I would like to use Firebase Realtime Database for my university project, to store data from my Unity game. However, due to ethics concerns, I cannot ask users for an email/password so they can register and then sign up. So my idea was to generate a random email/password combo for the user, but I am not sure if the emails used in the functions CreateUserWithEmailAndPasswordAsync and SignInWithEmailAndPasswordAsync have to be real emails or if I can just make them up?
Is the email used in the CreateUserWithEmailAndPasswordAsync() and
SignInWithEmailAndPasswordAsync() methods have to be a real email?
The answer is no, you can use a fake email. However note that the user will not be able to use the forget password function.
Related
I've read some related questions, but they are not 100% related, as the requirements vary a bit.
I have a .NET5 web application, some kind of custom CRM for the company I work in.
We have multiple users (employees, my colleagues), which can create quotations, etc.
Also, they can send these quotations to customers. Every user has its email account name attached to it.
The current way this application works is that I've created and enabled Gmail API for each email account, and authorized it, by myself, manually.
The problem is that every time we need to add a new user (new employee for instance) - I need to enable Gmail API of his email account (company's one, but it doesn't matter), add the credential file and token manually to the server, authenticate it, and only then - the application can use the email.
I know that there are many sites (like Monday, etc) - that have automations and integrations with Gmail, and any time I want some integration - I get notified with the OAuth screen, and approve it. I want the same thing in my application.
I understand that I have to create some kind on "Gmail global credential", which will be "added" with account tokens or something like that (every app user will oauth and allow access)?
Just can't find the correct documentation for it.
My backend is written in Blazor Server, .NET5.
I would appreciate if one could explain the main stages of this procedure.
Thanks!
I have an app where users are not self-registered, i.e. another user adds them to the system, and they are emailed with their login details. What's the best way to handle this in terms of creating the user and handling the password?
It's the sort of thing where a user is invited in to the system by someone else, answers a questionnaire, then doesn't need to log in again until some point in the future where they might be invited again by someone different, so ideally they will need to be reminded of their login details in the email rather than having to reset their password every time. Obviously in an ideal world people would just remember their passwords but the situation it's used in and the infrequency of access means that people simply don't remember, and the process needs to be as hassle-free as possible to ensure user participation.
The old version of the site used Webforms and ASP.Net Membership with encrypted passwords, which could be retrieved and sent to the user each time they are invited. What is the best practise for Identity, where the user does not supply their own password? Are there other options for logging in users such as:
A unique-link provided in the email which authenticates the user?
A separately encrypted 'passcode' field stored in the AspNetUsers
table which can be decrypted and sent each email?
It's worth pointing out that users with admin-level access to the site would still have the usual secure Identity user/pass setup, my problem is just with the lower level users.
I would forget completely about passwords in this case. ASP.NET Identity provides you with one-time codes that you can use for this.
This tutorial shows you in the section "Set up email confirmation" how to send one-time codes through mail (these are generated by ASP.NET Identity itself):
string html = "Please confirm your account by clicking this link: link<br/>";
You can easily modify that as well as the behavior when the user clicks that link to match what you want to do here.
I have a website where users can create an account, the password is hashed with SHA256 and all the info stored in a database.
I have a game made with unity3d, where the player have to login.
I used the WWW class to reach and get information from a login page of my website (of course no direct acces to the database). But I have to pass the username and password as POST values...
Now I have two question :
I've read that I should use the php password library instead of SHA256, is that really critical?
How can I login in the game without compromising security?
Check out this link here:
If you're a web developer, you've probably had to make a user account
system. The most important aspect of a user account system is how user
passwords are protected. User account databases are hacked frequently,
so you absolutely must do something to protect your users' passwords
if your website is ever breached. The best way to protect passwords is
to employ salted password hashing. This page will explain why it's
done the way it is.
It will give you the basics of how to securely send, store, and use a password in php and even provides tested source code for you to use. Please do not try and come up with your own homebrew solution, use what this resource and make sure you understand it if you want to make your login secure.
I have created a dummy mail to create Empty Label in Google APPs mail.
Now I want to remove this dummy mail after label is created?
How can I do that?
Take the following with a grain of salt. This is far outside my own experience, but I have to take a crack at that bounty!
A cursory look at the available Google APIs tells me that you're out of luck for doing this programmatically with their APIs. But I may be looking at the wrong set of APIs.
What you can do is delete mail through IMAP. How IMAP functions apply to Gmail is given here
How to setup IMAP for google apps/gmail here
Unfortunately, there doesn't appear to be a way to set that setting for an entire domain. If that's a problem, then you may have to use some kind of web automation product. And if you're really crazy, you could roll your own simple automaton that does only the required clicking (fill in username and password, then two clicks to enable imap).
So if you can manage to set up IMAP on the accounts that have the dummy mail, and have a way to get the username and password of each afflicted account, then you can use an IMAP library for .NET to delete them. See:
Accessing Imap in C#
using c# .net librarires to check for IMAP messages from gmail servers
Seems like it ought to be simpler, right? Sad face.
Here's a little bit about my situation:
I want to be able to retrieve a list of emails for the friends of a given user.
Here is how I would like the process to go:
A div box pops up with a login (used to log in to their facebook account, not my website's account system - that is separate)
Then once the user has entered their facebook credentials, they will have a button appear.
Send email to all friends.
If they click on this button I would like an email sent out to all of that user's friends.
Questions:
I only want to pull out emails from a user's friends, so...
1) Is it actually a facebook app that I'm creating?
Many of the tutorials talk about facebook apps and how you have to go to facebook and create an app from there and set all of these settings for page redirects and such. I didn't think I wanted it to be an app, all I want is the information.
2) If I do need it to be an app, how is it supposed to interact with my website? Some talk about iframes, or other methods... How am I supposed to know which to use and how I can integrate it into my site?
You have to create app through facebook, but it's only for autorization information.
api key
api secret
And you have to few options for working with facebook API from C#
Facebook Developer Toolkit
.NET Facebook API Client
Facebook.NET
Bemmu is correct = you can't use facebook to get email addresses.
You can send a facebook messages (which usually sends an email to the recipient as well depending on the users preferences).
You'll need to build a facebook app, and get users to allow it to access their profile information (default request). Then you'll be able to sendNotification to receipientID's.
Start with http://wiki.developers.facebook.com/index.php/Notifications.send and look at other references to the Stream API.
Do read the guidelines and agreements - there's rules on how long you can hold onto stream data and what you can use it for.
Let me add to that the PHP API:
http://wiki.developers.facebook.com/index.php/PHP
http://developers.facebook.com/get_started.php
There are no API methods to get anyone's e-mail addresses on Facebook, and neither are there on OpenSocial. This is so that the e-mail addresses do not end up on spam lists. There is a way to send e-mail without getting to know the actual addresses though. If you get the user to accept extended privileges for your app, then you can send e-mail at some reasonable intervals to that specific user.