I followed the tutorial page on doing the basic Facebook authentication and login, but it seems to create a redirection loop.
The parent page sets up a listener which, on authResponseChange, redirects to a handler.
The handler then gets the token and redirects back to the parent page
Which then sets up a listener, logs in, triggers authResponseChange and redirects to the handler. Etcetera...
Have I misunderstood something, or is this a bug or expected behaviour? I need to find a way to NOT have this happening.
Secondly, the documentation for 'Using Facebook & ASP.NET Membership for Authentication' is obviously not ready, but I would appreciate some pointers on how to do you would advise doing it.
EDIT: I presume that both of these issues would be fixed with the same solution, ie - getting the handler to redirect to a new page which creates a new ASPNET Membership user based on the facebook credentials - however I am unsure how to do this as the documentation for this section just says TODO. Any pointers? Would you need to just extend the Profile system to store the access token and facebook ID ? Or am I on totally the wrong track?
On another demo here some folks said it was a problem with ie9/chrome and cookies on localhost. Pointing to 127.0.0.1 and run it on iis it fixed the issue for me.
Related
I am trying to create a setup where a user can
signup & sign in directly from the combined signup&Signin page
Signup&signin from the invitation link.
Point one is working perfectly fine using the following files
BaseFile
ExtensionFile
RPFile
For point 2 I have created
SignupinviteRPFile
Now, when I click on the invitation URL which is in the following format
https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/B2C_1A_signup_invitation/oauth2/v2.0/authorize?client_id={clientID}&nonce=ca00379642b94aa693a80b66783aa010&redirect_uri=https%3A%2F%2Fmytenant-dev.azurewebsites.net%2Fsignup%2Fuser-invite&scope=openid&response_type=id_token&id_token_hint={SignedJWTToken}
I do get the signup page with readonly emailID. But once I fill all the information and click "Create" it gives me
Following issue:
Sorry, but we're having trouble signing you in.
We track these errors automatically, but if the problem persists feel free to contact us. In the meantime, please try again.
Correlation ID: 3a9f35e6-51e1-40b7-9ee9-d9c8081ff8d6
Timestamp: 2021-02-03 11:07:20Z
AADB2C: An exception has occurred.
Observations:
The account gets created in the local AD and I can see the user's entry
Following are the three calls from the network logger
/SelfAsserted?tx=StateProperties=eyJUSUQiOiIzYTlmMzVlNi01MWUxLTQwYjctOWVlOS1kOWM4MDgxZmY4ZDYifQ&p=B2C_1A_signup_invitation
2./confirmed?csrf_token=bThiL2hJNXZ4ZFBwSXZ3ZzRLd1lVUExQV2V1T3EzVkNBYUloaEpqWk5lYTBXczAvUW9oSjJMVXBEWWhrenZ1Ymc2SkJNL3N5N0UxNzZYNHBDVDdsaWc9PTsyMDIxLTAyLTAzVDExOjA2OjQ2LjU5NTgzMzVaO2tuVzlHdzdMTDZ1QzMyT1JmRGNZbGc9PTt7IlRhcmdldEVudGl0eSI6IkxvY2FsQWNjb3VudFNpZ25VcFdpdGhSZWFkT25seUVtYWlsIiwiT3JjaGVzdHJhdGlvblN0ZXAiOjN9&tx=StateProperties=eyJUSUQiOiIzYTlmMzVlNi01MWUxLTQwYjctOWVlOS1kOWM4MDgxZmY4ZDYifQ&p=B2C_1A_signup_invitation&diags=%7B%22pageViewId%22%3A%22e25ebe04-1601-460d-b3a8-1d958c8155b8%22%2C%22pageId%22%3A%22SelfAsserted%22%2C%22trace%22%3A%5B%7B%22ac%22%3A%22T005%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A3%7D%2C%7B%22ac%22%3A%22T021%20-%20URL%3Ahttps%3A%2F%2Fmytenant.b2clogin.com%2Fstatic%2Ftenant%2Ftemplates%2FAzureBlue%2FselfAsserted.cshtml%3Fslice%3D001-000%26dc%3DPNQ%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A50%7D%2C%7B%22ac%22%3A%22T019%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A8%7D%2C%7B%22ac%22%3A%22T004%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T003%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T035%22%2C%22acST%22%3A1612350410%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T030Online%22%2C%22acST%22%3A1612350410%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1612350438%2C%22acD%22%3A1075%7D%2C%7B%22ac%22%3A%22T002%22%2C%22acST%22%3A1612350440%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1612350438%2C%22acD%22%3A1077%7D%5D%7D
3.client/perftrace?tx=3a9f35e6-51e1-40b7-9ee9-d9c8081ff8d6&p=null
3. Following URL uses GET Method
https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/B2C_1A_signup_invitation/api/SelfAsserted/confirmed?csrf_token=bThiL2hJNXZ4ZFBwSXZ3ZzRLd1lVUExQV2V1T3EzVkNBYUloaEpqWk5lYTBXczAvUW9oSjJMVXBEWWhrenZ1Ymc2SkJNL3N5N0UxNzZYNHBDVDdsaWc9PTsyMDIxLTAyLTAzVDExOjA2OjQ2LjU5NTgzMzVaO2tuVzlHdzdMTDZ1QzMyT1JmRGNZbGc9PTt7IlRhcmdldEVudGl0eSI6IkxvY2FsQWNjb3VudFNpZ25VcFdpdGhSZWFkT25seUVtYWlsIiwiT3JjaGVzdHJhdGlvblN0ZXAiOjN9&tx=StateProperties=eyJUSUQiOiIzYTlmMzVlNi01MWUxLTQwYjctOWVlOS1kOWM4MDgxZmY4ZDYifQ&p=B2C_1A_signup_invitation&diags=%7B%22pageViewId%22%3A%22e25ebe04-1601-460d-b3a8-1d958c8155b8%22%2C%22pageId%22%3A%22SelfAsserted%22%2C%22trace%22%3A%5B%7B%22ac%22%3A%22T005%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A3%7D%2C%7B%22ac%22%3A%22T021%20-%20URL%3Ahttps%3A%2F%2Fmytenant.b2clogin.com%2Fstatic%2Ftenant%2Ftemplates%2FAzureBlue%2FselfAsserted.cshtml%3Fslice%3D001-000%26dc%3DPNQ%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A50%7D%2C%7B%22ac%22%3A%22T019%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A8%7D%2C%7B%22ac%22%3A%22T004%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T003%22%2C%22acST%22%3A1612350407%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T035%22%2C%22acST%22%3A1612350410%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T030Online%22%2C%22acST%22%3A1612350410%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1612350438%2C%22acD%22%3A1075%7D%2C%7B%22ac%22%3A%22T002%22%2C%22acST%22%3A1612350440%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1612350438%2C%22acD%22%3A1077%7D%5D%7D
Gives following message:
We can't sign you in
Your browser is currently set to block JavaScript. You need to allow JavaScript to use this service.
To learn how to allow JavaScript or to find out whether your browser supports JavaScript, check the online help in your web browser.
And the last call uses POST method
https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/B2C_1A_signup_invitation/client/perftrace?tx=3a9f35e6-51e1-40b7-9ee9-d9c8081ff8d6&p=null
gives 404 error message
Basically, after the signup from the invitation url I am not able to signin to my application. I am not sure if there is any conflict between the two RP files or If I am missing anything.
The problem is here
https://github.com/rbagree/B2CSignupSigninInvite/blob/main/signup_invitation.xml#L63
The log shows it cannot find this key. Just remove this entire technical profile as it should already exist in your base file.
I setup MSAL clientside authentication, and it works in around 80% of the cases I would say, in the rest of them, it seems the tokenReceivedCallback is not called. Whenever this happens, login stops working until browser is closed...
Im having some trouble finding examples of how to use MSAL with the redirectLogin, it seems all examples just use the "loginPopup"(which IMHO is not very user friendly, I tried it and my users complained about login popup being lost behind other windows all the time).
Does anybody have an example of how MSAL should be setup with B2C and redirectLogin? Or a suggestion of how I should troubleshoot this issue?
Or at least an overview of how this flow is supposed to work?(Im having trouble udnerstanding how the callback is triggered after a redirect...)
This comment in this issue seemed very promising, but it seems the sample has been removed, or is this methid being deprecated?
https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp/issues/10#issuecomment-327204996
I have developed a chatbot using Microsoft BotFramework and node.js and deployed it in webchat. As per this documentation, it is written that the bot's secret 's' can be replaced with a temporary token 't' which is valid for one conversation only.
But the problem is the life span of this token is 30 minutes and within this time window, if some intruder accesses the entire URL: "https://webchat.botframework.com/embed/YOUR_BOT_ID?t=YOUR_TOKEN_HERE&userid=some_user_id" then it is just a child’s play for him to get all of the user’s data because it mimics the chat of the actual user in the other machine.
Is there anything in the BotFramework (apart from DirectLine) that can be done that restricts the URL with the same token to be opened in another machine?
There is an issue on GH which is facing the same event with you, and with the comments, we can found that this situation will not be changed currently.
However, we can get some hints from the comment:
Ultimately, you can't hide the secret/token from clients.
If you want to remove it from the URL, you can host the JS control on your own.
If you want to remove it from page source, you can pass the value in a cookie >and read it in JS in your webpage.
However, in all cases, the value will be available in memory.
I think you can build another simple web site yourself as the bridge from the iframe and yout bot application. You can restrict your user whether is unique in this website's session. And also you can verify your user before instantiate the Bot WebChat.
I have a requirement where the portal application that is being developed in jsf 1.2 and spring 2.5 will be launched from within an ipad app. After the user logs into the ipad app, the user click on the portal link available and the ipad app in turn will be passing the user credentials through a get request url which i will have to validate and redirect them to home.xhtml page if the validation is successful else i will have to redirect them to error page. I have been searching in google a lot to see how this can be implemented. Finally i found that it requires a phase listener to implement this but I am not sure how this can be done or if there is any other way. Please tell me how can this be done using phase listener (if possible with an example). Also suggest me if i can use any other means to do this. Any help is much appreciated.
Thanks in advance.
I found a way to implement this. I am giving the solution that i used so that it might help some one else.
I am using a servlet filter to get the parameters from the URL and then i am validating the credentials with the data stored in the DB. Then if the credentials are valid i am redirecting the user to the home page. If the credentials are invalid then i am redirecting the user to error page. Done.
A changed Windows authentication to Forms authentication. Using the following example.
I added a user with Web Site Administration Tool. Finally I added this user as Site Collection Administrators and the user is recognized by SharePoint. Happy with that is started my WSS site in the browser but when I try to Sign in using this sign in form it is not working. Returns to this form after the submit (//spvm:100/_layouts/login.aspx?ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252f&Source=%2f)
I have been scanning my Eventviewer but no succes for any comment what tells me what I am doing wrong. Maybe some of you guys can help me out?
Once you are redirected to this page, try navigating to http://spvm:100. Sometime I get this kind of case where I move make to the root, then it works. I really didnt know the reason why sometime it behaves like that.
I had the same issue. I found that something was wrong with my browser's settings. I tried to log in with another browser (Firefox) and that worked for me.
I don't know yet what was wrong with my IE7's settings, on another machine I could log in to a forms auth site without any problem.