401 Unauthorized with OData Update and Delete - azure

For the first time I have stumbled upon a problem where the solution has not already been provided (completely) on SO, but I hope someone out there can help.
My problem is similar to PUT and DELETE in RESTful WCF Service cause 401 Unauthorized error .
That is, I have a WCF Data Service where I get a 401 whenever I try to do updates or deletes (read and post works without any problems). The difference to the abovementioned post is that I am not hosting my service in IIS but on Windows Azure, so I am not able to apply that solution.
I have the same problem (401: invalid credentials when attempting updates or deletes) on both a .NET client and a restlet client using the OData extension. However, on the .NET client I am able to resolve the issue by setting UsePostTunneling = true.
In my service I have set config.SetEntitySetAccessRule("*", EntitySetRights.All).
Does anyone know how I can resolve the issue for my restlet client?

First thing I would check is to see if you have PUT and DELETE verbs enabled in your handlers. Are you running this from a web role in full IIS or are you using Hosted Web Core (HWC), or something else? Usually, more than a 401, I see a 405 error because WebDAV is on the machine and PUT and DELETE verbs conflict there. You end up having to disable WebDAV for the app.
I would also check your authentication method in your web.config. I have seen the 'none' type cause issues, so change that to Forms.

Related

How to prevent ServiceStack from leaking private server information during 403 Forbidden Response

Servicestack Version: 3.9.71.0
Target Framework: .NET 3.5
Program background: has been in production use for over 3.5 years
Recently due to a customer security audit items were brought to our attention. All but one have been eliminated as IIS configuration changes.
The last item identified describes a situation in which the probing software accessed an endpoint without the proper authentication. This was fine and the expected result was the 403 Forbidden. The unexpected result was that the response body is displaying certain internal information of the server.
Based on quite a few articles I have searched it seams the the response body information being returned is a result of how Servicestack my be configured.
I realize this is a fairly older version of Service Stack. My preference would be to identify an IIS setting to override a forbidden response. Aside from that an option to just return a status code of 403 without the additional information. The third would be to create and use a custom 403 response object to control what is revealed.
Any guidance or help would surely be appreciated.. Thank you in advance.
ServiceStack v3 is a very old version of ServiceStack last updated in 2013. If you need to make any changes you'll need to create a custom build from its Sources
Looking at the v3 sources for how it resolves the ForbiddenHttpHandler:
ForbiddenHttpHandler = config.GetCustomErrorHttpHandler(HttpStatusCode.Forbidden);
It looks like you'll be able to override what HttpHandler is used by overriding the CustomHttpHandlers, e.g:
EndpointHostConfig.Instance.CustomHttpHandlers[HttpStatusCode.Forbidden] = MyHandler {...}

azure 502 bad gateway

has anyone seen this before so I am getting a 502 bad gateway error on my app, the issue I have is that the detailed error information I am getting says my requested url is https://SOX:80/api however my site is configured to use https://sox.domain.com and the site largely works pulling the various JS files required
my app service name is SOX in the azure dashboard so I assume that is where it is picking up SOX from but I have no idea why it is using this.
So overall the issue had me perplexed... however with more testing I soon figured out what was going on.
my backend is Dotnet core Azure throwing the 502 bad gateway was its way of handling exceptions ultimately the problem was code based.
I am mentioning this purely so that it will help others
my first issue was based on cert handling it seems dotnet runs in a container that is specified by your app name as i mentioned above https://SOX:80
the below was causing my issues
sslPolicyErrors = X509StoreStoreHelper.ValidateSSLPolicy(cert.Thumbprint, cert);
after commenting this out for testing my problem went away(we are putting in a proper fix )
my second issue came from using an unsupported view in Azure SQL master.sys.master_files which again just threw a 502 bad gateway error referencing https://SOX:80
please note I have used https://SOX:80 as a reference to mask the real site.
hope this helps the next person.
Based on your description, I have checked your site (https://sox.azurewebsites.net/) and found that it contains three static files (index.html,generic.html,elements.html). I viewed your website in Chrome incognito window as follows:
I did not find any requests against https://SOX:80/api in your html page or JavaScript files. Please try to access your website in a new incognito window to isolate the cache issue or just press CTRL + F5 to refresh your current page to narrow this issue. Moreover, you need to check whether you have configured URL Rewrite. If you still could not solve this issue, you need to update your question with the details for us to reproduce this issue.

Getting AccessTokenFailed using ServiceStack FacebookAuthProvider

trying to use facebook's oauth with servicestack, i'm hitting url
localhost:60782/api/auth/facebook
being taken to facebook's auth dialog but after clicking allow, i'm being redirected back to my redirect URL with #f=AccessTokenFailed
localhost:60782/api/users#f=AccessTokenFailed
anyone have any idea what's going on here?
I had a similar problem when setting the facebook authentication up. I found it difficult to pinpoint the problem because servicestack catches the web exception and effectively discards it. To work out what was happening I downloaded and compiled the service stack code. I was then able to change my project to reference my local service interace DLL which enabled me to set a debug point in the facebook auth provider.
In my case I was getting a proxy authentication error, caused by the server attempting to contact facebook without any credentials. I overcame this by reconfiguring my dev pc and production pc so that they didnt go via the proxy.

Why do I get a 401 Unauthorised error calling the Bing Geocode service from SharePoint but not from a WinForms app?

I'm developing a SharePoint Timer Job to geocode some lists of addresses held on our SharePoint site.
I'm using code based on this MSDN sample to do the actual Geocoding request.
The problem I get is that when I call the service from SharePoint 2010 (running locally) I get a 401 unauthorised error in return.
Interestingly, I have also created a small winforms application which does the same thing (but without SharePoint/IIS) using the same code which works perfectly.
I'm setting the credentials the same way on both apps as follows:
request.Proxy.Credentials = CredentialCache.DefaultCredentials;
I'm an enterprise user and I'm using the same key on both apps - but one works and one doesn't - any ideas why this might be? Is it something i need to set in IIS perhaps?
I tried setting Pipelined = false on the request which was a suggestion I read about on but that didn't seem to work.
Any suggestions gratefully accepted.
Looks like you solved it by changing the identity of the application pool.
The other way to do it is to say that the web service call should be made using the identity of the user that sent the request to SharePoint. To do that try something like:
using (((WindowsIdentity)HttpContext.Current.User.Identity).Impersonate())
{
WCFTestService.ServiceClient myService = new WCFTestService.ServiceClient();
Response.Write(myService.GetData(123) + "<br/>");
myService.Close();
}

Debug an Error in a Custom SharePoint Web Service

I have created a custom SharePoint web service that was deployed to, and successfully tested on, a test environment. Unfortunately, the web service has since stopped working, and I am trying to determine what the error is.
The web service now returns the following error in the SOAP response:
SOAP:server
Server was unable to process request. Object reference not set to an instance of an object.
There have been no changes to the deployed web service, so I am assuming that a more recent deployment has altered the SharePoint configuration. My web service .asmx is deployed to the _vti_bin folder, and the assembly is deployed to the GAC. I can see the WSDL file being displayed when I browse to http://servername:port/_vti_bin/MyCustomWebService.asmx. The web methods in the assembly make use of logging (to the Windows Event log), but no logging is occurring when I try and access the web service, which suggests that the call is not getting as far as entering the web method.
Given the above, can anyone offer any suggestions as to debug this issue?
Thanks. MagicAndi.
Update
I have now realised that when I consume the web service from the endpoint http://servername:port/Site/_vti_bin/MyCustomWebService.asmx, it works, but when I use the endpoint http://servername:port/_vti_bin/MyCustomWebService.asmx, the web service fails as described above. I will update further when I diagnose the cause of the issue.
this is a try catch to get more infomraion on the exception. It will give you more information which will help debug your problem
try {
// Do soap call here
}
catch (System.Web.Protocols.SoapException soap_ex)
{
Console.WriteLine(soap_ex.Detail.OuterXML);
}
catch(System.Exception ex)
{
Console.WriteLine(ex.Message);
}
The easiest option is to attach a debugger set to break on exceptions. If your infrastructure rules don't allow that, you'll probably need to add some additional logging to your code on the server. If you are lucky there may be enough information available in the soap message, but in my experience null reference exceptions usually need more information to be found easily.

Resources