I don't quite understand how to get the ObjectId from my claims in azureB2C.
I have tried this code:
string theId = User.Identities.FirstOrDefault().Claims.FirstOrDefault().Value;
I think it might be working. But to be honest I am not sure if this is the right Value. Also, if it is, surely there must be a better/simpler way to do it. Or at least one that is clearer somehow.
For an ASP.NET web app, you can use:
ClaimsPrincipal.Current.FindFirst(ClaimTypes.NameIdentifier).Value
See here for an example of this.
For an ASP.NET web API, you can use:
ClaimsPrincipal.Current.FindFirst("http://schemas.microsoft.com/identity/claims/objectidentifier").Value
See here for an example of this.
Related
Today I am facing a problem:
I am trying to automate an azure logic app deployment with a VideoIndexer service from Azure, using Terraform but it ask me for a parameter called API Key (on the web side).
The official documentation is this:
https://learn.microsoft.com/en-us/azure/azure-video-analyzer/video-analyzer-for-media-docs/logic-apps-connector-tutorial
But I cannot find the name of the apiKey parameter (and no, it isn't apiKey)
Anyone could help here? And for help me to avoid doing a question like that: how can I check an Apiconnection to see which parameters are registered?
Maybe this example could help you (I didn't find the answer there, but maybe you have better eyes than me): https://www.returngis.net/2021/04/como-desplegar-azure-logic-apps-con-terraform/
The apiKey for the videoindexer is named 'Ocp-Apim-Subscription-Key'
See also the example on this page: https://learn.microsoft.com/en-us/azure/azure-video-analyzer/video-analyzer-for-media-docs/video-indexer-use-apis
I have followed the flow described here https://developer.xero.com/documentation/oauth2/auth-flow and can then get a tokenset which works with api requests.
However, looking at https://github.com/XeroAPI/xero-node-oauth2-app/blob/master/src/app.ts I don't see how/where the authorisation code provided to the callback is used to obtain the tokenset. (compare with Steps 2 & 3 of the auth-flow.)
Looking at https://github.com/XeroAPI/xero-node/blob/master/src/XeroClient.ts I think that apiCallback() looks like it should be the place - but nowhere any mention of the authorisation code.
The example provided (and the Xero client) relies on express being the handler framework. In any other scenario there is a lot of legwork required to imitate that.
Then finally I also discovered that the Xero client insists on using openid scope otherwise the client simply doesn't work. Nothing in the docs to either indicate this, or explain why this restriction is built-in.
The xero-node package uses the openid-client package, which retrieves the code and uses it to get the token set here: https://github.com/panva/node-openid-client/blob/master/lib/client.js#L461-L481
can you elaborate on what you mean by authorization code? You are correct that the apiCalback fn returns the tokenSet which you should be saving in your database associate with each user.
const tokenSet: TokenSet = await xero.apiCallback(req.url);
One of the benefits of using the SDKs is that you don’t have to do that code exchange step. The openid client handles that exchange for you. If you are to roll your own with solution you will have to follow all the steps as described in the first documentation link ^^
—
code a temporary code that may only be exchanged once and expires 5 minutes after issuance.
So lets look at https://developer.xero.com/documentation/oauth2/auth-flow again.
Step 1 looks simple enough, but but eventually I opted to go with https://developer.xero.com/documentation/oauth2/sign-in
That reference also shows how Step 2 should be performed, something the first link omitted.
However, if you then switch back to the 1st link you'll find the next Steps easier to follow.
I was trying to do some simple authorization for ameritrade's developer platform. I was attempting.
According to the platform, the Endpoint I need to access is is:
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri={uri}&client_id={client_id}}%40AMER.OAUTHAP
https://developer.tdameritrade.com/content/simple-auth-local-apps
When looking at the client_id, for the dev application, I was noticing that they may actually be referencing the Applications, Consumer Key instead? So i did just that, but when attempting to query the information, it returns: A third-party application may be attempting to make unauthorized access to your account. The reason why i think it is the consumer key, is listed at: https://developer.tdameritrade.com/content/getting-started
So I ended up doing something like:
from urllib.parse import urlencode, quote_plus
url = "https://auth.tdameritrade.com/auth?response_type=code&redirect_uri={uri}&client_id={client_id}}%40AMER.OAUTHAP".format(
uri=urlencode("http://localhost", quote_via=quote_plus),
client_id="JHBDFGJH45OOUDFHGJKSDBNG" #Sample
)
I dont think this is because I am currently in a different country currently, I think that something else is wrong here.
It doesnt follow through with it, but instead returns a 400 error with that information. Im not sure whats wrong though.
This happens when you copied the callback URI incorrectly. Imagine if this were a client application, and TD detected that the application is trying to send the user to a different URL than the app is configured with. If they send the callback request to that application, it will receive the token and gain full control over your account.
Have you double and triple checked that you're copying the callback URL correctly, protocol name, ports, and trailing slashes and everything? Also, consider using an API library instead of writing your own. You can find documentation about this specific error here.
I had this issue and I solved it using simply using http://127.0.0.1 on the call back URI of the App.
I then used below URL and it worked as expected.
https://auth.tdameritrade.com/auth?response_type=code&redirect_uri=http%3A%2F%2F127.0.0.1&client_id={MyConsumerKey}%40AMER.OAUTHAP
Just in case anyone is still having this problem, make sure the callback URI is spelled EXACTLY the same as you specified when creating the app. I was having this problem because I set the callback on the TD developer website to "https://localhost/" and used "https://localhost" in the URL instead (missing the slash at the end). As soon as I added the slash at the end, it worked.
I found out that the issue is caused by the way the callback URL is set. It have to be exactly the same as the callback URL you have typed in at the apps details on the TD developer API page. I tried several permutations and indeed to get the authorization to work both have to be the same. eg. https or http.. end with '/' or does not, it matters. There is also no need to URL encode it.
We work on a product that is a series of components that could be installed on different CMSs and provide different services. We take a CMS agnostic approach and try to use the same code in all the CMSs as much as possible (we try to avoid using CMS API as much as we can).
Some part of the code needs to work with the current URL for some redirections so we use Request.Url.ToString() that is something that has worked fine in other environments but in Kentico instead of returning the current page we always get a reference to CMSPages/PortalTemplate.aspx with a querystring parameter aliasPath that holds the real URL. In addition to that, requesting the Template page using a browser gives you a 404 error.
Example:
Real URL (this works fine on a browser):
(1) https://www.customer.com/Membership/Questionnaire?Id=7207f9f9-7354-df11-88d9-005056837252
Request.Url.ToString() (this gives you a 404 error on a browser):
(2) https://www.customer.com/CMSPages/PortalTemplate.aspx?Id=7207f9f9-7354-df11-88d9-005056837252&aliaspath=/Membership/Questionnaire
I've noticed that the 404 error is thrown explicitly by the template code when invoked directly. Please see below code from Page_Init method of PortalTemplate.aspx.cs:
var resolvedTemplatePage = URLHelper.ResolveUrl(URLHelper.PortalTemplatePage);
if (RequestContext.RawURL.StartsWithCSafe(resolvedTemplatePage, true))
{
// Deny direct access to this page
RequestHelper.Respond404();
}
base.OnInit(e);
So, if I comment the above code out my redirection works fine ((2) resolves to (1)). I know it is not an elegant solution but since I cannot / don't want to use Kentico API is the only workaround I could find.
Note that I know that using Kentico API will solve the issue since I'm sure I will find an API method that will return the actual page. I'm trying to avoid that as much as possible.
Questions: Am I breaking something? Is there a better way of achieving what I trying to accomplish? Can you think on any good reason I shouldn't do what I'm doing (security, usability, etc)?
This is kind of a very broad question so I was not able to find any useful information on Kentico docs.
I'm testing all this on Kentico v8.2.50 which is the version one of my customers currently have.
Thanks in advance.
It's not really recommended to edit the source files of Kentico, as you may start to run into issues with future upgrades and also start to see some unexpected behaviour.
If you want to get the original URL sent to the server before Kentico's routing has done its work, you can use Page.Request.RawUrl. Using your above example, RawUrl would return a value of /Membership/Questionnaire?Id=7207f9f9-7354-df11-88d9-005056837252, whereas Url will return a Uri with a value of https://www.customer.com/CMSPages/PortalTemplate.aspx?Id=7207f9f9-7354-df11-88d9-005056837252&aliaspath=/Membership/Questionnaire (as you stated).
This should avoid needing to use the Kentico API and also avoid having to change a file that pretty much every request goes through when using the portal engine.
If you need to get the full URL to redirect to, you can use something like this:
var redirectUrl = Request.Url.GetLeftPart(UriPartial.Authority) + Request.RawUrl;
Hello everyone,
I'm looking for a way to encrypt Query String in my ASP.Net Application. I Search on Internet and found that we can do this by first encrypting them, then send it and than decrypt it. But with this solution will take much time as I will have to go to every page and find where Im using Request.QueryString.
Now I'm thinking cant this be done from IIS, so that I don't have to change my code ?
I hope someone will help me out.
Thanks
As already pointed out in the comment,you can just run using https and
no one can snoop your query string values. But if you do not want the
users to see the query string values, You can write a custom
HTTPModule in IIS .
There is already a module written for this,please check out httpmodule-for-query-string-encryption