I have created one intranet application in ASP.NET MVC 4.
I have added login module with Windows Login. So That User can login in application with different windows logins.
Currently now I get the current login user details with
string currentuser = User.Identity.Name;
It displays the current windows login username.
But in my application, user can logout and login with different windows login username, then still that variable gives the windows login username instead of application login username.
Give me the right code to fetch the current application logged on username instead of windows logged in username. Help
you can get like this:
using Microsoft.AspNet.Identity;
string username = Membership.GetUser().UserName;
or try with this:
stirng user = HttpContext.Current.User.Identity.Name;
Related
I was investigating passwordless authentication for my new Blazor app and most of the examples point to Email based authentication like medium.com authentication.
User registers
Authentication email sent to the email id
User clicks the link in the email to login
Is there a similar process flow where instead of email the Authenticator app is used. Like
User registers
QR code is generated based on email id + key - similar to email link
User scans the QR code and adds to Authenticator app
User login using the code
All future login - user enters the email id and either notification is sent to Authenticator app or code is entered to login.
You can use the GoogleAuthenticator nuget package to implement an authenticator app-based login. You can do something like this to verify the user.
var accountSecretKey = $"{twoFactorSecretCode}-{user.Email}";
var twoFactorAuthenticator = new TwoFactorAuthenticator();
var result = twoFactorAuthenticator
.ValidateTwoFactorPIN(accountSecretKey, profileViewModel.UserInputCode);
You can find more details about the implementation here
I'm using Microsoft graph in my Android project to authenticate users.
I'm doing so via this method:
https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-android
after a successful login Microsoft remembers the user email, so next time when user is trying to login it will suggest to use a previously logged in account. If user chooses a previously used email, a password is not required.
Problem raises when we have a single device where multiple users need to login via Microsoft. In this case new user will see the email of previously logged users and can select their email and log into account without entering any password.
My question is how can I avoid this behavior and close the session after each login?
Thank you!
You can tell ADAL to request credentials again by switching PromptBehavior from Auto to Always:
// Perform authentication requests
mAuthContext.acquireToken(
getActivity(),
RESOURCE_ID,
CLIENT_ID,
REDIRECT_URI,
PromptBehavior.Always,
getAuthInteractiveCallback());
Is there any possible to login to the RemoteDesktop based on the WindowIdentity instead of giving username and password?
I'm trying to build a (C#) web app that allows clients to make appointments with me.
I'd like the web app to be able to read and add entries to my outlook calendar.
Many users will use the web app, but the web app will only access one outlook calendar - mine.
All of the examples I have been able to get working have involved the web app user interactively authenticating - but my users will not know my password.
I would like to hard code my username/email address and password in the web app.
When trying to acquire a token I get an error:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:
AADSTS65001: The user or administrator has not consented to use the application.
Send an interactive authorization request for this user and resource.
I am not an administrator of the tenant. Is there any way I can get this to work without administrator involvement?
Would using some kind of certificate rather than a user name and password as user credentials help?
My code (currently in a simple C# console application) is as follows:
UserCredential uc = new UserCredential(MyUsername, MyPassword);
var AuthContext = new AuthenticationContext("https://login.windows.net/Common");
// this doesn't work unless an unexpired token already exists
ar = AuthContext.AcquireToken("https://outlook.office365.com/", MyClientId, uc);
// this does work, but requires the app user to know the password
ar = AuthContext.AcquireToken("https://outlook.office365.com/", MyClientId, new Uri(MyReturnURI));
To enable use the username and password to request the token directly, we need to consent to use the app.
We can use the OAuth 2.0 authorization code grant flow to grant the consent by user. Here is an sample use the ADAL authentication library(3.13.1.846) to acquire the delegate token:
static string authority= "https://login.microsoftonline.com/common";
public static string GetDeligateToken(string resource, string clientId,string redirectURL)
{
AuthenticationContext authContext = new AuthenticationContext(authority);
AuthenticationResult authResult= authContext.AcquireTokenAsync(resource, clientId,new Uri(redirectURL), new PlatformParameters(PromptBehavior.Auto)).Result;
return authResult.AccessToken;
}
After we consent the app, now we can use the code in your post to acquire the token.
Is it possible to Impersonate a user when using Forms Authentication?
The thing is that I want an external login for users and an internal site that just uses integrated windows security and the users need to be impersonated.
I've looked around and found that John's answer here is really good, but I don't quite get how I can mix it up with my Forms authentication.
Suggestions?
Edit
I want to have an <asp:Login /> control and this control will authenticate against an Active Directory which has the same set of users as the Windows Machine that I want to use impersonation on.
My problem is that I don't get how I can impersoante with the same username and pasword that is provided to the <asp:Login /> control.
In order for that solution to work, you'll need access to the user's id and password. I don't believe that you can get this using the Login user control; you'll need to create your own login form and handle the login actions yourself. Keep the user's id and password, preferably in a secure string, in the session once you've authenticated and when you need to access the internal site on their behalf, use the Impersonator class from the referenced example to impersonate them using the credentials.
using (var context = Impersonator.LogOn( username, password ))
{
try
{
....
}
finally
{
context.Undo();
}
}