I'm running a Dash/Flask app on Windows Server 2019 with IIS. I installed IIS with CGI, installed wfastcgi in the app's virtual environment, ran wfastcgi-enable as an administrator and specified the FastCGI application as a route handler in web.config using the virtual environment's python executable and wfastcgi.py file, etc.
That all went smoothly and the app is up and running. The app redirects to '/' to login if the user is logged out. This all works perfectly when I run the app on Flask's built-in server, but only works periodically (i.e. sometimes the user is no longer logged in, after the redirect, or refreshing the page logs out the user by chance) in this IIS/fastcgi setup. I use flask-login to login and authenticate users, following closely the example given here: https://github.com/RafaelMiquelino/dash-flask-login.
I also tried to configure flask-login's remember me functionality to persist the login after browser close, but this didn't change the mentioned issues.
Has anyone else experienced this? I'm open to any ideas on why I'm experiencing this strange (session?) behavior with IIS and FastCGI.
Thanks!
EDIT:
Moreover, I did some more tests and found that it is not only random logouts, but also some kind of "random logins":
1. User logs in at login page and is redirected to the "real" content located under /success: Message: User could not be authenticated.
2. Reloading the webpage "/success" without any further action: User is authenticated and can see the content. After repeated reloading the same user is randomly authenticated or not.
Try to increase the iis application pool recycling and ideal time out value.
increase fast cgi ideal time out:
Make sure you set app.secret_key to some secret key. yo could get key by following below code:
import os
os.urandom(24)
Use the following command to quickly generate a value for Flask.secret_key (or SECRET_KEY):
$ python -c 'import os; print(os.urandom(16))'
b'_5#y2L"F4Q8z\n\xec]/'
Refer this link for more detail:
flask-login invalidates session randomly after authentication
https://flask-login.readthedocs.io/en/latest/
Related
I'm building a Blazor WASM app with Azure AD, and I'm struggling with what appears to be an inefficiency in the way it's designed. The entire application, including the home page, needs to be secured by [Authorize]. It works (with one exception noted below), but the initial load is painfully slow. Basically, on reaching the home page, Blazor loads the entire application -- running Program.Main in it's entirety, loading JS files from CDN or webpack bundles, loading all the .NET dlls, and THEN decides that it needs to redirect to Azure to authenticate. Once it returns, it does all that again. Loading the various files is not too much of a problem, since it gets them from the browser cache the second time. The problem is that is also needs to run Program.Main again.
In my rather large client app, it takes a few seconds to configure all the services (I'm using a lot of gRPC). The biggest culprit though is a call to the server API to get certain app settings that I don't want to expose to the client (basically doing this). Moreover, that API call doesn't even succeed, since the API endpoint is secured, and the user hasn't authenticated yet, but I don't know how to get the user info from within Program.Main. The log messages show that the user identity is not even created until sometime after Program.Main completes. (One of the settings is the roles-to-permissions mapping, so I can't even draw the app's menu without it. I've resorted to removing the auth requirement from the API controller for now, obviously not a permanent fix)
To replicate the behavior, just create a brand new Blazor WebAssembly app, selecting Auth Type = Microsoft identity platform, and checking the ASP.NET Core hosted box. Then just edit both appsettings.json files to provide your Azure login info; change the requested scope in Client.Program.Main (and change the one in WeatherForecastController to match); and add [Authorize] to the _imports.razor file, and [AllowAnonymous] to Authentication.razor. Finally add some logging Console.WriteLine("Running in Client.Program.Main"); near the end of that method.
In the basic Blazor app template as described above, this all runs pretty fast. Once there's a significant amount of startup code in Program.Main, though, it becomes quite noticeable, it can be several seconds both before and after the login redirect. And I can't make an authenticated API call.
Specifying endpoints.MapFallbackToFile("index.html").RequireAuthorization(); in the server side Startup doesn't seem to make any difference. Neither does adding options.FallbackPolicy = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build(); to the AddAuthorization call.
So basically, I'm looking to:
Identify the user in Client.Program.Main, so I can make a secure call to the settings API
Identify the user in Client.Program.Main, so I can bypass all the time-consuming stuff myself on the first pass
Get Blazor (server?) to somehow recognize that a request for a protected page will fail for an unauthenticated user, and go directly to the Azure login page without all the usual ceremony
Any suggestions?
I just deployed OpenAM-14.5.1.war into Tomcat on my Mac and went through the initial configuration setup (create new/default configuration). The setup completed successfully. I was then led to the login page. I provided the same username/password as I did during the setup but getting the Authentication Failed message. Any idea why?
Figured it out. The issue was - I was using a browser window that disabled cookies. Once I started using normal browser window, I was able to login successfully.
I am randomly getting a login prompt asking me to log in to localhost:3000 while working on my project (in localhost). Sometimes it does not show up the whole day and next morning I get 10 prompts in a row (canceling through pressing escape), and then it starts working properly again.
These are the errors I get in the console when it has been canceled:
I suspect one of the following, but really I have no idea:
Webpack is not configured correctly
There is some resource that requires authentication (but I can't figure out which), I am running everything on localhost
There is something wrong with the node.js server thingy...
Any tips on what might be going on are very welcome.
Edit: My backend is mocked in localhost.
Edit 2: I found this: Receiving login prompt using integrated windows authentication and it is possible that the thing that is causing the error is some faulty configuration in my IIS. But it is difficult to verify since it only shows up randomly.
Webpack has nothing to do with your API calls.
401 errors are due to auth credentials failing.
It means that your backend ask you to update your token(s) used for auth in API calls.
I have slackbox running locally, have created a Spotify dev application and have successfully authenticated slackbox. It says I am logged in at http://localhost:5000/. All of my variables have been set, including the slack token, in an .env file via dotenv.
All seems well there.
On the slack side, I have created a slash command mapped to /spotify that POSTs to http://localhost:5000/store. The slash command shows up in my command description list when typing.
When I attempt to use it though, I get an access denied message in chat, I'm assuming due to cross-domain issues:
ERROR: The requested URL could not be retrieved Access Denied.
According to their docs - https://github.com/benchmarkstudios/slackbox - running this locally should work. I also run a Hubot bot locally and it integrates fine with the same slack room.
Any help is appreciated!
https://sprint.ly/blog/5-steps-to-a-slack-integration/
Slack’s outgoing slash command requests need to be sent to a public facing url, which is a problem if we want to receive these messages to our local development server.
How do we solve this?
One way is with the use of a secure tunnel which acts as a public HTTPS URL for our local development server. Problem solved!
Who provides this service?
ForwardHQ provide the best user experience, including a browser extension for setting up a local tunnel in one click. They have a free 7 day trial.
My preferred option is ngrok. It’s free for one concurrent tunnel client, with no time restriction. Woop! Its a little harder to use but it does the job.
I am creating and running automated test scripts for certain web application. In one of the scenarios I have, I have to work with a proxy. By the way, I am using robot framework plus selenium for my test scripts. So what I did, I created a separate browser profile which selenium runs. The problem is I can't interact with the credentials pop-up (asking for my username and password) using robot framework and selenium. Is there a way where I can configure the proxy username and password to be included in the browser profile? Or is there a way where robot framework and selenium can interact with the authentication window? Any suggestions in solving or ending up with a workaround for this issue anyone?
Thanks!
Robot Framework SeleniumLibrary uses Selenium RC internally. Proxy authentication can be defined when Selenium server is started, see http://seleniumhq.org/docs/05_selenium_rc.html#proxy-configuration for details.
So, if you start the server manually, just follow the above instructions. If you are using Start Selenium Server keyword, you can give those parameters as arguments:
| Start Selenium Server | -Dhttp.proxyHost=proxy.com | -Dhttp.proxyPort=8080 | -Dhttp.proxyUser=username | -Dhttp.proxyPassword=password |
I couldnt get this working with my proxy, so i set up a squid proxy, which connects to the parent using the credentials and offers a local free proxy to work with.
For me this is the most easy setup / solution.
Though its late to answer but I thought it will add value to previous answers.
There is a one more simple and quickest way, If it helps then great!
If you are running selenium server from cmd then
Start cmd with admin rights (run as administrator) so server is also started with admin rights,
Now run application, It may ask for username and password again but don't worry - just fill username and password or click cancel (in case of site running on localhost), and it will work like. (now it works as if it is passing username and password to browser or application)
Also if don't want to fill authentication details manually every time then in your script include this code:
System.setProperty("http.proxyHost", ");
System.setProperty("http.proxyPort", "proxyPort");
System.setProperty("http.proxyUser", "proxyUser");
System.setProperty("http.proxyPassword", "proxyPassword");
System.setProperty("http.nonProxyHosts", "proxyExceptions");
I just had a intuition and it worked like charm:-)
Hope this quickest way saves time and efforts both for someone!
Authorization popup can be handled in the next way:
http://user:password#securedsite.com (In case your site is: http://securedsite.com)