We are using SHDocVw.InternetExplorer in VB.Net to navigate to a web page and insert the login credentials since we have to log into multiple accounts throughout the day.
We want to be able to be logged into to multiple accounts in different windows at the same time, but I don't know how to get a new session started.
If I log into account A, and then try to log into account B, it opens a new window but is automatically account A, since the browser remembers being logged in with that session.
Is there a newSession or something similar that I can call that will get around this problem?
Edit: is this something can can be done using the Navigate function by setting a header?
SHDovVw and the WebBrowser control are all basically embedded versions of IE. If you log into your site using the control and then visit the site in IE you'll see that you're logged in there, too. There's no way to force one control/instance/tab to use a separate cookie system which is basically what you're trying to do. The only way to control sessions is through QueryStrings which could be made unique to each browser.
Related
We are using Snowflake with Active Directory authentication. When we add the registry entry of authenticator: externalbrowser for ODBC to work, every query/fetch leads to a new browser tab window to be opened for SAML token. So if the Excel sheet we are working with has 10 queries, 10 new chrome tab windows open up.
The same applies when we run Python scripts. We add authenticator='externalbrowser' to the connect command and then each and every query in the script leads to the opening of a new browser tab to get the SAML token. This of course is quite annoying since we end up with 100's of browser window
tabs being opened.
Thanks.
This is by design since you are specifying the authentication method as 'externalbrowser', however it only opens a new browser for each connection that is made. Check to see if each of your queries establishes a new connection object.
What you want is to open a connection object once, then use a cursor object from the connection each time you need to execute a query.
I wrote an app script which provides a web UI for data entry into a team calendar. I published it using G-Suite super admin account and added it as Trusted App under Security/API Permissions. "Trust domain owned apps" is checked under "Internal App Settings".
When a G-Suite user in our organization tries to access the app, he sees
"The developer of ShiftSchedulingApp, admin#_our_organization_.org, needs your permission to access your data on Google."
Those brave enough to click "Review Permissions" are taken to the next message:
"ShiftSchedulingApp wants to access your Google Account. See, edit, share, and permanently delete all the calendars you can access using Google Calendar"
Of course nobody wants to risk losing all the calendars on their Google Account and this is where it ends.
How do I get rid of this misleading message? It's not Google account, it's their organization account on G-Suite. It's not all their calendars, it's the shared team calendar only. It's adding data, not permanently deleting calendars. It's published by their administrator in their G-Suite, not an unknown 3rd party.
I spent days trying to make this message go away but no luck. App must be executed as an accessing user and not as publishing user because their user ID determines what shifts they can fill on a calendar.
I'd appreciate any hints pointing me the right direction.
I experimented with variations of the two-app approach as suggested.
The app which provides the UI needs to read the calendar to display available shifts - so I can't get away from the user authorization prompt.
Another variation I tried was having one app do everything and run as me, and another do nothing but return Session.getActiveUser(). I tried calling the 2nd one from the 1st one on the client side via XMLHttpRequest. It would be ideal for my needs - but I hit CORS error as apps URL is script.google.com but it actually gets redirected to script.googleusercontent.com. There doesn't seem to be a way to set CORS in Google App Script.
Although I was not able to find a way to avoid prompting users for authorization when executing the app as accessing user, it turns out my reasons for doing that were based on a false premise.
I chose to publish app as accessing user because I thought that's the only way to get accessing user Id - which is true for non-G Suite accounts.
However, when app is published by a G Suite account, the app can get accessing user ids within the same G Suite domain even when it's set to execute as publishing user.
Thanks Niek and TheMaster for your help!
If you just need user ID, why do you ask for all those permissions?
Possible Solutions:
2 web-apps- One running as you and another as user accessing (with only profile) permission. The second one will be the actual web interface and POST necessary information to the first one with privileges. OR
Implement your own web-app Google-sign in1
Use the least permissive2 scope3
I have a web application where I want users to only be able to use it from one location (meaning a user can't actively be using the application at two locations). Currently I got this working in a very common way by only allowing 1 cookie session to be valid and removing any existing ones when a user logs in. Unfortunately I've been told that my method of only allowing 1 cookie is unacceptable because my users move around a lot to different sites and are tired of having to login every time. An easy solution would just be to allow more than 1 cookie, but I can't do this because I need to make sure a user account is not being used at two locations at the same time.
I'm wondering what is the best way to implement a system like this where a user can't be active at more than 1 location, but shouldn't necessarily have to login at every location they visit.
One possible idea I had was to allow multiple cookies to be recorded, but once a cookie becomes active (meaning I notice that session navigating the application) all of the other cookies are locked out for a certain timelimit like 15 mins. If no cookie session has been active for 15 mins then allow any cookie to login and gain dominance over the others untill it exceeds the timelimit.
Edit: It's ok for them to remain logged in after they leave a location
One way to do this is to log their last ip address and at what time that access was. On each access, you can check their last access.
If the last access is from the same ip, let them through.
If the last access is from a different ip, check how long ago that was. You can then define a cut-off point for how long they need to be idle before they can access it from another location. 15 minutes seems reasonable.
All of this can be done on the backend and this would possibly provide a higher level of security.
The browser allows users to store their credentials. Let them use this feature to log back in without hassle.
No need for a timeout. Allow multiple cookies, but only one active one.
Instruct your users to close the application when they leave their workstations. Make this something that's easy to do. Put a close button on each page or perhaps catch onBeforeUnload and notify the server that the page is no longer being displayed. Do keep the session when the user closes the application, but mark it as currently inactive.
When you get a request with a cookie that belongs to an inactive session, activate that session without complaints if the user has no other session active.
If the user still has another session active, something fishy is going on. So remove all sessions and send the user to the login screen.
(That'll teach them :) )
(noob alert) Problem Statement: I have a chrome extension that takes that allows a user to bookmark a page by sending the details of bookmark to a server and storing the data under that user's profile.
This means I need to authenticate the user and then send the userID to the server every time
I send back bookmark.
Issues:
1)The bookmark is shown in the popup and then sent to the server, however if the user is not logged in(authenticated) the pop up should only show an interface that allows for user name pass not the book mark data, my issue, how would I achieve this? i know I have to use one pop file, but how would I have to separate interfaces?
2)What is the best method to authenticate the extention? and ensure that data are being sent from the extension only, i.e prevent attacks on the web service.
Can anyone help?
1) You can set popup page at any time with chrome.browserAction.setPopup.
So, the extension starts with the login form as the default popup under 'manifest.json'. After user login, set the browserAction popup to your main extension page.
2) Since the and user can edit anything on your extension code, you should prevent attacks or whatever from server-side i.e request tokens, request quota for ip and/or elapsed-time. And a simple authentication via POST under a SSL connection should be enough.
I want to make an application witch involves logging into google. It is basically a small application to always have your gmail with you without always having to go to the web browser and log in. Basically what I want to do is, when the person signs into their google account (or the page url changes) I want the webbrowser to refresh and go to a new point in the form and create an animation using a timer. I dont need help with the animation, I just need to know how to link it together with the person signing into google. And also, If it's possible I would like to have the person log in without the actual google web interface, but with 2 textboxes and a button. I am using Visual Studio 2008 and help with my application would be greatly appreciated!
One of the great things about GMail is that it gives you Pop3 access to the mailbox. Your application should be able to use Pop3 to login to the mailbox directly and not require the user to use the google web page (or any web page) at all.
This would be much more secure and fault tolerant than highjacking a browser session or scraping a web page for emails (as your application would break as soon as google updated the gmail app or the user changed their preferences).
You should be able to find numerous Pop3 tutorials, libraries and samples on the net (and most probably here on SO).
If you still insist to use the web browser control, you should investigate crafting your own HTTP-Post query to the page that takes the GMail login. Once you craft the correct message (including the user's username and password as the appropriate POST variables) you should be able to login directly.
Finally, you might want to have a look around on code.google.com as I'm certain this has been done before and you will most likely be able to find some sample code (whichever way you go).
Good Luck!