I have an custom claims provider that uses a IP-STS on Sharepoint 2010.
I want that a particular claim that comes from the IP-STS to map the Sharepoint user profile.
i.e:
Map the http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress claim to the "work email" field on the sharepoint's user profile
I want to do this automatically on the first time the user logs in, without any additional steps.
How can we accomplish that?
Just for your information, I've been researching pretty hard about it:
Even if I map it when I install the claims provider, this way:
$map = New-SPClaimTypeMapping "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" -IncomingClaimTypeDisplayName "Email" -SameAsIncoming
I can't see the right info on the Sharepoint user profile.
Any help?
Thanks in advance
Related
Sorry for an obvious question but I'm net to .Net Core.
I'm working on a new project that was created using Visual Studio on Mac with "Individual Authentication".
I want to assign Role to user right at the registration process (depending on their choice - dropdown option). I read many tutorials and watched many videos, but I cannot understand what's the right way to do it.
In many videos I was guided to create a project without Authentication and implement it manually including sign up and sign in.
I'm confused because I'm getting this functionality right away by creating a new project with Authentication.
But in my project I don't have access to files like "RegistrationController" or "Sign Up" View.
My questions:
Should I use "Individual Authentication"?
How to assign Role to user at the registration?
How to edit Sign up page (which is currently hidden in my VisualStudio, despite that I can register new users) to add dropdown.
Thank you so much for your help!
Should I use "Individual Authentication"?
Yes, Individual User Accounts
How to assign Role to user at the registration?
example:
_userManager.AddToRoleAsync(user, "Admin")
NB: the role has to have already been added to the database using the role manager.
How to edit Sign up page (which is currently hidden in my VisualStudio, despite that I can register new users) to add dropdown.
To update your view you need to right-click on your project and Select Add> New Scaffolded Item > Identity. Your view will be in Area section and you can make the needed changes.
I also recommend looking over the documentation if you haven't already
done so:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/add-user-data?view=aspnetcore-5.0&tabs=visual-studio
Hope this hepls.
I changed the user store to our custom oracle db. so, there are some fields that should be added to user profile when set the user profile of a user. How can I add some new properties to user profile GUI and map those to related fields in um_user table? thanks for your response!
you may want to have a look in the administrative console ( /carbon ) for the claim management.
Locate claims in the claim dialect http://wso2.org/claims, there you can define additional user attributes and their attribute names (field name in the underlying userstore).
good luck
Friends,
I need some help on Word API Authentication.
Scenario:
Our articles has meta data which contains who can work on the articles (User1, User2), we need to know user_name (window's id) who logged into the machine so that we can authenticate the users against article metadata without asking them to log-in each time.
Workflow:
Article Creator Process is responsible for creating the document. This process will create word document and will be transferred to the user.
Article processor is adding custom xml part into document such as User Name, Document ID etc.
Authentication Rule is simple here. If article metadata contains your name then only you can work else not.
We need to match article meta data name with user who is opening the document. So here we need to know who log-ed into the machine.
How we can get this information for Online and Offline ?
We don't want our desktop users to enter the credentials again and again. For desktop which is (90% users will use desktop) is should be pretty straight forward, get user name and match it with article metadata.
Appreciate any help on this, any alternative solutions to handle this are most welcome.
There is no way to find out the current user's username. You can get the unique ID of the user in terms of a GUID-like entity, though, so I suppose you could store the user GUID into the custom XML part instead. The GUID corresponds to the Microsoft account or OrgID identity of the user.
See https://msdn.microsoft.com/en-us/library/office/jj164035.aspx for more info, particularly the "To load a test license from your Visual Studio project" section that describes the structure of the validation token.
Alternatively, if you can trust your users (i.e., it's just identification, not authentication), have them type in their name once, and then store it in the browser's localStorage.
Suppose I started with an ASP.NET5 MVC6 webapp based on a default Visual Studio 2015 web application template with individual user accounts and Google+ (FB, LI) authentication enabled.
Then I created two signup pages, one for consumer users and one for professionals. I want the application to create consumer user accounts if users came from consumer signup page. And I want the app to create professional user accounts if users came from the professional signup page.
What should I do to customize the default solution?
pass role parameter to /Accounts/ExternalLogin, then somehow preserve it through OAuth process and fix user creation logic?
same but use cookies to pass role info?
or maybe have 2 copies of external login infrastructure - each responsible for its own account type?
Isn't is a common problem - how to pass additional information to the code responsible for account creation?
What should I do to customize the default solution?
Quite good explanation with examples:
ASP.NET 5 Documentation -> Authorization
I want ... create consumer user accounts ... and ... create professional user accounts...
In my opinion you can use (create) one account type for all (in common Db) and then during registration process you can assign additional properties to this account. You can use Roles or Claims, so this allows you to personalise user experience depends on 'account type' (using Authorisation).
If you just want have only customer/professional accounts, probably Role-Based Authorisation will be simpler to use, however Claims-Based Authorisation is little bit more elastic and will be beneficial in the future.
im using sharepoint 2010 with claimsAuthentification (SQLMembership Provider)
when user is authentified the first time, sharepoint create automatically a profile for this
user, please how can i avoid this.
thx
You can't with the out of the box SqlMembershipProvider, SharePoint needs to store user data somewhere, it just just hooks into the provider. You would need to write your own MembershipProvider to accomplish this.