I'm building a fairly simple Wix website.
I want a members app that can do the following:
Have a sign up page that sends an email to the site administrator. Once the site administrator approves they are approved and can log in.
Give users the option to sign up as either a standard or advanced access user. If they are an advanced user, then they can access different pages to the standard user.
aka. authorization and authentication
I looked at using the Wix members app, but this does not seem to include authorization.
Perhaps there is no Wix solution and I would be better off creating the site from scratch, with something like ASP.NET user account authentication?
The answer I received from the Wix team is:
"I believe the best way to achieve what you are trying to achieve is password protect all of your site pages except the home page.
You can add a contact form so users can contact you and ask for the password to access the rest of your site pages.
Then, as you mentioned, you can add a Member Login App to allow your visitors to sign up for the other restricted part of the site (authorization), and add a PayPal button so they can pay for their subscription (if needed). Then you can approve members who have paid for their subscription."
I will be using forms based auth with an MVC app instead to overcome this issue as the Wix solution I do not believe would provide a good user experience.
Related
I'am working on an project where we have a Vue.js Frontend and a Microservices architecture for the backend hosted in Azure Service Fabric.
We wan't to add an IdentityService for authentication using IdentityServer4.
What we want to achieve is a login that is basically the same as stackoverflow provides:
You can login on the website with an embedded login or use external providers like Google and Facebook.
My question only concerns the embedded login.
I have read articles that state using Authorization Code Grant with PKCE is the best way in my scenario. Moreover they say, that Ressource Owner Password Grant should not be used.
But as far as I know, with this flow it is not possible to embed the login to our own website. It will always be a redirect to the IdentityService.
How do Stackoverflow achieve this? Do they use Resource Owner Passwort Grant?
Thank you!
First of all, I welcome you to check how Stackoverflow (SO) handle their user registration process.
SO allows you three options. Login through Google, Facebook or register directly to SO. When someone use Google Or Facebook, SO uses Authorization code flow. User is redirected to respective login page. Once you login there, SO receive user profile details from those identity providers, which allows SO to complete the profile and onboard the user.
But when someone use built in register page, it is simply good old registration page. There is no OAuth involved there. SO obtain end user credentials, complete the profile and save them at their backend.
In your scenario also, you can omit OAuth and use a built in registration or login page. Only concern is the maintenance burden of end user credentials.
I am developing kentico application and i need to used windows authentication or claim based authentication depend on the user. If the user is Active directory user user should be able to login using username and password. If the user is not a Active directory user, user redirect to third party site for claim based authentication.
I wonder it is possible to implement this requirement with Kentico 9 CMS. If possible what is the best approach ?
Based on Kentico documentation claims based authentication with AD would work out of the box with just proper settings.
You can start on the following page and links over there should connect you t configuration as well:
https://docs.kentico.com/display/K9/Claims-based+authentication
Aproach Michal suggested would work for third party authentication.
Here is how you can implement AD authentication (quite easy): https://docs.kentico.com/display/K9/Configuring+mixed-mode+authentication
Unfortunately I'm not sure you can mix them together.
Authentication.Execute custom event handler might be a right place to inject your custom implementation for it.
We have included list of all applications assigned to a User - as an applications ribbon - in a webpart in sharepoint. We have used this API call to retrieve the applications:
https://alignedenergy.okta.com/api/v1/users/[user#domain]/appLinks
It works fine, but this retrieves ONLY the list of applications that are administrator governed.
Please advice: Why is it not returning the list of all org-defined and user-defined apps/bookmarks for every authenticated user from Okta?
We are in a hurry to complete the integration of OKTA and SHAREPOINT (waiting to release because of this problem).
Thanks in advance.
The reason why user-defined apps and bookmarks are not exposed through the API is because of privacy reasons. We strive to make sure our users 100% trust the Okta platform for handling their personal and sensitive information in the most secure and privacy-aware fashion.
What if a user creates a bookmark that points to a bank site he doesn't want the administrator to know about? We actually allow that and deny the ability even for an administrator or super use account (which is effectively the identity you impersonate with when using an Okta API key) to get access to that information.
Personal Okta apps and bookmarks are in Okta and should stay in Okta for privacy reasons. I hope that makes sense but feel free to send us a note at developers#okta.com if you want to discuss your needs further.
We have an existing MVC application which is used by multiple customers.
Currently, each customer is given a URL to our application e.g. https://myapp/mycustomername.
When they go their, they are presented with a login screen.
For some customers (not all) we want to implement SSO, and authenticate their users against their active directory, so that they never see the login screen (unless the SSO authentication fails).
Most customers won't be using this functionality.
My first question is: is this do-able? Is it possible to have an MVC application which uses both SSO and forms authentication?
If so, can anyone point me to any links explaining the process?
I've seen some good information, such as this tutorial but I can't find anything that matches my scenario.
Thanks.
This is surely a do-able task.
The steps would be
Identify the tenant name from the URL
Get the Identity Setting
If forms authentication, show them the login page
If SSO enabled, redirect to their ADFS URL
When you onboard your tenant, you will have to maintain the following metadata
TenantName
AuthenticationType : {forms / ADFS}
SSO Url
SSO Federation Metadata URL
etc
We did one such implementation that supports ADFS, Social Logins with Forms Authentication too.
Overview
Our SharePoint 2010 application will be launched from a 3rd party application, let's call it HealthApp, via an embedded URL. Much of the time the user will be logged into HealthApp from a shared workstation. As a result, SharePoint will not sign in automatically using the Active Directory credentials.
Requirements
We need single sign-on.
We need to continue to use Active Directory as the STS for various reasons.
Authentication from a stand-alone browser on the user's workstation will need to work as it does now.
Authentication Info
HealthApp can pass a username and any other custom identifier information we want as URL parameters.
The username will match the users Active Directory username.
We will not have a password.
We need some way to authenticate the user based only on the username/identifier.
Possible Solutions
Is there any way to bypass the password check in Active Directory?
This would appear to be the simplest solution if possible.
Can we
extend the Active Directory provider to authenticate using a generic
user and then log into SharePoint with the username passed on the
URL?
Any other suggestions?
I would think there would have to be some way to do this but have not had much experience with claims based authentication with SharePoint.
Thanks for any insight.
Me also facing same issue for authenticating users over share point site that uses claims authentication.As per requirements my app needs to access share point data. So to authenticate
over share point server from an app we need to provide some authenticated claims with the request so that share point STS can issue an authorization ticket to access the share point site resources. after spending more than 2 days in googling i found some interested article that may help to authenticate users from client app against identity provider systems.
OAuth library
this resides between app and identity provider system. using this you get an authenticated claims that will further use to authorize over share point server with the help of Share point STS.