Windows Live does not allow information to be shared with this type of request
mysubdomain.mydomain.com is making an insecure request to access your information. Windows Live does not allow information to be shared with this type of request. Just cannot seem to get beyond this error. I have read this thread: http://forums.microsoft.com/msdn/ShowPost.aspx?PostID=2993705&SiteID=1 and it does not solve my problem. I registered a new Application and web.config is without a doubt correct. The return url is valid and working. Only thing I can think of is that the request is not coming from a SSL page, or using a sub-domain is throwing it off. What else can cause this error?
Tia,
Eric
Answers
You need to edit the config file to replace HostMachine with the fully qualified DNS name of the machine you are hosting the sample app on.
http://msdn.microsoft.com/en-us/library/cc287649.aspx
All Replies
Managed to break the live.com sdk example:
Code SnippetXML Parsing Error: no element found
Location: https://dev.live.com/livedata/sdk/delauth-handler.aspx
Line Number 1, Column 1:Happens after you grant access, then go back and deny access, then go to allow access again.
- If you're not coming over SSL, are you sending an app-verifier-parameter? See the docs for more information about this
As far as I know I am, but I'm not doing anything explicitly. Maybe this will help. My web.config looks like this:
Code Snippet<
add key="wll_appid" value="MYAPPID"/><
add key="wll_secret" value="495F7C39CC8F41AE9F35037CA044B7C6"/><
add key="wll_securityalgorithm" value="wsignin1.0"/><
add key="wll_returnurl" value=http://subdomain.mydomain.com/delauth-handler.aspx /><
add key="wll_policyurl" value="http://subdomain.mydomain.com/policy.html" />Then to get the consent link I'm calling ConsentUrl = wll.GetConsentUrl(Offers); just as it's done in the sample. App verifier is set to 0 in Application Management.
If you could point me to exactly where in the documentation sending an app verifier parameter is discussed, I'd appreciate it.
- Take a look at Requesting Consent (Delegated Authentication) on MSDN, it's discussed there at the app-parameter.
- The error occurs before reaching the consent interface.
Could you give us the error number, by looking at the address bar when it occurs? There should be something like '&ErrorCode=XXXX' where XXXX are 4 numbers.
Can you post a sample of the URL that get's constructed?
http://test.ggwdev.com/default.aspx is the url in question.
3006 is the error code.
Different things happen based on who I'm currently signed in as too. It's hard to explain because it's so inconsistent.
Thanks for taking a look,
Eric
- Errorcode 3006:
3006
Consent Service API failed in the <method name> method. The application ID in the verifier does not match the DNS name.
The DNS Name retrieved for this application ID does not match the one in the application verifier.
So check your settings Care to be more specific Alex?
Look, here is everything I have (values were copied + pasted into account manager and vice versa so there are no typos):
Code Snippet<
add key="wll_appid" value="00167FFE8000F9CD"/><
add key="wll_secret" value="495F7C39CC8F41AE9F35037CA044B7C6"/><
add key="wll_securityalgorithm" value="wsignin1.0"/><
add key="wll_returnurl" value="http://test.ggwdev.com/delauth-handler.aspx" /><
add key="wll_policyurl" value="http://test.ggwdev.com/policy.html" />Code Snippetprotected
string ConsentUrl; static WindowsLiveLogin wll = new WindowsLiveLogin(true); protected WindowsLiveLogin.ConsentToken Token; const string Offers = "Contacts.View"; const string AuthCookie = "delauthtoken"; protected void Page_Load(object sender, EventArgs e){
//Get the consent URL for the specified offers.ConsentUrl = wll.GetConsentUrl(Offers);
HttpRequest req = HttpContext.Current.Request; HttpCookie authCookie = req.Cookies[AuthCookie]; // If the raw consent token has been cached in a site cookie, attempt to // process it and extract the consent token. if (authCookie != null){
string t = authCookie.Value;Token = wll.ProcessConsentToken(t);
if ((Token != null) && !Token.IsValid()){
Token =
null;}
}
}
Code Snippet<a href="">Login to Windows Live</< FONT>a>Code Snippetpublic
partial class HandlerPage : System.Web.UI.Page{
const string MainPage = "default.aspx"; const string AuthCookie = "delauthtoken"; static DateTime ExpireCookie = DateTime.Now.AddYears(-10); static DateTime PersistCookie = DateTime.Now.AddYears(10); // Initialize the WindowsLiveLogin module. static WindowsLiveLogin wll = new WindowsLiveLogin(true); protected void Page_Load(object sender, EventArgs e){
HttpRequest req = HttpContext.Current.Request; HttpResponse res = HttpContext.Current.Response; // Extract the 'action' parameter, if any, from the request. string action = req["action"]; if (action == "delauth"){
//Attempt to extract the consent token from the response. WindowsLiveLogin.ConsentToken token = wll.ProcessConsent(req.Form);Session[
"ConsentToken"] = token; HttpCookie authCookie = new HttpCookie(AuthCookie); // If a consent token is found, store it in the cookie and then // redirect to the main page. if (token != null){
authCookie.Value = token.Token;
authCookie.Expires = PersistCookie;
}
else{
authCookie.Expires = ExpireCookie;
}
res.Cookies.Add(authCookie);
res.Redirect(MainPage);
res.End();
}
else{
res.Redirect(MainPage);
res.End();
}
}
}
You need to check that the values in web.config match those at http://msm.live.com/app
Specifically, for AppID = 00167FFE8000F9CD the registered return URL must be http://test.ggwdev.com/delauth-handler.aspx the registered domain must be test.ggwdev.com and the shared secret key must be the same as in your config file.
Note: We don't recommend posting secret key value details in public forums. You may want to reset yours ;-)
Thanks Jorgen, getting closer. However, when I try to put in a registered domain, I receive the following error:
The application domain cannot be added to the application because it already exists
PS
I wouldn't post the key value if I was using an actual account (this one is for testing purposes only). I'll kill it once this issue is resolved.
- You can't add it in an existing application, you need to register a new one...
- I get the same error message when creating a new application.
- In that case, you have already entered the domain name when registering another application. Check your other applications, if you can't find it, contact Jorgen Thelin about this. (jthelin....at....nospam....microsoft....com)
Yeah, I don't have any other applications. Thanks for helping Alex.
Haven't received a response from Jorgen. I think it's time to scratch hotmail/live from this project as too much time has gone into getting the basics to work. Google's contacts data api with AuthSub and a x.509 cert was much easier to get working than registering an application with windows live, as was Yahoo. lol
- Jumping in here as I'm having a similar issue. The Delegated Authentication API seems to want the host in the return URL to match exactly the one specified in the application's registration. We're trying to test this across multiple installations with different hostnames as we move from dev to qa to live, so we initially registered the application with the broad domain.com domain name.
Authenticating from test.domain.com yields the 3006 error. No problem, it apparently wants an exact match on the host. So, let's go back and change our existing application, setting it to test.domain.com for now. That yields this error:
The Domain name should match the domain name specified in Return URL.
No problem, let's just change the return URL so that it's also test.domain.com. Wrong again...
The domain in the Return URL can not be changed once an Application has been created. Please register a new Application.
OK, makes sense I guess. Let's just create a new application with the more specific test.domain.com in both our return URL and domain name.
The application domain cannot be added to the application because it already exists.
Hmm...so as far as the system is concerned, test.domain.com and domain.com are the same?!? OK, let's delete this application and start over. For now, we'll just use the test server's information so we can get on with the testing. Delete application, register a new one using test.domain.com.
The application domain cannot be added to the application because it already exists.
What's the preferred setup for clients who actually want to test this on multiple hosts in the same domain? I understand creating a new application with a "dummy" host for dev purposes (mydevhost.myfakedomain.com using the hosts file), but how about when you're moving the application to hosts that are on your "live" domain (qa.domain.com, staging.domain.com)?
Ideally, we'd be able to register a single application that woks for all hosts beneath domain.com. Second best, we have to register multiple applications, and we just send the appropriate return URL based on the host. Hopefully ewallace and I are missing something simple, but what's above seems to suggest that neither of these routes are possible.
Thanks in advance for any help.
Ben We're sorting this out direct with Eric.
Ben,
Can you send me all the relevant AppIDs and host/domain names that you are trying to get working, and we can try to clean everything back up to a clean slate and get you working.
FYI, this stuff is caused by a wierd quirk (some would say "bug", but the developer argues otherwise ;-) in the way delegation requests work from return URLs that have not been seen before.
A fix is heading into Production in a few weeks time with our next major release, and which should solve almost all the "domain already exists" errors people have been hitting.
- Jorgen
Any news on when the fix is going into production?I'm not sure, but don't give up hope just yet - the Live ID team ships about twice a year, as far as I know they're going to release version 6.0 soon.
Hi,
I believe I'm also facing a similar issue here ..
I tried the Windows Live Contacts (Delegated Authentication) Sample 1 (http://msdn.microsoft.com/en-us/library/cc287649.aspx)
The steps I followed:
Hosted the sample website on a machine named "HostMachine".
-
Registered an application with Windows Live.
-
Modified the web.config correctly with the application Id, return Url etc.
-
Launched IE with http://HostMachine/default.aspx
-
I see the page with a "Click Here" link.
-
The link takes me to a WL sign-in page.
-
I entered my credentials and then this is what I see.. (below).
Allow Access to HostMachine
There's a problem sharing your information with HostMachine. Please try again later. Is there anything I'm missing.. maybe something very basic?
Please help me .. I'm totally out of ideas!
FYI:
Below are the contents of my web.config:
Code Snippet<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" />
<customErrors mode="Off" />
</system.web><appSettings>
<add key="wll_appid" value="0016000080011F12" />
<add key="wll_secret" value="WindowsLiveContactsSampleSecretKey" />
<add key="wll_securityalgorithm" value="wsignin1.0" /><add key="wll_returnurl" value="http://HostMachine/delauth-handler.aspx" />
<add key="wll_policyurl" value="http://HostMachine/policy.html" />
</appSettings>
<system.webServer>
<defaultDocument>
<files>
<remove value="iisstart.htm" />
<remove value="index.html" />
<remove value="Default.asp" />
<remove value="index.htm" />
<remove value="Default.htm" />
</files>
</defaultDocument>
<staticContent>
<mimeMap fileExtension=".aspx" mimeType="text/html" />
</staticContent>
</system.webServer>
</configuration>Thanks,
Tanuj
-
You need to edit the config file to replace HostMachine with the fully qualified DNS name of the machine you are hosting the sample app on.
http://msdn.microsoft.com/en-us/library/cc287649.aspx
Hoping to hear something soon. Project is going live in one week.
