I have a website that has a login page. After the login it generates a token for each user (using a cookie).
At some point, after login, the user decides to download my desktop application.
I would like the user to seamlessly login in the desktop application (meaning, I would like the web token to transfer somehow to the downloaded desktop application).
I thought about two options that eventually came up empty:
custom links like http://mywebsite/installer.msi?token=abc. Problem: but I couldn't figure out a way for the MSI to know what was the origin URL it was downloaded from (how do I get that abc string?)
Using uri schema to invoke the installed app from the webpage with the token. Problem: I don't know when the installation was completed. Plus, it involves a user interaction which is something I would like to avoid
My last resort is embedding the token inside the MSI file dynamically for each user (without corrupting it somehow) and reading it inside the installer. But it doesn't seem like a good way to achieve this.
I hope there is another proper way to do it.
Thanks,
Lidan
Related
I currently have a web app made in node.js. One feature of this app is to take notes. I want to provide the user with a way to browse the internet and select a text to add as a note in our web app without having to manually copy-pasting from one browser window to our app.
I know I can do this relatively simply using a Chrome extension that would be linked to the user account and would save the note to the database. However, I cannot use this approach since not all my users can install Google Chrome.
Therefore, I am looking for a way to browse the web from inside our web app. For example, it could be in an iFrame where we display a complete browser. That way, the user could navigate the web for information from inside the app, select text to save and click on a button (probably located outside the iFrame browser) to save the selected text as a note in our database.
How can I achieve such a thing in node.js ?
This is, essentially, impossible.
For you to get any data about the site the user was browsing you could either:
Restrict them to browsing sites willing to partner with you to give you permission to access their data via postMessage (a technical change on their part to work around the Same Origin Policy)
Proxy every request through your server which would:
Have large bandwidth requirements
Require a lot of rewriting of URLs (including dynamically generated ones in JS)
Require rewriting of X-Frames-Options and Access-Control-Allow-Origin headers
Need users who would trust you with all the data you passed through your system (including their passwords to third party sites)
Not work for Intranet sites (since your server could not reach them)
How do I correctly handle the login/authentication scenario for an Azure web app in my VS2015 web performance test?
I created an XML file as a data source for the WAAD username and password. I bind the username and password to the Form Post Parameters: login and passwd respectively at request: https://login.microsoftonline.com/xxxx/login
But when I run the test, the Web Browser tab shows this error:
We can't sign you in
Your browser is currently set to block JavaScript. You need to allow
JavaScript to use this service.
To learn how to allow JavaScript or to find out whether your browser
supports JavaScript, check the online help in your web browser.
I also get a number of errors like this:
The value of the ExpectedResponseUrl property
Validation xxxx.azurewebsites.net/xxxx/docs/xxxx.aspx does
not equal the actual response URL
login.microsoftonline.com/xxxx/wsfed. QueryString
parameters were ignored.
Any idea how I can successfully log in to the Azure web app via the web performance test?
There are several methods of login and authentication that can be used. Just binding values to form post parameters may not be sufficient or correct. You will find the login form has hidden session identities that must be passed as well as the login data. I find that recording a test two times using as nearly as possible the same inputs and doing the same activities helps. These two tests can then be compared to find the dynamic data that needs to be handled.
In a comment the questioner added "I noticed these parameters, n1-43 are different but I have no idea what they represent. How do I handle them?". I can have no idea what they represent as I do not know the website you are testing. You could ask the website developers. Or, better, treat them as dynamic data. Find where the values come from, save them into context variables and use them as needed. This is basic web test development. Here and here are two good articles on what to do.
The message about JavaScript not being supported can be ignored. Visual Studio web tests do not support JavaScript or any other "active" parts of a web page, they only support the html part. Your job as a tester is to simulate what the JavaScript does for the specific user journeys you are testing. That simulation is generally just filling in the correct values (via context parameters) in the recorded requests.
Unexpected response urls can be due to earlier failures, such as teh login not working. I suggest not worrying about them until all of the other test problems are solved. Then, if you need help ask another new question.
I'm trying to create a script to generate Spotify playlists with Node (using the spotify-web-api-node module), and I'm having problems getting authentication. I'm terrible with OAuth, so bear with me through this question.
If I understand correctly, I need to use the authorization code flow to get an access token, and to do it that way, I would need to visit a webpage to get the code. So my question is, is there any way to get the code without having to actually visit the webpage?
I tried using request to see if it would show a redirect, but it just shows me a website from Spotify. If I have to manually allow access to an account the first time, that's fine. I'm just trying to have to take away as much repetition as I can. Also, I'm trying to have this be specific to one account, if it could make a difference.
I'm using MVC4 c# and have incorporated a home grown security token service (STS). The user calls the actual web address, and they're passively redirected to the STS login. When they successfully authenticate they're redirected to where they're supposed to go, which was all urlencoded in the URL on the redirect to the sts.
Upon logout, we call:
this.Session.Abandon();
this.Response.Cache.SetCacheability(HttpCacheability.NoCache);
this.Response.ClearContent();
// expires the claims
FederatedAuthentication.SessionAuthenticationModule.SignOut();
FederatedAuthentication.SessionAuthenticationModule.CookieHandler.Delete();
WSFederationAuthenticationModule authModule = FederatedAuthentication.WSFederationAuthenticationModule
Response.Redirect(WSFederationAuthenticationModule.GetFederationPassiveSignOutUrl(authModule.Issuer, authModule.Realm, null));
Everything seems to work great on the desktop version of our app. The user is back at the STS login page, and the URL shows wlogin1 (and lots of other stuff) and will allow the user to login again without issue. The url is exactly the same as when they first were redirected to the STS. Perfect, and this is what I want.
Now, when on mobile, which by the way uses the exact same domain/controller/Methods, it just uses jQueryMobile and different partial views, the logout appears to work and the user is brought back to the STS login. This time, however, the URL only shows the Domain/Controller/Method that was actually called from the mobile actionLink used for Logout. When the user tries to login again, the login is always unsuccessful because this link isn't appropriate for an sts login.
Thoughts on how to fix this, or what's wrong? Please let me know if you require any clarification. Thanks!
I was able to fix this!!
Looking at the headers for the mobile site it showed:
X-Requested-With: XMLHttpRequest
So, my logout was attempted with ajax and something wasn't working. This was the only difference between the desktop and mobile headers (besides user-agent, obviously). Started poking around this as the issue.
Within one of my mobile-specific scripts I added the following within the mobileinit. BINGO! Wow, what an easy solution for such a confusion problem.
$(document).bind("mobileinit", function (event) {
$.mobile.ajaxEnabled = false;});
Make sure that you correctly load your libraries too!
I have loaded my jquery libraries in this order:
jquery
mobile jquery init file (the stuff above)
jquerymobile
jquery validation
everything else
We're using the following jQuery libraries:
jquery 1.9.1
jquery-ui 1.10.3
jquery.mobile 1.3.1
jquery.validate
Hope this helps others!
I have a custom function/method that needs to run on the browser (client side) every time the user uploads a picture to a web-server. This method modifies the image being uploaded and sends it to the server.
Currently the method is written in java so I thought of using an applet on the browser which could run this method and then send the modified picture to a servlet residing on the server, but the applet has certain disk read/write restrictions. I am aware of policies that can be used to grant these permissions to the applet but they need the users consent every time.
Also I want to avoid the applet .class file to be downloaded every time this page is viewed. So
Is there a cleaner approach to all this?
Are there any other technologies that can help me run this method on the browser ? (its ok if i have to rewrite the function in a different language)
Is writing a custom browser extension a good idea?
I think, that the JS using will be much better for this task.
One of JS image processing JS-library
, just for example.
How to invoke a servlet from JS example
Writing a browser extension is a really wrong way.