We are deploying a NodeJS application to production via IISnode. Every time a user tries to log in, they are greeted with a additional login prompt after logging in to the app, which always lead to a nice 401 access denied error.
The response headers for this page are as follows:
Server:Microsoft-IIS/7.5
WWW-Authenticate:Negotiate
WWW-Authenticate:NTLM
X-Powered-By:ASP.NET
Clearly there's some additional windows/iis authentication mechanism, preventing our users from accessing the application. How can I disable this?
Related
I have a Blazor server application with JWT authentication. The application authenticates using a JWT token in the URL. The applications runs successfully in debug mode under localhost locally without any issues.
When published the application to Azure service the following happens:
Go to google or any website
Paste url with token
It doesn’t validate the token and redirects to the error razor page
Paste same url again and it works completely fine and loads correctly
As it’s not happening in debug mode on visual studio not sure on the best way to debug this? Or why this could be happening?
You could have an issue with CORS? Does it work if you go through the normal authentication flow on the app? E.g., using incognito browser, open Azure app, you are unauthenticated so you get redirected to login, after login you get redirected to app again?
If that works, you are having issues with where the request is coming from (possibly). There really isn't much info to work with here - can you update with browser Developer Tools console output/network tab and then the server logs?
I'm having a problem with my React / ASP.net core web API app and authentication with Azure AD.
The first time I log in it's all fine. Then if I sign out, I get presented with the Microsoft hosted "You have been signed out. Return to the website" page, which has a link back to the site.
If I then click on that link then the app hangs when it tries to authenticate, and I'm getting CORS errors in my Chrome browser console:
Access to fetch at
'https://login.windows.net/XXXXX/oauth2/authorize?response_type=id_token&redirect_uri=
(etc)' (redirected from
'https://uat.xxxxx.com/coreservice/api/foo?page=1&pageSize=25') from
origin 'https://uat.xxxxx.com' has been blocked by CORS policy:
Response to preflight request doesn't pass access control check: No
'Access-Control-Allow-Origin' header is present on the requested
resource. If an opaque response serves your needs, set the request's
mode to 'no-cors' to fetch the resource with CORS disabled.
Extra info:
As an experiment I hosted a link to the site from elsewhere on the web and I get the same problematic behaviour if I click on that link.
If I hard refresh the page at this point, then it all works fine - I'm presented with the MS Azure login page as expected.
Any help would be gratefully received!
Not sure if you are using the Azure Web Apps to host your application, but the issue I had was that I was using the App Service Authentication setting under Authentication/Authorization in the Azure Portal. This setting was pointing to the Azure AD instance. But I also was using React-ADAL npm package wrapped around my application so it was causing conflicting issues since they were both using the same instance of Azure AD.
I turned off the App Service Authentication setting in the Azure portal and everything worked from there.
This setting does work as I have used it with other applications and simple web apps but I realized that the Azure App Auth setting was conflicting with the React-ADAL npm package.
Hope this helps.
I deployed multiple applications in tomcat-7.0.55 and used Central authentication service(CAS) for single sign-on. But when I am accessing an application and when it is getting redirected to CAS login page, I understood it was authenticated successfully and TGT and ST tickets were also generated.
But after the successful authentication, it is not getting redirected to the application page. I observed that the Proxy callback authentication is failed and the corresponding ticket is not generated. I could see this information in the catalina.out file.
For more information, my CAS authentication is running on http instead of https. Please let me know if this could create any problem.
And more over, all my apps are hosted on the 8080 port but the proxyCallbackUrl I gave is on 80 port. First of all my URL for the proxyCallbackURL is http://my_server_private_ip/webappcas2/proxyCallback (this was configured earlier to me) but I am not sure what URL is to be given as for the proxyCallbackUrl in the web.xml file of the application.
Thanks in advance.
Running CAS on a nonsecure port will not allow you to use single sign on. Furthermore, proxy callbacks are required to be https by default which is why you are seeing that error. Switch to https and all your problems will go away.
I am scripting for a Sharepoint application in its Production environment which uses NTLM Authorization. The recording is working fine, but I am facing 401:Unauthorized error while playback of the same script. Since this is an NTLM authorization application, the launch of the application redirects to the Homepage without asking for the login credentials. The first HTTP request of the script which is a GET Method throws 401 Unauthorized error. I've used HTTP Authorization Manager, HTTP Cookie Manager, HTTP Cache Manager. The same config elements are used in the scripts for UAT env which works fine and such issue is never experienced in the UAT environment.
Please feel free to suggest if you have any idea on this issue.
Thanks.
HTTP Authorization Manager should have "Domain" field populated and matching your environment for NTLM authentication along with username and password.
See Windows Authentication with Apache JMeter guide for more details.
I have a ASP.NET application that need to access to ANOTHER application, the ANOTHER application expecting Kerberos authentication, it based on the user credential to response to the request. My ASP.NET app is running on a AD service account that is setup to allow delegate to the ANOTHER application (with proper SPN).
So the process is, user requests to the ASP.NET app, the ASP.NET app will impersonate the request to the ANOTHER application by delegation (with kerberos).
When I run the app in local machine (My ASP.NET resides), the request was successful, however, if the request is coming from remote client machine, it failed, from the ANOTHER application's log, it shows the Identity is not presented.
Any clue?
Have a look at the following which appears to be very similar to your situation:
https://serverfault.com/questions/270293/moving-my-website-to-different-server-changes-authentication-from-kerberos-to-ntl/270306#270306
There are some resources that that should help you troubleshoot.