I have 2 different websites. One is the Wordpress site and the other a oldish asp.net site.
I want to log in on the wordpress site OR the ASP.NET site and be logged in on both sites. Also, I want to have a link to the ASP.NET site from the wordpress site.
I.E. I'll log in on the Wordpress site using ASP.Net user account. (Only admin accounts should see these buttons) Once logged in, I'd click on the Manage Users link that will take me to another page (Asp.net, this could be the same domain or another location), And here I'll be able to make CRUD changes to the Users.
My php knowledge is very limited >.< ...
I've looked at these Wordpress plugins but both seem outdated and unable to run. I am also un-sure whether they would do what I want.
https://wordpress.org/plugins/external-db-auth-reloaded/
https://wordpress.org/plugins/external-database-access-using-wp-user/
Not sure, if this is helpful.. but you can access SQL Server Database with PHP.
Loading the Driver
You can download the SQL Server Driver for PHP at the Microsoft Download Center. Included in the download are two .dll files: php_sqlsrv.dll and php_sqlsrv_ts.dll.
Configuring the Driver
The SQL Server Driver for PHP has three configuration options:
LogSubsystems:
Use this option to turn the logging of subsystems on or off. The default setting is SQLSRV_LOG_SYSTEM_OFF (logging is turned off by default).
LogSeverity:
Use this option to specify what to log after logging has been turned on. The default setting is SQLSRV_LOG_SEVERITY_ERROR (only errors are logged by default after logging has been turned on).
WarningsReturnAsErrors:
By default, the SQL Server Driver for PHP treats warnings generated by sqlsrv functions as errors. Use the WarningsReturnAsErrors option to change this behavior. The default setting for this option is true.
Creating a Connection
The sqlsrv_connect function is used to establish a connection to the server.
$serverName = "(local)";
$connectionOptions = array("Database"=>"DBNAME");
/* Connect using Windows Authentication. */
$conn = sqlsrv_connect( $serverName, $connectionOptions);
if( $conn === false )
{ die( FormatErrors( sqlsrv_errors() ) ); }
By default, the sqlsrv_connect function uses Windows Authentication to establish a connection.
The sqlsrv_connect function accepts two parameters: $serverName and $connectionOptions (optional).
$serverName – This required parameter is used to specify the name of the server to which you want to connect. In the code above, a connection is established to the local server. This parameter can also be use to specify a SQL Server instance or a port number.
For example:
$serverName = "myServer\instanceName";
-or-
$serverName = "myServer, 1521";
$connectionOptions - This optional parameter is an array of key-value pairs that set options on the connection. In the code above, the database is set to DBNAME for the connection. Other options include ConnectionPooling, Encrypt, UID, and PWD.
Note: The UID and PWD options must be set in the $connectionOptions parameter to log into the server with SQL Server Authentication.
Go through below link for more details:
Accessing SQL Server Databases with PHP
Related
I am running Google Translate API in C#.
Running locally on my computer the next code works, but online on a server it throws the following error:
using Google.Cloud.Translation.V2;
TranslationClient client = TranslationClient.Create();
var response = client.TranslateText(sentence, targetLanguage, sourceLanguage: sourceLanguage);
"The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information."
Locally this runs just by installing Cloud SDK Installer which does all the settings, there is no need for authentication in code.
On the server, should I use instead OAuth 2.0 or Service account keys ?
Can someone assist me on how to solve this?
EDIT: Can someone confirm to me if it is necessary to have access to the local server to run commands in command line like here https://cloud.google.com/storage/docs/authentication ? This would be pretty ridiculous, instead of just writing code. For example Youtube API does not require local access.
Follow directions to get json file:
https://cloud.google.com/translate/docs/reference/libraries
Then run this code first:
System.Environment.SetEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS", "c:\mypath\myfile.json");
To generate a private key in JSON or PKCS12 format:
Open the list of credentials in the Google Cloud Platform Console.
OPEN THE LIST OF CREDENTIALS
Click Create credentials.
Select Service account key. A Create service account key window
opens.
Click the drop-down box below Service account, then click New service account.
Enter a name for the service account in Name.
Use the default Service account ID or generate a different one.
Select the Key type: JSON or P12.
Click Create. A Service account created
window is displayed and the private key for the Key type you
selected is downloaded automatically. If you selected a P12 key, the
private key's password ("notasecret") is displayed.
Click Close.
You can find more details here
https://cloud.google.com/storage/docs/authentication
Its all in the errormessage. You have two options
Run the Google Compute Engine on the machine you have your program running on and input your credentials there.
Use a service account and set the "GOOGLE_APPLICATION_CREDENTIALS" environment variable to reference your credentials file (which is a .json file that you can download from the google developer console.)
PS: Do not store your credentials file anywhere on the server where it may be accessed by someone else!
You must download API key from
https://console.developers.google.com/iam-admin/serviceaccounts
After that download .P12 file file to use it in your code
var certificate = new X509Certificate2(#"key3.p12", "notasecret", X509KeyStorageFlags.Exportable);
notasecret is default password
The easiest answer to my question , to avoid local settings on the server, is the third option of using the Translation API described below: using API keys.
This means just a simple POST to an endpoint that has the API key in the link.
https://cloud.google.com/docs/authentication/#getting_credentials_for_server-centric_flow
https://cloud.google.com/docs/authentication/api-keys
I am on hols for a week. Wont be able to answer during this time.
Expected Result
When using IIS with website user accounts then a user should be able to login with no issues.
Actual Result
After publishing to local IIS, DefaultConnection security string to MSSQLMS shows 'DOMAIN/USER$' as sql user not found when in fact var signinManager = Context.GetOwinContext().GetUserManager(); from Login.aspx.cs shows the user and password hash for all website users.
Recreating this bug:
I created a VS2013 aspx project (with MVC and webservices) and Individual Security Accounts, build and run project in debug. Add a user to create the localDB database and connection string. Change connection string to use local MSSQL server. Build and run project no probs. Create a user (localhost). Publish to IIS. Data is returned fine from the same MSSQL server (ApplicationData database). When logging in then receive error:
An exception of type 'System.Data.SqlClient.SqlException' occurred in mscorlib.dll but was not handled in user code. Additional information: Login failed for user 'DOMAIN\workstation$'.
MSSQLMS logs show the sql user not found. MSSQL profiler does not show the transaction.
The strange thing is that in Login.aspx.cs 'var signinManager = Context.GetOwinContext().GetUserManager();' shows all the users' details. The fail is on execution of 'var result = signinManager.PasswordSignIn(Email.Text, Password.Text, RememberMe.Checked, shouldLockout: false);'.
I have added the user to MSSQL server Security, database and at the Table level.
IIS uses the AppPool identity to communicate with other (network) resources. I'm not completly sure what you're trying to accomplish here but if you just want to host your identity db in SQL Server instead of using LocalDb, just give the AppPool identity of your IIS website the correct security clearances on the SQL server.
If you would like to do some kind of impersonation of the logged in user, you at first should not use 'Invidual Accounts' and secondly you have to setup impersonation in IIS. This can be done in the properties of the AppPool.
I have a weird problem with external google authentication. Basically I'm using almost the same code which is generated by default MVC4 internet application.
Everything works fine on my local machine. I can login with google account.
But when I change the connectrion string to external database on the web, this code:
OAuthWebSecurity.Login(result.Provider, result.ProviderUserId, createPersistentCookie: false)
returns FALSE so it's not logging in, and I don't know any reason why.
The same happens when I publish whole website on the web (with the same extenral connection string which seems to generate the problem on my local machine).
The ONLY difference between working and not working version is different connection string in web.config.
Did anyone suffer the same problem?
EDIT
I didn't mention. The other connection string works correctly. It gets all the data from database, but somehow google authentication silently fails. It just does not log in. Database schema and the data is identical to my local database (I have even generated sql script with data and applied in on external database)
Also the user which I want to log in is in this external database.
So what is happening:
OAuthWebSecurity.Login returns false so I automatically want to register new user, but then the user is found already in database and I'm getting something like "the user already exists in database".
Very weird.
Did you create the user in external DB with CreateOrUpdateAccount method? Probably you do not have associated any user with the Google credentials which you are using...
The login process works in following steps:
Hey Google, tell me who is logged in.
Google tells you some UserId X
OAuthWebSecurity asks your membership provider for user with GoogleUserId X
If there exists such a user, it logs him in and if not, login fails...
let suppose i have two domains
1. abc.com
2. xyz.com
now the thing i want to do that i have a index page on both sites and there is a image on both index page , but when i click next in abc.com and image changes on abc.com at the same time i made a session variable in sql server . Now leave abc.com and come to xyz.com
the index page of xyz.com automatically gets refresh by ajax function after 2 second , now when page get refresh it will make a request to server and pick the next image name from session which we stored using abc.com and by getting the we will show the latest image on xyz.com .... Note . both sites are using the same server
can i do this ? . If yes then how ?
You can share sessions between sites using SQL server as the session manager, I did it following these instructions, works well.
these steps are taken from: Share ASP.net session between domains
ASP.NET APPLICATION : CSASPNETShareSessionBetweenSubDomains Project
Overview
Summary:
Session can be set to different modes (InProc, SqlServer, and
StateServer). When using SqlServer/SateServer mode, Session will store
in a specific SQL Server/Sate Server. If two ASP.NET Web Applications
specify the same SQL Server as Session Server, all Sessions store in
the same database. All in all, if using SQL Server Session, it is
possible to share Session between different ASP.NET Applications.
Since ASP.NET stores Session Id to cookie to specify current Session,
so in order to share Session, it is necessary to share Session Id in
the cookie.
The CSASPNETShareSessionBetweenSubDomains sample demonstrates how to
configure a SessionState Server and then create a SharedSessionModule
module to achieve sharing Session between sub domain ASP.NET Web
Applications.
Two ASP.NET Web Applications need to run in the same Root Domain (can
use different ports). Steps:
Configure SQL Server to Store ASP.NET Session State.
Run "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe
-S localhost\sqlexpress -E -ssadd" to add Session State support to Sql Server Express 1.
If you haven't added Session State to SQL Server, when you configure
a web site to use SQL Server Mode Session State,
System.Data.SqlClient.SqlException will be thrown saying "Invalid
object name 'tempdb.dbo.ASPStateTempSessions'."
Configure ASP.NET Web Applications to Use SQL Server to Store Session and Use specific decryptionKey and validationKey.
Add this settings to web.config file to use SQL Server Session
State:
Add this settings to web.config to use specific decryptionKey and
validationKey:
If you host the applications in IIS, please run the Application Pool
under an account who can log into the database. Otherwise
System.Data.SqlClient.SqlException will be thrown saying "Cannot
open database 'ASPState' requested by the login. The login failed."
Write SharedSessionModule Module to Achieve The Logic of Sharing Session
a. Implement Init() method to set Application Id read from
web.config.
b. Implement PostRequestHandlerExecute Event to store Session Id to
cookie with
the same domain and root path.
Configure ASP.NET Web Applications to Use SharedSessionModule Module.
Add this config to web.config to use SharedSessionModule Module:
If you run the applications in your own domains except localhost,
please don't forget to change the value of RootDomain after
publishing.
Run and Test
a. Add a new Web Page. b. Add two Buttons (used to Refresh the page and Set Session) and one Label for displaying
Session value. c. On Page_PreRender() method, read Session and display it in Label. On Button Click
Event, Set Value to Session. d. Create a new Web Site with the same config as Web Site 1, but set different value
to Session e. Now open two sites in two tabs. Now if you set Session Value in site1,
you can retrieve the same value in site2. So they use the same Session.
1 Remove Session State from Sql Server. Run
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regsql.exe -S
localhost\sqlexpress -E -ssremove" to remove Session State support
from Sql Server.
First off, I know how to and has Integrated Windows Authentication in IIS7. This works great for seeing the Active Directory user logged on the computer.
But, the need is to get the username of a Novell authenticated user. I don't want the password or anything more than the username.
Other restrictions:
Can't install anything on the users computers
Can install things on the web server
Can setup trust between web server and Novell server
Its gonna be on a public website with anonymous access, I can tweek to have a section that requires authentication and thus getting the user from there.
The website is in C# .Net 2.0
If the method can provide also the password, I can use it to fully validate the user with Novell. That part (talking to Novell Server LDAP) has been already done.
Must work with IE6 and IE7
(Update)
On the Novell website the only info about single-sign on there is shows how to log someone on Novell and in the conclusion tells this:
A way (there are other ways) to save
our credentials inside global
variables so the user does not have to
authenticate for each and every
form(single sign-on).
(Update)
Also from Novell, they say to have a SSO solution. But, the content dates from 2000, and another one requires to install a plugin on the Novell Server and paying for it 49$ per user. So its not a valid solution.
You say that you are unable to install anything on the users' computers, but you may find that there is already an ActiveX control you can use which may have been involved as part of the Novell client on the PC.
I have done this in the past, using the ActiveX control to identify the logged on user, pass that to the webserver, and then load the full user record using LDAP:
I have used one referred to as NWDir1 in the past, using the following syntax (with ColdFusion as the server-side language, but I'm sure you could translate):
<cfoutput>
<object classid="CLSID:4F021AE3-9E98-11D0-A808-00C04FDCD94A"id="NWDir1" width=32 height=32></object>
<script language="VBScript">
Dim vbuser
Sub Window_OnLoad()
On Error Resume next
vbuser = NWDir1.LoginName
vbuser = StrReverse(vbuser)
initInd = InStr(vbuser, Chr(92))
if initInd <> 0 Then
vbuser = Left(vbuser, initInd-1)
vbuser = StrReverse(vbuser)
End if
// REDIRECTION
document.location.href = "index.cfm?userid=" + vbuser
Exit sub
End Sub
</script>
<cfabort>
</cfoutput>
This uses vbscript to control the activex client, which provides the novell logged in user. This value (vbuser) is then passed back to index.cfm where it can be processed.
This technique is obviously susceptible to url hacking, but I'm not aware of that happening in the 4+ years we used this technique.
I'm sure I found this on the Novell site originally - try a search for NWDir1 or the classid on that site.
I hope this helps