Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have SharePoint 2010, on which each WebApplication have two zones - one Windows authentication and another is FBA via LDAP. The zone with FBA is allowed for anonymous access. Users are able to login with no problem in both zones.
Now, lets say I want on some web to take down anonymous access and give only to specifiec FBA users/roles access to it, by adding those FBA users/roles to SharePoint's group "Site Visitors". If I add user, then there is no problem - only this user is able to browse the web, however if I add role, none of he user from this role are able to access the web. Thye all got "Access Denied".
It seems like SharePoint fails to get roles for the FBA user and check whether this role has permissions to the web.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 days ago.
Improve this question
Me and my team are going to develop a trading application.
We are discussing about authentication service.
We've decided to use the Duende's Identity Server instead of Azure AD.
But a team member suggested to use Azure AD to manage all users.
His point is: Instead of coding every line of code to manage the users, we will use the Azure AD. For that we will not need to spend too much time for coding user manager, all the email can be integrate with SendGrid (welcome email, password restore etc.). We have a lot of things to do (Portfolio, MarketData, Payment, Trading etc.), spend too much time for develop the user manager is not a wise choice, just leave that to Azure AD, we will code the function only.
He really made his point, so now I'm investigating a question: Is it worth do to do that?
I also did some research with ChatGPT to gather information (I only have about 2 weeks knowledge with Duende's Identity Server. With Azure AD, I only know what it can do, but no reality experience yet.)
Duende's Identity Server vs Azure AD
Integrate Duende's Identity Server and Azure AD
Duende does have a user management system.
Usually, you integrate identityserver and Azure AD via federation but that's just for authentication.
They use two different DB.
identityserver can use other identity repositories via extension points so you could use Graph API to access Azure AD but that would be a strange way to do it.
If you are going to use Azure AD for user management, just use it for everything. Or use AdminUI and go with Duende.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I created a user and then logining for this user, all screens are disappeared. What am I doing wrong?
The only assumption I can make is that you use CUBA 7.2+ and your user has only the system-minimal role, thus their can only log in to the client without access to screens, entities, menu items, etc. I'd recommend defining a new role with the required permissions either design-time or run-time. See the Roles documentation for more details.
Also, take a look at the Security Subsystem section in the Release Notes to get familiar with changes made in CUBA 7.2.
Please set up the security properly. It means you need to create a role either in your code in design-time or define a role for the new user in runtime and grant corresponding properties.
Note that permissions in CUBA follow the "allowing" principle. E.g. if you define an entity as read-only for one role and give full access in another one, then a user granted with both roles will get full access to the entity.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I followed this tutorial https://yii2-framework.readthedocs.io/en/stable/guide/tutorial-advanced-app/ but it doesn't say anything about backend admin login details.
How to setup backend admin login details?
You have to install and MIGRATE RBAC extension, after that register user with username admin. Take his id from DB and follow this tutorial:
https://habr.com/ru/post/235485/
how to set up role based access. I guess that's what you trying to implement.
Yii2 templates basically is a starting point to develop an app, not a pre-made cms that has default logins.
In this case, if you have executed migrations as outlined in the tutorial
Apply migrations with console command yii migrate.
Then you would have a user table in your database. You could create a new user there with a bcrypted password, and then use that to login to the application.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
My main problem is getting the token. I can’t go further than this step.
In the Linkedin API's docs there are two ways described to obtain the token.
Witch is the correct one?
1) https://developer.linkedin.com/docs/v2/oauth2-client-credentials-flow
2) https://developer.linkedin.com/docs/oauth2#configure
I understand that in order to use the new Linkedin API (the partners one) I should use the first one (https://developer.linkedin.com/docs/v2/oauth2-client-credentials-flow)
Here is my petition:
https://www.linkedin.com/oauth/v2/accessToken?grant_type=client_credentials&client_id={MYCLIENTID}&client_secret={MYCLIENTSECRET}
The response:
Error "access_denied"
error_description "This application is not allowed to create application tokens"
And I get stuck here.
With the second one (https://developer.linkedin.com/docs/oauth2#configure) I actually get a token:
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id={MYCLIENTID}&redirect_uri={MYURIREDIRECT}&state={STATERETURNED}
This returns the code (and the State) which I use to make the token request:
https://www.linkedin.com/oauth/v2/accessToken?grant_type=authorization_code&client_id={MYCLIENTID}&client_secret={MYCLIENTSECRET}&redirect_uri={MYURIREDIRECT}&code={CODERETURNED}
And I get the token. But this isn’t the correct way to do it, is it?
By default you will need to use the authorization_code flow to obtain an access token. Per the documentation the client_credentials flow is not enabled by default and needs to be specially enabled by LinkedIn.
https://developer.linkedin.com/docs/v2/oauth2-client-credentials-flow
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have an IT Hit WebDAV server which is using Basic+SSL. Each time I open MS Office document the login dialog pops up. How do I make it to be displayed only during first access and not shown each next time?
Microsoft Office applications always ask for the authentication when used with Basic or Digest authentication. This is a Microsoft Office and Microsoft Mini-redirector limitation and there are no workaround in case your server is using Basic or Digest.
However, if you check "Remember my password" check-box it will still display the login dialog, but the user name and password will be already filled-in, so you just click "OK".
Here are some options to consider if you need to totally suppress login dialog with Microsoft Office:
Use NTLM or Kerberos authentication. In case of NTLM or Kerberos MS Office asks for credentials only 1 time during first document access.
Implement Office Forms Based Authentication Protocol (MS-OFBA).
Implement Url-authentiation. Your urls will look like:
http://webdavserver.com/[SessionID1234567890]/path/file.docx
Make sure you do not include the session ID in query string, Microsoft Office will truncate it. You will have to put session ID somewhere in the path, as in the above example, which is not very convenient, when you need to mount a WebDAV folder in you file system, but still works in most cases.