I have a PowerBI Report Server installed in an IIS and works with all of these URLs:
localhost:8080/reports
HOSTNAME:8080/reports
10.1.10.10:8080/reports
And I am trying to do this with Reverse Proxy:
localhost/OLAP --> localhost:8080/reports
I did what said in https://reda-bacha.medium.com/how-to-use-power-bi-report-server-with-a-reverse-proxy-3617827b008a, but when I reverse proxy this URL, it asks for credentials.
Then I enter the correct credentials but still no login and asks again.
I tested the reverse proxy with a wrong URL to get 404 error, which worked with no issue.
But the only issue is with this URL.
Am I missing something?
Windows Server 2022, IIS Version 10.0.20238.1.
Related
maybe someone can help me out.
I have a publicly accessible IIS Web Server (DMZ) with ARR enabled and use that IIS as a reverse proxy to rewrite all requests to an internal Website (QlikSense). So far so good. I sucessfully implemented keycloak as my Authentication module which is currently also installed on that external accessible DMZ server. Here comes my issue. Whenever I request the external URL, it sucessfully redirects me to my internal application (url rewrite) , and from there (over a redirect Uri) back to the keaycloak instance (which sits on the DMZ server) for authentication. Everything works fine but from an architectual point that setup is questoinable in my eyes. I would like the authentication to be happening internally and not on my DMZ server (behind the Reverse Proxy). But all my attempts to make keycloak authenticate on an internal installation failed so far (page cannot be opend because server not found). What do I miss to make external requests being rewritten to the internal keycloak server without getting the error that SAFARI CANNOT OPEN THE PAGE BECAUSE THE SERVER CANNOT BE FOUND ?
I would like to have the authentication part being handeld internally (behind reverse Proxy) and not externally, since port 8080 needs to be open on the DMZ which is a security issue...
thanks
I restored the Test DNN Website and Database on local machine but still it is redirecting to Test Url.
Please help me run the DNN Website on Local Machine.
I change the PortalAlias, PortalSettings, webconfig pointing to Local Database. But still not resolved.
following message appears, when I enter my email for Login:
https://login.microsoftonline.com/XXXXXX-XXXX-44e7-XXXX-7de5c833XXXX/oauth2/authorize?scope=email&client_id=3b8a260d-PPPP-420a-PPPP-efd8cad8XXXX&redirect_uri=https%3a%2f%2fuattest.tio.com%2fLogin&state=Azure&response_type=code&login_hint=arsalan.amin#tio.com
https%3a%2f%2fdnn.localhost.com
https%3a%2f%2fuattest.tio.com
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'XXXXXXXX-XXXX-420a-XXXX-efd8cadPPPPP'.
Configuration in .net framework generally we only need to modify the redirecturl.
Make sure the redirecturl in project same as azure portal, your issue should be solved.
Solution:
After you restored website, please check the RedirectUrl.
Click App registrations, and check Authentication->Platform configurations->Redirect URIs.
I have a web app that is on a IIS 10 server. I am using Azure AD for authentication. Everything works fine in Visual Studio 2019. If I use the browser on the IIS server, everything works fine. It does not work on a browser on my workstation.
When I open the web app, it redirects to login.microsoftonline.com and finds my Microsoft account. It tries to redirect back but eventually says "Pick an account" "We couldn't sign you in. Please try again"
If I copy the parameter redirect_uri from the current page url, and put in a new browser, it brings me to my site authenticated.
Any help would be appreciated.
I found the issue. If neither https:// or http:// was entered in the URL, it assumed http://. Azure AD didn't like this. The solution was to add a URL rewrite in IIS to ensure https://
I deployed multiple applications in tomcat-7.0.55 and used Central authentication service(CAS) for single sign-on. But when I am accessing an application and when it is getting redirected to CAS login page, I understood it was authenticated successfully and TGT and ST tickets were also generated.
But after the successful authentication, it is not getting redirected to the application page. I observed that the Proxy callback authentication is failed and the corresponding ticket is not generated. I could see this information in the catalina.out file.
For more information, my CAS authentication is running on http instead of https. Please let me know if this could create any problem.
And more over, all my apps are hosted on the 8080 port but the proxyCallbackUrl I gave is on 80 port. First of all my URL for the proxyCallbackURL is http://my_server_private_ip/webappcas2/proxyCallback (this was configured earlier to me) but I am not sure what URL is to be given as for the proxyCallbackUrl in the web.xml file of the application.
Thanks in advance.
Running CAS on a nonsecure port will not allow you to use single sign on. Furthermore, proxy callbacks are required to be https by default which is why you are seeing that error. Switch to https and all your problems will go away.
Have a IIS Reverse proxy redirect on specific request on WebSite with windows authentication and impersonation to another local site with win.auth + impersonation.
Reverse proxy and the web application placed on a different machines and iis versions (proxy- IIS 7.5 , webApp IIS6) and the same domain.
Requests through the reverse proxy does not allow the user to be authenticated on the remote server. has an infinite authentication request.
This is inherent to the way windows authentication (NTLM) works: the password is never sent, authentication is done with a salted hash of the password, so the first server can authenticate the user but cannot re-use those credentials to impersonate the same user on a remote server (since without the password it cannot authenticate).
Look at this blog post to get more information about this problem (which is known as "double-hop problem").