Codeigniter Ion auth user session conflict - codeigniter-3

My website is built with codeigniter framework and I am using Ion auth library for user management. A very strange problem I am facing, the login shown to me was of a different user, may be both of us accessed site at the same time but location is completely different. Can't figure out what the problem is.

Related

Cant Use Facebook API on AppEngine

So, I have this grade project where I have to do a mashup and deploy it on AppEngine. So, everything is fine, and I even got it working some months ago, but when I deployed the project again after doing some changes and updating the facebook api, it no longer works.
Thing is, it does works on localhost. The error only occurs when deployed. It's only a normal publish post POST.
So, here's the error:
The URL was blocked: Redirection has failed because the URI is not incluided in the list of OAuth authorised of the application client. Check that the OAuth access of both client and web are active and add all the domains of your apps as OAuth redirection URI
This was translated from spanish so it might not be totally accurate.
So, it seems easy, but I don't really know if the proble is that I have to do something in the configuration of appengine control panel (most likely), in the configuration of the facebook api control panel or if it's something in the project code. I've checked everywhere and have the faint memory of solving this several months ago, but I can't anymore.
Thanks!
For Facebook login, you need to tell Facebook the URI of the page that the login will start from. If you change the URI, then the login process will break. You can set the URI from this page:
https://developers.facebook.com/apps/1234567890/fb-login/
Except that you need your app id in there instead of 1234567890. You can get there from here:
https://developers.facebook.com/apps

Has anyone actually got ASP.NET MVC 5 Identity Facebook logins to work out of the box? (loginInfo always returns null)

Using Visual Studio 2013 Update 5, I have created a boilerplate MVC 5 application with Individual User Accounts auth option selected, and I have been trying to implement social logins using the template code, but have been unsuccessful.
I have ensured all NuGet packages are up to date, and the code is using MVC 5.2.3; Owin 3.0.1; AspNet.Identity 2.0.0.
I can get everything working fine, including authenticator apps using OtpSharp, but the Facebook login is just not working whatever I try.
I have created the Facebook App, set all the relevant options on that and set the AppId and AppSecret in my Startup.Auth.cs file.
When I try to login with Facebook, the MVC site redirects me to Facebook, which prompts me with the auth screen for the app. I click OK and accept this then I am redirected back to the MVC app. If I check the authorised apps under my Facebook account, my app is listed and shows that it has granted permission to the app to retrieve email address.
The callback works fine but when it hits ExternalLoginCallback and in particular:
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync()
loginInfo always returns null.
Looking at the Request it shows an error of access_denied:
https://localhost:44301/Account/ExternalLoginCallback?ReturnUrl=%2Fmanage&error=access_denied
I have read pretty much every blog post and SO question on this error and whilst most of them are helpful, most are also out of date and not relevant.
It would seem that something is missing from the templated project, or something has changed elsewhere as no matter which tutorial I read, and options I set, the result is the same.
I have tried this internally on a dev machine running IIS Express and externally on a hosted machine running IIS 7.5 too and the results are the same.
I've even decompiled the Microsoft.Owin.Security.Facebook library to see where that particular section of the querystring is set to no help.
If I had any hair I'd have pulled it all out by now.
I'll take any suggestions. Can anyone help?
Facebook loves to make things difficult. Access_denied sounds like they are blocking you on purpose. Check your developer dashboard and the accounts authorized to test your app while its in development mode. The email permission is approved by default, so that isn't your issue.
Make sure the account you are testing with is added here:
If that doesnt solve it, make sure you have the correct app domains (testing and live) listed in the domain section here:
I had the exact same issue. No matter what I did the facebook would show the login, get permissions and then return back to the Login page instead of the Email confirmation page.
Using Fiddler Facebook would invoke "http://localhost:1234/signin-facebook&code=SOME_SECRET_CODE_HERE", and then my application's controller would invoke "http://localhost:1234/ExternalLoginCallback?error=access_denied". I was sure Facebook is refusing the access. It was only after implementing a Facebook Javascript SDK Sample, I realised I could successfully login and also view FB scopes!
My Dev environment
MVC 5 application
Visual Studio 2013 Community edition Update 5
Microsoft.OWIN v2.2.1
Microsoft.OWIN.Security.Facebook v3.0.1
Finally I found a YouTube Video by ProCoder which mentioned to put the correct path in the Valid OAuth redirect URIs as http://localhost:1234/signin-facebook and it worked. If you haven't already added, you will need to add Facebook Login product to your Facebook app.
I also set App Domain to localhost and Site URL to http://localhost:1234/
I have added 127.0.0.1 and MY.EXTERNAL.PUBLIC.IP to the Server IP Whitelist Under Security in the Advanced Settings option of the Facebook app.
All these settings I replicated in a new MVC 5 application and it worked like a charm.
update the package Owin.Security.Facebook 3.0.1 to 3.1.0
It works for me

Redirect the page from external website to web pages using play framework

I am pretty much new to play framework and I am currently developing a website using this framework.
I have the following question:
Default page should be gmail.com and the once the user entered his credentials and if the user is authorized(I mean login successsful) then it should redirect to the my website along with the retrieval of user name.
To make it as simple:
say my website is www.hellow.com
Once the user enter hellow.com then it should redirect to gmail.com and once the gmail login is successful then it should come to hellow.com with the username.Though I am using redirect() but am not sure how to come back to my site once the login successful.
Currently I am using latest play version.
Please help me out.
Thank You
It's not about redirect. You need to use Google API to be able to provide sign in with it. Start here: https://developers.google.com/gmail/api/auth/about-auth

Web API FB OAuth? How would to go about implementing it in a SPA application?

Documentation on the net seems to be VERY scarce. The only option I can think of at the moment
is to have my SPA app break convention and to have the (initial) logged out page be different to the logged in one (eg my app).
My app is built using Durandal 2.0.0.
In one of my OAuth tests app's I've managed to implement this link successfully. But as Durandal does not work in the same way (Server-side controller, & razor views), I'm thoroughly confused in how to achieve what I want to.
I'd like to have my app remain a single page app. But I've got little to no experience with the OAuth SDK
My only requirement is that the user log into my app using his FB account.
I've had an initial stab at this using the FB java script API, and got it working, but after discussions with another developer this side, it doesn't seem like the purpose of the java script API is to facilitate secure application login's? As the way we had it, would allow any user to pass a valid fb userId, then he would be logged into our app. :/
How would I go about achieving this process flow in a Durandal/Web API Single Page App?
User logs in using fb ->
then on the server we get his fb userId ->
retrieve our internal appID
I'm not asking for a complete answer/for someone to do my work....
But any documentation to get me started/less confused would be greatly appreciated.
Here is a sample project which demonstrates how to use OAuth with Durandal and Web API:
DurandalAuth.
However there are some modifications in viewmodels needed, since router changed in Durandal 2.0.0.

.NET Web Forms multiple product subscriptions under one account?

Background:
I am working on a legacy ASP.NET 3.5 Web Forms applications. The application allows users to buy a subscription to a 'white-label' website which is generated for them and they can customize it further. It uses forms authentication.
A typical use-case is that the user creates an account on our system, purchases a website, and then proceeds to customize their website. The URL they will use to edit their purchased website is something like this: https://www.example.com/EditWebsite.aspx. There are many other pages also within our website editing toolbox with other URLs.
Problem:
My team has now been tasked with allowing people to use one account to access multiple website subscriptions. This means that one authenticated user could be trying to access one of many websites to edit if they use the URL mentioned above. Our system can be made aware of multiple subscriptionIds per User but the website editor web app only has support for one subscription.
To clarify with a simpler example: this would be like if Google all of a sudden allowed you to view two different inboxes with one GMail account. How would the system know which one you were trying to access if the URLs were the same for both?
We originally wanted to change the application to use URLs like: https://www.example.com/[subID]/EditWebsite.aspx which would give us all the information we need to send the user to the correct website. We looked into URL Routing to accomplish this but it seems that we would have to change all of the web app's internal links to use the route config to generate the correct URLs. Maybe we have the wrong idea here but it seems like too much work for a legacy application.
Another potential solution we came up with was simply using our systems' control panel web app (where they click links to edit any of their websites) to set a session cookie which our edit website web app can read to know which website to bring up. This has the disadvantage that the pages would not be bookmark-able and you could not look at multiple websites at once in different tabs of the same browser.
Question(s):
Is there any other options we have not investigated or thought of? Is there any other web sites which allow for this kind of behavior; how do they handle it? Is URL Routing the right way to do this and we just need to take the plunge?
Any input is appreciated!
The solution we ended up using was adding a URL parameter to the link which specifies which website you are trying to edit.
https://www.example.com/EditWebsite.aspx?subID=123
This parameter is included in the links to 'Edit Website' from the page which lists all of a user's websites.
When present, this sets a session cookie for the user. If the request parameter is not present, the app looks for the cookie being set; this handles all the internal links within the application. if a cookie doesn't exist and the request parameter was not set, we just pick the authenticated user's first subscription from the list.
This isn't perfect but it has worked without issue so far. The only consequence it has caused is that a user cannot edit multiple websites in the same browser session, e.g. using multiple tabs. This hasn't resulted in any support issues yet though so it is pretty much a non-issue.