I dont do aspx at all so trying to work out this simple task.
I see the following code in some cs files which guess gets the current user and i assume this is a standard method in asp but might be wrong:
CS:
User user = (User)Context.Items["CurrentUser"];
I have tried things like this from other posts on here but maybe this system is different or the setup is different? again i dont know.
var currentUser = Membership.GetUser(User.Identity.Name);
string username = currentUser.UserName; //** get UserName
Guid userID = currentUser.ProviderUserKey; //** get user ID
Does anyone know how i can get the Name and User ID of the current user based on what is written above?
it depends on how you handle users in your website.
if you use the asp.net built in user management, then User.Identity.Name will get you the currently logged in username.
other stuff like (User)Context.Items["CurrentUser"] or (User)Session["myUser"] will get you the user which was saved in those places somewhere in your website.
you just need to start your way from the login page, and follow the functions to see how users are being handled in your website.
Related
I've implemented social authentication in my application, and I get the accesstoken successfully.
But when I use that access token to get the user's public profile, I get only the user's ID and the user's name.
I can't get the other properties of the user like the user's profile picture.
when I try this:
Json = await httpClient.GetStringAsync($"https://graph.facebook.com/v5.0/{userWithOnlyId.Id}?access_token={accessToken}");
I get only the user's id and name.
when I do this as stated in this facebook doc :
await httpClient.GetStringAsync(
$"https://graph.facebook.com/me?fields=profile_pic&access_token={accessToken}");
I get a 403 forbidden error.
Is there something I did wrong ? I've tried several things I found here on stackoverflow but up till now I have no solution.
There is an example(section: Retrieving a Person's Profile):
https://graph.facebook.com/<PSID>?fields=first_name,last_name,profile_pic&access_token=<PAGE_ACCESS_TOKEN>
Looks like you need to provide a PSID
ASID(App-scoped ID) - it's a user-id that is unique for each app.
It means that this user will have different ASID for each app. I think that you have only one app.
To get a Page-scoped ID from an App-scoped ID, send a POST request to
the /pages_id_mapping root node
I have created the registration and login form. Both work perfectly. But how do i recognize the user logged in as the PHP does by using SESSIONS and COOKIES. I can use static class to get data between different pages, but how can i retrieve the logged user data if he closes the application.
Is there any way for achieving this?
Thanks!
I'm assuming that you want something like instant messenger applications like Skype, or cloud storage applications like DropBox, OneDrive or Mega do. They ask you to enter user name and password once, and then start automatically without asking for user's credentials again.
They achieve this by storing user name and password in encrypted format in the file they normally keep in application folder under specific user account. See the following link for details: How can I get the current user directory?
This is standard practice, as another user will not be automatically logged into your app, if they not entered their own credentials.
Make sure you encrypt the user name and password or the whole file before saving it to disk, otherwise it may become an easy target for password stealing malware.
You should use user settings to do this, as this mechanism hides all the necessary work for creating files in the right locations, etc. from the developer. It works fine and it is made for stuff like this.
You design them in Visual Studio in the project properties on the "Settings" tab. Make sure to select the settings type correctly, as application settings are read-only.
Assume you have to settings UserName and UserPassword. Then, in your code, you could do this:
if (String.IsNullOrWhitespace(Properties.Settings.Default.UserName))
{
// USER NEEDS TO LOG IN
string userName;
string password;
if (Login(out userName, out password))
{
try
{
Properties.Settings.Default.UserName = Encrypt(userName);
Properties.Settings.Default.Password = Encrypt(password);
Properties.Settings.Default.Save();
}
catch (Exception exp)
{
...
}
}
}
else
{
// USER IS ALREADY LOGGED IN
}
private bool Login(out string userName, out string password) would be a method that shows a login user interface and returns true on success or false on failure.
private string Encrypt(string input) would be a method to encrypt a string.
I need some help with examples how to use Credential of a current user running application.
So in windows 7 you can run application using user loged in by simply running application or you can use "Run as a different User" option and run it as another user.
In my Active Directory I have 2 account Domain User and one with Domain Admin rights. I'm login Windows as a Domain User and when I need I'm using "Run as a different User" to launch some task as a Domain Admin.
So the task is to get my Credential and use it to perform some task, lets say rename active directory user name.
Best way to do this as I can see is to ask user running application to enter Domain Admin credential on then start application and use them for various task. Of course I can easily run application with "Run as a different User" but I still need to get this credential and use them.
I've searched through the web and I can't find this, all i could find is using credential for a web auth.
If you can show me some examples how to:
1) Ask user for a Admin user credential ( i can leave without this )
2) Get and use credentials of a user running application
I don't want to know password I know I can't. Don't really want to add to a WPF form password box I prefer to use windows API to handle this i've already entered user name and password using "Run as a different User".
PS: I sorry if this topic exists :( I guess I'm bad at creating correct search requests.
ADDED: to be more clear what I need. In powershell it will look like this:
# This Asks user to enter credentials
$cred = Get-Credential;
# this checks if I have rights to use them.
Get-ADDomain “DOMAIN” –Server “Domain.com” –Credential $cred;
Of course it's simplified as hell though the point is that I can use credentials user entered when ever it's needed.
The equivalent C# to your Get-ADDomain is quite simple, it is just
public void PerformSomeActionAsAdmin(string adminUsername, string adminPassword)
{
//Null causes the constructor to connect to the current domain the machine is on.
// |
// V
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, null, adminUsername, adminPassword))
{
//do something here with ctx, the operations will be performed as whoever's username and password you passed in.
}
}
if you don't want to connect to the current domain and instead want to connect to Domain.com then replace the null with the appropriate string.
EDIT: if you want to use secure strings you can't use System.DirectoryServices.AccountManagement.PrincipalContext, you will need to go with the lower level calls in System.DirectoryServices.Protocols. Doing this process is quite complex, here is a link to the MSDN article "Introduction to System.DirectoryServices.Protocols (S.DS.P)" explaining how to use it. It is a big complex read and honestly I don't think it is worth it to be able to use encrypted strings.
public void PerformSomeActionAsAdmin(NetworkCredential adminCredential)
{
using(LdapConnection connection = new LdapConnection("fabrikam.com", adminCredential))
{
// MAGIC
}
}
Do you want to check if the current user is a doman admin? start by looking at his code, it should help you get started identifying what AD groups the current user is in. This will give you a list of strings that are each group's name the current user belongs to. Then you can check that list against whatever AD group you are trying to check for. Replace YourDomain with your domain name:
WindowsIdentity wi = WindowIdentity.GetCurrent();
List<string> result = new List<string>();
foreach (IdentityReference group in wi.Groups)
{
result.Add(group.Translate(typeof(NTAccount)).ToString().Replace("YourDomain\\", String.Empty));
}
Since i'm not quite sure what you're trying to do, this also might be helpful. You'd have to get the user name and password from a textobx, password box etc. This could be used for an "override" to use, for example, a manager's credentials etc. to do something the current user wasn't allowed to do because of AD group membership etc.
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, "YourDomain"))
{
if (UserName.Contains("YourDomain\\"))
{
UserName = UserName.Replace("YourDomain\\", String.Empty);
}
//validate the credentials
bool IsValid = pc.ValidateCredentials(UserName, Password);
}
Gooday, I would like to use the <Login> and <asp:CreateUserWizard > with sessions, is it possible?
I know how to check if the username and password textboxes from a Login control should trigger a session, it should be something like this:
TextBox userTextBox = (TextBox)Login1.FindControl("UserName");
TextBox userPassword = (TextBox)Login1.FindControl("Password");
if (User1.ConnAttempt(userTextBox.Text, userPassword.Text) == 1)
{
Session["User"] = userTextBox.Text;
}
The ConnAttempt method here is defined elsewhere and checks the Clients database table for the specified credentials, returning 1 if they exist.
But how does the system know to actually "log in" after the Login button is pressed?
I should mention I had roles and users configured previously through the Web Site Administration tool, which I am now trying to do without (get rid of) for various reasons, and I am unsure on how to do the transition quickest and most easily. Thanks a lot!
Anna
When someone logs on to my site. I want to direct them to their own home page. If the user has the id of 1. They would go to
http://www.test.com/Home.aspx?id=1
I already have the login and id setup. I am not sure how to incorporate it into the url.
Response.Redirect("http://www.test.com/Home.aspx?id=" + id);
Are you using Forms Authentication?
If so, instead of using RedirectFromLoginPage (which will redirect to whatever page is in your web.config), just use FormsAuthentication.SetAuthCookie, and do your own redirection.
To do so, you need to make use of the URL QueryString.
E.g
// forms auth code here, user is logged in.
int id = 1;
string redirectUrlFormat = "http://www.test.com/Home.aspx{0}";
string queryStringidFormat = "?id={0}";
Response.Redirect(string.Format(redirectUrlFormat, string.Format(queryStringidFormat, id)));
You should handle all querystring parameters, URL, etc (ie the above code) in a global static model class.
That way you can just say:
Response.Redirect(SomeStaticClass.GetUserHomePageUrl(id));
In the receiving page (Home.aspx), use the following code to get the id of the user:
var userId = Request.QueryString["id"]; // again, this "magic string" should be in a static class.
Hope that helps.