I'm working on a family sharing app, using a Syned Realm, where there will be 1 admin and other members created by the admin.
Admin will be able to set the roles & permissions of other members. Each member can have View/Edit/Add permission tied to them. The admin when signing-up for the app will send out invitations to the email-id's that he wants to invite and will set the necessary permissions for them.
I'd like to know if there is a way to completely handle this from the client side using Realm. From what I've read, the admin should know the User-ID's to be able to set the permission and the other members should know the Admin User-ID to access/edit the shared realm.
Initial thought was to create all the member users by the admin using SyncUser.logIn(). But that causes a problem as SyncUser.logIn() asynchronously log them in to the Realm Object Server which will cause the admin user to logout.
What would be the best approach to do this? Is there a way for the admin to create users without actually logging-in them?
Thanks a lot in advance.
Related
I am trying to understand how to create MVC5 website with Active Directory authentication. Also I want to manage users. So for this I created a simple project in VS2013 and selected "Windows Authentication". When I run the application I get authentication popup to enter AD username and password. After that it does says on top right "Hello AD/UserName!".
But I am not seeing logic where it actually calls for authentication. Also I want to save few AD users to database and allow only them to login to website. How can I do this? Also how will my other web pages know whether user is already authenticated. Thank You.
One Approach-
Instead of selecting 'Windows Authentication', you choose 'Anonymous' (doesn't remember exact word here)
Implement logic to Authenticate user against Active Directory. Once user is Authenticate, store that user object into 'User' property of Current Context. So that you can access it and authorised user in subsequent request.
As you are aware, AD can only authenticate user against it. Providing access to few of them is authorisation part which we need to handle as part of our application. Since you want to enable access to website for few people of AD, what you can do is add those users in your application's database and allow authorisation to those only.
I'm building an iOS app with a Rails backend. The user can log into the iOS app with Facebook.
What is the best way to associate this with a User record on the backend?
My thinking is to get the Facebook UID, check if a record exists with that ID in the Users table and if not create an account by storing the UID and Facebook email. Is this the correct way this should be done?
I haven't written a system like this before so I want to make sure I'm not going about it completely the wrong way.
Thanks
it looks like you might want to check out parse.com as a backend service
But either way what you suggested is pretty much how they are implementing it and they were acquired by Facebook so I believe they do it right:
add a column called 'fuid' to store the Facebook ID and check if such an entry exists before adding a new user entry to the User table
I think this railscast will be a good way to start from. For the database of app you can create an authentication table where you can store the type of authentication(in case you change your mind and want to sign up users from twitter or somewhere else), uid and the access token. You will also need a users table where you can store all the information related to a user. Not to forget a user will have many authentications or one authentication depending on your need.
As for the flow of app you can go two ways:
a. You get the users approval from the facebook, store access token, uid and get users email, first name or whatever information you need and then store it all in the back end and then sign up him/her.
b. Get the approval from user, store uid and access token and then render a form which will be filled with the user's information like first name,last name etc. User will create a password for your app and then you can sign up him/her.
My app is built with Devise and sometimes some users report a problem, so I would like to be able so log in with their accounts and see the dashboard (the website in general) as they do (as a regular member).
How to do that with Devise? Is there any feature for this?
Use a field role to define user access. In case of other users just assign as guest. Make a admin role for your user entry. Now instead to logging into others account, create a custom option in dashboard which can be accessed only by admin, provide a option to change users which helps in viewing different dashboards depending on users.
I've been looking into OAuth for a while, but haven't implemented it in any of my applications yet. I'm having trouble really understanding the full concept, so I still have a few questions that I haven't found an answer to, so I hope that anyone can help me.
I want a user to be able to start my application (WP8), login to facebook / twitter / microsoft / ... .
When he gets authenticated, I want to actually save this user to my own DB so I can add some user specific stuff like preferences, posts, ... .
What do I need to save in my own DB to specify a user?
Do I need to save the token itself or is this something that will be invalidated after a while? Or do I need to specify the user's name? With other words: What can I use as a unique identifier?
And what happens when a user would authenticate with for example facebook and he deletes his account?
And one more question, would you ever allow a user to connect to an application with 2 different service providers? If so, how would you make the coupling of these 2 providers to 1 user in your own DB?
I hope my questions are clear enough!
If not, don't hesitate to ask for more information!
Kind regards,
Gert
I assume that you have your own back-end where you authenticate your own users and your WP8 application is just a client.
First, let me distinguish between a user credential and a user profile. User credential is something that validates who the user is, e.g. username/password, facebook user id supplied with a valid auth token. User profile, is what you store in your own database about the user.
You also need to distinguish between a token you use to authenticate the user and the AccessToken Facebook needs to grant you access to user's data.
So... to answer your questions:
What do I need to save in my own DB to specify a user?
Create a record with user data (like preferences, and your unique user ID), and user's login method (e.g. Facebook) and credential (e.g. Facebook's user ID). This is your user's profile.
Do I need to save the token itself or is this something that will be invalidated after a while?
You can also store the Facebook AccessToken here if you've been granted "offline access" privileges by Facebook, but that is used for Facebook's access by you... not by the user's access to your app/back-end. For user's access you could just use a mechanism similar to cookie-based authentication - it's up to you. You could use the AccessToken as a kind of a "cookie", but you would need to always check against Facebook that it's valid.
With other words: What can I use as a unique identifier?
You could treat Facebook's ID as unique (so long as you never allow another account in your user profile DB to link with the same Facebook account)
And what happens when a user would authenticate with for example facebook and he deletes his account?
It's a good idea to have users still create a username/password combination that works with you site and only rely on Facebook login for convenience. In any case, Facebook provides a "Deauthorize Callback URL" when you create an app profile on Facebook. This is called when a user deactivates your app or deletes an account with Facebook. When you receive this call, you could send your user an email when an auth link to setup a different credential so as to not lose access.
would you ever allow a user to connect to an application with 2 different service providers? If so, how would you make the coupling of these 2 providers to 1 user in your own DB?
Sure, you could do that. Say you'd want to allow a Twitter account as well. You'd need to add a Twitter user ID field to your user profile database.
Here's another tip: create an ASP.NET MVC4 project in Visual Studio - the template includes an example of how to set up a user profile database with OAuth login.
Hope it gives you the high-level overview to investigate further.
What would be the best approach in the following situation:
Main application that handles authentication of users (preferably Devise).
Several different applications that can access user database for single logon.
Synchronisation of user data (Preferences, profile data)
Scenario example:
User registers for application A
User can access application B with same credentials (But has to explicitly confirm a new agreement before it can also use application B)
First of all, all the apps need to have access to the users database, so the users only need to register once. You can have an attribute or relation to check if the user has confirmed agreements for different apps.
For making all the apps accesible with only one login, you can use the same session store for all the apps.
For example you can use memcached for the session store and use the same session store key in all the apps. If the user makes login in one app, when he goes to another app without closing the session, this app can check that the session has been created and the user can enter in the new app whithout login in.
With this solution you need to be careful with the session data, so the data of one app doesn't overlap the data of other app.