I need to turn off automatic login after registration. How can I do this?
I found
await SignInManager.SignInAsync(user, isPersistent: false, rememberBrowser: false);
line in my code and just commented it. Thats solved my problem!
There should be a line on the code that goes like this:
FormsAuthentication.SetAuthCookie(CreateUserWizard1.UserName, False)
Comment it or change False to True.
Related
I'm trying to set up Two Factor Authentication on our app. Updated a user in AspNetUsers table and set it's TwoFactorEnabled value to 1 for testing.
While debugging, signInManager.PasswordSignInAsync return just "success", not "requires verification".
This is the line
signInStatus = await signInManager.PasswordSignInAsync(viewModel.Email, viewModel.Password, true, shouldLockout: false);
(Similar questions are generally answered as first value should be name instead of email but I don't think it's the issue. Login works correctly, for example if password is wrong it returns failure.)
I added the line below to Startup.Auth.cs too
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(10));
I'm still able to work with what I have like this (though I don't want to)
if (signInStatus == SignInStatus.Success && user.TwoFactorEnabled == true)
{
//rest of code to be written
}
but this feels too makeshift of a solution and feels prone to many future errors. I'd prefer using Identity but I can't at the moment because of this problem.
It is obvious I'm doing something wrong or missing something but I don't know what. Thanks in advance.
I found my solution by copying the SignInManager code directly into mine and stepping through it, you can learn more about that here: https://stackoverflow.com/a/52357870/550975
SignInManager return RequiresVerification if :
dbo.ASpnetUsers has for user set to true TwoFactorEnabled and EmailConfirmed and user
email should be confirmed, email not be empty or null.
I have a controller that has a return type of void. Is there any way which I can redirect this controller to an error view page?
I try many things but its not worked for me like create error page and return it like
return View("Error");
Thanks!
Please try to use the following:
System.Web.HttpContext.Current.Response.Redirect
Good luck!
Shimi
I'm writing an extension that should restore the last session like this
if(request.msg == "reopen"){chrome.sessions.restore(null, null)}
but this doesn't work.
(See the documentation here)
Disregard this, I forgot to set the 'sessions' permission in the manifest.
Is there some way to disable user auto-registration in ckan?
I'd like to have a ckan site that would be strictly read-only for visitors
with a back-end exclusive for contributors.
I went through the docs, but I couldn't find any option like that.
any advice on how to configure and secure ckan for such a purpose would be welcome
The easiest solution is to write an extension that implements the IAuthFunctions interface and override the user_create auth function.
Here is the basic extension:
def no_registering(context, data_dict):
return {'success': False, 'msg': toolkit._('''You cannot register for this
site.''')}
class NoSelfRegistration(plugins.SingletonPlugin):
plugins.implements(plugins.IAuthFunctions, inherit=True)
def get_auth_functions(self):
return {
'user_create': no_registering
}
UPDATE: We are currently implementing a config option to do this (pull request at https://github.com/okfn/ckan/pull/399).
For hub.HealthData.gov, we created this patch
https://github.com/HHS/ckan/commit/0102d4d7cee9151fc5fcfe31c56c485436eddda4
which makes a new config option ckan.auth. create_user which we set to false.
It has been in pull request purgatory since then:
https://github.com/okfn/ckan/pull/399
This is now a standard feature of CKAN (at least since version 2.3.2, perhaps earlier). You can use the ckan.auth.create_user_via_api and ckan.auth.create_user_via_web configuration options.
By default, ckan.auth.create_user_via_api is false but ckan.auth.create_user_via_web is true.
I have a problem when I developed my website with Google+ sign-in:
I did step by step that the doc told me but I always failed at step4:
https://developers.google.com/+/web/signin/
the result was always ""immediate_failed" - Could not automatially log in the user", I just don't kown why, can anyone help me, thanks very much! :-(
Note that in the sample code you pointed to, the "immediate_failed" check is commented out. This is intentional, since the first time a user encounters the Sign-in button on the page, it will fail.
The reason it fails is that when the page first loads, before the user even presses the button, a request is sent to Google to determine if the user has already logged in (via Google or another site, for example). If they are - there is no need for them to log in again, so the button never needs to be shown. But if they have not been logged in already, you will get the "immediate_failed" response, and will need to either show (or not clear) the button.
tl;dr - Don't worry aout getting immediate_failed when the page first loads. This is normal.
As a workaround I use gapi.auth.authorize method in the gapi.auth.signIn callback. Here is my code:
gapi.auth.signIn({
'callback': gPlusLoginCallback
});
function gPlusLoginCallback(authResult) {
if (authResult['status']['signed_in']) {
doSmth(authRes['access_token']);
} else if (authResult['error'] == "immediate_failed") {
gapi.auth.authorize({
client_id: gplusClientId,
scope: 'https://www.googleapis.com/auth/plus.login email',
immediate: true
}, function (authRes) {
if (authRes['status']['signed_in']) {
doSmth(authRes['access_token']);
}
});
}
}
function doSmth(accessToken){
//Do smth
}
Change this setting "immediate: true", to be false " immediate: false".
But if you like to make more complex implementation look at the first sample here https://developers.google.com/api-client-library/javascript/start/start-js. You have to calls to Google's "gapi.auth.authorize({...", the first one with "immediate: true", and the second one with "immediate: false".
The question is old but I faced this issue recently.
In my case, it was because I specified the URI parameter prompt to none. I guess Google doesn't like that if the user has never been logged to your platform before.
Whenever I changed that to consent or totally removed it, it worked great.
In my case, the error was because of explicitly specifying the authorization parameter prompt to 'none',similar to a previous answer.
It worked for me by specifying prompt=None or as per the official docs,you may skip this parameter.