I am creating a scheduled job in episerver with some business criteria.One entry point to this business criteria is to get the admin login details(name,email,etc).
With EPiServer.Security.PrincipalInfo.CurrentPrincipal.Identity.Name ,it only gives me Given name that is not helpful.I need other details ie email,id to make some other logged in used based call.
Is there a way to get the logged in admin details.
Scheduled jobs does not run under a certain user. PrincipalInfo.CurrenPrincipal will only give your principal when you run the job manually. What you need is available through the ASP.NET Identity services, given that's your configured login provider.
Related
I have tried multiple times to get this to work, but I haven't figured it out yet, so I'm asking in here, hoping that someone will be able to help me out.
I am using Atlassian's Bitbucket, Jira and Bamboo and they're all synced with an AD. At the moment I am using my AD user to retrieve all the other users. It works, but it's not optimal, as the password expires every three months, and I have to change the LDAP user login info on all three applications. We have ordered a Service User, where the password doesn't expire, but the problem is that the Service User is in another group.
The picture below shows how the AD is set up. My Service User is in a group called Special Users. I would like to use this user as the login user in the settings. This way I would never have to think about changing password, when my AD password expires.
I would then like to retrieve all the users from the "Normal Users" group.
Let me know if more information is needed.
Thanks.
You could also add multiple user directories pointing to different parts of your Active Directory.
Jira has an internal Crowd out of the box.
You may let Jira connect to User directory and let all other application use Jira for authintication.
This would save time by only updating your LDAP password every 3 months on 1 application and reflected on all 3 applications
I am added to project collection administrator group in VSTS. Still not able to add a new user. I am added using my official email ID i.e. Microsoft work account.
Its says
Guest users are not allowed to perform this action.
I saw the reason on this link
I believe the primary reason for this error is because when a co-admin
with Microsoft account is added to a subscription, it gets added into
the subscription AD as Guest user type.
but since it is very old thread i like to know if there is an easy way to get myself ability to add new user or basically manage VSTS on behalf of client. I hate requesting client to add a new user in team. Also he is not tech savvy so I would like suggest him a simple solution (running Powershell might be annoying for him).
You are inviting users from outside directory. The user will be able to access the account and its resources, so you need the enough permission to add new user to the AD, but you are the Guest user, so it throws Guest Users are not allowed to perform this action.
You need to contact to the corresponding user (e.g. AD admin) to add users to AD or grant the enough role and permission to you to add user to AD.
No easy way to do this, because it is related to security.
I need to give users access to edit specific Azure Logic App workflows. I find I can support this with the Logic App Contributor role. At times, I have workflows that contain an XML Validation action. I do want users to be able to edit business rules before and after that action, and even configure the action such as selecting a different XSD. However, I do not want them to be able to configure the Integration account that supports the XML Validation action, or even have a read-only view to the Integration account. When I have such an action, a would-be editor is blocked with the error:
it does not have permission to perform action 'Microsoft.Logic/integrationAccounts/join/action' on the linked scope(s)
Is there a way to apply roles so that a user can edit such a workflow with no direct access to the Integration Account?
You should be able to configure a custom role that matches your scenario.
Essentially you would grant the user the following permissions
Microsoft.Logic/workflows/*
Microsoft.Logic/integrationAccounts/join/action
The Microsoft.Logic/integrationAccounts/join/action perimssion allows the user to modify a logic app linked with an integration account, but does not grant any permissions on the integration account itself (the user would need Microsoft.Logic/integrationAccounts/* for that)
You can restrict the Microsoft.Logic/workflows/* permission further (e.g. by scoping it down to write action only).
As mentioned by #SzymonWylezol, MS made a change on its end and the error no longer occurs. In the case where the IA in a separate Resource Group than the Workflow, I find the user must be given the join action permission on the IA, in that Resource Group.
I have a Asp.net MVC application that uses Azure AD and OpenID Connect OWIN middlewares to handle authentication. Everything works fine except for one thing : if a user is already logged-in on another Microsoft Application lets say a Office 365 account or maybe a live mail account, when trying to login it recives a page saying that it is not allowed to log into my app, which is correct, but some how I need to catch that situation in my code to allow the user to sign in with a different account. Is there a way of doing that? This is by design? I mean : the user have to log in only with a live/azure account at the time ? I couldn't find any documentation about this.
As of today there is typically one user at a time, but we will soon support for you a way to select a specific user instead of automatically signing you in with the most recent one.
One way you can work around this today is by injecting the parameter "prompt=login" in your sign in requests. You can do that in the RedirectToIdentityProvider notifications, similarly to what is showin in http://www.cloudidentity.com/blog/2014/11/17/skipping-the-home-realm-discovery-page-in-azure-ad/ for domain_hint. This will cause the sign in experience to always start with a fresh prompt even if the user is already signed in. The draw back is that you'll never get SSO this way. Hopefully our account switiching feature will become available soon, keep an eye on http://blogs.technet.com/b/ad/ for announcements
How do I get the list of users who have not logged into a customer portal site at all?
The User object has a field called LastLoginDate, you could report on this for users where IsPortalEnabled is true which indicates that they are a customer portal user if you're doing the reporting through code.
Of course, Salesforce's reporting engine can also be used to generate a report, you'll want something similar to this:
Unless you need the list in code for some reason (for instance, for integration with another system) then you should use the reporting engine and then you can schedule it for email delivery etc.