does anyone know how to connect Question2Answer to an Azure account?
I think the question just says it all, but the quality standards from stackoverflow force me to add some more text.
The short answer is to use the open-login plugin and Enable Microsoft Graph.
Here is a more detailed answer:
In Azure, you need to do this:
Register an App
Authentication -> add platform register for Web, specify redirect URL
In Certificate, generate a new client secret (this will be used for the plugin options)
We had to apply 3 patches:
qa-plugin/q2a-open-login-master/HybridAuth/Provider/MicrosoftGraph.php
-33 protected $authorizeUrl = 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize';
-38 protected $accessTokenUrl = 'https://login.microsoftonline.com/common/oauth2/v2.0/token'
+33 protected $authorizeUrl = 'https://login.microsoftonline.com/tenant-id/oauth2/v2.0/authorize';
+38 protected $accessTokenUrl = 'https://login.microsoftonline.com/tenant-id/oauth2/v2.0/token'
qa-plugin/q2a-open-login-master/HybridAuth/Hybridauth.php
+173 $config['callback'] = 'https://redirect URL/qa/?hauth.done=MicrosoftGraph';
qa-plugin/q2a-open-login-master/qa-open-utils.php
+194
+195 case 'MicrosoftGraph':
+196 return 'user.read';
Related
in order to be compliant with this GDPR: FB SDK Best Practices for GDPR Compliance (probably is old/deprecated docs because still use "AutoInit"
What needs to be done?
In didFinishLaunchingWithOptions i called this one
[[FBSDKApplicationDelegate sharedInstance] application:application didFinishLaunchingWithOptions:launchOptions];
But having an external SDK that manages cookies (and all SKD in the APP), what should i disable?
Only this one in the info.plist
<key> FacebookAutoLogAppEventsEnabled </key> <false />
and enable it or not according to the choice in the SDK_Cookie like this
[FBSDKSettings.sharedSettings setAutoLogAppEventsEnabled:myBoolFromSDK_Cookie];
Could you explain step by step?
If I disable all SDK also al deferral deep link stop working? (Is that right?)
[FBSDKAppLinkUtility fetchDeferredAppLink
How can I take this activation out to the didFinishLaunchingWithOptions to put it in a generic function? (Since the user must first give the consent then facebook should do the init?)
Thanks for your help
Now I'm using google ads . I followed the step from here(convert OC to C#).And I have add a new adUnitID .It built without error.However.My bannerView didn't display on my test device.Any advice? I know from other forum that google admob will be blocked in some countries, is that true?
in Appdelegate.cs
public override bool FinishedLaunching(UIApplication application, NSDictionary launchOptions)
{
Window.RootViewController = new XttcViewController();
Window.MakeKeyAndVisible();
MobileAds.Configure("xxx");
return true;
}
in ViewController.cs
public override void ViewDidLoad()
{
base.ViewDidLoad();
this.bannerView = new BannerView(new CGRect(0,100,320,50));
View.AddSubview(this.bannerView);
this.bannerView.AdUnitID = "xxx";
this.bannerView.RootViewController = this;
this.bannerView.LoadRequest(Request.GetDefaultRequest());
}
If you have recently created an AD unit ID(in 24 hours), it may take some time and several AD requests to build up AD resources. Because of this, you may not immediately see the actual presentation. You can use the test unitID. Please note that the test AD runs through the same channels as the actual AD. If the test AD returns, your application is communicating correctly with the network.
The test ID for bannerview in iOS is "ca-app-pub-3940256099942544/2934735716".
If your issue persists even if you use the test ID.You can check for more specific causes from the google support
I have an issue with the Windows Azure ACS and I can't quite determine if it's supposed to be that way, or if there's an error in my code.
I have a number of relying parties configured in the ACS and all of them are configured with HTTPS. Every service is configured in such a way that Token Encryption is required. For this, I've uploaded a certificate created using MakeCert.exe.
When the client communicates with the relying party, I add the public part of the certificate as the service certificate and I add the subject name as a DnsIdentity:
var identity = EndpointIdentity.CreateDnsIdentity( GetClientCertificateSubjectName() );
var serviceEndpointAddress = new EndpointAddress( new Uri( _serviceAddress ), identity );
// Creation of channel factory
if( channelFactory.Credentials != null ) {
channelFactory.Credentials.ServiceCertificate.DefaultCertificate = GetClientCertificate();
channelFactory.Credentials.ClientCertificate.Certificate = GetServiceIdentityCertificate();
}
Here's the thing: when I call the relying party over HTTPS, then I can skip the creation of the EndpointIdentity and then the relying party will give me a correct answer. I can also skip setting the ServiceCertificate.DefaultCertificate property or set a totally random certificate, and the relying party will still give me a correct answer.
When calling over HTTP, doing any of the above will result in the ACS erroring out with messages indicating that I haven't used the correct certificates. In short: when calling over HTTP, I can only communicate with the correct client certificate. I expected that this was the case for HTTPS as well.
I can imagine that the ChannelFactory<T> or the ACS is smart enough to detect that HTTPS is used and that the configured encryption is skipped, in favour of SSL encryption. Sadly, I can't find any documentation that supports this idea.
My question is: Is it normal to ignore the EndpointIdentity and certificates when calling a relying party over HTTPS? Or do I need additional configuration to make this work?
Thanks in advance!
The amount of information I gave turned out to be insufficient to properly answer the question. It turned out that it was all in the bindings we were creating. It creates a binding with the following piece of code:
public static Binding CreateServiceBinding( string acsCertificateEndpoint, string bindingNameSpace, bool useSsl ) {
var binding = new IssuedTokenWSTrustBinding( CreateAcsCertificateBinding(), new EndpointAddress( acsCertificateEndpoint ) );
if( useSsl ) {
binding.SecurityMode = SecurityMode.TransportWithMessageCredential;
}
if( !string.IsNullOrWhiteSpace( bindingNameSpace ) ) {
binding.Namespace = bindingNameSpace;
}
return binding;
}
public static CertificateWSTrustBinding CreateAcsCertificateBinding() {
return new CertificateWSTrustBinding( SecurityMode.TransportWithMessageCredential );
}
That results in the following:
If it is http communication, it goes through MutualCertificate authentication mode flow and it is applied on the message layer only. That is why client is mandated to present a client certificate. This binding element creates an asymmetric security binding element that is configured to require certificate-based client authentication as well as certificate-based server authentication.
If it is https communication, it goes through the CertificateOverTransport authentication mode flow and it is applied on transport layer only. That’s why even though client certificate is not presented, it works. This binding element expects the transport to provide server authentication as well as message protection (for example, HTTPS).
For more information on the security modes, check out the following links:
https://msdn.microsoft.com/en-us/library/ms733098%28v=vs.110%29.aspx
https://msdn.microsoft.com/en-us/library/ms731074%28v=vs.110%29.aspx
Hope this helps someone!
I am trying to create a local workspace so I can map it to VisualStudio online account. Here is the command I am trying to run.
tf workspace -new -login:"Windows Live ID"\user,pass -collection:https://shaggyinjun.visualstudio.com/DefaultCollection
For some reason I am seeing an error. The command does have a domain/user,pass. What is this new username and password it is asking me for ?
Federated authentication to this server requires a username and password.
Apparantly this is issue is caused even when using java clients. Here is what Visual Studio Online has to say for it's questionable behavior.
Alternate authentication credentials
Some applications that work outside the browser (including Team Explorer Everywhere
command line client and the git-tf utility) require basic authentication credentials.
Other applications do not properly handle using an e-mail address for the user name
during authentication.
To work with these applications, you need to enable alternate credentials, set a
password, and optionally set a secondary user name not in the form of an e-mail address. > Please note that alternate credentials cannot be used to sign in to the service from a web
browser or outside of these applications.
Here is another question that I posted and was shot down. Just documenting here for future reference
I am able to login using my Visual Studio online credentials via the CLC, but When I try to do the same with a java program, I get an Authentication exception. Is there anything special that needs to be done for Java and / or Visual Studio Online ?
Java Code
public static final String NATIVE_LIBS_SYSTEM_PROPERTY = "com.microsoft.tfs.jni.native.base-directory";
public void connect() {
System.setProperty(NATIVE_LIBS_SYSTEM_PROPERTY, TFS_NATIVE_LIBS_HOME);
Credentials credentials = new UsernamePasswordCredentials("Windows Live ID\\user", "password");
TFSConnection connection = null;
try {
connection = new TFSConfigurationServer(new URI("https://shaggyinjun.visualstudio.com/DefaultCollection"), credentials);
connection.authenticate();
} catch (URISyntaxException ex) {
Exceptions.printStackTrace(ex);
}
}
}
Exception
com.microsoft.tfs.core.ws.runtime.exceptions.UnauthorizedException: Authorization failure connecting to 'https://shaggyinjun.visualstudio.com/DefaultCollection/TeamFoundation/Administration/v3.0/LocationService.asmx' (authenticating as Windows Live ID\user)
at com.microsoft.tfs.core.ws.runtime.client.SOAPService.executeSOAPRequestInternal(SOAPService.java:709)
at com.microsoft.tfs.core.ws.runtime.client.SOAPService.executeSOAPRequest(SOAPService.java:473)
at ms.ws._LocationWebServiceSoap12Service.connect(_LocationWebServiceSoap12Service.java:384)
at com.microsoft.tfs.core.clients.framework.location.internal.LocationWebServiceProxy.connect(LocationWebServiceProxy.java:70)
Caused: com.microsoft.tfs.core.exceptions.TFSUnauthorizedException: Access denied connecting to TFS server https://shaggyinjun.visualstudio.com/ (authenticating as Windows Live ID\venkatram.akkineni#gmail.com)
at com.microsoft.tfs.core.exceptions.mappers.TECoreExceptionMapper.map(TECoreExceptionMapper.java:75)
at com.microsoft.tfs.core.exceptions.mappers.LocationExceptionMapper.map(LocationExceptionMapper.java:32)
at com.microsoft.tfs.core.clients.framework.location.internal.LocationWebServiceProxy.connect(LocationWebServiceProxy.java:76)
at com.microsoft.tfs.core.clients.framework.location.LocationService.connect(LocationService.java:754)
at com.microsoft.tfs.core.clients.framework.location.LocationService.authenticate(LocationService.java:928)
at com.microsoft.tfs.core.TFSConnection.authenticate(TFSConnection.java:748)
at org.netbeans.modules.libswrapper.Installer.restored(Installer.java:54)
at org.netbeans.core.startup.NbInstaller.loadCode(NbInstaller.java:471)
[catch] at org.netbeans.core.startup.NbInstaller.loadImpl(NbInstaller.java:394)
at org.netbeans.core.startup.NbInstaller.access$000(NbInstaller.java:105)
at org.netbeans.core.startup.NbInstaller$1.run(NbInstaller.java:346)
at org.openide.filesystems.FileUtil$2.run(FileUtil.java:447)
at org.openide.filesystems.EventControl.runAtomicAction(EventControl.java:127)
at org.openide.filesystems.FileSystem.runAtomicAction(FileSystem.java:609)
at org.openide.filesystems.FileUtil.runAtomicAction(FileUtil.java:431)
at org.openide.filesystems.FileUtil.runAtomicAction(FileUtil.java:451)
at org.netbeans.core.startup.NbInstaller.load(NbInstaller.java:343)
at org.netbeans.ModuleManager.enable(ModuleManager.java:1194)
at org.netbeans.ModuleManager.enable(ModuleManager.java:1017)
at org.netbeans.core.startup.ModuleList.installNew(ModuleList.java:340)
at org.netbeans.core.startup.ModuleList.access$2400(ModuleList.java:118)
at org.netbeans.core.startup.ModuleList$Listener.stepEnable(ModuleList.java:1409)
at org.netbeans.core.startup.ModuleList$Listener.access$1400(ModuleList.java:1007)
at org.netbeans.core.startup.ModuleList$Listener$1.run(ModuleList.java:1231)
at org.openide.filesystems.EventControl.runAtomicAction(EventControl.java:127)
at org.openide.filesystems.FileSystem.runAtomicAction(FileSystem.java:609)
at org.netbeans.core.startup.ModuleList$Listener.run(ModuleList.java:1207)
at org.openide.util.RequestProcessor$Task.run(RequestProcessor.java:1423)
at org.openide.util.RequestProcessor$Processor.run(RequestProcessor.java:2033)
If you're connecting to visualstudio.com from the cross-platform command line client, you need to set up and use "alternate credentials".
You cannot use a Microsoft Account (Live ID) because - crazy as it sounds - that only works by supplying passwords to that web page and we cannot rely on a web browsers existence on many platforms.
I have a WebAPI built using ASP.NET MVC4. It is a simple API for getting data (simple HTTP GET requests). The API is stable and has been working with our mobile (MonoTouch) app for quite some time. Now we're putting ForeFront UAG in front of the API (simply changed web.config to use windows auth. Testing the security and API through a browser e.g. Chrome, and the UAG login is presented (when hitting API first time). Enter your credentials and then you get the data back for the API GET request. All what you'd expect. Now, from .NET code (no browser) I want to do the same thing. I've seen examples accessing SharePoint programmatically and some windows phone stuff, but none of them seem to work for ASP.NET MVC4 WebApi calls from just regular old .NET code (which I'll eventually use in MonoTouch).
Anyone have an example of how to Authenticate and then make HTTP GET request successfully through UAG to an ASP.NET MVC4 WebApi?
I don't have the disposal over a ForeFront UAG so I can't test this. But in general you have a few options. The samples are snippets and some code is left out for readability.
WebClient / HttpWebRquest
CredentialCache credentials = new CredentialCache();
credentials.Add(new Uri(url), "NTLM", new NetworkCredential(userName, password, domain));
//WebClient
var webClient = new WebClient();
webClient.Credentials = credentials;
//HttpWebRequest
var request = HttpWebRequest.Create(url);
request.Credentials = credentials
HttpClient
WebRequestHandler clientHandler = new WebRequestHandler();
clientHandler.UseDefaultCredentials = true;
clientHandler.AllowPipelining = true;
clientHandler.ImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
ProgressMessageHandler progress = new ProgressMessageHandler();
httpClient = HttpClientFactory.Create(clientHandler, progress);
You have also the options of using third party libraries to get this job done, like RestSharp or Service Stack.
Personally I make use of RestSharp because of the ease of use and serializing/deserializing capabilities.