can I use cookie information in flex? Suppose a user logs in first time in login form (designed in flex) and when he logs in again I need to show users name in dropdown from cookies, is it possible in flex? Is there any way I can do please suggest me Thanks in Advance.
You can create a SharedObject to store session data on a users computer.
var so:SharedObject = SharedObject.getLocal("savedData");
If a shared object by the name you specified doesn't exist, one will be created.
Check out the Live Docs for more info:
http://help.adobe.com/en_US/AS3LCR/Flash_10.0/flash/net/SharedObject.html
You should use cookies for uses identification on the server (a session id) just like you would with any other web app. Then have a service on your back-end like getUserInfo() that returns the information for the currently logged in user. Call that method from Flex (via HTTPService, WebService, RemoteObject, etc) and then you will have the user information on the client.
See a number of SO threads on this issue:
Accessing browser cookies from Flex
How do i store cookies in flex?
Briefly, two options that don't involve going back to the server:
Use Javascript integration to access cookie data, as in this library.
Use SharedObjects ("Flash cookies") to persist local data.
Related
After analyzing a lot of examples online and the asp.net core + react authentication given template, I noticed that all of them do NOT use redux store. At first I tough that you should not use them but it could also be just an example application to show roughly how to execute it in a simple manner.
After it a tough came: how should you properly execute such manner?
If you store it in the store, means it gets the data of whatever user you are and update it only on login/logout. But if your session key expires, front-end (redux store) will not know that and trying to access a page you are not authorized will get an error message. To prevent that, it should log a user out as soon as the session ends. How such thing should get executed? Should I have like some sort of a timer to like every 5-10s execute an action to check if session key is still valid? or on every page component render/re-render check if the session key still exist?
What is the correct way?
It's depend about your authentication system, You can use eg. Auth0.
If I understand You correctly - there is everything about:
--- expiration of token
If information about expiry, you can get information about when it will expire:
return new Date().getTime() < expiresAt;
And also if the token will expire just redirect to login page with information or automatically refresh token.
Here are more implementation details (with interceptor pattern):
https://medium.com/#monkov/react-using-axios-interceptor-for-token-refreshing-1477a4d5fc26#:~:text=is%20refresh%20token?-,Refresh%20token%20can%20reload%20a%20couple%20of%20refresh(itself)%20and,is%20about%20half%20an%20hour.
I'm currently working with ASP.Net Core 2.1.2 and I can't find a solution for my problem.
Currently I'm building a controlpanel together with Angular 5.
The data for a user is stored in a MySQL database.
To have access to the controlpanel you have to login - and the server will load some data. Important is the admin-level (1-?) - some actions are only allowed for admins with atleast a level.
For the authentication I'm using JWTBearer, which gets sent by the client at every HTTP action as header. But in some methods I also want to check the admin-level.
Now where can I store data for the client, like his admin-level?
Is it safe to save it with a Claim? But then wouldn't it be possible for the client to modify it clientside and send a "custom" header?
I also tried to put the data in a dictionary and use the (HttpContext.)User (of type ClaimsPrinciple) as the key, but that won't work because User is always different at every Request.
Is there any safe way to store the data for a User?
You can safely store your admin-level information in a Claim, unless you're worried that someone can read it. It's not possible to modify a Claim in JWT, because its value is signed by key which only you should know and after the modification this token will be invalid. Read this article to get more information about JWT
I am currently in the process of sketching-out an application that allows real-time interactions with website visitors.
Therefore, I have two different "User-types":
Unregistered User: these are the visitors
Registered User: these have a (custom) ASP.NET MVC membership
Now, I am persisting "UserNames" and ConnectionIds in a DB so I can freely scale at some point in the future. I do this by accessing Context.Identiy.User.UserName from within the Hub and then query the DB for any existing "sessions".
Here is the problem:
I need two different types of "User"
For one, I want to dynamically generate a GUID - these are the visitors and will be removed from the database after a given amount of inactivity.
These are the admins, they have their proper identities attached to the Context object.
So, how would one go about accessing a "session" from SignalR? It is not really a Session, I just need to get a SessionId from a Cookie on each initial request to the MVC-Controller, that's all. All I need to be able to do is:
Have an auto-generated "SessionId" which I can use to persist visitors across requests
Have a more "extended" identity: I want to use UserId instead of UserName
Anyway, I hope this makes sense but chip in if anything is unclear.
Okay, I just realised that I can use "HttpContext.Current.Request.AnonymousId" and I am linking this up to a Session-database.
Here some relevant documentation: http://msdn.microsoft.com/en-us/library/system.web.httprequest.anonymousid.aspx
This solved my problem in this case. :-)
I have 2 applications, each in different domains. When a user comes to the first application, clicks a link, the user is sent to the second application.
My problem is as follows: I need to persist a sessionId from the first application to the second application. Simple enough but here's the catch. I can't use query string and I can't use cookies(since in different domains). I was thinking, is there a way to insert custom values into HTTP Headers or set some form values on an intermediate page which would then POST to the second application? So the process would be as follows:
User clicks a link on the first page, this takes the user to an "intermediate" page, this "intermediate" page sets a sessionId value in the form or http Header, then the "intermediate" page sends the user to the second application via a POST where the app will have the sessionId.
I can't use a Server.Transfer since the app is not on the same server. Help?
This is how Microfot tried to do it Does Issuing Passports Make Microsoft a Country?.
You could try and make a secure SOAP or XML request with a secure token referencing a session id you stored for the user in a shared database. You could then load the user's session based on that session id stored in the db if a match is found.
One way that you could do it is to use webservices. Before the user is to switch sites, you could give the user an unique authentication token that has been agreed upon prior to leaving.
Another thing you could do (this is not a great solution, but it works) is to use frames, and to send the child frame information through javascript (login information). I really don't like this method, because it presents so many problems that its best avoided.
What I mean:
Web services: Communicate with the other site to say "this user is currently logged in here," you can do this at login (depends how much you trust the other domain), or you can do it when the user requests to leave
Giving the user an authentication token: You can post it as a form element. Or if you had an agreement with both domains you could send it to a URL that could later be interpreted as a rediection service+authentication token confirmation portion. I.E.: domain.com/page/token+pageid-mixture
Use OpenID. It's designed for this purpose (common authentication to web sites on multiple domains). The protocol's been under development for years and has probably encountered and solved a lot of the problems you'd be likely to run into if you roll your own solution.
I am using ASP.net for developing an intranet website. I need to hold the userid across all postbacks for all the pages in the website. Is it advisable to hold those information in Session or somether way is available.
FormsAuthentication is also capable of holding a custom userid, and solves a lot of things for you like setting the cookie, login page redirection etc.
You can set the userid using the RedirectFromLoginPage method and then use the FormsAuthentication_OnAuthenticate event to find and set the Page.User property, to access all the other logic you need.
If using Forms Authentication, then the username will be available as:
Page.User.Identity.Username
If you need to hold another piece of information alongisde this, then use Session.
PS. I recommend using a class to wrap your session variables for strong-typedness and potential default values.
The most common ways of doing this are using either the ASP.NET Session Object or using cookies.
Either way will work well, but if you wish for their user information to persist even after the session has timed out (such as the closing of a browser window), then you would want to look into cookies. Session information will be disposed upon closing of a browser, or the activity timeout has been reached.