So we are using ADFS in a public facing SharePoint 2010 site. One of the supported logins is via Live ID. We have found that if a user logs into Live ID site like Hotmail prior to reaching our site, the following happens:
Our site thinks that the user is not logged in because the ADFS LS cookie is not present
When we click on Sign In and ADFS redirects us to Live ID, the Live ID login process detects its cookie and automatically logs us in using the prior user's email. We actually want to use another email address.
Even if we clear our cookies, the above behavior persists
We have tried the following on Windows 7 successfully:
Clear the browser cookies
Delete all files from %userprofile%\AppData\Roaming\Microsoft\Windows\Cookies\
And then Live ID correctly asks the user to login.
However, the above folder does not exist in a Windows 8 computer where this behaviour can be reproduced in IE 10.
So I really need to know the name and location of the Live ID cookie so I can hunt for it and destroy it to get the sign in prompt.
The ideal solution is that ADFS destroy the cookies correctly. The ADFS team is building a diagnostic page to delete their cookies but I do not think they will be able to destroy the Live ID cookie as it is not from their domain. If I can find its location, we can live with manual instructions for now.
Update
Found an answer. The trick is to go to live.com and click on signout first and then go to the SharePoint application. Not the best solution, but it works.
Update Found an answer. The trick is to go to live.com and click on signout first and then go to the SharePoint application. Not the best solution, but it works
Related
I am developing an app using VB.Net for accessing my GMail accounts. I was able to follow the steps given at .Net Quickstart and was able to able access one of my accounts. So whenever I run my app, it accesses my first gmail account automatically, which is fine. Now I would like to access my other gmail account using the same app. How to change the gmail account that is automatically accessed by my desktop app?
This is similar to this question, but I am not able to understand the answer provided there
Thanks in advance for your answers
Before using your app, you need to log out of the default gmail account (i.e., first gmail account in your case). So I think you need to log out from that first gmail account, then log in with the second gmail account and try to sign in from your app. Hope this helps!
Finally I found out where the authorization information is stored. It is stored in Environment.SpecialFolder.ApplicationData folder. A folder named Google.Apis.Auth is created under this folder and a new file with the authorization information is created under it (in my case it is C:\Users\myWindowsUserName\AppData\Roaming\Google.Apis.Auth). I deleted the file which was there, which had the token for my first gmail ID. When I ran my app again, it asked for user login and consent once again, at which point I provided details of my second gmail account. This pearl is available here
I have a requirement in my application for iOS and Android, developed using IBM Worklight, to remember the user ID if the user selected this option.
I can achieve this by using localStorage, but the issue is that I have two login pages:
One is placed within the application, and the
Second is hosted on a remote server
Depending on the conditions the application will meet, either the remote login page will be displayed or the local login page will be displayed.
If I use localStorage on local page it is not accessible for server side login page. So I want to use some storage/file on the mobile to store my user id which is accessible for both local and server login page. Is this is possible using worklight/phonegap storage?
More explanation:
Remote login page is hosted on some www.xxx.com domain. My requirement is on launch of application the local login page is shown to the user, there user can enter user id and password and selects remember me option and submits form. Then user logs in and navigated to some xxx.com/yyy server page. From there when user clicks on log out it navigates to remote login page which is hosted on www.xxx.com server. As user already checked remember me option in local page the remote login page has to pre populate the user id text box. And same scenario should happen when user enters credentials in remote login page and selects remember me check box. So when user kills the application from background and relaunches the application user will get local login page where I need to pre populate the user id last time he entered.
Short answer: in my opinion, no.
Longer answer: I will explain what I think using your scenario:
Remote login page is hosted on some www.xxx.com domain. My requirement
is on launch of application the local login page is shown to the user,
there user can enter user id and password and selects remember me
option and submits form.
So far so good. You can store it in either Web Storage or JSONStore or use Cordova File API. Catch: all of these are available ONLY for the specific application.
Then user logs in and navigated to some xxx.com/yyy server page. From
there when user clicks on log out it navigates to remote login page
which is hosted on www.xxx.com server. As user already checked
remember me option in local page the remote login page has to pre
populate the user id text box.
Still plausible. Lets say the user selected 'Remember Me', so you can adjust the URL pointing to the remote login page and send with it as parameters the username and password. Assuming that there will a mechanism to handle those on the remote page.
This does not come for free, though.
This is not meant to work out-of-the-box. It's worth noting that whether Web Storage (localStorage...) is used or any other type of storage- the application and the Cordova InAppBrowser do not share the same localStorage, and the same is true if you open a new WebView.
And same scenario should happen when user enters credentials in remote
login page and selects remember me check box. So when user kills the
application from background and relaunches the application user will
get local login page where I need to pre populate the user id last
time he entered.
This is also a problem IMO, because any application is sandboxed - be it the browser app or the Worklight app, each of them is sandboxed. so you can't just go to website X, and create some localStorage for it and expect that data to be available for another WebView belonging to another app. That's the whole point of sandboxing, in order to protect the app.
And in this case, where the remote "page" will save the data, only Web Storage is available anyway, as JSONStore requires the Worklight API, which is not available when you load external websites.
Notes:
Since you want to save both username and password, you'd probably want to encrypt them in some way, so JSONStore and WL.EncryptedCache are your options, rather than plain Web Storage.
I've recently been doing a bit of web development so I've been thinking more about authentication and stuff. On Netflix I noticed there is an extra option on the Account page to de-authorize other devices. My girlfriend changed her password but I was still able to use it without re-entering the password till she logged out other devices.
So my question is how does authentication for Netflix work if it doesn't have to locally store your password?
Netflix uses a version of Open autentication to allow a device to access an account. Once the device has been authorized it will then have access to that account until its has been deautorized.
Chaning password doesnt matter becouse the device has autorization already probably in the form of a refresh token stored someplace. So its not storing a password its storing an autorization token of some kind.
Lets use facebook as an example: (response to comment below)
https://www.facebook.com/settings?tab=applications
This shows a list of all the crap I have loged in to using my facebook account. Now I have probably changed my facebook password sevral times it wont matter I will still have access. Some of these are mobil apps i have installed on my cellphone at one time or another. Even if i dont use them they still have access.
This doesn't technically answer the question, but is related and, I think, helpful:
You can forcefully invalidate the previously-validated tokens for other devices by going to https://www.netflix.com/ManageDevices - as soon as you go to the page it will ask if you want to sign out other devices.
(from "Someone is using my Netflix account without my permission" at https://help.netflix.com/en/node/18)
Several month ago, before FB restricting the ability of a Page Account to create apps, I have created an application and linked to the page.
Now I cannot access anymore to the developers page with this account. I had to create a new app with my personal account, but I can't find a way to remove or unlink the old app from the page.
I cannot create a new page, as a result of nearly one year of activity on the current page, and trying to link the new app to the old page I get an undefined error.
We are in a sort of limbo...
Anyone has an idea on how to solve this situation?
I'm assuming you mean 'business account', not Page?
If so, and you're still able to log into the business account to manage your ads and pages, you can authorise your app by manually calling the Oauth dialog with the client-side Oauth flow, then use the access token (which will be for your business account, the admin of the app), to add your real user account as an additional admin
https://developers.facebook.com/docs/reference/api/application/#roles
You can define a role for a user by issuing an HTTP POST request to
APP_ID/roles with a user access token for an administrator of the app...
So a call to https://graph.facebook.com/<APP ID>/roles?user=<USER ID OF REAL ACCOUNT>&role= administrators&access_token=<ACCESS TOKEN>&message=POST will add another admin
I am trying to set up authentication with Windows LIve ID and followed this blog post. Everything is working but I have a problem logging into live INT web site. Whenever I try to log in (https://login.live-int.com/login.srf), after entering valid email/password I get redirected to the logout page. I tried two different accounts (one with existing email address, and other one with newly created #hotmail-int.com address) and three different browsers so I'm sure that neither account nor the browser are the cause of this. I also tried to enter wrong password, and in that case I get the message that the password is wrong.
If anyone has any hint about how to log in there It would be very, very helpful. I'm integrating SharePoint 2010 with Windows Live ID and instead of solving some real problems I'm stuck with this!
I have figured out myself and I have blogged it here