Am developing a Windows Store 8.1 app using C# and xaml.
In the app, Initially user will log in into the app using Azure Active directory single sign on log in(With Internet connection)
But how to authenticate the user in Azure Active Directory when the user is not connected to the internet?
I want my app to work in offline mode too..
How can i achieve this?
When you 'log in', there should be an artifact produced. In the case of OpenIdConnect there is an id_token, OAuth produces an AccessToken. If those are captured and stored securely, then there will be evidence that the user did authenticate to AAD at one time. The artifacts of that 'log in' have expiration times.
Backing up, when a user logs in, how is that identity used? Do you managed protected resources yourself OR do you reach out for them?
you can use SQL lite and save the user's details in it by encrypting it..
The next time when he logs into the app you can simple validate his credentials against his details from the DB like you would do in any website/webapp.
Side note : We have a service which runs in the background every 4 hours to check if the user's credentials have changed, if its changed fetches the new credentials and updates it in the local sql lite db
Related
Is there a setting necessary to be enabled for APIM to forward remote debugging calls to its associated app service? When I portqry, the port is reported as Filtered, not Listening.
There is a workaround to the problem. First, download the latest publishing profile for the app service and open it. With the project loaded, select Debug > Attach to Process. Use the destinationAppUrl in the profile for the Connection target. Append the url with ":4024" and tap "Enter". That will start the connecting to the cloud debugger for the app service. A login dialog should appear. Use the
first userName and userPWD values to fill the dialog. When entering the userName, prefix it with a backslash so your local domain is not applied. Select the Attach button.
From my experience to date, multiple attempts may be necessary. When that fails, try disabling Debugging in the app service and re-enabling with saves in between. Also restarting the app service might assist.
I created a Compute Engine VM using the ASP.NET Cloud Launcher, and now I want to deploy to it from Visual Studio.
I've created a publish settings file using the Visual Studio extension then tried to deploy using the regular Visual Studio "Publish" command. The settings didn't contain a user name and password, so I used my Gmail/Google credentials - this is a Compute Engine instance that my account has access to, after all:
This failed with the following error:
Web deployment task failed. (Connected to the remote computer
("(redacted)") using the Web Management Service, but could not
authorize. Make sure that you are using the correct user name and
password, that the site you are connecting to exists, and that the
credentials represent a user who has permissions to access the site.
Learn more at:
http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
If that's not the user name and password to use, what is?
The Compute Engine instance doesn't know about your Google user at all - it only knows about regular Windows accounts, and you don't have a Windows account on it. So, you need to create a Windows account on the instance, and then put that into the publish settings.
In the Google Cloud Explorer, select the instance and choose "Create or Reset Password":
You can then choose whatever username you like - I'd suggest "aspnet" for simplicity, for example. Note that this username is a normal Windows account on the machine - it's not specific to your Google user. If you're sharing this machine with others for development, you should agree on a set of account names, either securely sharing credentials for a single account, or creating a separate account per developer. You don't want to reset the password for an account a colleague is using!
This account can also be used to open a Terminal Server session with the Compute Engine instance.
Wait until the user has been created with a password, then copy the password:
You can now put that into your Publish Settings and let Visual Studio save the password - and keep a copy in a separate secure location, should you wish, of course.
Been trying to get SSRS reporting service set up for a while now, and been stuck on the issue with UAC.
After setting up the Reporting Service Configuration Manager settings, with service account using my PC's login account, Database using ReportServer$SQLEXPRESS, etc. when launching the server # 127.0.0.1/Reports it directs me to 127.0.0.1/Reports/Pages/Folder.aspx and then after login with my PC's login this is what I get on my browser -
"User 'OCTETHP\Support' does not have required permissions. Verify that sufficient permissions have been granted and Windows User Account Control (UAC) restrictions have been addressed."
And I have done my researches online, I turned off UAC, I am on the administrator account, and I also tried to run the browser with right click to run as administrator option on both chrome and IE. Still does not solve this problem. Could anyone help me out with this??
I am currently running on windows 8.1. Thanks so much!
It is likely the problem is with the account the reporting server is running under (OCTETHP\Support). You may need to add this user to the web user group (IIS_WPG depending on your OS version). If that doesn't work, you can set the user to be a local administrator and work the permissions back from there.
If you want to run the reporting services from another account you'd want to follow these steps:
Open IIS Manager
Under websites locate the SSRS website (/Reports in your case)
In basic properties check the App Pool the site is running under
Go to the App Pools section of IIS and open the advanced properties
Setup the user that the App Pool runs under
You'll need to make sure the user is assigned to the web user group, and has permissions to access the folder that the website points to.
We have a app which works offline as the data is stored locally using local storage and HTML5 offline capabilities.
We want a way to authenticate the user when the user tries to launch the app offline (from a security purpose if ipad gets stolen).
We already have the authentication mechanism when the user tries to access the app while online
Crudely, you can use the person's password as the local storage database name. No password, no database access.
One solution is to save the last successful online login into some local storage. Now when user is in offline-mode then compare with the value stored in Local Storage.
Following is the sample snippet for Local Storage in HTML 5 :
if (window.localStorage.getItem('value')) {
dummy = window.localStorage.getItem('value');
}
Hope this might solve the problem.
I have IIS7.5 with two websites, and I have an Access database on a server on our network.
The first website has anonymous auth on, using a specific network account (lets say 'jim.smith').
The second website has windows auth on.
I've written some ASP to use a DSN-Less connection to the Access database, and I'm using the same code in both websites.
When logged on to a computer with the same network account as is in use with the first website anonymous setting ('jim.smith') - when viewing in a browser, the first website has access to the database, the second website does not.
The error message is: 80004005 The Microsoft Jet database engine cannot open the file '...'. It is already opened exclusively by another user, or you need permission to view its data.
It is definitely not opened by another user.
So the first website is being accessed by network user 'jim.smith' via the anonymous setting.
The second website is being accessed by network user 'jim.smith' via windows auth.
Why would access to the database work from website one, and not website two..?
Does anyone know how to make windows auth work the same as the anonymous setting so I have access to the database from website two..?
Cheers!
Steve
Edit: Everyone has full rights to the folder where the database sits.
Seems to me that you need to enable impersonation so that the incoming user is used to acces the database. Otherwise the user of the application pool is used and this usually doesn't even have right on the server itself ( Application Pool Identity)
When using 'Integrated Pipeline' on IIS on the server, and if your application does not rely on impersonating the requesting user in the 'BeginRequest' and 'AuthenticateRequest' stages (the only stages where impersonation is not possible in Integrated mode), but still requires Impersonation in other areas of the application, ignore this error (500 - Internal Server Error) by adding the following to your application’s web.config
<system.webServer>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
See:
http://allen-conway-dotnet.blogspot.com/2010/11/how-to-use-impersonation-in-aspnet.html