I'm trying to use node-red to create a multi-user dashboard,
the idea is that the dashboard has different session, each for a different user. A user must be identificated by the system and can't reach the dashboard resources of another user.
I find the multiuser dashboard very useful to this scope, and I try to use it with node-red-contrib-user to obtain a login system that manages different types of account.
I make this flow:
but when I try to open the node-red-url/mui it redirect me directly to default user, without let me check the login.
The contrib-user works properly on sections that are different from dashboard (/mui or /ui)
It is possible to use the contrib on dashboard or it's better to think to another strategy?
Kind Regards,
Gianluca
Related
I am working with PowerBI Embedded but I am quite new.
The following is my customer request. They want to have the dashboard embedded in their webpage but before opening they want to have password. They will just get the URL and add as iFrame in their webpage.
I plan to use the Embedded API to make the webpage using the token provided.
However this will not prompt the user to login. Is there any way I could do that? Maybe I will have to write the app in as whole to monitor the user authentication.
If you're using 'User owns data' scenario of Power BI Embedded, then each user HAS to be authenticated on his own, and is limited to access only resources in his possession (or that were shared with him).
If you're using 'App owns data', you can control whichever auth process you'd like, and grant access to the embedded entity as you please.
Read about the different approaches:
https://guyinacube.com/2016/07/3-ways-to-embed-power-bi/
I want to have app which has some default route and controller (Let's say Login page). I can register this at the Configure method but after the user successfully logs in I want to fetch the pages related to the user and register them so he can have access to it. Is there a way to achieve that?
As long as I read that's impossible but who knows, I'm new to ASP NET Core?
Based on the wording, this sounds like a security question. You only want users to have access to certain pages. If that's the case then I would look at something like role-based authorization.
If the question is more about showing the user a list of resources they can access, then the most obvious solution I can think of is to store that information in a relational database. When the user logs in, select the relevant pages / resources by user ID.
In any case, changing the registered routes is not the correct approach.
Auth0 looks like a very promising user management solution, but I'm curious if it allows you to export a user database.
This is an important feature because:
I'd like to make my own backups. (Not so much because I'm worried Auth0 might lose my data. But what if there's a bug in my code or my Auth0 keys are compromised?)
I might want to switch user management providers someday.
From Documentation > Importing Users to Auth0, I see there's a way to import users (on-demand when you can obtain their passwords anyway). And I can see they use bcrypt for password hashing (at least by default). But I don't see any mention of exporting users.
The Auth0 Management API allows you to export your data. Additionally, we have a tool that will help you both import and export users: https://auth0.com/docs/extensions/user-import-export
For the official policy see this document: https://auth0.com/docs/policies/data-export
Auth0 does not currently provide the facility to directly export password hashes. Not on their API and not by downloading from their web interface. Probably they never will provide this doing so would somewhat reduce security since an attacker with access to your Auth0 account could then attempt to brute force all of the user's accounts rather than just the active ones.
To get a more or less compuete export of user data there are three possible ways, all of which require activity in advance.
Request a full export from support - currently you have to be already signed up for support at at least developer level for at least a month (see the document Moving out of Auth0)
Do a gradual move out by creating a new, local password hash each time the user logs in. - you will have to wait for all your users to have logged in once. This is the inverse of the procedure for migrating in to Auth0. N.B. this will mean you miss users who never log in during your migration period.
Create and store a password hash yourself using Auth0s custom database connection for use whenever your user logs in. If you already have users in Auth0 you can combine this with method 2. to migrate those users into your custom database.
The answer from Nathan Totten here covers how to get the rest of your user data, though Auth0 support should be able to provide you with an export including all of that.
I've implemented security rules for a Firebase and that's working great. But if an administrator can view any data then the data isn't private. And if the admin can - inadvertently or maliciously - modify or delete data, then the data isn't secure and the application isn't reliable. How can I prevent the Firebase data from showing in the Dashboard view?
There is no way to limit the data that is shown in the Firebase dashboard.
The Firebase Dashboard is meant for system administrators. So you should only give access to people who are allowed to see/manipulate all data.
In general it is a good idea to write your own application dashboard, which provides the administrative functions for your application. This would then be the dashboard that you give application administrators access to.
I am looking for a way for my users to be able to login to both of my Joomla sites (one running 1.5 and the other 1.6) using the same credentials. For example, if a user registers to my Joomla1.5 portal, when they use that same info for my Joomla1.6, they get logged in without having to re-register and vice versa.
I guess an authentication plugin would be the best solution in combination with a XML-RPC service? Joomla1.5 site's plugin is triggered which "communicates" with the Joomla1.6 site where the user is already registered, if the credentials check out, a new user is created and the user automatically gets logged in.
Thanks in advance for any ideas/help.
You are trying to do two very different things that will require two very different plugins. First, you need a bridge to handle user table synchronization. You not only have to create a user for each site, you have to sync everything about both accounts each time anything changes. This would include changing email address, password, or even user name plus any other related data such as the use groups that the user belongs to. A good place to start would be jFusion, which is designed to bridge Joomla with other software packages but can certainly be modified to bridge Joomla sites. JFusion also has the added advantage of creating user sessions for each connected software package for a single unified login, which would be the second piece of the puzzle you would need to solve once you get the users sorted out.
http://www.jfusion.org/