im building a login pwa with react and node for a existing wp site, how can i check the pass provide by user when signin with the encrypt wp password generate when the user created the account through wp? thanks in advance
WordPress makes use of md5 encryption so if you can use the below package to encrypt the entered password and check for the user authentication.
https://www.npmjs.com/package/md5
var md5 = require('md5');
if(password == md5('secret')){
//true
}
else
{
//wrong password
}
Related
forgot the moodle admin password of my local moodleyour text server
i am using the version 4.1 moodle
i know the username but unfortunetly forgot the password my local moodle server.
i have tried to forgot the password i havent give the smtp address so i cant recieve the mail of reset password
enter image description here
login to moodle server but
i have forgot the passwqord so i am not able to login
You can reset the password from the command line
php admin/cli/reset_password.php --username=admin --password=newpassword
Here is a more hacky approach that works provided you have access to the database.
For context, Moodle uses the PHP function password_hash() to generate a password hash for users. The basic idea is that you want to use this function in a plain PHP file outside of Moodle to output a password hash of a new password. This hash is then manually saved in the password field in your mdl_user table using your database client and your new password used to login to the site.
PHP File:
<?php
echo password_hash("new_password", PASSWORD_DEFAULT);
Example output of password_hash:
$2y$10$NCC4PVZ1kTRg4bT21yEl2eUVWMf3lkbYtczTn8vB53qNwTqtN9jwS
I'm trying to build a (C#) web app that allows clients to make appointments with me.
I'd like the web app to be able to read and add entries to my outlook calendar.
Many users will use the web app, but the web app will only access one outlook calendar - mine.
All of the examples I have been able to get working have involved the web app user interactively authenticating - but my users will not know my password.
I would like to hard code my username/email address and password in the web app.
When trying to acquire a token I get an error:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:
AADSTS65001: The user or administrator has not consented to use the application.
Send an interactive authorization request for this user and resource.
I am not an administrator of the tenant. Is there any way I can get this to work without administrator involvement?
Would using some kind of certificate rather than a user name and password as user credentials help?
My code (currently in a simple C# console application) is as follows:
UserCredential uc = new UserCredential(MyUsername, MyPassword);
var AuthContext = new AuthenticationContext("https://login.windows.net/Common");
// this doesn't work unless an unexpired token already exists
ar = AuthContext.AcquireToken("https://outlook.office365.com/", MyClientId, uc);
// this does work, but requires the app user to know the password
ar = AuthContext.AcquireToken("https://outlook.office365.com/", MyClientId, new Uri(MyReturnURI));
To enable use the username and password to request the token directly, we need to consent to use the app.
We can use the OAuth 2.0 authorization code grant flow to grant the consent by user. Here is an sample use the ADAL authentication library(3.13.1.846) to acquire the delegate token:
static string authority= "https://login.microsoftonline.com/common";
public static string GetDeligateToken(string resource, string clientId,string redirectURL)
{
AuthenticationContext authContext = new AuthenticationContext(authority);
AuthenticationResult authResult= authContext.AcquireTokenAsync(resource, clientId,new Uri(redirectURL), new PlatformParameters(PromptBehavior.Auto)).Result;
return authResult.AccessToken;
}
After we consent the app, now we can use the code in your post to acquire the token.
I need to ask user for a password each time he using Google OAuth.
There was an option I have used "max_auth_age", but it stops working.
Is there any replacement for this option. If not - could you please suggest where can I submit something like "feature request" to Google to restore this feature.
Thanks.
UPD
I have read possible duplicate topic and tried to use max_age instead max_auth_age. It did not help.
p.s I know that the main idea of OAuth2 not to use any passwords prompts, but its customer requirement. He is afraid that person, who not allowed to use system can have access on shared computer if someone forgot to logout from Gmail.
Aside from BCM and ehsan s' concerns, it is possible to revoke access to your application AND ask for a password on subsequent login attempts.
Following is a NodeJS example with googleapis, but is simple enough to work for all applications:
const google = require('googleapis').google;
const oauth2Client = new google.auth.OAuth2(
'client_id',
'client_secret',
'redirect_uri'
);
// Sign-in code (omitted) here
async function signOut() {
return await oauth2Client.request({
url: 'https://accounts.google.com/Logout',
method: 'GET'
});
}
Unlike oauth2Client.revokeCredentials, requesting https://accounts.google.com/Logout will make google ask for password on subsequent sign-in attempts.
Bare in mind that this request will sign the user out of all google services on the client.
This wont affect other clients on the device however - i.e. sign-out of NodeJS app will not cause the user to be logged out of gmail in Chrome browser running on the same machine and under the same user.
Hope this helps :)
We are using auth2.0 for windows azure active directory authentication where authentication is performed on https://login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=...... and after successful authentication we are redirecting to our site.
for logout the site we delete all the cookies generated on our site and redirect to the login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=....... url again but at this time we are not getting any login credentials screen and
redirected to our site with access token. What process is required to logout. because if we delete all cookies or close the browser and reopen the site works and redirecting us to login.microsoftonline.com/login.srf?wa=wsignin1.0&wtrealm=........ url.
we are using following code for logout process
[NoCacheAttribute]
public ActionResult LogOut()
{
UserCookieWrapper.delete_UserCookieWrapper();
//This function delete all the datamemeber of the UserCookieWrapper class
string[] theCookies =
System.IO.Directory.GetFiles(Environment.GetFolderPath(
Environment.SpecialFolder.Cookies));
foreach(string currentFile in theCookies)
{
try
{
System.IO.File.Delete(currentFile);
}
catch(Exception objEx) { }
}
Response.Clear();
return RedirectToAction("Index", "Login");
}
Clearing cookies you've created will not help you, since the user is still signed-in with the Azure AD. This is howo Web-SSO (Single-Sign-On) works. Regardless of the protocol you use to authenticate with Azure AD, you still need to implement the Sign Out properly - a federated Sign Out! This is the case with any web-sso provider you will find on the internet - Google, Facebook, LinkedIn, Twitter, you name it.
What you do is just signing user out of your Application, not from the identity provider. Once your application redirects the user to the selected identity provider (in your case AAD), if the user has an active session with it, one will not see login screen!
In order to properly implement federated sign-out, you have to read through the Implementing SSO with Azure Active Directory. You can fast forward to the "Implementing Sign Out Controller" step. Which will show a code like this:
public void SignOut()
{
WsFederationConfiguration fc =
FederatedAuthentication.FederationConfiguration.WsFederationConfiguration;
string request = System.Web.HttpContext.Current.Request.Url.ToString();
string wreply = request.Substring(0, request.Length - 7);
SignOutRequestMessage soMessage =
new SignOutRequestMessage(new Uri(fc.Issuer), wreply);
soMessage.SetParameter("wtrealm", fc.Realm);
FederatedAuthentication.SessionAuthenticationModule.SignOut();
Response.Redirect(soMessage.WriteQueryString());
}
Please read through the entire section (better the entire article) to understand what the code does and why you have to go this way.
Is it possible to Impersonate a user when using Forms Authentication?
The thing is that I want an external login for users and an internal site that just uses integrated windows security and the users need to be impersonated.
I've looked around and found that John's answer here is really good, but I don't quite get how I can mix it up with my Forms authentication.
Suggestions?
Edit
I want to have an <asp:Login /> control and this control will authenticate against an Active Directory which has the same set of users as the Windows Machine that I want to use impersonation on.
My problem is that I don't get how I can impersoante with the same username and pasword that is provided to the <asp:Login /> control.
In order for that solution to work, you'll need access to the user's id and password. I don't believe that you can get this using the Login user control; you'll need to create your own login form and handle the login actions yourself. Keep the user's id and password, preferably in a secure string, in the session once you've authenticated and when you need to access the internal site on their behalf, use the Impersonator class from the referenced example to impersonate them using the credentials.
using (var context = Impersonator.LogOn( username, password ))
{
try
{
....
}
finally
{
context.Undo();
}
}