you
wish to allow GET parameters to be submitted then a second policy for
http://webserver.example.com/*?* is required.
Thanks for your answer. As mentionned in my previous comment, the adding of new policy does not resolve my issue. Actually, I'm not sure to understand how the policies can solve the issue since the goto parameter is generated by the J2EE agent, which acts before policies are applied (as far as I know... I'm maybe wrong).
Anyway, I could solve my problem by re-compiling the J2EE Agent: I've build a new agent.jar based on v3.0.3 available at forgerock. Then I replaced the AmFilterRequestContext.class by a new one, build on source available here:
http://www.docjar.com/html/api/com/sun/identity/agents/filter/AmFilterRequestContext.java.html
With this new agent, my goto is now correct, and redirection works well (and I don't have to define any policy).
The strange thing is that I don't understand why it works now ! I couldn't find any difference between java source mentionned above and uncompiled version of original class! I just added some System.out.println to get variables values and functions results, and built the jar. After restaring my jboss, the goto was correct. I'll try to understand why this finally work now when I've time.

Cannot log in to admin after upgrade

I need some help troubleshooting.
I've just upgraded my 1.3 site to 2.0 (with the intent of going on to 2.1). I get the actual page running, content is read from DB etc, but I cannot log in to the admin panel!
Just to make sure I didn't forget the password I did
<?php echo sha1('password' . 'salt'); ?>
Taking the salt from the DB, and the output is the same as is stored in the DB. But still I cannot log in. The log in prompt just reloads, no error message or anything. Any ideas?
I've also tried clearing cache/sessions/etc, and even a different browser to no affect.
Crossposted from the PyroCMS forum: https://www.pyrocms.com/forums/topics/view/19323
OK, since there doesn't seem to be any good suggestions found either here or on the PyroCMS forums and my site is very small content wise I decided to just wipe everything and do a clean install of the latest build instead.
Not a very good solution for future reference, but it will have to do.
From my checklist (it's been a while since I had this happen to me):
If you didn't get an incorrect password error, it may well be you were just being redirected back to the login page before the details were even checked. You can run into issues with enabling the 'Remove index.php from URL' in .htaccess - in /system/cms/config/config.php try changing
$config['index_page'] = 'index.php';
to $config['index_page'] = '';
or (as you've hinted):
clear the contents of default_ci_sessions table
clear the cookies for the domain (a quicker way is to just open a new Google Incognito window which won't have any cookies).
Also - you can initiate a password reset for the admin password using the ordinary user login form if you or someone else does ever forget it (don't though).