I want to understand the sequence of steps how it is verified that a user has permission to particular application page ('Acl', 'Auth', 'Security' components are used). For example, a visitor clicks a link on another site that directs him to my application. What is the sequence of steps that my application does to verify that this user has access to the page? What controllers/classes and methods are called?
if Auth is required on that page,
your app checks if a user is logged
in
if not, it redirects to login page
if yes, your app should check
permission,
normally, it checks your user group
to see if that group has permission
on that page
if it does, it checks that username
to see if that user has permission
on that page
logics for 3,4 and 5 should be done in app_controller
thats my take on it.
Related
I have DNN 7.4.2 installed. Besides standard registration/login I would also like to utilize Facebook,Twiiter,Windows Live, and Google authentication. However, I don't like the current workflow. I am now familiar using the Christoc templates to build custom modules, but is this what I want to do, or do I need to build a custom authentication provider. A lot of the examples out there reference old versions of DNN.
Here's the flow I want:
1) If User is not logged into site, check to see if they are logged into one of the social sites, and if so check their id to see if it is associated with a User on my site. If so, log them in automatically to my site.
2) If User is not logged in yet, display "Register" and "Login" Links on my menu.
3) If they click the "Register" link, a jquery popup should appear. Buttons for normal registration, and a button each for registering with one of the social sites should appear.
4) If they click on the regular registration, they should go directly to un-pre-populated registration form.
5) If they click on one of the social buttons, it should retrieve whatever info it can from the particular social site, and then go to the same registration form, but pre-populate the controls with the info it retrieved.
6) The registration form should have all the standard fields, plus a place for the avatar (which can be prepopulated from the pic retrieved from social site). In addition, I am using DISQUS comments, and so I want them to be able to enter their DISQUS login info and/or create a DISQUS account.
7) Once the user hits submit, only then is the User actually created. User should be returned to whatever page they were on when they started the registration process.
8) If User is not logged in, and they click "Login" link, a jquery popup will give them Username/Password controls if they want to login in standardly, and also have buttons for logging in with each of the social sites.
9) Id login is unsuccessful, jquery popup content would be replaced with "Unsuccessful" content, and content for retrieving lost usernames / passwords.
10) If login is successful, then they should also be logged into DISQUS.
If there is already a good module that will do all this, then I would prefer just to spend $100-$200 to get it. However, if there isn't, I would just like a push in the right direction on how to program all of this.
1) If User is not logged into site, check to see if they are logged
into one of the social sites, and if so check their id to see if it is
associated with a User on my site. If so, log them in automatically to
my site.
This point is unpossible. Every web page is isolated from each other. You can't determine that user is logged in or not in another webpage. Also you can't identify not logged user (in your website) to check if he is logged in with API (by userId).
I thnik all other points can be reached by this module: http://store.dnnsoftware.com/home/product-details/social-login-and-social-sharing.
While I thank Aram for his suggestion, I believe I am going to have to write my own custom authentication providers from scratch. I hate the fact that I could get no other responses. I also hate the fact that there is seemingly no good options for me to make a reasonable on-time module purchase to at least get something resembling what I need.
I have a serious login problem with my new (and first ever) Drupal 7 site.
I have two different users so far, which of one is the admin which was created while installing Drupal. If, I log in with the other user's username and password, still, the hovering admin menu will and the menu shows the username of the admin user. This happens, if I log in to both accounts from the same computer, but now I tested the non-admin account from a computer that have never been used to log in the particular site before, and the problem
I am using the current 7.34 core of Drupal 7. The login module is the built-in one of the core.
How is this possible and what can be done about it?
Remove cookies from your browser for this site
Make sure your second user has not admin role.
We are registering users in our Drupal system via REST services call from 3rd party system.
What happens is that the user is redirected to "ms/checkout" after successful registration and gets a 403-Forbidden message. Any thoughts on why this might be happening and how to fix this?
May be its issue of permission. Go to Permissions page and allow annonymous user to access Cart, Checkout page.
I have design a page where every time user go to page submit a code after entering a code or password then access all other website pages.
I know rest of work is achieved through Access Control List means only logged in users can access.
Now I need page where you can enter only password without enter username.
Here is an example click here
Currently this page is non joomla page ..rest of the site is joomla based.
How can I edit login page so that login page only have password filed.
also when user close browser he logout automatically
requirement is only one code is used thorough out the website for every user ....
Best Regards
Got to this directory
components/com_users/views/login/tmpl
Find default_login.php and modify it as per your usage. Make sure you are checking in active template directory.
i want to create a user account using asp page in which only one user can login their account ,if that page is currently logged then no one can log in that page after log out only another user can log in that account
This may give you glimps, in database you may add a table UserLogin with two fields UserId, IsLogin. While loggin in any user check for islogin status if it returns true then dont allow user to login. If returns false then allow user to get login. After successful login switch islogin state true.
Hope I have understand your question.
Darshan Joshi's answer is one way to do it, and if you have a simple enough application it may be sufficient.
Depending on the specifics of your application, you might want to think about different angles.
For example: If more than one distinct page needs to only take one user at a time, I would think about creating a new table with a record for each of these pages. This way, you can set a page as logged-in/in-use using the user's unique ID when someone logs in or access the page. When the user logs out/leaves the page (or if their ASP Session expires- users do not always log out cleanly!) you can "unlock" the page again. Not only that, you might reduce database load by searching specifically for the page record rather than any user with a logged-in flag.