Wednesday, May 1, 2013

SharePoint custom membership provider – remind me functionality


My current project is based on SharePoint site, and I manage my users in custom Database. So for the purpose I created custom membership provider and attached to the Sharepoint site. In addition to the changes, I was requested to create a custom login page.

To login to Sharepoint, after checking password and username, I use the method:
.
.
bool res = SPClaimsUtility.AuthenticateFormsUser(this.Page.Request.Url, userEmal, 
                                                 password);
.
.
However the method does not accept “remember me” flag. I opened the method by reflector and found such lines:
.
bool isPersisted = !SPSecurityTokenServiceManager.Local.UseSessionCookies;
.
.
.
SPSessionTokenWriteType local_0 = SPSessionTokenWriteType.WriteSessionCookie;
if (isPersisted)
    local_0 = SPSessionTokenWriteType.WritePersistentCookie;
fam.SetPrincipalAndWriteSessionToken(token, local_0);
.
SPSessionTokenWriteType.WriteSessionCookie

The enum says that these are temporary cookie files, which are erased when you close your browser. When you restart your browser and go back to the site that created the cookie, the website will not recognize you. You will have to log back in (if login is required) or select your preferences/themes again if the site uses these features. A new session cookie will be generated, which will store your browsing information and will be active until you leave the site and close your browser.

SPSessionTokenWriteType.WritePersistentCookie

The enum says that these cookie files stay in one of your browser’s subfolders until you delete them manually or your browser deletes them based on the duration period contained within the persistent cookie’s file. Based on the discover, the solution for “remember me” functionality is:
.
SPSecurityTokenServiceManager.Local.UseSessionCookies = !keepMeLoggedIn.Checked;
bool res = SPClaimsUtility.AuthenticateFormsUser(this.Page.Request.Url, userEmal, password);
.

The solution add “remid me” functionality to custom log in page.

Anonymous Access SharePoint Application Page

Generally when creating a page in SharePoint it inheritance from LayoutsPageBase however a public page has to inheritance from UnsecuredLayoutsPageBaseand overriding AllowAnonymousAccess property.

public partial class ForgotPassword: UnsecuredLayoutsPageBase
{
    protected override boolAllowAnonymousAccess { get{ return true; } }
 
    protected void Page_Load(objectsender, EventArgs e)
    {
    }
}

VS.Php for Visual Studio Solution Generator

For my personal purposes I started to develop themes for
Wordpress. I found one VS.Php development tool integrated to visual
studio.


You can download it from here: href="http://www.jcxsoftware.com/jcx/"
target="_blank">http://www.jcxsoftware.com/jcx/ I like
the idea to develop in some environment that I am regular to. But
there was one problem: the fast way to create solution from
Wordpress directory. As you know, WordPress directory include big
amount of files and directories. I did not like the idea to add it
one by one. I created console application generated solution and
project file for VS.Php tool. The application receive just
directory path with files to add to solution. It will create
solution file in root and put to processed directory a project
file. Using example:

VSPhpSolutionGenerator.exe “C:\Wordpress3.2.1\wordpress”

It will create the tree:



Download: VSPhpSolutionGenerator.rar

UI Test with solving Captcha by iMacros


I found interesting solution for UI testing, it is iMacros.

But on my site I have captcha when a new user sign in. There is two options to test sign in page is disable captcha for testing time or solve it by some automatic way.
There is exits services that give you ability soleve captcha automatically by iMacros. But all the services is not for free.
I found Captcha Trader the service provide solving captcha by credits that you able to buy or earn by solving other captchas.

To use Captcha Trader you need to register on the site, get API key and earn or buy captcha credits.

To solve the captcha, script get captcha image url from page, and POST it to: http://api.captchatrader.com/submit. Shortly after post the service will automatically return JSON responce with the captcha text.

Arguments of service
All arguments are required for a successful submission.
api_key: The API key of the application.
match (optional): Instead of receiving a text response, receive a boolean response for whether the image is a type of this string.
password: The password or passkey of the account to submit under in plain text. In some cases it may be preferential to ask the user for their passkey instead of their password. Note that in the future, use of a password may become deprecated to passkey usage.
type: The type of image this is. See type reference below.
username: The username of the account to submit under.
value: The CAPTCHA submission itself, either a string or a file object.

Types
CaptchaTrader accepts a variety of file image types, but it must be specified. If incorrectly specified, the CAPTCHA will not be solved.
url-jpg: A url of a jpg file.
url-jpeg: A url of a jpeg file. Note that this is functionally equivalent to url-jpg.
url-png: A url of a png file.
url-bmp: a url of a bmp file.
file: A multipart/form-data upload of the image.

Example Response
A typical response will be a JSON encoded string as such:
[1264, "start multipart"]

Parameters help is from CaptchaTrader site.

Here is the snapshot macro code to solve the captcha.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
//YOUR START CODE
 
//typically you put this code when you are first able to see the captcha
//the code get url of image from page that captcha on.
var macro = 'CODE:';
macro += "TAG POS=1 TYPE=IMG ATTR=SRC:*/recaptcha/api/* EXTRACT=HREF";
var retcode = iimPlay(macro);
if (retcode == 1) {
   var captchaUrl = iimGetLastExtract();
   var serviceUrl = 'http://api.captchatrader.com/submit';
   var params = 'api_key=';
   params += '&password=';
   params += '&username=';
   params += '&type=';
   params += '&value=' + captchaUrl;
 
   var xmlhttp;
   if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari
      xmlhttp = new XMLHttpRequest();
   }
   else {// code for IE6, IE5
      xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
   }
   xmlhttp.onreadystatechange = function () {
 
      if (xmlhttp.readyState == 4 && (xmlhttp.status == 200 ||
       xmlhttp.status == 0)) {
         //Code that will be called when responce will be recived from 
         // CaptchaTrader
         onSuccess(xmlhttp.responseText);
      }
   }
 
   xmlhttp.open("POST", serviceUrl, true);
   xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
   xmlhttp.setRequestHeader("Content-length", params.length);
   xmlhttp.setRequestHeader("Connection", "close");
   xmlhttp.send(params);
} else {
   errtext = iimGetLastError();
   alert(errtext);
}
 
function onSuccess(json){
   var res = eval("(" + json + ')');
   var captchaText = res[1];
   captchaText = captchaText.replace(' ', '');
 
   //this shows an example of how to input the variable into the captcha input
   var macro = "CODE:";
   macro += "TAG POS=1 TYPE=INPUT:TEXT FORM=NAME:someForm ";
   macro += "ATTR=ID:recaptcha_response_field CONTENT=" + captchaText + "\n";
   macro += "TAG POS=1 TYPE=INPUT:IMAGE FORM=ID:someForm "
   macro += "ATTR=ID:SubmitButton";
   var retcode = iimPlay(macro);
   if (retcode < 0) {
      errtext = iimGetLastError();
      alert(errtext);
   } else {
      //Put here code that will be called when captcha will be solved.
   }
}

QNAP – Force secure connection (SSL) only

I played with SSL setting of web – administration of my NAS (QNAP TS-239PROII). And when I switched on force secure connection parameter, I was through up from the site and was not able to open back it.

You have two options to remove the parameter to previous value:
First option is just reset your NAS to default settings, but the option will remove all your settings.
And second is more difficult but without loosing all your settings. And the option was suitable for me.

1. Log into your QNAP device using SSH or Telnet, for instance by using Putty.
2. Open config file in editor: # vi /mnt/HDA_ROOT/.config/uLinux.conf
3. Press i button to enter to insert mode
4. Change line: Force SSL = 1 to 0
5. Press “esc” to exit from insert mode
6. Press :wq to save file

This is it, you can now open web administration by regular way.