We have custom login widget which we have been using in Sitefinity 8 which has OTP authentication. After upgrade to Sitefinity 12.2, not able to render the custom login widget in back-end login page. Saw in few documents like sitefinity 12 doesn't support custom widget in back-end login page.
Is there any way to use the custom login widget for sitefinity back-end login. Please help with some suggestions or solutions, so that we can configure the custom widget.
Question modified :
After making the some configuration changes mentioned by Vesilev, now the login form is rendering in the UI. But while checking for the valid user and if yes it goes to redirect.And throws error :
"Server cannot set status after HTTP headers have been sent".
Please find the code below :
UserLoggingReason reason = SecurityManager.AuthenticateUser("Default", this.username.Text, true, out user);
if (reason == UserLoggingReason.Success)
{
Response.Redirect("~/Sitefinity/Dashboard");
}
else if (reason == UserLoggingReason.Unknown)
{
this.message.Text = "Incorrect Username/Password Combination";
}
Not able to login into the system as this is throwing error from Response.Redirect.Need some suggestions/help to resolve this.
Related
I am using Identity Server 3 to authenticate a JS Client using the Implicit flow and AccessTokenType = AccessTokenType.Reference
But when i call
manager
.signoutRedirect()
.catch(function (error) {
console.error('error while logging out', error);
});
the user is signed out only from the calling tab, he can still browse the application in the other tabs.
Is it possible to log the user out from all the other tabs ?
I have already checked this question Oidc-client with IdentityServer3 - Angular2, how to logout and login properly
Make sure you have configured post_logout_redirect_uri in settings object. You can check if the user is logged out of application by checking the session_state value. In the case of JS application, the design of the specification requires to load, in a hidden iframe, the check session endpoint from IdentityServer. The JS application and this iframe can then communicate with the postMessage API.
You can find complete details here on IdentityServer3 documentation https://identityserver.github.io/Documentation/docsv2/overview/jsGettingStarted.html
I'm working in Umbraco and is currently using this code:
#if(Members.GetCurrentLoginStatus().IsLoggedIn) {
Response.Redirect(Request.UrlReferrer.AbsolutePath);
}
In my login-template, so when I click on a protected page, I will be redirected to Login (that works) and then after successfull login be redirected back to the protected page. That works like a charm, but if I'm on Homepage and clicks "log in" and logs in, I get this problem when it is redirecting:
Server Error in '/' Application.
"Object reference not set to an instance of an object.
#if(Members.GetCurrentLoginStatus().IsLoggedIn) {Response.Redirect(Request.UrlReferrer.AbsolutePath);}"
I'm not using Visual Studio, only the CMS itself online so I can't access any controllers and do it myself.
Any Ideas how I can solve this?
Well, if there is no referrer it shouldn't redirect, right? So something like this should do?
#if(Members.GetCurrentLoginStatus().IsLoggedIn && Request.UrlReferrer != null) {
Response.Redirect(Request.UrlReferrer.AbsolutePath);
}
I have a website (Symfony2) with HWIOauthBundle used to connect with Facebook and everything works fine.
Now, I'm trying to build an iOS app with Cordova and Ionic framework (AngularJS) and I want to authenticate my user with Facebook :
With $cordovaFacebook, I authenticate my user and get a valid Facebook access token, that's ok
I try to use this access token to authenticate my user on the server-side with HWIOauthBundle :
GET http://..../login/facebook?code=MY_FACEBOOK_ACCESS_TOKEN
Symfony rejects my request with this log :
INFO - Matched route "facebook_login" (parameters: "_route": "facebook_login")
INFO - Authentication request failed: OAuth error: "Invalid verification code format."
So my question is : how can I authenticate my user on both front and back end with Facebook connect?
Thanks :)
I've also been wondering how to implement a server side login with the HWIOAuthBundle.
I didn't find any solution on the web, so I coded the functionnality based on hints I've read on the net.
Basically, you have to :
authenticate the user on your app
make an http request to your server with the Facebook token.
ont the server side, check if the token is for your Facebook app, and retrieve the user's Facebook ID.
Get your user from the DB based on the fetched ID.
Here's my Symfony controller:
public function getSecurityFbAction($token)
{
// Get the token's FB app info.
#$tokenAppResp = file_get_contents('https://graph.facebook.com/app/?access_token='.$token);
if (!$tokenAppResp) {
throw new AccessDeniedHttpException('Bad credentials.');
}
// Make sure it's the correct app.
$tokenApp = json_decode($tokenAppResp, true);
if (!$tokenApp || !isset($tokenApp['id']) || $tokenApp['id'] != $this->container->getParameter('oauth.facebook.id')) {
throw new AccessDeniedHttpException('Bad credentials.');
}
// Get the token's FB user info.
#$tokenUserResp = file_get_contents('https://graph.facebook.com/me/?access_token='.$token);
if (!$tokenUserResp) {
throw new AccessDeniedHttpException('Bad credentials.');
}
// Try to fetch user by it's token ID, create it otherwise.
$tokenUser = json_decode($tokenUserResp, true);
if (!$tokenUser || !isset($tokenUser['id'])) {
throw new AccessDeniedHttpException('Bad credentials.');
}
$userManager = $this->get('fos_user.user_manager');
$user = $userManager->findUserBy(array('facebookId' => $tokenUser['id']));
if (!$user) {
// Create user and store its facebookID.
}
// Return the user's JSON web token for future app<->server communications.
}
I throw the Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException exceptions to handle login errors on my app.
Of course, you really should use https because you will be exchanging sensible information.
I don't know if it's the best way to do it but it works well.
Hope it helps !
Well, I think that Symfony doesn't actually reject your request. Facebook is. I'm not sure if this might help, but I know that a bunch a problems can happen when dealing with the Facebook Auth :
Do you know if the tool sends, along with the code parameter, a redirect_uri parameter ? If so :
Did you check that your redirect_uri HAS a trailing slash at the end ? See this
Silly question, but did you check that your app_id is the same when you got authorized via Cordova ?
Check that your redirect_uri DOES NOT have any query parameter.
Check that the redirect_uri that you use during the whole process is the same all the time.
Overall, it seems that your issue is almost all the time related to the redirect_uri URI format.
I work on an application and i want to add ProviderSignIn features. I place a button on my web page so people could connect ( signin) to my application using facebook. As documentation says (http://docs.spring.io/spring-social/docs/1.0.3.RELEASE/reference/html/signin.html), the oAuth dance :
1. POST is made to signin/facebook work(seen in firebug)
2. GET is made to signin/facebook?code="somecode" work(seen in firebug)
3. GET is made to signin but this just displays my view signin.
The documentation says :
If any error occurs while fetching the access token or while fetching the user's profile data, ProviderSignInController will redirect to the application's sign in URL. The request to the sign in URL will have an "error" query parameter set to "provider" to indicate an error occurred while communicating with the provider. The default sign in URL is "/signin" (relative to the application root), but can be customized by setting the signInUrl property.
At step 3, my url is signin#= and not signin with error query parameter.
I don't understand why i am not getting error in query parameter ?
Just create your own controller which extends ConnectController and implements it's methods. It worked for me.
I am new to grails and i am trying to add facebook plugin to my web application. i have successfully(as i believe) installed plugins and addED necessary code in my application. I followed the documentation found at http://splix.github.io/grails-spring-security-facebook/ , when I run my app I see the facebook connect button on gsp page,after clicking on connect button a popup opens up asking for permissions required in app and when user clicks on allow button i receive error "No authentication provider found". I dont know where i am wrong ,can any one help me please.
Thanks in advance
You have custom list of providers:
grails.plugins.springsecurity.providerNames = [ 'myAuthenticationProvider',
'anonymousAuthenticationProvider',
'rememberMeAuthenticationProvider']
And none of them supports FacebookAuthToke, so Spring Security cannot authenticate using Facebook Authentication plugin.
If you really need to have custom provider, just put original provider into this list:
grails.plugins.springsecurity.providerNames = [ 'myAuthenticationProvider',
'facebookAuthProvider',
'anonymousAuthenticationProvider',
'rememberMeAuthenticationProvider']