I already spent so much time trying to figure out what the problem is. I am getting this error when consuming WCF service from a desktop console application. The service works fine when access from a browser with silverlight client.
Error Message:
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.
I don't understand why it doesn't work even if both client and server have same authentication scheme 'Negotiate'. I am getting HTTP 401.
I verified client and server configuration is correct, because it works in silverlight client using the same client configuration.
IIS7 website is configured with Windows Authentication using providers 'Negotiate,NTLM'.
So, what does this error message mean? :(
I have fixed my WCF issue by setting client security.
client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
Related
We have a web application (netcore) configured to use Windows authentication it was working fine, but now we dont know why iis sends basic authentication header even it is has configured windows authentication.
Any idea why?
An answer to myself, the error was related to a blocked user.
I have an WAF application gateway in Azure with a backend pool that points to my application. If I visit the gateway address it works and I get the application homepage.
However, if I go to that application and enable PaaS AAD Authentication, which should prompt me with an org login page before getting to my application home page, the gateway stops working and returns message:
502 - Web server received an invalid response while acting as a gateway or proxy server.
There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.
When checking backend health I can now see that it is unhealthy, and gives me message:
Probe status code mismatch. Received status code is different from
expected 100-999.
Note that I even changed the range to 100-999, just for testing this out. No idea what could be causing this or how to fix it.
I guess you can try disabling WAF as specified in the comments. Also, I would suggest you to go through this article. https://serverfault.com/questions/882931/azure-ssl-application-gateway-with-web-apps?rq=1
I would like to use certificate authentication for requests on my website. But when I set clientCertEnabled to true (through https://resources.azure.com/) I am getting 403 forbidden error when I try to reach my site through https.
Through browser I get blue screen Error 403 - This web app is stopped but I can still access web site through http. When I switch clientCertEnabled back to false https is working.
Through fiddler I get 403 as well (client certificate is included in request) with no additional info.
I followed this https://azure.microsoft.com/en-us/documentation/articles/app-service-web-configure-tls-mutual-auth/ but there is nothing else mentioned to be required to make this work.
Do I have to upload client certificates somewhere?
Eventually I found out that problem was in my client certificate which I was using for testing.
Certificate generated in a way described in this very useful blog post worked properly:
https://dotnetcodr.com/2016/01/14/using-client-certificates-in-net-part-2-creating-self-signed-client-certificates/
First I am new to the topic ADFS and Reverse proxy. The goal is a Single-Sign-On OAuth2 authentication for SPA Web application.
I have an on premises ADFS Server called "Server-A" which is on "Domain-A" and an web server called "Server-B" which is on "Domain-B". Also I have one proxy server called "Server-C". Now if any user want to access any resource of my web Server-B then they need to authenticate first and this happening via ADFS(Server-A), this ADFS call is happening via proxy Server-C.
Problem –
If I am trying to access ADFS server directly (without proxy) then user able to login and I am getting token and claims both. But if I am trying to access via proxy then when posting back the token throwing below error(found on ADFS event log) –
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
Exception details:
System.ArgumentNullException: Value cannot be null.
Parameter name: encodedGenericRequest
at Microsoft.IdentityServer.Web.Protocols.GenericProtocolRequest..ctor(String encodedGenericRequest)
at Microsoft.IdentityServer.Web.Protocols.WSFederation.WSFederationProtocolHandler.GetOriginalRequestFromResponse(ProtocolContext context)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
I am using ADFS 3.0 and Window Server 2012 R2 and reverse proxy using
ARR and URL rewrite module on IIS.
I am looking for a solution for the above issue.
Thanks in advance.
I'm trying to add a .pfx certificate to Websphere8 server to establish a connection to an IIS server.
I tried to add the certificate to the deaultkeystore as a personal certificate and added the same as a signing certificate to the defaulttrustkeystore.
When ever I send a request through my application I'm getting a 401 unauthorized error.
I checked the communication b/w servers using Wireshark but there is no FINISHED message from either client or server.
So I wan't to know exact procedure to install a certificate on websphere server to get authenticated and thereby send the XML as a part of HTTPS Post request.
I contacted the web service provider, he said me that other users, or people who already implemented the client for this service, convert the pfx to .cer and send it along with the request. I also want to know how that is possible. I'm coding using Java 6.
Thanks for the help.