The credentials supplied to the package were not recognized

-
I am using ravendb as database in my current project and got tired of the following exception when running the database and the web site on the same machine:


The credentials supplied to the package were not recognized

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

Exception Details: System.ComponentModel.Win32Exception: The credentials supplied to the package were not recognized

[Win32Exception (0x80004005): The credentials supplied to the package were not 
   recognized]
   System.Net.NTAuthentication.GetOutgoingBlob(Byte[] incomingBlob,
   Boolean throwOnError, SecurityStatus& statusCode) +7737075
   System.Net.NTAuthentication.GetOutgoingBlob(String incomingBlob) +91
   System.Net.NegotiateClient.DoAuthenticate(String challenge, WebRequest
   webRequest, ICredentials credentials, Boolean preAuthenticate) +7856776
   System.Net.NegotiateClient.Authenticate(String challenge, WebRequest webRequest,
   ICredentials credentials) +18
   System.Net.AuthenticationManager.Authenticate(String challenge, WebRequest
   request, ICredentials credentials) +149
   System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest,
   ICredentials authInfo) +7856166
   System.Net.HttpWebRequest.CheckResubmitForAuth() +7859430
   System.Net.HttpWebRequest.CheckResubmit(Exception& e) +126
  
This happens because I've configured raven to prevent anonymous access and to accept windows authentication. My connection string looked like: 
"Url = http://localhost:8080; User=sam; Password=pass"
The windows authentication works well when the database is on remote server. But unfortunately when the site and the database are running on the same machine, IIS prevents it to get working for a safety precaution.

 To get out of this problem, I found a work around from web that says to disable the loopback check. The details about how to do that can be found in here.

But this didn't work for me and finally what I got to resolve this problem after spending a whole day is to remove the username and password from the connection string. 

It might be the reason that the web site was already authenticated using integrated authentication, but this is wired because the credentials were correct!

 

Comments

Post a Comment

Popular posts from this blog

Adding security headers to prevent XSS and MiTM attacks in .Net Core

-
Image
As a developer, we need to consider security when designing and building web applications. HTTP Response Headers allow server to pass additional information to instruct browsers how to handle sensitive data and content of the application and/or from external or untrusted sources. HTTP response security headers provide an extra layer of protection to help mitigating vulnerabilities and attacks. One way to add those security headers from .Net Core application is by writing a custom action filter that would be executed before serving any response from the application. Below is a example of the custom attribute: To apply this globally for all responses, we can add this to the Startup class as in below: To apply trusted source for any particular action: And here is the outcome: HAPPY CODING   👌
Read more

Creating transformations for custom config files

-
Image
Visual Studio provides native support to add application config transforms. But it is restricted to the native configuration files only. Also by default it only provides transforms for debug and release environment. If you need to use your own custom configuration file for custom defined environment, below are two options you can follow: Option 1: Do it "manually" Let's assume, we have a configuration file: Configuration.xml in a project. We want to add Configuration.Staging.xml and Configuration.Production.xml as transforms. To achieve this, I can add those xml files manually first and then edit the project file (.csproj) as below and then re-load the project: <ItemGroup>     <Content Include =" Configuration.xml " >        <SubType> Designer </SubType>        <TransformOnBuild> true </TransformOnBuild>        ...
Read more

Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolInvalidNonceException

-
I was using openId connect authentication with IdentityServer (v4) in a recent project and my client application was throwing following error: Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolInvalidNonceException: IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. at Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator.ValidateNonce(JwtSecurityToken jwt, OpenIdConnectProtocolValidationContext validationContext) in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\OpenIdConnectProtocolValidator.cs:line 332 at Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolValidator.Validate(JwtSecurityToken jwt, OpenIdConnectProtocolValidationContext validationContext) in c:\workspace\WilsonForDotNet45Release\src\Microsoft.IdentityModel.Protocol.Extensions\OpenIdCo...
Read more