I am creating a web app that offers a membership access with a trial period. However, I need to be sure the users cannot create a new account with other credentials just to get another trial period and so on.
I was considering using req.connection.remoteAddress; to know if a client already claimed its trial but I am not sure this ip address will be unique to a specific machine.
Any idea ?
Related
I am using the Cloud Identity basic and I am admin.
my domain and it's subdomain have many consumer account, which we got to know via "Transfer tool for unmanaged users" . Now the question is :-
how to manage / add consumer accounts via API, as I am looking for the automated process
but details available below link is hard stop for me.
https://cloud.google.com/solutions/migrating-consumer-accounts-to-cloud-identity-or-g-suite
https://support.google.com/cloudidentity/answer/7044710?hl=en&ref_topic=7558419
it is going to create the account with overriding the existing managed id. which I do not want , I want to send email to user for account migration [which is possible via admin UI but seems not with API, but in my organization manual addition of many users is not ]
1) Is there a way by google API to identify adding user, is a consumer account for my domain and subdomain or not? some way or the another , so new user and consumer accounts can be managed separately.
2) I do not want to "Require users to rename their existing account." as it will be more difficult for my org and unmanaged.
Any direction will be welcome , and let me know if more information needed.
https://cloud.google.com/solutions/migrating-consumer-accounts-to-cloud-identity-or-g-suite
https://support.google.com/cloudidentity/answer/7044710?hl=en&ref_topic=7558419
Unfortunately, there is currently no public API to initiate a user transfer or to query whether a given email address is used by a consumer user account. This functionality is currently only exposed via the UI in the transfer tool for unmanaged users.
However, if you have a large number of consumer accounts that you need to send transfer, then Support might be able to help you.
I'm new to user authentication and related digital security issues, so I would like to know if the way I'm doing things is ok. Currently the way my server "remembers" users is based solely on the IP address they have logged in from. If they check the remember me option, I store that IP in the database and from then on, every time that machine enters the website, I check if that IP is associated with one of my users. If so, I log them in.
What is good or bad on that approach?
I am a beginner web designer and I am struggling to find relevant information online as to how I should go about managing my API keys for clients! I would really appreciate any tips or insights on how I should go about this!
I hold my own google account and already have my own API key (Javascript API) for my own website. Although, when creating websites for clients, is it okay to use the same API Key? Or should i create a new API Key for each client in my own account (creating new "projects")? Or should i be creating a google account for each client and then creating each client an API Key through their own account?
I also know that there are usage limits on API Keys so I want to ensure I dont exceed these if using one API for multiple sites. How can I monitor this?
Looking for any advice on the best and most efficient way to go about this. I do not know too much on how API Keys work!
Much appreciated :)
I will be using Google API as an example. Yes, you should always Create a new project for each client there are a multitude of reasons why you should do this and you already mentioned some of this
API query usage limit.
Separated client billing & usage breakdown for each project.
Security and revocation of compromised APIs.
Restricted security profiles, domain whitelisting, IP address, device usage etc..
Access management and role management.
Traffic and analytical reasons.
Creating credentials
Depending on your organisation needs and project scale, for us, we Create credentials (API key/ OAuth ID/ Service Account Key) for every platform the key will be used. For example, if we are developing an e-commerce website that comes with an app, we would issue 3 keys. (1 for web, 1 for Android apk, 1 for iOS app). This allows us to fine tune the access permissions and let us track usage.
What works for you?
If you are a freelancer or work in a small enterprise, the least you should do is separate every client by projects. There is no need to create a new Google account for each project. (You can always transfer ownership of projects to another account if your client requests at a later time)
The above screenshot is how we categorize items in our account, for each project we are contracted for (could be the same client) we will create a separate project entry.
So, finally I decided to jump into the Azure bandwagon and create my own portal. At the moment, my apps are hosted on Google Apps and I'm considering moving them to Azure and O365 before which I wanted to trial and get the taste of MS Azure.
I signed up for a trial subscription and my management URL ended up something like https://manage.windowsazure.com/#MynameMydomainname.onmicrosoft.com. So I decided to delete this account and set up a new account altogether trying to sign up with a new domain alias. And now it is https://manage.windowsazure.com/#MyaliasMydomainname.onmicrosoft.com. MS Support would't help and would want me to sign up for O365 which I don't want to at the moment.
Why my management portal always has my complete e-mail address and how do I edit it?
Edit: Thought would add the following example to explain my problem a bit easier.
My name is Muthu and I already have an e-mail address Muthu#Contoso.com and now I attempt to set-up my Azure around it. I sign up for a Microsoft account with the e-mail address Muthu#Contoso.com, provide my card details and successfully set up the account. Now, the logon URL looks like https://manage.windowsazure.com/#MuthuContoso.onmicrosoft.com and the default directory has the UPN of #muthucontoso.onmicrosoft.com.
I set up an account for a user Eddie, George and Mark and their UPN appears as follows:
Eddie#muthucontoso.onmicrosoft.com
George#muthucontoso.onmicrosoft.com and
Mark#muthucontoso.onmicrosoft.com.
How do I get rid of my name from the domain name here?
P.S.: I managed to get rid of my name from the Management portal URL by simply verifying my ownership of contoso.com using O365 control panel but still couldn't get around to rename the default directory. I can't force my name for the users in my organization just because I signed up for it. There should be some way around. Kindly help.
When loging in you're actually signing in to an aad tenant.. Which is bound to a subscription... As you can have multiple subscriptions and tenants they need to show you where you are
I have two servers:
S1 is Exchange2010
S2 is Exchange 2007
Both servers are in the same domain in ActiveDirectory.
Idea is to have "service account" on S1 with enabled impersonation of users from both servers. My app is using credentials of "service account" and then starts to iterate through a list of smtp addresses. It impersonates each smtp address and does some processing on content of mailbox of that account.
That is a theory, now time for problems.
I can connect as a service account and can access its mailbox but when I try to access mailbox of impersonated user I get exception saying that "SMTP address has no mailbox associated with it". And exception happens for both servers.
I started to debug and google about possible reasons and out of nothing I changed this:
svc.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.SmtpAddress, smtpAddress);
into this:
svc.ImpersonatedUserId = new ImpersonatedUserId(ConnectingIdType.PrincipalName, smtpAddress);
and it worked which is very strange because month ago I had different setup only with one server and using SmtpAddress enum worked and my admin swears that config of impersonation is exactly the same.
Now, if anyone could provide me with some hints on why I cannot use ConnectingIdType.SmtpAddress and what I should do to make it possible to work?
Of course it turned out that admin did something different way for my current configuration. New environment has a policy that account name is different than smtp address for an account and smtp has a dot between name and surname of a user. So, for example on old config I could impersonate User100#example.com no matter what ConnectingIdType I chose but on new environment I have to set proper id type depending if I'm using smtp or account name as impersonated id.
Hope it will help in case somebody else's admin "didn't changed anything" too :)