I am currently working on the linqtotwitter library.
I am using cookies to store the token and key. My problem isnt with the api as much. It is more with ASP net and page life cycle.
The problem i have with my webform app is the same with the aspnet webform defaultasp sample same at linqtotwitter site.
This is how the api works
You pass the Credentials to Authorize object to Twitter context in a nut shell.
In the sample you authorize and etc. Once the page load the auth.screenname label is changed to your twitter handle because you authenicated and it passed the auth.credentials to the twittercontext.
This is where my problem is. If I hit refresh the label is cleared out but I am still authenicated with twitter so I can post except i can not get values from the auth objects.
How would I keep the state on a refresh so I keep something like the auth.screenname or something else in memory.
I think i would need to preload the twitter authorized context but I have no idea about doing that.
I do not think using a hidden form element is proper because your masking the underlying problem.
If you want to see what linqtotwitter is, it is at http://linqtotwitter.codeplex.com/
You could throw the tokens into Session if you have it enabled, that might solve your issue.
Related
Since I couldn't find an answer to my specific question, I thought I'd ask here instead.
The situation is as follows:
I have an application (ASP.NET) that is integrated with Auth0. I'm trying to test the sign-in flow which is set up with authorization code with PKCE OAuth 2.0 flow. What I have in Cypress so far:
Navigating to the home page correctly takes me to the auth0 login page.
I can submit the form and get redirected to my.app/callback which then redirects the user to my.app/callbackInternal (Don't ask why - it's an app that I inherited. Most likely to obtain the session ID cookie used by ASP.NET).
Unfortunately, upon the redirect, my app returns a 500.
Now, /callback is responsible for nothing but returning an HTML document with a JS script that sets the location to /callbackInternal by replacing callback with callbackInternal in the current URL. /callbackInternal then accesses HttpContext.Session to obtain the code verifier, however, that doesn't seem to exist and the request results in a 500.
All that makes me suspect that the session ID stored by ASP.NET in cookies is not preserved between points 1) and 3). I confirmed that at the time of the redirect, the session ID cookie is set, but I can't seem to be able to verify that it's the same as the one in point 1) since that results in an immediate redirect.
Basically, I'm hoping that someone was in the same situation and knows a solution to this problem.
I have tried verifying session IDs between points 1) and 3). The most likely scenario is that they're different, hence the issue in point 3).
I also have other test scenarios covered with a cookie injection where an access token is obtained programmatically via the API, so I don't need that. I want to test the sign-in flow itself.
I have been also facing a similar problem automating with cypress. After a through research I come to the solution. I was trying to login in an angular application and my commands were in two different tests. I just combined all the commands in a single cypress test, which resolved the problem. Keep all the commands of a form in a single cypress test function may resolve your problem.
I'm trying to implement a web-view web part in sharepoint that will load up a small 'widget'y type thing I've got hosted on our local IIS. I desire to only show this web part to particular users, but cannot use the 'target audiences' feature of Sharepoint as we only use Foundation an the feature isn't present.
I'm currently attempting to use Windows authentication on the page, and it works fine for allowed users seamlessly infact - however, I was hoping there was a way if the user is denied, they don't get a popup asking for credentials, it would just redirect them to a blank page, thus the web part 'doesn't show' for them.
Is this possible using Windows authentication or do I need to use forms authentication against Active Directory and make them use a form to login? Can Forms Authentication be configured to seamlessly use AD groups and only show a login page when 'denied'?
Cheers
After trying about a million different solutions that all basically led back to the problem of..
It's a pain to check if a user is authenticated before the 401 error is sent - as there is an initial 401 sent to the browser which then prompts for it for authentication..
I came up with a quick and dirty solution, as the project is small and not worth investing much more in.
I placed a very simple check in the page_load event like so, that checks for username if it isn't a postback (first load), and redirects if the static user list isn't found. Far far far from prfect, but it'll do.
if (!Page.IsPostBack)
{
var user = Request.LogonUserIdentity.Name.ToLower().ToString();
if (user != "domain\\user")
{
Response.Redirect("/path/to/redirect/to.html");
}
}
First, thank you to those of you who have put in a tremendous amount of work into building and developing Drupal-iOS-SDK. It is an amazing piece of work and I am impressed by its power daily.
Second, as a bit of background, I am writing an iOS app that allows users to login to my Drupal site with their iPhone/iPad and access their inputted data currently stored/displayed in Views.
Now, to my question/problem. So far, I have been able to successfully login to my Drupal site with the iOS app with OAuth and Session Authentication switched to off. However, as soon as I enable Session Authentication, I get a 406 error. I have tried looking online for a solution but, unfortunately, I have been unable to do so. What could be causing this problem and how would you recommend that I go about trying to resolve it?
On a similar note, my hypothesis is that disabling Session Authentication is what is causing me to get a 401 error when trying to get the app to display the views I've created. Could that be the case? Will resolving my issue above so that I can enable Session Authentication then allow me to access the views?
Thank you in advance for your help and have a great day!
Okay--I think I'm making some progress.
For the time being, I've disabled Session Authentication and don't have to deal with the 406 error. Additionally, I adjusted my Drupal views settings and now am no longer getting a 401 error when using DIOSView's viewGet. However, the responseObject for viewGet is a blank set that contains no view information. As a test, I implemented nodeGet that retrieves the node my view is linked to. I then ran the app and observed that the information returned in nodeGet's responseObject doesn't match the information for the user that successfully logged in. This makes me think that the session and/or user information is not getting passed from the app's first view (login view) to the app's second view (view that implements viewGet).
Can anybody help? I know the Drupal community, and Drupal-iOS-SDK community, is quite large and active. As such, I'm hopeful that someone can provide me with some insights and point me in the right direction.
Thanks in advance!
Check the 'sessions' table in the database. Remove any rows that have the 'uid' of the user you are logging in as and/or the 'hostname' (ip address) of the iDevice you are using to log in with. I had the same issue, getting 406 when enabling session authentication in services using drupal-ios-sdk, and this is what resolved the problem for me.
The 401 "Unauthorized" status code is because the request requires authentication. Once you get the session authentication working, check your roles and permissions. Once you are authenticated, the user should be able to access the view if they have the correct roles/permissions.
I found this problem too.
Try following this method here. It works for me
https://github.com/workhabitinc/drupal-ios-sdk/issues/30
On some websites, when you want to login, you need to enter a captcha as well. If I want to provide support for an user to enter a captcha into my application ( which will then log into the website ), how would I do this?
My problem is that the link to the captcha image is like this: example.com/captcha , and it serves a different image each time it's accesed.
My approach is like this:
request page
download image
show image to user
user inputs login information
application logs in
The thing is, if you download the image in order to show it to the user, you're actually receiving a different image than the one generated when the page was loaded, right? How can I get to the image that was generated when the page was loaded, so that when I show it to the user, it's the correct one?
The question is language agnostic.
I think your problem is about sessions, the session your app downloading the image and the session your app submiting the login form may not be the same session, then your captcha will never be correct, you should maitain the session between requests, normally is some cookie set by the website.
By design, most captcha will always give you a different image. No way to work around that fact.
The first thing to do, is to open up fiddler. That way you can see what the browser is doing so that it can autenticate & remain autenticated.
It usually comes down to a cookie being sent. So what you need to do is to hold the cookie on your client app, and have all the requests sent with that cookie. Different platforms provide features to do so, but I'm sure a quick search will show you how.
Remember to pay attention to all being exchanged in fiddler, you need to make sure your apps triggers the same. Besides cookies, pay attention to any hidden field a js might set on the form.
It sounds like you're trying to invent a captcha solution yourself. Have you considered using reCAPTCHA? It's free.
Can you be a bit more specific about your situation? From what you've said, I'm assuming the following:
You have a "client GUI app" that logs in to a third-party site. Is this a web-app, or a desktop/standalone application? In what language is it written?
Your app contacts the third party site and downloads the Captcha image. This image is then shown to the user.
The user enters the captcha phrase and submits it to your app. Your app then submits this phrase to the site for validation. This is where sessions come in. Assuming the remote site uses cookie-based session tracking, you will need to send the same cookie to the third-party server with this submission as you do when the image was downloaded (in the step above). This allows the server to match your submission to the correct image it sent. Precisely how you do this depends on what language you've written your app in and the precise structure of it all. Without more information, a more specific solution is impossible.
The image that's generated is also the image served to the user. Your 'main' html page doesn't/shouldn't generate the image, it only embeds it using the image tag.
You could pass a token of some kind with the captcha image, perhaps appended to the filename such as captcha-0ad719bef61bc6a0.jpg and the appended data could link into a temporary table in a database server side that has the correct answer. This would allow you to check things were ok without passing both the image and answer across to your application.
I'm not sure if I entirely understand this question, but wouldn't you simply store the captcha locally after requesting it from the server, and then embed the local image from the client application, while storing any necessary session captcha data that will allow the captcha to be validated on post, assuming the user input is correct?
If the problem is that the captcha changes everytime you request it, just request it only once.
Can you offer any more clarification if this wouldn't apply to you?
It depends from capcha to another captcha. Maybe you need to use sessions or cookies or some captcha image filename. Show the page with that captcha.
I'm using asp.net 4.0 with asp.net MVC 2.0 and the asp.net membership provider.
I need to terminate a the user session before I delete it. Otherwise if the user is still authenticated the next time it will visit a page null reference exceptions will occur when trying to access the user data and profile.
I get the Session.Abandon() method but what I'm looking for is the same on a user, something like user.AbandonSessions().
I realize this question has been asked before but I can't get a straight answer.
Thanks
I think you may be tilting at windmills. There are just too many things working against your desired goal.
If you adjust your perspective to embrace the arbitrary nature of a browser based app and instead of trying to eradicate all vestiges of a users state in order to avoid errors, rather take measures to ensure that the required data is present in the session and if not then recreate it or redirect the user to an appropriate location.
In any case, remember that in order to affect any session related action capably, you must force a request cycle to ensure the cookies are properly processed by the browser, but that is beside the point I am trying to make.
Good luck.
You could use a custom membership provider which instead of deleting an account, just deactivates that. You could also have the custom membership provider to lock the account at the same time.
FormsAuthentication.SignOut();
But you need to call it in the context of the user you want to sign out.