I am building an app using .Net Core with VueJs along with JavascriptServices&NodeServices for ServerSideRendering, and Identity as auth mechanism.
Scenario :
I navigate to /details page - having some hidden info because the user is not logged in (so, User.Identity.Name) is null.
I click login, a pop-up shows up, I enter my credentials, and after the AJAX call is made to auth the user, I do a full refresh of the page using location.reload(true).
This works on chrome desktop but on mobile devices it doesn't; on mobile browsers it works if I "fake navigate away" meaning that I go back one page and then come back (so I don't trigger a SSR).
Does anybody have an idea why this doesn't work?
Related
I trying to use Auth0 in a office add-in (React SPA), specifically Excel.
I am using the popup to login instead of the redirect because the redirect doesn’t load in the iframe.
(The error for the iframe is "Refused to frame because an ancestor violates the following Content Security Policy directive: “frame-ancestors ‘none’” ").
The issue I’m having is once I login successfully, the pop just goes white and gets stuck on the login/callback.
I’ve checked the logs, it says a successful log but it doesn’t say anything about an exchange (success or failure).
I’ve tested the pop up on a different application (react web app) and it works perfectly fine.
The login we are using is the Universal Login (the new one, not the classic)
I’m interested in any and all approaches for using the Universal Login in this context.
Thanks
I have a Blazor application that uses an IdentityServer4 instance for authentication. it works perfectly.
But now I try to create the related Xamarin application, so...
About the web app, I have
After the login, the app uses the field 'Client.RedirectUri' (From Identity server Client) to redirect to 'https://www.myapp.com/signin-oidc'
Once I register, I have a button that redirects to the home page 'https://www.myapp.com'
About the Xamarin app
It uses a web view to navigate to the identity server, and the RedirectUri is 'myapp://callback'.
The mobile app can handle this callback.
When registering, it returns to the home page, but it is the "web home page". I should use the 'myapp://callback' instead to allow the Xamarin app to returns to its home page.
So, the problem is that I do not find such a feature for register (only for login & log out)
So, how can I do to force my web app to call the 'myapp://callback' instead of 'https://www.myapp.com' ?
I am using roles based authorization in my Blazor server app. When a user is viewing any component, something in the database could change behind the scenes.
I would want to force the user to be logged out and back in again if they navigated to any other components. (ie the state of their authentication has changed).
I've tried using the SignInManager.SignOutAsync() and NavigationManager.Navigate in app.razor to Sign out the user and Navigate to the Login page, but I find that the component they are trying to hit will still draw for a split second before it Navigates away. Is there a way to have the Navigation manager in the app.razor to immediately navigate away without letting the Page from drawing first.
do a client-side POST to a controller method containing SignInManager.SignOutAsync(), followed by NavigationManager.NavigateTo with forceLoad set to true to the Login page
I am writing an expressjs/ejs app which is using Twitter Bootstrap 3 for web pages. I have used Bootstrap Modal for login. I have included the modal in the header section so it is available for every webpage. However, if a user has not logged in, he needs to be authenticated before performing certain actions on the app. I am using a middleware function to determine whether a user is logged in, however if a user is not logged in, I need to redirect him to home page and initiate the login model directly. I am not sure how I can initiate the bootstrap modal from server side. Any thoughts?
I need to be able to do:
response.render('/home#loginModal');
That way user is directed to home page and is given a chance to login.
I have a mvc4 web app that sits behind ADFS 2.0 authentication, it's configured using the web.config file. The application can be visited by going directly to a URL or as an iframe inside of CRM 2013.
The application works in all (tested) browsers when visiting the URL directly, both redirection to login form and handing the user back to the web app with the proper information in the ClaimsIdentity.
However, when visiting the app as an iframe inside CRM2013, internet explorer goes into a continous login loop. You are asked to provide the credentials (which are the same as for logging in to CRM) and when you click ok you get redirected back to the same login page again, to my knowledge the app never receives the hand off.
In Safari, Chrome, Firefox, and Opera the users are able to log into the application inside of CRM as well as outside without any problems (I'd even go as far as saying that it works better than expected for these browsers).
Does anyone have any idea of what I can try or what the problem could be for IE?
EDIT 1
I'm thinking it has to do with some security setting and am playing around with the settings in IE. Unchecking this box stops the login form from showing in IE at all and I get an empty page instead.
Is the iFrame on the same (sub)domain as the site inside? You can use Fiddler to view your redirect flow, are the cookies added as expected?
I've seen cookies that are overridden by the iFrame host, in that case you lose the auth cookie. Browsers react differently on same domain cookies.
Another problem might be X-Frame-Options, do you see any warning in the F12 console of IE?