Friday, March 13, 2020

Enabling CORS on asp.net Web API application (with Windows Authentication)

Source: https://forums.asp.net/t/2111551.aspx?Web+API+with+windows+authentication+and+CORS

Client: Vue.js application making a HTTP POST call to Web API

Target: Web API application

On the Target Web API application:
- Install the NuGet package: Microsoft.AspNet.Cors by Microsoft. (v5.2.7 as of this writing)
- In the App_Start/WebApiConfig.cs file

        public static void Register(HttpConfiguration config)
        {
            var corsAttr = new EnableCorsAttribute("https://localhost:44346", "*", "*") { SupportsCredentials = true }; // localhost:44346 is the client vue.js app
            config.EnableCors(corsAttr);

- In the Global.asax.cs file:
        protected void Application_BeginRequest()
        {
            if (Request.Headers.AllKeys.Contains("Origin") && Request.HttpMethod == "OPTIONS")
            {
                Response.Headers.Add("Access-Control-Allow-Origin", "https://localhost:44346");
                Response.Headers.Add("Access-Control-Allow-Headers", "Origin, Content-Type, X-Auth-Token, Pragma, cache-control"); //If passing more headers from client, include them here
                Response.Headers.Add("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS");
                Response.Headers.Add("Access-Control-Allow-Credentials", "true");
                Response.Headers.Add("Access-Control-Max-Age", "1728000");
                Response.End();
            }
        }

On the client (Vue.js application):

    this.axios = axios.create({
      headers: {
        'Content-Type': 'application/json; charset=utf-8',
        'Accept': 'application/json',
        'Cache-Control': 'no-cache',
        'Pragma': 'no-cache'
      },
      withCredentials: true
    });

HTTP POST can be this.axios.post(url, data, params).
The important thing for Windows auth to be passed to target is to include the "withCredentials".

Wednesday, May 16, 2018

VSTS - Failed in getBuild with error: Error: self signed certificate in certificate chain

Error on the Release agent using Visual Studio Team Services (cloud version of TFS)

Failed in getBuild with error: Error: self signed certificate in certificate chain
Error: self signed certificate in certificate chain

Solution:

Had to configure the agent on the target server - which I already read on another issue but when I ran the .\config.cmd - it said to remove the agent since the configuration cannot be changed while it exists/runs. Then to re-create the agent, I just got the script from the VSTS and it didn't have the cert param - so was confounded on how to mention the cert in the params for the configuration for the agent. Finally figured it out.

1)Remove the agent:
c:/vsts/a1> .\config.cmd remove

2)Then get the SSL certificate(.pem file) and put it in the root folder of the agent i.e. c:\vsts\a1 in this case. To get the .pem file:
•Export CA cert from Trusted Root CA Store, use Base64 Encoding X.509 (.CER) format, name the export cert to something like ca.pem.
•Export any intermediate CA cert from Intermediate CA Store, use Base64 Encoding X.509 (.CER) format, name the export cert to something like ca_inter_1/2/3.pem. Concatenate all intermediate ca certs into ca.pem, your ca.pem might looks like following:
-----BEGIN CERTIFICATE-----
(Your Root CA certificate: ca.pem)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Intermediate CA certificate: ca_inter_1.pem)
-----END CERTIFICATE-----
...
-----BEGIN CERTIFICATE-----
(Your Intermediate CA certificate: ca_inter_n.pem)
-----END CERTIFICATE-----

3) Then run the config command again (to configure the agent again with the sslcacert param and anything else you need)
.\config.cmd --sslcacert your-corp-ssl-cert.pem --deploymentgroup --deploymentgroupname "deployment-group-name" --agent $env:COMPUTERNAME --runasservice --work '_work' --url 'https://your-corp-name.visualstudio.com/' --projectname 'your-project-name';

Tuesday, September 26, 2017

‘Unable to connect to master or target server ‘mydb_svr’. You must have a user with the same password in master or target server ‘mydb-db’

Error message: ‘Unable to connect to master or target server ‘mydb_svr’. You must have a user with the same password in master or target server ‘mydb-db’

The firewall ports were open. The issue (I think) was the source database from which the dacpac was generated did not have the sql user which was being used in the publish profile. Once I specified the password in the publish profile's connection string, it started working. I assume if the same user was set up on source database - which is being used in the publish profile, I could probably get away without mentioning the password in the publish profile's target connection string. 
Data Source=xx.xx.xx.xx,port#;Persist Security Info=False;User ID={user_id};Password={password};Pooling=False;MultipleActiveResultSets=False;Connect Timeout=60;Encrypt=False;TrustServerCertificate=True
Hope this helps someone!