Easy question, not sure if there is a solution for this problem.
I made a simple browser with WebView2 in a WPF C# app (I made this to be able to use a shell app while I browse on the url where the webview is). It use the same useragent as edge-chromium and until some months ago I was able to log in to google like in a regular browser.
Now if I try to log in I get a "Not supported browser" error from google.
Of course nothing changed in my application, but google say that it will not support log in from a webview ("browser that: Are embedded in a different application"):
https://support.google.com/accounts/answer/7675428?hl=en-GB
I don't really know if there is any workaround for this. I know that I was logged yesterday (and I think that it was possible thanks to the cache or something like that) so if there is a workaround to log in I should be able to stay log in. I know they suggest to use the google API:
https://developers.google.com/identity/protocols/oauth2/native-app
And I already used that in a Unity3d game to log in to my google drive. But I'm not sure how to set my WebView2 to be logged in when I call that API (I know that I can use the response to make new API call and, for example, upload a file to my google drive, but I don't know how to set my webview to be logged and be able to go to google drive url and be logged in any google app).
My question is if you know how to solve this problem or if you got any idea on how to solve it. Or do you think that's not possible at all?
EDIT.
just find out this is a problem with any webview. like you can see here github.com/MicrosoftEdge/WebView2Feedback/issues/1647 it's a security bullshit of google that, instead of finding a solution, blocked every webview out ther from log in to their services (they could solve the man in the middle problem in many ways like asking for a password app, ask for a more limited webview sandbox window etc... they just blocked everything).
So there is not really any solution for this. Even by using Oauth API you can only log in and wait for the response but you cannot access google like in a regular browser with that, you can only make more API call... that's not what I need.
The only solution that I can think of is to just wait for microsoft or someone else to make a "sandbox environment" that will activate by default in a log in page of google (and that google will allow to log in), and will revert back to the regular webview once it is logged in.
Related
I am creating a console application in c#(visual studio).
but i don't know where to start.
1st i want to login(phantomjs or selenium)>>then go to a (specified)website URL and extract html?
i want to know how to save login information in my web request.
thank you.
Long story short, it's not easy to do that just with web request because each site has its own way of managing cookies and security.
It's easier if you use a web browser control to login first. From there, the browser can obtain a valid cookie and you can start crawl data from there.
I've done a similar thing with Chegg website. For details, you can check out my repository https://github.com/hungqcao/chegg-solutions-saver
In your case, it can get a little complicated since FB, Twitter may have 2-factor authentication or something similar to that but the idea stays the same.
Let me know if you need help.
I have a program that opens a web browser control and just displays a web page from our server. They can't navigate around or anything.
The users are not allowed to know the credentials required to login, so after some googling on how to log into a server I found this:
http://user_name:password#URL
This is 'hard coded' into the web browsers code. -It works fine.
HOWEVER: Some smart ass managed to grab the credentials by using WireShark which tracks all the packets sent from your machine.
Is there a way I can encrypt this so the users cannot find out?
I've tried other things like using POST but with the way the page was setup, it was proving extremely difficult to get working. -(Its an SSRS Report Manager webpage)
I forgot to include a link to this question: How to encrypt/decrypt the url in C#
^I cannot use this answer as I myself am not allowed to change any of the server setup!
Sorry if this is an awful question, I've tried searching around for the past few days but can't find anything that works.
Perhaps you could work around your issue with a layer of indirection - for example, you could create a simple MVC website that doesn't require any authentication (or indeed, requires some authentication that you fully control) and it is this site that actually makes the request to the SSRS page.
That way you can have full control over how you send authentication, and you need never worry about someone ever getting access to the actual SSRS system. Now if your solution requires the webpage to be interactive then I'm not sure this will work for you, but if it's just a static report, it might be the way to go.
i.e. your flow from the app would be
User logs into your app (or use Windows credentials, etc)
User clicks to request the SSRS page
Your app makes an HTTP request to your MVC application
Your MVC application makes the "real" HTTP request to SSRS (eg via HttpClient, etc) and dumps the result back to the caller (for example,it could write the SSRS response via #HTML.Raw in an MVC View) The credentials for SSRS will therefore never be sent by your app, so you don't need to worry about that problem any more...
Just a thought.
Incidentally, you could take a look here for the various options that SSRS allows for authentication; you may find some method that suits (for e.g Custom authentication) - I know you mentioned you can't change anything on the server so I'm just including it for posterity.
I'm completely new to the whole facebook login scene. Unfortunately the login process seems so complicated considering I simply want to be able to call a login dialog and get back the user's App Token. When I run the example code the login screen asks for an app token not an email and password like I'd expect to see as a user.
From my understanding it appears that even using the Facebook Unity SDK I am still required to build my own login page with app token generator which I have no idea how to do. It also appears there are different ways it needs to be done whether you are on IOS, Android, Web Player, Windows and Windows Phone. Is there really not one way to do this?
I followed the tutorial here: https://developers.facebook.com/docs/games/unity/unity-tutorial although all the images regarding setting up your app on developers.facebook.com/apps are out of date and I can't find a good majority of the options it mentions.
So I guess my main questions are:
Can you have one way across all platforms to allow email/password login for a user?
Do you need to build your own token generator on a website?
How do I set up a game for Unity in the new facebook layout?
Thanks everyone. I've never dealt with authentication via any online service before and this seems much preferable to having my own login authentication for my games. I just wish it wasn't such a confusing mess to someone who has never dealt with any of this before.
The app token thing is only used in Unity editor, so only in development. This is a work-around, since it was impossible to simulate regular facebook login flow in Unity editor and we wanted devs to be able to test their games in the editor, which is much faster than building and uploading it.
You are not supposed to create your own login process. Just import the sdk package into Unity and open scene InteractiveConsole in Assets\Examples
Try building it for iOS/android/canvas, it works on all platforms without any code change necessary
Let me know if have any problems
1 and 2
My assumption is the access "token" you mention is a generic login for testing in unity. Your app should handle the login differently across platforms, in regard to the "Facebook Unity SDK API's" handling the bulk stuff so you are free to plug and play.
3
Image of my settings for the canvas demo https:// developers .facebook .com/apps/#____#/settings/
https://drive.google.com/file/d/0B7Lk_CfjfKfTdVlNQWlINkNCTU0/edit?usp=sharing
I have a windows application, developed in C#. where I need to perform Google oAuth so I'll get their profile. I don't want to ask the user to enter their Google Username and Password in my windows application (and of course users don't want that).
How can I do that ?
I tried
1.) Able to open Google Authentication page from my windows application, but can't figure it out how to get access token passed to my windows application.
Any inputs / suggestions ?
You can have a webBrowser control in you application. You can then let the user log in via the webBrowser control. You can then query the webBrowser control for the data.
What you are probably looking for is called 2-legged OAuth. You can get some example code here, but its in PHP. You can also see a C# Example here
I appreciate this is an old question but I'm currently looking into the same thing. From what I've found, using an embeded webBrowser as per SamFisher83's suggestion is "strongly discouraged".
I thought I'd share this guide from Google themselves.
Link to Google OAuth 2.0 guide
No doubt the OP found a way of doing it, but this was one of the first links that came up via a google search on the subject and thought I'd share the link for any future reference.
I'm creating a desktop application in C#.
one of the things that this application should do is to publish things to the status of the user in facebook (like: "dave just won 3 gold medals" ). this should happen whether the user is logged in now to facebook or not. I want the user to give me all the needed permissions once and then everything would happen automatically (I would save whatever is needed on my DB).
I tried using facebook developer toolkit 2.0 for .net but didn't see anything there that could help me.
ANY help would be appreciated.
For you question:
you need to use the Facebook Connect API
there is a Feature called offline_access - its an extended permission.
In FB Connect you need to toggle the correct popup :
The workflow will be like that:
User uses FB Connect to confirm the fact he wants to connect your app to his facebook account.
You trigger the popup.
You can then call all calls on his permission even if he is offline (or not using facebook connect)
For the sake of understanding: FB Connect is meant that way that you can easily log the user into his app and do everything on his behalf. offline_access is actually meant for cronjob work.
Iv'e got some answers here. I think it answers other questions I saw in the web lately:
My answer is related to desktop applications that works outside of facebook (facebook connect).
+ I'm using the facebook developer toolkit 2.1:
Here is how to get the special permission, needed to for offline access. and how to get the session key:
facebook.Components.FacebookService FS = new facebook.Components.FacebookService();
FS.GetExtendedPermission(facebook.Types.Enums.Extended_Permissions.offline_access);
The second line will force you to login and afterwards would ask for the permission after the user choose to grant the permission, you are given in the post URL - the fb_si_session_key. BUT the toolkit developers didn't do enough to bring it to you :-(
So you have few options. the simple one is to do:
FS.Logoff();
FS.ConnectToFacebook();
What will happen is that you'll see the login screen for a second and before youll be able to click anything it would vanish. but this time you'll have the right session key. you can get it like that:
string myPermanentSessionKey = FS.API.SessionKey;
If you dont want to show that annoying screen again you have few options, all of them are related to changing the source files of the toolkit. I'm not gonna get into it here, but just tell you a simple option: in the facebookconnect() function I changed it to receive a parameter (isShow) when I send true to it, it behaves normal, when I send false to it - it skips on the formLogin.ShowDialog();
It's working.