I would like to allow my users to register from homepage by entering name, surname, email and password information. After submitting the form, I want to redirect my users to a security check page for a capthca validation. User will be saved to the database after this captcha validation. The scenario is similar to Facebook's homepage registration feature.
My problem is, after collecting name, surname, email and password information how can I send them to the captcha validation page in a secure manner (not sending them with querystring, because password will be plain there). TempData and Session usage will not be followed in this project.
Thank you!
First of all, you can use Recaptcha for .NET (http://recaptchanet.codeplex.com) to use a robust and secure captcha solution for your MVC .NET project.
When you submit the form, create a cookie and encrypt its values with the user's session ID as its key and have its expiration time to be something like 5 minutes. Read the cookie from the captcha page. I am assuming that you don't want to store the values on the server and query string is obviously not feasible.
I would recommend using MVCRecaptcha (https://mvcrecaptcha.codeplex.com/). Please note - specifically MVCRecaptcha and not some of the other closely related implementations.
Download the package from Nuget, however, make SURE that you don't download the other Recaptcha packages that are available - you should specifically download MVC recaptcha.
Then follow the rest of the instructions on the MVC recaptcha codeplex site to get up and running.
Related
I will not post any of my code, because this is more just a question to know if it's possible.
I've been googling a lot, but didn't find any concrete solutions. I hope someone can help me here.
The facts:
I have a login form
I need to authenticate the credentials over a web-service
I need to send both username and password, to get back a token if logged in successfully.
The problems:
With a custom provider I'm always stuck with the fact that they only have direct access to the userename, like: loadUserByUsername. I need to access the password there as well, to be able to send this to my web-service.
I have only 1 web-service which sends only back a token if provided username and password are correct.
Question:
How can I access and send both username and password to my web-service?
Thanks!
Generally speaking one would authenticate using an API token to a web service.
That API token is usually issued via an auto-generation script when the user account is created (either by an admin or by a registration form). This token is then passed by the API call to the web-service in a header which then uses it to authenticate the user.
As far as Symfony goes, by far the easiest way of doing this is with Guard. A new component built by Ryan Weaver from KNP.
KNPUniversity has a great tutorial on it (for free).
Note that this is only one option of many, and the 'best' way is probably mainly opinion based and directly related to the use case in question. But it might help you get on the right track.
If the token you want to create should be a JSON Web Token (JWT), a very conventient bundle is LexikJWTAuthenticationBundle, which does almost all of the work automatically. If you just follow the documentation, you will have it quickly up and running. You can combine it with FOSUserBundle, with a custom User entity or whatever.
Users need to fill out an access request and once they are done and hit the submit, it emails the request to their supervisor.
Is it possible to email the entire form(with the user data and also to be filled fields by supervisor) in an email so that the supervisor can select accept and the change would be reflected in a SQL database from Outlook itself?
Emailing the form can be done. Writing an Outlook add-in can also be done. But you'll save yourself a lot of time if you just write an "approval" page in your web app and send a link to this page in the email to the supervisor. You can put any information you want in the email, of course.
ETA: But to actually suggest a solution: you could send an email that included a hyperlink, that included identifying information in the query string, and use that as a way of signalling to a web page or web service that the request should be approved. You'd have to work out something with security and authentication, of course, so that not just anybody could call that page and approve the request.
I have to implement facebook login and also want to get logged in user's information like birthday, firstname, Email address.
I have already done some other stuff like recent activities etc of facebook using javascript SDK of facebook.
i am developing application in ASP.Net (C#).
How can i get user information, Please provide me any idea.
Once the user's logged in and you asked for extended permissions (you can use Javascript to do that) you get an access token and then you can call the Facebook graph API. This is server side.
FB do not offer a C# SDK for their API so you will have to find one (or make you own)
see http://developers.facebook.com/docs/api
I have created a username and password to enter and search people in linkedin. Now, I am devloping a web application using asp.net. I need to open a popup page which is displaying the searched results in linked in as logged in.
When the popup page is displaying, I need to logged in automatically using the username and password.
So, here is my question,
How to logged in automatically when the button clicked in Asp.net application using linked in username and password?.
Thanks
The problem is twofold:
deciding which credentials to use
actually logging in
Logging in is fairly straightforward: post to LinkedIn's login URL in the manner that LinkedIn expects. Unfortunately, LinkedIn still does not have a public API, so this is going to require hackery. Go to a LinkedIn web page that allows login and analyze the page source. There will be a field names for username and password in the login form, and the login form will post to a specific URL. Duplicate the username and password with a web request to the URL of the form. You will receive a cookie as part of the response. Make sure you include that cookie in future requests to LinkedIn and you are then "logged in" for every request.
Of far more importance than the actual logging in, which is a simple programming challenge, is deciding which credentials to use. I'm guessing that you're building an application for others to use, rather than yourself. If so, you'll need to ask them to give you their LinkedIn credentials. Beware: this is something that most people simply will not do. It's a trust issue; if they give you their credentials, you now have access to their profile and can do nefarious things with it. You'll need a good disclaimer explaining how you would never do that, ever, and you'll need the people who read it to believe you. Not as easy as it sounds.
If, however, this is just for you, you're on easy street. Just use your own credentials.
I'm currently developing an ASP.NET website, and I'm using ASP.NET's built-in Login control with client-side cookie generation for state management.
Unfortunately, as I didn't figure out how to append custom information (generated by other controls on my application) to the Login control self-generated cookie, my application generates an additional cookie to store that additional info. Basically, I have two cookies: one managed by the Login control and another managed by me, programatically.
What I would like to know is if it's possible to merge my additional information into the infrastructure's Login control self-generated cookie. This would prevent some issues with the "sliding timeout" feature that could result on my "custom cookie" expiring with the user being logged in - I could solve this one with a custom HTTP Module to prevent it, but that seems to me as an "inelegant" solution.
Any brilliant mind could help me out with this?
Thanks in advance for your attention and support.
Yes, you can store data in the UserData property of the authentication ticket. Please see the section "Storing the Username of the Admin User Who Logged On As Another User" at https://web.archive.org/web/20210304120451/https://www.4guysfromrolla.com/articles/102208-1.aspx
However, you might find the User Profile system to be more useful. https://web.archive.org/web/20211020111657/https://www.4guysfromrolla.com/articles/101106-1.aspx