We have a asp.net MVC site. We want our users can log in to MediaWiki by their user name and password without sign up for MediaWiki. How can we do that?
This is exactly what we want:
our users go to the Media Wiki login form (they have no account in Media Wiki).
they fill the username and password input by their username and password(the username and password which they use to login to our website).
the username and password have to be sent to our website API link:
ourSiteDomain.com/Api/GetPersonRow?UserName=$userName&Password=$password
The $username and $password are filled in step 2.
Our API returns a JSON response with user info without password.
if the user is really our user and API response returns true, the user can log in to Media Wiki.
These steps are what we want.
I don't know how to do these steps.
You'd have to write a PrimaryAuthenticationProvider. XenForoAuth and IPBAuthLogin are some examples.
Related
I'm using microk8s with kubeflow on ubuntu 20.4. When I deploy kubeflow for the first time using the cmd "microk8s enable kubeflow", it gives a user id and password, and dashboard URL. but when I go to the URL, it shows a login page with email and password fields. so how can I get the "user-id" field here instead of email? I also have tried default "admin#kubeflow.org:123456", also not working.
user id is equal to the email filed here. so just paste your user id in the email filed.
I need to implement the equivalent of One Time password, meaning that I need the flow:
User enter contact address (phone number, email ....)
The server generates a short password, send it to the user through mail/sms/pidgin
User read the message, and copy past the code in the app.
Server authorize credential and approve login (create a session/return token to the user)
I do not want to the user to type/update/reset any other password, once the one time password has been entered, he is logged in.
I am looking at OTP for this, but all I can find for OTP is to be used as MFA in combination of the user actual password.
Is there a name for such login flow? Any literature about it?
Thank you
Such a flow is usually called a "magic link".
https://auth0.com/docs/connections/passwordless/guides/email-magic-link
https://docs.magic.link/welcome
I Want to Create an app for iOS Device which have only admin login and user register with names and email-id do not need their password but user does not need to login here.Only the admin can login and can view the user information only.
MY Question is:"For admin login page (UserName and Password)have match from the web Server which is using same as their Website username and password"?
am beginner
Thanks in advance
If you want to use the same web server you could have a separate route for login through the app say : '/login/admin'. This route has to be on the same web service which the web site uses.
You can then use the same validation that is used for the website but now you would also need to check that along with a valid username and password the user type has to be admin or any other flag that you system uses to distinguish users from admins.
We are using OAuth in our apps to login to repositories such as Google Drive, OneDrive and Box.
We allow the option for the customer to create a default user, so we use login_hint parameter to pre-populate the default user. Since the box with pre-populated username is editable, if the customer decides to modify the username, and tries to login with a different username the page is reloaded with the default username again, instead of logging in. On the second attempt the user is able to login with the new username.
Is this a known behavior? I would expect the user to be able to login the first time. This also works inconsistent, sometimes user is able to login with modified username from the first attempt.
Users can register an account on my site via the default authentication method that requires a username, email and password.
To allow users to login via facebook, I am using the facebook gem with Omniauth gem.
Existing guides shows me how to authenticate the users up to the point where they can confirm their details ("is your first and last name correct?") before successfully tying the uid and provider to the user record.
However, it does not check if the email is the same.
Does anyone know how to check if the email is the same and if it is, request the user to provide their password to the account already registered on my site either on the same screen for confirming user details or a new screen with just a password field and a message indicating that he needs to confirm he owns an account on my site with the same email facebook provides.
Should this be done on the model or controller layer? How would you go about doing this?