The login modal is quite familiar for some web users on the internet. With a single click on the login button on the nav bar and the login modal pops up for you to sign in. I'm very impressed about this and try to take practie
Problem is I'm not sure to understand asp.net mvc authentication/authorization very well and don't really know how to do it.
let's say:
I have 3 views: home, index, and secret. Each has a different controller and the secret page is restricted
when I try to access to secret page at the home page the login modal popup, request me to login in order to access, same thing goes with the index page
How can i achieve this?
According to my understanding is that when an action has a [authorize] method, it will redirect you to the login page by the path you specify in the startup.cs file (normally is "/account/login"). But with the login modal... what path to put in?
Related
My website has AAD authentication enabled and it works fine when we try to access the home page.
But if I am accessing html pages directly, it is not prompting for authentication. Am I missing any setting to enable authentication for all the pages?
Usually you have to set up your pages to request the user to be authenticated before it loads.
Here is me solving this problem with Python Flask:
Refresh Tokens for Azure AD V2 Applications in Flask
Now, in order to invoke this code at the right time, I need to create
a view decorator, and Flask has a sample for almost exactly what we
want to do here: a login required decorator.
Basically, we add this decorator to any view where we expect the user
to be signed in. If the user has no token, we will redirect them to
the login page. If they have an expired token and a refresh token, we
will use the refresh token to get a new access token. Otherwise, if
the token is present and valid, we simply let the view load.
This same concept is available out of the box using .Net: active-directory-dotnet-graphapi-web
You can find in the README of this sample the following:
If you want the user to be required to sign-in before they can see any
page of the app, then in the HomeController, decorate the
HomeController class with the [Authorize] attribute. If you leave this
out, the user will be able to see the home page of the app without
having to sign-in first, and can click the sign-in link on that page
to get signed in.
I have created a JSF website that requires authentication, and I've created simple authentication manually by creating a singleton class User.java which contains two Strings, username and password along with a function that contacts a database to verify these credentials.
The function is called in the Login page when the users enters a username and password and clicks a Login button, and also called whenever any other page loads to prevent a user from gaining access by just typing the homepage URL.
I have came to realize that it would be much better to do this using JAAS, which will enable me to configure roles and would be simpler. I have searched but couldn't find any material to help me do this in RAD 9.5, so any help would be appreciated.
I am building a web application which makes use of the Instagram API. I use Instagram OAuth as a sign in to the application.
Currently my logout feature only invalidates the session, which works well for a logout. However, I run into another issue which is more closely related to browsers. Only one user, from one browser, can log in to the application. Meaning, I sign in to the app using Instagram OAuth, and each consecutive sign in will be authorized only to that user.
Is it possible to implement an Instagram OAuth login as another user? Setting up a kind of "remember me" feature? I do not see anything from the Instagram API to achieve this, so maybe I can do so with javascript? Or did I not sift through the Instagram API well enough?
So far the only solution I see is to implement a username and password for my web application, and only then having instagram OAuth grant access. However, this defeats one of my development goals, which is a one click sign on (after the initial OAuth). I could put some more work into that one click sign in, but that leads to an intial stage of 2 logins (still not the worst).
opening https://instagram.com/accounts/logout/ will log out of Instagram.
you can have a logout button and open the above url in hidden iframe, that will logout of instagram
Not sure if Instagram supports this, but OIDC defines a special parameter "prompt=login" which forces login to be displayed even for authenticated users or "prompt=select_account" which forces an account-selection dialog to be presented.
See Chapter 3.1.2.1 of http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
I would like to make a login page where users provide credentials and then have other pages check if the user is authenticated before serving those internal pages in Undertow.
While the example shows how to authenticate a user (for what will eventually turn into a login page), if the user were to navigate to another page after authenticating, how do I test if that new page request was been made by the authenticated user?
I have referenced http://undertow.io/documentation/core/security.html and https://github.com/undertow-io/undertow/tree/master/examples/src/main/java/io/undertow/examples/security/basic.
This is an ancient question no one answered, but I did manage to learn about Keycloak which is Wildfly (Undertow) + SSO/Secure login.
I'm looking for a solid example of user authentication in an ExtJS 4 MVC application. Don't get me wrong, I can easily create a login form that, after a user is authenticated, destroys and then recreates a viewport with the appropriate application view in it but I'm not sure this is the best approach.
How do you balance application security with the idea that the application only has one view (the page never physically changes URL's)?
I would have a login.php that has a basic login form. On login, validate the user, log that the user is authenticated and then re-direct to an index.php which would load your ExtJs web application. In your index.php file, only load the ExtJs application if you can verify the user is authenticated.
I found this: http://phpeasystep.com/phptu/6.html
In the tutorial they re-direct to login_success.php, this would be your index.php. You can see, it checks to see if the user is logged in.
// Check if session is not registered , redirect back to login page.
// Put this code in first line of your index.php
<?
session_start();
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
In our project we authenticate user on the server using ASP.NET membership providers. Do you want to use server side auth or something else?