We have a .NET ActiveX control which is embedded inside a custom SharePoint page.
The user has to authenticate (Windows Authentication not Forms Authentication) to access this page.
Our ActiveX control is making web service calls back to the SharePoint server. Because the SharePoint server does not allow anonymous access, we need to provide credentials as part of the web services call. If the user is checking the 'Remember Password' checkbox when prompted for credentials, then we can access those credentials via the CredentialCache.DefaultNetworkCredentials. However, if they do not check that checkbox, we need another mechanism to get a hold of valid credentials (which must exist since we are embedded in a page that can only be accessed via authentication).
How can we access the credential information (probably stored in a cookie) we need to authenticate against SharePoint so we can access the web services?
There is a method in the SPUtility class called EnsureAuthentication, you can also hit the /_layouts/Authenticate.aspx page to log the user automatically in sharepoint.
You can also encapsulate your call with Impersonation.
You can send a message to your ashx like you do it from Silverlight using XMLHTP.
Related
I have a Timesheet Entry application which needs to be exposed as an API which the users shall use for entering their effort time for assigned tasks.I have the following queries:
I have the login authentication created as a restful client which I have published and currently subscribing with JSON message as response.How to open up this service in the UI, so that the user gets the usual page for the authentication.
How to access this API from different user systems?Does the user has to login to the WSO2 Store everytime he wants to use this API?
The WSO2 docs mention to create users and roles, but since there will be around 10K users for this, how to do this to make the user feel that its the same application as before?
Users are not required to log into the store. Only the application developer has access to the store.Application developer gets the consumer key/secret pair from store and embeds it in the web Application.
Application users/subscribers do not need to be aware of the API store. When they use/login to the application, access tokens can be generated using the embedded consumer key/secret pair based on a specific grant type ( Eg: Password) and access the service exposed via the API.
It is not required to create users and roles manually. If there exists a user store , you can integrate it with WSO2 API Manager. [1] explains how to integrate a user store.
You can refer to the sample [2] to get an idea of how this is done in WSO2 API Manager.
This sample demonstrates a scenario where various services of a deployed web application are accessed via APIs created in API Manager.
[1] https://docs.wso2.com/display/AM170/Configuring+User+Stores
[2] https://docs.wso2.com/display/AM170/Invoking+APIs+using+a+Web+App+Deployed+in+WSO2+AS
I'm running a Django app, and I'd like to make a Chrome extension to allow users to post content. My users can sign in via Twitter, Facebook, and Google (via python-social-auth). I presently do not require accounts to have passwords, so there's no way to log in outside of the oAuth2 methods. How can I authenticate users in the Chrome extension to allow them to post?
The workflow would be something like this:
Install Chrome extension
Authenticate with my site, which has no password-based user accounts
Interact with my API (w/ authentication also via separate oAuth2 consumer, presumably)
I was able to read the user's session cookie from my site's domain and interact with my API w/o a problem.
Is it possible to use sharepoint as an authentication provider?
This is my setup:
Server A -> IIS web application loading custom dll's for different user providers
Server B -> Sharepoint 2007
Server C & D -> Multiple AD's
Sharepoint is configured to use multiple AD's as user provider
This is what I want to achieve:
A user enters his sharepoint credentials in the web application, this automaticly loads the dll (which I need to create)
This dll then forwards the credentials somehow to sharepoint and retreives some sort of user object.
The dll parses the sharepoint user object to it's own class and sends it back to the webapp.
Is this possible? If yes, what would be the best way to do this? I know sharepoint has webservices etc but I don't know if this could work.
All servers are in the same network, accessed locally so passing the credentials isn't a big problem.
UserGroup Web Service
Did you consider using the UserGroup Web Service, http://msdn.microsoft.com/en-us/library/websvcusergroup.aspx.
Available at http://sharepointserver/_vti_bin/UserGroup.asmx
It has the GetUserInfo method, http://msdn.microsoft.com/en-us/library/websvcusergroup.usergroup.getuserinfo.aspx
Authentication Web Service
There is also the Authentication Web Service, but it only return the login result, http://msdn.microsoft.com/en-us/library/websvcauthentication.aspx
Great for checking the validity of a user anyway.
Available at http://sharepointserver/_vti_bin/Authentication.asmx
I am building an application that has a web front end and a desktop client application. The web front end allows users to login using Facebook. It exposes a web service to the Desktop application for uploading data. The web service needs to insure that the desktop application uploading data for a user is really from that user. I have already implemented Facebook login on both the client and web interface using the Graph API. How would I go about using Facebook to validate that the user using the desktop application is who they say they are? Also, how can I make it so the user can login once and not need to login again on the desktop application?
After much struggle I figured out that it's possible to receive a session key that does not expire. You can do this by requesting offline access to a user's profile. I stored this in the database on the web side and retrieved and stored it on the desktop side. The only problem is the session key technically can be viewed and used by someone other than the user to make requests. Any other suggestion would be appreciated.
I want to upload a file to a website via a desktop app and then take the user to the website. The website has a web service, but requires authentication as does the web site. Is there a way to do this without forcing the user to authenticate twice (once in the desktop app and once in the web browser)?
Unfortunately, you can't prefill an input of type file for security reasons, which makes sense since the user won't want you uploading arbitrary files from his/her computer. But if they have a desktop app, is there some way around this?
Or maybe make the user log into the web app first and then the authentication cookie can be reused?
Any other ideas?
Thanks,
Ben
I would use the dekstop app as a client to the website app via an api.
So, login via the desktop app. The api returns a authentication token (as Carlos suggested) which might be a md5 hash stored in your database for a certain period of time, possibly matched to the clients ip address.
The desktop app can then make calls on the api (like uploading a file) as a authenticated user (by using the auth token).
When loading the website, perhaps the url is http://website/login/{auth_token} where the auth token is added to the url. The api can check to see if its a valid auth token and consider the user logged in.
You could generate an authentication token that could later be used on the website.
It all depends on the type of authentication of the service and the site. Is it integrated Kerberos, WS-Auth, is it Basic/Digest HTTP, is it forms/cookie ?
This answer will most likely not work in the very general users-on-the-wide-open-web scenario, but in intranet contexts, using Windows Authentication (on an ASP .Net solution), would provide this.