Use default credentials in order to call DirectoryEntry - c#-3.0

I am working in a Login page and teh logic is like ->
try
{
DirectoryEntry LDAPLogin = new DirectoryEntry(ConfigurationSettings.AppSettings ["LDAPPath"].ToString(), Usuario, Txt_Contrasenia.Text.ToString());
if (LDAPLogin.NativeGuid != LDAPLogin.Name)
ValidarGrupo();
}
catch (Exception exc)
{
Label_Info.Text = "Sus credenciales no son validas: " + Usuario.ToString() + " " + exc.Message;
}
If the user enters the rights credentials I call a method ValidarGrupo that implements a lookup in the AD for a group of the user
I would like to replace the username and password with UseDefaultCredentials in order to avoid that the user has to enter the username and password and the Login pages use the credentials of the user that is login on the machine.

I would like to replace the username
and password with
UseDefaultCredentials in order to
avoid that the user has to enter the
username and password and the Login
pages use the credentials of the user
that is login on the machine.
So you basically want to check whether the currently logged in user is valid?
I believe you can just simply create the DirectoryEntry without specifying any username/password - in that case, System.DirectoryServices will automatically use the current user credentials:
string ldapPath = ConfigurationSettings.AppSettings ["LDAPPath"];
DirectoryEntry LDAPLogin = new DirectoryEntry(ldapPath);
That should be enough, I believe!

Related

Pre-condition not working

I'm trying to create a simple 'signup' method.
-- Creates a new account
public signup: String * String ==> ()
signup(username, password) == (
-- create user
dcl user: User := new User(username, password);
-- add user
users := users union {user};
)
pre (let u in set users in u.username <> username);
The problem I'm having is with the pre-condition. How can I write the pre-condition 'username is unique'? (ie there is no user in users where user.username = username)
Note: users is a set of User
Edit: pre (username not in set users.username) is what makes most sense to me, but this doesn't even compile.
It looks like you need a "forall". Your precondition wants to say that "for all of the users' usernames, the new user's name is not equal to them". An alternative would be to generate the set of existing usernames with a set comprehension, and then say the new username is not in that set.
Let us know if the syntax for the above isn't obvious.

Why does the Spring Social plugin occasionally return an empty email on the User class?

I have a Grails project (v2.4.2) that is making use of the spring-security-facebook:0.17 plugin to authenticate via Spring Security. At first sight, all seems well. However, there is a large set of users that for some unknown reason I cannot access their email address. I am using spring social to grab the email. I have permission and it is set in the scope. Here is a code snippet where I authenticate a new user:
log.info("Create domain for facebook user $token.uid")
//Use Spring Social Facebook to load details for current user from Facebook API
log.info("create: FacebookAuthToken: $token")
log.info("created FacebookAuthToken.FacebookAccessToken = ${token.accessToken}")
Facebook facebook = new FacebookTemplate(token.accessToken.accessToken)
org.springframework.social.facebook.api.User fbProfile = facebook.userOperations().getUserProfile()
// Check if email is actual granted because in production some are coming back null
boolean isEmailGranted=false
List<Permission> permissions = facebook?.userOperations()?.getUserPermissions()
String permissionString = "["
for (int i=0;i<permissions.size();i++) {
permissionString += "["+ permissions[i].getName() + ":" + permissions[i].getStatus()+"]"
if (permissions[i].getName()=="email" && permissions[i].isGranted())
isEmailGranted=true
}
permissionString += "]"
log.info("create: Facebook Permissions = " + permissionString)
def grailsWebRequest = WebUtils.retrieveGrailsWebRequest()
def flash = grailsWebRequest.flashScope
if (!isEmailGranted) {
log.warn("create: Unable to subscribe facebook user because email priviledge was not granted.")
flash.message = 'Login to Facebook failed. We must have access to your email address in order to proceed with login.'
throw new InsufficientAuthenticationException("Facebook email not accessible")
}
log.info("created: ")
String email = fbProfile.getEmail()
String firstName = fbProfile.getFirstName()
String lastName = fbProfile.getLastName()
String fullName = fbProfile.getName()
String username = firstName
String password = token.accessToken.accessToken
if (!email) {
log.error("create: Permission was granted to use facebook email but the value is null.")
flash.message = 'Login to Facebook failed. We are temporarily unable to access your email although permission has been granted'
throw new InsufficientAuthenticationException("Facebook email not accessible for unknown reason")
}
Why would I receive an empty email when permission has been granted? Is there a preferred method for handling this behavior (other than failing the authentication and making up a fake email address). Many thanks!
The documentation for the 'email' field of the 'user' object ( https://developers.facebook.com/docs/reference/api/user/ ) clarifies the expected behaviour here, which is:
"this field will not be returned if no valid email address is available"
There is a detailed explanation about different situations where an email won't be sent. Please check it out:
https://developers.facebook.com/bugs/298946933534016/
I hope it helps.

Spring Security and social SignUp with Rest

My application exposes a REST API for services and uses SpringSecurity to manage login at the private services.
With custom signup and login I don't have any kind of problem, but now I try to implement login/signup with Facebook or Twitter, and I don't know how to do this.
Has anyone had the same problem and solved it?
I tried to use a custom password "very long" for every Facebook and Twitter account but that didn't work.
UPDATE
I try your solution, but get an error. This is my code
public UserDetails loadUserByUsername(String mail) throws UsernameNotFoundException {
ServletRequestAttributes attr = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
if (ConstantPWCabinet.SOCIAL_LOGIN_FACEBOOK.equalsIgnoreCase(attr.getRequest().getParameter(ConstantPWCabinet.LOGIN_TYPE))) {
User facebookInfo = dao.getFacebookInfo(new FacebookTemplate(attr.getRequest().getParameter(ConstantPWCabinet.FACEBOOK_TOKEN)));
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority(Role.ROLE_USER_FACEBOOK.toString()));
org.springframework.security.core.userdetails.User user = new org.springframework.security.core.userdetails.User(facebookInfo.getEmail(), null, authorities);
Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
return user;
}
logger.debug("Mail di accesso: " + mail);
User user = dao.getUserSelectedMail(mail);
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
String role = user.getRole().toString();
if (StringUtils.isEmpty(role))
authorities.add(new SimpleGrantedAuthority(Role.ROLE_USER.toString()));
else
authorities.add(new SimpleGrantedAuthority(role));
return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), authorities);
}
But i get and "Bad credential" and no get login.
You have an AuthenticationFilter that listens to url j_spring_security_check
Filter creates an authentication object and sends to Authentication Provider.
AuthenticationProvider calls UserDetailsService to load user by username and authenticate the user.
Filter then checks the authentication object returned by the provider and sends request to success/failure handler.
When you do it through social medium, your user is authenticated by an external source, so you do not need to authenticate user at your end.
You can simple do
// Authenticate the user
UserDetails user = userDetailsService.loadUserByUsername(username);
Authentication auth = new UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
This will authenticate the user without password.

silverstripe external authentification

there is a custom login form that should give users access to certain contents on the same page. That works so far with Users stored as Members in the SS database and I was checking after Login if the user has permissions like this in the Page Class:
function isAllowed() {
if (Member::currentUser()) {
$PresseGroup = DataObject::get_one('Group', "Code = 'presse'");
$AdminGroup = DataObject::get_one('Group', "Code = 'administrators'");
if (Member::currentUser()->inGroup($PresseGroup->ID) || Member::currentUser()->inGroup($AdminGroup->ID)) {
return true;
}
}
}
in the Template I just did this:
<% if isAllowed %>
SecretContent
<% end_if %>
OK so far, but now the users will not be stored in the silverstripe database - they are stored on a another server.
On that external server is running a little php script accepting the username and password. The script just returns user has permission: true or false.
I´m calling that script via cURL.
I planned to overwrite the dologin Function of MemberLoginForm. Now I just wonder how to check after Login that the User got the permission and display the contents... I tried to set a variable in the controller of the Page or should I set a session Variable? Thats my attempt (CustomLoginForm extends MemberLoginForm):
public function dologin($data) {
if(userHasPermission("user1", "pw")==true){
$this->controller->Test("test");
}
$link = $this->controller->Link();
$this->performLogin($data);
$this->controller->redirect($link);
}
I hope someone can help me with that - I know very specific - problem.
Many thanx,
Florian
In SilverStripe you can create a custom authenticator, which means users can log in on your website with accounts that are stored somewhere else, or even just a hard coded user and password.
You can check out the OpenID Authentication Module for example code on how to do it
But for your task this might even be to complex of a solution, how about after login just do something like Session::set('isAllowed', true); and to check if the user is allowed to view:
function isAllowed() {
if (Member::currentUser()) {
$PresseGroup = DataObject::get_one('Group', "Code = 'presse'");
$AdminGroup = DataObject::get_one('Group', "Code = 'administrators'");
if (Member::currentUser()->inGroup($PresseGroup->ID) || Member::currentUser()->inGroup($AdminGroup->ID)) {
return true;
}
}
// if Member::currentUser() is not allowed to view,
// return the session, which is either set to true or it returns null if not set
return Session::get('isAllowed');
}

Zend_Auth login using either username or email as identityColumn

I'm using Zend_Auth with a "Database Table Authentication". What I want to do is allow the user to login with either a username or email address as the "identityColumn". How would I allow both. I'm stuck.
Extend and implement your own Auth Adapter and use query like "WHERE username = ? or email = ?" to get Auth result :)
Authenticate twice (if needed) with 2 different Zend_Auth_Adapter_DbTable objects and add some logic to determine if the login is username or email by guessing if what type of login user provided so that you save one query for most of the cases.
I know this is not the cleanest Zend_Auth implementation, but it works. The only problem comes if someone registers with an different email address as a username, but of course you can prevent this in your registration form. Hope it helps.
// if the entered value validates as an email address then use the 'email' field
// if not, use the 'username' field
$validator = new Zend_Validate_EmailAddress();
if ($validator->isValid($form->getValue('password'))) {
$identityField = 'email';
} else {
$identityField = 'username';
}
$authAdapter = new Zend_Auth_Adapter_DbTable(
$dbAdapter,
'users',
$identityField,
'password',
'SHA1(?)'
);
$authAdapter->setIdentity($form->getValue('username'))
->setCredential($form->getValue('password'));