I want to hide the admin part of my site if you are not in the admin role.
This means that while not logged in, the routing for the admin should return a 404 as not existing, and the view templates should not be served. Once logged in the routing table should be updated and templates should become available.
I think that the server part of not serving the pages could be done if using something like MVC for serving the templates, but I don't know if it is possible to have no references to the admin in angular till you are logged in?
So somehow angular needs to refresh its template for the menu, and routing table.
Related
I am trying to login into a salesforce community that is set up to use a VF page login page from the field service lightning mobile app. The view comes as a webpage instead of an FSL app view.
Also, when the login is set to standard community login, when I login into the FSL mobile app, I see the normal FSL app view.
Note: I am able to log in properly from the web.
The ask is to get the mobile view when logging in to the FSL app even when the default login is set as the Visual force page. Can someone help here if I am missing something?
This a known limitation for Salesforce Field Service Lightning Mobile App.Visualforce pages aren’t supported in the app.
Please find link : https://help.salesforce.com/articleView?id=mfs_limits.htm&type=5
May be this can be an idea for future releases.
I'm using the Blazor Server templates included with Visual Studio 2019.
In the template application that uses local authentication, When I view the page without being authenticated, the AuthorizeView tags work as expected, and the log in/out buttons on the navbar are displayed dynamically based on these tags. I am able to view the counter and weather forecast pages as a guest.
In the template application that uses Azure AD authentication, whenever I try and view a page without being authenticated, I'm redirected to the Microsoft login prompt. I'm still able to use the AuthorizeView tags to dynamically display components in the navbar, but what I want to be able to do is view the counter and weather forecast pages as a guest without getting redirected.
Is there any way to achieve this? Am I maybe missing something in App.razor?
Edit:
If I log out using the navbar link, and then navigate back with my browser, I can view the pages without authorization. But then when I refresh the page, I get sent back to https://login.microsoftonline.com/. What could be causing this? I want to view an unauthorized home page without getting redirected.
The behaviour you see is by design.
To change it you can make this change inside Startup.Configure :
services.AddControllersWithViews(options =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
//options.Filters.Add(new AuthorizeFilter(policy));
});
(and of course reduce this code to just services.AddControllersWithViews(); when you want to keep it this way.)
With this change you will have to block private pages with #attribute [Authorize] or with <AuthorizeView> and there is no automatic redirect to the login page.
I am wondering what is the best approach for achieving the following requirements. The site has about 5 static pages with a potential for many more in the future. Currently these pages are your typical web pages like home, about, company and so on. The site owner wants the login and signin forms to be modal window that animate in from the top. After authentication the user is redirected to the app which is an angular application.
Normally the signin/login form would be views in angular. I am wondering how to I use angular to deal with the forms while the home page is not actually part of the angular app.
Note the site owner whats the site to be on the same domain. So he doesn't want a static site that redirects to the app once the login/signin button is selected.
Thank you for any advice.
I am using angular
Lets say i have login screen(model,controller,view) and few other screens (model,controller,view) that perform some secret manipulation that available only to logged in user.
Is this possible to load to browser only login files(That those files won't be shown in F12/sources) ,then when user successfully logged in load all the secret files.
In short i don't want that user can see those files before he logged in.
That is one of the problems within client-side applications like angular SPAs. Since you want to load the content from your server, IF something happens on the client, the client already has to know, where it can get the content.
One solution could be to us ui-router. (Documentation). There, you can set a state for logged in users. Every state can have an own html template, which gets loaded, when you enter the state.
The problem ist, that the path of said html template is already on the client. That means, you have to set some kind of cookie from your server, so that you know, that the client is logged in. And only then, the requested template can be recieved. That way everybody can know where the template is on your server but cannot access it.
I want to use OAuth in my AngularJS application, and to do so I need to take the user to the Twitter OAuth page so that they can grant access. I could do this inside my application, but I'd prefer not to redirect the user out of the context of the Angular app (i.e. don't reload the page) and so what I want to do is open the authorization page in a pop-up or modal window. The user completes the workflow in that window and when they close the modal, the access token is stored in my app, or in a cookie.
I am really struggling to figure out how to open this pop-up and populate it with the Twitter grant authorization page.
> Here is an example: http://plnkr.co/edit/NeMAj32daePMopWaffkw?p=info
If you could get an external website to open in that modal then I think I might be part-way there?
I don't believe that's possible. Even if you could embed the Twitter auth page inside a modal's iframe, the OAuth flow would ways force it to redirect. Knowing that a redirect is applied to the entire page (e.g. browser window/tab) and not only to the iframe, it would end up redirecting your entire page.
And there's also the phishing risk
Your only option is to open a new browser tab/window(popup).
More information about Twitter's OAuth flows here and here.