Folks,
I just started to work on an ASP.NET MVC4 web application. I added support for local login as well as login using Google ID (using OAuthWebSecurity).
It seems the user is successfully able to login using Google ID. When I examine Membership.GetUser(), I see that the user name for the logged in user is the Google email ID.
As the user can log in either locally or using Google ID, I need to have the ability to query my local database using either the local user ID or the Google ID.
I am trying to understand what Google ID is. Is it the email address of the user or is there a unique GUID associated with each Google user. I am guessing it must be the latter case. If it is, how do I obtain this Google ID? I don't see any property on Membership class that gives me this information.
Thank you in advance for your help.
Regards,
Peter
The username for google is the email address. This is an OpenID account.
Related
I'm trying to password protect a page that contains confidential information.
Upon clicking a link, user will be shown a pop-up dialog to enter password.
If successful, redirect user to page. Otherwise, display "Wrong password".
The thing is, this can be easily overcome if user just copies the URL and add "/exec#ConfidentialPage" to the end of the URL.
Any suggestions?
If at all possible I would highly discourage implementing your own authentication system and instead rely on Google login to secure your data. See https://developers.google.com/appmaker/security/secure-your-app. My short recommendation is to:
Create a google group which contains the users you want to access the
data.
Create a role in App Maker which contains that group
Restrict access to both your data and your view to members of that role.
This is much more secure than a password based approach as #1 It's implemented by Google (implementing your own auth correctly is hard) and #2 You have a list of everyone who has access to your data in the form of the Google group.
I want to be able to access other users Google Calendars through a service account so I am not prompted for authorization. I am doing this in a simple .net c# console app. When I attempt to create my credentials in the Google API Manager, it gives me the following alert when I specify I am using a non UI app and I want to access User Data. Isn't the purpose of using the service account to access other users data without a UI?
"User data cannot be accessed from a platform without a UI because it requires user interaction for sign-in."
You may have misunderstood the meaning of using a service account to impersonate a user. To help you with Authentication, you might want to check this tutorial : Google Calendar API Authentication with C# by Daimto.
Things to take note of :
To be able to access other calendars by service account, users who own the calendar should share it to the service account.
To impersonate a user, you must know the email address.
From the tutorial:
If you are only accessing data that you own there is no reason to ask a user for permission to access it. You can use a Service account. (Privacy)
If you want to be able to access data owned by someone else you will need to be authenticated.
Hope this helps!
Is it possible, with the Google Calendar API / Zend Gdata, to get the user's google email address, after he successfully authenticated with AuthSub and I have an access token?
I have a problem with some users having multiple Gmail and Google Apps accounts, and then not remembering which one they've used to Sync with my service and having the impression that the sync doesn't work. I'd like to display them the Google Account they have first authenticated with.
Have you tried the experimental settings API? It looks like it returns the user's name and email address in the author section.
I want to support the following scenarios on my ASP.NET MVC website:
First time visitor wants to
register, via facebook connect. I'd
like the user to have an entry in my
user membership table - so I have
them enter a username/password
(email gets populated via facebook
connect).
Registered user returns to my
site, logged into facebook already.
I'd like my site to see they're
logged into facebook already and
auto log them into my membership
system.
Registered user returns to my
site, but is not logged into
facebook. I'd like to give them two
options: to log into my site
directly or use facebook connect.
Extra:
After a user has connected their
facebook account to my site, I'd
like to use their facebook profile
photo throughout my site where the
user has participated.
I'd also like to post a bit of text, maybe even a photo, to the user's wall (when they perform an action of course).
Couple questions:
What should I store to tie the user's id in my membership system to their facebook account? I'm assuming it would be their facebook user id.
Can this facebook C# SDK handle these scenarios?
Yes you would store their Facebook Id and Yes the API can support this.
ASP.Net C# and FaceBook Connect.
I'm using Facebook connect on my site. If a new user connects through FB i create an account for them and all is fine. What i would also like to do is check to see if they already have a registered account.
So if someone connects that has not logged in but has an account i would like to be able to locate the account in my application a link it. I hoping this could be done via the email address?
Any ideas
Thanks
Richard
UPDATE: You need Connect.registerUsers:
This method is used to create an
association between an existing user
account on your site and that user's
Facebook account, provided the user
has not connected accounts before.
This method takes an array of account
data, including a required email_hash
and optional account data. For each
connected account, if the user exists,
the information is added to the set of
the user's connected accounts. If the
user has already authorized the site,
the connected account is added in the
confirmed state. If the user has not
yet authorized the site, the connected
account is added in the pending state.
If the user deactivates their external
user account, then call
connect.unregisterUsers. To get the
number of friends a user has in the
pending state, use
connect.getUnconnectedFriendsCount.
If that doesn't resolve your question, this question is not a duplicate of yours, but the answers might give you a way forward:
How do we register users — Facebook Connect users logging in the first time — when we cannot get an email address from facebook?