I was wondering if there is some kind of overview of all the integrated functionally for IAuthRepository (ServiceStack). I know about /register, /auth/credentials. Is there some way to get all the information from the logged in user?
This question is vague and unclear what it's asking. Please read StackOverflow's How to ask a good question guide.
An overview of ServiceStack Authentication is available in the docs.
Specifically ServiceStack's IAuthRepository is just the repository used to persist Users which has providers that supports multiple back-end data stores. If you wanted to see all information stored about a user you can just inspect the contents of these 2 tables in the data store they're being stored in.
Everything's that needed to know about them can be found by the IAuthRepository and IUserAuthRepository interfaces which defines the API that all Auth Repositories implement and the UserAuth and UserAuthDetails Data Models that they all store.
Once a User is Authenticated the information stored about them in the Auth Repository is used to populate the Users Session, which is available in the AuthUserSession Type that's stored in the Cache, which can be resolved in your Services with:
var session = SessionAs<AuthUserSession>();
Or if you're using an extended Custom UserSession you would retrieve the Session into that instead:
var session = SessionAs<CustomUserSession>();
i.e. you should use whatever User Session Type that's registered with the AuthFeature:
Plugins.Add(new AuthFeature(() => new CustomUserSession(), ...));
Related
I understand the mechanism of OIDC in Kogito with the help of process-usertasks-with-security-oidc-quarkus example.
However, I have a question about user information. In the given example, the approved field is filled by a Query string. Is there any way to get user information in Kogito? If it doesn't have that feature, can it reflect from header to service?
The integration with the security context inside the Kogito app is something that is on the radar, see https://issues.redhat.com/browse/KOGITO-6162. That would ignore the query string and use the authenticated user. Perhaps, for now, you could create your own endpoint to retrieve the authenticated information as needed and mimic the same API call that is done in the generated endpoint.
I figure out a temporary fix that problem with help of written Custom Service when using Kogito with Quarkus.
https://quarkus.io/guides/security-jwt
JWT Injection can call from the Service layer when used with Kogito.
It is also possible to propagate user identity to other workflow items with internally tagged process variables.
The UserContext class provides 3 properties to identify the user. They are: AccountId, AuthenticatedUserId and Id.
What's the difference between them?
At least from a docs perspective, this is what they mean:
UserId: The ID should be a Guid or another string complex enough to identify each user uniquely. For example, it could be a long random number. User IDs should persist across user sessions to track how users behave over time. There are various approaches for persisting the ID.
AuthenticatedUserId: In a web app, users are (by default) identified by cookies. A user might be counted more than once if they access your app from a different machine or browser, or if they delete cookies. You can thus get a more accurate count by setting the authenticated user ID in the browser code.
Note: The user ID is also set in a session cookie and sent to the server. If the server SDK is installed, the authenticated user ID is sent as part of the context properties of both client and server telemetry. You can then filter and search on it.
AccountId: In multi-tenant applications this is the account ID or name, which the user is acting with. Examples may be subscription ID for Azure portal or blog name for a blogging platform.
References:
Send user context IDs to enable usage experiences in Azure Application Insights
Telemetry context: Application Insights data model
There's an open issue on GitHub that requested more clarity for the AccountId property: https://github.com/microsoft/ApplicationInsights-Home/issues/424
Hope this helps.
I am new to ASP.NET MVC 5 and OWIN.
I have upgraded my project to MVC 5 to implement the authentication and authorization of my project. Problem is that my project does not store the user data. When user logins in I ask a different system via a WCF service to tell me if the user is authenticated. So I do not have a database nor tables that the user is stored in.
But I want to add the ability to login via social providers using OWIN. For this I will add a local database table to store the social provider Id/Token
Looking around other have asked similar question but only when they want to change database type store... Whilst I actually don't store the data... Is it still possible to customize this with ASP.NET Identity and how would I do this?
I would recommend creating a custom IUserStore that connects to the wcf service.
http://www.asp.net/identity/overview/extensibility/overview-of-custom-storage-providers-for-aspnet-identity
If you don't want to implement your own IUserStore, you can still use the built in default EF based UserStore and just only use the external login apis. The database schema will have a bunch of columns that will always be null like PasswordHash etc, but the operations you care about would still work fine:
CreateAsync(TUser) - Create a user
AddLoginAsync(userId, UserLoginInfo) - Associate an external login
FindAsync(UserLoginInfo) - Return the user with the associated external login
I looked into the solutions suggested. I found that the method names of the interfaces to implement did not really fit and there where way too many methods as well.
I ended up only using the OWIN Context in AccountController to extract the LoginInfo with all the details I wanted. This way I did not have to implement any custom versions of IUserLoginStore etc...
I wanted the simplest solution to implement and therefore I ended up with:
1. Added StartupAuth class from template mvc project and configured different providers there
1. In AccountController: Extracted the claims from LoginInfo,
2. Stored OpenId in a table for lookup and then continued on as before.
You have to provide a UserStore and pass it to the UserManager, if you are already using entityframework in the default mvc5 project, you can write your CustomUserStore which inherits from Microsoft.AspNet.Identity.EntityFramework.UserStore and override the methods defined in Microsoft.AspNet.Identity.EntityFramework.IUserLoginStore:
public interface IUserLoginStore<TUser, in TKey> : IUserStore<TUser, TKey>, IDisposable where TUser : class, Microsoft.AspNet.Identity.IUser<TKey>
{
Task AddLoginAsync(TUser user, UserLoginInfo login);
Task<TUser> FindAsync(UserLoginInfo login);
Task<Collections.Generic.IList<UserLoginInfo>> GetLoginsAsync(TUser user);
Task RemoveLoginAsync(TUser user, UserLoginInfo login);
}
if you don't use entityframework, you have to provide your own way of accessing your database,by writing a UserStore which implements IUserStore, IUserLoginStore, IUserClaimStore, IUserRoleStore,IUserPasswordStore,IUserSecurityStampStore (depends on your need but at least IUserStore and IUserLoginStore as IUserStore is mandatory and IUserLoginStore is what you want to add)
all these interfaces are in Microsoft.AspNet.Identity namespace.
here how to implement a Custom MySQL ASP.NET Identity Storage Provider and
here how to use Dapper ORM instead of EntityFramwework.
I was playing with the loginWithExternalService methods under Accounts and I was sad to find that while you could create new users with one of these services or log in those who already had credentials, there was no way of allowing currently logged in users to augment their methods of authentication so that they could log in with any of the services they have authenticated through. Is there a way of dumping information like a user's FB profile or a user's Twitter url into their existing, currently logged in account? I tried customizing accounts-base but this.userId returns null within it so I cannot do updates to the currently logged in user there.
There should probably be a better API for this, but at the moment (Meteor 0.5.2) the following server code will create a user associated with an Facebook ID.
var newlyCreatedUserId = Accounts.updateOrCreateUserFromExternalService(
'facebook',
{id: FACEBOOK_ID},
{additionalFieldOnUserDocumented: 'foo'}).id
If you dig into the implementation of Accounts.updateOrCreateUserFromExternalService you can see how to add these fields to an existing user.
I am new in MS dynamics CRM and want to store the user credentials like userid very similar to what you would store in web.config file or session in ASP.NET,so that while creating new lead or contact i can use the store credentials so that i can add same lead or contact to my external application using store credentials.So please let me know how can i store the user credentials? or provide an link with example that explain the same.Also explain all the steps in details for storing the configuration setting.
A neat way to do it is to create custom entity in CRM. You would be able to hold all configuration data in it, including credentials. You can restrict access to the entity for only specified users. Draw back to this solution is that you need to have DataContext created and query information from db.
Other way is to use a .NET partial class that will hold sensitive data in file that is not versioned, that way whole dev team can use different credentials for each of dev environments.
Third way is to pass credentials during plugin registration, but I have not used this way, and it has too many drawbacks in my opinion (you need to provide credentials for each registered step).
Good luck!