Is there a way to retrieve the current user's information (i.e. login/password) so that it may be used to automatically fill in forms during the install?
I do not know where to start my searching.
I would agree with the answer to a similar question I found here:
"Windows will never, ever give you the user's password. You will have to
prompt the user to give it to you."
If this were possible, it would present inherent security problems. Consider what else a program could do if it could obtain my account credentials programmatically just because I am running the program.
If you just want the user name though, it looks you can get that with the LogonUser built-in variable. There is a list of built-in variables here if you are interested in what else is available.
Related
For context, I am currently developing a bit of software for a machine, when this machine is left by the operator (i.e. running without supervision), its door must be locked. This is all fine.
When the operator gets back and wants to unlock the software again, they must enter a simple 4-digit passcode. Then the door unlocks again.
Additionally, a supervisor or manager (or operator with the code I suppose) can enter another 4-digit passcode to enter a settings page. They could also change the operator passcode, etc.
Lastly, there's an Admin level. They can change actual parameters that shouldn't be touched by any other than the owner of the machine/someone with thorough knowledge of the system (like a service-person). This admin level can also be entered with a(nother) 4-digit code.
Problem: The problem arises when a supervisor changes passcodes. If they enter a password that happens to be identical to that of the admin, the software throws an exception.
How do I actually handle this exception?
I obviously cannot say "password in use, please use a different one"... That would give the admin password away. Should I let them choose their new passcode, and change the admin passcode one value higher? Admins would know of this behaviour, so if the default admin passcode doesn't work, they simply try passcode++.
Any suggestions would be greatly appreciated.
I'd prefer to handle the exception properly, not change the way the login works. As this has already been deployed. (though I can see whether I could do so in future versions)
I am trying to implement a hardware busy light to show my Microsoft Teams presence so that my family to not enter the room I have the office while I am in a meeting. I am looking to implement something similar to:
https://www.eliostruyf.com/diy-building-busy-light-show-microsoft-teams-presence
https://blog.jongallant.com/2014/12/beakn-v0-1-diy-lync-status-light/ (older acticle - similar idea).
The only problem I have with this setup is that I cannot get the MS Teams status.
The best way to go is by using MS Graph Presence API but my problem is that this is a company account and I don't have (and there is no way I could have) and app in the main subscription granted with the required scope: Presence.Read.
So I tried different ideas but none worked in the end:
check local running processes
check if MS Teams exposes any local API
check if there is a CLI available
This seems a simple idea, I mean, I see the status right there now while I am typing this message, I could as well do an app that gets a screenshot of the taskbar and extract the status from the icon, but is that really the only option I have?
I think I found something interesting for you.
Go to
C:\Users\user\AppData\Roaming\Microsoft\Teams
you'll find a file called logs.txt
In this file you see if your current state changed
(current state: Available -> DoNotDisturb)
I would write a script with php or VB (depends on your skills) that read that logs.txt file like every minute and check for the last "current state" line.
What those posts are doing (certainly the first one, I didn't check the 2nd one) is calling the Microsoft Graph, which has a "presence" endpoint to get a user's status. There's actually even a specific "/me" endpoint, to get your own personal preference (less access rights needed). See more about this here: https://learn.microsoft.com/en-us/graph/api/presence-get?view=graph-rest-1.0&tabs=http
In order for this to work, as you've mentioned, you do need to have an Azure AD App registration. However, importantly, this will only require "delegated" permission (i.e. only permission from the single user, you, to access just data for that single user, you). As a result, you can use "delegated" and not "Application" permissions, which means that it does -not- require Admin consent for the tenant.
It -does- require and Azure Add Application though, at the risk of stating the obvious. While you don't have tenant admin rights, you need to see if you have Azure rights, just to create an application (you might have this anyway as a developer in your org). If you don't even have this, you can sign up for an M365 Developer account, and use that tenant. Importantly - the application does't have to be in the same tenant. If it's not, it's just a simple multi-tenant app, like any 3rd party Azure AD-backed application is.
Hard to find a meaningful title. I hope I get clearer now.
I'm building a service which is similar to doodle regarding the authentication model. The user can "create" something (using a form). There will be two different views. One for the creator where he can modify his settings and another one for public access.
I don't want to force users to register / log in. So I came up with a URL structure like doodle has:
/{some-id} -> public access
/{some-id}/admin/{some-token} -> settings page for the owner
The question now is how I can deal with this best. Currently I pass the token to all admin related Methods. But I don't feel comfortable with that.
I also thought about some server side session. I found two meteor packages but they are both not actively maintained anymore.
Another idea was to misuse the built in user management but without the user to recognize it. But I don't think that's feasible.
So now I'm asking you if you have a nice way of dealing with this. I hope I made clear what I want to do.
There are many ways of doing it. One way is to reuse Accounts package.
You user id is {some-id} and the password is {some-token}.
When you create new page. You create new user on server side using Account.createUser.
When you enter url /{some-id}/admin/{some-token}Meteor.loginWithPassword.
We're currently evaluating SAP Business Objects XI 3 for a front end reporting solution, but I'm not happy that we will need to create a new set of logins that will be managed independently from our existing website. We have an authentication API that our various applications all hook in to, so we effectively get single sign on, and single account management.
Is there a way to write a custom authentication plugin for SAP BOE 3? I've googled for information and have come up empty handed. Links to documents would be handy also.
The solution that we use for this problem is to have a seperate password management page built into the HR space that will change all the user's passwords to the same thing. So there is one input for username and pass that changes the global password for a user and then it runs through and changes all the different SAP ones that are needed.
Not really the answer you are looking for, but it is somewhat of a solution.
I have an AIR application and would like to connect to an LDAP server to obtain some information for a particular user.
The url is something like ldap://ldapservername:389/
I would like to pass the userid/Name as the parameter and hope to retrieve the Full Name, Email address etc.
Can you please provide suggestions regarding implementing this? A Windows specific solution is also fine with me.
Adobe AIR does not have built-in support for LDAP. All online examples go through a server for LDAP integration.
Sample: Performing an LDAP query for role resolution
http://www.adobe.com/devnet/livecycle/articles/perform_ldap_resolution.html
Short of using a server, you're limited to two options, neither of which is good.
Completely re-implement the LDAP protocol in AIR. I think this is feasible, but is a huge undertaking. With Alchemy you theoretically could recompile an existing C library to work with AIR, but I don't know how well that will work for this particular use-case. Plus it's a research project, not production ready.
Embed a native application. With AIR 2.0 you can include a native application written in C or .NET or whatever and launch it to perform your LDAP calls. The only way to communicate with this other process is through stdin/stdout so it's not easy to transfer complex/typed data, but it's feasible.
AIR is not suited for all applications. If all of your application's requirements can be fulfilled within AIR's API, then it's great. But if you need to do something not directly supported by AIR and don't have a server component, you're better off not using AIR.
You will probably need to do the usual LDAP stuff. Either start with the full DN of the user (uncommon) or search for it.
Bind to the LDAP directory as a proxy user, or as an anonymous bind. Query for ATTR=VALUE where ATTR is something you define as the unique value in the directory. Traditionally this is uid in LDAP servers. For Active Directory probably would be better to search for ATTR of sAMAccountName. Keep this as a setup parameter for the admin, since it will make it easier on different LDAP backend servers.
It might be mail, and the login value the user would enter is their email address. Depends on the use case. But leave it configurable to be flexible.
Then the search should return one value, with a full DN, then you want to bind as that user with the full DN and the provided password. I like the approach of binding as the user, instead of comparing the password, since then you increment any Last Login attributes, or the like, making it easier to detect account inactivity from the directory administrators perspective.