I am building a "proxy client" extension for chrome and i have following scenario:
Users can login to the extension and get a token from API. Tokens are valid for 2 hours.
After login users can select a proxy server from a list and that proxy is set with chrome.proxy api.
I am using Squid on proxy servers. When a user connects to a proxy server and lands on onAuthRequired i return email and token as authCredentials.
Chrome uses those credentials from cache until token is not valid anymore and proxy server responses "407, Proxy Authentication Required". Now the problem i am facing here is when i login with another username on same browser and connect to same proxy server it still sends old users credentials to the server because they are still valid. My question is how can delete chromes proxy auth cache so that it lands onAuthRequired again and i can return new users Credentials.
I tried to modify the response from proxy server to "407, Proxy Authentication Required" when user makes his first request over the proxy server to force a onAuthRequired but its not working. Chrome still uses cache and still returns credentials from old user to the proxy server.
Have you tried to hook up another event handler within the webRequest API in order to manipulate the http headers before Chrome takes on authentication?
E.g. onBeforeSendHeaders or onHeadersReceived
Related
We have configured the ELB with 2 server for the Web API. Updated the MachineKey in both the server to be same.
When the Reset Token password/Confirm password is created from server1. The Url is sent to the User Email when the Verify token call is Made the Server1 Verify the token successfuly, But if call is sent to the Server 2, Server 2 always returns Invalid Token. Do i need to make any configuration chanages other than the Machine Key.
You need to make sure that the all the request belongs to one session goes to the single backend.
In order to do this enable session stickiness on the ELB. This will make sure that request always gets routed to the same backend.
On Classic Load balancer : https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html
On Application Load Balancer : https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-target-groups.html#sticky-sessions
I have a very curious issue with an application. When debugging locally, I can send emails just fine using a client's G Suite email credentials:
<smtp deliveryMethod="Network" from="client#customdomain.com">
<network defaultCredentials="false"
host="smtp.gmail.com"
port="587"
userName="client#customdomail.com"
password="supersecret"
enableSsl="true" />
</smtp>
Now, it's very important to note that the application will send just fine with the credentials when running on localhost using Visual Studio. However, when deploying to LIVE and using the exact same credentials, the application refuses to send and I only get the canned response back saying "Failure Sending mail".
I have enabled "less secure applications" in the settings and have verified the "suspicious activity" from the server's IP address. I can also log in to the Gmail account from the server using RDP and opening Firefox to go to Gmail.com.
No firewall rule has been set to block SMTP or anything on port 587.
UPDATE: the materialized error message is
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 74.125.192.108:587
74.125.192.108 being smtp.gmail.com's IP Address (or one of them, at least)
UPDATE 2: I can also not get Thunderbird on the remote server to send an email using the supplied credentials, however it can connect via IMAP and download the contents of the inbox just fine.
Well in this very specific case, it was the fault of the Amazon infrastructure this application ran on. Either amazon themselves, or the reseller changed a policy that ended up blocking communications on ports 465, 587 and 993 (and probably others too).
The "solution" was to nag them to sort it out.
I'm attempting to understand how spring boot uses http sessions to manage the oauth authorization code flow.
I understand that after the user submits their credentials via the /login form spring will persist the authentication object so it can be retrieved when the browser is redirected to retrieve the authorization code.
What I dont understand is if the browser needs to sends jsession cookie to the server or http basic authentication header when invoking this flow.
For example if I wanted to initiate the flow manually via curl do I need to specify any special headers ?
It doesn't use HTTP sessions to persist it, the client ID and authorisation code (the code that's passed back to the client app after the user authenticates) is used to identify the authentication object. The authorisation code is then used to obtain the access token.
So:
The client app redirects to the auth server, passing in their client ID.
The user authenticates with their username and password on the auth server , which stores the authentication against the code and client ID and passed the authorisation code back to the calling app as a request param on the redirect URL.
The client app calls back to the auth server, authenticating with it's client ID and secret and passing in the authorisation code. This is then swapped for the access (and possible refresh) token.
If the app needs the user details, the client app calls the user details endpoint authenticating with the access token it now has.
Is it possible to configure the proxy on a secured route so that on a redirect the location header field in the response is rewritten to HTTPS?
I get Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://complan-complan.a3c1.starter-us-west-1.openshiftapps.com/planner
when I log in to the application. But also without login the request to the above URL is redirected to HTTP and again to HTTPS.
Thanks!
When the exposed route in OpenShift is set to TLS edge termination then the build-in HAProxy will terminate the HTTPS connection and create a new HTTP connection to your application.
To get the original client-ip/protocol/port the proxy inserts the HTTP headers X-Forwarded-For, X-Forwarded-Proto and X-Forwarded-Port.
For redirection to work correctly you have to tell your framework/server to use those fields. In your case with Wildfly you can follow theses instructions
There are samples for other frameworks/servers in the OpenShift FAQ:
https://developers.openshift.com/faq/troubleshooting.html#_how_do_i_redirect_traffic_to_https
I am trying to setup windows server 2008 smtp server to relay emails to gmail smtp. Everything appears to be setup but it is not sending emails. Could you please help me figure out whats wrong.
Below is the setup:
Windows server 2008 with SMTP server
feature installed. Need SMTP server
to forward all messages to gmail smtp
server to send.
I have google apps setup for my
domain, also I can send emails
throught my test app using
gmail smtp.
SMTP Server Configuration: By default has default smtp server virtual directory.
In Properties of that virtual smtp server changed following.
Fully qualified domain name = mydomain.com
smart host = smtp.gmail.com
TCP Port = 587
Out Bound Security = Basic Authentication(my username password for google apps email account)
In domains list under virtual smtp server. I have one default domain that's server dns. I added another one for my domain name.
With above setup i am trying to redirect all email to gmail smtp.
I tested connection to smtp.gmail.com from server on port 587 through telnet and it works.
I am trying to use above server from my web application also by just dropping emails in pickup directory. It get's picked up and also accepts request form web application but never sends an email.
I can see that it adds those emails in queue folder but it stays there forever.
When i try to send emails from web app to above server it rejects if To address is other than my domain.(Am i missing something in list of domains)
Thanks for all answers, finally found solution there is a property for maximum sessions which value was 0 by default. Changed it to 100 and it send all pending emails immediately.
Possible reasons are that some SMTP servers block the outgoing messages if there domain name mismatch, possible to prevent spam mails from being sent. So for example, I will not be able to send my email with an address abc#mydomain.com from my domain yourdomain.com.
Hope that helps.
Ensure your sending domain is the same as the google apps domain
Ensure your sending address is a real address and not just an alias
IIRC you need to use STARTTLS (SSL) not basic authentication
This souds like a DNS issue. Check your /badmail directory. It will have .bad and .bdp files in there. You can open these in notepad (there will be some binary in there).
However, it may point to the possible problem.
You may also want to try and enable logging on the SMTP service. There may be something in there.