We have developed a web program for one of our customers, where we use the company’s AD to validate the user. We use function AdsOpenObject('WinNT://... and this work fine, whoever one fail use of wrong password, and the user is disabled, and need to be reactivated. The AD is set up to use 5 fail login before disabling, and their mail system is working accordingly.
Any ide where to look for or any idea of using another method to validate a user against an AD. We use Delphi but other solution is welcome.
Related
Is there any way to login other users account for admin user ?
Currently authentication based on Meteor Accounts
I saw this post but didn't working at all now.
The feature is important for us because when user have problem in system then admin need to see it this by simulating user account.
Thanks in advance.
It seems you want to impersonate a user. This means that you want to have Meteor.userId (or this.userId depending on context) reflect the _id of a specific user both on the client and the server.
afaict the only way to do this is to login as the user. Presumably you don't want to ask the user for their password so you have a couple of choices:
Save their existing password, replace it (temporarily) with a password of your choosing, then after you're done impersonating their account, restore their existing password.
You probably don't want to ask the user for their password and you don't need to. All you need to do is set aside Meteor.user.findOne(userId).services.password.bcrypt, then reset the password to your temporary value, then restore the original bcrypt value later.
The downside is that the original user would not be able to login while you are logged-in. Plus it's really hacky.
Extend Meteor's Accounts package to provide impersonation capability in a more elegant manner.
You might also look at validateLoginAttempt. The docs are unclear as to whether a failed login attempt could be overridden with a successful one but if it could then that would provide another pathway to solve your problem.
Instead of logging in as the users, which requires their password and which is a total no-no, you may use rather alanning:roles and allow the admin to assign the role of any user in order to draw views based the user's role.
This requires a well designed role system.
As a plus you could then at least load the documents associated with the user who you want to support.
This requires a well designed document and data model.
But generally spoken you should rather focus on writing good tests (test driven development) for components as unit tests, integration tests and UI tests.
This will reduce the need to manually view the app as an end user a lot.
The most common end user problems can be reduced by creating a good knowledge base like a wiki or video tutorials.
Even if then an error occurs in the end user side, I would rather try to implement a well designed error log that allows users automatically create tickets on error which also include the error stack.
All the above methods are to be favored before logging in AS THE USER.
As #Jankpunkt has already mentioned alanning-roles I can add something you can use without installing any external package.
Just keep a type key in the profile object of the users collection. Then define some types like 1 for super-admin, 2 for admin, 3 for general etc. Then check the authorisation of particular action by checking the value of user.profile.type key.
Caveats: Make sure you are checking the type in server side. By default profile field is writable from the client end, so if you are putting type field in the profile object make sure that you are not allowing users to modify users collection in the client end.
Here is how to restrict client end update in users collection:
Meteor.users.deny({
update() { return true; }
});
Read more on roles and permissions here:
https://guide.meteor.com/accounts.html#roles-and-permissions
Initially I would like to inform you that I am using ember 2.10.
Can anyone tell me how to make a login system without a token?
I am developing an offline application with Ember and Electron and I need to make the login system without using external APIs.
If I understand you right, you want to create an application that will support few users. It is possible. You will need to perform following steps:
Install ember-simple-auth plugin. It makes auth-related things much easier
Create custom authenticator that will take a login and password or something from your users and save some identifier in session
Create login and register routes, where users will be able to login or create new credentials
Most probably you will not need an authorizer, because you don't have server api and don't send requests to it
Bear in mind that this will be zero-security system, even if you will use some encryption, because js code is not secured well from exploration. Also bear in mind that electron most probably stores user's data in user's home directory (I can't say for sure as I didn't work with electron, but node-webkit does that). In this case having different windows (or what OS your users will use) users is enough to separate data and you actually don't need any login system.
I'm writing an app that's supposed to run with MVC5 and using parse as a backend.
I'm using the new Identity feature of the MVC5 to login an user. I also tried to use this solution but I couldn't make it work.
What is happening is that when I login with the user A and then login with the user B in a different session (a incognito windows or a new browser) whenever I try to insert something related with a ParseUser object using the first user that was logged in I get an exception: UserCannotBeAlteredWithoutSessionError.
I'm not sure if I'm doing the implementation in a wrong way, or if it is a limitation of the Parse (I think it was designed to run using one user per device).
If you have a workaround for this situation please help me.
There is a good answer which may help: Parse Database Authorization - Security For User Objects.
So, it's a kind of Parse SDK limitation, when you can work with only one user per device (as ParseUser is cached locally). The only workaround that I can see is to perform SignOut/Login explicitly, when you need to do something from other user's context. There is no way to have two users work simultaneously from the same device.
We have a CI application where we used Ion-Auth as Authentication Library. We have used database for storing sessions.
So far everything works fine. Now, by default Ion Auth allows simultaneous logins for same user from different location. I want to prevent this. As per our client, only one login should be allowed.
Is it possible to achieve this, considering abandoned sessions (without pressing logout and closing browser) ?
If the issue in (1) above is complex to achieve, can I make a simple check if user is currently logged in./session is active.
The existing logged_in method does not take any input parameters. So I cant use this method.
I am assuming solution might be possible with already available library and I don't need to add extra fields/code to achieve this.
Thanks.
I have a C# desktop app where a user enters his company ID card number as a simple form of "authentication" against a database table of valid employees. If the user is found in the table with the correct permission level, the app runs and the user can use all of the screens and menus in the application. Problem is anyone who has a valid user's ID number (perhaps from a lost or stolen ID card) can run the program and get to the data.
We want to make this application more secure. Is there a way to use the Windows ID and pwd to authenticate application users? At the very least we would like to force app users to re-enter the credentials (ID and pwd) of the currently logged in Windows user on the machine. If that fails to authenticate then the application quits and will not run.
What are my options for adding this "feature" to my app? What is the easiest way to do it? LDAP bind? Compare the Windows ID entered to the User ID found in LDAP? What is the most secure way to do it? I"m good with making my apps talk to the database, but I've never done much with Windows security or authentication, so you'll have to talk down at my level. We want to avoid storing Windows user ID's in the database. The app is a VS 2008 project, but I will someday need to do the same thing in my VS 2010 projects. Thanks!