I am using Jackrabbit for document management system.I am trying to check the user is admin or not like below
Repository repository = new URLRemoteRepository("http://localhost:9090/jackrabbit-webapp-2.11.0/rmi");
Session session = repository.login(new SimpleCredentials("admin", "admin".toCharArray()));
JackrabbitSession js = (JackrabbitSession)session;
User user = ((User) js.getUserManager().getAuthorizable(session.getUserID()));
boolean isAdmin = user.isAdmin();
Here i am getting exception like below
java.lang.ClassCastException: org.apache.jackrabbit.rmi.client.ClientXASession cannot be cast to org.apache.jackrabbit.api.JackrabbitSession
Can any one help me
Related
I want to get incremental changes from Active Directory using C# and for that I am trying to build a solution as mentioned in the following article (using DirSync Control).
https://learn.microsoft.com/en-us/windows/win32/ad/polling-for-changes-using-the-dirsync-control
However, I am facing following problems:
When using following code, I am getting exception that The user has insufficient access rights. The user is part of administrators group.
What more permission needs to be given to that account? And how?
LdapConnection connection = new LdapConnection("adfs.fed.zzz.com");
connection.SessionOptions.ProtocolVersion = 3;
connection.Credential = new System.Net.NetworkCredential("adfsfed\\username", "password");
connection.AuthType = AuthType.Basic;
connection.Bind();
var filter = "(&(objectClass=*))";
var searchRequest = new SearchRequest("", filter, SearchScope.Subtree, properties);
DirSyncRequestControl dirSyncRC = new DirSyncRequestControl(null, DirectorySynchronizationOptions.None);
searchRequest.Controls.Add(dirSyncRC);
var response = connection.SendRequest(searchRequest) as SearchResponse;
If I am using below code, then I am not getting any exception but getting empty result in cookie.
String[] properties = { "objectGUID", "sAMAccountName", "displayName", "mail", "member" };
String filter = "(|(objectClass=group)(objectClass=user))";
DirectorySearcher directorySearcher = new DirectorySearcher(myLdapConnection, filter, properties);
var dSynch = new DirectorySynchronization(System.DirectoryServices.DirectorySynchronizationOptions.None);
directorySearcher.DirectorySynchronization = dSynch;
directorySearcher.SearchScope = System.DirectoryServices.SearchScope.Subtree;
var results = directorySearcher.FindAll();
var cookie = dSynch.GetDirectorySynchronizationCookie();
Considerations:
I have only one Domain Controller
I am system admin. So, I can assign appropriate permissions to the user.
Please help.
• Your user ID will need the "Replicating Directory Changes" permission and should be a member of ‘Domain Administrators’ group to use the DirSync LDAP control extension. But please note that it pretty much can read anything in the directory partition, regardless of standard permissions. Though they cannot change anything.
However - you may have some attributes that are sensitive in your directory. Please refer the powershell script in the below link and execute it with the user ID after giving appropriate permissions using C#. It is a dirsync code that will retrieve even attributes like ‘userAccountControl, userparameters, msexchuseraccountcontrol, pwdlastset, unicodePwd (BLANK, So no hashed domain password is returned), lockouttime, accountexpires, unixuserpassword(Its Hash is returned).
http://dloder.blogspot.com/2012/01/powershell-dirsync-sample.html
Based on the response given by #KartikBhiwapurkar-MT, I figured out the bug.
The error The user has insufficient access rights is completely misleading (User had already Replicating Directory Changes rights and was part of Domain Administrators group). The error was happening in System.DirectoryServices.Protocols is that I was passing out "" as first parameter (distinguishedName)
new SearchRequest("", filter, SearchScope.Subtree, properties);
but it should have been passed as
new SearchRequest("DC=adfs,DC=fed,DC=zzz,DC=com", filter, SearchScope.Subtree, properties);
I was getting empty cookie in System.DirectoryServices because of bug in latest nuget package (6.0.0). At the time of writing this answer, the bug is still open.
Reference to bug
I am attempting to update a user's AppRole assignments via the Graph Client. As per MS documents I am attempting to do it from the service principal side rather than the user side.
var sp = await _graphServiceClient.ServicePrincipals[objectId].Request().GetAsync();
ServicePrincipal newSp = new ServicePrincipal
{
Id = objectId,
AppId = _configuration["AzureAd:AppId"]
};
newSp.AppRoleAssignedTo = new ServicePrincipalAppRoleAssignedToCollectionPage();
newSp.AppRoleAssignedTo.Add(new AppRoleAssignment
{
PrincipalId = new Guid(u.Id),
ResourceId = new Guid(objectId),
AppRoleId = new Guid(r)
});
await _graphServiceClient.ServicePrincipals[objectId].Request().UpdateAsync(newSp);
I am getting 'One or more property values specified are invalid' but of course no real info on what property or even which object is the problem.
Anyone see anything obvious? I'm guessing on the syntax for the client usage bc I don't see much documentation or examples for it.
I test with same code with yours and met same issue and do some modification but still can't solve the issue. For your requirement of update user's AppRole assignment, I'm not sure if we can do it by the code you provided, but I can provide another solution which is more directly.
The code you provided is new a service principal and add the role assignment into it, then update the service principal. Here provide another solution, it can add the app role assignment directly:
var appRoleAssignment = new AppRoleAssignment
{
PrincipalId = Guid.Parse("{principalId}"),
ResourceId = Guid.Parse("{resourceId}"),
AppRoleId = Guid.Parse("{appRoleId}")
};
await graphClient.Users["{userId}"].AppRoleAssignments
.Request()
.AddAsync(appRoleAssignment);
The code above request this graph api in backend.
I followed the quickstart here: https://learn.microsoft.com/en-us/powerapps/developer/common-data-service/webapi/enhanced-quick-start
Which worked great, so then I need to register my app, so I followed this:
https://learn.microsoft.com/en-us/powerapps/developer/common-data-service/walkthrough-register-app-azure-active-directory
But now my unit tests give me the error:
Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException:
AADSTS65001: The user or administrator has not consented to use the
application with ID '[GUID]' named '[AppName]'. Send an interactive
authorization request for this user and resource.
I feel like I understand the error, that the administrator needs to consent. My program is doing some magic in the bakcgorund and the user is not signing in, it is using a set username and password and the user should not be consenting to anyone. Is there any way to set this consent permanently, or force it every time through the Helper class in the first tutorial? All my Google-fu came up empty... Thank you.
You can use something like this:
CrmserviceClient is from Microsoft.Xrm.Tooling.Connector nuget
private CrmServiceClient GenerateService()
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
ServicePointManager.Expect100Continue = true;
ServicePointManager.CheckCertificateRevocationList = true;
ServicePointManager.DefaultConnectionLimit = 10;
var service = new CrmServiceClient(new Uri(organizationUrl), clientId, secret, false, string.Empty);
if (service.IsReady == false)
{
throw new Exception("CrmOrgService isn't ready. " + service.LastCrmError);
}
return service;
}
Or if you want to use connection string you can use this:
Connection string : https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/developer/xrm-tooling/use-connection-strings-xrm-tooling-connect
var connectionString =
ConfigurationManager.ConnectionStrings["XY"].ConnectionString;
var conn = new CrmServiceClient(connectionString);
IOrganizationService orgService = conn.OrganizationServiceProxy;
I'm trying to seed the DNN database with users and roles from an XML file I have with the users and the roles they should be a member of. How can I seed the database in a way that DNN will pick up the existing user account and associated roles, when the user logs on with the Google Authentication provider?
We're using Google Apps to do the authentication, and that works when you do the account validation as DNN manager manually, and assign roles manually.
I tried entering in Users, UserRoles, UserPortals and aspnet_Membership, aspnet_Users. But that doesn't work. When I try to log on I get a message that the user account is already in use.
Edit The problem seems to be that I'm not able to fill the AuthenticationToken column in the UserAuthentication table. I don't know how the values that are inserted into this column are constructed.
Is the Google Authentication provider for DNN itself also Open Source so I can take a look at how this works? I haven't been able to find code, but maybe I didn't search long/good enough :)
Here is some documentation from DNN on how to enable some of the oAuth provider implementations including the Google provider which I assume is the one you are using.
Notice the section for "Configuration of Registration Options in Site Settings" where it explains the registration options. All authentication providers should automatically create DNN user accounts upon the first successful authentication. Which means you shouldn't have to seed the database with users beforehand. It looks like in DNN 7.4, there were changes to how the accounts are created based on the Site Settings Registration type.
If this is not happening for you or you need to update user information from the source (google) in a very specific way, you may need to customize your own authentication provider. I have a tutorial that explains the basics of this on DNNHero.com.
I have had some research, merge all reference code and developed a working script for you.
You have to still do some modification in my script as your requirement. My script developed for add users programmatically in DNN website. I think you need to do foreach loop to insert all your Google users from XML file. You can do it to call Dim status As UserCreateStatus = CreateUser(Me.PortalId) line in foreach loop.
Step 1: Create role "Google User" in your DNN website.
Step 2: Create member variable of MembershipProvider in your class.
Private Shared memberProvider As DotNetNuke.Security.Membership.MembershipProvider = DotNetNuke.Security.Membership.MembershipProvider.Instance()
Step 3: Set your XML user data in below method.
Private Shared Function GetUserInfo(ByVal fiPortalId As Integer) As UserInfo
Dim a As New UserInfo
a.FirstName = FirstName
a.LastName = LastName
a.PortalID = fiPortalId
a.Email = EMail
a.Username = UserName
a.DisplayName = DisplayName
Dim objMembership As UserMembership = New UserMembership
objMembership.Approved = True
objMembership.CreatedDate = DateTime.Now
objMembership.Email = EMail
objMembership.Username = UserName
objMembership.Password = Password
a.Membership = objMembership
a.IsSuperUser = False
Return a
End Function
Step 4: Create user method.
Public Shared Function CreateUser(ByVal fiPortalId As Integer) As UserCreateStatus
Dim createStatus As UserCreateStatus = UserCreateStatus.AddUser
Dim user As UserInfo = GetUserInfo(fiPortalId)
'Create the User
createStatus = memberProvider.CreateUser(user)
If createStatus = UserCreateStatus.Success Then
'Dim objEventLog As New Services.Log.EventLog.EventLogController
'objEventLog.AddLog(objUser, PortalController.GetCurrentPortalSettings, UserController.GetCurrentUserInfo.UserID, "", Services.Log.EventLog.EventLogController.EventLogType.USER_CREATED)
DataCache.ClearPortalCache(user.PortalID, False)
addRoleToUser(user, "Google User", DateTime.Now.AddYears(25))
End If
Return createStatus
End Function
Step 5: Apply role to all users.
Public Shared Function addRoleToUser(ByRef user As UserInfo, ByVal roleName As String, ByRef expiry As DateTime) As Boolean
Dim rc As Boolean = False
Dim roleCtl As RoleController = New RoleController
Dim newRole As RoleInfo = roleCtl.GetRoleByName(user.PortalID, roleName)
If newRole IsNot Nothing And user IsNot Nothing Then
roleCtl.AddUserRole(user.PortalID, user.UserID, newRole.RoleID, DateTime.MinValue, expiry)
user = UserController.GetUserById(user.PortalID, user.UserID)
rc = user.IsInRole(roleName)
End If
Return rc
End Function
I had test above script in my computer and it works. Please let me know if you have any questions.
I'm trying to create a user with the DNN 7 services framework. I've taken my working code from my custom registration module and modified to work within a DNN webapi function.
When I get to the UserController.CreateUser call in the code below I receive a
"\"There was an error generating the XML document.\""
exception. My user makes it into the aspnet_Users table and the DNN users table but does not make it into the DNN userportals table. Any ideas would be appreciated.
private void CreateUser()
{
//Update DisplayName to conform to Format
UpdateDisplayName();
User.Membership.Approved = PortalSettings.UserRegistration == (int)Globals.PortalRegistrationType.PublicRegistration;
var user = User;
CreateStatus = UserController.CreateUser(ref user);
I finally found the issue. I was not setting the portal ID for my new users and DNN was excepting out when it was adding them to a portal. All it took was User.PortalId = 0 before the CreateUser call.
I have found by trial and error that the minimum needed to create a viable DNN user is:
UserInfo uiNewUser = new UserInfo();
uiNewUser.Username = "<myUsername>";
uiNewUser.Displayname = "<myDisplayname>";
uiNewUser.Email = "<myUserEmail>";
UserMembership newMembership = new UserMembership(uiNewUser);
newMembership.Password = "<myUserPassword>";
uiNewUser.Membership = newMembership;
uiNewUser.PortalID = <myPortalID>;
DotNetNuke.Security.Membership.UserCreateStatus uStatus;
uStatus = DotNetNuke.Security.Membership.MembershipProvider.Instance().CreateUser(ref uiNewUser);
RoleInfo newRole = RoleController.Instance.GetRoleByName(uiNewUser.PortalID, "Registered Users");
RoleController.Instance.AddUserRole(uiNewUser.PortalID, uiNewUser.UserID, newRole.RoleID, (RoleStatus)1, false, DateTime.MinValue, DateTime.MaxValue);
If any of these are missed out, parts of the user are created in the database, but the user may not be visible in the Admin list of users, or an Exception may be generated. Other details can be added later.