My sharepoint publish page has announcements list and it has anonymous access. when i open it in firefox it shows the title and summary. when i click on the title to see the body message, it prompts user credentials.
Is there a way not to prompt credentials and show the full message?
How to hide the username and posted date in the announcements?
Thanks in Advance.
Does the body contain any images or other assets that are in a folder that is not accessible to anonymous users? This may also include the Style Library, if there is no published version of some items.
You can use Fiddler to find out what URL exactly causes the 403 Forbidden authentication prompt.
Related
An APEX email error is received when trying to utilize the "Send With DocuSign" URL button on the contract object in Salesforce. This button was just created to meet the requirements to move from a JavaScript button. The button does not trigger an error in Sandbox, works as expected. But I can not replicate in production without getting the error shown below. Any idea on how to get this resolved?
Developer script exception from Franklin Madison Group : DocuSignAPICredentials : Please verify that you have been granted access to DocuSign, your account settings are correct and that you have responded to all activation emails.
Apex script unhandled exception by user/organization: 0053n000007GFbq/00D70000000Je65
Visualforce Page: /apex/dsfs__docusign_editenvelope
caused by: dsfs.UnauthorizedException: Please verify that you have been granted access to DocuSign, your account settings are correct and that you have responded to all activation emails.
Class.dsfs.DocuSignAPICredentials.getInstance: line 71, column 1
Class.dsfs.DocuSignAPICredentials.getInstance: line 56, column 1
Class.dsfs.AccountFeatures.getInstance: line 139, column 1
Class.dsfs.EnvelopeController.loadEnvelope: line 164, column 1
Cause
Common causes for the issue are listed below,
The DocuSign user associated with the Salesforce user sending the envelope is not active
The Salesforce user has not been added to the DocuSign users list in DocuSign Setup settings (in Salesforce)
You are attempting to use Salesforce Login Access on behalf of a user "not yet Authorized DocuSign eSignature for Salesforce (DAL)"
Note: If the user hasn't authorized already, please refer to Step 4 in this article
Solution
Before continuing, ensure that you are on the most recent version of DocuSign eSignature for Salesforce (DAL). If you are on an outdated version, some of these steps will be unavailable.
To resolve this error, you’ll need to verify both issues that cause this error has been addressed.
First, you’ll need to verify that this Salesforce user has been added to DocuSign.
To verify if a Salesforce user has been added properly:
Navigate to DocuSign Setup.
Select User Management, then select Add User.
Enter the name of the user in the Value box. When they appear in the search results, select the checkbox next to their name and select Continue.
Assign the appropriate permissions to the user and select Apply. If your package is up to date and a DocuSign user already exists for this user, the Salesforce user will be mapped to their existing DocuSign user.
Click Done to finish.
Second, verify that the DocuSign user associated with this Salesforce account is active.
To check if a user is active in DocuSign:
Navigate to the DocuSign web app and select Settings.
Navigate to Users and search for the user in question.
If the user is not active, select Actions > Resend Invitation to send the invite to the user again.
To activate a user:
The User will need to navigate to their email client and open the invitation email.
Click the link in the email to activate.
Create a password and security question.
Once the user is active, have the user attempt to send an envelope from Salesforce to confirm the issue is resolved.
Additional Troubleshooting
If the DAL Admin and all users are noticing the same error, try to disconnect and reconnect.
Steps to Disconnect [Note: Disconnecting accounts will remove the DocuSign Gen and DocuSign Negotiate permissions for the Salesforce users that were given access under the old connection. You have to re-add DocuSign users and permissions in your organization.]
Steps to Reconnect
If the Salesforce Administrator attempting to make this change is unable to access the DocuSign Setup object, ensure that they have the correct permission set assignment to access the object.
To view permission set assignments in Salesforce:
Navigate to Setup, select Users.
Navigate to the user in question and open their profile.
Navigate to Permission Set Assignments, if the DocuSign permissions are missing, edit the section and add DocuSign Administrator.
Note: If you are running both DocuSign Apps Launcher and legacy DocuSign eSignature for Salesforce, you will see duplicate permission sets with similar names. Add both to ensure correct permissions are applied to the user.
Retest to see if the user can access DocuSign Setup. If it’s still failing, follow the steps in this article to navigate to the DocuSign Troubleshooting page and select Delete DocuSign Credentials. You should then be able to navigate to DocuSign Setup and reestablish the connection between DocuSign and Salesforce.
We have a code that logins to Sharepoint Online using :
https://login.microsoftonline.com/extSTS.srf or https://login.microsoftonline.com/RST2.srf, but recently we starting to get authentication failed saying that "Incorrect Username or Password" and after some retries it returns:
"0x80048823 message : AADSTS70002: Error validating credentials. AADSTS50053: You've tried to sign in too many times with an incorrect user ID or password."
While using same username and password to login in the browser works fine, and neither password or username were changed, also code didn't changed. As same code works fine for another Sharepoint tenants. Seems that something changed in the Microsoft login servers, where it's started to not accept user credentials, while web browser login works fine.
Please advise.
Thanks
Microsoft Rep has helped me get this far.
They had us create a "Cloud Only" user. This user was setup as "#" so if your name is bill and your corporate sharepoint site is name is FakeCompany.sharepoint.com then you would have the person as "bill#FakeCompany.onmicrosoft.com"
This user was able to login to https://login.microsoftonline.com/extSTS.srf by just passing username and password.
Our on prem AD users are still having issues, i mentioned this and got the following response.
There is no issue with sync as you are able to login to portal using the same account and password.
The solution you need is documented in https://learn.microsoft.com/en-gb/azure/active-directory/manage-apps/configure-authentication-for-federated-users-portal#enable-direct-authentication-for-legacy-applications
You need to create a home realm discovery (HRD) policy where "AllowCloudPasswordValidation":true.
We have not yet implemented the last solution but the creating of a cloud account may help some of you.
So I think I understand what they are trying to say. There are 2 paths that you are able to authenticate with according to the node-sp-auth example.
"Managed" and "Federated"
"Managed" was the easier version and allowed for you to be able to just provide username and credentials in a soap assertion to login.
Federated is a lot more complicated. You need to first perform a post to Microsoft to validate the user hitting your adfs server. https://adfs.XXXXXXX.com/adfs/services/trust/13/usernamemixed
Then you take the saml:Assertion from that response and put it into the "Token" section of the call you make to https://login.microsoftonline.com/extSTS.srf utilizing the templates from the node-sp-auth.
I have C# code that performs all these steps but I am getting an error
AADSTS70002: Error validating credentials. AADSTS50008: SAML token is invalid. AADSTS50006: Invalid signature. Signature verification failed.
Even though the signature is being generated by Microsoft in their SAML.
node-sp-auth code refrence is OnlineUserCredential.ts file.
If someone can figure out the last mile I can post a comprehensive C# solution.
We want to integrate "AFE (Ajax File Explorer) into our Drupal application. Our users are authenticated in Drupal and it is not possible for us to ask a second time there login/pwd while opening AFE.
We received a first answer from ITHIT:
Here is how to set login and password:
ajaxFileBrowser.GetSession().SetCredentials('User1', 'pwd');
Please note that this API sets password in XHR. Setting login and
password in XHR does not provide any feedback on weather the login was
successful. That is why in general I would suggest to rely on web
browser login dialog which is displayed automatically instead of
calling SetCredentials.
However it is not clear if it is a real and robust SSO solution. We discovered that Drupal has an webdav SSO module (https://github.com/Awnage/webdavsso), we will also investigate that part. But any comment/help welcomed.
To my understanding there is no way to totally get rid of login dialog when using Basic, Digest, NTLM or Kerberos authentication with Microsoft Office.
Microsoft Office applications always ask for the authentication when used with Basic or Digest authentication. This is a Microsoft Office and Microsoft Mini-redirector limitation and there are no workaround in case your server is using Basic or Digest.
However, if you check "Remember my password" check-box it will still display the login dialog, but the user name and password will be already filled-in, so you just click "OK".
Here are some options to consider if you need to totally suppress login dialog with Microsoft Office:
Use NTLM or Kerberos authentication. In case of NTLM or Kerberos MS
Office asks for credentials only 1 time during first document access.
Implement Office Forms Based Authentication Protocol (MS-OFBA).
Implement Url-authentiation. Your urls will look like:
http://webdavserver.com/[SessionID1234567890]/path/file.docx.
In case of Url-authentiation make sure you do not include the session ID in query string, Microsoft Office will truncate it. You will have to put session ID somewhere in the path, as in the above example, which is not very convenient, when you need to mount a WebDAV folder in you file system, but still works in most cases.
Possible duplicate here Stackoverflow
I solved that problem in the same manner.
From my google chrome browser I enter:
https://stream.twitter.com/1.1/statuses/filter.json?track=canucks
I get a window "Authentication Required". I have set up a Developer app in my twitter account. I enter my twitter User Name and my Password, and press Log In, but it keeps giving me the same Authentication Window. Any ideas what the problem could be?
In the Authentication Required window I see the text:
"The server https://stream.twitter.com:443 requires a username and password. The server says: Firehose."
The problem is that authorization with header info is needed. It is more complicated than the simple URL above. It is best done by writing some code with the authorization header needed, along with the above URL.
I'm trying to make a Facebook page tab where people can vote for their favorite video or music track from a bunch of embedded files. I need to get a unique ID from each user to make sure that they can only vote once. The signed_request only contains the user's id if they have authorized my app.
I have tried to have users authorize my app using the FB.login() javascript api, but I get the error:
An error occurred with Remix // Rework Vote. Please try later
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri: Given URL is not permitted by the application configuration.
As far as I know, I have not set any redirect URL. Do I need to set this somewhere, or is this the not right approach to get a user to authenticate my page tab?
You must specify both "Site URL" (or "Mobile Web URL") and "App Domain" to use OAuth flow...
See where to fill the details on https://developers.facebook.com/docs/authentication/#redirect-uris
So I managed to get this to work by ticking "App on Facebook" in the app settings, and setting the Canvas URL and Secure Canvas URLs to be the same as the Page Tab URL equivalents.
This worked even though this isn't a full app, it's only a page tab, and it won't function as an app unless it's in a container page.
I'm guessing this is a bug in Facebook - the UI implies that you can have a page tab only app. The documentation doesn't say you can't, and I can't think of a good technical reason for it not to condsider a page tab URL as a valid URL.
Thanks to #julio-santos for pointing me at Facebook - Error Message: redirect_uri is not owned by the application, which seems to be the same problem in a slightly different context.