I'm creating a site using DotNetNuke and need authenticate user via a WebService.
I don't know main idea to do this.
Need i create a custom login module? If true, after user pass
validation by WebService, How DNN login for that user.
I see in "Admin\Site Settings\Login Settings". There is a combobox let me choose "Default Authentication Provider". Is there any way to create other Authentication Provider and bind it to that combo. After that i only select my custom authentication Provider.
I search on google in longtime but the results is not my expectation. Any body help me. Thanks all you :(
The simplest route is to create a custom authentication provider. This provider is a custom login control and from there you can after verifying the identity create the user within DNN. This is the typical method for this as it allows you to have a user in DNN that can have roles assigned to it etc.
I do have a "external database authentication provider" for sale in the DNN store which could serve as a good starting point for you. Sadly I'm not aware of any really detailed documentation on the process.
Related
I am using React to build a login for my web app.
I currently have a login that handles login this way:
I am new to Azure and I don't know how to have the multiple login options like this site does.
Is this an Azure setting or something I need to add to my config file?
Is there a name for each sign in method I can investigate because without knowing the terms I find it hard to find any tutorial on getting both sign in methods to show.
Thanks
You can add additional sign in options like external AD,or social accounts like Google, Twitter, Facebook. Those are called identity providers [aka IdP], any ID provider that supports OAuth or OIDC can be registered with your Azure B2C directory to support this login methods. You can create your own 'user flows' in B2C supporting this, when you want to do anything custom you can author 'custom policies' using XML. Refer the MS doc on userflows, sign-in options.
We have asp.net core(v3.0) Web API backend(no auth yet). A frontend is going to be a SPA(React).
A frontend basically will be an admin panel, it means the website's home page should be just the login page. We are planning on using IdentityServer4 for auth(separate project). If we create the IdentityServer4 project(MVC) it will have its own login form/page. Since opening our client website(react) login form should be opened, popout and iframe is not the way we are considering to use, what is the best way to accomplish this?
I've done some research and it seems it is possible to make our login form in react client and send the users login and password to IdentityServer4 if the client is set as ResourceOwnerPassword flow. But, it is not a secure and recommended way. I've read a lot of questions in SO and a lot of articles, but that is outdated and most of the samples are in IdentityServer4's repo is deprecated.
Questions:
Another way we are thinking is, on home page load, just redirect to the IdentityServer4 login page(MVC) and after login redirects back to our website. Is this a proper way of doing it? will the user see the redirection or it will not be much difference since the user opens our website and it seems like the home page?
What type of GrantType should I use for this case? Hybrid?
Is it possible to make a custom login page like in React?
What is the best way of implementing it?
Thanks for any advice, and my bad if the question is duplicated since I spend a couple of days to figure this out but couldn't.
Edit:
Now, IdentityServer4 with JavaScript client is available in IdneityServer4 official repositoty:https://github.com/IdentityServer/IdentityServer4/tree/master/samples/Quickstarts/4_JavaScriptClient
Also, I cloned and changed a little bit, so IdentityServer4 and WebApi are in a single project: https://github.com/Jamaxack/IdentityServerSPA
Is this a proper way of doing it? will the user see the redirection or it will not be much difference since the user opens our website and it seems like the home page?
That is recommended by redirecting user to identity provider's login page for sign-in , Resource Onwer Flow is not recommended as you said for security reasons.
What type of GrantType should I use for this case? Hybrid?
You can use Proof Key for Code Exchange (PKCE) which is already the official recommendation for native applications and SPAs . See Grant Types for more details .
Is it possible to make a custom login page like in React?
You can fully custmize the identity server's login user interface and identity management system , custmize the IdentityServer4.Quickstart.UI/ASP.NET Identity/Your own identity provider services .
In addition , ASP.NET Core 3.0 or later offers authentication in Single Page Apps (SPAs) using the support for API authorization. ASP.NET Core Identity for authenticating and storing users is combined with IdentityServer for implementing Open ID Connect :
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-3.1
1) You can use a flow something like below
'First, load the react project. then check for the token/user object. If there is no token/user, then redirect to the MVC project from react project. You can have the login page in MVC'
2) Use Implicit grant type
3) Yes. You can make customization in MVC login page
4) In order to do that, you can use the oidc-client npm package in react project. For the identity, use the Quickstart template from identity server 4 documentation.
Here it is
First of all, I am very new to the Salesforce platform. So apologies in advance if this is very straight forward and obvious.
So we are migrating our old app (based on .net platform) to Salesforce Community Cloud. One of the components in the app connects to the third party API service. The third party API endpoint uses Basic Authentication. We use service account credentials to generate basic authentication header.
We want to insert this component in a page using community builder. So whenever users visit the page, the component will pick the properties from logged in user, hit the third party API, get the required information and show on the page.
Is this doable in Salesforce? If yes, what is the best preferred way of achieving this?
Code-based approach - If your API is HTTP-based it's easy to implement in Salesforce via Apex callouts. The service account credentials should live in an instance of a Named Credential, it works together with a callout. Named Credential will automatically generate a Basic Auth header for you; this option in the Named Credential config screen is unhelpfully called "Password Authentication".
Declarative-ish approach: take a look at External Services:
With External Services, you use SF tools to import Swagger or
Interagent-based API definitions right into Salesforce using a schema.
Once you import the definitions, you can create a flow based on the
Apex classes generated from your External Services registration.
I have an existing J2EE application which provides some specific features after logging in to the application.
I have to provide SSO to just ONE of the customer who logs into our application while the rest of the customers would still use the login page and login with their credentials.
I am planning to use OpenAM Fedlet act as SP deployed as a separate application in our container.
I need some help in understanding if i need a full blown OpenAM instance deployed within us. Please provide any insights if you may have on this .
You can use the fedlet as an SP for this user. The trick is identifying this particular user and initiating SSO for this person, and going to the login screen for everyone else.
We would like to connect a salesforce user to another salesforce user in another org without any user intervention from a service.
We have tried SAML Bearer Flow (using Remote Access Application) to connect to salesforce to retreive Access Token for one of our product. We are referring to the follwoing article.
http://help.salesforce.com/help/doc/en/remoteaccess_oauth_SAML_bearer_flow.htm
As referred by the SF article for this flow, it uses a previous user authorization to connect and retreive Token. In case the user (for whom Token is requested) has not already authorized the App, SF takes you to the Authorization page first and app will get the access token once app is authorized. This is working fine too. However it has this painful step of users authorizing the app before we can use this flow for the product. It would be good and simplified if this step can be done once for an org and the article does mentions that either User or Admin can authorize the app. However I am not able to find how an Admin can authorize the remote access application.
Does anyone knows and can guide how can an Admin authorize an App or is thre any other way we can achieve our requirement. Any thoughts will be really appreciated.
OAuth1 and OAuth2 require user intervention by design. Anything you do to defeat this would be circumspect and not best practice. You could make it easy on the user, but you will always have the initial "Authorize this app" message.
If you are trying to make it easy for the user to login to either org, then you may want to consider a hub-and-spoke SSO solution. See this doc.
If you are trying to pass information between two Salesforce instances, then you may want to consider Salesforce2Salesforce, or outbound workflow. However, this is done at system context, not user context.
If you want to maintain user context and security, you should consider the new Salesforce Canvas API. Canvas allows you to call an outbound service, and pass credentials to the service so that it can communicate back. There is no reason the foreign service could not be a Salesforce instance.