I'm Trying to login with dotNetOpenId to GMail accounts. It works but I'm not able to retrieve any claims. I know I could retrieve email addresses or user names as well, but no claims are being returned only the ClaimedIdentifier is available. Anyone know how to retrieve this data from Gmail accounts? If you could please provide me an example of ClaimsRequest configuration I would be grateful.
Thanks
// Either you're creating this already or you can get to it in
// the LoggingIn event of the control you're using.
IAuthenticationRequest request;
// Add the AX request that says Email address is required.
var fetch = new FetchRequest();
fetch.Attributes.Add(
new AttributeRequest(WellKnownAttributes.Contact.Email, true));
request.AddExtension(fetch);
Google then authenticates the user and returns the email address, which you can get with:
var fetch = openid.Response.GetExtension<FetchResponse>();
if (fetch != null)
{
IList<string> emailAddresses = fetch.GetAttribute(
WellKnownAttributes.Contact.Email).Values;
string email = emailAddresses.Count > 0 ? emailAddresses[0] : null;
}
You can see my blog post on the subject for a bit more information. The important thing to note here is that Google will only tell you the user's email address if you mark it as required (as I have done in the above snippet). But this also means that if the user does not want to share his email address, he cannot log in at all. Sorry, that's the way Google set it up. Other Providers that people use have different behaviors, unfortunately.
Related
Is there a way to prevent an external recipient from replying to an email, we need them to update our portal. In the ReplyTo Field we add "please update our portal with your response" but many users ignore it by changing the ReplyTo Field.
We create the problem as we add a full description of our customer update in the body rather than just adding a link. I don't really wish to remove this additional information as it is more user friendly. Access to the portal and their 'ticket' is extremely user friendly, one click, it is just people being lazy.
This is how the email is generated.
Many thanks for any suggestions.
var recipient = document1.getItemValueString("emailField");
var sendergroup = "support#ourcompany.co.uk";
var memo = database.createDocument();
memo.appendItemValue("Form","Memo");
//memo.appendItemValue("Principal","Support Request#NotesDomain");// Don't use.
memo.appendItemValue("From",sendergroup);
memo.appendItemValue("INetFrom",sendergroup);
memo.appendItemValue("ReplyTo","... please update our portal with your response.");
memo.appendItemValue("DisplaySent",sendergroup);
memo.appendItemValue("SMTPOriginator",sendergroup);
memo.appendItemValue("Subject", Our references here ");
var rtitem:NotesRichTextItem = memo.createRichTextItem("Body");
var rtStyle:NotesRichTextStyle = session.createRichTextStyle();
rtitem.addNewLine();
rtitem.appendText("Hi "+firstname+",");
rtitem.addNewLine();
rtitem.appendText("Details of the request in here..");
rtitem.addNewLine();
rtitem.appendText("https://link to their document in here");
memo.send(recipient);
As far as I know you cannot control what happens at the recipient's mail system....
However, you could use a sender/reply address where the mail goes to a mailin database where you could have an agent send them a reply stating that their reply is ignored and that they will have to open the link....
Not ideal - but then at least they know :-)
I need help for creating the REST endpoints. There are couple of activities :
To change the email there are 3 URL requests required:
/changeemail : Here one time password (OTP) is sent to the user's mobile
/users/email : the user sends the one time password from previous step and system sends the email to the new user to click on the email activate link
/activateemail : user clicks on the link in the new email inbox and server updates the new email
To change password :
/users/password (PATCH) : user submits old password and new password and system accordingly updates the new password
Similarly, there are other endpoints to change profile (field include bday, firstname and last name)
after reading online I believe my system as only users as the resource --> so to update the attributes I was thinking of using a single PATCH for change email and change password and along with that something like operation field so the above two features will look like :
For changing email :
operation : 'sendOTPForEmailChange'
operation : 'sendEmailActivationLink'
operation : 'activateEmail'
For changing password :
operation : 'changePassword'
and I will have only one endpoint for all the above operations that is (in nodejs) :
app.patch('/users', function (req, res) {
// depending upon the operation I delegate it to the respective method
if (req.body.operation === 'sendOTPForEmailChange') {
callMethodA();
} else if (req.body.operation === 'sendEmailActivationLink') {
callMethodB();
} else if (req.body.operation === 'activateEmail') {
callMethodC();
} else if (req.body.operation === 'changePassword') {
callMethodC();
} else sendReplyError();
});
Does this sound a good idea ? If not, someone can help me form the endpoints for changeemail and changepassword.
Answer :
I finally settled for using PATCH with operation field in the HTTP Request Body to indicate what operation has to be performed.
Since I was only modifying a single field of the resource I used the PATCH method.
Also, I wanted to avoid using Verbs in the URI so using 'operation' field looked better.
Some references I used in making this decision :
Wilts answer link here
Mark Nottingham' blog link article
and finally JSON MERGE PATCH link RFC
You should make the links that define the particular resource, avoid using PATCH and adding all the logic in one link keep things simple and use separation of concern in the API
like this
1- /users/otp with HTTP Verb: GET -> to get OTP for any perpose
2- /users/password/otp with HTTP Verb: POST -> to verify OTP for password and sending link via email
3- /users/activate with HTTP Verb: POST to activate the user
4- /users/password with HTTP Verb: PUT to update users password
Hashing Security is a must read, IMHO, should you ever want to implement your own user account system.
Two-factor identification should always be considered, at least as an opt-in feature. How would you integrate it into your login scheme ?
What about identity federation ? Can your user leverage their social accounts to use your app ?
A quick look at Google yielded this and this, as well as this.
Unless you have an excellent reason to do it yourself, I'd spend time integrating a solution that is backed by a strong community for the utility aspects of the project, and focus my time on implementing the business value for your customers.
NB: my text was too long for the comments
Mostly agree with Ghulam's reply, separation of concerns is key. I suggest slightly different endpoints as following:
1. POST /users/otp -> as we are creating a new OTP which should be returned with 200 response.
2. POST /users/email -> to link new email, request to include OTP for verification.
3. PUT /users/email -> to activate the email.
4. PUT /users/password -> to update users password.
We are receiving the following error when I try to create a recipient view. Basically the document is sent to 2 users, one of them has already signed but the other user can not sign because there’s no URL created and sent to us from Docusign. We are using node.js docusign sdk.
var recipientView = new docusign.RecipientViewRequest();
recipientView.setReturnUrl();
recipientView.setUserName();
recipientView.setEmail(;
recipientView.setAuthenticationMethod("email");
recipientView.setClientUserId();
var envelopesApi = new docusign.EnvelopesApi();
envelopesApi.createRecipientView(accountId, envelope.id, recipientView,
function(error, viewUrl, response) {
// no url is returned here.the error (in the image) is shown
});
I printed the values of accountId, envelopeId and those seemed to be fine.I checked if the user had changed his first name, last name and there were no errors there. If I create a new user from scratch everything works fine.
FrontEnd Error
Response Error
Through your screenshots it looks like you are getting an UKNOWN_ENVELOPE_RECIPIENT error returned from the API. This means the recipient data you are sending to identify the recipient is not correct. It needs to exactly match the data you assigned to the recipient when you added them to the envelope, such as name, email, recipientId, and clientUserId.
Try calling the EnvelopeRecipients: List API before you make the request to generate the URL and ensure that the recipient data matches what you are sending in your createRecipientView() request. That should help identify which piece of data is off, once you correct that the call will then start returning the proper URL.
Also see the Embedded Signing features page in the DocuSign Developer Center which shows exactly which params you need to set etc:
I have a custom web part that starts by getting a current user login name like this:
protected static string iAm = System.Web.HttpContext.Current.Request.ServerVariables["AUTH_USER"].Split("\\".ToCharArray())[1].ToLower().
Then it passes this string to a bbl class and fetches a user id:
`IDataReader _drInfo = cisf_BLL.bll_MyInfo.drGetMyInfo(iAm);
while (_drInfo.Read())
{
iUser_Ident = _drInfo.GetInt32(30);
}
`After that it passes the user id integer to another method that fetches user's training record:
_drUserTraining = bll_Training.drGet_required_training_records(iUser_Ident);
_drUserTrainingCompleted = bll_Training.drGet_completed_training_records(iUser_Ident);
This information is then displayed in a tab container with three tab such as "Overdue", "Required", and "Completed".
The problem I'm having is this: I'm logged into SharePoint collaboration site with my domain user name and all my training is displayed just fine. If my someone else then logs in to the SP Portal that user sees my training and not his, even though this user has logged in with his unique credential using a common access card, just as I.
Somehow some strange session seems to persist and I was hoping someone out here has encountered this anomaly.
Thanks in advance!
Risho
You are misusing static - a static property is stored once per web server process, not once per user.
Not an answer, but code improvement: there is much simplyer way to get current user name/id
SPUser user = Microsoft.SharePoint.[SPContext][1].Current.Web.CurrentUser;
user.ID;
user.Email;
user.Name
user.LoginName;
user.Grups;
....
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spuser_members.aspx
I am trying to get a user back in SharePoint Client OM using EnsureUser. My code is:
ClientContext clientContext = new ClientContext(siteUrl);
User spUser = clientContext.Web.EnsureUser(user);
Where siteUrl and user are both strings set as appropriate.
The result is spUser is the shell of a User object but all its properties (for example Email, Title, etc.) are not initialized. In VS they are showing {"The property or field has not been initialized. It has not been requested or the request has not been executed. It may need to be explicitly requested."}
What would be causing this? I thought EnsureUser would create the user if it is not already there. I know in Server OM sometimes you need to use "AllowUnsafeUpdates", is there something like that for Client OM?
It is almost a year late, but just in case someone else is searching for the same answer.
After getting a reference to the user object you need to do the following before accessing the properties of the user.
clientContext.Load(spUser);
clientContext.ExecuteQuery();
or if you want to get the email and title only to reduce the pay load.
clientContext.Load(spUser, u => u.Email, u => u.Title);
clientContext.ExecuteQuery();
Basically, it establishs a request to the SharePoint Web and ask for the properties of the spUser. The request will be send when ExecuteQuery() is called.