I would love to get advice on my current project structure idea. I have been searching regarding node.js multi domain packages but i am not sure if they will suit. I also would like to have a easy to manage apps eg. if i want to modify specific app, i have a feeling a single app will get really full and confusing to manage code wise? Basically i am building a website that will have:
Landing Page - www.maindomain.com
User Dashboard - members.maindomain.com
Admin Dashboard - admin.maindomain.com
Now each subdomain app can communicate to each other if they have the credidentials etc.
Would it be correct to create separate 3 Apps to handle each of the sites?
Is there any security concerns having this kind of 3 app setup?
Can account creation occur upon paypal payment?
Ideal flow would be User visits website on landing page and selects a paid package which in turn would direct to paypal. Upon payment user would be returned to website with account creation form, and said Package(order) would become an option on user dashboard.
Admin can pretty much view everything via admin dashboard pretty standard, setup promos etc.
Thanks for your help and advice.
Related
We are working on solution, that via injected javascript on Sharepoint Online site uses Outlook (O365)
REST API (client side) and injects entries to the calendar on Sharepoint subsite.
For that purpose, application on https://apps.dev.microsoft.com has been registered.
Overall, it’s working quite well, however, there is problem about Redirect URIs on the application itself.
As site collection contains many subsites with their own calendars, to make it work, we supposed to add
redirect URIs for all of the particular calendars, what may be difficult, as new sites will be created during site collection lifespan.
So basically what we would like to achieve, is to add for example “allowed domain” in the application,
that will allow redirections for the all of the subsites as well.
Is this even possible?
What is best practice?
Regards,
Pawel
Just redirect to a page in your app with all links you would like to include.
Also, keep in mind, using the api will apply security so the user will be able to see only authorized calendar for his identity, so you don't need to include static link that a user may not have access to.
Hope this helps.
I'm using Google Apps for Business.
Currently I have two separate domains.
abc.com and xyz.com
Customer enquiries flow into each website separately. However, the staff who respond to enquiries are responsible for both websites.
For convenience,I have embedded each enquiry group inside my intranet.
I have two tabs, one for support#abc.com and another for support #xyz.com
However, only one group is viewable at a time, depending on whether my staff are logged in as staff#abc.com or staff#xyz.com
Ideally, I would like to change the current login session depending on which tab is clicked.
Basically, I want to be able to login to Google Apps without entering user/pass.
Is this possible?
Its not possible unless you save the password in the browser.
Really easy if you create two separate chrome users and log into chrome in both.
Voila.
So yes, this is not possible. I have solved the issue by creating a third domain and routing all enquiries through there. This way our staff members only need to be logged into a single account. Not what I was hoping for, but it certainly does the job.
I have just an idea for now to develop an application based on foursquare API.
I checked in the website that a creation of an application inside the foursquare is needed to access the api functions.
There some form fields in the application creation that cannot be filled by me as I don't have an application yet, like web address home page, privacy police page, etc.
I want to perform some tests for a certain time and then choose if I'll proceed with the application development or not.
For now I just need access for the venue stats function. Do you know if it's possible to have access to this function without have an official application?
Regards,
Rodrigo Lima
You need to create an application in order to get an OAuth token, which you need to call venues/stats. In practice, during testing, the only real field that needs to be accurate is the redirect URI, which you'll need for OAuth. The others can take dummy values for now, so long as you go and change them before you publish.
Designing a user content website and the question is for the admin section, from a security point of view, where should it be placed?
same domain and allow admin to enter site like other users from signin form using admin email
Have a separate sub-domain only for admin login
Have a separate secret domain used to access admin features
or any other suggestions?
goal is prevent anyone from knowing about the admin section and to keep it locked as much as possible.
Thanks
Actually I work on a system that uses a separate subdomain, and there's a whole another ASP.NET project dedicated for the Admin section of the parent domain.
This has many advantages for us. Some of them are:
Completly different authentication mechanism for one site and the other.
We can deploy the website without shutting down the admin site and viceversa.
Well, as a basic rule, I'd say it doesn't really matter. Your login form needs to be secure, whether it's exposed or not.
However, I understand the desire to keep the admin area hidden in any case. I personally like this variant the best:
same domain and allow admin to enter site like other users from signin form using admin email
because it doesn't leave any traces on the client computer that are easily detectable (like "admin.example.com" or "example.com/super-secret-admin-area").
In Moss 2007 you have the ability to set the target audience for each individual web part within a page. Is there a way to preview how the page will look to another user without logging in as that user? What I am looking for is a way for someone with full control/design permissions on a site to be able to preview how the site will be displayed to another user. Any suggestions?
I have a few test accounts that our IS department uses to preview pages, however we do not allow non-IS departamental staff to use those accounts. Those staff members only have access to their one account. So, if a user makes changes the target audience on a web part on one of their pages, right now they have no way to preview how the page will look to someone else other than asking someone else to login & watching over their shoulder. I can't give out the account information for the test accounts, nor can I create new test accounts.
Thanks!
Edit: I have the ability to preview. The problem is that other users with full control of a site can't preview the page. Here's a scenarios: In my school division each school has a site. The principal has full control of his school's site. On the landing page, he wants all the school announcements to be visible. However, some should only be visible to teaching staff, while others need to be visible to the students. He uses audience targetting but cannot preview to see at a glance that the targetting is correct. A lot of the users are not computer savy so things need to be as simple as possible. Also, that was just one scenario, there are other scenarios that are not divided by school. There are many users with full control of a site with different requirements - so it's not feasible to create test accounts for all scenarios.
First I don't think it is possible to have a preview feature if you are using NT security. Maybe it is something you can do with forms authentication but I never used it.
On that subject. I think when you are developing new features or integrating stuff on a MOSS/WSS server you need a little flexibility.
With what I see you have to following things you can do. It is surely more cost effective than developing a custom solution. I assume you are using NT Security.
User accounts : Ask your domain administrator to have dedicated user accounts to play with.
Virtual Machines : Ask to have some virual machines to be able to play with that server combined with tests accounts
Sandboxed environment : Ask your IT dept to create a sandboxed MOSS environment to have to possibility to replicate your actual MOSS environment and create custom user scenarios.
Edit: After re-reading the question I released that you want the users to be able to preview a page. I think you will need to look into writing a preview control that uses Impersonation to load the page. Not sure how feasible this is, but surely someone has created a preview feature. Sounds like a pretty common scenario to me.
Old Answer:
Could you not fire up a non MS browser such as Firefox, which will prompt for the username and password.
You can then just clear the session cookies to be prompted to log in as someone else.
This is the technique I used for an ASP.Net site that used authentication against the domain in a similar manner to SharePoint.
Alternatively, you can create a control/webpart that hooks into the audiences for the site and displays the audience membership to the user (maybe from the GetMembership call). This does not preview the site, but it will give your editors a heads up on who is in each audience. Something that will help them get the audiences correct.
We have made a similar webpart for security group membership.
I think there are two approaches you can take:
Do make use of test accounts to preview the pages. You can ease the "pain" to log in as another user by making use of the RUNAS command (http://technet.microsoft.com/en-us/library/bb490994.aspx). So it's possible to just create a shortcut on the desktop that opens a browser making use of another account's credentials. Only that browser instance will work with the test account.
Make a copy (or more copies) of the page that you want to preview, store it in a secured site (so it's only accessible for the principal for example), and tweak the Audience Targetting properties of the web parts on that page/pages.
For previewing target audiences only, the only way to do it is to create a target audience that runs based on a properties in the SSP User Profile Properties.
You can then have a control that allows the editor to change the value stored thier profile, re-compile the profiles and voila (for some description of voila) the user will have change thier audience targetting values to something else.
This would need quite a bit of coding and some thought put into the rules for the audience targetting.
At the end of the day, the most cost effective way is to push back to your infrastructure guys for an account solution that will allow you to have an "reader" account people can use for this function.