I know how to setup a route to a url like http://siteurl.com/mycustomaccount/dashboard, but I would like to customize the "url" portion with a custom virtual server path such as http://mycustomaccount.siteurl.com/dashboard.
I want users signing up to have their account "mycustomaccount" setup so that I can intercept the request and provide the appropriate account information. This is not very important to me or the users, but is a nice to have feature.
How do I setup my route map and can I setup the account without a physical folder on the server?
Check out this blog post about the same thing. The author (Maarten Balliauw) also provides the code in a zip file at the end of the article.
http://blog.maartenballiauw.be/post/2009/05/20/ASPNET-MVC-Domain-Routing.aspx
Related
Can we mask the X-Goog-Credential in signed url that we create for a end user , so that they dont get to see the projectid and gcp account details.
curl --location --request GET 'https://host/images/f2b0ce52-a485-43bf-b1e9-413e04cf7ef5.jpeg?X-Goog-Algorithm=GOOG4-RSA-SHA256&X-Goog-Credential=account#project.iam.gserviceaccount.com%2F20221019%2Fauto%2Fstorage%2Fgoog4_request&X-Goog-Date=20221019T114634Z&X-Goog-Expires=600&X-Goog-SignedHeaders=host&X-Goog-Signature=2f263e1db1eb48f00c554ef577a89ee1069a8e306c23b5ffdaa6dd31194d210338cc65794aa23602b34b6e5df27c3fb2fee001be0f8c0516d119d2777023c26e77e77f89baf738c0627a4611863bf032694bfca366a958ee458939cfc836e98e9ce9b1bca7f0e02405bd7dc51536adf63654f410a5a651e2e35c578aa95e906f7b139eeb5f5df6b0ac70d4b670832964ef9e27a34cbb5fc8a41e3d766c5431233076eccb79ee099c74f83997dc334d8e90cf813f74b54657ce264dc4553c675c9c9d0a67b3b5774fcb86283ce1b19230a1c4e4f8dfd8e6e11f1244056e90ffc3d64eb8bb3c97f8e55252ad7a90c326b473d0910f2bf9cc487430ab69465e8aff'
As mentioned in the Answer :
It's not possible, if you want the client to directly access that data. You could obfuscate it by using a URL shortener, but all that would do is hide it from view temporarily.
Once you choose to allow clients to access your project directly, your project id is no longer private information. That ID is absolutely required in order to identify resources within your project (and not just Cloud Storage).
If you don't want anyone to see the name of your project, you will either:
Disallow all direct client access
Route all requests through some middleware service identified by another DNS name that hides all the implementation details of the interaction with Google Cloud products.
For more information related to revoking and routing requests you can refer to the doc_revoking and doc_routing.
I have a Ember 2 application (ember-cli) that uses a Rails API as the back end. For this application, I have enabled Wildcard DNS with my DNS Provider (Cloudflare). When a user signs up with my website, I want them to be able to use their subdomain to access their public home page.
For example:
A user named Steve signs up for my site located at awesome.com. So Steve browses to steve.awesome.com, which internally would translate to awesome.com/users/steve. How do I setup my Ember routes such that it can route based off of the subdomain?
I have come to a solution, but it isn't exactly what I was initially looking for. I realized there really isn't a reason why the URL has to be awesome.com/users/steve, and instead have decided that their subdomain (or custom domain) will act as their identifier. So let's say Steve browses to steve.awesome.com, I will figure out the host via window.location.hostname, and use that as a lookup key to pass to my Rails API and retrieve user data.
Not exactly the solution I originally was seeking, but it solves my issue!
I am trying to implement XPagesSBT on localhost.
I have followed this article http://heidloff.net/home.nsf/dx/12152011034545AMNHECAP.htm and the SBT document by Niklas and was trying to implement dropbox oAuth.
I have also placed http://localhost/XPagesSBT.nsf/ and http://localhost/WebSecurityStore.nsf in root folder
but still i get this error
Error while executing JavaScript action expression
Script interpreter error, line=1, col=26: Error calling method 'isAuthenticated()' on java class 'com.ibm.xsp.extlib.sbt.services.client.endpoints.DropboxEndpoint'
No application is registered with id XPagesSBT and provider Dropbox
if(!#Endpoint("dropbox").isAuthenticated()) {#Endpoint("dropbox").authenticate(true);}
do i need to make any other configuration /setup to XPagesSBT db? or it wont work with Localhost?
I don't remember exactly anymore but reading my blog entry you linked it says you shouldn't use Anonymous:
"Additionally there are a couple of security related settings which are important to understand. First of all you need to assign access to the document with the application keys to the ID with which you signed the two NSFs. In the screenshot above I've entered both OpenNTF servers and my own user ID. When you use the web UI to do this these names are added to the document in an authors field and a readers field.
In the last step you need to configure the ACL of the security store. Anonymous must not have access to this database. All users who you want to be able to use the Social Enabler OAuth functionality need to have author access. This is so that their user keys can be stored in this database so that they only have to do the OAuth dance once. "
It should work on localhost. It looks like a configuration issue with SBT not being able to read the security tokens from the websecuritystore.nsf . Did you create the Dropbox Application Key with an admin id and sign the websecuritystore with the correct id?
Padraic
I'm trying to setup a "private beta" for a site that I'm working on. The site uses open id. I don't want anyone to even browse the pages if they aren't part of the beta. What's the best way to implement this? Any suggestions?
For example:
When the site goes live, users will go to http://www.mydomain.com which will not require them to log in.
For the beta I want to restrict access. Users that go to http://www.mydomain.com will be redirected to a login page. Anyone attempting to access ANY PART OF THE SITE who is not authenticated will be redirected back to the login page.
I could stick [Authorize] attributes all over my controller actions, but that seems stupid.
If you're using ASP.NET MVC, it comes with authentication/authorization out of the box. You should be able to use that to setup authentication on your site.
Alternatively you could setup app server settings - IIS lets you setup username/password on a specific site it's serving, regardless of what the actual application may do. If you have access to the app server this might be the best solution.
If you're using IIS6, you can setup authorization easily. Right-click on your site > Properties > Directory Security Tab > Authentication and Access Control > Edit, and enter a username/pwd of your choice. Done.
The real question is how are they being invited to the private beta?
You could setup a password which drops a cookie much like serverfault.com does.
OR
If you know who you are inviting: you could add them to the system before hand using the email/login information that you already know about them (assuming you are inviting them via email)
I have implemented a function in a web application a while ago where we go the possibility to block access to the full website unless the user was an administrator (which in our case meant that the user account was a member of a specific group in Active Directory).
It was based on two things. First, all pages in the web application inherited not directly from the Page class, but from a custom page class in our web application. Second, we had a value like this in the appSettings section of web.config file:
<add key="adminaccessonly" value="0" />
The custom page class would check that value when loading. If it was not 0 it would redirect to a page (that did not inherit the same custom page class, though) informing the user that "the site is not available right now". If the value was 0 the page would load as usual.
In that application we used this to be able to take the site "offline" when we deployed a new version, giving us some time to verify that all was good before we let in the users again.
Best way are invitation system (based on invitation code) or manually confirmation access after create profile in your system. imho
Or you could host the site on a private server, and set up a VPN to use it. Depending on your resources and needs this may be the easiest and most secure way to do what you want without modifying your codebase.
OR alternatively you could use Apache or IIS to force authentication on access to the website directory. Keeping the authentication info in .htaccess for a while.
Even though you use open id authentication, you may still need some form of authorization mechanism. The simplest form would be a user-roles system in your database that assigns different roles to users
In your case, just assign the private_beta role to your private beta invitees and ensure you your authorization mechanism that all users have private_beta privilege before they may continue.
If you don't want to provide authorization for the public site (where everyone can do everything, once authenticated), then, you may only need to do a quick-and-dirty post-processing (for private beta only) on your open_id authenticated users to check them off a short list (which you can store on a text file.
So the basic premise to this problem is that I have a single hosted webspace which came with two domain names. I am unsure how to configure routing in asp.net mvc so that the first thing I would check would be this host in the request object so that I can more user traffic to two separate parts of my website.
For example:
http://www.mywebsite1.com/products/14
http://www.mywebsite2.com/products/14
How do you route so that those two url's above end up returning two different pages based on the context of the host used in the request?
Thanks in advance!
You can also use some kind of URL rewriting in IIS7 or whatever you use, because it can access the domain name part too. For example you can create a rewrite method that injects the domain name into the url, like:
http//www.example1.org/Something/1 --> http//www.example1.org/example1/Something/1
http//www.example2.org/Something/1 --> http//www.example2.org/example2/Something/1
And because now the domain name is in the URL string, you can use the default routing engine to send this information to the controllers or do something else.
You need to implement a custom view engine that will look at the URL post controller execute and select the correct view.
Check this out for more info: Asp.Net Themes