I build an application that among other things send link (SMS) to users.
When user opens the link (asp.net page) she fills a form and send it to server.
In order to make the user submit the form once I need a unique identifier for her cellphone.
Any idea regarding this will be appreciated.
Related
I'm trying to password protect a page that contains confidential information.
Upon clicking a link, user will be shown a pop-up dialog to enter password.
If successful, redirect user to page. Otherwise, display "Wrong password".
The thing is, this can be easily overcome if user just copies the URL and add "/exec#ConfidentialPage" to the end of the URL.
Any suggestions?
If at all possible I would highly discourage implementing your own authentication system and instead rely on Google login to secure your data. See https://developers.google.com/appmaker/security/secure-your-app. My short recommendation is to:
Create a google group which contains the users you want to access the
data.
Create a role in App Maker which contains that group
Restrict access to both your data and your view to members of that role.
This is much more secure than a password based approach as #1 It's implemented by Google (implementing your own auth correctly is hard) and #2 You have a list of everyone who has access to your data in the form of the Google group.
I'm investigating a possible use of a certain scenario in Microsoft Bot
- Embed the Chat Control:
Suppose my client clicks on link that leads to my Bot Site, which contains the Chat Control. Also the link contains user Id (POST).
So it is possible to send the user's ID to Bot as soon as the customer enters the site? So the Bot can perform a specific process against this user?
Currently you can only pass username and userid in the iframe due to security concerns.
The docs appear clear as mud on this. I'm building a custom CRM and need a way to get the phone number (caller ID) of the current incoming call. The workstation has the Five9 application installed and the Desktop Toolkit. Now what do I do in the web browser to get that information? My idea was that I'd have a search form and one could click a button called "Search by Caller ID". The web browser would then connect somehow to Five9, get the current phone number of the current call, and send it back to the web server to show records that matched that phone number.
I created a google form as a work request form for my team at work. The request then goes to a google group (where all team members can access and pull from) The issue is when a request from the form comes to the google group it is showing that it was submitted by me and not by who is requesting the work, but when we go to the google spreadsheet to see the request it is showing the correct user who submitted.
How can I get the user (work email) who submitted to show in the google group?
Response to first comment-
Here is what a work request looks like coming into our group inbox (google group)
This is showing as being sent by Shaun, but I (Jessica) as in the second picture shows was the requester who filled out this work request
It appears that Shaun is the owner of the spreadsheet receiving the input from the google form, and/or the author of the script that generates an email from the form input and sends it to the google group. You don't say so explicitly, but I would guess that you're using a "Collaborative inbox" group type.
Since the email to the group comes from Shaun, that is the user profile that is displayed on the message, above the message content.
Possible options that fail:
While you can specify a different "from" address when sending an email via the GMail Google Apps Script service, you are limited to using your own registered aliases - so that isn't going to help you.
Instead of emailing the completed form, have the script generate the whole group entry on behalf of the Requestor (sic). Despite a 7-year-old feature request, there is no API that supports this.
So what will work?
If you're willing to forego the form and spreadsheet, each requester can send their own email, which will ensure that their credentials are used to display a user profile on the groups page. To guide use of standardized fields, you can provide a mailto link with the body of the email pre-formatted for users.
mailto:work-group#googlegroups.com?subject=Work+Request&body=Request+Type:+%0dProgram:+%0dWork+Package+Name:+
Such a mailto link can be embedded on a web page, or kept as a browser shortcut to make it easy on users.
I have 2 applications, each in different domains. When a user comes to the first application, clicks a link, the user is sent to the second application.
My problem is as follows: I need to persist a sessionId from the first application to the second application. Simple enough but here's the catch. I can't use query string and I can't use cookies(since in different domains). I was thinking, is there a way to insert custom values into HTTP Headers or set some form values on an intermediate page which would then POST to the second application? So the process would be as follows:
User clicks a link on the first page, this takes the user to an "intermediate" page, this "intermediate" page sets a sessionId value in the form or http Header, then the "intermediate" page sends the user to the second application via a POST where the app will have the sessionId.
I can't use a Server.Transfer since the app is not on the same server. Help?
This is how Microfot tried to do it Does Issuing Passports Make Microsoft a Country?.
You could try and make a secure SOAP or XML request with a secure token referencing a session id you stored for the user in a shared database. You could then load the user's session based on that session id stored in the db if a match is found.
One way that you could do it is to use webservices. Before the user is to switch sites, you could give the user an unique authentication token that has been agreed upon prior to leaving.
Another thing you could do (this is not a great solution, but it works) is to use frames, and to send the child frame information through javascript (login information). I really don't like this method, because it presents so many problems that its best avoided.
What I mean:
Web services: Communicate with the other site to say "this user is currently logged in here," you can do this at login (depends how much you trust the other domain), or you can do it when the user requests to leave
Giving the user an authentication token: You can post it as a form element. Or if you had an agreement with both domains you could send it to a URL that could later be interpreted as a rediection service+authentication token confirmation portion. I.E.: domain.com/page/token+pageid-mixture
Use OpenID. It's designed for this purpose (common authentication to web sites on multiple domains). The protocol's been under development for years and has probably encountered and solved a lot of the problems you'd be likely to run into if you roll your own solution.