Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 days ago.
Improve this question
I`m developing .NET Web API pet application, that uses JWT authentication.
It has private rooms(lets say lobbies), so users don't have access to the list of them.
The idea is to create invitation link like https://mycoolapp.com/Room/sd1Fds/join=token,
so unauthorized user can click it and join room after he logs in.
The idea comes from discord invitation link
Like here
I want it to have expiration time, so user can choose between 3,5,7 hours for example.
Discord implementation
The question is, how should I implement it, Im currently looking at SecurityToken` class, is that right approach?
yes, the SecurityToken is a good point to start
you can create a room and generate a unique id (GUID) for that. then create a JWT token and include the generated unique id as a claim into it. then generate the invitation link including the JWT token and send it to guest
after the guest clicks on the link, redirect to the login page and then redirect to the API with the JWT token included in the query string. in the endpoint that handles the invitation link, check if everything is ok and the id exists as a claim, and the expiration time is ok, grant the user access to the private room
Personally I would go with KISS principle and just generated some random unique id (Guid.NewGuid can be sufficient) and stored it in the database with additional information (like expiration date, invited person ids, etc.) and on join attempt validated that link against the stored data (link has not expired, person attempting to join is in the list, etc.).
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 months ago.
Improve this question
You have been approached by ABC bank to develop an application that will help in managing their customers. The bank has two different types of accounts that a customer can open:
a. Check Account, a customer with a checking account typically receives interest, maintains a minimum balance, and pays service charges if the balance falls below the minimum balance. The following operations on this account are also required: set interest rate, retrieve interest rate, set minimum balance, retrieve minimum balance, set service charges, retrieve service charges, post interest, verify if the balance is less than the minimum balance, write a check, withdraw/deposit.
b. Savings Account, a customer with a savings account typically receives interest, makes deposits, and withdraws money. The following operations on this account are also required: set interest rate, retrieve interest rate, post interest, withdraw/deposit
c. The two accounts have the following things in common, they store the account number and the balance they also provide the following common operations: set the account number, retrieve the account number, retrieve the balance, deposit and withdraw money, and print account information.
d. Every account has an account holder who should have at least one account. Use your own discretion on the information you might want to include here.
Develop an application for above scenario. Use Windows Form to develop the application. Marks will be allocated for the correct use of encapsulation, inheritance and polymorphism etc. Proper naming standards must be adhered to. You are also required to submit a small test document as part of your submission where you test the functionality of the application using a list of data objects. Test at least three 3 parts of your functionality e.g., adding an account holder and creating an account for them or making a deposit or checking balance e.tc. do screen shots and include them in a word document (These details should be as detailed as possible and step by step.). Make sure to make your application as user friendly as possible i.e., the user should not be left to assume how they are supposed to operate.
Instead of posting your homework/assignment/project, please instead refine your question to be about topics you do not understand or have issues with and then post the relevant information in a new question
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I build Xamarin.Forms App using this tutorial:
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-xamarin-forms-get-started
and I choose .NET back end.
I implement push notification for android and ios using this:
https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-xamarin-forms-get-started-push
and also implement authentication using this: https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-xamarin-forms-get-started-users
while choosing Facebook as my authentication provider.
My app is running and working great! but now I trying to add push notification to a specific user and I have few questions:
Is it possible to use the Facebook sid as the unique id and decide that if I want to send push to a specific user, I will do this using the Facebook sid?
I read that when the user does the authentication through Facebook, his Facebook sid is register automatically has a unique id and I can send to this Facebook id as a TAG and it will arrived to the specific user.
In this line of code: var result = await hub.SendTemplateNotificationAsync(templateParams);
that is located in my .NET back end code in the " public async Task PostTodoItem(TodoItem item) " method, I tried to add a TAG after the "templateParams" , I tried to enter the Facebook sid or the Installation id, is this correct?
If I want to send to a specific user, is that the place that I need to add his "TAG"?
Am I going the right way? can I choose the TAG to be the unique id and when I want to send push to a specific user, I will send to his TAG?
I Wanted to know how the user is register to a specific TAG? if the approach from the second question is correct.
*If you have a written code or different approach, I would really like to hear, I trying to implement the push to specific user for about 2 weeks and still did not succeed.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
In the default asp.net application, I want to access the data of other users. In my database table ASPNETUSERS I have columns such as Id, Email, Password, Gender etc. Now I want to be able to search for a particular Id and get that user's entire details like his/her Email, Password, Gender etc. So how do I do that?
Do I use raw SQL? If so how? (someone on SO mentioned this as a bad idea)
Do I use models or something else? if so how?
This is my ASPNETUSERS Table info. And this is my action in a controller. I want to be able to get an user called "stackoverflow#gmail.com" and send all his details(whatever are there in my table) to the view.
private ApplicationDbContext db = new ApplicationDbContext();
public ActionResult Index(string id = "")
{
//db.someCommand or something to let me get stuff about
//stackoverflow#gmail.com. Could it be db.Database.ExecuteSqlCommand ?
return View("Send All details about my stackoverflow user");
}
Edit: This is what I tried before. I tried to use raw sql and convert it to a string(for testing) and write it to a file on desktop. That way I thought I would at least know that the data in my database is getting passed back to me correctly before I pass it to my view.
This was my line of code that I added just before my action returned.
System.IO.File.WriteAllText(#"C:\Users\Admin\Desktop\log.txt", db.Database.ExecuteSqlCommand("select * from dbo.AspNetUsers").ToString());
I did not get any errors doing so, but I expected my data from the image above to be posted into my file called log.txt on desktop. But I opened log.txt file only to find that "-1" was posted in there.
If you want to get the users from your database, use linq with your ApplicationDBContext object
ApplicationDbContext db = new ApplicationDbContext();
//Manipulate the Where clause to get the conditions you want
IEnumerable<ApplicationUser> users = db.Users.Where(x => x.Email == "stack#overflow.com");
This works with the out of the box ASP.NET individual authentication model (which looks like what you have)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
In my .NET web application I need to implement time based Logins for students,The system should allow students to login only between 9 AM and 5 PM. somebody please suggest me how to implement this, which is better implementing using SQL time functions or using .net time methods?
If simply compare using normal time functions will it create when I host the application on a remote server(out side My country)?
Assuming that there are some users who are not students: (1) authenticate the user, (2) check the user's roles and if they are a student and attempting a login at naughty time then logout the user and display an appropriate message.
Using a single source for time in an application can reduce complications. I often use the database server as the source of time so that all timestamped data generated by the application can be correlated properly. UTC can be your friend in this case.
You can handle loggingIn event of login control and check if DateTime.Now lays between 9AM and 5PM
void OnLoggingIn(object sender, System.Web.UI.WebControls.LoginCancelEventArgs e)
{
DateTime loginTime=DateTime.Now;
if (loginTime.Hour >= 9 && loginTime.Hour <= 17)
//log in your user
else
//show error message about time
}
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Say, we are not using forms authentication or membership. When a user requests for any of the pages of the application, she needs to be redirected to login page.
This way, each page needs to have an authentication check on the Page_Load(). But what if we have over 500 pages.
Any chance to use sth like static classes with static properties or creating your own http handlers?
This is too broad of a question with a few aspects, including :
How to manage a User's Session
How to manage multiple user accounts being logged in
How to perform the login process
Managing a user's state must be independent of anyone else's actions. Therefor, you cannot rely on static properties. This presents the question of "Well, how do I keep track of it without it being static?" One of the answers is to use Session information. For example, during an Ajax request to the server you could do this :
if (HttpContext.Current.Session["LoggedIn"] != null)
{
object oValue = HttpContext.Current.Session["LoggedIn"];
bool bResult;
if (bool.TryParse((string)oValue, out bResult) == true)
return bResult
return false;
}
else
return false;
This solves the first two issues and opens a door to creating a hanlder class that knows YOUR specific session keys and patterns for getting different kinds of values.
As for the third issue you will face - No one can give you a concrete answer. Your design and data structure will determine how you validate and track your users.