I'm working on a reasonably fresh install of umbraco (7.1.8). I've only installed three plugins at the moment, so I don't believe they are the issue.
If I login using the id created during the install process, I can login fine. But now I want to start adding other users to allow them to add content, and I can't seem to get the users created so they can get access to the back end.
I've double and triple checked the passwords (even using the reset password and copy/pasting from one browser to the next). I've tried using both the email address and the login, but no joy in either scenario. I've tried to just make this first account an admin - no joy.
I opened the console and found this error on the console:
POST /umbraco/backoffice/UmbracoApi/Authentication/PostLogin 400 Bad Request 114ms
I'm hoping it's something glaringly obvious, but I can't see it for the life of me.
Had a similar issue a while back in version 6 where members created programmatically would not be able to login once they updated their email address. Had to ensure that the login was the same as the email address in order for them to login the next time. It is rather confusing I must admit.
Ensure login field value of user = email address field value of user
Related
I am using Laravel 8 with Fortify.
Everything is working Fine so far apart from email verification.
The Issue
When a user registers successfully they receive an email containing a signed url.
When the url is clicked, the user is redirected to the login page.
The user signs in.
verified_at field in db is not updated
Here is a generated link from the email
https://certhub.test/email/verify/1/7c9f29d87b505da773415b7e0369368e6eaf5fa6?expires=1643801371&signature=a255a0f05fcdb9a23cb7dba392e39317db3cd6657b69d7799c4840008d1633e0
Has anyone experienced this issue?
I spent a good 2 days to fix mine and my problem was I had 'same_site' set to strict in my sessions.php and changing to lax did the job for me.
I understand that Watir and Selenium have issues with NTLM auth when trying to login to web pages for testing. My research indicated that there are two normal work around. 1. add the credentials into the URL 2. use an auto auth plugin/extension. I currently don't have the option of using an extension in my environment, though I'm working on that. So, I'm left with passing credentials.
The problem I have is as follows.
Chrome:
In Chrome I pass the credentials manually (as in I type it into the browser directly) as http://password:user#example.com/ and it opens the page, but does not populate the popup. If I try to manually pass it as http://example.com?username=usr&password=password, it populates the auth pop up but does not proceed.
If I try to automate with ruby using the following code all I get is unknown user name and password. I have confrimed that the usr and pwd are correct.
browser.goto("http://example.com?login=usr&password=password")
browser.goto("http://password:usr#example.com/")
IE
IE behaves a bit differently.
In IE I pass the credentials manually as http://password:user#example.com/ and it returns an error that it can't find the page. If I try to manually pass it as http://example.com?username=usr&password=password, it logs in correctly.
If I try to automate with ruby using the following code the first example throws an page can't be found error. The second example opens the page, but does not populate the popup. I have confirmed that the usr and pwd are correct.
browser.goto("http://example.com?login=usr&password=password")
browser.goto("http://password:usr#example.com/")
What am I doing wrong?
My environment is Windows 7 Pro, IE 11 and Chrome 60.
Found an article that indicates MS removed auth in URL. So it makes sense that pwd:usr# doesn't work. Article ID: 834489
Ok, I have found the answer. After discussing it with my company's senior architect, there is no way to access an NTLM Windows authentication form by design. It's literally designed so that it can't be automated that way as a security measure.
The one workaround that he did suggest as a way to deal with the authentication issue is to use something like C# (our standard) and open the browser with the assumption that the user is already logged in. This will completely bypass the authorization pop up rendering the issue null. I'm unclear exactly how to do this, but I hope this provides a useful direction for others.
I am developing a MVC5 application for the DOE. We use windows authentication to login to our computers. I need help getting the users Name when logged in to be display "Welcome, Username"(across all pages) when they navigate to site. My problem is that when I navigate to the page it displays our ID which is what we use to login, i.e. i5456 and password. It would be much appreciated if someone would assist me and walk me through how to set this up.
I have already disabled Forms auth and enabled windows auth in VS 2013. I have tried using #User.Identity.Name in my SiteLayout, but like I said the ID is the only thing displayed. I'm not sure how to setup my model or view, or if I even have to. Is there a way to retrieve the Username so it can be displayed instead of the ID?
Try this #User.Identity.GetUserName() in your view
works for me
We run a multi-store/view magento site. Let's say our site is called www.domain.com (running the "retail" store) and another url trade.domain.com running the "trade" store
When a customer requests a password reset from trade.domain.com, they get a password reset link like this: http://trade.domain.com/customer/account/resetpassword/?id=12&token=84fb6f65548995191e526b815982bf23
Clicking this link re-directs to login page with the error Your password reset link has expired..
However, if you replace the "trade" from the domain with "www" like this: http://www.domain.com/customer/account/resetpassword/?id=12&token=84fb6f65548995191e526b815982bf23
The password reset appears to be working correctly.
Any idea why this is happening? Have I configured the magento incorrectly? Is this a known bug?
Customers are shared either per website, either across all websites, so at least, a customer account is usable on all of the store views that a website contains. Consequently, it is normal that the password reset link works for your store views.
In fact, if you would like to separate the customer accounts between your store views, you would have to create separate websites that would not share customers.
Is that subdomain password protected? That could be a problem or if subdomain is set up with a password protected extension, they won't be able to access example.com/customer/account/changeforgotten/ without already being logged in. So you'll have to allow them access to that url first otherwise it'll keep redirecting. I had the same problem.
Check the cookie domain for the website trade.domain.com. In Magento 1 it's in System->Configuration->Web->Session Cookie Management. (Making sure that you change the scope in the top left to the Website you want to update it for.
I have a store that has multiple websites, each with their own view and does not share accounts across websites, and had the same problem. Changing the cookie path fixed it for me.
We are having some trouble with a website we recently developed for a client of ours. He is a DJ. For his page, we added a tab that contains a calendar where he can post his events.
Using the admin login, I can successfully post events. However, the client (the DJ) cannot. When I tried using his login, I could not enter events either. Even stranger, I gave the client the admin login (which I used successfully) and he still couldn't post events! I even walked him through it, and he followed the same instructions, but no luck.
We can't figure this out. Here is the site in case it helps to review it.
Make the DJ's account a "super user" OR if you are using Joomla 2.5 or 3.0 you can change the permissions to give his user type access to the calendar.
Good luck!