I am writing an application in C# which would run on a PC and allow a user to login to GCP and manage files there.
I looked at the sample codes on https://cloud.google.com/storage/docs/reference/libraries
The documents show how to use a service account for authentication, but I want to use user authentication.
In this way, if the user do not have permission to say delete data, the application can not do it. If I use a service account, which I don't want.
Is there any way that I use user authentication to log in to cloud storage services?
Is there any sample that I can use for this purpose?
Update 1
My main aim is to develop an application similar to gsutil but in C# and it should authenticate users similar to gsutils.
The same as gsutil, it would be used only by cloud admins who already have access to buckets via gsutils or cloud.google.com
Is the source code for gsutils published? How does it authenticate users?
What you might be wanted to use is this "User account credentials". This at the ends guides you to Firebase Authentication, which supports email and password authentication as well as federated sign in with identity providers such as Google, Facebook, Twitter, and GitHub.
You can sign in users to your Firebase app either by using FirebaseUI as a complete drop-in auth solution or by using the Firebase Authentication SDK to manually integrate one or several sign-in methods into your app. This will be up to your needs and how you want to build your app.
Related
I need help.
I need to create an app, which takes all events from different calendars from my company, and display them in computers in conferences rooms. This is created, works good. To authenticate I use Oauth 2.0 like google wants, but I tested it only on my computer. When the app was launched on the computer in the conference room, the app needed logging into google account, which surprised me, because I put my oauth 2.0 credentials into my code, so I thought that this would be enough.
How can I skip that part, to authenticate only from code level and not display Oauth popup message to user?
When you run your code locally you are authorizing it. If you are using the official Google api .net client library then it is storing your authorization credentials in the %appdata% folder on your machine. Once you move this to the computers in the conference rooms they have not been authorized and there for will require that you authorize them. So you should be able to just run it once on each machine and authorize it and it will be all set.
If you do however have a google workspace account, I would recommend you look into using a service account and configuring domain wide delegation this would stream line your process a bit.
The following example shows how to use a service account with domain wide deligation.
var credential = GoogleCredential.FromFile(PathToServiceAccountKeyFile)
.CreateWithUser("user#yourdomain.com") // delegate to user on workspace.
.CreateScoped(new[] {CalendarService.ScopeConstants.Calendar});
I am creating a web application which will make use of the single sign on organisation login feature on .net mvc project.
If the user is on the network I want to allow them to use the application without signing in as i wold be able to get their username with windows authentication.
If external i want to redirect them to the single sign on so they can be authenticated.
However my issue is that even if they are on the network, the application prompts them to sign in. How can i avoid this?
Based on the MICROSOFT DOCUMENTATION:-
Tenant administrators and developers often have requirements where an
application must be restricted to a certain set of users. There are
two ways to restrict an application to a certain set of users or
security groups:
Developers can use popular authorization patterns like Azure role-based access control (Azure RBAC).
Tenant administrators and developers can use built-in feature of Azure
AD.
To implement authentication in your application please refer this Microsoft Documentation:- Configure authentication in a sample web app by using Azure AD B2C.
I am looking to integrate Gmail API in our .Net project (Both Windows & Web) so that user can send email or read users inbox, their list of folders (i.e. labels) and their respective mail to import in to our system.
During my initial research through google api documentation; Below are couple of questions come across:
For OAuth 2.0; OAuth credential needs to be created for type of application in google api console. I wanted to create wrapper around Gmail API (i.e. MyGmailAPIClass) so that same class can be shared between my windows & web projects along with common OAuth mechanism.
a. Do I need to create separate OAuth credential for Windows & Web and hence the OAuth implementation will differ based on type of application?
b. Can we use the same OAuth Credential for different types of application like windows, web or mobile apps? If yes; how can we achieve that?
I came across Service Account Credential stuff; Can we use that for application to access users email for sending and retrieving? How can we achieve that?
For Access and Refresh token; if we don’t store in some file or database; user consent screen will be prompted every time when user come to our application next time? I am not able to figure out valid use case for storing in file or database. The reason why I asked this because when In .net console sample; I turned off that mechanism after first successful sign-in when I again run the console sample again it will not show consent screen for granting permission?
Please suggest how should i proceed !! It would be good if someone can give any direction and also reference some working example.
I am just starting out with a windows azure mobile services .net backend, and am running into so many headaches as a new programmer. I have gone into my azure mobile services account and downloaded the todoitems demo app (c# for .net backend). I then followed the tutorials regarding adding facebook authentication, but I am absolutely not pleased by this method, as it shuts down the app for a few seconds. As such, I set out determined to create a custom authentication login page which ties to my mobile backend.
I found this article and thought, "Great!" only to realize that I had no clue how to catch a user created account from a textbox and to pass it along to the public class RegistrationRequest. The example at the end of the link shows how to connect to a local machine - but I want it to connect to my actual database at the following location: https://mycustomapp.azure-mobile.net, return a token, and continueon.
What is frustrating is that I am able to obtain a facebook authentication token, as well as user information. BUT, I have no idea how to generate a windows azure mobile auth token so that the client may write/retrieve data from my azure table.
Essentially my question is this - using the above link, how in the world may I take a user's username and password from a textbox, run it through the RegistrationRequest, and not have to pop advil on this? Do I need to pass my facebook token? I assume not?
I am also not using a facebook SDK or anything like that - simply put, I am using the above site's code trying to get an auth token from my azure mobile services, despite having one from facebook already, to authenticate a user against my azure mobile services data table.
If you already have a FB token, the easiest way to login to your mobile service is by using the FB token, then you don't need to make a custom UI/etc.
This can be done by calling
var token = new JObject();
token.Add("access_token", "access_token_value");
await client.LoginAsync(MobileServiceAuthenticationProvider.Facebook, token);
see: http://azure.microsoft.com/en-us/documentation/articles/mobile-services-windows-dotnet-how-to-use-client-library/#authentication, Client Flow for more
if you want to login to your service with a Facebook account, you do not need to implement a custom authentication and to capture user name and password in your own textbox controls.
You should be able to use MobileServiceClient.LoginAsync() and pass as parameters the provider that you want to use. Check this article fro more information.
Ok, I have looked around and could not find a solution to this problem. I have an ASP.NET web application that is using Windows Authentication.
I have a public web services that I use for an iPad App I have developed. For security reasons all of my Web Services requires a header with login information.
Right now, I have a separate database that I authenticate users from. Its a built in authentication for when my application is installed using Forms Authentication.
What I would like to do is when the user on the iPad logs into the system, it passes the Login and Password to the Web Service in the hearder... which it does now.
But, how can I Authenticate that User and Password against the Active Directory to make sure the user has access?
Thannks,
Cory
But, how can I Authenticate that User and Password against the Active
Directory to make sure the user has access?
That's straightforward in c#: Validate a username and password against Active Directory?
More AD tasks in c# (including authentication)
Right now, I have a separate database that I authenticate users from.
Its a built in authentication for when my application is installed
using Forms Authentication.
Based on this statement, it sounds like you have a database of credentials which duplicates credentials in AD? If that's the case, not sure that's a good idea.
And/or it also sounds like credentials which match those in AD are being passed around (possibly in plain text?) This might be a business requirement, but I would recommend that all communication is done over SSL and that the AD accounts belong to a domain setup specifically for this purpose that is not trusted (or only partially trusted) by the rest of the network.