I'm building WP7 application using DropNet.
I have successfully managed to log in and authorize the app (using WebBrowser control) and this works ok.
The problem is when user checks 'remember me' on the drop box login screen - an obvious thing to do. When I run this application again then browser redirects to a page saying something like 'you have already authorized this application'. Nothing happens until I click the Continue/OK button on the page. The token is not valid until I click this button.
Why is this happening this way? Shouldn't it authorize the token on entering the authorization page so it would support user-free loging in?
I have come across this issue; the problem was solved by setting
_dropNetClient.UseSandbox = true;
where _dropNetClient is an instance of DropNetClient
Normally, you only do the OAuth login/auth stuff the first time he/she uses your app. Once they are authorized, you'll have an "access token" that you should save somewhere.
The next time the user runs your application, don't do any of the OAuth steps. Just load up the access token (sometimes called the "user token" in the DropNet docs) and start making real API requests.
new DropNetClient(appKey, appSecret, accessToken, accessTokenSecret)
Related
I have an ASP.NET MVC application that uses Azure Active Directory for authentication. All works perfectly except for this scenario.
Launch application and login using user#domain.com, the user is authenticated and application home page is displayed
Close browser (Logoff not implemented)
Launch application again and click login as another user
Enter username as abc#domain.com - This user is fake and does not exist
Expected behavior: Some error saying the user does not exist or login failed
Application behavior: Logs in user#domain.com by default without checking the new username that's entered.
Note: portal.azure.com works the same way.
Question: Is there a way to change this behavior so that the username is validated or authenticated before the cached token is used.
thanks
This is by design.We do not go to AAD for authentication every time, cached credentials as used as the tokens / cookies the client has received during the initial login are good enough to get access to the resources.
There are two ways to achieve what you are looking for
1) Implement Sign out( feasible and optimum solution)
2) Implement a Auth filter and apply at a global level so for every request it has to validate the token and user name provide by user.
Hope it helps.
I'm trying to sign out from intranet application, which is also accessible from the internet with signing in using Active Directory Federation Services.
Firstly I just made a href to https://federation.mycompany.com/adfs/ls/?wa=wsignout1.0. The federation page shows and displays a message: "You have been successfully signed out!" But if I go back, I can access the web app again without signing in again. I also tried to append a redirect parameter, so that the user would be prompted to insert credentials again. But the redirect does not happen.
Later on I created a Action in one of my controllers. Here is the code:
public ActionResult Logoff()
{
string absoluteUrl = HttpContext.Request.Url.AbsoluteUri;
string replyUrl = absoluteUrl.Substring(0, absoluteUrl.LastIndexOf("/")+1);
WSFederationAuthenticationModule.FederatedSignOut(new Uri(#"https://federation.mycompany.com/adfs/ls/?wa=wsignout1.0"), new Uri(replyUrl));
return null;
}
But the problem is the same.
The third thing I tried was to delete cookies before signing out. But it seems that authentication cookie is under domain and not my app, so it is not accessible.
How do I solve this Sign out issue?
Please help.
I am only assuming but I suspect that your ADFS is configured for windows authentication while your application has the Login button.
If this is the case then you can't really log out from already authenticated ADFS and it happily reissues the token upon the next request from the application. You can't do anything about it since the authentication is performed with MTML/Kerberos and this is the browser that keeps your credentials until you close it.
The solution would be to change ADFS to Forms mode and see if it helps.
The Thing i want to do is , We have a user who is logged in a device .We have to restrict that user to login from other device.
To Login into Other device he should have to log out from the first device.
I have tried to create authentication token via web API.
Every time a user login ,a new oath token is generally passed in the request headers. (Token would be expire on logout.)
If Same User try to login from other device a new Oath token would be generated
is there anyway to check if a token is already assigned to that user then do not allow him to login
What if,
1.user close the working tab or browser
2.or He navigate to other web page by changing the URL
Are there other solutions to ensure one concurrent login per user ?
This should be simple enough to make sure a user have only one login at a time.
Steps to do would be (ASP.NET/ASP.NET MVC):
Step 1: As soon as user login, check if session for this user already exists.
Step 2: If Session already exists, delete the on going session (Here you can also prompt a message to user if he wants to stop currently going session and start a new one.)
Step 3: On User's action you may delete current session and start a new session for the user.
Step 4: If there is no current session going on, you can simply create a new one .
Update:
For ASP.NET WEB API
Here you have to use Authentication token.
On login you can provide authentication token to user.
On Relogin you can check if token is already issued for this user, and accordingly perform your action.
Hope this helps. Let me know if you have queries.
I assume you know how to code above, if not let me know.
I'm new to develop application to Facebook, we need a website page that shares on a Facebook page, only the admin of the page how can share on it, but i have undesired scenario that happened. what i made: 1- requesting code from Facebook at page load, then getting access token as this access token is expired after 2 h within those 2 h the user can log out from Facebook and try to share it will share, also if he logged in using another account that is not admin it will share on Facebook as the application still see a valid access token, i tried to fix it by getting a new access-token each time the share button is pressed but i get another undesired scenario which is at every click on share button it will refresh the page and get new code" as it doesn't used twice " and then get a new access token even if the user wants to make just multiple shares.
My question: their is a away to check if this access-token is valid to the current logged in user on Facebook?
Kinldy login your FB Account and go to develoeps.facebook.com . Click the tools->Graph Explorer and paste your access token in the Textbox.Click the debug button the validity of your code wiil be shown.Try to go with 60 days token.Then you can able to test your app continously with out changing accesstoken.Refer this link for further details.
https://developers.facebook.com/docs/facebook-login/access-tokens
Question:
I'm using a DropBox csharp API from here:
https://github.com/dkarzon/DropNet
From the Unit tests, and the only working sample from here
https://github.com/dkarzon/DropNet/blob/master/DropNet.Samples/DropNet.Samples.Web/Default.aspx.cs
I figured that it works like this:
DropNet.DropNetClient client = new DropNet.DropNetClient(strApiKey, strAppSecret);
DropNet.Models.UserLogin login = client.GetToken();
client.UserLogin = login;
var accountInfo = client.AccountInfo();
str = accountInfo.quota_info.quota.ToString();
The probem is, it throws an exception on accountinfo. (System.Net.HttpStatusCode.Unauthorized)
Everything before works fine, I get the login (usertoken & usersecret) .
I think my problem is this part of the sample application:
var url = _client.BuildAuthorizeUrl(Request.Url.ToString() + "?dropboxcallback=1");
Response.Redirect(url);
Where it redirects to dropbox for a login...
I don't have a web application, so I have no URL...
What I have is a console application, that should make a backup of my database every evening automatically as a service, for which it certainly is very bad requiring a webbrowser and a user which has to type in email/username + password.
How can I do a login by directly supplying the hardcoded username and password ?
If I use the sample application, then it works, but that requires typing in the username and password on the web, and that sucks big time for a console application...
As far as I know from other API's (facebook, google, stack exchange etc.) you'll have to redirect your user to a webpage of Dropbox, where it will grant permissions to you to use it's account to perform things.
So in general it is not possible to achive this without a webbrower. Otherwise you'll have to perform really dirty hacks to hack arround the permission system of dropbox.
Please have a look at "OAuth 2.0 authorization flow" on google.
Here's a diagram I found at Yahoo which show's how it works:
For uisng the DropnetClient's 4 argument constructor also we need to build web based url and allow the user to authenticate his account this is compusory thing, accesstoken will generate after the user hit allow button in authentication process
As GameScripting explained the Dropbox API uses oauth which requires user login through the dropbox website to authenticate the access tokens.
Checkout the documentation here: http://dkdevelopment.net/what-im-doing/dropnet/ for the 3 step process.
What sort of application are you building? Normal process is to load a browser control inside the application and navigate to the login URL with it.
Also have a look at the sample Windows Phone app to give you an idea of how this process works: https://github.com/dkarzon/DropNet/blob/master/DropNet.Samples/DropNet.Samples.WP7/MainPage.xaml.cs
Instead of hardcoding the username and password, you can hardcode the OAuth access token.
First, create a simple program (using the same app key) that follows the standard browser-based authorization flow. Then use it to authorize the app with the desired user. This will give you an OAuth access token (a "token" and "token secret") associated with that user and your app key.
Then, in your service-style application, just hardcode the OAuth access token (using DropNetClient's 4-argument constructor).
It is possible, using SharpBox - tested, works.
One needs to acquire the AccessToken as a one-time-action manually, then after that, one can omit the login page and use the saved AccessToken.
http://www.jayway.com/2012/02/06/unboxing-dropbox-and-sharpbox-2/
The magic line is:
Globals.DropBox.Token = AppLimit.CloudComputing.SharpBox.StorageProvider.DropBox.DropBoxStorageProviderTools
.ExchangeDropBoxRequestTokenIntoAccessToken(
Globals.DropBox.config
, Globals.DropBox.AppKey, Globals.DropBox.AppSec
, Globals.DropBox.requestToken
);