I wanted to ask if it's possible to create SRI for Google Recaptcha.
In a project, we are verifying user using filter (inheritates from IActionFilter, IMvcFilter) which calls https://www.google.com/recaptcha/api/siteverify?secret=...
Searched web for info, I found that Google doesn't share info of which version of the API the user is using, so because of that SRI id disabled for recaptcha.
But I am not 100% sure if it's true.
Related
I've been tasked with seeing if we can give users of our internal web application help links to documentation pages on our company's Confluence Wiki. But here's the problem, the requirement is that users should not have to log into Confluence because otherwise they won't bother using the help links (which is understandable). Is there a way to forward a user to Confluence and log them in with their current windows AD credentials? Every example of their api involves you supplying a username and password. We can't have that. If they are logged into our web app with their network cred, they should be able to see a page on our Confluence Wiki w/o logging in again.
Is this possible/practical or should we just use our own help docs system?
Note - when I log into our Confluence Wiki I use my Win AD credentials, so the two systems are connected. I just have no clue how to send a user and their credentials to their system from my asp.net webpage.
Thanks.
You want to configure your Confluence server to accept NTLM Authentication. I can't find the specific directions for Confluence, but given it shares backend code with Team City, you might find these directions helpful: https://confluence.jetbrains.com/display/TCD9/NTLM+HTTP+Authentication
At the very least hopefully this helps you find what to Google next.
By the way, You don't want to setup your website to forward credentials. It is possible, but your scenario is a simple website redirect. Credential forwarding would be if your are trying to talk to the server as an application server (and even then generally to be avoided).
I'd like to implement OAuth functionality to allow users of an application i'm building to login via Facebook, Twitter, and possibly Google plus. Every post I've found thus far seems to suggest starting from scratch, creating an MVC 4 'Internet Application' project.
What are the relevant references, code snippets, plugins etc which are required to implement this functionality?
I'm currently using Forms authorization.
Once you have set up Forms Authentication MVC 4 has built in support for users to authenticate themselves with OpenID and OAuth using an open source project called DotNetOpenAuth, it is a very similar system to forms authentication using cookies and redirects.
These services just need to be configured and this takes place during application start-up. Inside the Application_Start() event there is a call AuthConfig.RegisterAuth(), which contains just commented out code to the third party services.
Before you can use these services you need to register your application with most of them. When you register with a third party you will usually be assigned an appId and an appSecret. You need to insert these values into the code where you register with them as a client.
Google is the one provider commented out who doesn’t require any registration so you can just uncomment the line. OAuthWebSecurity.RegisterGoogleClient(); in the AuthConfig.cs file.
When you rebuild the application and go to the login page you will see on the right there is now a Google button you can press to login through the Google service. This button will re-direct the user to Google where they can sign in with their Google account. Once they have signed in Google will ask the user if they happy for your application to have their e-mail address. The user must answer yes, if they decline this they won’t get logged into your application.
Google will then re-direct back to your application sending some cryptographically sealed and signed parameters so OpenAuth can verify that Google did actually authenticate the user. Once the user is successfully authenticated and logged in, they can create an account by clicking the register button they will be presented with.
There is a link in the comments at the top of the AuthConfig.cs file, which goes to a page telling you how to register with the other third party services.
http://go.microsoft.com/fwlink/?LinkID=252166
Regarding your request to do this "without creating an internet application"....
"Internet application" is a type of project that tells Visual Studio what you're using it for. It's not required by any .NET standard, but if you're using Visual Studio then it's a step you need to take. Otherwise VS doesn't know if it should help you build a WinForms app, a Console app, WPF, etc...
The other project type you could use would be a WebSite, however if you intend on leveraging .NET than an Internet Application is a the better choice--it assumes your building a website that will be running .NET code.
Others have mentioned using DotNetOpenAuth to get your site running; I fully support that, but also wanted to mention the Social Bootstrap API project. It achieves a similar result, but does so using ServiceStack.NET. There's a very good chance you won't want to use it, but it's always good to evaluate alternative options--they can help show you the pros/cons of each other.
I am trying to get data from Google Analytics using their api.
I have found this great post about doing it with C#
The thing is when I use its example I can get data from Analytics only if I am already logged on to Google with my business user/pass, otherwise it will direct me to the login page.
What I want is to prevent my marketing personal from knowing the user/pass info, and I don't want them to view all business related data in Analytics.
I want to let them get the data from my admin site without exposing the business Google account even if they are currently logged on with their private gmail or whatever google service their using at the moment.
Hope I was clear enough.
Why don't you just add those users to Google Analytics? They can be given a restricted access.
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1699665
http://support.google.com/analytics/bin/answer.py?hl=en&answer=1009702
I have an MVC 3.0 website, which redirects visitors to the home page based on their UserAgent.
At the moment I have a catch-all redirection for all non-specific browsers which forwards across to a different domain - The trouble is this has made my Google Analytics verification redundant and it now tells me the code is not installed because the page Google gets on visiting my site is incorrect.
Can anyone help me detect the Google Agent so I can return a simple page which confirms the presence of Google Analytics?
Thanks.
Just include the google analytics verification on every page.
I am designing a web site to use OpenId and Google is one of the main providers I have selected. What I would like to do is use Google's Calendar & Contacts (possibly docs) as a backing store for each individual user. In other words, if the user on my site wants to have access to a Contacts List, Calendar, etc they must register their Google account. Then they can add/edit/delete to their heart's content as it is their info. (And yes, I have a specific idea in mind for where I am going, just need to figure out how to tie OpenID to GData.)
Has anyone written a tie in between OpenID/OAuth and using the Google APIs?
After a lot of digging in to this problem I have 2 ways of solving this.
Use OpenID and on the user's profile, have them enter their google credentials (works but not a great solution)
Use OAuth. This requires registering your domain with google and getting a key to use with OAuth. Once you set that up it is easy to access a end user's data stores on google.
Look at google's OAuth 1.0 for Web Applications.
Also look at OAuth-OpenID: You’re Barking Up the Wrong Tree if you Think They’re the Same Thing for a good overview of OpenID vs OAuth.
Have you looked at DotNetOpenAuth? It will allow you to connect to any open authentication provider that supports OpenID and Google is one of the providers listed on the OpenID page.
Has anyone written a tie in between
OpenID/OAuth and using the Google
APIs?
I'm not sure what you mean by that... if you're asking if there is a library that allows you to user your google account as an OpenID, then yes: DotNetOpenAuth. There are some catches tho, see Andrew Arnott's answer to this question.