In Umbraco 4.11 using the default member provider, is it possible to access the profile of a user who is not logged in?
I've added the custom profile properties to the web.config, added the same props on the MemberType in the back office and I'm creating the profile by doing this:
MembershipUser member = System.Web.Security.Membership.CreateUser(username, password, email);
var profile = System.Web.Profile.ProfileBase.Create(member.UserName);
profile["FirstName"] = "John";
profile.Save();
I can get the current logged in users profile by doing this:
var currentUser = umbraco.cms.businesslogic.member.Member.GetCurrentMember();
But how do I get the profile of a user who is not logged in?
eg. I tried:
var profile = System.Web.Profile.ProfileManager.FindProfilesByUserName(System.Web.Profile.ProfileAuthenticationOption.All, username);
But this results in a "Specified Method Not Supported" exception.
This will be used in an admin service which performs a periodic sync with an external provider so there will be no user context.
You use ProfileBase.Create() again. Don't worry, it doesn't actually "create" the profile again.
var profile = ProfileBase.Create(username);
string firstName = profile["FirstName"];
For more information, refer to:
How to get another user's profile in ASP.NET MVC?
Membership providers
Related
I have a Grails 2.5.3 app that currently uses spring security plugin for authentication. Users login using a username/pwd.
I have updated the app now to support OAuth authentication (Using ScribeJava). Users can click a link that redirects them to OAuth providers page and upon successfully entering the credentials they are redirected back to my application. However, I have not been able to tie this functionality with spring security plugin so that when the users are redirected back to my app (after successful login from OAuth), I can actually see that they are logged in and continue to use all my spring security goodies like <sec:ifLoggedIn>.
Does anyone know of a way to do this or have an example I can take a look at?
Here is how I authenticate a user using OAuth:
//called when user clicks "login using oauth"
def authenticate() {
OAuthService service = new ServiceBuilder()
.apiKey(grailsApplication.config.my.sso.clientid)
.apiSecret(grailsApplication.config.my.sso.clientsecret)
.build(MyApi.instance());
String url = service.getAuthorizationUrl();
return redirect(url: url)
}
//called when oauth provider redirects to my application
def authorization_code() {
def code = params.code
OAuthService service = new ServiceBuilder()
.apiKey(grailsApplication.config.my.sso.clientid)
.apiSecret(grailsApplication.config.my.sso.clientsecret)
.build(MyApi.instance());
println code
OAuth2AccessToken accessToken = service.getAccessToken(code);
String userProfileUrl = grailsApplication.config.my.sso.authdomain+"/userinfo"
final OAuthRequest request = new OAuthRequest(Verb.GET, userProfileUrl);
service.signRequest(accessToken, request);
final Response response = service.execute(request);
println(response.getCode());
println(response.getBody());
render (text: code)
}
Whenever you authenticate via OAuth, the remote server return you a unique id (some numeric value) each time.
You can use that id to verify the user in your end and authenticate the user using springsecurity.reauthenticate() method.
Steps to do that :
When user connect (authenticate first time) with service provider.
Service provider send you that unique id. Save that unique id in
user table.
And when user login via that service provider. Again service provider
sends that unique id. Check if that unique id exists in your system,
and if user exists with that unique id then use
springsecurity.reauthenticate(userInstance) method to authenticate the user. And now you can use spring security features.
check out link: http://www.jellyfishtechnologies.com/grails-2-2-0-integration-with-facebook-using-grails-oauth-plugin/
Assuming you got the user details from Oauth provider you just need to
set the security context of that particular user
Just get the user details by parsing the JSON like
def oauthResponse = JSON.parse(response?.getBody())
Map data = [
id : oauthResponse.id,
email : oauthResponse.email,
name : oauthResponse.name,
first_name : oauthResponse.given_name,
last_name : oauthResponse.family_name,
gender : oauthResponse.gender,
link : oauthResponse.link
]
Well in our case we used the email id as the user name.
So when we get the user data just check if user is already registered with system or not like below
//load the user details service bean
def userDetailsService
//check if user is already registered on our system
User user = User.findByEmail(data?.email)
if (user) {
//If user exists load his context
userDetails = userDetailsService.loadUserByUsername(data?.email)
} else {
//create the new user
//Assign the role to it
//load his context as below
userDetails = userDetailsService.loadUserByUsername(data?.email)
}
After user registered successfully we just need to load his context like below
def password
//setting spring security context
SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(userDetails, password == null ? userDetails.getPassword() : password, userDetails.getAuthorities()))
Once spring security context is loaded you can redirect user to your landing page.
Now oauth user will be access resources like the any other user with same role.
I need something like this:
if (Request.IsAuthenticated)
{
var user = await AccountManager.UserManager.FindByIdAsync(User.Identity.GetUserId());
if (user != null)
{
if (regular account)
{
// do this
}
if (external provider account)
{
// do that
}
}
}
I found this in the debugger but I don't know if that's the right one to use for checking?
user.Logins.FirstOrDefault().LoginProvider
Which returns "Google"
For those looking, in ASP.NET Core 3.1 you can ask the user manager if the user has a password:
var user = await UserManager.GetUserAsync(User).ConfigureAwait(false);
var hasPassword = await UserManager.HasPasswordAsync(user).ConfigureAwait(false);
So all users can have passwords and external logins just to be clear. After a new user comes back from google/facebook, they are prompted to create a local user (which associates a login). If you want to test for the case where the user only has a password and no other logins, you can just see if the user has any associated logins.
UserManager.GetUserLogins().Count == 0
Keep in mind, users can unlink their accounts, and also link accounts via the manage page, so they will not necessarily stay in the same bucket over time...
I need to check if a user (who is connected to a Project Collection) is a member of the administrators group of the Project Collection or not. Also, I need to do the same for a Project.
I need the most correct way of doing so.
Currently I am using the following method, but I'm not sure if it is the perfect way.
//Get the IdentityManagementService from the Project Collection
IIdentityManagementService LIdentityService = (IIdentityManagementService)ProjectCollection.GetService(typeof(IIdentityManagementService));
//Search for user identity by user name
TeamFoundationIdentity LUserIdentity = LIdentityService.ReadIdentity(IdentitySearchFactor.AccountName, {Username}, MembershipQuery.Expanded, ReadIdentityOptions.None);
//Get Guid of the same Project Collection to use as scope
String Id = ProjectCollection.InstanceId.ToString();
//Get the Administrators group for Project Collection scope *
TeamFoundationIdentity LAdminIdentity = LIdentityService.ReadIdentity(IdentitySearchFactor.AdministratorsGroup, Id, MembershipQuery.Expanded, ReadIdentityOptions.None);
IsAdmin = false;
//Traverse through the groups of the user and check if administrators group is also one of them
foreach (IdentityDescriptor member in LUserIdentity.MemberOf)
{
if (member.Identifier.Equals(LAdminIdentity.Descriptor.Identifier, StringComparison.CurrentCultureIgnoreCase))
IsAdmin = true;
}
This works fine on one setup but on another setup of Team Foundation Server it gives the following error while getting the administrators group.
"The Team Foundation Identity Scope {Guid of the project collection} does not exist."
I have web application that uses the Authorize attribute with roles specified to restrict access to some pages:
[Authorize(Roles = "AD_group1, AD_group2")]
The question is - is there any way I can get some kind of an Active Directory groupId for authorized user (no matter int or string)?
upd:
Basic idea is to store some table in database, containing templates which should be separate for every group. e.g. users in group1 can have some templates for fast answer to typical questions while group2 doesn't have any of them, or have some other templates
If you're on .NET 3.5 and up, you should check out the System.DirectoryServices.AccountManagement (S.DS.AM) namespace. Read all about it here:
Managing Directory Security Principals in the .NET Framework 3.5
MSDN docs on System.DirectoryServices.AccountManagement
Basically, you can define a domain context and easily find users and/or groups in AD:
// set up domain context
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain))
{
// find a user
UserPrincipal user = UserPrincipal.FindByIdentity(ctx, "SomeUserName");
// or if you want the currently logged in user - you can also use:
// UserPrincipal user = UserPrincipal.Current;
if(user != null)
{
// get all groups the user is a member of
foreach(GroupPrincipal group in user.GetAuthorizationGroups())
{
string distinguishedName = group.DistinguishedName;
Guid groupGuid = group.Guid;
}
}
}
The new S.DS.AM makes it really easy to play around with users and groups in AD!
Is there a way to search profiles in MOSS from the object model? I need to search for profiles that have a certain value set on their profile and then perform some action for them.
I need to write some c# code that can search the profiles database and return the matching profiles. Basically,
List of Profiles = Select Profiles From Profile Store Where Profile Property Value = SomeValue
I'm trying to avoid the following:
private IEnumerable<UserProfile> SearchProfiles(string value) {
ServerContext serverContext = ServerContext.GetContext(SPContext.Current.Site);
UserProfileManager profileManager = new UserProfileManager(serverContext);
foreach (UserProfile profile in profileManager) {
if ((string)profile["MyProp"].Value == value) {
yield return profile;
}
}
}
This is possible using the FullTextSqlQuery class:
FullTextSqlQuery q = new FullTextSqlQuery(ServerContext.Current);
q.ResultTypes = ResultType.RelevantResults;
q.QueryText = "SELECT UserName, Email, PreferredName FROM SCOPE() WHERE \"scope\" = 'People' AND Department = 'IT'";
ResultTableCollection tables = q.Execute();
ResultTable results = tables[ResultType.RelevantResults];
This class allows you to query a specific scope (i.e. people) and filter them based on properties using the WHERE clause, which looks basically the same as a regular Sql Query.
To be able to search and filter on (custom) user profile properties, the profile property needs to have a mapping in the Shared Service Provider's metadata settings. Most out of the box user profile properties already have these, custom properties you have to add yourself.
More info on managed properties here.
Two things:
when running with elevated privileges we need to create a new SPSite object within the call and load the security context from there. DO NOT use the context obtained using SPContext.Current.Site.
Hence:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite("<your site url>"))
{
ServerContext context = ServerContext.GetContext(site);
UserProfileManager profileManager = new
UserProfileManager(context);
foreach (UserProfile profile in profileManager)
{
// your code
}
}
}
make sure that the app pool account has appropriate user permissions in SSP. i.e. (use personal features, manage user profiles)