Home Access Plus+ Git Repo
It is highly recommended that you install HAP+ behind Azure AD App Proxy: https://www.youtube.com/watch?v=VNYHNz2fK6E
Home Access Plus+ Git Repo
License: Microsoft Public License
Home Access Plus+ Git Repo
It is highly recommended that you install HAP+ behind Azure AD App Proxy: https://www.youtube.com/watch?v=VNYHNz2fK6E
Hello,
I am trying to use the Booking System function of Home Access Plus+ for internal use. However, whenever a member of staff logs in the Unauthorised error page is always thrown.
I have ensured that Domain Users has been added to the grant access in web.config.
Is there a way of completely overriding/bypassing this granting of access in web.config?
Many thanks.
skid
is there any way / plans to make the user card work with azure AD ?
Hi Nick,
Fantastic product.
How would you feel for me to start rewriting HAP to the MVC structure and also updating it to .NET Core allowing for it to be run on Linux servers?
I think if we can achieve this along with mobile first css, this will be a one stop shop for high schools and academes wanting home access (not that it already is).
What are your thoughts?
Thanks
Hi,
Having issues having done the core 10.6 upgrade, we have overwrite the files apart from the config and the login is ok but trying to opening the any network drive just hangs at loading.
What is this the case?
HAP requires a valid username and password combination to connect to Active Directory so it can validate user logins and retrieve their files. Once the Administrator enters the password it is encrypted and salted using AES encryption, this is not safe for multiple reasons, most notably the fact that the key and salt are publicly exposed in the Git repository. Anyone who has access to the passwords essentially has them in plain text. You can easily just reverse engineer encryption. example
using System;
using System.Text;
using System.Security.Cryptography;
using System.IO;
public class Program {
static private string _password = "";
static private string _key = "";
static private byte[] _salt = Encoding.ASCII.GetBytes("");
public static void Main()
{
string plaintext = null;
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(Program._key, Program._salt);
var aesAlg = new RijndaelManaged();
aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
aesAlg.IV = key.GetBytes(aesAlg.BlockSize / 8);
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
byte[] bytes = Convert.FromBase64String(Program._password);
using (MemoryStream msDecrypt = new MemoryStream(bytes)) {
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) {
using (StreamReader srDecrypt = new StreamReader(csDecrypt)) plaintext = srDecrypt.ReadToEnd();
}
}
Console.WriteLine(plaintext);
}
}
Hi,
Is it possible to implement SAML / Signal Sign On Support
Thanks
Anyone with permissions to create an announcement can write any Javascript code in the announcement edit prompt and it will be served to anyone visiting the website. User cookies are protected by the HttpOnly header, so it can't steal those. However, it can still inject itself into things like the Reset Password section and/or redirect the user to something else malicious.
Demonstration:
Offending code:
[WebInvoke(UriTemplate = "Save", ResponseFormat=WebMessageFormat.Json, Method = "POST", BodyStyle = WebMessageBodyStyle.WrappedRequest)]
public bool Save(string content, bool show)
{
XmlDocument doc = new XmlDocument();
doc.Load(HttpContext.Current.Server.MapPath("~/App_Data/Announcement.xml"));
XmlNode node = doc.SelectSingleNode("/announcement");
node.Attributes[0].Value = show.ToString();
node.InnerXml = string.Format("<![CDATA[ {0} ]]>", HttpUtility.UrlDecode(content, System.Text.Encoding.Default));
doc.Save(HttpContext.Current.Server.MapPath("~/App_Data/Announcement.xml"));
return true;
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.