subject:"Re\: Angular 4 under windows authentication"

Re: Angular 4 under windows authentication

2017-05-04 Thread Tony Wright

Hi all,

I figured this out. It turns out that SystemJs uses standard XHR calls to
request included files from the server. That means that it requires
authentication headers, as it's no different from, say, calling a webapi
that requires authentication. SystemJs has a lesser known attribute that
you set on a meta tag property to enable authentication headers to be
passed with each request.

So my Systemjs.config now looks like this:
System.config({
meta: {
'*': { authorization: true }
},

Then when I turn on windows authentication and turn off anonymous
authentication, it all works.

Thanks for everyone that helped.

Regards,
Tony

On Mon, May 1, 2017 at 2:26 PM, Stephen Price <step...@lythixdesigns.com>
wrote:

> Try setting your authorization to
>
> 
>
> and leave the authentication in there as it is. If that makes everything
> work, then the fix would be to set allow access to the folder they need for
> things to work, and the rest is then authenticated.
>
> It's also possible your deny also needs an allow for authenticated. (Not
> sure if you need both...) It can be fiddly to get working right. Security
> is that thing you turn on that breaks everything. :)
>
>
>
> http://stackoverflow.com/questions/10351075/allow-
> anonymous-authentication-for-a-single-folder-in-web-config
>
> <http://stackoverflow.com/questions/10351075/allow-anonymous-authentication-for-a-single-folder-in-web-config>
> asp.net - Allow anonymous authentication for a single ...
> <http://stackoverflow.com/questions/10351075/allow-anonymous-authentication-for-a-single-folder-in-web-config>
> stackoverflow.com
> So here is the scenario, I have an Asp.Net application that is using a
> custom authentication & membership provider but we need to allow completely
> ...
>
>
> --
> *From:* ozdotnet-boun...@ozdotnet.com <ozdotnet-boun...@ozdotnet.com> on
> behalf of Tony Wright <tonyw...@gmail.com>
> *Sent:* Monday, 1 May 2017 7:43:23 AM
> *To:* ozDotNet
> *Subject:* Re: Angular 4 under windows authentication
>
> Yea I'm pretty certain it's security, but I thought it would be a bit
> drastic to set files to anonymous access.
>
> The interesting thing is that scripts are loading, just not through
> systemjs (which is the default module loader for new Angular). I'm not sure
> what context systemjs is running under, or why it's not seeing other files
> when it should already be authenticated. The whole of my index.html file
> has been moved into an index.cshtml file to support windows authentication
> under iis.
>
> Just thinking this through, it is probably acceptable to have all the
> script and html files as anonymously accessible, as it is at the webapi
> controller that we truly need to lock down security. Does that make sense?
> I thought it would have problems authenticating against webapi if I did it
> that way!
>
> (FYI, I'm using dot net framework 4 for this one, as it supports the EF
> canvas.)
>
>
> On Mon, May 1, 2017 at 9:26 AM, Stephen Price <step...@lythixdesigns.com>
> wrote:
>
>> Hi Tony,
>> I did a bit of this kind of troubleshooting last year. I had to set up
>> anonymous access for one service and authenicated on the rest. I ended up
>> setting that in the web.config file at the IIS level. You can specify the
>> files/permissions there.
>> Have you tried seeing what errors are returned using fiddler? Might help
>> you. It could be that you need to allow anonymous access to something...
>> Not looked at your site, am on my phone but it does sound permission
>> related given it all works anonymous
>>
>> Cheers
>>
>>
>> On 1 May 2017 7:12 am, Tony Wright <tonyw...@gmail.com> wrote:
>>
>> Hey all,
>>
>> I currently have an angular 4 app (same as 2) running successfully with
>> anonymous authentication.
>>
>> I am now trying to get it to work with windows authentication for an
>> intranet application.
>>
>> It is unable to use the SystemJs loader at the moment. I've managed to
>> get past the unauthorised problem, but it is complaining about the
>> requirejs include being missing (it's there.)
>>
>> The exact error message is:
>>
>> Uncaught Error: Module name "@angular/platform-browser-dynamic" has not been 
>> loaded yet for context: _. Use require([])
>> http://requirejs.org/docs/errors.html#notloaded
>> at F (require.js:7) []
>> at Object.m [as require] (require.js:26) []
>> at requirejs (require.js:32) []
>> at :1264/app/main.js:2:34 []
>>
>>
>> I have put more details up on stackoverflow, including a

Re: Angular 4 under windows authentication

2017-04-30 Thread Stephen Price

Try setting your authorization to



and leave the authentication in there as it is. If that makes everything work, 
then the fix would be to set allow access to the folder they need for things to 
work, and the rest is then authenticated.

It's also possible your deny also needs an allow for authenticated. (Not sure 
if you need both...) It can be fiddly to get working right. Security is that 
thing you turn on that breaks everything. :)



http://stackoverflow.com/questions/10351075/allow-anonymous-authentication-for-a-single-folder-in-web-config

[https://cdn.sstatic.net/Sites/stackoverflow/img/apple-touch-i...@2.png?v=73d79a89bded]<http://stackoverflow.com/questions/10351075/allow-anonymous-authentication-for-a-single-folder-in-web-config>

asp.net - Allow anonymous authentication for a single 
...<http://stackoverflow.com/questions/10351075/allow-anonymous-authentication-for-a-single-folder-in-web-config>
stackoverflow.com
So here is the scenario, I have an Asp.Net application that is using a custom 
authentication & membership provider but we need to allow completely ...





From: ozdotnet-boun...@ozdotnet.com <ozdotnet-boun...@ozdotnet.com> on behalf 
of Tony Wright <tonyw...@gmail.com>
Sent: Monday, 1 May 2017 7:43:23 AM
To: ozDotNet
Subject: Re: Angular 4 under windows authentication

Yea I'm pretty certain it's security, but I thought it would be a bit drastic 
to set files to anonymous access.

The interesting thing is that scripts are loading, just not through systemjs 
(which is the default module loader for new Angular). I'm not sure what context 
systemjs is running under, or why it's not seeing other files when it should 
already be authenticated. The whole of my index.html file has been moved into 
an index.cshtml file to support windows authentication under iis.

Just thinking this through, it is probably acceptable to have all the script 
and html files as anonymously accessible, as it is at the webapi controller 
that we truly need to lock down security. Does that make sense? I thought it 
would have problems authenticating against webapi if I did it that way!

(FYI, I'm using dot net framework 4 for this one, as it supports the EF canvas.)


On Mon, May 1, 2017 at 9:26 AM, Stephen Price 
<step...@lythixdesigns.com<mailto:step...@lythixdesigns.com>> wrote:
Hi Tony,
I did a bit of this kind of troubleshooting last year. I had to set up 
anonymous access for one service and authenicated on the rest. I ended up 
setting that in the web.config file at the IIS level. You can specify the 
files/permissions there.
Have you tried seeing what errors are returned using fiddler? Might help you. 
It could be that you need to allow anonymous access to something... Not looked 
at your site, am on my phone but it does sound permission related given it all 
works anonymous

Cheers


On 1 May 2017 7:12 am, Tony Wright 
<tonyw...@gmail.com<mailto:tonyw...@gmail.com>> wrote:
Hey all,

I currently have an angular 4 app (same as 2) running successfully with 
anonymous authentication.

I am now trying to get it to work with windows authentication for an intranet 
application.

It is unable to use the SystemJs loader at the moment. I've managed to get past 
the unauthorised problem, but it is complaining about the requirejs include 
being missing (it's there.)

The exact error message is:

Uncaught Error: Module name "@angular/platform-browser-dynamic" has not been 
loaded yet for context: _. Use require([])
http://requirejs.org/docs/errors.html#notloaded<http://requirejs.org/docs/errors.html#notloaded>
at F (require.js:7) []
at Object.m [as require] (require.js:26) []
at requirejs (require.js:32) []
at :1264/app/main.js:2:34 []

I have put more details up on stackoverflow, including a link to my demo app.

http://stackoverflow.com/questions/43696548/systemjs-not-working-with-windows-authentication-and-typescript-in-angular4

My demo app may be found here: https://bitbucket.org/tonywr7/angular2vs2015 
(the name may be a bit confusing - its actually an angular 4 app I'm running 
under VS2017 enterprise. Serves me right for putting technology versions in the 
solution name!)

Does anyone have any ideas on how to get around this?

Kind regards,
Tony

Re: Angular 4 under windows authentication

2017-04-30 Thread Tony Wright

Yea I'm pretty certain it's security, but I thought it would be a bit
drastic to set files to anonymous access.

The interesting thing is that scripts are loading, just not through
systemjs (which is the default module loader for new Angular). I'm not sure
what context systemjs is running under, or why it's not seeing other files
when it should already be authenticated. The whole of my index.html file
has been moved into an index.cshtml file to support windows authentication
under iis.

Just thinking this through, it is probably acceptable to have all the
script and html files as anonymously accessible, as it is at the webapi
controller that we truly need to lock down security. Does that make sense?
I thought it would have problems authenticating against webapi if I did it
that way!

(FYI, I'm using dot net framework 4 for this one, as it supports the EF
canvas.)


On Mon, May 1, 2017 at 9:26 AM, Stephen Price 
wrote:

> Hi Tony,
> I did a bit of this kind of troubleshooting last year. I had to set up
> anonymous access for one service and authenicated on the rest. I ended up
> setting that in the web.config file at the IIS level. You can specify the
> files/permissions there.
> Have you tried seeing what errors are returned using fiddler? Might help
> you. It could be that you need to allow anonymous access to something...
> Not looked at your site, am on my phone but it does sound permission
> related given it all works anonymous
>
> Cheers
>
>
> On 1 May 2017 7:12 am, Tony Wright  wrote:
>
> Hey all,
>
> I currently have an angular 4 app (same as 2) running successfully with
> anonymous authentication.
>
> I am now trying to get it to work with windows authentication for an
> intranet application.
>
> It is unable to use the SystemJs loader at the moment. I've managed to get
> past the unauthorised problem, but it is complaining about the requirejs
> include being missing (it's there.)
>
> The exact error message is:
>
> Uncaught Error: Module name "@angular/platform-browser-dynamic" has not been 
> loaded yet for context: _. Use require([])
> http://requirejs.org/docs/errors.html#notloaded
> at F (require.js:7) []
> at Object.m [as require] (require.js:26) []
> at requirejs (require.js:32) []
> at :1264/app/main.js:2:34 []
>
>
> I have put more details up on stackoverflow, including a link to my demo
> app.
>
> http://stackoverflow.com/questions/43696548/systemjs-
> not-working-with-windows-authentication-and-typescript-in-angular4
>
> My demo app may be found here: https://bitbucket.org/
> tonywr7/angular2vs2015 (the name may be a bit confusing - its actually an
> angular 4 app I'm running under VS2017 enterprise. Serves me right for
> putting technology versions in the solution name!)
>
> Does anyone have any ideas on how to get around this?
>
> Kind regards,
> Tony
>
>
>

Re: Angular 4 under windows authentication

Re: Angular 4 under windows authentication

Re: Angular 4 under windows authentication

3 matches

Site Navigation

Mail list logo

Footer information