ClientAuthorizationView - Force login - DotNetOpenAuth 4
131 views
Skip to first unread message
meriturva
Feb 22, 2012, 7:01:20 AM2/22/12
to DotNetOpenAuth
Hi to all,
i'm using ClientAuthorizationView class on windows form project just
to test our OAuth 2 server.
i'm just asking a way to force the login every time i run my program.
Actually i authenticated one time a test user and now i just see the
component show a white form then it close itself and i receive a valid
tocken from dialog class.
Now we have to test program with different users....how to force the
login phase evey time?
Thanks.
Meriturva
i'm using ClientAuthorizationView class on windows form project just
to test our OAuth 2 server.
i'm just asking a way to force the login every time i run my program.
Actually i authenticated one time a test user and now i just see the
component show a white form then it close itself and i receive a valid
tocken from dialog class.
Now we have to test program with different users....how to force the
login phase evey time?
Thanks.
Meriturva
Andrew Arnott
Feb 22, 2012, 10:21:40 AM2/22/12
to dotnet...@googlegroups.com
There are two residual states here:
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
- The cookie in your WinForms app's hosted browser that is allowing your scenario to skip the login form on your authorization server.
- The authorization server remembering the authorization the user had previously approved.
Obviously for real world scenarios both aspects above are desirable for user convenience. But if you want these steps to be repeatable, you need your authorization server to clear its authorizations table (where it tracks previous authorizations) before your test, and you could also rig your auth server to force the user to log in even if cookies exist that show the user has already logged in. As an alternative to the second step, you could theoretically cause your winforms app's hosted browser to clear its cookies, which would require the user to log into the auth server each time, however from memory I'm not sure that's possible when using the ClientAuthorizationView control. I can check into that if you'd like.
--Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
Meriturva
--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
Andrew Arnott
Feb 22, 2012, 10:57:11 AM2/22/12
to dotnet...@googlegroups.com
I just checked, and I see no way to control cookies on the WinForms WebBrowser control. Maybe it's as simple as launching IE and logging out of your authorization server on the full browser?--
meriturva
Feb 22, 2012, 1:36:20 PM2/22/12
to DotNetOpenAuth
I'm just thinking a way to be productive on debug phase.
and i guess that the ie approach is not the best way...
what about change httpRequest "domain" or "context" every time?
randomly generated?
what do you think? it could be really useful to have a easy way to
develop....and test....
On 22 Feb, 16:57, Andrew Arnott <andrewarn...@gmail.com> wrote:
> I just checked, and I see no way to control cookies on the WinForms
> WebBrowser control. Maybe it's as simple as launching IE and logging out
> of your authorization server on the full browser?
>
>
>
>
>
> On Wednesday, February 22, 2012, Andrew Arnott wrote:
> > There are two residual states here:
>
> > 1. The cookie in your WinForms app's hosted browser that is allowing
> >> .
> >> 'dotnetopenid%2Bunsu...@googlegroups.com');>.
and i guess that the ie approach is not the best way...
what about change httpRequest "domain" or "context" every time?
randomly generated?
what do you think? it could be really useful to have a easy way to
develop....and test....
On 22 Feb, 16:57, Andrew Arnott <andrewarn...@gmail.com> wrote:
> I just checked, and I see no way to control cookies on the WinForms
> WebBrowser control. Maybe it's as simple as launching IE and logging out
> of your authorization server on the full browser?
>
>
>
>
>
> On Wednesday, February 22, 2012, Andrew Arnott wrote:
> > There are two residual states here:
>
> > your scenario to skip the login form on your authorization server.
> > 2. The authorization server remembering the authorization the user had
> > previously approved.
>
> > Obviously for real world scenarios both aspects above are desirable for
> > user convenience. But if you want these steps to be repeatable, you need
> > your authorization server to clear its authorizations table (where it
> > tracks previous authorizations) before your test, and you could also rig
> > your auth server to force the user to log in even if cookies exist that
> > show the user has already logged in. As an alternative to the second step,
> > you could theoretically cause your winforms app's hosted browser to clear
> > its cookies, which would require the user to log into the auth server each
> > time, however from memory I'm not sure that's possible when using the
> > ClientAuthorizationView control. I can check into that if you'd like.
> > --
> > Andrew Arnott
> > "I [may] not agree with what you have to say, but I'll defend to the death
> > your right to say it." - S. G. Tallentyre
>
> > On Wed, Feb 22, 2012 at 4:01 AM, meriturva <meritu...@email.it<javascript:_e({}, 'cvml', 'meritu...@email.it');>
>
> > Obviously for real world scenarios both aspects above are desirable for
> > user convenience. But if you want these steps to be repeatable, you need
> > your authorization server to clear its authorizations table (where it
> > tracks previous authorizations) before your test, and you could also rig
> > your auth server to force the user to log in even if cookies exist that
> > show the user has already logged in. As an alternative to the second step,
> > you could theoretically cause your winforms app's hosted browser to clear
> > its cookies, which would require the user to log into the auth server each
> > time, however from memory I'm not sure that's possible when using the
> > ClientAuthorizationView control. I can check into that if you'd like.
> > --
> > Andrew Arnott
> > "I [may] not agree with what you have to say, but I'll defend to the death
> > your right to say it." - S. G. Tallentyre
>
> > > wrote:
>
> >> Hi to all,
> >> i'm using ClientAuthorizationView class on windows form project just
> >> to test our OAuth 2 server.
> >> i'm just asking a way to force the login every time i run my program.
> >> Actually i authenticated one time a test user and now i just see the
> >> component show a white form then it close itself and i receive a valid
> >> tocken from dialog class.
>
> >> Now we have to test program with different users....how to force the
> >> login phase evey time?
> >> Thanks.
> >> Meriturva
>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "DotNetOpenAuth" group.
> >> To post to this group, send email to dotnet...@googlegroups.com<javascript:_e({}, 'cvml', 'dotnet...@googlegroups.com');>
>
> >> Hi to all,
> >> i'm using ClientAuthorizationView class on windows form project just
> >> to test our OAuth 2 server.
> >> i'm just asking a way to force the login every time i run my program.
> >> Actually i authenticated one time a test user and now i just see the
> >> component show a white form then it close itself and i receive a valid
> >> tocken from dialog class.
>
> >> Now we have to test program with different users....how to force the
> >> login phase evey time?
> >> Thanks.
> >> Meriturva
>
> >> --
> >> You received this message because you are subscribed to the Google Groups
> >> "DotNetOpenAuth" group.
> >> .
> >> To unsubscribe from this group, send email to
> >> dotnetopenid...@googlegroups.com <javascript:_e({}, 'cvml',
> >> 'dotnetopenid%2Bunsu...@googlegroups.com');>.
Andrew Arnott
Feb 22, 2012, 8:04:53 PM2/22/12
to dotnet...@googlegroups.com
I agree it's a worthwhile thing to solve for dev/testing purposes. I don't understand what you mean by changing the domain or context every time though.
Ultimately I don't see anything that DNOA could possibly offer to solve this issue. It's your authorization server web site that's setting and retrieving the session cookies, and it's your local browser that is storing them. If I were you I would have a mode you could put the auth server in that forcibly logs out the user after authorization has completed and/or clears the authorization table on demand in order to allow you to repeatedly test the scenario.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
Reply all
Reply to author
Forward
0 new messages