bug is creating multiple users with google auth - asp.net-mvc-5

I have an asp.net mvc 5 site currently hosted on windows azure.
Occasionally (normally after I have rolled out or deployed to azure) the authentication seems to bug out.
I try to log in with my google account and I get weird redirect loops where I hit login, and it takes me straight back to the login page. This is normally fixed by restarting the site on windows azure again.
Every now and again though, it will redirect back from google and ask me to enter my username to complete the registration process. It does this on my google account that has already been registered. It is registering the same google account twice or sometimes even three times.
Its happened to myself and my users and I only hear about it when someone contacts me and tells me they've lost all their stuff linked to their profile on my site.
Has anyone experienced anything like this? I'm using the bog standard login / auth controller with an mvc5 project.
EDIT ::
my url is www.dev-score.com, but it also responds to just simply dev-score.com
could it be the fact that some people register on www.dev-score.com and then try to log in with simply dev-score.com or something like that?

sorry everyone, i feel kind of stupid now.
the reason this is happening is because of the different domains, not different url's.
by default azure also has a ".azurewebsites.net" domain that a few of my users were using while my .com domain was propagating.
when i switched to my .com domain, and disabled my .azurewebsites.net domain they all had to re-register, as google (rightfully) thinks that this is a new website.
these are the people that were experiencing that bug and i had to manually move their stuff over to their new accounts. every now and again a user from that period comes back to the site and logs in and has to go through this process again, so it seemed like an intermittent bug but its not, its only a bug to those few users that registered during that small window and haven't been back to the site since.

Related

Url marked as malicious site by Mcafree

I have recently created a website for my client, but when I try to post to my facebook or Linkedin, I noticed that the web security advisor shows it is malicious site and given it a red cross after the link.
I would like to know what is going wrong with this url? Any solution to fix it up?

Azure B2C accepting different domains in Redirect URIs: Bug or Feature

When adding Reply URLs in an Azure B2C Application, the UI shows the following information:
Redirect URIs must all belong to the same domain
And until recently this was enforced by the UI: no way to save a list with multiple different URLs with the exception of localhost.
But just today I found out that right now it's possible to add any domain as Reply URL, which is pretty awesome for my use case. Is this going to stay and the info is outdated or is this a bug (which would be a shame, because this makes multi-domain apps a lot easier)?
BTW, it's not just that the list can be saved, the redirects work as one would expect.
Yes, the restriction has been removed. But the tip on Azure portal hasn't been updated.

Not able to generate DKIM record for .net domain in google app

I'm using google apps for mail service. I have generated and submitted DKIM records for .co and .in domains successfully. But I'm not able to generate DKIM record for .net domain (say yourdomain.net). It shows an error we are unable to process your request at this time. Please try again later. (Error #1000). I have tried this for 2 .net domains. Both provide the same error. I have tried using in different browser and different machine, and the results are the same.
I am not sure if the issue is with the .net domain or if this is just a coincidence.
Had the same issue today (setup of DKIM on a new GSuite domain) and chatted with Google Support about it.
They pointed me to the following quote on the DKIM setup process.
Important: After you create your G Suite account and turn on Gmail, you must wait 24–72 hours before you can generate a DKIM domain key.
So you'll need to wait 24 - 72 hours after setup of the GSuite account before you can set up DKIM.
I also asked the support person whether I could get access to submit this as a product request (that the DKIM setup is prevented before this time) and he gave me access to the G Suite Feature Ideas (customers only) Cloud Connect Community. I've posted this as a feature suggestion there - upvote if you think this is needed! (needs login):
https://www.cloudconnectcommunity.com/ccc/ls/community/g-suite-chrome-feature-ideas/post/5075513382141952
Preview Screenshot:
I had a "Google Apps for Work" account and wanted to setup DKIM for Google Apps email and another provider and I couldn't do it. I contacted Google Apps support and they said it was a bug with no immediate plans to fix it.
I got the same useless error code you did. I'm disappointed in Google about this. They just leave the broken submit form up, leaving it to the user to contact support to find out it's broken with no plans to fix it.
I'm going to cancel my paying google apps account.
I experienced the same error message when I tried to set up DKIM immediately after signing up for GSuite. It worked when I re-tried about two days later.

Is Ghost in Azure leaking email passwords or is Gmail warning for nothing?

Yesterday I created a new Ghost Blog website from the Azure website gallery. The installation there asks for Gmail account and passwords, and like any security fanatic I gave my personal gmail account information (mistake #1).
Everything went nicely and got the blog up and running in no time.
Moment went and I got an email from Gmail saying that there has been suspicious log in to my gmail account from Taiwan. Google blocked this login and I made quick password change.
Today I repeated everything, but created new account to gmail to test things out. Same thing happened, but this time the login was from unknown location.
I scanned my computer for keyloggers and didn't find any.
Is it just Google being cautious and warning that the Ghost is trying to send mail and performing login while doing it? Or are those passwords leaking? They are in clear text format in the ghost configs?
Edit:
Screen capture of the Ghost Setup in Azure
To my knowledge this seems totally normal Azure configure step.
The password is stored in clear text in the config.js file, but that is just fine because the file is not accessible from the web.
The reason why GMail complains might be that, in order to send mail, Ghost has to log in to your account with your password. In this case, requests are not coming from your personal computer, but from the Azure server that is in a data center somewhere.
But it's probably not the best idea to ignore the warning, because somebody might have actually breached your account. I would simply use another service for Ghost (like Mailgun).

Log In Problem In Sharepoint Site

We are facing Login problems while Logging to our site. We (the Developement Team) can log in to the site with only one prompt but many users are getting login prompts several times. After pressing ESC for 5-6 times they can login to site. Is there any AD setting that needs to be changed?
If so not even the Site Admin (Full Permission) can log in without prompts.
I have already added the site in trusted sites in Internet Explorer.
Is this a publishing site? If so, have you ensured that all of your content is published? If anything is still in draft and has never been published then they will receive authentication prompts as ordinary users can't see draft content. Make sure you check CSS files and other assets such as images.
Add your site to the Trusted Sites in Internet Explorer
I suggest you check out this link here and check your settings compared to these. I have set up several MOSS 2007 servers following this guide with no problems at all...except for small mistakes on my part :P

Resources