This is scenario I'm going for:
User visits the site, site.com, meta tag detects that the user is on a mobile device, and bounces the user over to m.site.com. Then, the user sees a link for "View full site," and clicks on it.
But then, the site bounces the user over again.
Is there a clean way of handling this? Allowing the user to choose which version he/she wants to see, but by default, first going to the mobile site?
Thanks!
Tonnes of ways I can thing of.
You could have a parameters/page which the user visits. For example google have /ncr (no country redirect). When the user visits this particular page you could set a session/cookie which can be monitored to prevent redirection.
-You could only redirect the user if a particular cookie is not detected, and they are using a mobile user-agent.
You could check the referer in addition to the user-agent, and if the referer has come from m.site.com then don't redirect.
Related
I have created Connected App in Salesfoce and have customized the login screen (changing logo, button css etc., using Visualforce). When user logs in for the first time or logs in from different browser or device, it prompts for 'Verify your identity' (to enter verification code).
I know we can customize the option of sending the verification code to mobile or email. But, I would like to customize the 'Verify your Identity' screen like changing the logo, button css etc. I didn't find it under Visualforce Pages.
Where is this located and how can the styles be customized?
This will be possible in Winter '20. From Release Notes:
When external users register a verification method, either a phone
number or email address, Salesforce displays a Verify page for users
to enter their verification code. You can replace the default Verify
page with your own, for example, to reflect your brand or meet your
corporate guidelines
I want to use IdentityServer4 as a common login for my own web applications.
Not all users are free to use all apps and obviously I could make all apps have users be rejected that aren't allowed to access them.
It seems a little more elegant to have a common "this app isn't activated for you" page centralized in the identity server though. That way, I need to implement that page only once. The identity server would have to have knowledge about which user may access which client, but that's reasonable in my scenario: they are all my own apps anyway.
I'm not sure what the right place is to hook the test in. It can't be the login page as the user may already be logged in to the identity server from a client he does have access to.
I wouldn't go for this approach, but I do not know the design of your apps.
I think that the url may confuse the user. Since it is the url of the IdentityServer where they see the "this app isn't activated for you" message. What does that mean to the user and where to go from there?
Besides, IdentityServer is meant to authenticate users, not to authorize users. So it doesn't seem right to move this kind of logic to IdentityServer. It also sounds like extra work.
Keep it simple. Keep authorization close to the resource and create one page with the message. Copy that to all your apps and css does the rest.
And use the default behaviour. In case an anonymous user hits a secured method, the user will automatically be rerouted to the login page. In case an authenticated user hits a method where it doesn't have access, it reroutes to the default (apps) Account/Denied page.
You can override the path in you startup configuration:
.AddCookie("Cookies", options =>
{
options.AccessDeniedPath = "/accountdenied";
})
You can show the "this app isn't activated for you" page, or you can go from there and redirect with code to the IdentityServer page. With the possibility to add additional information to customize the page.
Perhaps you can enter the page of IdentityServer instead, if that fits your design better. I haven't tried it, so I do not know if that's possible.
But in any case I would keep the authorization logic in the app.
I have an AppEngine (Java) application that uses the native AppEngine authentication mechanism (see: https://cloud.google.com/appengine/docs/standard/java/users/). It generates login and logout URLs via the createLoginURL and createLogoutURL methods as detailed in that article.
On desktop, everything works perfectly fine. A user with multiple accounts active will be prompted to select one to use upon login, and she will be logged out of all of her accounts upon logout.
On mobile, however, it does not work this way. A user with multiple accounts will be automatically signed in to the first one (whatever that is) upon login, and she will be prompted to choose an account upon logout. I have no idea why the account-picker is shown as part of the logout process, and I have no idea what choosing an account there actually does, since the end-result appears to be the same regardless of the account chosen: AppEngine thinks that the user has been signed out.
In the past, an account picker used to be shown upon login (it was a radio-button account picker, less pretty than the logout one, but functional nonetheless). Now, I cannot get one to appear. I have confirmed via https://myaccount.google.com that multiple accounts are actively signed in.
A simple test of this workflow is as follows:
Generate login and logout URLs via createLoginURL and createLogoutURL.
On mobile:
Sign in with one Google account.
Sign in with another Google account.
Confirm that both are signed in via https://myaccount.google.com.
Navigate to the login URL.
Expected behavior: account picker is shown; upon selection, the user is redirected to the "continue" URL.
Actual behavior: no user action takes place and the user is redirected to the "continue" URL.
Navigate to the logout URL.
Expected behavior: no user action takes place and the user is redirected to the "continue" URL.
Actual behavior: account picker is shown; upon selection, the user is redirected to the "continue" URL.
For reference, here are the values of the login and logout URLs as generated by the createLoginURL and createLogoutURL methods (obviously "EXAMPLE-APP" would be the actual AppEngine ID of my application):
createLoginUrl("/ui/signin.html"): https://www.google.com/accounts/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://EXAMPLE-APP.appspot.com/ui/signin.html<mpl=gm
createLogoutUrl("/ui/signout.html"): https://EXAMPLE-APP.appspot.com/_ah/logout?continue=https://www.google.com/accounts/Logout%3Fcontinue%3Dhttps://appengine.google.com/_ah/logout%253Fcontinue%253Dhttps://EXAMPLE-APP.appspot.com/ui/signout.html%26service%3Dah
Also, I am currently experiencing this with Android phones running Chrome (one Galaxy S6 and one Pixel; I do not have other devices to test with at this time).
My question: how can I make Google display the account picker for the login action in Google AppEngine (for Java) on mobile devices?
Edit: Here is an example AppEngine project that demonstrates the problem.
Site: https://java-auth-test.appspot.com/
Source: https://github.com/tekkamanendless/appengine-java-auth-test/blob/master/src/main/webapp/index.jsp
I have DNN 7.4.2 installed. Besides standard registration/login I would also like to utilize Facebook,Twiiter,Windows Live, and Google authentication. However, I don't like the current workflow. I am now familiar using the Christoc templates to build custom modules, but is this what I want to do, or do I need to build a custom authentication provider. A lot of the examples out there reference old versions of DNN.
Here's the flow I want:
1) If User is not logged into site, check to see if they are logged into one of the social sites, and if so check their id to see if it is associated with a User on my site. If so, log them in automatically to my site.
2) If User is not logged in yet, display "Register" and "Login" Links on my menu.
3) If they click the "Register" link, a jquery popup should appear. Buttons for normal registration, and a button each for registering with one of the social sites should appear.
4) If they click on the regular registration, they should go directly to un-pre-populated registration form.
5) If they click on one of the social buttons, it should retrieve whatever info it can from the particular social site, and then go to the same registration form, but pre-populate the controls with the info it retrieved.
6) The registration form should have all the standard fields, plus a place for the avatar (which can be prepopulated from the pic retrieved from social site). In addition, I am using DISQUS comments, and so I want them to be able to enter their DISQUS login info and/or create a DISQUS account.
7) Once the user hits submit, only then is the User actually created. User should be returned to whatever page they were on when they started the registration process.
8) If User is not logged in, and they click "Login" link, a jquery popup will give them Username/Password controls if they want to login in standardly, and also have buttons for logging in with each of the social sites.
9) Id login is unsuccessful, jquery popup content would be replaced with "Unsuccessful" content, and content for retrieving lost usernames / passwords.
10) If login is successful, then they should also be logged into DISQUS.
If there is already a good module that will do all this, then I would prefer just to spend $100-$200 to get it. However, if there isn't, I would just like a push in the right direction on how to program all of this.
1) If User is not logged into site, check to see if they are logged
into one of the social sites, and if so check their id to see if it is
associated with a User on my site. If so, log them in automatically to
my site.
This point is unpossible. Every web page is isolated from each other. You can't determine that user is logged in or not in another webpage. Also you can't identify not logged user (in your website) to check if he is logged in with API (by userId).
I thnik all other points can be reached by this module: http://store.dnnsoftware.com/home/product-details/social-login-and-social-sharing.
While I thank Aram for his suggestion, I believe I am going to have to write my own custom authentication providers from scratch. I hate the fact that I could get no other responses. I also hate the fact that there is seemingly no good options for me to make a reasonable on-time module purchase to at least get something resembling what I need.
I have design a page where every time user go to page submit a code after entering a code or password then access all other website pages.
I know rest of work is achieved through Access Control List means only logged in users can access.
Now I need page where you can enter only password without enter username.
Here is an example click here
Currently this page is non joomla page ..rest of the site is joomla based.
How can I edit login page so that login page only have password filed.
also when user close browser he logout automatically
requirement is only one code is used thorough out the website for every user ....
Best Regards
Got to this directory
components/com_users/views/login/tmpl
Find default_login.php and modify it as per your usage. Make sure you are checking in active template directory.