This is similar to a very recent question, but different enough I have posted it separately.
I am trying to get a basic DNOA Client Credentials Scenario working. Taking a major chunk from the article at (but changing it to work with the latest DNOA):
public class OAuthTokenController : Controller { // // GET: /OAuthToken/
public ActionResult Index() { var authorizationServer = new AuthorizationServer( new OAuth2Issuer( new X509Certificate2(Server.MapPath("~/Infrastructure/OAuth/localhost.pfx"), "a"), new X509Certificate2(Server.MapPath("~/Infrastructure/OAuth/localhost.cer")), null ) );
OutgoingWebResponse resp = authorizationServer.HandleTokenRequest(Request); var response = MessagingUtilities.AsActionResult(resp);
private static IAuthorizationState GetAccessToken() { var authorizationServer = new AuthorizationServerDescription { TokenEndpoint = new Uri("http://localhost:20932/OAuthToken"), ProtocolVersion = ProtocolVersion.V20 }; var client = new WebServerClient(authorizationServer, "zamd", "test1243");
var state = client.GetClientAccessToken(new[] { "http://localhost/" }); return state;
}
The Problem ----------- Whenever I call the GetClientAccessToken method, I get a ProtocolException with the message "This message can only be sent over HTTPS."
I have logging enabled using log4net on the webside, but nothing is logged when the client code makes this call (it does log if I hit it directly with a browser so I assume it is logging correctly)
Yes, this has come up recently. And the answer was that the
<sectionGroups> in the web.config were incorrect. You should check yours.
They should look something like this:
<configSections>
<section name="log4net"
type="log4net.Config.Log4NetConfigurationSectionHandler"
requirePermission="false"/>
<sectionGroup name="dotNetOpenAuth"
type="DotNetOpenAuth.Configuration.DotNetOpenAuthSection,
DotNetOpenAuth.Core">
<section name="openid" type="DotNetOpenAuth.Configuration.OpenIdElement,
DotNetOpenAuth.OpenId" requirePermission="false" allowLocation="true" />
<section name="oauth" type="DotNetOpenAuth.Configuration.OAuthElement,
DotNetOpenAuth.OAuth" requirePermission="false" allowLocation="true" />
<sectionGroup name="oauth2"
type="DotNetOpenAuth.Configuration.OAuth2SectionGroup,
DotNetOpenAuth.OAuth2">
<section name="authorizationServer"
type="DotNetOpenAuth.Configuration.OAuth2AuthorizationServerSection,
DotNetOpenAuth.OAuth2.AuthorizationServer" requirePermission="false"
allowLocation="true" />
</sectionGroup>
<section name="messaging"
type="DotNetOpenAuth.Configuration.MessagingElement, DotNetOpenAuth.Core"
requirePermission="false" allowLocation="true" />
<section name="reporting"
type="DotNetOpenAuth.Configuration.ReportingElement, DotNetOpenAuth.Core"
requirePermission="false" allowLocation="true" />
</sectionGroup>
</configSections>
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
On Thu, Aug 2, 2012 at 2:14 PM, Brian Wright <brian.n.wri...@gmail.com>wrote:
> This is similar to a very recent question, but different enough I have
> posted it separately.
> I am trying to get a basic DNOA Client Credentials Scenario working.
> Taking a major chunk from the article at (but changing it to work with the
> latest DNOA):
> private static IAuthorizationState GetAccessToken()
> {
> var authorizationServer = new AuthorizationServerDescription
> {
> TokenEndpoint = new Uri("http://localhost:20932/OAuthToken > "),
> ProtocolVersion = ProtocolVersion.V20
> };
> var client = new WebServerClient(authorizationServer, "zamd",
> "test1243");
> var state = client.GetClientAccessToken(new[] { "http://localhost/"
> });
> return state;
> }
> The Problem
> -----------
> Whenever I call the GetClientAccessToken method, I get a ProtocolException
> with the message "This message can only be sent over HTTPS."
> I have logging enabled using log4net on the webside, but nothing is logged
> when the client code makes this call (it does log if I hit it directly with
> a browser so I assume it is logging correctly)
> How can I make it not require HTTPS?
> --
> You received this message because you are subscribed to the Google Groups
> "DotNetOpenAuth" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/dotnetopenid/-/gfOE5JCoF74J.
> To post to this group, send email to dotnetopenid@googlegroups.com.
> To unsubscribe from this group, send email to
> dotnetopenid+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/dotnetopenid?hl=en.
Thanks so much for your help. Unfortunately, it still gives me the same error. Again, my logging shows nothing even though I believe it is hooked up right.
Is there nothing that I need to configure on the client side other than what I have shown in my code?
So the entire contents of my web.config on the server side are below:
On Thursday, August 2, 2012 7:19:28 PM UTC-5, Andrew Arnott wrote:
> Yes, this has come up recently. And the answer was that the <sectionGroups> in the web.config were incorrect. You should check yours. They should look something like this:
I recently extended the same example to get things working using the ROCP Grant (that example is actually an example of Client Credentials grant per my post on the blog).
Is the error you are still getting an issue with HTTPS? Is so, make sure you relax SSL on both the Issuer website and the API website. This is ALL i have done to fix that particular issue.
There is nothing else i had to do at the client (other than call the correct endpoints).
/stevenhttp://livz.org
> Date: Fri, 3 Aug 2012 08:55:33 -0700
> From: brian.n.wri...@gmail.com
> To: dotnetopenid@googlegroups.com
> Subject: Re: [dotnetopenauth] Requires HTTPS
> Thanks so much for your help. Unfortunately, it still gives me the same error. Again, my logging shows nothing even though I believe it is hooked up right.
> Is there nothing that I need to configure on the client side other than what I have shown in my code?
> So the entire contents of my web.config on the server side are below:
I am starting to feel silly about not resolving this when everyone makes it sound so simple.
In my case, the issuer and api websites are one and the same.. just different URLs and controllers. I believe I have relaxed SSL to the best I know how (I posted my entire web.config earlier).
The client is just a console app and that is where I get the message the HTTP is required. Nothing is logged on the server side when the client makes this call. However, if I hit the server side directly via a browser I do get stuff logged.
I am obviously missing something and any help to get me in the right direction would be greatly appreciated.
On Friday, August 3, 2012 11:12:16 AM UTC-5, weblivz wrote:
> I recently extended the same example to get things working using the ROCP Grant (that example is actually an example of Client Credentials grant per my post on the blog).
> Is the error you are still getting an issue with HTTPS?
> Is so, make sure you relax SSL on both the Issuer website and the API website. This is ALL i have done to fix that particular issue.
> There is nothing else i had to do at the client (other than call the correct endpoints).
> > Thanks so much for your help. Unfortunately, it still gives me the same error. Again, my logging shows nothing even though I believe it is hooked up right.
> > Is there nothing that I need to configure on the client side other than what I have shown in my code?
> > So the entire contents of my web.config on the server side are below:
Brian - don't worry about sounding silly - it took a lot of effort for me to get it working too.
One step I would take is to put tracing on the server (/trace.axd) and analyse the request being made from the console app.
I do find it really odd that you are getting the "relax ssl" type message on the request though as AFAIK that config is the only place it can be set.
Would you be able to zip up your entire solution and fire it over?
/steven
> Date: Mon, 6 Aug 2012 11:45:41 -0700
> From: brian.n.wri...@gmail.com
> To: dotnetopenid@googlegroups.com
> Subject: Re: [dotnetopenauth] Requires HTTPS
> I am starting to feel silly about not resolving this when everyone makes it sound so simple.
> In my case, the issuer and api websites are one and the same.. just different URLs and controllers. I believe I have relaxed SSL to the best I know how (I posted my entire web.config earlier).
> The client is just a console app and that is where I get the message the HTTP is required. Nothing is logged on the server side when the client makes this call. However, if I hit the server side directly via a browser I do get stuff logged.
> I am obviously missing something and any help to get me in the right direction would be greatly appreciated.
> On Friday, August 3, 2012 11:12:16 AM UTC-5, weblivz wrote:
> > I recently extended the same example to get things working using the ROCP Grant (that example is actually an example of Client Credentials grant per my post on the blog).
> > Is the error you are still getting an issue with HTTPS?
> > Is so, make sure you relax SSL on both the Issuer website and the API website. This is ALL i have done to fix that particular issue.
> > There is nothing else i had to do at the client (other than call the correct endpoints).
> > > Thanks so much for your help. Unfortunately, it still gives me the same error. Again, my logging shows nothing even though I believe it is hooked up right.
> > > Is there nothing that I need to configure on the client side other than what I have shown in my code?
> > > So the entire contents of my web.config on the server side are below:
Thanks for the help and encouragement. I took your advise and turned on tracing and oddly, if I am doing it right, nothing is traced. Much like the logging behavior I described, if I hit the issuer URL directly via browser, then I do get tracing.
So I went back to my tracing code that I posted earlier. (here it is again)
Client Code (Console app)
---------------
private static IAuthorizationState GetAccessToken()
{
var authorizationServer = new AuthorizationServerDescription
{
TokenEndpoint = new Uri("http://localhost:20932/OAuthToken"),
ProtocolVersion = ProtocolVersion.V20
};
var client = new WebServerClient(authorizationServer, "zamd", "test1243");
var state = client.GetClientAccessToken(new[] { "http://localhost/" });
return state;
}
-----
It turns out that I can put any bogus non-existent address I want to in the TokenEndPoint and I get the exact same message. I get the message on the call to GetClientAccessToken.
It would appear that this requirement is being enforced by the client code before any call to the issuer is even made. Is there anything on the client I can configure to stop this behavior?
On Monday, August 6, 2012 1:55:01 PM UTC-5, weblivz wrote:
> Brian - don't worry about sounding silly - it took a lot of effort for me to get it working too.
> One step I would take is to put tracing on the server (/trace.axd) and analyse the request being made from the console app.
> I do find it really odd that you are getting the "relax ssl" type message on the request though as AFAIK that config is the only place it can be set.
> Would you be able to zip up your entire solution and fire it over?
> > I am starting to feel silly about not resolving this when everyone makes it sound so simple.
> > In my case, the issuer and api websites are one and the same.. just different URLs and controllers. I believe I have relaxed SSL to the best I know how (I posted my entire web.config earlier).
> > The client is just a console app and that is where I get the message the HTTP is required. Nothing is logged on the server side when the client makes this call. However, if I hit the server side directly via a browser I do get stuff logged.
> > I am obviously missing something and any help to get me in the right direction would be greatly appreciated.
> > On Friday, August 3, 2012 11:12:16 AM UTC-5, weblivz wrote:
> > > I recently extended the same example to get things working using the ROCP Grant (that example is actually an example of Client Credentials grant per my post on the blog).
> > > Is the error you are still getting an issue with HTTPS?
> > > Is so, make sure you relax SSL on both the Issuer website and the API website. This is ALL i have done to fix that particular issue.
> > > There is nothing else i had to do at the client (other than call the correct endpoints).
> > > > Thanks so much for your help. Unfortunately, it still gives me the same error. Again, my logging shows nothing even though I believe it is hooked up right.
> > > > Is there nothing that I need to configure on the client side other than what I have shown in my code?
> > > > So the entire contents of my web.config on the server side are below:
> Thanks for the help and encouragement. I took your advise and turned on
> tracing and oddly, if I am doing it right, nothing is traced. Much like
> the logging behavior I described, if I hit the issuer URL directly via
> browser, then I do get tracing.
> So I went back to my tracing code that I posted earlier. (here it is
> again)
> Client Code (Console app)
> ---------------
> private static IAuthorizationState GetAccessToken()
> {
> var authorizationServer = new AuthorizationServerDescription
> {
> TokenEndpoint = new Uri("http://localhost:20932/OAuthToken > "),
> ProtocolVersion = ProtocolVersion.V20
> };
> var client = new WebServerClient(authorizationServer, "zamd",
> "test1243");
> var state = client.GetClientAccessToken(new[] { "http://localhost/"
> });
> return state;
> }
> -----
> It turns out that I can put any bogus non-existent address I want to in
> the TokenEndPoint and I get the exact same message. I get the message on
> the call to GetClientAccessToken.
> It would appear that this requirement is being enforced by the client code
> before any call to the issuer is even made. Is there anything on the
> client I can configure to stop this behavior?
> On Monday, August 6, 2012 1:55:01 PM UTC-5, weblivz wrote:
> > Brian - don't worry about sounding silly - it took a lot of effort for
> me to get it working too.
> > One step I would take is to put tracing on the server (/trace.axd) and
> analyse the request being made from the console app.
> > I do find it really odd that you are getting the "relax ssl" type
> message on the request though as AFAIK that config is the only place it can
> be set.
> > Would you be able to zip up your entire solution and fire it over?
> > > I am starting to feel silly about not resolving this when everyone
> makes it sound so simple.
> > > In my case, the issuer and api websites are one and the same.. just
> different URLs and controllers. I believe I have relaxed SSL to the best I
> know how (I posted my entire web.config earlier).
> > > The client is just a console app and that is where I get the message
> the HTTP is required. Nothing is logged on the server side when the client
> makes this call. However, if I hit the server side directly via a browser
> I do get stuff logged.
> > > I am obviously missing something and any help to get me in the right
> direction would be greatly appreciated.
> > > On Friday, August 3, 2012 11:12:16 AM UTC-5, weblivz wrote:
> > > > I recently extended the same example to get things working using the
> ROCP Grant (that example is actually an example of Client Credentials grant
> per my post on the blog).
> > > > Is the error you are still getting an issue with HTTPS?
> > > > Is so, make sure you relax SSL on both the Issuer website and the
> API website. This is ALL i have done to fix that particular issue.
> > > > There is nothing else i had to do at the client (other than call the
> correct endpoints).
> > > > > Thanks so much for your help. Unfortunately, it still gives me
> the same error. Again, my logging shows nothing even though I believe it
> is hooked up right.
> > > > > Is there nothing that I need to configure on the client side other
> than what I have shown in my code?
> > > > > So the entire contents of my web.config on the server side are
> below:
