► Problem: Anyone can access a webpage, but I only want logged in users to be authorized to access it.
Background:
Web Server = IIS 8
Server OS = Windows Server 2012
Framework = .NET 4.5
Environment = .\WebFolder\logon.aspx, .\WebFolder\inside.html
Website = Simple logon page ("logon.aspx") that guards an html page ("inside.html").
Users = External people (ie, non-intranet)
Sample URLs:
A. "www.webpage.com/logon.aspx"
B. "www.webpage.com/inside.html"
Desired Outcome:
Everyone can access the "logon.aspx" page
Only logged on users can access the "inside.html" page
Any direct attempts to access "B" will trigger a redirect to "A"
No additional use of program code
Prior Attempts:
I've been fiddling with the web.config file (authentication & authorization), but to no avail (501 Server Error, 401 Authorization Error, Runtime Application Error).
Web.Config File:
<system.web>
<authentication>
<forms name=".ASPXFORMSAUTH" loginUrl="logon.aspx" protection="All" timeout="1" path="/" slidingExpiration="true" requireSSL="false" />
</authentication>
<authorization></authorization>
</system.web>
Bottom line: I'm sure this is a very basic/easy thing to configure, it's just that I haven't been able to do it so far. Plus, I do not want to write any additional code in order to accomplish a seemingly fundamental task.
Thanks in advance!
Okay, I figured it out (after 7 hours). It requires four things (based on the example file structure):
1. Using the FormsAuthentication module
VS2012 → Project → Your credentials/authentication code → Use FormsAuthentication.RedirectFromLogin(_var1_, _var2_) instead of Response.Redirect(inside.html)
2. Adding a new node in the web.config file
<system.webServer><handlers><add name="HTMLHandler" type="System.Web.StaticFileHandler" path="*.html" verb="GET" /></handlers>
3. Including the 'defaultUrl' attribute in the Forms tag
<forms name=".ASPXFORMSAUTH" loginUrl="logon.aspx" defaultUrl="inside.html" protection="All" timeout="1" path="/" slidingExpiration="false" requireSSL="false" />
4. Adding a location tag authorization restriction to the 'web.config' file
<location path="inside.html"><system.web><authorization><deny users="?" /></authorization></system.web></location>
See my comments (below) for an explanation of each of these four pieces.
Related
UPDATE: This is the code that kills functionality of firebase. If I try to download from firebase a couple of seconds after this code (waiting with await Task.Delay, no other code running), it starts sending the code -13000, httpResult = 0 exception. The same request earlier works. Map works.
GoogleMapFragment gmf = new GoogleMapFragment(context, this);
FragmentTransaction ft = activity.FragmentManager.BeginTransaction();
ft.Add(mapLayout.Id, gmf, "my_fragment");
ft.Commit();
I wanted to have google map on layout in the same activity where I work with firebase. Map works, but somehow it interferes with firebase, which work only before creating Google map. Any ideas what can cause this?
Update 2: If I download small file before initializing google maps, I can later use firebase, so I 'solved' the issue in a little dirty way but at least I can continue working. After this 'fix' I get following error in the output but file is downloaded anyway. I must continue digging, for now I hope the worst is over...
error getting token java.util.concurrent.ExecutionException: com.google.firebase.FirebaseApiNotAvailableException: firebase-auth is not linked, please fall back to unauthenticated mode.
Old version of question:
I checked all possible answers here on SO for my question, but nothing brought me to right way. There's quite obvious output telling me that something is wrong, but I have no idea how to solve the issue. There's an answer in this question that one of possible reasons for HttpResult = 0 is that google play version on phone isn't actual enough. I used the method recommended for check and I have Google Play services 11.5.18 installed on phone. I have Xamarin.Firebase.Storage 42.1021.1 (10.2.1) installed and using Visual Studio 2015. Quite often I had to clean and rebuild and it sometimes worked, but not this time. In android properties I have Compile using android version 7.1 Nougat. I created firebase account just recently, not knowing much about this, added it in google console to existing project (as I already use google maps), filled sha1 code the same way I did with maps. Added google-services.json and set it's build action on GoogleServiceJson. No more actions I know about.
Here is my code, I tried various ways to download, upload, but this one seems to be good example:
FirebaseApp fba=FirebaseApp.InitializeApp(context);
firebaseStorage = FirebaseStorage.Instance;
firebaseStorageReference = firebaseStorage.GetReferenceFromUrl("gs://alien-chess.appspot.com");
firebaseStorageReference=firebaseStorageReference.Child("settings.dat");
byte[] bytes = new byte[1000];
firebaseStorageReference.PutBytes(bytes).AddOnFailureListener(new FirebaseFailureListener(this));
Here is my manifest file
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="AlienChessAndroid.AlienChessAndroid" android:versionCode="1" android:versionName="1.0" android:installLocation="preferExternal">
<uses-sdk android:minSdkVersion="19" />
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.INTERNET" />
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
<uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES" />
<uses-permission android:name="android.permission.WAKE_LOCK" />
<application android:label="Alien Chess" android:icon="#drawable/Alien" android:largeHeap="true">
<meta-data android:name="com.google.android.gms.version" android:value="#integer/google_play_services_version" />
<meta-data android:name="com.google.android.maps.v2.API_KEY" android:value="AIzaxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" />
</application>
And here are what I think are important parts from the output window
Failed to retrieve remote module version: V2 version check failed
Local module descriptor class for com.google.android.gms.firebasestorage not found.
Considering local module com.google.android.gms.firebasestorage:0 and remote module com.google.android.gms.firebasestorage:0
NetworkRequestFactoryProxy failed with a RemoteException:
com.google.android.gms.dynamite.DynamiteModule$zza: No acceptable module found. Local version is 0 and remote version is 0.
....
Unable to create a network request from metadata
android.os.RemoteException
....
StorageException has occurred.
An unknown error occurred, please check the HTTP result code and inner exception for server response.
Code: -13000 HttpResult: 0
There isn't much c# sources for visual studio and I can't read that easily recommendations for android studio as they are quite different for unskilled programmers.
Any ideas what other things should I check?
We have just gone live with https://ecotaksen.be. The queries and updates on Exact were running fine, but after installing the production license an error itgenobr001: Client not found. occurs.
My data container specification is:
<database order="1"
creationDate="2016-04-13T09:11:03.3584276+02:00"
provider="ExactOnlineAll"
connectionString="apiUrl=https://start.exactonline.be"
/>
The connection to Exact Online using Query Tool with the same credentials and connection string is working fine.
How can I solve the itgenobr001 error?
In fact it was quite simple to solve: the "Client" referred to is the application. I needed to add the client ID of Exact Online app to my connection string, since Data Access Point requires a client ID when using a production license.
Resulting data container specification:
<database order="1" creationDate="2016-04-13T09:11:03.3584276+02:00" provider="ExactOnlineAll"
connectionString="apiUrl=https://start.exactonline.be;api-client-id=MYID" />
After that, I got a itgenobr001: Invalid authorization request., and that one required addition of the redirect url as specified in the My Apps page in Exact Online:
<database order="1" creationDate="2016-04-13T09:11:03.3584276+02:00" provider="ExactOnlineAll"
connectionString="apiUrl=https://start.exactonline.be;api-client-id=MYID;apiredirecturl=https://ecotaksen.be" />
I try to publish an App on windows 10 store, but I can not pass test from Windows App Certification Kit:
Restricted Namespace Error encountered: The restricted namespace test
Detected the following errors: Restricted Namespace found:
Impact if not corrected: The Windows Store does not allow an
Application manifest to refer to restricted namespaces. How to fix it:
Removes restricted namespaces from the application manifest.
But I use a restricted namespace for use SMS functions:
Xmlns: r = "http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
r: Capability Name = "cellularMessaging" />
How can made this changes to publish ?
You must also add the rescap namespace IgnorableNamespaces in the Package.appxmanifest file as shown below.
<Package
xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10"
xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest"
xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
IgnorableNamespaces="uap mp rescap">
<Capabilities>
<Capability Name="internetClient" />
<rescap:Capability Name="cellularMessaging" />
</Capabilities>
</Package>
When adding capabilities, keep them in the following order: 'Capability', 'rescap:Capability', then 'DeviceCapability', as there seems to be a problem when mixing them. (source)
Note that the app certification test will probably continue to fail. You need to request permission to actually use these capabilities.
Special and restricted capabilities are intended for very specific
scenarios. The use of these capabilities is highly restricted and
subject to additional Store onboarding policy and review. Follow the
steps below to request access to a restricted capability before
submitting your app to the store.
Determine if you are eligible to submit your app to the store with a
specific restricted capability by looking at the table below. If you
are not eligible, any requests you make will be denied.
If you are eligible visit the Submitting an App support page.
Set the problem type to App submission and certification and the category type to Submitting an app using a restricted capability.
Include the capability you are requesting access to and include a reason for your request. If you do not provide all the information necessary, your
request will be denied. You may also be asked to provide more
information.
Source
We have a Scala Play app and we are using the LogglyBatchAppender. But, all our environments (dev, staging, prod) logs are being mixed up on loggly. This says we can group by sources or hostnames or tags but hostname info is not being attached to outgoing loggly messages and this wiki page says nothing about how to attach tags in the LogglyBatchAppender (it does mention how to tag using the slower LogglyAppender). What is the best way to see different host/env logs in loggly if we are using the LogglyBatchAppender?
Hi you can set the endpointUrl in LogglyBatchAppender. When you set the URL make sure the include the tag at the end of it. You can tag them for dev/staging/prod. This way you can use Loggly's source groups.
Example with a prod tag. Remember to replace with your own customer token:
<configuration>
<appender name="logglyAppender" class="ch.qos.logback.ext.loggly.LogglyBatchAppender">
<endpointUrl>http://logs-01.loggly.com/inputs/YOUR-CUSTOMER-TOKEN/tag/prod/</endpointUrl>
...
</appender>
</configuration>
I am trying to save a persistent variable for iWidget instances in IBM Connections 4.0
Documentation (link & link) leads me to the following javascript (run with the iWidget in Edit mode):
this.iContext.getiWidgetAttributes().setItemValue("instance","helloWorld");
this.iContext.getiWidgetAttributes().save(); //or .commit(); as save is deprecated
I also tried defined the variable in the widget XML definition:
<iw:itemSet id="attributes" private="false" onItemSetChanged="itemSetChanged">
<iw:item id="instance" value="" readOnly="false"/>
</iw:itemSet>
This sets the value correctly in the local instance, I also see a PUT request to the server to save this value. It returns a 404 Response code. The URL is:
/connections/opensocial/common/repos?st=default%3AcQitETUij2Iqg0A_8mB9A35-pRKmnH_dFUgT4rY-hERIC3ZTNW3hp0OeLr_SYZ2mXWW6OjMtcFPijI_YaIaCDZlduzYgn5FkYQUTiqngHgLqsBMG&type=itemSet&pageId=undefined&widgetId=widget_d785df84b58d4d459707a048014567f6_1369275060798&itemSetId=attributes
The value is no longer stored when I reload the page and try to retrieve it again using:
this.iContext.getiWidgetAttributes().getItemValue("instance");
I notice there is a "pageId=undefined" in the URL.
There are no outputs in the SystemOut.log of the Connections servers.
At the moment this is running in the Homepage "My Widgets" page, but will also be run in Communities application later.
Thanks
For anyone else that comes across this problem, here is what I found;
It turns out that saving through the Homepage refused to work, however I did successfully save Instance Data when the widget is loaded through the Communities mechanism;
JavaScript for saving (.save calls a callback function, but not necessary):
if(this.inCommunity)
{
this.iContext.getiWidgetAttributes().setItemValue("instance",contentToSave);
this.iContext.getiWidgetAttributes().save(dojo.hitch(this,this.dashboardSaved));
}
Loading saved data:
this.instanceData = this.iContext.getiWidgetAttributes().getItemValue("instance");
Widget definition (in widgets-config.xml)
<widgetDef defId="Dashboard" description="MyDash" modes="view edit" url="/Dashboard.xml" uniqueInstance="false">
<itemSet>
<item name="instance" value=""/>
</itemSet>
</widgetDef>
Dashboard.xml
<iw:iwidget xmlns:iw="http://www.ibm.com/xmlns/prod/iWidget" iScope="Dashboard" supportedModes="view edit" mode="view" allowInstanceContent="true">
<iw:resource uri="./dashboard.js"/>
<iw:event id="view" handled="false" onEvent="onView"/>
<iw:event id="edit" handled="false" onEvent="onEdit"/>
<iw:event id="onRefreshNeeded" handled="true" onEvent="onRefresh"/>
<iw:itemSet id="attributes" private="true" onItemSetChanged="itemSetChanged">
<iw:item id="instance" readOnly="false"/>
</iw:itemSet>
<iw:content mode="view">
<![CDATA[<div id="RootWidget"></div>]]>
</iw:content>
<iw:content mode="edit">
<![CDATA[<div id="RootWidget"></div>]]>
</iw:content>
</iw:iwidget>