can anyone tell me how to prevent secure link navigation using app.component for. Eg:- when user hit url like this http:// localhost:8888/#/login he get login screen (login HTML) after that user press login button screen navigate to user screen but when user manual ly hit link like http:// localhost:8888/#/user, screen which user get is still same login but problem is that it call all user.ts file which I want to prevent if user not login not I m trying to achieve this through app
You can use ionic's lifecycle functions like ionViewCanEnter to perform security check and prevent unauthorised navigation - Source
Something like this in you User page:
ionViewCanEnter() {
return this.authService.authenticated();
}
Related
I am using the Security component by Okta ("okta-react" package) and the SecureRoute from the same package,
I am using the onAuthRequired field to go to a specific landing page, let's call it LandingPage, so everyone has access to that page, whether they logged in or not.
In LandingPage page there's a 'Start!' button that I want that will be used to go the next page if the user is logged in, or to the Login page if the user isn't logged on.
Since the Security component has the onAuthRequired it will always send me to the same LandingPage component, but if I am there, I want it to check if I am in that LandingPage - and I am not logged in - it will send me to the Login page.
and if I am there, and I am logged in - it will send me to the next page,
is it possible?
I have an onboarding page like this www.abc.com/ welcome. On continuing users land on /set-profile image page.
There is a Submit on this page.
When users click on Submit button, if the user has come from /welcome, I want users to go to the configuration page, else I want users to go to /home.
The issue I am facing is, I tried both window.location and use history but I can't figure out how to find the "from" location.
What I am doing wrong?
You can't access the browser history from JS (that would be a security issue).
What you can do is add a query string to your /set-profile route (such as ?returnTo=/welcome) and use it for the redirection.
I'm using the Blazor Server templates included with Visual Studio 2019.
In the template application that uses local authentication, When I view the page without being authenticated, the AuthorizeView tags work as expected, and the log in/out buttons on the navbar are displayed dynamically based on these tags. I am able to view the counter and weather forecast pages as a guest.
In the template application that uses Azure AD authentication, whenever I try and view a page without being authenticated, I'm redirected to the Microsoft login prompt. I'm still able to use the AuthorizeView tags to dynamically display components in the navbar, but what I want to be able to do is view the counter and weather forecast pages as a guest without getting redirected.
Is there any way to achieve this? Am I maybe missing something in App.razor?
Edit:
If I log out using the navbar link, and then navigate back with my browser, I can view the pages without authorization. But then when I refresh the page, I get sent back to https://login.microsoftonline.com/. What could be causing this? I want to view an unauthorized home page without getting redirected.
The behaviour you see is by design.
To change it you can make this change inside Startup.Configure :
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
//options.Filters.Add(new AuthorizeFilter(policy));
});
(and of course reduce this code to just services.AddControllersWithViews(); when you want to keep it this way.)
With this change you will have to block private pages with #attribute [Authorize] or with <AuthorizeView> and there is no automatic redirect to the login page.
I have designed a site in ReactJS and have a number of tracking tools and session cookies embedded. Therefore due to the legalisations I need to get user consent first before I can enable any form of tracking. Besides GTM, I have facebook, HotJar and so on.
I am using 'react-cookie-consent' to run the cookie banner. I have managed to control all other cookies/tracking tools by creating functions and only execute them once user has give the relevant consent. I have done the same for GTM however it does not seem to be working properly.
I have imported import TagManager from "react-gtm-module" into my cookie page and put the following code in a function which only runs if user presses accept.
const tagManagerArgs = {
gtmId: "GTM-*******", // My GTMID
dataLayerName: "PageDataLayer"
};
TagManager.initialize(tagManagerArgs);
and have pasted the following code in each page under componentDidMount() function and have imported import TagManager from "react-gtm-module" as well.
const tagManagerArgs = {
dataLayer: {
page: "home", //Specific to each page
pagePath: "/home" //Specific to each page
},
dataLayerName: "PageDataLayer"
};
TagManager.dataLayer(tagManagerArgs);
The GTM is triggered once when the user presses the accept button and it appears it is only triggered for the page where the cookie consent banner is on and none of the other pages.
What I want is only when the user presses accept, to then enable the tracking on all pages.
Am I doing something wrong?
Update 01/11/2019
I am still waiting for an answer, not sure if I can repost the question and whether this edit bumps this post :)
I'm facing a problem don't know how to solve. I would like to get some light here.
Given an AngularJS application that routes using the standard $routerProvider, and considering the fact that whenever an end user tries to access a private area he gets redirected to the register area, happens the following:
User just landed onto de application (didn't get logged in).
User goes to /profile
The application checks whether there is session info in the client or not.
The application redirects to /profile/register
User clicks on "Back" button of the browser and goes to /profile.
(Next step is number 3 again and again).
This happens because each time the application redirects using the $routerProvider, it pushes all routes in the browser history.
My question is, how can I jump the failed /profile access over the browser history? How can I tell the browser do not save this route under given conditions
like the user is logged in?
FAQ regarding history: https://developer.mozilla.org/en-US/docs/Web/Guide/API/DOM/Manipulating_the_browser_history
Supposing you're using the $location built-in service to redirect, you can use $location.replace() to replace the current history entry:
if (notLoggedIn) {
$location.url( "/profile/register" );
$location.replace();
}
Note that this will apply to current digest only, as noted in the API docs.