In an iPad application, with VPN active and connected, the HttpClient can't access to a server in intranet, but I can access to same url when I access from Safari iPad.
The property Titanium.Network.networkTypeName shows "WIFI" or "MOBILE" but nothing related with a VPN connection.
Can anyone help me ? It's mandatory for my application access server through VPN.
Thanks in advance.
I got more info about my problem, actually the VPN wasn't the problem, the HTTClient uses the current device connection channel, that is, uses the VPN network and there is access to intranet server.
The problem was related with WAS server, when user is authenticated successfully against LDAP (using JAAS standard) then Connection was lost, when authentication failed then communications was OK and correct message was show to user, but when LDAP returned a valid authentication something made lost the communication channel.
I'm not sure about the "real" problem, but the solution was to add the HTTP header to request:
"Connection": "Keep-Alive"
This solves the problem.
Related
I'm working on an ASP.NET MVC website, it has been installed on three different servers (the same code version), it works on two of the servers i.e the user can login, but on one server after the user has submitted their username and password, the following server error is displayed in the browser:
Security Exception
System.Security.SecurityException: Token not found
The event viewer for the environment the error is occuring on shows the following two error messages at the point where th euser attempts to login:
Could not init pool.
System.Net.Sockets.SocketException (0x80004005):
A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because
connected host has failed to respond (server ip address)
And this error:
Error: System.Security.SecurityException: Token not found
Which is the server error displayed in the browser. This has in the past been resolved by deleting an authentication cookie, but that doesn't work for this error.
I have tried setting the trust level in the web.config to full which didn't work. I have tried restarting IIS.
Has anyone else come accross a similar problem? Could this problem be caused because a service of some kind isn't running? Any suggestions will be appreciated.
Most of the time these are connectivity timeouts due to different IP protocols (IPV4/IPV6) between the two server/computers trying to communicate or extra authentication rules setup on one of the computers for outgoing or incoming connectivity.
Ways to troubleshoot the issue:
Review IIS logs
Review EventLogs
Try adjusting TCP/IP parameters in the registry to increase the time allowed to connect
http://msdn.microsoft.com/en-us/library/aa560610(d=printer,v=bts.20).aspx
Even though the above article references Windows 2003, I've discovered it applies to some 2008 environments.
I was getting 0x80004005 & The requested name is valid, but no data of the requested type was found. My complete error
Check You have proper internet connection are there on your machine or not. And you are able to ping the remote server or not. I solved by checking both.
We were getting this error when one of a third party API hosted on of our server(Azure) was not able to communicate with one of our web services on a different machine(iNetU). Options were to open ports so that these machines could talk or to move the web service to the machine hosting the third party API.
I have an iOS client app which connects to a server using HTTPS.
I've added code in the client to verify the identify of the server.
How can a tester testing this feature test that it is now secure, how can they for example create a MITM situation and check that the client rejects connects etc.?
I've tried googling for how to do this but haven't had much luck.
Can it be done using tools like Charles and proxies etc. or is messing around with a wireless router and having detailed knowledge necessary?
This might be over simplification for your solution, but concepts might help.
A web browsers extracts the name of hosts from embedded certificate and do a comparison of host name that we're trying to connect with. If validation fails, we usually see a security warning. For ex: we can connect with facebook by either typing https://www.facebook.com or by typing https://173.252.100.16/. When we choose second option, we get a security warning.
Your program must be using SSL client socket to connect with HTTPS server. The socket must be having capability to extract the hostname from the embedded certificate. Once you get that, compare that with valid HOST NAME that your program is trying to connect with. If it matches, let request proceed, If not, abandon that session.
To re-create MITM, your web server can use a self signed certificate that can be issue to whatever host name you want, but the IP of server could be 127.0.0.1 (for example). Since there is a mismatch between the host name and actual IP, we can probably simulate the MITM situation.
I'm assuming that digital certificate can't be forged in this case.
I am trying to write up an HTTP proxy server in node.js, and I have successfully managed to route unsecure HTTP connections through it. But when applications (on my iOS device) use HTTPS for APIs 'n such, it always throws an error, and the attempted HTTPS connection never hits the server. So there are a few explanations of what could possibly be happening:
iOS chooses not to send HTTPS connections over the proxy for security reasons
iOS is looking for an HTTPS connection at the server on a different port, but can't find one
Basically what I am asking is: What does iOS do with HTTPS connections when an HTTP proxy is configured?
Please ask for any details or further questions in the comments. Thanks.
For an ios 5.0 application connecting to a rest webservice, the customer wants to implement a token based security to ensure that the data being sent over the network is not intercepted and altered in any way... Doesn't https over ssl ensure that the data is not intercepted? and I thought that this would be enough. Pls advise
However, The way the client wants it to work is that starting with the first client authentication request the server would return a token id that would be used to send the next request. In the response for this next request another token id would be sent back that needs to be used for the next request and so on. The problem is of concurrency. Eg when the apns token comes back and the app has to send that to the server and if at that time the iOS application is already making a data request to the server, then the tokens to be used will not match. also since the app has to regularly poll the server for new items, then there are more chances of such concurrency issues to occur.. Any ideas what efficient solutions I can put in the app to counter this?
Or if anyone can suggest better ways of implementing security over the network data, as a possible alternative to the above approach.. solutions that would work for an iOS app and is not battery consuming?
Help in this would be greeeeaaatly appreciated! :-)
Ps. Jfyi Am already doing md5 security on the token being sent
Doesn't https over ssl ensure that the data is not intercepted?
It depends on whom you're trying to protect agains. Plain SSL will protect perfectly fine against anyone between the device and the server.
But it will be trivial for the device owner to create a man-in-the-middle against a client that trusts all CA's on the device. All he needs to do is install his own private CA-certificate on the device, issue a fake certificate for your server signed by this CA, and install this certificate on his proxy/MitM device. To avoid this attack you'd need to do certificate pinning in the App.
Working on a data collection application using mobile sms.
when a customer send a sms lets say
SMS content
Demo CET 100-50030-2320-1000
when the sms reach the mobile serive provider it send a GET request on my server
http://domainname.com/demo.aspx?mno=9828958745&sms=CET+100-50030-2320-1000
Now the problem is some hackers are sending GET request from there PC browser and all the data is getting missed and server is getting overload
I want to know which request is from a computer(mobile server) and which are from browser.
thanks in advance
Regards
Check if the request for a page is coming from a server not a browser.
If your service is not meant to be accessible publicly you have to protect it instead of publishing it on the internet. Some wasy to protect it:
HTTP Authentication
IP restrictions in firewall.
IP restrictions in the service.
Virtual Private Network.