I am trying to run a curl command from Windows console. (eg curl.exe http://localhost:8087/ServiceStackRequest)
However, the information returned provides me with a "Error 401.2 Unauthorized".
... " [ Logon Method: Not yet determined. Logon user: Not yet determined".
In IIS, I have enabled
- AppPool: given access to the specific user who has got access
- Service (Site): enabled pass-through authentication with said user.
However, the authentication details are not being passed when running the command. Any ideas?
Ok got it working.
In IIS,
(i) disabled Windows authentication
(ii) enabled anonymous authentication
Related
I am trying to use an AWS single sign on script from my company to log into aws using the internal Azure Platform. When trying to log into the platform using SSO, I receive the following error messages:
Logging in to Azure AD...
Please enter your username(email address): test#company.com
Please enter your password: ********
Login failed: Authorization failed, please activate company's VPN.
The logs of the sso script show me this information:
2022-07-11 11:57:42,042 auth_with_adfs 207 | DEBUG | loginMessage: Authorization failed
2022-07-11 11:57:42,042 log_in_to_aad 174 | ERROR Login failed: Authorization failed, please activate your company's VPN.
I have activated the VPN so that is not the issue.
By looking at the internals of the files that raise those errors I found out that during the failed login process the login page for the Microsoft Office 365 Identity Platform is returned.
The login webpage tells me that I receive the following error when logging in with my credentials:
Error details: MSIS7012: An error occurred while processing the request. Contact your administrator
My POST request seems to be redirected with a 302 code and GET the login page with a 200 OK response.
So I can tell that I get stuck during the login process and according to the error message it is an authorization issue. My credentials are correct so I am wondering what needs to be changed here to get correct access? Is there some permissions missing I should have a closer look at? Do I need to make changes in AzureAD somehow?
Thanks in advance for looking into this, I know the information is sparse but I hope it is enough.
Installed 2 different member servers with Azure AD Connect cloud agents both have an inactive status.
I confirmed;
Both installs complete successfully
Proxy settings are off
Since the Azure port test URL is no longer working I manually tested several of the URLs listed on https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud, they were working
Here is a snippet from the local/server logs;
AADConnectProvisioningAgent.exe Error: 0 : Service bootstrap request failed with exception: 'System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://[UUID].syncfabric.bootstrap.his.msappproxy.net/ConnectorBootstrap that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.
at System.Net.HttpWebRequest.EndGetRequestStream(IAsyncResult asyncResult, TransportContext& context)
at System.ServiceModel.Channels.HttpOutput.WebRequestHttpOutput.GetOutputStreamAsyncResult.CompleteGetRequestStream(IAsyncResult result)
When it says "the remote server returned an error: 407 proxy authentication", is that MS end or our end?
After trying numerous updates to the machine.config file, as with most MS products there are 100 different options to "try" to get the proxy settings right. None worked even after restarting the service.
We eventually gave up on that and manually set the proxy itself to allow the Azrue AD agent computer/IP to skip/bypass authentication and it connected successfully.
I am trying to create a Webhook V2 associated to a folder with the Box CLI (Powershell) but I return this error:
Unexpected API Response [403 Forbidden | wncdt6fz7hr7j3tk] access_denied_insufficient_permissions - Access denied - insufficient permission
I follow these steps:
Create a Custom App with OAuth 2.0 with JWT Authentication
Set Enterprise as Application Access.
Enable/Check all Application Scopes options.
Activate Perform Actions As Users and Generate User Access Token at Advanced Features.
Generate a Public/Private Keypair and download the JSON to set in my Box CLI.
Authorize the custom application using the Client ID at Admin Console.
At Box CLI, create the environment with the JSON configuration downloaded at step 5. Set that environment as default.
Get the Token to use to create the Webhook with the following command:
box tokens:get --user-id $user_number
Create the Webhook:
box webhooks:create folder test_lab -T FILE.UPLOADED -a http://test-lab.us-e2.cloudhub.io/lab -t e66kxXI1MyGtXTs7888uy8hutPrreH9R
When I try to create it, returns the 403 Forbidden error. What can I need to solve the permissions problem?
In order to set Box Webhook endpoints you need to set the url as https and not http
Can you give that a try?
I'm developing an API using VS 2017, which I'm testing using Postman. I've been following this blog post Getting started with Windows Azure AD Authentication using Postman. I finally got it to give me an access token and a refresh token. About 3 quarters of the way through the post I came across this:
resource : https://management.core.windows.net
which has to be put into Postman (I'm using the Windows app version of Postman). I wasn't sure what that was for, so I left it off. I eventually got an access token and a refresh token, but when I when to get more info for all subscriptions, I got errors saying that I had specified a valid resource. So, I thought what I'd have to do was start over again, but re-authenticating and getting a code from Azure. I did so, and put that into Postman, as the blog post instructs. However, issuing this POST results in this error:
"error": "unauthorized_client",
"error_description": "AADSTS70002: Error validating credentials. AADSTS65005: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: d37abf69-42ce-4571-b146-f3422e73f041. Resource value from request: https://management.core.windows.net. Resource app ID: 797f4846-ba00-4fd7-ba43-dac1f8f63013. List of valid resources from app registration: 00000002-0000-0000-c000-000000000000.\r\nTrace ID: 9f028899-6d03-409e-8db4-4e9905000300\r\nCorrelation ID: ec253a1b-9fdc-495f-9310-6b40a42e5d93\r\nTimestamp: 2018-11-19 22:20:02Z",
"error_codes": [
70002,
65005
]
I don't understand why nor what I could have done wrong. I've prespecified the resource as the tutorial instructed, so what have I done wrong?
Looking at the error message, it seems you could have missed adding relevant permissions for "Windows Azure Service Management API" to your app registration.
Steps:
Go to Azure Portal > Azure AD > App registrations > Your app (with app id: d37abf69-42ce-4571-b146-f3422e73f041)
Go to Settings > Required permissions > Add > Select "Windows Azure Service Management API"
Select the relevant permission under Delegated permissions section. Click on select and then "Done". You should get a notification in portal that successfully added permissions. You should see Windows Azure Service Management API listed under required permissions as well.
After these steps, continue as per the blog post you've mentioned with Postman steps to get the access token again.
I found myself in the same situation when i was trying to setup Postman. Its not as complicated as most blogs make seem. I created a tutorial to try to make the process easy.
http://hazelnest.com/blog/blog/2018/11/17/azure-postman-configuration/
https://youtu.be/2bfgeBKRxl4
Hope this helps.
I try to push/sync a IIS Site from a Win2003 Server to another.
This is my command:
msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=Administrator,password=PASSWORD -whatif > msdeploysync.log
I also tried the following
msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=BACKUP-09\Administrator,password=PASSWORD -whatif > msdeploysync.log
I also tried
msdeploy -verb:sync -source:metakey=lm/w3svc/68512112 -dest:metakey=lm/w3svc/68512112,computername=backup-09,username=Administrator#BACKUP-09,password=PASSWORD -whatif > msdeploysync.log
This is the error:
Fatal: Request to remote agent URL 'http://backup-09/MSDEPLOYAGENTSERVICE'
failed.
Fatal: The remote server returned an error: (401) Unauthorized.
Fatal count: 1
I did run msdeploy/cmd as an
administrator.
I did try to access
http://backup-09/MSDEPLOYAGENTSERVICE,
it asked for my permissions, I
entered the credentials above, it
worked (empty site displayed).
This is Beta 2 of MSDeploy
Can anyone help me?
I now even set up a domain controller for all the servers... still the same issues, whether I'm logged in as a domain controller, supply the local accounts, all variations trigger a 401
Note that there is a bug in Web Deploy 2.0 (even the refresh) that does not allow users within the admin group to authenticate. Only domain admins and the administrator account itself can authenticate to web deploy. See the ERROR_USER_NOT_ADMIN error code on the following page: http://learn.iis.net/page.aspx/1023/web-deploy-error-codes/
Msdeploy appears to use NTLM authentication by default, even if userName and password are present. To enable the correct processing of "userName" and "password", append the following to the relevant source: or dest: parameters: ",authType=basic"
I got this error because UAC was turned on (Windows Server 2008).
Need to turn off UAC for remote connections:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy=1
This key helped me on another server (Windows Server 2012):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server\WindowsAuthenticationEnabled=1
Michael12345 suggested it here: https://stackoverflow.com/a/15059759/991267
This is a really old question, but I may have found an answer.
I was getting the 401 Unauthorized error message, but still able to login using the account specified in the call to MSDeploy, as described in the question.
In my case, the problem was solved by giving the deploy account admin privileges on the machine being deployed too.
(I see that you were using an account called Administrator, so this might not be the case for you - but I had the same symptoms so wanted to post anyway).
I've just experienced a 401 and ERROR_USER_NOT_ADMIN. In my case, the problem was I was using a hostname set in my hosts file (also in the hosts file on the destination machine) for the computerName setting to the -dest: parameter. NTLM was trying to treat this host name as the domain part of the username (e.g. hostname\userName). Changing this to the IP address or or real machine name fixed the issue.
I did not have this type of error before but in Visual Studio 2015 Update 3 when create a new ASP.NET Core application the default publish profile does not work.
I did find a solution. For me adding the
<AuthType>NTLM</AuthType>
line in the .pubxml file fixed the issue.