I have an Iron-Speed application generated from my database and wish to add password protection to all of the pages.
I already have a table in my database with usernames and passwords, how do I apply this to my Iron-Speed pages?
Yes you just required to have 3 tables in your Database :
Users
Roles
UserRoles (Relation between both)
It also create login automatically
and you can also get Users Info by Get methods of :
BaseClasses.Utils.SecurityControls.Get___
from any page
After some investigation, I found that Iron-Speed (What a program!) already has a wizard built in for security purposes, such as password protection.
By going to Tools --> Role-Based Security Wizard, everything can bet set up by linking it to the relevant fields in the 'User' table in your database.
Related
So I have the users in a table and I know my login system works because I use it for other workspaces. However across all the applications in this particular workspace I am having an error where users roles are not being recognized in particular I can't even get the admin page to work for me and I am a developer. If anyone has any clue on how to fix this it would be greatly appreciated.
If that first image is the default Admin pages, then wouldn't that mean you have access since you can see that page?
(which by default, if you let APEX create it for you through New Page > Features > Access Control) has Administration Rights set as the Authorization scheme
You have two places to check to find the issue:
Shared Components > Security > Authorization Scheme
Go to or Click your Administation Rights, under Authorization Scheme, you need to make sure you are using Is in Role or Group IF that is the requirement and you are to use the created roles. Make sure the role, Administrator (if default roles exist) is listed.
if validation is once per session, and you're still in the same session. log out and log back in. The problem should go away
Shared Components > Security > Application Access Control
Check under Role Assignments if your username is there.
Click Administrator under Roles, and make sure Administration Rights under Associated Authorization Schemes has the Is in Role or Group as the scheme type
If there is a different Authorization scheme (not Is in Role or Group) or you have different roles, then I would suggest post a new question with more details on your setup.
I am fairly new to coding in the .Net environment. I am having trouble finding "real-world" examples on authentication/authorization using Identity. Most examples I come across are primarily textbook examples that use the ASP .Net registration template.
I am trying to find guidance on where to look (yes, I Googled and I get very unrealistic/unusable use cases or "classroom" examples) or how to do this.
I work for a small school and I am trying to build an application (possibly Blazor - just experimenting with various technologies now) that allows both students and employees to login into a portal and view their relevant data. I have an Employee table and a Student table based on POCO classes. When I add identity to the project it creates Users and Roles tables as well.
I would like to have the "Users" table based on the Student and Employee tables - not have a separate users table. I do not want to have a "registration" option either. I would like the option for an Admin (which would fall under an "Employee") to be able to add users, but not use a registration page.
How would I implement Identity and Roles without using all the extras added? I am using .Net 5.0.
Thank you for your time and pelase forgive the English - it's new to me as well.
I understand what you're trying to do. It IS possible to Create a Custom AuthenticationStateProvider
But unless you have a VERY robust database already, I wouldn't do it. Getting the default system set up and migrating users will take at most an hour. Setting up your own custom authorization system is likely to take you MUCH MUCH longer.
Having different users in different tables is not a good design plan. They all have names, phone numbers, e-mails and so on-- put them on one table.
Hi Derrick and welcome to the community! #Bennyboy1973 is correct, in that both your Students and Employees are all "Users", so they should all be stored in the same table. To add to that response a bit, probably the simplest way for you to manage them is by using Roles, so the Students could be in one role and the Employees could be in another. By having a role attached to each, you can then use the roles as a filter in your queries and you could also restrict the access and actions each type will have based on the role they are in.
Regarding having administrators add the users to the database without public access, this can be done as well. Once you get the default identity system up and running, you can scaffold out the whole system so it can be modified, and probably the easiest way to achieve what you are after is to then modify the default registration (signup) page so that it requires the user to be authenticated to reach it, and then implement a confirmation email to activate each new account.
There are a few things with this approach that you need to be aware of as well.
Since the admin will be setting up all the other user accounts, you should modify the email confirmation chain to require a password reset at some point. The administrators can have access to the user's information as needed but shouldn't have the user's passwords.
Identity Server will store passwords in an encrypted format, and you'll need an initial user in your database. What this means is that you will have to "seed" an initial admin user into the database that you can use to sign in and get started with everything else. You'll have to research how to do this, as it isn't as simple as just accessing the database directly and adding the user and roles because of the encryption. The program you build should be designed to do this for you on either the first run or if you are connecting to a new database, using a username and password that you know. It will then store the user properly that you can use to sign in as Admin, then change the admin password. This makes the whole thing more secure.
This all sounds like a headache, but it's worth it to work through and know how it all fits together. The, as mentioned in other answers, you can migrate existing data into the database.
I have an existing MVC project (purpose built customer portal) that I am integrating into Orchard CMS as a module.
The customer portal module has its own database containing user information, which I need to use for customer authentication.
However, I also want to retain Orchards user authentication for admin authentication to Orchard.
So essentially, I require two authentication schemes with two different login pages for this. One for customers and one for admins.
How could I implement this?
One solution might be to cancel the idea of having 2 differnt login pages and moving your users to Orchards user table.
Then link these users to a specific role named like My existing MVC users and grant permissions to this role accordingly.
If you take this route some of the benefits would be
bound to Orchards user database and therefore existing authentication handling
existing permission stuff can be used / extended out of the box
user management in one place
extensible by using own parts (e.g. AddressPart, ContactPart, ...)
Another solution would be to replace the existing authentication by implementing IAuthenticationService. But this seems rather complex.
I have a postgres database and a web app.
The web app allows the existance of users and they do some stuff on the webapp.
I am new to postgres but what we used to do in SQL Server was ActiveDirectory - CreateLogins - CreateRoles etc..
Now in this database is it possible to create a login for each user? or is a table with users (username password) better? or worse?
I was thinking about having 1 login user in the database that can only do specific procedures and see views and just authenticate the user through the table.
Which is better solution?
I think it's better to use the database's built-in role management, as it keeps it DRY. Despite myths, you can still use connection pooling. It makes it much easier to audit, and to use row-level security later if you need it.
Postgres can authenticate users using built-in roles, or using Kerberos, GSSAPI, SSPI or LDAP.
You can sync LDAP users/groups/roles with Postgres:
https://github.com/larskanis/pg-ldap-sync
You can delegate authentication to the web server. Login as the web server role, and then change the user's role, to act as that user, using SET ROLE X. This lets you use connection pooling.
Use one or more roles with specific permissions that access the login tables, along with the rest of the app's tables. You obviously don't want that role to be the database/table owner, to mitigate damage from an attack.
Be sure to use the pgcrypto module to salt and hash user passwords.
I have actually set up and implemented a couple dynamic webpages for my website that involve adding news feeds and other media sources everyday with certain filters.
For right now, only I know the exact address of my admin menu for the CMS, but really anybody could access it right now since it isn't password protected.
I've looked into how to set up a User Authentication Restriction in Adobe's DreamWeaver CS6, but I keep hitting the same bump in the road in trying to do so.
I have my login.php page in front of me, and with the "password" field selected, I click on Server Behaviors > Add a Server Behavior > User Authentication > Login User. But this is where it gets hairy
I have the ability to pull up the database I have been using locally which involves about 4 separate columns (none of which have anything to do with a username/password), but when I go to select from the table which columns are used to verify the "username" and "password" field on my login.php page, there quite simply isn't a corresponding column to select.
I know there must be another way to set up in the database or in a separate database the values for my Logon, but I am not sure where. Anyone have any clue how to set this up so I can create a User Logon for my webpages? I tried granting my username all privileges and giving it a password in phpMyAdmin for this certain database I have been talking about but it did not help in creating the User Login (unless I missed something again in creating this password/granting all privileges).
You have to set your database username up with an index value in your table. It's an option other wise a key icon.
Unique I'd auto increment + username indexed + password varchar+ timestamp timestamp + reference1