Joomla Authentication - authentication

Okay I'm a little confused on how to do this due to the fact that I'm new to Joomla.
I have a site where users need to be logged in to view certain articles. I want restricted articles to basically pick up weather or not the user is logged in, if so proceed as normal, else display a login/registration form.
I looked at the plugins section and found a "Joomla-Authentication" plugin. Now, how do I use that in an article in the same fashion I use other plugins in article? i.E {plugin_name}params{/plugin_name}

NO... You do not need plugin for this AT ALL.
In Joomla you have "Access Type" for modules/articles/pretty much everything.
Public - Visitors
Registered - logged in users
Special - back-end users
In Back-End go to Modules and create new Log-In module. In the access type selected "Public".
When you create articles select "Registered Access" this way only signed-in users will see the article.
This will help you. Log-In the admin Back-End (Administrator Screen), go to Help->Joomla Help. In the Alphabetical Index find following topics:
Module Manager (it explains access types)
Module - New
Article Manager (it explains access types)
Article Manager - New/Edit

I found a solution that works for me. I downloaded and installed JUMI. Jumi is a Joomla extension that allows you to include files such as php and then executes the code in those files. Through PHP I check user access and do redirects accordingly.
JUMI can be downloaded here

Related

Best way to password-protect folders on IIS

What is the best way to password-protect a folder on IIS with a single set of credentials to be shared by a group of users?
Our hosting service offers Plesk, which in turn offers a "password-protected directory" function, but some of our clients have HTTP authorization disabled, so they get an automatic 401.4 error with no prompt for credentials.
I've looked into Forms authentication but this seems cumbersome to set up for the numerous separate domains at issue.
The protected content is not super sensitive, we just don't want it easily accessible to the public. Many of our users do not use the site frequently and we don't want to implement individual credentialing for everyone (we do have that in place for more sensitive sections) just so they can view current project reports or meeting minutes.
On sites I don't control, but am just a user, that do the same things as mine, it is a big pain to have to look up a username and password twice per year just to view a meeting agenda (yes, browser could remember but they also have a 4-month expiration and lots of us are on different devices all the time).
Is Forms authentication the way to go? Took a several hours for me to get it set up and working, with all sorts of settings not well documented in a single place.
(I had previously asked about how to disable Basic Auth on the client side, was told more than once it's not possible - but it is, via client/browser registry keys)
Thanks.
It's perfectly fine to use forms authentication. All you need to do is navigate to the folder or file you want to protect, then go to Authorization Rules. Add a deny rule for anonymous users, when users who are not logged in try to click on any file in that folder, they will be redirected to your login page. You can find a lot of guides on forms authentication in Google, you can refer to the following:
https://learn.microsoft.com/zh-CN/troubleshoot/developer/webapps/aspnet/development/forms-based-authentication
https://learn.microsoft.com/en-us/iis/application-frameworks/building-and-running-aspnet-applications/how-to-take-advantage-of-the-iis-integrated-pipeline

Webflow authentication integration with private API

The company I work for has an web application built with Angular, that has user authentication.
We also have a blog built with Webflow for simplicity.
The thing is, we want to create special pages on our blog only for premium users. For that, a user would need to sign in on the blog (webflow) using the same account they use on the main web application. After that, the blog would also need to know if they should have access to said pages (is a premium user), and then allow them to access such areas.
I've been looking for information about this, but I've been unable to locate a clear answer. I tried following this, but the GET request for https://webflow.com/oauth/authorize (using my own clientID) returns their home page. This can be seen on the printscreen below:
The request has the following format: https://webflow.com/oauth/authorize/?client_id=<CLIENT_ID>&response_type=code. It redirects twice (code 301 and 302), then just returns me their homepage.
In fact, I'm not even sure this oauth integration would solve my problem. Is this even achievable using webflow?

error "List does not exist"

I had error when access SharePoint sites out of the server , as when I
try to add new document or did any action this error displayed although
it worked well in SharePoint server
I think Yevgeniy made a good suggestion.
I assume you mean by 'outside' the server, users are trying to view the page on a different URL? If so, it might be the URLs to access the site 'outside SharePoint' are not configured correctly.
I would suggest a few things to start with:
When you say it works 'in SharePoint server' does this mean that the whole site is accessible, with no problems? But using a different URL (i.e. host header?), fails - for just this one page with the list or the whole site?
Check you have Alternate Access Mappings configured correctly as suggested above - check that the URL is setup correctly in any AAM zones defined, and that the authentication (e.g. Anonymous, Forms whatever required) is also setup too. This is all done in Central Administration.
If AAM setup correctly, check if you have any firewall or other network security that may block access to the site (again, assuming users are routed externally?)
Does the problem page or list (or the subsite it is within) have any unique security permissions?
You can check for the site via Site Actions | Site Permissions - if it does not have unique permissions, you will see a 'This Web site inherits permissions from its parent.' message.
If the List has unique permissions, you can check by going to the list page, and clicking 'Library Permissions' on the Library grouping on the Library Tools section of the ribbon.

Flask-security login and logout

How do you log a user in and out in Flask using the Flask-Security extension?
I just started using flask-security, and going through the documentation here http://pythonhosted.org/Flask-Security/api.html , I can't really figure out how to explicitly log a user in and out, as well as authenticate the user before logging them in.
Flask-Security uses Flask-Login. So you can do the following as per documentation:
login_user(user) # where user is your user object
logout_user()
Obviously, you still need to write your views where you will validate the form submissions etc before calling these methods and do the proper template rendering or redirects as needed.
Go to the flask security configurations page here: http://pythonhosted.org/Flask-Security/configuration.html
and copy over all the default configuration values into your init.py file like:
app.config['SECURITY_LOGIN_USER_TEMPLATE'] = 'security/login_user.html'
etc...
Then you have to download the security file which contains all the html templates. Put that folder in your templates folder where you keep all the other html templates. You can use google to figure out where to download the folder as well as how to set up the rest of flask security. I had a lot of trouble figuring out flask security as well, but after poking around here and on google, I was able to get some of it working, so don't lose faith. Hope this helps.

How to check restricted access pages for broken links?

I was googling for tools for checking broken links in a remote web page. The w3c validator seemed a good one. But I am still unsure as how to check for pages which are restricted, i.e. the pages which I can only access by logging in to the site. Can we do that using the w3c validator? If not than is there any other tool for the same?
For basic authentication the online validator will proxy it and prompt you to logon, alternatively see this post.
Sometimes you can specify the login details in the URL: username:password#url.to.the.site. This I believe only will work if you are using a .htaccess file for logins.