I am using my google account to authenticate on my Kentico website.
Initially, my Google account was added was by using:
userCreation = await _userManager.CreateExternalUser(loginInfo);
I would like now to prevent the automatic creation of users to avoid having people from the outside creating new users and therefore disable the CreateExternalUser() function.
I then tried to create new external user in the "Users" app in the admin website.
To do so, I didn't provide any password and I marked the new user as an external user.
When I try
signInResult = await _signInManager.ExternalLoginSignInAsync(loginInfo.LoginProvider, loginInfo.ProviderKey, isPersistent: false);
I always get a failed result.
I checked the tables (CMS.User) and the user created by CreateExternalUser and the user created by hand in the admin site look identical.
I did step by step for _signInManager.ExternalLoginSignInAsync(loginInfo.LoginProvider, loginInfo.ProviderKey, isPersistent: false); and the loginProvider (Google) and the Providerkey (1182704....61480) are also identical between the 2 users.
Why the external user created by hand return a failed result while when it is created by CreateExternalUser with the same info it works fine?
I am using Kentico 13.0.79.
Related
I am using Azure AD to authenticate the user in my Xamarin forms app and what I want to achieve in my UWP app that if one user lets says signed in the app and then signed out. On Next login flow Azure AD should show list of user who were logged in on that particular device so user can pick the user and just enter password.
In my case if I signout the user then it always start the flow from asking the email and password
Here is code snippet for signout
AuthenticationContext authContext = new AuthenticationContext($"{tenantUrl}/{tenantId}");
authContext.TokenCache.Clear();
Windows.Web.Http.Filters.HttpBaseProtocolFilter myFilter = new Windows.Web.Http.Filters.HttpBaseProtocolFilter();
var cookieManager = myFilter.CookieManager;
var cookieUri = new System.Uri(tenantUrl);
HttpCookieCollection myCookieJar = cookieManager.GetCookies(cookieUri);
foreach (HttpCookie cookie in myCookieJar)
{
cookieManager.DeleteCookie(cookie);
}
P.S: Seems to be issue for UWP ADAL package since samething is working fine on iOS
Great question!
There was a fix needed in ADAL (a new release needs to happen, so anything higher then 5.0.2-preview will have the fix) to handle this in UWP.
Add this code to your app:
var x = Windows.Security.Authentication.Web.WebAuthenticationBroker.GetCurrentApplicationCallbackUri();
Take the value (something like this: ms-app://s-1-15-2-111638678-219698677-36916742-1909548894-372823757-39941306-27685825/) and register the value as a redirectUri in the portal for this app.
Then, back in the code,
instead of passing in the above value (x) as the redirectURI, pass in null. ADAL/MSAL will set the redirect uri to https://sso which will route through the WebAuthenticationManager, and you should now see a list of the accounts, like on iOS.
You also might be interested in this documentation as well, especially if having issues on corp net.
With ADAL package, you won't see last logged in users email id. But if you use MSAL package by default, you will be able to see the list of last logged in users email id. I tried on my local machine and with MSAL package I am able to see the user's email id list. Below is the screenshot.
I hope the above information is helpful.
I created an account using createToken (client side JS)
I want to update the verification document for that account.
I have successfully uploaded a file and obtained a fileId
I am trying to attach it to the account. I am using .net server side
I have done this:
var options = new AccountUpdateOptions
{
Individual = new PersonUpdateOptions()
{
Verification = new PersonVerificationOptions()
{
Document = new PersonVerificationDocumentOptions() { FrontFileId = fileId}
}
}
};
var service = new AccountService();
Account account = service.Update(accountId, options);
However, this does not work, I get the error:
This account can only be updated with an account token, because it was
originally created with an account token. (Attempted to update param
'individual' directly.)
Am I supposed to save the token created in my db for each account in order to update?
Also how then should i update the account?
Assuming that you are using Custom connected accounts, you'll want to follow the steps in Using Connect with Custom Accounts.
As recommended there:
Store the received account ID. You need this information to perform
requests on the user's behalf.
The account id will be in the form of acct_**********.
I can successfully run the fabrics example to query/insert to ledger.
I want to build a nodejs web portal and I already directly wrapped query.js in my web app code.
Now the question is, how to authenticate a user the webportal? Since the example query.js has code like:
...
return fabric_client.getUserContext('user1', true);
}).then((user_from_store) => {
if (user_from_store && user_from_store.isEnrolled())
//successfully authenticated user1
I noticed the cert/private key/pub key files in
/hfc-key-store
user1-cert
user1-private.key
user1-public.key
Do I need to post any of the keys through parameters or do I create a separate regular username password control?
In my opinion you can create a normal login system for the web portal using a database to store the credentials of the users.
In this database you can associate the user to a specific key, which is retrieved each time the user successfully login in the web portal.
In this way, you will have two different levels of authentication:
one associated to the web portal (username and password)
and the other one associated to the blockchain (the certificate to
write and read).
In an old application some people in my company were able to get info from Microsoft Graph without signing users in. I've tried to replicate this but I get unauthorized when trying to fetch users. I think the graph might have changed, or I'm doing something wrong in Azure when I register my app.
So in the Azure portal i have registered an application (web app), and granted it permissions to Azure ad and Microsoft graph to read all users full profiles.
Then I do a request
var client = new RestClient(string.Format("https://login.microsoftonline.com/{0}/oauth2/token", _tenant));
var request = new RestRequest();
request.Method = Method.POST;
request.AddParameter("tenant", _tenant);
request.AddParameter("client_id", _clientId);
request.AddParameter("client_secret", _secret);
request.AddParameter("grant_type", "client_credentials");
request.AddParameter("resource", "https://graph.microsoft.com");
request.AddParameter("scope", "Directory.Read.All");
I added the last row (scope) while testing. I still got a token without this but the result is same with or without it.
After I get a token I save it and do this request:
var testClient = new RestClient(string.Format("https://graph.microsoft.com/v1.0/users/{0}", "test#test.onmicrosoft.com")); //I use a real user here in my code ofc.
testRequest = new RestRequest();
testRequest.Method = Method.GET;
testRequest.AddParameter("Authorization", _token.Token);
var testResponse = testClient.Execute(testRequest);
However now I get an error saying unauthorized, Bearer access token is empty.
The errors point me to signing users in and doing the request, however I do not want to sign a user in. As far as i know this was possible before. Have Microsoft changed it to not allow anonymous requests?
If so, is it possible to not redirecting the user to a consent-page? The users are already signed in via Owin. However users may have different access and i want this app to be able to access everything from the azure ad, regardless of wich user is logged in. How is the correct way of doing this nowadays?
Or am I just missing something obvious? The app has been given access to azure and microsoft graph and an admin has granted permissions for the app.
Edit: just to clarify, i tried both "Authorization", "bearer " + _token.Token, and just _token.Token as in the snippet.
Yes, it's still possible to make requests to Graph without a user present using application permissions. You will need to have the tenant admin consent and approve your application.
Edit / answer: Adding the 'Authorization' as a header instead of a parameter did the trick. It works both with 'bearer token' and just 'token'
I have developped a windows store app with C#,and I want to make my application keeps the login crediantials after the close of the application (like the Groove app after connexion and the close of the App,when I reopen it in an other time I get the application interface without putting login crediantials every time)
any explication in how to do that in universal apps please
thanks for help
Here's the solution to all your problems: https://msdn.microsoft.com/library/windows/apps/br227081
PasswordVault is the perfect place and the secure way to store your user credentials. It use the Windows Credential Manager and it allows you also to roam the credentials across devices, if this is the behavior you want to achieve.
Sample code:
// Create a new credentials set
var passwordCredential = new PasswordCredential("MyAppName", "username", "password");
// Stores the PasswordCredential in the PasswordVault
var passwordVault = new PasswordVault();
passwordVault.Add(passwordCredential);
// To later retrieve the credentials
var credentials = passwordVault.Retrieve("MyAppName", "username");
// To populate the Password property in the PasswordCredential
credentials.RetrievePassword();
it's a very common scenario.
You must use Storage folder to save all the data.
I recommend you save your file in json, serialize and Deserialize the data.
with this approach you can save the credentials of the user and when the user will open the app again you will need to check if there is a previous saved data( the login credentials) if yes you can skip the login page and navigate to the main page
https://msdn.microsoft.com/en-us/windows/uwp/files/quickstart-reading-and-writing-files