I am trying to secure my DNN site running on DNN version 7.01.02
WHat i am looking for is that anybody who registers for a new account must enter a valid email id and should be able to login only after he clicks the verification mail.
Currently the way i have it is Once the user enters his Email and chooses a password he is directly logged into the site and only gets the following message.
Here are the site settings for the Website i use to control the user Registration.
So how can i change this config so that the user can only log into the portal once he goes through the verification mail
PS: My verification mail works. I have checked the SMTP settings.
As an administrator, go to Site Settings, User Account Settings and change the User Registration Setting to "Verified."
The user will be required to enter a verification code when they log in for the first time.
I personally use the private setting, but I have a low traffic site. IF you dont mind verifying the accounts you can do that. Also you can set it to redirect to a page where it tells them that the account needs to be approved before they can login
Related
I'm building a static website in Azure and want to use this function:
https://learn.microsoft.com/de-de/azure/static-web-apps/authentication-authorization
When I try to invite a user, it explains that an administrator as to accept this invitation, but where does he have to do this? I cannot see an option for this in portal.azure.com
it also seems not to be possible to "preload" the roleassignments to the users. because on the "acccessmanagement" site for this website in portal.azure.com it grants the access to the complete resource in portal.azure.com, but I just want the user to use the website.
Any ideas?
Thanks,
kind regards
If you are following the invitation instructions in that document, you need to copy the link from the "Invite" link box and actually send it to the person.
Navigate to a Static Web Apps resource in the Azure portal.
Under Settings, click on Role Management.
Click on the Invite button.
Select an Authorization provider from the list of options.
Add either the username or email address of the recipient in the Invitee details box. For GitHub and Twitter, you enter the username. For all others, enter the recipient's email address.
Select the domain of your static site from the Domain drop-down.
The domain you select is the domain that appears in the invitation. If you have a custom domain associated with your site, you probably want to choose the custom domain.
Add a comma-separated list of role names in the Role box.
Enter the maximum number of hours you want the invitation to remain valid.
The maximum possible limit is 168 hours, which is 7 days.
Click the Generate button.
Copy the link from the Invite link box.
Email the invitation link to the person you're granting access to your app.
I was just recently created as a new user in Microsoft 365 Admin Center (https://admin.microsoft.com/) and during account creation, when setting up password, there was a field to send the password /setup details to me through another email address (my previous email address, outside O365).
I received my new account notification at this other email address, and now this email address gets notifications etc. but when we look at my Azure AD membership, I can't find where this email address is configured in the settings. Where is this forwarding address being stored?
We checked Azure Admin portal (portal.azure.com) Authentication contact info for my entry and it's not filled in.
It's not in Manage User Name or contact information in the https://admin.microsoft.com/Adminportal/Home#/users page
It's not in my account profile anywhere in https://portal.office.com/account/#personalinfo
Totally stumped! Apologies if the answer is obvious.
Mystery solved: The forwarding was happening through billing notifications setup:
https://admin.microsoft.com/AdminPortal/Home#/BillingNotifications
did you check in the account profile under security and privacy? there is an email field there as well. https://portal.office.com/account/#security
if not there. then there is a different spot,
make sure you're logged into portal.office.com
then go here
https://myaccount.microsoft.com/
then click security info. enter your password again, and there is a authentication email there as well.
hope this is what you're looking for.
I have Azure AD B2C tenant set up with a signin/signup policy which includes sign up attributes of Email Address and Postal Code.
When anyone access any URL in the API secured by that tenant, then they get the nice Default Signin/Signup screen, and if they are signing up, then there is an text box where they can enter their postcode.
My question is, is there an equivalent Default Profile Edit page where user can see/edit their Profile (which would consist of email + postal code only [although I believe that based on Can we change email address of user from "Profile editing policies" in Azure AD B2C? actually email wouldn't be editable, so lets say just Postal Code].
If there is a way for a users to "log in" and see/edit their profile via a default profile edit screen and if so, what is the URL for that? https://login.microsoftonline.com/static//somthing?
Or can the user's profile editing only be done via either a Page UI Customization or via a separate web page plus Graph API calls only?
OK I think I've answered my own question here. I now see that on the Profile Editing Policy blade, there is a Run Now endpoint
https://login.microsoftonline.com/yourtenantname.onmicrosoft.com/oauth2/v2.0/authorize?p=B2C_1_EditProfilePolicyOrWhateverYourEditPolicyIsCalled&client_id=your-application-id-guid&nonce=defaultNonce
When I run that end point I get a very basic editing screen showing the Profile attributes.
This is the kind of thing I was driving at in my question.
Also, not sure how I didn't previously see https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-quickstarts-web-app
It has lots of information and in the "test drive an Azure AD B2C Web app" section shows what I need to know pretty much exactly.
Finally, this document https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-oidc#send-a-sign-out-request
has a lot of information including how to log out:
GET https://login.microsoftonline.com/fabrikamb2c.onmicrosoft.com/oauth2/v2.0/logout?p=b2c_1_sign_in&post_logout_redirect_uri=https%3A%2F%2Faadb2cplayground.azurewebsites.net%2F
As per the sign-up or sign-in policy, you can create a profile editing policy, which enables an end user to view and edit the profile attributes for their local account.
The end user can't edit their e-mail address via this profile editing policy.
You can otherwise implement the profile editing UI and integrate through the Graph API to get and set the profile attributes for the local account.
I have a serious login problem with my new (and first ever) Drupal 7 site.
I have two different users so far, which of one is the admin which was created while installing Drupal. If, I log in with the other user's username and password, still, the hovering admin menu will and the menu shows the username of the admin user. This happens, if I log in to both accounts from the same computer, but now I tested the non-admin account from a computer that have never been used to log in the particular site before, and the problem
I am using the current 7.34 core of Drupal 7. The login module is the built-in one of the core.
How is this possible and what can be done about it?
Remove cookies from your browser for this site
Make sure your second user has not admin role.
New installation of Joomla! 3. User registration gives me a problem that I cannot figure out how to solve: all new users got registered and activated but not enabled so when they are trying to login error messages "Login denied! Your account has been blocked" comes up. Checking on the back shows Activated but not Enabled.
I am using setting that will enable the user to register and use account right away without email confirmation.
The setting in User Management module are:
Allow User Registration:Yes;
New User Registration Group:Registered;
New User Account Activation:None;
Notification Mail to Administrators:None;
Please specify which other component are you using for you current site.
Might be some plugin will disable the user while creating new user, try to disable user plugin one by one and check it works or not
Setting for your preference:
Allow user registration: Yes;
New user registration Group: Registered;
New User Account activation: Self;
Although this is not a coding problem, still the answer to your question.