Super simple question from an ASP newb: I've got an internal-only ASP.NET website I'm working on that uses Windows integrated auth across the board. There are essentially three roles I want to associate with the site: user, manager, and admin. The site is open to the entire org, so anyone who is authenticated is a user, unless they are a manager or an admin.
The list of admins and managers needs to be in a database, not in the web.config. The role information for this site is not in any way associated with what can be learned from a user's AD profile.
I've been picking up ASP.NET pretty quickly and I'm definitely capable of researching the correct solution, but I was hoping someone could start me down the right road here. What's the best way to get this done? I imagine it involves using a role provider on top of the integrated auth, but before I started researching a million options and possibly picked the wrong one, I thought I'd ask here.
Thanks!
I had to do this also and I used the below blog entry from Scott Guthrie to get me going....
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx
Worked great for me.
I didn't create a new provider or anything. Scott's blog post lays it out nicely. Although it is quite a hack but got me going quickly and did the trick.
With this trick you can use windows auth with DB based roles.
You could use MembershipProvider using ActiveDirectory Info here
Related
We are currently trying to use Concrete5 to create an internal Intranet for the company I work for (this is a web-based server). What we would like to do is allow our employees to sign in using their Gmail and be able to see their personal calendars amongst other things on sign in.
I would like the employees to just sign in once, get automatically asked for granting permissions during the login, and then be taken to the home page.
I'm having trouble figure out how to modify Concrete5's built-in Google login to request these scopes. I am pretty bare-bones in my PHP knowledge and no amount of Google searching has really answered my question specifically for modifying the authentication for Concrete5.
So to sum up my question:
How would someone go about modifying Concrete5's Google authentication to request additional permissions? We are using 5.8.3 and are always updating as necessary, so modifying the core is not really an option to prevent overwrites in the future.
The best way to do that would be to copy the core Google login system to create a new one. You could call it Google Custom or anything you want. You could include it in the folder application/authentication or in a package, with the appropriate modifications.
But to be honest, if you're bare-bones in your PHP knowledge, it all might be a bit too difficult to achieve
I am building a web consisting of MediaWiki and phpBB as its subcomponents. Also WordPress may be added in future. My current problem is to choose a single unified authentication method (not to force users to have a special MediaWiki account, a special phpBB account, etc.).
Which approach would you recommend me? The basic limitation is that it is a simple LAMP server (no LDAP database). Possibilities I know about:
Use a decentralized protocol such as OpenID, OAuth 2.0, etc. I would prefer this approach. However, OpenID is not supported by Google any more so OAuth 2.0 would be probably more appropriate.
Use DB of users from phpBB and install some plugin to other subcomponents (MediaWiki extension for phpBB auth.)
Use DB of users from MediaWiki and install some plugin to phpBB.
Use some specialized web application for user credentials management and install plugins both to MediaWiki and phpBB.
I think the main point you already understand: You need one of your new platforms to be the central user store. The problem you know have to find out:
What platform has the plugins to interact with each other? It's possible, that you find plugins, that only works "in one direction", and for mediawiki itself you will find a log of outdated extensions, that maybe won't work anymore with the latest mediawiki versions and updates.
The other point is, that you should think about WordPress now, too. After you selected one central user store you mostly can't change it with a lot of work, so I would check for an integration of WordPress now, too.
Looking at that and a short search i wouldn't prefer MediaWiki to be the central user storage, and i'm not sure, if phpBB is the best solution, too :/
I think one of the best would be to use LDAP, extensions and plugins seems to be supported and working for the latest versions of each software. You yould have a central user store, which could be easily integrated in other applications, too. What is the reason you can't use it, an LAMP stack could handle this, too?
The second solution i would consider to choose is to use Google's user store and access it vi OAuth 2.0. MediaWiki, phpBB and WordPress supports this with plugins and/or extensions.
At the end of the day a login is a login is a login. All the custom fields specific to individual applications can be properly bridged with plug-ins. Make the app that will require the most babysitting your main database and thus login system. In many cases it's the forum, but that really varies by site.
I would caution that many new forum admins eventually want to upgrade from phpBB to something that's more powerful and modern. I was one of those admins. Yes, phpBB is as good as an open-source forum gets, but it just doesn't compete with the commercial forum apps. So keep that in mind if you make phpBB your main database.
I have two instances of Drupal on same server instance 1 and instance 2 with different databases. I want to do following functionality so I will go ahead for my work.
Unique login for both instances. When I login to instance 1 then if I open url of instance 2 on same browser then it should not ask for me login.
While any add/update operation perform on instance 1 or instance 2 then user table should be updated in both databases.
Please let me know so I will go ahead.
Thanks in advance.
If there you I would utilize Drupal`s openid (oAuth) technologies. That could be done with some minor coding or even a couple of modules.
That would allow you to create linked accounts but different profiles for each site. You would have a setup like it is here at stackexchange network and some additional functionality.
EDIT: There is a module called OpenID URL.It will give your users ability to use their profile pages as OpenID URLs. You could do it with a just a tad of coding.
Then you could simply copy "Loin with OpenID" URL form your other site and name it "Create joined account..." or something like that.
You could use oAuth technology if you want more advanced connections.
There is also a possibility to create a multisite website.
I have not tried this module yet, but it sounds promising, to solving your first part of the problem: project bakery.
Bakery provides a "single sign on" feature for Drupal based sites that
are on the same second-level domain (i.e. example.com,
subsite.example.com, subsite2.example.com). It could also provide
support for any other website that implements the same web cookie,
xmlrpc, and POST methods.
For the second part I'm very interested in a solution. The only thing I can come up with at the moment, is some kind of RSS feeds. I know you can create nodes based on that.
Need to post the registration info to eloqua too.
I am using Drupal 6.14
I didn't ask the original question, but I might be able to shed a little more light. I am a consultant, and I work at Eloqua.
Eloqua is a marketing automation database. Having the registrations flow from Drupal into Eloqua would allow things like moving that info over into a CRM system, or sending a follow up email with the registration details.
Our clients have integrated with other CMS systems.
Now, in terms of the registrations, there are a couple of ways Eloqua could receive that data. Perhaps the simplest way would be through some sort of form repost, IF that is allowed in Drupal. So, someone would register, that data would enter Drupal, and then be reposted into Eloqua. It looks like people (including the initial poster) have been able to make this work succesfully on regular forms The other way would be to utilize Eloqua's API. This would require someone to build out a module that would facilitate that.
I'm working on a site with a Facebook Connect integration on blog posts. I want a Facebook .NET SDK that will allow me to:
Authenticate that a user is logged into FB. The actual login will be done via the typical FBML login button and simple JS with the XD Receiver.
Be able to push data from my WebForm to the user's FB profile, such as a status update.
I do not need to:
Create an actual FB application that goes on your profile, like "Cheer for the Red Sox" app or whatever. I do completely understand that I need to create an app using the Developer application but I'm not indenting to create a real full app.
Do any special stuff other than know the user's basics and push data to the profile.
Now are there any good starting points or SDKs I should look at. I've tried Facebook.NET and also peeked into FBConnectAuth. It seems like the former is too much and the latter is too little of what I need. However, that was a quick glance so are there any people with good experiences that did simple things?
Help is much appreciated!
Have you tried this example?
Post status to Facebook profile without Facebook modal window using ASP.NET
If you have any feature requests for FBConnectAuth, please let me know.
Adam
For me, Raya's integration of Facebook Connect is the best example out there. The author also has a good blog post where he describes how he integrated it with his existing web application..