Basic Authentication and Signout
Hi All
I am trying to isolate a problem where signout doesn;t display signout page in browser and again logs in user to site in browser.
I have Basic authentication enabled and default domain is set.
when I use WIndows auth NTLMS signout page works fine.
Did you close the browser in between log out/log in to destroy the cookie?
Trevor Seward, MCC
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Similar Messages
-
BASIC authentication and web client problems
I have a very simple web service that is working. Now before attempting to use
SSL, I want to test authenticating using BASIC authentication. I’ve made the
changes to web.xml and even though the other web service pages authenticate ok
(ex. http://localhost:7001/fileexchange/FileExchangeFacade), I am prompted again
for authentication for web service itself. I can never authenticate to http://localhost:7001/fileexchange/FileExchangeFacade?operation.view=helloWorld.
Has anyone completed this and if so, how does it work? I must have missed something
simple.
First, I setup the security constraint as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>file-exchange-resources</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>myrealm</realm-name>
</login-config>
<security-role>
<description>An administrators</description>
<role-name>Administrators</role-name>
</security-role>
That allows me to secure / authenticate to the JSPs in the web service test app
provided. Then I tried working with the admin server console to setup roles /
privileges. I couldn’t get this to work but I easily could have done something
wrong since there are no step by step examples other than the general docs in
the programming guide.
Next, since the web service deploys as a web application, I figured the problem
must be that the internal WLS servlet needs security information defined in web.xml.
I saw the programming guide listed the servlet name and discussed servlet mapping
so I added the normal security entries for a servlet as follows and re-jarred
the WAR and EAR.
<servlet>
<servlet-name>WebServiceServlet</servlet-name>
<servlet-class>
weblogic.webservice.server.servlet.WebServiceServlet
</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>WebServiceServlet</servlet-name>
<url-pattern>/FileExchangeFacade/*</url-pattern>
<security-role-ref>
<role-name>Administrators</role-name>
<role-link>Administrators</role-link>
</security-role-ref>
</servlet-mapping>
It still doesn’t work. Any idea on how to get it to authenticate?
Thanks,
DaveOk, this looks like an issue with the test page.
When the test page gets a request to invoke a
web service, it creates a client proxy and call invoke
on the proxy. This will case the client proxy to
create a new HTTP post connection to the server.
Test page pulls out the username/passwd from the
GET request from the browser and pass it to the
POST request it makes to the web service. I think,
the test page needs to do the same for realm. I will
file a CR for this (CR105320).
Please contact support with the case number if you
need a patch for this.
http://manojc.com
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
"Malcolm Robbins" <[email protected]> wrote in message
news:[email protected]...
One more thing.
I took out explicit realm mapping and noticed that the firstauthentication
challenge was for the WebLogic standard realm which was fine and
authentication was successful. (i.e. I got to the web service "homepage").
Actually I meant it was listed as "Weblogic Server" in the 1st challenge.
When I stepped into the web service method and pressed the Invoke buttonon
the web service methods the realm was "default" and authenticationfailed.
Why does the domain change and how do I cover this?Is was actually listed as "Default".
However this is the same domain I believe because I've done a further
experiment and set the domains explicitely
in the deployment WAR deployment (Other tab) and in the web.xml file. The
second challange is then asking for re-authentication in the correctdomain
(myrealm) but it does not accept the valid user/password and just re
challenges until 3 attempts then it displays the SOAP message and theserver
log file has the following exception:
java.io.FileNotFoundException: Response: '401: Unauthorized xxx' for url:
'http://localhost:7001/webservice/TraderService?WSDL'
at
weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:36
2)
at java.net.URL.openStream(URL.java:793)
at
weblogic.webservice.tools.wsdlp.DefinitionFactory.createDefinition(Definitio
nFactory.java:73)
at
weblogic.webservice.tools.wsdlp.WSDLParser.<init>(WSDLParser.java:63)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
108)
at
weblogic.webservice.WebServiceFactory.createFromWSDL(WebServiceFactory.java:
84)
at
weblogic.webservice.server.servlet.ServletBase.invokeOperation(ServletBase.j
ava:230)
at
weblogic.webservice.server.servlet.WebServiceServlet.invokeOperation(WebServ
iceServlet.java:306)
at
weblogic.webservice.server.servlet.ServletBase.handleGet(ServletBase.java:19
8)
at
weblogic.webservice.server.servlet.ServletBase.doGet(ServletBase.java:124)
at
weblogic.webservice.server.servlet.WebServiceServlet.doGet(WebServiceServlet
.java:224)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(Servle
tStubImpl.java:1058)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:401)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:306)
at
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(W
ebAppServletContext.java:5412)
at
weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManage
r.java:744)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:3086)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:2544)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:153)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:134) -
So we have an Exchange 2013 environment, and a CRM solution that requires basic authentication to EWS internally. Problem is, after a reboot of our Exchange server, all of our Outlook clients begin prompting for username and password (which nothing
works) which also starts locking users AD accounts out due to failed login attempts (somehow). If I disabled basic authentication on EWS, Outlook authenticates as normal using NTLM and there are no issues. Once Outlook has authenticated, I can
turn back on basic authentication, and Outlook will be fine until the next time the Exchange server is rebooted.
Any ideas?Hi,
According to your description, I understand that Outlook client prompted for username and password when Exchange server restart and basic authentication is enabled for EWS.
If I misunderstand your concern, please do not hesitate to let me know.
It’s normal. This caused by the difference between basic authentication and NTML authentication:
Basic, with any version of Outlook prior to 2010, results in a pop up dialog asking for creds. Outlook 2010 makes the 'save this password' actually work, so in an Outlook 2010 or later world, Basic can mean no need to authenticate every time you open/reconnect,
but in all earlier versions, you will have to enter creds every time.
NTLM, when used by a client that is domain joined and logged in with cached creds, results in the client simply sending the cached in creds to the server, resulting in what looks like a pretty seamless single sign on experience. However, if you want to do pre-authentication
at something like TMG, and not let the traffic go all the way to CAS, you need to configure TMG for this.
Thanks
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Allen Wang
TechNet Community Support -
Basic authentication only works for some webservices?
I'm trying to call the SAP BI/BO REStful webservices using basic authentication. I enabled basic authentication in the WACS and tested with this service:
http://host:6405/infostore/16422
This works! I can get the report metadata as either xml or json. However, whenever I try an url with "raylight" in it, I get an authentication problem:
http://host:6405/biprws/raylight/v1/documents/16422/parameters
error_code: "1"
message: "No session found in HTTP header X-SAP-LogonToken"
Why do some services work with basic authentication and others absolutely require the logontoken? I would like to avoid the logontoken if possible. I tested by logging on with the token and that does work, so it's not like my credentials are wrong.
I also found the a problem with the raylight logontoken described here: RESTful Raylight Error Incorrect session
Apparently, there needs to be double quotes around the logontoken for it to work. Could this "bug" be the reason why basic authentication doesn't work? I already tfried to put double quotes around and inside my base-encoded value but it still gives the same error.Hello,
Raylight doesn't support basic authentication because it required a permanent session to work. Internally, we have to manage a "cache" to support subsequent REST calls and this is not possible using basic authentication.
Regards,
Anthony -
Can we add Basic Authentication for Oracle Report 10g?
As we know, Apache supports basic Authentication, and Oracle Report 10g bases on Apache, that means Oracle Report 10g supports Basic Authentication too?
Can anyone tell me the steps on how to configure Basic Authentication for Oracle Report 10g?
Thanks for your help in Advance!
P.S.
I tried to add the following content to the file "httpd.conf" under the directory "E:\OraHome_2\Apache\Apache\conf\" (I installed report under this folder), but it doesn't work well:
<Directory "E:\OraHome_2\Apache\Apache\htdocs">
AuthType Basic
AuthName "Private Documentation Repository"
AuthUserFile "C:\Program Files\Apache Software Foundation\Apache2.2\mypasswd"
Require user yangsun
</Directory>Answers at your duplicated thread --> Some inter view Questions Please give prefect answer help me
-
Performing Usermapping towards Basic Authentication Sites (e.g. SLD or DTR)
Hi,
I want to create a role for our maintenance people for checkin misc stuff, and some of the iviews will point to our SLD and NWDI servers. Currently they, require Basic Authentication and I'd like to have usermapping here (not SSO / Loginticket). I've had problems with this before, and was wondering if anyone would like to give a detailed list of how to perform this? The example using DTR and SLD could (I think) relate to any other site using basic authentication.
What I've done so far is (for DTR iview)
- define a URL iview (with fields "AUTH_USER" and "AUTH_PASSWORD" as Mapped User and Mapped Password types respectively)
- created a HTTP system with reference to the 2 fields in the iview, authenticationlink (http:///dtr) and authtype "basic authentication".
- usermapping is maintained in a group where I'm a member
Can anyone give me a general list of things to do to perform usermapping towards basic authentication sites?
Please help! Points will be awarded!
Regards,
Hans Petter BjørnHello Hans,
i think you have to write your own abstract portal component to achieve this. Pls see this weblog
Accessing a web page protected by BASIC authentication
kind regards
Andreas -
JAXWS EJB3.0 Based WebService Authentication and Authorization - Weblogic
Hi Experts,
I need to Create a EJB3.0 WS where this Service has static Authentication and Authorization. How can I achieve it, any pointer.
TIAThe below sample is for basic authentication and authorization.
Web service
========
import javax.ejb.Stateless;
import javax.ejb.TransactionAttribute;
import javax.ejb.Remote;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.annotation.security.RolesAllowed;
import javax.ejb.SecurityRoles;
@Stateless(mappedName="com.slsbBean")
@Remote( { com.bea.Service.class})
@WebService(name="TransactionPortType", serviceName="TransactionService",
targetNamespace="http://example.org")
public class ServiceBean implements Service {
@WebMethod()
@RolesAllowed ( {"Admin","Manager"})
public void testMethod(String s) {
System.out.println("inside ejb method");
System.out.println("username : " + weblogic.security.SubjectUtils.getUserPrincipal(weblogic.security.Security.getCurrentSubject()));
Client
====
import java.util.Map;
import javax.xml.ws.BindingProvider;
public class Test {
public static void main(String[] args) {
TransactionService simple = new TransactionService();
TransactionPortType port = simple.getTransactionPortTypePort();
BindingProvider bindingProvider = (BindingProvider) port;
Map<String, Object> reqContext = bindingProvider.getRequestContext();
reqContext.put(BindingProvider.USERNAME_PROPERTY, "XXXXXX");
reqContext.put(BindingProvider.PASSWORD_PROPERTY, "XXXXXX");
port.testMethod("hello");
Regards,
Sunil P -
URGENT : Unprotect a virtual directory from basic authentication
All,
Server : Weblogic 8.1
OS : Windoes 2000 Adv Server SP4
I am very successfull in configuring a web application with basic authentication
and all works fine for me. Now i have a virtual directory for downloading certain
files. These i have to unprotect meaning no authentication mode should be enabled
for this virtual directory.
Unfortunately i am using weblogic as both web and appserver. I know how to do
the same with webservers like IIS or Apache.
IS it possible to do this config with weblogic 8.1 ? To configure a web application
with basic auth and ignore or unprotect (enable anonymous access) for a virtual
directory.
Thanks in Advance
ViswanathanHi,
I agree with Tim that we can ask for better help in the following IIS forum.
IIS.NET forum
http://forums.iis.net/
Best regards,
Frank Shen -
How to log out using BASIC authentication
Hi,
we are using JSC and Sun Appserver8.
To authenticate we are using BASIC authentication and it works well.
Now we need to do a log out function because of new demands.
Is it possible to log out when using BASIC authentication ?
If so, how?
/Regards KristerIf you are using Basic Authentication, you may not be able to force log out. In that case you may have to use form based authentication.
Please read more details here
http://httpd.apache.org/docs/1.3/howto/auth.html
(Look at the topic How do I log out?)
- Winston
http://blogs.sun.com/winston -
How to set up and test the Basic Authentication for HTTP protocol
Hi,
I tried configuring the password based Basic Authentication for sending xml document using ebMS - HTTP protocol. I set username and password while configuring the transport server for both trading partners. I want to know, is that sufficient for basic authenticaton. When I open the URI http://localhost:7778/b2b/transportServlet, it is not asking any authentication (username/password). Please note that I have not used SSL certificate. Anyone please help me out to configure Basic authentication.Hi Ramesh,
Thanks for ur response. Could you please tell me where to set the Additional Transport header : authtype-basic#realm=myRealm(in which property file). In enqueue code, I could see the following attributes
queue
msgID
replyToMsgID
from
to
eventName
doctypeName
doctypeRevision
msgType
payload
attachment
subscriber
Is it possible to set username/password in the enqueue attributes?
Do i need to add username/password and Transport header in the input XML and defined that elements in xsd? -
Configuring Basic Authentication with Username and password on BizTalk Schema Service
Hi,
I have published my schema as a webservice with WCF-BASICHTTP adapter in IIS 8.0.
I wanted to have a Basic Authentication(User name and password restriction).
I made the Receive location with Security mode as Transport and Transport Client Crediential Type as Basic.
I also set the Service in IIS with Basic Authentication only enabled.
But I don't know how to provide a UserName and Password Authentication.
Please provide your suggestions
Regards, Vignesh SHi,
Try & go through the below MSDN link as it explains configuring WCF BasicHttp adapter very well.
http://msdn.microsoft.com/en-us/library/bb246064(v=bts.80).aspx
HTH,
Sumit
Sumit Verma - MCTS BizTalk 2006/2010 - Please indicate "Mark as Answer" or "Mark as Helpful" if this post has answered the question -
How set UserName and Password for HTTP Basic Authentication for a servlet
Hi..
How set UserName and Password for HTTP Basic Authentication for a servlet in JBoss server?
Using Tomcat i can do it .(By setting roles in web.xml, and user credintails in tomcat-user.xml).
But i dont know how do it in JBOSS..
I am using Netbeans and Eclipse IDEs.. Can we do it by using them also!?
Thank uHi Raj,
You can do this by creating a Login screen for the users and check the authentication of each user in PAI i.e. PROCESS AFTER INPUT.
Store the user information in a database table and check the username and password when the user enters it.
You can display password as *** also. For this double click on input box designed for password and goto Display tab. Select Invisible in the list and check it.
CASE sy-ucomm.
WHEN 'BACK'.
LEAVE PROGRAM.
WHEN <fcode for submit>.
SELECT SINGLE uname pwd
FROM <DB table>
INTO (user, pass)
WHERE username = user AND
password = passwd.
IF sy-subrc = 0.
<Go to next screen for further processing>
ELSE.
<Display Error message and exit>
ENDIF.
ENDCASE.
Regards,
Amit
Message was edited by:
Amit Kumar -
Hello,
I have an issue with OData based BASIC authentication for iOS App created using HTML, JavaScript, SAP UI5, OData and Apache Cordova/PhoneGap.
Please check the post here http://scn.sap.com/thread/3527245
Request you to kindly reply on the above given link.
Thanks and Regards,
Suraj KumarHello Prathik,
The code which I am using for OData based BASIC Authentication, for my Mobile App is as below.
var onSuccess = function(data) {
alert("We are Through"); //Just to check that the OData request was sucessful
var onError = function(err) {
switch(err.response.statusCode) {
case 403 : {
window.alert("Error Code - 403, Service unreachable ");
break;
case 401 : {
window.alert("The credentials are incorrect or missing!");
break;
// dataUserName and dataPassword are the two variables, in which I am storing my Username and Password, respectively.
var connectionRequest = {
requestUri: "ODATA SERVICE URL GOES HERE/",
headers: { Authorization : 'Basic ' + Base64.encode(dataUsername + ":" + dataPassword) },
method: "POST"
OData.request( connectionRequest, onSuccess, onError); -
Iphone subscribed calendar - basic authentication, events and timezone
hi,
i'm attempting to use the subscribed calendar feature in iOS and having problems.
1st issue: i've put an ics file that regularly gets updated on an at a web location that is basic authentication protected. Inside the subscribed Calendar settings there is a place to put username and password. When i click "Done" and iOS tries to verify the information, i get a popup saying "account requires a username and password"... I know basic authentication works and the username and password are correct because i've tested via browser and very simple passwords e.g. 123.
2nd issue: I do work with people in other timezones and so i frequently get meeting requests from people in other timezones. In the ICS file i can see this information is published appropriately. e.g.
DTSTART;TZID="Romance Standard Time":20110510T170000
DTEND;TZID="Romance Standard Time":20110510T183000
If I import this ics file into google calendar, the timezones are read appropriately and the meetings are scheduled accordingly. in the example above, the meeting shows up as being at 8am - 9:30am.
on iOS the timezone is completely ignored. so i get the meeting showing up as 5pm - 6:30pm.
I've tried fiddling with the "Time Zone support" option in settings, but this does nothing.
Help on the issues above is greatly appreceiated. Personally I'm extremely frustrated with this.
Thanks...Thought I would keep alive the question about incorrect times for appointments created in other time zones on subscribed calendars. I believe this other thread -- https://discussions.apple.com/message/17318550#17318550 -- is asking about the same issue.
I am experiencing the same issue, including the setting for Time Zone Support having no impact, with iOS 6.
Any whiff of a solution yet? -
IIS Reverse Proxy and Basic Authentication
Hi,
we've currently put a WebAS 6.40 serving a BSP Application in our Appl-DMZ. For the access via Web the IIS Reverse Proxy is used, which works fine as long as you use a service for which a user is provided (in SICF). But if you don't provide a user in the service (in order to debug the BSP Application) you have to authenticate yourself using Basic Authentication (Browser Popup) which does not work (the popup returns and returns ...)
I' ve browsed the forums and it seems that the IIS Reverse Proxy does not support (the forwarding) of Basic Authentication "requests".
So my question, does someone exactly know if the IIS Reverse proxy supports Basic Authentication or not ?
Thanks,
MarkusHello Markus,
1. have you checked out Alon Weinstein's Weblog <a href="/people/sap.user72/blog/2005/02/23/the-reverse-proxy-series--part-2-iis-as-a-reverse-proxy">The Reverse Proxy Series -- Part 2: IIS as a reverse-proxy</a>?
2. Is the IIS a must? Can you give Apache or SAP Web Dispatcher a try. Prakash Singh wrote a Weblog <a href="/people/prakash.singh4/blog/2005/08/16/how-to-setup-webdispatcher-to-load-balance-portal-in-a-clustered-environment">How to setup webdispatcher to load balance portal in a clustered environment</a>.
Regards
Gregor
Maybe you are looking for
-
scanjet 9000 won't detect a single document but will detect a set of 10 documents in the feeder.
-
Anyone know whether I can also download acrobat which I have on my desktop to my laptop for when I travel. Or do I have to buy a second copy? If I can copy it, how do I do it? Thanks, Michael Gibraltar
-
Download Standalone Mavericks Installer
Where do you locate a standalone installer image of Mavericks? It appears as a free upgrade in App Store, but after it downloads does an installer remain in your downloads folder? Or does it simply run the installer and force you to restart? I'd lik
-
Pre: lack of camera photo options
The Camera is great, but... Would like to see options like white balancing, filter options (black and white, sepia...), brightness control. Seems like these are standard on most camera phones.
-
ComboBox acting funny between keyframes
There are two keyframes, "A" and "B", in my movie. A ComboBox is present on both keyframes with the same instance name. Items are populated on Keyframe "A". Then I do a gotoAndStop("B"). If the position of the ComboBox is shifted, then none of the it