I am running my own Identity Provider with ADFS, and do not want the Active Directory integration with it. When a user logs into the page, I don't want the user to see the "sign in with one of these accounts" page, and instead would like it to just default to the other provider. I noticed I cannot disable the Active Directory provider in the trusted providers page.
Some of the resources I have found, talk about adjusting the actual login page js, or code file to get it to trick the page into selecting the one I want to default. I REALLY do not want to do this, and it seems like this should be a simple option somewhere.
The only way to do this is via customising the onload.js.
The whole point of ADFS is to add a federation capability to AD. That's why you cannot easily remove it.
So I did eventually figure this out. The proper way to remove Active Directory from the choice list does NOT involve adjusting js files. Going into the system and running:
Set-ADFSProperty -EnableLocalAuthenticationTypes $false
This then used the only other identity provider automatically.
I needed to put both of these
Set-AdfsProperties -IntranetUseLocalClaimsProvider $false
Set-AdfsProperties -EnableLocalAuthenticationTypes $false
Related
I am trying to configure phabricator's admin account which appears when entering to it's home page on the first time.
According to here I can use phabricator/ $ ./bin/accountadmin, but it's not setting admin's password - unless I recover the account, get an (partially) arbitrary link and set everything inside manually.
but - I want to fully configure it without UI, but with phabricator's CLI/linux commands.
How can I do that? thanks.
Phabricator can not be fully installed with the help of cli, The problem is the Authentication method that should be set for the application is not configurable with cli at the moment. Take look at this issue for more information.
Want to make alfresco site read only in alfresco community 5.0 so that no one can make any changes or edit that during migration.
I already tried changing the user/group permissions but that method doesn't work properly. Is there any other way to make the sites read only?
You need to make all sites in read only mode and so entire Repository should be in read-only mode for migration!
Try this property in your alfresco-global.prop file
server.allowWrite=false
Please check this for reference
The best way to make a site read only would probably be to modify all members of that site to have the consumer role (this would prevent them for creating new content or editing any existing content).
Unfortunately there is no bulk capability built into the UI to do this, however it should be a relatively straightforward exercise to create an admin only custom WebScript to achieve this. It would necessary for the Admin to become the site manager of each site before attempting to change the role of each site member, but there is an API for doing this.
Alternatively (if you have only a few sites) then you could do this manually through the UI using the Site Management Admin Console page. Again, the Admin would need to become the Site Manager for each Site and then visit the site and change the role of every member.
As suggested by #DaveDraper in a former answer, you could setup site memberships to the consumer role. However, this won't take into account any special permission given on a particular node (folder/document) in that site either with or without inheritance of permission.
So, if you intend to block any writes on the entire alfresco repo/site you could simply setup an extra security interceptor on your NodeService to block any write access using the NodeService.
PS : You could get some inspiration from the "NodeService_security" bean and implementation !
I can think of a turn-around or two, but those would be really sloppy so I won't be including them in this response
I have an ASP.Net website running on IIS7. The developers have created a CMS in the \admin folder, which allows the website admin to create/edit/delete pages.
They have said:
"The read/write permission should be given to the user that requires login access to the admin panel, not the anonymous user that has general public access to the website. The reason for the write permission is to allow the administrator to be able to upload images and files through the CMS, and make various changes to the navigation, style sheet, etc".
Also, they have said:
"Password protect the /admin folder and assign full rights to your admin user as it needs to update data (site files) accordingly as mentioned in the Folder level section above. For certain modules to work, such as the file manager, you would need to use Basic Authentication at the Directory Security level. The FCKeditor folder also should be protected so it has the correct permissions. "
Is this approach safe? I have tried assigning full rights to the Plesk protected folder user (the \admin folder is protected through Plesk), but Plesk keeps reverting back to its default settings. I am told this is a security measure, which makes sense.
What would an alternate way of accomplishing this be without rewriting any code?
If the application needs the ability to upload then it will always need read/write permissions to the directories it is going to upload to - no amount of rewriting will change this, it's part of the basic functionality. The same applies to editing stylesheets etc.
Reverting changes you make sounds like a very bad security measure - warning you would be fine, but generally you make these changes for a reason and want them to stay.
Hay try this...
Right-click the file and select Properties.
Click on the Security tab.
Click Advanced in the lower right.
In the Advanced Security Settings window that pops up, click on the Owner tab.
Click Edit.
Click Other users or groups.
Click Advanced in the lower left corner.
Click Find Now.
Scroll through the results and double-click on your current user account.
Click OK to all of the remaining windows except the first Properties window.
Select your user account from the list up top and click Edit.
Select your user account from the list up top again and then in the pane below, check Full control under Allow, or as much control as you need.
You’ll get a security warning, click Yes.
On some files that are essential to Windows, you’ll get a “Unable to save permission changes… access is denied” warning and there’s nothing that you can do about it to the best of my knowledge.
Reconsider why you’re using Windows.
I have one portal with 3 modules inside it, now my requirement is i would like to create
new portal for every client registered in my DNN site.
So, i have one interface for registration, so as soon as client registers entirely new parent portal should be created with all the modules.
How can i achieve this functionality ???
I would suggest digging into the admin files that come as part of the default DNN installation and look for the code that creates a new portal from there. It will ultimately be calling a stored procedure to create the necessary data in the SQL tables. You might get away with just calling the stored procs but the admin code probably calls several different ones to setup the default security settings.
Curiously what alias will each of these portals use? It's not clear why you need a complete portal for each user. The DNN segmentation already allows you to show different content based on role membership. Why the need for a whole portal per user?
Use the site wizard to create template of the current portal and during client registration programmatically execute the template. You may also want to automate the site setup in IIS.
Well, You can easily do it! Login to host and go to portals. Click on create new protal.
See which control is responsible for creating new portal. you can simaply get it by using firebug and look into client id of link or text box.
Once you do that, you will find the code you can use.
tell me if you need more help with it, I'm good with what you want to do!
I'm creating an ASP.NET web application to schedule tasks on our server from a remote location using a .NET Wrapper for Scheduled Tasks. However, I'm stuck.
The user needs to be able to browse the file system on the server to retrieve a "file to run" for the new task that the user's creating in this application. I need to get the filepath/filename and pass it into the .NET wrapper.
I've tried using HTMLInputFile, but I haven't found a way to make that work for me.
Any help is appreciated.
Thanks
Update:
For this project, we've decided to simply list the executables in a dropdown box that would be available to users since they don't really need total access to the file system, just for security's sake.
HTMLInputFile is used to browse the client's file system and upload a file to the server. It isn't used to browse the server's file system.
You will need something quite different. You will need some server side code to display the server side folder structure to the user via the browser.
There is an example of a basic implementation of this here.
Update:
With that sample, the path that you replace "yourfolderHere" with needs to be a virtual path, rather than an absolute path. So for example "C:\Inetpub\wwwroot\uploads" won't work, but "uploads" will work.
I hope it goes without saying that there are serious security issues to think about when implementing something like this.
The HTMLInputFile will only work on the client-side machine.
You need to write a filesystem browser in ASPX/HTML that browses on the server-side.
Shouldn't be that hard to do.
You can't use the <input type="file" tag
This brings up a client-side dialog that browses the client machine.
As far as I am aware you need to create your own 'browser'.
eg You could use the My.Computer.Filesystem classes to retrieve a list of files in a folder and show those on the webpage. The user then selects the relevant file and posts a response back to the server.
You can use System.IO.Directory to get directories and files. These can be displayed in a number of ways. A simple browser / file selection should be possible in less than 50 lines of code.
Also be aware that you may need to grant extra permissions to the user that your web app runs as so the file system is accessible.
There are also various security implications around this, so don't grant access to everything unless you really need this.