I am using jive 5.0 forum. I have my own user tables with user id and password. How can i use this to provide Authentication for jive? The password is encrypted using sha-1 hashing technique.
Thanks in advance.
I found the answer myself. it was there are a couple of classes such as CustomAuthFactory CustomAuthToken CustomUser CustomUserManager which are explained in the documentation of Jive forum.
Related
I have two questions, really. I'm learning authorization in ASP.NET Core using the OAuth scheme for my company's authority. The thing is, on the final (3rd) leg, requesting a token, I need to authenticate the client (client id/client secret) using basic authentication (as per RFC 6749/2.3.1) but from what I have seen from the traffic client credentials are sent in the body instead.
I have a very hard time finding good documentation on the AuthenticstionBuilder.AddOAuth extension method so my first question is for tips where I might find a proper walkthrough that explains how to use the options and the four events supported? What I have found is people explaining how to set it up for this or that authority (such as GitHub, Facebook etc.) but none explains how the scheme implementation is designed. As a last resort I will have to check out the source code but if anyone can provide some links to a good explanatory walkthrough I would really appreciate it.
My second question is if there is a way to use Basic Auth for obtaining the token, as I describe above? I assumed there would have been an event where I could do that but my experiments indicates the three available events aren't suited for this.
Can I use Attribute Based Encryption (like CP-ABE scheme) and Oauth 2.0 to implement the Authorization, Confidentiality and Authentication (i.e. with FB, Google, Twitter etc.) in a web-application ?
Is there any example or framework ?
Is there any suggestion to use ABE with Oauth ?
Thanks
It doesn't make much sense to use OAUTH with CP-ABE. Those materials are on different levels. In fact, the OAUTH standard doesn't mention encryption at all, it just requires HTTPS without specifying a SSL/TLS version or cipher suite. Also OAUTH is concerned with resource access, thus authorization (but often misused to authenticate objects).
From the CP-ABE perspective there is no logic either. The idea of PKI is to establish a secure and trusted channel, not to do authentication or authorization.
If I have misunderstood the question, please clarity.
Update
Yes it is possible, but still subject to research, and therefore I wouldn't put too much trust in the method yet. What the paper describes it possible, but I doubt it will be used on large scale.
I am not an expert but want to comment here.
The key feature of OAuth2 is to facilitate authorization
The key feature of ABE is to facilitate encryption using attributes that helps in achieving privacy.
[for confidentiality and authentication, explore something else].
Since authorization and encryption/privacy are different aspects of security, they can be combined in innovative ways [such as this].
I am using WSO2 api-manager to provide secure access to my restlet uris'.
At the resouce class which extends ServerResource class i need to access the username and store it in db for auditing purpose.
I followed below link for the same
https://docs.wso2.com/display/AM180/Passing+Enduser+Attributes+to+the+Backend+Using+JWT
But not sure how to access the username at my resource class.
Can anybody help me for the same.
thank you.
~Shyam
Thanks Thierry Boileau your information helped to extract the header from the restlet but to decipher the token i followed the below links
http://lalajisureshika.blogspot.in/2013/06/passing-end-user-details-from-client-to.html
I am using asp.net web api 2 and developing an app which is to be hosted on intranet. So the authentication needs are very basic / minimal. I have some custom table where I store registered user's username/password. Using that I need to validate user.
As far as I understand OAuth is for using authentication from google/facebook/etc. Forms authentication is used with asp.net mvc. So what kind of authentication should I implement.
I have googled around but all I found are OAuth example. But how can I do very basic/minimal authentication implementation.
I know its a duplicate question, but it would be great, if someone can guide me to a link which can start from basics like how to read Authorize header, how to create/when to set IPrincipal, etc...
EDIT
there is no legal/regulatory requirement. also single sign on or windows login is not a choice. so just need to stick with a simple table with username/password fields.
just want to know the most basic way to include authentication/authrization in web-api app.
I recently answered a simliar question, see here: https://stackoverflow.com/a/26757636/849507
Since you already have your own table with username and password, the first two parts are for you. You can ignore the angular parts.
for the future users, if you are looking at the most basic & simple implementation, please have a look at SimpleOAuthProvider as shown in here. Its the most basic and simplest one to implements and uses token auth, which is good enough of most of the use cases.
Please do replace the AccountsController and AuthRepository with your custom implementations.
I am trying to build an authentication system which uses graphical password method to store passwords. Please tell me how can i implement this graphical password method to store passwords.
Thanking you..
As this question doesn't point to any particular implementation technology so I'm just giving you links to get more idea on how this can be done:
This article explains how this graphical password implementation is done
This is one graphical password project
From here you need to think about the technology to choose to implement this and design as well.