As far as I could understand, when the user presses the Submit button eventually, the GetSerialization method will be called to get login details.
I am programming a Credential Provider that waits for some external signal to log in, and I do not want the user to press the Submit button.
Is it possible to trigger the submit event from the Credential Provider?
I found a way to do it. The trick is not to call the submit button, but use the ICredentialProviderEvents::CredentialsChanged method. I have a thread running, that will eventually trigger the CredentialsChanged. This will then enable a new Credential that logs the user in.
This is shown in the Microsoft Sample SampleHardwareEventCredentialProvider.
It is worth notice that the Windows LogonUI automatically selects this new Credential. I do not know if this is in the documentation, but it is the behaviour I experienced.
The more appropriate way would be to implement the IConnectableCredentialProviderCredential interface, which is designed specifically for this purpose.
Related
I am facing issue while implementing Child Sessions launcher in my app. Basically as per Microsoft document when admin user launches child session then it shouldn't ask for credentials. However it does ask credentials (shows as popup to enter the credentials). If the user cancel it then we want to capture the cancel event.
We have implemented the child launcher functionality by referring to this url -
https://learn.microsoft.com/en-us/windows/win32/termserv/child-sessions
when it calls ImsRdpClient9.connect(), then it pop-ups to enter the credentials. Now if user clicks on cancel then I want to capture the event. I tried implementing https://learn.microsoft.com/en-us/windows/win32/termserv/imstscaxevents-interface but it didn't work. Is anyone out there to show an example how to implement the IMsTscAxEvents interface and listen to the various event (e.g, OnLogonError, OnAuthenticationWarningDisplayed etc) when windows show up with the logon error (on child session launcher).
I have used this sample to integrate a bot in MS Teams
https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/csharp_dotnetcore/46.teams-auth
I needed to configure a third party OAuth provider and had all sorts of trouble doing so. Thanks to a smart gentleman on another thread, I am now able to authenticate my user with such provider.
Here's a quick example of the conversation flow. Don't mind the buttons in French, Oui is Yes and Non is No. On first boot of the application, when I click on the Sign In button, my provider's authentication windows opens and shows the auth form just fine.
However, when it comes time to logout the user and I type "logout" as indicated within this code sample
If I type anything else to log back in, I am instantly showed that I'm logged in, the authentication window opens and closes instantly and my token remains obtainable. How do I go about actually clearing that token? I don't feel like this is the intended behaviour, as shown by the docs here:
Do I have to clear it manually? If so, how should I approach this?
Thanks for any help you can provide on this
Note: I have tried to revert back to the default sample, with an AzureAD v2 connection and the result is the same. I login just fine with my Azure AD account, but the token persists even after a logout.
EDIT
Following the sugestions, here are additional screenshots
This is some info from the Context object passed down to the Interrupt
This is the content of the AuthenticationContext available in the Context object above
Note that I get my Success when I call the logout endpoint that was suggested
After Parse.com have introduced new revocable session that gets destroyed when a user logs out, is it possible to build a reliable login process using "magic links", ie. a user receives an email including a link, and gets logged in in a web browser after clicking that link?
Previously, sessions in Parse were long lived and implementing a magic link login process was a matter of providing the user with his/her session token and having the client call Parse.User.become(<sessionToken>).
This approach will fail with new revocable session if a user is not already signed in to the Parse server when generating and clicking a magic link, since there will not be any session to give the user that he/she can use in the call to Parse.User.become().
Any clarification if this is possible to accomplish this with the new more secure type of revocable sessions in Parse, or suggestions on how to achieve this, are welcome.
IBM Knowledge Center states that
Server disables security access checks during subscription execution
but does not mention the user credentials the code uses to execute which you need to know in order to map user RunAs roles on the application server.
What user credentials does FileNet use to execute event action code?
As I understand, when you create async subscription it will be executed under p8boostrap user.
And it will keep user context when you execute syncronious subscription.
But you can check it for sure.
It is using the user who triggered the action. E.g. if a user changes a property of a document (let's say DocumentTitle because it is always there) and clicks save, then an update event will be triggered which launches the subscription (if subscribed to the update event) which launches the action. Use synchronous for short running tasks, you can immediately show the update to the user. With asynchronous the user will have to click "Refresh".
Security can be a pain if not planned carefully at the beginning, for the action to be executed, the user has to have rights for the subscription, action event, document class etc. basically for everything involved or the user will get a cryptic error message when trying to modify the DocumentTitle.
Source: personal experience, sorry no official reference, if in doubt verify first.
Customer want to restrict duplicate login for the App, once user login from another phone, the session of previous phone should be invalidated.
but I can't find the API for worklight to do this, besides using push, another suggestions? thank you very much.
Worklight indeed does not provide any API for this type of scenario.
Here is what I am thinking as an example of what can be done:
Device #1 is an Asus, device #2 is an LG
As the user log-ins, you will store the device information in the Worklight database (using WL.Client.setUserPref)
When the user will try to log-in again from another device, you could pull the existing pref (using WL.Client.getUserPref) and compare the device types
If they are not the same, logout current userId and re-login
(Consult the user documentation for additional API methods around userpref)
This could be a way to ensure the user is logged only from one device.
You could also use the userId associated with the deviceId and update upon every login if (currentDeviceId != latestDeviceId) logout(); and so on...
Here I have posted a implementation mechanism which strikes in my mind.
Its still a suggestion.
Whenever a user tries to login an entry can be made in backend[DB/Webserice] which tells about the user/device information.
If the user info is existing already then you can prompt a dialog box to the user The account has been logged in already, if you continue to login the previous session would be logged out trigger a push notification to the previously logged in user device, if user continues.
Now a notification will be reached to previously logged in device. Here you can implement the logic to execute the WL.Client.logout(realm, options).
It would be great if someone post answer better than what I did.
And also let me know if my suggestion was helpful or not.