I am newbie developer in mac development. What I need to do is create an authentication dialog when the user clicks the Print button in any application.
I need to store the username and password for 1 hour (to avoid authentication all the time) but this should be deleted when the user logs out from the machine.
What I am thinking is to use NSUserDefaults to store the data, and create a logout hook to delete this data. Is this the proper way of doing this?
Use Authorization Services. It sounds like your app fits the "Simple, Self-Restricted Application" model described in the guide.
When you create your authorization right, use the timeout attribute to set the length of time that the user's credentials will be cached.
Related
I have an App on Parse platform. What I need:
The User logs in on first device.
The User logs in on second device.
System revokes session on the first device.
I tried to remove objects from Session/Installation classes, but it did not help.
How can I do it?
Achieving this is not quite straightforward as there is no way to intercept login events or write cloud code triggers for Parse Session class. If you delete a client session record from the Session table, it should certainly revoke it and you end up getting authentication errors on that client. To achieve what you want, you need to write your own cloud function that logs a user in instead of using the SDK login function. That way you can first go through the Session table and revoke/delete any session associated with that user before logging in your user on the new device.
We are building a finance app and integration Yodlee in it and we have come to situation where we need user's loging.
Now we have two scenarion,
Ask user to login & use token for API call. But as userSessionToken expires after every 30 minutes, we need to open yodlee login screen.
We can register yodlee user when any user sign-up on our site and use his credential from back-end to get yodlee userSessionToken
Scenario 2 has data protecting issue. Is there any way where we can get new token with a single user login.
Please suggest me if there is any alternative way.
You should use second approach, as you don't want user to register twice.
Once user registers to your site you should internally call register3 API to register that user with Yodlee. There is no data protecting issue, unless you don't have required security standards in place.
I am building an ASP.NET MVC3 app using Forms Authentication and I'd like to log out all existing sessions for a user when that user logs in. I'm trying to prevent multiple people at different workstations from logging in and working under the same account.
Is there a standard way of handling this? Logging out the existing session is easy, but I haven't come across a way to check for other sessions by the same account and log them out.
I have a few ideas on how to hack this, but I'm curious if there's an established method for this using IIS or the FormsAuthentication API.
Because of the statelessness of the web, you can't "log out" a session until they make their next request (for instance, session might be maintained in a cookie, which can't be written on the client outside of the context of a request-response interaction).
There is still a solution, which assumes you are using session state, and preferably you have a common base controller for all of your controllers requiring "Authentication".
Upon successful login, generate a token (a guid perhaps) and store that with the session. Also write this to a application-wide store (database or application context for instance) keyed by the userid.
In the Base Controller (or otherwise you'd have to create an action filter) check the token in session against the token registered for the userid in the application-wide store. If they don't match, log out the user using the standard SignOut() call.
You could use the Membership.IsOnline property which is based on LastActivityDate:
A user is considered online if the
current date and time minus the
UserIsOnlineTimeWindow property value
is earlier than the LastActivityDate
for the user.
I just started looking into OAuth and it looks really nice. I have oauth with twitter working in ruby right now.
Now I'm wondering, what is the recommended safe way to store the responses in my local database and session?
What should I store?
Where should I store it?
This example twitter-oauth-with-rails app stores a user.id in the session, and the user table has the token and secret. But that seems like it'd be really easy to hack and get the secret by just passing in a slew of test user ids, no?
The tokens are useless without the consumer key/secret of your twitter app as they're not the same for every app but depend on the consumer key/secret.
To get a session variable you would have to guess the session id which is not that easy to accomplish.
If you want you can store those tokens in the session but I would suggest storing the user tokens in your database with all the other user data so your session contains only the data to identify the user in your system.
Update: I'm not sure if I understand correctly what you mean by accessing the tokens from the database by guessing an ID.
Do you have any authentication in place so that the users have to enter some credentials to access their data? You should store the tokens the same way you store the users email address or password and only authenticated users should be able to access it.
If you're developing a web application you can add a hidden field to the form the user submits, with some hash-like value calculated with the user.id so evil guys cannot change that value and just "guess" for an access token
I'm looking for a good way for my application to know if the person needs to login (again) or not.
So meaning, if a person first uses the app, he needs to login. These login credentials are being verified by a webservice I've build. And after he is succesfully signed in, the next time he uses the application he doens't need to login again.
I've been looking around, but haven't found a clear solution.
I have read a few possibilities to handles this:
Storing this in a local database
Using the 'Settings plugin' from James Montemagno
Using local storage
Using KeyChain (IOS), KeyStore (Android)
It is not my entention to store the login credentials, only to remember if he has signed in previously or not.
Thanks you
You can use the 'Settings plugin' from James Montemagno to store a Boolean value ( LoggedIn = true or false).
But you might want to add a but more logic to your app. If someone is logged in, they should have a token that they'll use to communicate with your server...this token should have an expiry date and you should also have a refresh token.