I just want a simple single sign-on for my application and identityserver3 seen to be a good solution. three things i didn't like about it though the consent page, the logout and logged out pages. i manage to disable the consent page by setting these lines to the Clients.cs file
RequireConsent = false,
AllowRememberConsent = false,
i also added custom view following the docs on Custom View Service.
so now How do I disable the logout and loggedout pages so that it automatically send the user to the home page when they clicks the sign out button?
The documentation here will help you. You are interested in specifying a custom set of AuthenticationOptions. Within that, there are three properties of interest:
EnableSignOutPrompt
Indicates whether IdentityServer will show a confirmation page for sign-out. When a client initiates a sign-out, by default IdentityServer will ask the user for confirmation. This is a mitigation technique against “logout spam”. Defaults to true.
EnablePostSignOutAutoRedirect
Gets or sets a value indicating whether IdentityServer automatically redirects back to a validated post_logout_redirect_uri passed to the signout endpoint. Defaults to false.
PostSignOutAutoRedirectDelay
Gets or sets the delay (in seconds) before redirecting to a post_logout_redirect_uri. Defaults to 0.
Using these three settings you should be able to tweak IdentityServer3 to your liking.
For example, your Startup.cs may look like this:
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.Map("/identity", idsrvApp =>
{
idsrvApp.UseIdentityServer(new IdentityServerOptions
{
AuthenticationOptions = new AuthenticationOptions()
{
EnableSignOutPrompt = false,
EnablePostSignOutAutoRedirect = true,
PostSignOutAutoRedirectDelay = 0
},
EnableWelcomePage = false,
Factory = Factory.Get(),
SigningCertificate = Certificate.Get(),
SiteName = "Identity Server Example"
});
});
}
}
Related
I have created my own custom login handler to authenticate users.
loginWithPasswordPlatfrom(user,passwd,platformId)
I want to disable the default login method loginWithPassword(user,password) of the meteor and force clients (android, ios, web) to use my custom method.
but what happened if client call login with user and password parameter it is successfully logedin because default login is still registered in a meteor.
please suggest how to disable or unregister a login handler in meteor accounts.
You can modify Accounts._loginHandlers on the server and throw out the default login method. Accounts.loginWithPassword() is then no longer possible on the client.
var hs = []
for(var i = 0; i < Accounts._loginHandlers.length; i++) {
if(Accounts._loginHandlers[i].name != 'password') hs.push(Accounts._loginHandlers[i])
}
Accounts._loginHandlers = hs
Created a mvc5 app with Identity2,using google login (pretty much the empty app, with google stuff turned on)
How do I set it up to use session cookies, so they expire when the browser closes.
The app will be used by students who may hot swap seats, so i need the login to expire when the browser closes.
I read an SO article that implies this is the default, but when i close the browser, and go back to the site, it remembers the google login.
Edit
Sorry to burst everyone bubble, but this isn't a duplicate.
It reproduced in Chrome after the settings in the supposed "answer" are changed, and it also reproduces in IE... This is an Asp.net Identity 2 +Google login issue, not a Chrome issue.
Edit
Adding Startup Auth file for Setup Help
using System;
using System.Configuration;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.Google;
using Owin;
using StudentPortalGSuite.Models;
namespace StudentPortalGSuite
{
public partial class Startup
{
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes( 30 ),
regenerateIdentity: ( manager, user ) => user.GenerateUserIdentityAsync( manager )
)
},
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enables the application to temporarily store user information when they are verifying the second factor in the two-factor authentication process.
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(5));
// per https://learn.microsoft.com/en-us/aspnet/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on - EWB
//dev-jcsn email
app.UseGoogleAuthentication( new GoogleOAuth2AuthenticationOptions()
{
ClientId = "...",
ClientSecret = "..."
} );
//});
}
}
}
EDIT
The use case I'm trying to fix is, since our app is used in a classroom, that student A Closes his/her browser instead of logging out, and then next user tries to login. As it stands they are autologged into user A's account.
I'd also be up for a way to 100% log out the user when redirected to the login page, but all the ways I've tried that aren't working.
Maybe you can catch the window close event on page and call logout method
$(window).on("beforeunload", function() {
//ajax call to a post controller that logs the user out
})
Calling this at the top of the LogIn controller Method solved the issue.
Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ApplicationCookie );// https://stackoverflow.com/questions/28999318/owin-authentication-signout-doesnt-seem-to-remove-the-cookie - stralos s answer
Request.GetOwinContext().Authentication.SignOut( DefaultAuthenticationTypes.ExternalCookie );
I have created a custom share page with authentication as user. Now i want to enable few buttons in the page if the logged in user is a Manager. But i don't know how to find out the logged in user is a manager or Collaborator. Can someone please help me?
In all WebScript JavaScript controllers running on the Share tier you can access user.isAdmin. This will be a boolean value indicating whether or not the current user has Administrator privileges.
However, I'm not sure if this is what you mean because you have said "Manager" - if you mean that you want to know whether or not the current user is a Manager of the current site then it will be necessary to make a request back to the Repository using the site id from the page context, there are lots of examples of this in the Alfresco codebase - essentially it should look something like this:
var userIsSiteManager = false;
var json = remote.call("/api/sites/" + page.url.templateArgs.site + "/memberships/" + encodeURIComponent(user.name));
if (json.status == 200)
{
obj = JSON.parse(json);
}
if (obj)
{
userIsSiteManager = (obj.role == "SiteManager");
}
In browser javaScript you should use ajax request
Alfresco.util.Ajax.jsonPost({
url: Alfresco.constants.PROXY_URI + webScriptUrl,
dataObj: data,
successCallback: {
fn: succesCallback,
scope: this
},
failureCallback: {
fn: faliureCallback,
scope: this
}
});
pass your request params in dataObj javaScript object.
In repository webScript use json.get("paramName")
Then use
var site = siteService.getSite(siteId);
//person - current logged in user
site.getMembersRole(person.properties.userName)
I have a section that requires login and a certain role ("higher than 19"). Whenever I logout from it, I get
Error: permission_denied: Client doesn't have permission to access the desired data.
Reason for this are my security settings:
".read": "root.child('users').child(auth.uid).child('data').child('role').val() > 19",
My logout function:
// Sign out functionality
App.controller('SignOutCtrl', function($scope, $state, Auth) {
$scope.logout = function() {
// Go to landing page
$state.go('home');
// Log user out
Auth.$unauth();
};
});
App.factory('Auth', ['$firebaseAuth', function($firebaseAuth) {
var firebase = new Firebase('https://mysite.firebaseio.com/');
return $firebaseAuth(firebase);
}]);
The $state 'home' doesn't have any reading restrictions, looks like the log out actually happens before I'm being redirected to the 'home'-$state, which triggers the security restrictions.
I guess I'm struggling to understand the very basic concept of how to log out from a restricted site without triggering the security setting, can anyone please explain me how to do that properly?
I would suggest unauthenticating when the logout page is loaded instead of before leaving the restricted page.
I am using $firebaseSimpleLogin to log into Firebase using email/password.
It is working rather well when I log in using email/password, I could see sessionkey being saved automatically as a cookie.
However, would like to remember the log in such that user only have to log in once.
So I included {rememberMe: true} during auth.
How do I check if the session is still alive at the beginning of the page being loaded?
From your question, I assume you're using Angular JS.
You can execute a run block on your main module, which is run everytime the page is loaded. I don't know much about Angularfire, this is the code I'm using on a hack day project to check auth and redirect to the login page if needed.
FirebaseRef is a wrapper that points to my Firebase instance.
This also makes sure that the currentUser object is available in all scopes.
var minib = angular.module('minib', ['ngRoute', 'firebase']);
minib.run(function($rootScope, $location, $firebaseSimpleLogin, firebaseRef) {
$rootScope.auth = $firebaseSimpleLogin(firebaseRef());
$rootScope.auth.$getCurrentUser().then(function(user) {
if (user) {
$rootScope.currentUser = user;
} else {
$location.path('/login');
}
});
});