How to write logging into SharePoint event to the external system? - events

I need to write events to the external database when users logging into SharePoint - username and datetime nothing else.
I use Claims authentication(Windows and forms) and standard login page.
I need to retrieve IIS logs or is there any easier way?
Thanks in advance, Chris

I would create my own login page. There is a good article here that describes how to do this. Include a method in your custom page to override the submit event for the page. You will have to handle the authentication logic, but once the user is authenticated, you can call your external system to log the information.
Note that the custom login page is defined for the entire web application. Any other site collections on this web application will get this same login when authenticating.

Related

Get laravel current user on external php website

I have created an application with Laravel 7 that contains users that can log in.
In parallel, I create a showcase site for the application (another domain) and essentially html/css.
I would like on this showcase site to propose login and registration buttons if there is no user connected to the laravel.Otherwise I would just like to propose a "Dashboard" button if a user is connected to the Laravel application.
How to do that? I confess that I'm a bit lost. Thanks for your help.
You need to create an API on the laravel app which will be used by the "showcase site".
To login and authorize themselves you can use JWT
to keep user data and use it on the showcase site you can either save them in
localstorage (just be careful not to save any sensitive data there as people can take that information in case of XSS vulnerable)
indexdb
cookies
None of these methods are safe. They can be exploited using XSS so i advice on using JWT to secure sensitive data.

How to prevent access to ASMX web service

I have a web service that is being invoked by an ajax call in the JavaScript of my page, but when users view the source, they can see the path to the ASMX file, which they can type into the address bar. I want users to be restricted in viewing and/or accessing the methods of this web service. I want only the JavaScript file to be able to use those methods. Is this possible? These users are not behind any log in.
Thanks in advance!
You can't.
You shouldn't be worried about users knowing your webservices URL, but you should protect what you return with a logged in key or something provided by your website.
The rule is: you don't want people to do something? Check that before on the server side and then return "you are not authorized" or another access error. Even if you try to do a very good job in your JS, it is very easy to monitor what you are accessing with the browser debug features: press F12.

Custom Joomla authorization

The situation is quite complicated and why do I need it - do not ask - boss want!
So, immediately after the default authorization i need to run the custom module, which will have an additional test for authorization in another database and depending on its result i need to decide authorize user or not.
Are there any suggestions except for source corrections?
If you are using Joomla's built-in 'Login Menu', you can set 'Login Redirect' parameter to another page and if you are using Joomla's native login module, you can set redirect parameter to any page of your site that you want.
In your case I would recommend to create a simple component (not a module) that authorizes your user for second time, and redirects them again to any other page that you want (if second login was successful) or kick the user (if second login was unsuccessful). If you do that, you'll be able to create a menu for your component and redirect your login panel (either it's a menu or a simple login module) to your component's menu.
Creating components for Joomla is not a big deal if you have a little of knowledge in php programming and there are some tools that may speed up creating your component, like this one: http://www.notwebdesign.com/joomla-component-creator/
Why not make an authentication plugin and use that rather than the core joomla one?
This is for 1.5 but the principles are the same now.
http://docs.joomla.org/Creating_an_Authentication_Plugin_for_Joomla_1.5
Are the Joomla login credentials for a user the same as the other system that you are using? If so, then you can create a plugin that passes those credentials to your other system on a successful Joomla login event.
If not, then it gets a little tricky. Either your users will have to provide both sets of credentials, once for Joomla that then redirects to your other system for the second login, or you will have to extend your user accounts so you can associate the second set of credentials to a user. You can then use a plugin to pass the related credentials to your secondary system after a successful Joomla login event.

GAE - how to create a private url that is only used by the application?

Using GAE with Python for this project.
I am creating a page with a chart of statistics that updates(refreshes) itself (every 10 sec) using AJAX. It is my first time using AJAX.
What I am thinking is, that I should create a private page that will give the needed information for the statistics chart. Then I simply get the info using AJAX.
Is that the way to go about it? If so how do I make a private page in GAE, I don't want users to be able to go to that page.. Thanks
What are the security concerns for a production quality application?
AJAX is simply Javascript sending HTTP requests. From a server point of view, there is no way to differentiate between user requests and Javascript requests. So there is no such thing as "private page".
You can simply require a login for your private page and your AJAX handler and set the login level to admin. You may require a login for one or more Urls.
Edit
Set login: required, which will require users to login via their Google Accounts, but still all users with Google Accounts will be able to access it. Then in the AJAX handler check if the user is one of the users that you have given access to: https://developers.google.com/appengine/docs/python/users/

DotNetNuke: load data in session at login time

I'm using DNN 5. When a user logs in, I want to load some data into the session. Where should I add my code? Should I intervene into the login.aspx's code behind?
The solutions seems to be writing a custom authentication provider.
One option would be to set the page the users sees upon login and add a custom module to that page. That would get you out of writing an authentication provider.

Resources