For the life of me I can no figure out where to get the SessionID out of the service so that I can use it in a future call to recreate the same session.
I am currently using the 2013_1_0 version of the wsdl in C#
When referencing the older documents SuiteTalkWebServicesPlatformGuide_2011.1.pdf on page 78 (Reusing Session IDs During Login) they talk about this.
Any Suggestions?
Here is my sample code for logging into NetSuite without using a previous SessionID...
// invoke the login operation
Passport passport = new Passport();
passport.account = _sNetSuiteAccount;
passport.email = _sNetSuiteUserName;
RecordRef role = new RecordRef();
role.externalId = _sNetSuiteRole;
passport.role = role;
passport.password = _sNetSuitePassword;
status = service.login(passport).status;
// Confirm login was a success
// Process response
if (status.isSuccess == true)
{
_bIsNetSuiteAuthenticated = true;
}
Additionally I have yet to find sample code for using the SessionID to re-create the service. So any suggestion there would also be welcomed.
Thank you!
In talking with NetSuite what I desire to do is impossible and the SessionID is stored as a private variable and handled by the .NET code.
I am currently seeking an alternative to a persistent session so when code base is called multiple times that the user will not need to be prompted for each iteration to enter their NetSuite cridentials. I will update this answer as more details come available on this.
Related
History
We have an elaborate system which ties into DNN on multiple levels for custom user information. Our users are governed under a completely different database than DNN. Because of this, we have special requirements and have created our own membership provider to our database and registration form for our specific needs.
The Problem
In the past, we have used our membership provider and registration form with no problems. Recently, we have encountered a strange situation where the username is mangled after someone attempts to register a new account. It is mangled in such a way that the username becomes the user's Region followed by a hyphen, followed by the user's email address in full. As an example, if a user fills out the form with the following:
username: user
region: CA
email: me#example.com
Before UserController.CreateUser(user) is called, the userInfo.Username equals "user". However, after the call completes, it will be "CA-me#example.com" and the created record in the User table will reflect this change.
Using my custom membership provider (which calls the default AspNetMembershipProvider) verifies that the issue seems to be with AspNetMembershipProvider's CreateUser(ref userInfo); Before this call, the username is "user", but after this call completes it becomes "CA-me#example.com". The result of the call is Success and the user is created in the database. So it doesn't appear to be a failure that is causing the issue.
Settings
I'm not sure if there are settings on DNN which may cause this problem. In my development environment, this entire thing is a non-issue. It only occurs in the live and a secondary internal test environment. Since I'm not able to reproduce this bug in my debug environment, I've considered this might be a site configuration issue. The only option I've found on Site Settings is to make the username the same as the email address, but this is disabled.
I'm going to post my membeship provider code for updating the DNN record, and I'll post the code which creates the user in my register module. I don't know if anyone might need additional code, but I'm willing to provide more where necessary.
Membership Provider
/// <summary>
/// Updates the user in the DNN database.
/// </summary>
/// <param name="userInfo"></param>
private void UpdateDnn(UserInfo userInfo)
{
// _defaultProvider is an instance of AspNetMembershipProvider
if (_defaultProvider.GetUser(userInfo.PortalID, userInfo.UserID) != null)
_defaultProvider.UpdateUser(userInfo);
else
_defaultProvider.CreateUser(ref userInfo);
}
Register Module
public DotNetNuke.Security.Membership.UserCreateStatus Register(Inputs.RegistrationInput input)
{
var userInfo = new UserInfo();
input.Fill(portalId, userInfo); // This copies the user input into the userInfo object.
return UserController.CreateUser(ref userInfo);
}
RegistrationInput.Fill()
public void Fill(int portalId, UserInfo userInfo)
{
if (userInfo == null) throw new ArgumentNullException("userInfo");
userInfo.PortalID = portalId;
userInfo.FirstName = FirstName;
userInfo.LastName = LastName;
userInfo.Username = UserName;
userInfo.DisplayName = DisplayName;
userInfo.Email = Email;
userInfo.Username = UserName;
userInfo.Membership.Password = Password;
userInfo.Profile.Street = Street;
userInfo.Profile.Unit = SuiteApt;
userInfo.Profile.Region = State;
userInfo.Profile.City = City;
userInfo.Profile.PostalCode = Zip;
userInfo.Profile.Telephone = PrimaryPhone;
}
Update
I was digging around in DDN's core for a work around and stumbled upon this (AspNetMembershipProvider.cs:870):
// Check that the OAuth service currently being used for login is the same as was previously used (this should always be true if user authenticated to userid)
if (authUser == null || authUser.AuthenticationType.Equals(service, StringComparison.OrdinalIgnoreCase))
{
isOAuthUser = true;
//DNN-4133 Change username to email address to ensure multiple users with the same email prefix, but different email domains can authenticate
user.Username = service + "-" + user.Email;
}
else
{
createStatus = UserCreateStatus.DuplicateEmail;
}
The line user.Username = service + "-" + user.Email is in the exact format of the username that I am receiving after I call UserController.CreateUser(). The question now is: is this an error in my code or their code? I'm going to keep digging into this, and if nobody answers, I'll try to post an answer to this problem after I understand what is happening here. Furthermore, if I find this to be a bug in their code, I'll post a bug report on DNN's bug tracker and link back to the bug page here.
I finally found the problem. It turns out that the issue is with a line of code above the posted code in the membership provider in the same function:
string service = HttpContext.Current.Request.Params["state"];
The problem with this line is that I pass state via POST as the user's state of residency. DNN seems to consider it the service state. The solution to this is to change the POST input parameter name from state to something else - preferably region as DNN recognizes states as regions. An easy fix, all-in-all, but it took me quite a while to find it. I think DNN should have allowed this parameter to be changed via the state of the membership object or parameter rather than grabbing it directly from the request, but there's not much that can be done on our end in that regard (modifying the core source is strongly discouraged).
I have been searching for the most current method for posting a tweet on behalf of a user in Webforms. Most of the information I've come across dates to around 2010 and involves Twitterizer, which is no longer supported by the Twitter API. My question is, is there any updated documentation or examples, tutorials on the subject?
I've created my app, have the consumer key and secret, but most of the code I'm coming across is in php. Any help would be appreciated.
Since you're using WebForms (via your reply in comments), here's an example of tweeting on another user's behalf with LINQ to Twitter. Other examples might show you how to add a signature to an authorization header, but you'll still have to manage the OAuth workflow. This should give you an idea of how that workflow can be managed in WebForms.
LINQ to Twitter uses different authorizers to manage the process of producing OAuth signatures, managing credentials, and supporting OAuth workflow. First, instantiate a WebAuthorizer, like this:
public partial class _Default : System.Web.UI.Page
{
private WebAuthorizer auth;
private TwitterContext twitterCtx;
protected void Page_Load(object sender, EventArgs e)
{
IOAuthCredentials credentials = new SessionStateCredentials();
if (credentials.ConsumerKey == null || credentials.ConsumerSecret == null)
{
credentials.ConsumerKey = ConfigurationManager.AppSettings["twitterConsumerKey"];
credentials.ConsumerSecret = ConfigurationManager.AppSettings["twitterConsumerSecret"];
}
auth = new WebAuthorizer
{
Credentials = credentials,
PerformRedirect = authUrl => Response.Redirect(authUrl)
};
The WebAuthorizer only needs your ConsumerKey and ConsumerSecret, which can be saved in web.config. The authorization process is divided into two parts because you have to send the user to Twitter to authorize your app and then Twitter redirects the user back to your page to collect the other two tokens, which are oauth_token and access_token. That means you need logic to handle the callback from Twitter, which could look like this:
if (!Page.IsPostBack && Request.QueryString["oauth_token"] != null)
{
auth.CompleteAuthorization(Request.Url);
}
This goes after you instantiate WebAuthorizer and makes sure you're processing a Twitter callback before performing completion. After you call CompleteAuthorize, go into auth.Credentials and grab the new user credentials and save them for the logged in user. On subsequent queries, you can then load all 4 credentials into WebAuthorizer and LINQ to Twitter will work without requiring the user to authorize your application again.
After you have credentials, you can instantiate a TwitterContext, which gives you access to the Twitter API. Here's an example that does that and performs a query:
if (auth.IsAuthorized)
{
twitterCtx = new TwitterContext(auth);
var search =
(from srch in twitterCtx.Search
where srch.Type == SearchType.Search &&
srch.Query == "LINQ to Twitter"
select srch)
.SingleOrDefault();
TwitterListView.DataSource = search.Statuses;
TwitterListView.DataBind();
}
This code follows the call to auth.CompleteAuthorize to make sure all credentials are populated. The auth.IsAuthorized verifies that all 4 credentials are present.
That was the completion and instantiation of the TwitterContext part, but you'll first need to start the oauth process. Here's a button click handler that does that:
protected void authorizeTwitterButton_Click(object sender, EventArgs e)
{
auth.BeginAuthorization(Request.Url);
}
Just call BeginAuthorization, which executes the callback assigned to the PerformRedirect property of WebAuthorizer, sending the user to Twitter to authorize your app. As mentioned earlier, Twitter redirects the user back to your page and CompleteAuthorization executes to finish the authorization process. I typically put the OAuth logic on a separate page to simplify things.
Once the user authorizes your app, you can execute any query you want, such as the method below that tweets some text for the user:
protected void postUpdateButton_Click(object sender, EventArgs e)
{
if (!Page.IsValid)
{
return;
}
twitterCtx.UpdateStatus(updateBox.Text);
updateBox.Text = string.Empty;
}
Tip: the SessionStateCredentials stores credentials in session state. So, you want to make sure you're using state server, SQL server, but definitely not InProc.
There's documentation on the LINQ to Twitter site at CodePlex.com and a working demo in the LinqToTwitterWebFormsDemo in the downloadable source code.
Update
Thanks to a comment by #IvanL, it turns out that the problem is Google specific. I have since tried other providers and for those everything works as expected. Google just doesn't seem to send claims information. Haven't yet been able to figure out why or what I need to differently to get Google to send it.
A wild stab in the dark says it may be related to the realm being defaulted to http://:/ as I have seen an answer by Andrew Arnott that Google changes the claimed identifier for the same account based on the realm passed with the authentication request.
Another possibly important tidbit of information: unlike many of the examples that can be found around the web for using dotnetopenauth, I am not using a "simple" textbox and composing the openIdIdentifier myself, but I am using the openID selector and that is providing the openIdIdentifier passed to the ValidateAtOpenIdProvider. (As per the Adding OpenID authentication to your ASP.NET MVC 4 application article.)
Question is: why is IAuthenticationResponse.GetExtension() always returning null when using Google as the openId provider, when otherwise all relevant gotcha's with regard to Google (Email requested as required, AXFetchAsSregTransform, etc) have been addressed?
Original
I am struggling with getting DotNetOpenAuth to parse the response returned from the provider. Followed the instructions of Adding OpenID authentication to your ASP.NET MVC 4 application up to the point where the login should be working and a login result in a return to the home page with the user's name (nick name) displayed at the top right. (That is up to "The user should at this point see the following:" just over half way down the article).
I am using Visual Studio Web Developer 2010 Express with C#. DotNetOpenAuth version is 4.0.3.12153 (according to the packages.config, 4.0.3.12163 according to Windows Explorer).
My web.config was modified following the instructions in Activating AXFetchAsSregTransform which was the solution for DotNetOpenId - Open Id get some data
Unfortunately it wasn't enough to get it working for me.
The openid-selector is working fine and resulting in a correct selection of the openid provider. The authentication request is created as follows:
public IAuthenticationRequest ValidateAtOpenIdProvider(string openIdIdentifier)
{
IAuthenticationRequest openIdRequest = openId.CreateRequest(Identifier.Parse(openIdIdentifier));
var fields = new ClaimsRequest()
{
Email = DemandLevel.Require,
FullName = DemandLevel.Require,
Nickname = DemandLevel.Require
};
openIdRequest.AddExtension(fields);
return openIdRequest;
}
This all works. I can login and authorize the page to receive my information, which then results in a call to GetUser:
public OpenIdUser GetUser()
{
OpenIdUser user = null;
IAuthenticationResponse openIdResponse = openId.GetResponse();
if (openIdResponse.IsSuccessful())
{
user = ResponseIntoUser(openIdResponse);
}
return user;
}
openIdResponse.IsSuccessful is implemented as an extension method (see linked article):
return response != null && response.Status == AuthenticationStatus.Authenticated;
and always is successful as the ResponseIntoUser method is entered:
private OpenIdUser ResponseIntoUser(IAuthenticationResponse response)
{
OpenIdUser user = null;
var claimResponseUntrusted = response.GetUntrustedExtension<ClaimsResponse>();
var claimResponse = response.GetExtension<ClaimsResponse>();
// For this to work with the newer/est version of DotNetOpenAuth, make sure web.config
// file contains required settings. See link for more details.
// http://www.dotnetopenauth.net/developers/help/the-axfetchassregtransform-behavior/
if (claimResponse != null)
{
user = new OpenIdUser(claimResponse, response.ClaimedIdentifier);
}
else if (claimResponseUntrusted != null)
{
user = new OpenIdUser(claimResponseUntrusted, response.ClaimedIdentifier);
}
else
{
user = new OpenIdUser("ikke#gmail.com;ikke van ikkenstein;ikke nick;ikkeclaimedid");
}
return user;
}
My version above only differs from the code in the linked article by my addition of the final else block to ensure that I always get the home page with a user name and a logoff link displayed (which helps when trying to do this several times in succession).
I have tried both Google and Yahoo. Both authenticate fine, both return an identity assertion as logged by the WebDev server. However, GetUntrustedExtenstion and GetExtension always return null. I always get to see "ikke nick" from the last else, never the name I actually used to authenticate.
I am at a loss on how to continue to try and get this to work. It probably is some oversight on my part (I am an experienced developer but just started dipping my toes in C# and web front-end development), and I can't see it.
Any and all suggestions on how to proceed / debug this are very much welcome.
Are you using Google as OpenId provider to test your solution against? Because Google has/had the habit of including the Claims only the first time you authenticate the application. So perhaps try using a fresh google account and see if that works?
Sorry for the slow response, doing a big migration at a client this week :-) Glad that this little comment resolved your issue.
What's happening is say user A Logs in and provides the rights for the app to access his/her Data we extract his data then..
But what the problem is when another person Logs into his/her account using the same computer and grants permission we are getting the Data of User A and not B..
if(Request.Params["code"] != null)
{
Facebook.FacebookAPI api = new Facebook.FacebookAPI(GetAccessToken());
string me = api.Get("/me");
string meFriends = api.Get("/me/friends/");
}
I am accessing the user info by the above code ..
What should we do about it?
It's a known problem with the SDK saving the data into the session. I'm not 100% sure for C# but I guess it's the same as PHP. The SDK (in PHP ) checks if user's Signed Request is available in session:
public function getSignedRequest() {
if (!$this->signedRequest) {
if (isset($_REQUEST['signed_request'])) {
$this->signedRequest = $this->parseSignedRequest(
...
What I do is everytime I check the validity of the current user's access token. But someone mentioned that's not effective (although I tend to disagree:) ).
In short SDK doesn't check for validity and takes the data from session as first source. That's why 2nd user has the 1st user data.
I am trying to write a web service that returns session variables. The application that calls this web service has access to the the Session ID of the current session.
I tried doing this by creating a "ASPNet_SessionID" cookie and then attaching setting it as the cookie container of a proxy class to the web service but that does not work. I did this like so,
protected void CallService(string sessionID)
{
localhost.AuthService auths = new localhost.AuthService(); //Service Proxy class
System.Net.CookieContainer cookieJar = new System.Net.CookieContainer();
System.Net.Cookie newCookie = new System.Net.Cookie("ASPNet_SessionID", sessionID);
newCookie.Domain = "http://localhost";
cookieJar.Add(newCookie);
auths.CookieContainer = cookieJar;
string SessionData = auths.GetSessionData();
The GetSessionData web method simply returns the Session data like so:
[WebMethod(EnableSession=true)]
public string GetSessionData(string sessionID) {return ((string)Session["user"]);}
Should this approach work, or am I doing something completely wrong?
UPD:This link actually solved my problem - I was able to access all the sessions InProc and was able to select the correct one by ID:
http://weblogs.asp.net/imranbaloch/archive/2010/04/05/reading-all-users-session.aspx
"I am trying to enable a third party application to see what user is logged on to my website."
To achieve this goal you would be far better to use ASP.NET Membership over Session to track users.
Then, to see logged-in status you can simply do this:
bool isLoggedIn = Membership.GetUser("Joe.User").IsOnline;
switch AspCompatibilityMode to true
Is your system designed to be single user?
You suggest 'which user is currently logged on' but if that was the case there isn't much need to store anything in session, you could just stick the userid/name/details into a table in the DB, or potentially use .NET profiles to update an application level variable - http://msdn.microsoft.com/en-us/library/2y3fs9xs.aspx