I am the owner of an Azure Key Vault that I created. I created a key and a secret a day before. But today when I tried to create another key and secret, the Generate/Import button on top in the right pane is disabled and below it a following message is displayed:
Firewall is turned on and your client IP address is not authorized to access this key vault.
Networking section of the Key Vault has the following settings: Selected Networks and Allow trusted Microsoft services to bypass this filewall: Yes.
Question: Why I am getting the above warning and how can we fix it. I was able to create a Key and secret a day before.
Turn off the Firewall or add the client IP to the list of allowed IPs. At this time your client machine's IP address is not authorized to access the Key Vault and isn't a trusted Microsoft Service.
Only selected networks are allowed. What is funny the web browser client matters not the portal. You need to add your IP address to the list: IP address or CIDR. You can find it by using services like: https://www.google.com/search?q=what+is+my+ip+address
The option: Allow trusted Microsoft services to bypass this firewall -
works only for trusted services listed here: https://learn.microsoft.com/en-us/azure/key-vault/general/overview-vnet-service-endpoints#trusted-services
Related
i want to use google map api for route between two location. in my IOS application. i try create public key for project and enable uses API in developer console. but i got this error: this ip site or mobile application is not authorized to use this api key IOS. after this error i try create API key for Key restriction for (IP addresses (web servers, cron jobs, etc.)) and set my ip address and then routing is work fine. but when i try this from other device again and again i get this error.
i should use this URL for routing :
let url = "https://maps.googleapis.com/maps/api/directions/json?origin=\(origin)&destination=\(destination)&mode=driving&key=APIKEY"
how can solve this problem for working my code in all devices.
The API key that you use with Google Maps web service (Directions API) supports an IP restriction as mentioned in the following document:
https://developers.google.com/maps/faq#using-google-maps-apis
The issue is that you cannot know the IP addresses of all devices where your application is installed.
You have the following options:
Use unrestricted API key. Note that API key requires HTTPS connection, so the API key won't be intercepted from the request itself, because the request is encrypted. So, in this case you should procure that the API key is not put directly in your source code. If you can read it from config or the environment, it might be feasible.
Create an intermediate server. Your iOS application should send requests to the intermediate server, intermediate server should send requests to Google and pass responses back to your app. In this case you can restrict an API key by IP address of your intermediate server.
I hope this helps!
Mostly just a question about the next steps to do to figure out why the azure test environment isn't connecting to my specified smtp server. Currently when finishing up my form, its supposed to email the information to a specific email and upon calling that I get a 500 internal server error. I've checked my solution and saw that on my personal ip, i connected and was denied access because my ip is not white listed. All of the outbound ip addresses in the azure environment are whitelisted, but i noticed when doing a ping in cmd to the test environment, I would just get the standard cloudapp.net ip. I've seen people solve this problem with a static ip. Are there other ways to do this without needing a static ip(mostly for trying to keep costs low)?
Thanks!
so the issue was that the outgoing ip addresses didn't match the ip address of the site. It was the external ip in custom domains that needed to be whitelisted in order to work.
I am able to communicate to ADFS server and authenticate users successfully. I have a question regarding the endpoint address.
My Question:
When communicating to ADFS , can I provide domain name in the place of address.
https://address/adfs/services/trust/13/UsernameMixed
when I try to enter domain name channel cannot be created. I want to know if I am missing any setting in my server DNS.
When you authenticate you go to:
https://xxx/adfs/ls
You need the same for:
https://xxx/adfs/services/trust/13/UsernameMixed
I am attempting to setup a freeradius server to authenticate against a web service. The reason for this is that there is a complicated workflow involving account status and mac address. The workflow seemed out of place to be in freeradius. So my user names, and encrypted passwords are stored remotely to the radius server. Everything works fine using radclient to test. When I started using the the Access Point, I learned it only communicates with the radius server via eap-tls. This means that the User-Password argument is not available for my script.
Is there a way to have eap auth check for user authentication against my script? By this i mean, can i get the password to send to my secondary service?
Alternately, is there a way to get the User-Password from the encrypted eap-message data?
Access points don't usually place restrictions on the EAP type. The device connecting to the AP negotiates an EAP type with FreeRADIUS. If it's using EAP-TLS it's probably a windows machine that hasn't been configured to do anything different.
Investigate EAP flavours to find out which ones are available. If you have EAP-TTLS-PAP you can send the plaintext password from the wireless client, and user it to authenticate against the web service.
In FreeRADIUS v3.0.x there's a rlm_rest module, which can perform basic auth on behalf of the user, with very little configuration.
We have a web service api running on an EC2 instance on aws. We want to connect to it from external applications managed by us, eg iphone app, other frontend applications on different servers. I can't get my head around how to authenticate these. Do i add the ip to the EC2 security group, or IAM? and then when making JSON requests do i need to send the AWS access keys? are these sent in the headers? So say a sample call would be:
API.post("http://awsserver.com/app_api/v1/request", query: {
customer_name: "John Doe", customer_email: "test#test.com" }, headers:
{"AWS_ACCESS_KEY_ID"=>"exampletoken", "AWS_SECRET_KEY" =>
"secretexample"})
I have tried searching but surprisingly not a lot found. Any help would be great, thanks.
First of, do not send your access key and secret with any POST ever in plain text. The access key and secret key are used to generate unique tokens that expire to access AWS resources at your account level, not your application (API).
There are lots of assumptions I am making, however you will need to have the authentication done at your application level if you intend to have this API accessible from mobile devices as they will have changing IP's.
Look into OAuth where devices request access from some authentication mechanism in your application which will return a token you can send along in subsequent POST requests in the header.
For servers accessing your API you could certainly add those EC2 instance IP's to a security group opening access to your API server and deny all other IP's access, however keep in mind if the EC2 instances do not have Elastic IP's then on any restart they will have a different IP and need to be added to your security group.