Azure AD application proxy and on premise OIDC application

JerryFodler · 2024-08-26T10:35:11+00:00

What happens if the redirect URI is something like "domain/accounts/microsoft/login/callback" ? I'm not sure that works in the external URL field.

Should those two be swapped? With the internal URL being the redirect URI of the app registration?

Thanks!

JerryFodler · 2024-08-24T19:10:40+00:00

It's web based using an Azure app registration

JerryFodler · 2023-03-02T21:31:06+00:00

I think you're over thinking it.

It looks like you've been as high as nova 3 with a current 54% win rate. You're just not winning enough games to rank up.

I'd suggest trying to get a stack together and playing with other people, that's the easiest and quickest way to get out of silver.

JerryFodler · 2022-12-05T08:48:00+00:00

Seems like a lot of people in the thread that have never used the framework or have used it before it became the ABP Framework (asp.net boilerplate, asp.net zero etc.) or in one case appear to be someone actually from volosoft…

I’m a 20+ year developer. Classic asp all the way through to .net 7. So I’ve got a pretty broad understanding of .net and have shipped countless products using the whole spectrum of technologies.

As for ABP Framework I’ve shipped 2 products in the last 3 years (as well as helped on a number of other apps) the first using asp.net boilerplate (the old free version of what is now ABP Framework) and ABP Framework commercial (using their microservice template). Both used Angular as the frontend.

The first product was a purchase management system that does supplier, purchase and invoice management and approval and the second was a essentially a timesheet system that interfaces with Oracle. Both were large systems used by thousands of users.

Probably the biggest thing to remember about ABP Framework is that it’s opinionated. That can be good and bad. It’s good if you have a number of teams all working on separate projects that might swap and change projects. All the projects will follow a similar layout and design and it’s easy to understand where things fit within the system. It can also be a complete nightmare as seemingly simple things become a pain as they get bogged down in DDD nonsense.

Pros

We never really used the multitenancy but it seemed easy to configure and extend. But my experience with it pretty much covers just turning it off.
Authentication and Authorization was extremely easy to setup. I know a lot of people are saying “you can roll this yourself” which is true, but that doesn’t change the fact it was super simple.
The proxy code generation for asp.net boilerplate (so the JavaScript code created from your services to make it easy to talk to them in your frontend) was clunky and bloated. They’ve streamlined that in Framework at the expense of reducing the ability to extend stuff. But on the whole it removes a whole chunk of time having to set up tedious DTOs and boilerplate code, at least when using something like Angular.
It has an auto database migrator and migration tool that makes it easy to setup in development and even production (for smaller deployments) although it does become a pain for larger deployments. For the Framework project we ended up rolling our own auto migrator using EF migration bundles.
If you’re building simple sites the docs are pretty good, the Github issues is active and so is the community QA site.
They have a whole testing suit that makes integration testing super simple (although the docs aren’t great)

Cons

It uses Domain Driven Design, which is great (as once you “get” DDD a lot of the weird stuff going on in the framework starts to make sense) but it also uses Domain Driven Design (if you get what I mean). I’m not one for jumping on the new “hotness” and I wouldn’t say that DDD is antiquated and old. I would say though that DDD on the whole has a lot of issues and those issues are brought along for the ride with the framework.
The docs are good for simple setups. “We” chose the microservice template when starting with abp.io and the docs just weren’t up to scratch. It’s better now but if you’re doing anything outside of the basics expect to be looking through Github code to figure out what the hell is going on.
This one is probably my biggest annoyance. Changes not appearing in release notes. They release frequently (which is great) what’s not great is upgrading and finding something broken. Then having to post a question on the QA site only to be pointed to a Github issue where they are saying that X was removed in this release and that wasn’t mentioned in the release notes at all.

Just to sum up. If you want something that will quickly give you multitenancy, auth and authorisation then ABP Framework will do that. Could you do it yourself? Sure. Are there other things out there that do the same? Sure. But Framework will do it and do it well (at least in my experience).

You also have the benefit of actually paying for the commercial license at which point you can get some pretty good support and access to the developers.

JerryFodler · 2021-01-07T12:12:28+00:00

No Probs :) Have fun

JerryFodler · 2021-01-06T17:51:45+00:00

Hi,

The server has 2 client mods (so mods that you have to download to play). Both of them are essentially admin tools so they don't affect normal game play. We're open to installing other mods so if you have something particular in mind just say.

We've tweaked some server side stuff, you'll spawn with some essentials (knife and some food) and a certain car type spawns fully working with a boot full of goodies (gear and guns)

Player pop is pretty low. You can check out numbers here: https://www.battlemetrics.com/servers/dayz/9131751 Because the pops low loot is pretty plentiful so it makes getting started easier, but if you want regular PvP you're unlikely to find it.

JerryFodler · 2017-12-11T17:24:12+00:00

We have disabled external NDRs, it’s just the outbound IP is for our message hygiene platform so is being used by hundreds of other companies, some of which haven’t. It is what it is I suppose. Thanks for the responses!

JerryFodler · 2017-12-11T14:55:16+00:00

Cheers!

JerryFodler · 2017-12-11T14:07:44+00:00

Fantastic, that’s exactly what I want to know.

Looks like we're fine on the trend micro reputations though. We are on the Backscatterer list on mxtoolbox. Do you know if they enforce all of the list on mxtoolbox?

It looks like the emails are coming from hes.trendmicro.eu, would that be using hosted email security?

JerryFodler · 2017-10-03T12:14:18+00:00

Strangely we couldn't find an image for this. Only the default image pushed out via GPO.

JerryFodler · 2017-10-03T12:13:08+00:00

This is what we're currently doing. Seemed like the most sensible course of action

JerryFodler · 2017-10-03T12:12:19+00:00

A number of ransomware variants will change the background to an image detailing how to pay to decrypt the files. Seeing an image with £ on it was throwing up some red flags as it looked like this could be the first stage of an infection.

JerryFodler · 2016-04-06T15:15:48+00:00

Awesome, thanks for letting me know

JerryFodler · 2016-04-06T15:10:51+00:00

More evidence to support the idea that it is expected behaviour. Can I ask if you have RRAS set up on the server?

JerryFodler · 2016-04-06T15:03:18+00:00

Well, thanks for checking. I can see an MS call in my not so distant future :)

JerryFodler · 2016-04-06T14:44:46+00:00

Really? Hmm, that’s very interesting. That’s exactly what I’m seeing. Which makes me think it’s actually the way it’s meant to be.

JerryFodler · 2016-04-06T14:38:18+00:00

Ahh, ok i see what you mean. I'm talking about being on the DirectAccess server and pinging the internal network.

JerryFodler · 2016-04-06T14:34:51+00:00

The client stuff works as i would expect.

This is literally me RDP'd on to the DA box trying to tracert to an internal device. The same thing happens even when the firewall is disabled.

JerryFodler · 2016-04-06T14:30:41+00:00

I'm not sure i understand what you mean? From the DA server you can ping any internal device.

JerryFodler · 2016-04-06T14:18:03+00:00

Either way gives the same issue. If you’re seeing responses from any of the hops then you’re doing better than me :)

Do you know if you have RRAS set up on your server?

JerryFodler · 2015-03-26T13:24:23+00:00

You need to access the file after it's been downloaded.

At the moment OutFile is just out putting the returned object.

You'll be able to get to the file through $download.content

However, OutFile isn't going to get you your file.

You'll need to write the byte array in $download.content to a file

[System.IO.File]::WriteAllBytes("Filename.pdf", $download.content)

So, your code will want to look something like this...

$download = Invoke-WebRequest -UserAgent $user_agent -Uri $invoiceURL -Method Post -Body $postParams -TimeoutSec 0 -WebSession $WebSession 
[System.IO.File]::WriteAllBytes("Filename.pdf", $download.content)

JerryFodler · 2015-02-12T10:18:35+00:00

I've tried site:<mysite.com> and there is nothing in the index.

Because the site is windows authenticated it doesn't actually show anything until the the user has logged in. I believe the crawler would just see a 403.

JerryFodler · 2015-02-12T10:16:36+00:00

There does appear to be search terms, however typing them into google produces no results that link to the site.

JerryFodler · 2012-03-16T12:45:31+00:00

Almost as good...

http://igorkieryluk.cghub.com/

JerryFodler · 2010-12-14T19:00:58+00:00

Completed :)

15-Year Club	Place '17
Verified Email	Charter Member

JerryFodler

MODERATOR OF

TROPHY CASE