Version: SharePoint 2013
I am trying to set pictureurl property for a user within WCF service. The main logic followed was as mentioned in this blog http://pholpar.wordpress.com/2010/03/10/how-to-upload-a-user-profile-photo-programmatically/
userProfile["PictureUrl"].Value = pictureUrl;
In this line, I am getting exception "The user could not be authenticated to the Web site being accessed."
Any help is appreciated.
I got the same error when trying to update a user profile property, the code that worked for me:
SPUserToken token = SPUserToken.SystemAccount;
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(currGuid, token))
{
site.AllowUnsafeUpdates = true;
HttpContext.Current = null; //clear the context for impersonation with token! mandatory!
SPServiceContext serviceContext = SPServiceContext.GetContext(site);
UserProfileManager profileManager = new UserProfileManager(serviceContext);
UserProfile prof = profileManager.GetUserProfile(userName);
prof["My Property"].Value = "abcd";
}
});
The part that fixed the error was clear the current context BEFORE fetching the profile manager.
Related
I am working on a App to integrate Microsoft Graph API, is it possible for the administrator of each tenant to give consent for permissions so that the user does not need to have any interaction with our app to give permission so that we can update the user calendar?
Or does the user have to provide authorization at least once in order to get the authorization token?
I have been looking at this guide:
https://learn.microsoft.com/en-gb/graph/auth-v2-service
You can update users' calendar by calling ms graph api without users sign in. But it depends on the api you used if support Application api permission. For example, this api is used to create event for calendar. It support application permission.
I also want to inform you that using application permission is not the best practice because it will give your application such a big permission to manage all users' calendars. But this seems to be your goal.
Let's come back to your requirement. And using the api I mentioned as an example. You firstly need to have an azure ad application and give it the correct api permission and let the tenant admin to consent the permission by clicking "grant admin consent for xx_tenant".
Then you also need to create a client secret for your azure ad application. Going to Azure ad -> Certificates & secrets -> New cient secret. Pls copy the secret. Then assuming you have an asp.net core app used to call the graph api. Then refer to this section or my code below to use graph sdk to call the api. Pls note, graphClient.Users["user_principle"] means who creates the event, the Attendees defines whose calendars will be added events.
using Azure.Identity;
using Microsoft.Graph;
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "your_tenant_name.onmicrosoft.com";
var clientId = "azure_ad_app_id";
var clientSecret = "client_secret";
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
var #event = new Event
{
Subject = "Let's go for lunch",
Body = new ItemBody
{
ContentType = BodyType.Html,
Content = "Does noon work for you?"
},
Start = new DateTimeTimeZone
{
DateTime = "2022-07-15T12:00:00",
TimeZone = "Pacific Standard Time"
},
End = new DateTimeTimeZone
{
DateTime = "2017-07-15T14:00:00",
TimeZone = "Pacific Standard Time"
},
Location = new Location
{
DisplayName = "Harry's Bar"
},
Attendees = new List<Attendee>()
{
new Attendee
{
EmailAddress = new EmailAddress
{
Address = "samanthab#contoso.onmicrosoft.com",
Name = "Samantha Booth"
},
Type = AttendeeType.Required
}
},
AllowNewTimeProposals = true,
TransactionId = "7E163156-7762-4BEB-A1C6-729EA81755A7"
};
await graphClient.Users["user_principle"].Events
.Request()
.Header("Prefer","outlook.timezone=\"Pacific Standard Time\"")
.AddAsync(#event);
I am trying to seed the db with initial data and I am using the following code to create the users. Users get created, passwords hashed, etc but when I try to login with my password, it fails to log me in with error message: Invalid login attempt. What am I doing wrong? I am using asp.net core mvc application with identity template, not a custom login.
var mymail = "my#my.com";
var mypw = "Test1.";
var applicationUsers = new ApplicationUser[]
{
new ApplicationUser {
UserName = Constants.AnonUserName,
Email = "Anonymous#xyz.com"
},
new ApplicationUser {
UserName = mymail,
Email = mymail
}
};
var pwHasher = new PasswordHasher<ApplicationUser>();
applicationUsers.ToList().ForEach(u =>
{
u.PasswordHash = pwHasher.HashPassword(u, mypw);
context.ApplicationUsers.Add(u);
});
context.SaveChanges();
Login fails because NormalizedUserName field in db is null and during login, following query is issued (which fails):
SELECT "u"."Id", "u"."AccessFailedCount", "u"."ConcurrencyStamp", "u"."Email", "u"."EmailConfirmed", "u"."LockoutEnabled", "u"."LockoutEnd", "u"."NormalizedEmail", "u"."NormalizedUserName", "u"."PasswordHash", "u"."PhoneNumber", "u"."PhoneNumberConfirmed", "u"."SecurityStamp", "u"."TwoFactorEnabled", "u"."UserName"
FROM "AspNetUsers" AS "u"
WHERE "u"."NormalizedUserName" = $1
LIMIT 1
DETAIL: parameters: $1 = 'MY#MY.COM'
I guess the solution is to inject ILookupNormalizer service and normalize with its Normalize method but it is already too much work. I am injecting UserManager service and using its CreateAsync method to create a user with a password as advised by #Tseng above in comments.
I have tried many, many different ways, to get this data. But I can't get it to work.
I have a MVC4 application, hooked up with Active Directory. But I need the users AD GUID.
I tried:
(Guid)Membership.GetUser(User.Identity.Name).ProviderUserKey;
WebSecurity.CurrentUserId;
But none of them work.
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
Managing Directory Security Principals in the .NET Framework 3.5
MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, User.Identity.Name);
if(user != null)
{
Guid userGuid = user.Guid ?? Guid.Empty;
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
I managed to solve it (Not pretty...):
string login = HttpContext.Current.User.Identity.Name;
string domain = login.Substring(0, login.IndexOf('\\'));
string userName = login.Substring(login.IndexOf('\\') + 1);
DirectoryEntry domainEntry = new DirectoryEntry("LDAP://" + domain);
DirectorySearcher searcher = new DirectorySearcher(domainEntry);
searcher.Filter = string.Format("(&(objectCategory=person)(objectClass=user)(sAMAccountName={0}))",userName);
SearchResult searchResult = searcher.FindOne();
DirectoryEntry entry = searchResult.GetDirectoryEntry();
Guid objectGuid = entry.Guid;
The original code used : entry.NativeGuid, but I changed because of Little / Big endian "problems"
entry.Guid has the same "format" as in AD.
I am having trouble with facebook authentication for Mobile Services in Azure.
To be more specific, I already have an application that is using Facebook C# SDK and it works fine. I can log on, fetch list of my friends and so. I want to keep using this SDK, but I also want to authenticate for Azure Mobile Service.
So, my plan was, log on with Facebook C# SDK (as I already do today), get the authentication token, and pass it to the MobileServiceClient.LoginAsync() - function. That way, I can still have all the nice features in Facebook C# SDK, and also use the built in authentication system in Mobile Services for Azure.
var client = new FacebookClient();
dynamic parameters = new ExpandoObject();
parameters.client_id = App.FacebookAppId;
parameters.redirect_uri = "https://www.facebook.com/connect/login_success.html";
parameters.response_type = "token";
parameters.display = "popup";
var loginUrl = client.GetLoginUrl(parameters);
WebView.Navigate(loginUrl);
When load is complete, followin is executed:
FacebookOAuthResult oauthResult;
if (client.TryParseOAuthCallbackUrl(e.Uri, out oauthResult) && oauthResult.IsSuccess)
{
var accessToken = oauthResult.AccessToken;
var json = JsonObject.Parse("{\"authenticationToken\" : \"" + accessToken + "\"}");
var user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.Facebook, json);
}
However, I get this exception when I call the last line of code above:
MobileServiceInvalidOperationException, "Error: The POST Facebook login request must specify the access token in the body of the request."
I cannot find any information on how to format the accesstoken, I have tried a lot of different keys (instead of "authenticationToken" as you see in my sample). I also have tried just to pass the accesstoken string, but nothing seem to work.
Also, if I use the MobileServiceClient.LoginAsync() for making a brand new login, it works just fine, but it seem silly to force users to log on twice.
Any help is greatly appreciated!
The format expected for the object is {"access_token", "the-actual-access-token"}. Once the login is completed using the Facebook SDK, the token is returned in the fragment with that name, so that's what the Azure Mobile Service expects.
BTW, this is a code which I wrote, based on your snippet, which works. It should handle failed cases better, though, but for the token format, this should be enough
private void btnLoginFacebookToken_Click_1(object sender, RoutedEventArgs e)
{
var client = new Facebook.FacebookClient();
dynamic parameters = new ExpandoObject();
parameters.client_id = "MY_APPLICATION_CLIENT_ID";
parameters.redirect_uri = "https://www.facebook.com/connect/login_success.html";
parameters.response_type = "token";
parameters.display = "popup";
var uri = client.GetLoginUrl(parameters);
this.webView.LoadCompleted += webView_LoadCompleted;
this.webView.Visibility = Windows.UI.Xaml.Visibility.Visible;
this.webView.Navigate(uri);
}
async void webView_LoadCompleted(object sender, NavigationEventArgs e)
{
AddToDebug("NavigationMode: {0}", e.NavigationMode);
AddToDebug("Uri: {0}", e.Uri);
string redirect_uri = "https://www.facebook.com/connect/login_success.html";
bool close = (e.Uri.ToString().StartsWith(redirect_uri));
if (close)
{
this.webView.LoadCompleted -= webView_LoadCompleted;
this.webView.Visibility = Windows.UI.Xaml.Visibility.Collapsed;
string fragment = e.Uri.Fragment;
string accessToken = fragment.Substring("#access_token=".Length);
accessToken = accessToken.Substring(0, accessToken.IndexOf('&'));
JsonObject token = new JsonObject();
token.Add("access_token", JsonValue.CreateStringValue(accessToken));
try
{
var user = await MobileService.LoginAsync(MobileServiceAuthenticationProvider.Facebook, token);
AddToDebug("Logged in: {0}", user.UserId);
}
catch (Exception ex)
{
AddToDebug("Error: {0}", ex);
}
}
}
I'm trying to use Tridion's ContentManagment API to retrieve taxonomy categories and keywords, but I'm running into an Access denied error.
I have the following method:
public Dictionary<string, string> GetKeywords(string tcmUri)
{
var result = new Dictionary<string, string>();
try
{
// _settings.ImpersonationUser = "MYDOMAIN/myusername"
using (var session = new Session(_settings.ImpersonationUser))
{
var category = new Category(new TcmUri(tcmUri), session);
var keywords = category.GetKeywords(new Filter());
if (keywords != null && keywords.Count > 0)
{
foreach (var keyword in keywords)
{
result.Add(keyword.Id.ToString(), keyword.Title);
}
}
}
}
catch (Exception ex)
{
Logger.Log.Error(
"Failed to retrieve keywords for '{0}'.".FormatWith(tcmUri), ex);
}
return result;
}
The user I've got in _settings.ImpersonationUser has access to the Tridion Content Manager, is configured as an administrator, and has been added to Impersonation users in the "SDL Tridion Content Manager configuration" snap-in.
The error I'm getting is the following:
System.Runtime.InteropServices.COMException (0x80040302):
<?xml version="1.0"?>
<tcm:Error xmlns:tcm="http://www.tridion.com/ContentManager/5.0"
ErrorCode="80040302" Category="16" Source="Kernel" Severity="2">
<tcm:Line ErrorCode="80040302" Cause="true" MessageID="16226">
<![CDATA[Access denied for the user MYDOMAIN\myuser.]]
<tcm:Token>MYDOMAIN\myuser</tcm:Token>
</tcm:Line>
<tcm:Details>
<tcm:CallStack>
<tcm:Location>SystemBLST.GetUserContext</tcm:Location>
<tcm:Location>SystemBLST.IBLSecurityST_GetUserContext</tcm:Location>
</tcm:CallStack>
</tcm:Details>
</tcm:Error>
Does anyone have any clues to what I'm doing wrong?
Thanks in advance!
Here's a few things to understand when it comes to impersonation & Tridion...
The user executing the code should not have access to Tridion.
The user executing the code should be configured as a valid "Impersonation User"
The user that the code impersonates should be a valid Tridion user.
If all those 3 conditions are true, impersonation will work.
By executing the code, I mean the Windows account under which the code is being executed. If this account has access to Tridion, you do NOT need to use impersonation.
Hope this helps.