Search Results

Search found 15558 results on 623 pages for 'basic authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 17/623 | < Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >

  • ASP.NET 2.0 and 4.0 seem to treat the root url differently in Forms Authentication

    - by Kev
    If have the following web.config: <configuration> <system.web> <authentication mode="Forms"> <forms name="MembershipCookie" loginUrl="Login.aspx" protection="All" timeout="525600" slidingExpiration="true" enableCrossAppRedirects="true" path="/" /> </authentication> <authorization> <deny users="?" /> </authorization> </system.web> <location path="Default.aspx"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> </configuration> The application is an ASP.NET 2.0 application running on Windows 2008R2/IIS7.5. If the site's application pool is configured to run ASP.NET 2.0 and I browse to http://example.com then Default.aspx is rendered as you'd expect from the rules above. However if the application pool is set to run ASP.NET 4.0 I am redirected to the login page. If I explicitly specify http://example.com/default.aspx then all is good and default.aspx renders. I've tried rewriting / -> /default.aspx (using IIS UrlRewriter 2.0) but the result is still the same, I get kicked to the login page. I've also tried this with an ASP.NET 4.0 application with the same result (which is where the problem initially arose). The reason I tried this with a 2.0 application was to see if there was a change in behaviour, and it seems that / is handled differently in 4.0. So to summarise, using the configuration above the following is observed: ASP.NET Version Url Behaviour ------------------------------------------------------------------------- 2.0 http://example.com Renders Default.aspx 2.0 http://example.com/Default.aspx Renders Default.aspx 4.0 http://example.com Redirects to Login.aspx 4.0 http://example.com/Default.aspx Renders Default.aspx Is this a bug/breaking change or have I missed something glaringly obvious?

    Read the article

  • Authentication with wget

    - by Llistes Sugra
    I am currently accepting the parameters login and password in my servlet, but logs are storing this info when using wget (as long as it is GET method, and apache is in the middle) Instead of this I want to enhance my servlet's authentication accepting: wget --http-user=login --http-password=password http://myhost/myServlet How can I read, in my servlet, the server side, the login and the password user is sending, in java code?

    Read the article

  • how to auto log onto form authentication from desktop app

    - by user156144
    I have an asp website that uses form authentication to protect certain resources. I am developing a desktop winform application that accesses the protected resource. How do I take id and password from user on the desktop app and pass it to the site? I initially thought WebRequest.Credentials can be used to achieve this but I was wrong. Thanks!

    Read the article

  • Authentication between domains

    - by gneash
    I have: a service running under user account domainA\userA on hostA from domainA SPNs created for the service running on hostA for user account domainA\userA a client part of my application is trying to access resources (through remoting) from the service running on hostA but this client part is running on hostB from domainB and under the user account domainB\userB appropriate delegation settings are done for user account domainA\userA trusted for delegation SPNs set properly with no duplicates domainA and domainB have two way trust I get this error: A secuity package specific error occured: Unspecified error (0x80004005) Could you please see if there is any authentication setting I missed?

    Read the article

  • Mocking digest authentication in RestEasy

    - by Ralph
    I am using RestEasy to develop a REST server and using the mock dispatcher (org.jboss.resteasy.mockMockDispatcherFactory) for testing the service in my unit tests. My service requires digest authentication and I would to make that part of my testing. Each of my services accepts a @Context SecurityContext securityContext parameter. Is there any way is inject a fake SecurityContext in the dispatcher so that I can test that my security methods function properly?

    Read the article

  • Getresponse not working after authentication

    - by Hazler
    For starters, here's my code: // Create a request using a URL that can receive a post. WebRequest request = WebRequest.Create("http://mydomain.com/cms/csharptest.php"); request.Credentials = new NetworkCredential("myUser", "myPass"); // Set the Method property of the request to POST. request.Method = "POST"; // Create POST data and convert it to a byte array. string postData = "name=PersonName&age=25"; byte[] byteArray = Encoding.UTF8.GetBytes(postData); // Set the ContentType property of the WebRequest. request.ContentType = "application/x-www-form-urlencoded"; // Set the ContentLength property of the WebRequest. request.ContentLength = byteArray.Length; // Get the request stream. Stream dataStream = request.GetRequestStream(); // Write the data to the request stream. dataStream.Write(byteArray, 0, byteArray.Length); // Close the Stream object. dataStream.Close(); // Get the response. HttpWebResponse response = (HttpWebResponse)request.GetResponse(); // Display the status. Console.WriteLine((response).StatusDescription); // Get the stream containing content returned by the server. dataStream = response.GetResponseStream(); // Open the stream using a StreamReader for easy access. StreamReader reader = new StreamReader(dataStream); // Read the content. string responseFromServer = reader.ReadToEnd(); // Display the content. Console.WriteLine(responseFromServer); // Clean up the streams. reader.Close(); dataStream.Close(); response.Close(); The directory cms/ requires authentication, but if I try running this same code somewhere, where authentication isn't needed, it works fine. The error (System.Net.WebException: The remote server returned an error: (403) Forbidden) occurs at HttpWebResponse response = (HttpWebResponse)request.GetResponse(); I have managed in reading data after authenticating, but not if I also send POST data. What's wrong with this?

    Read the article

  • OpenID authentication in Ruby on Rails

    - by martinatime
    I am a neophyte with Ruby on Rails but I've created a couple of small apps. Anyway, I'm really interested in OpenID and I would like to implement OpenID authentication and maybe some Sreg stuff in a Rails app. All of the research that I have done has come up with articles that are out of date or just don't work for me. Since I'm so new to Rails I'm having difficulty debugging the issues so... What is the best way to implement OpenId in Rails? Thanks

    Read the article

  • Use my own authentication in tomcat

    - by mabuzer
    how can I force tomcat to use my own implementation of Authenticator, and not the existing one like [FORM, BASIC, DIGEST,, etc]. I know if I added my authentication class name in org.apache.catalina.startup.Authenticators.properties it would work,,, any help please... I need an alternative for this...

    Read the article

  • iis7 integrated mode asp.net 4.0 forms authentication problem using IE8

    - by FiveTools
    Anyone experience any issues with IIS7, integrated mode forms authentication while using IE8? I have a website with a login form, once logged in, any postback causes the user to be logged out. This doesn't even happen consistently, sometimes I can login and not experience this issue, other times it happens instantly. I can not replicate the problem in any other browser and I cannot replicate on my development machine running / debugging vs2010.

    Read the article

  • Apache authentication: Redirect on failure, reliably?

    - by bukzor
    I've set my ErrorDocument 401 to point to my website's account creation page, but not all browsers seem to honor this redirect (Safari). Also, other browsers (Firefox, Chrome) never quit asking for the password and show the ErrorDocument. This causes a good number of users to give up trying after many password attempts without seeing the account creation page. Is there any way to make the redirect more reliable, without trashing basic authentication altogether?

    Read the article

  • ideas: per-file authentication in order to download

    - by suIIIha
    i would love to use mod_xsendfile but i live in a shared environment which does not provide such a module. processing large files such as videos through a server-side script and sending it to the browser that way seems to be unacceptable in my case, so i am looking for a way to enable per-file authentication in such a way that is not going to consume resources much. nobody shall know what the actual path is to the file they are downloading. please suggest how to do that.

    Read the article

  • How to manage user authentication/sessions?

    - by Dan
    What is the best way to manage user authentication/sessions in a web app, ideally in a clustered environment, using Spring Framework/MVC? I thought of creating a login bean that creates a jsession for authenticated users and then using AOP to check for the jsession before each controller method inovcation. If there isn't a better way, what are some possible alternatives? Thanks.

    Read the article

  • Authorization security of ASP.NET Forms authentication

    - by Tomi
    I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

    Read the article

  • One Account with many users authentication in rails

    - by Cristian
    Which approach would you recommend to the following issue: My app needs to have an account with several users inputting tasks on the same account. Only one of the users (the one that opened the account) will have admin privileges. Im thinking on using Authlogic for authentication and CanCan for determining user privileges. The point is that I'd like the User that opened the Account to be admin by default being him the only one to be able to generate other Users for his account with a different privileges. Thanks, CD

    Read the article

  • ASP.NET: Using Session to store authentication?

    - by Niels Bosma
    I'm having a lot of problems with FormsAuthentication (http://stackoverflow.com/questions/2964342/problem-with-asp-net-authentication) and as as potential work around I'm thinking about storing the login in the Session? Login: Session["Auth.ClientId"] = clientId; IsAuthenticated: Session["Auth.ClientId"] != null; Logout; Session["Auth.ClientId"] == null; I'm not really using most of the bells and whistles of FormsAuthentication anyway. Is this a bad idea?

    Read the article

  • User management, authentication and acl plugin for CakePHP?

    - by Jack
    Hi, I am pretty new to CakePHP, having been using rails for a little while. My question is, can anyone recommend a good user management, authentication and acl plugin or component for Cake? I have come across this one, but it has not been updated since 2008. If not can anyone recommend a good book/tutorial site for this kind of set up? I am more than happy to sit down and write this kind of thing myself, but would rather use a tested community plug-in. Cheers

    Read the article

  • OpenID authentication error

    - by Raindog
    When I try to login to this site using my yahoo openid, it takes me to the yahoo site, I click "continue" meaning that i want to send my authentication details to stackoverflow.com and stackoverflow.com gives me the following error underneath the login text field: Unable to log in with your OpenID provider: failed to authenticate, returning Failed. Please ensure your identifier is correct and try again.

    Read the article

  • Websphere 7 simple realm (like tomcat-users.xml)

    - by Heavy Bytes
    I am trying to port a J2EE app from Tomcat to Websphere and I'm not too familiar with Websphere. The only problem I am having is authorization (I use basic-authentication in my web.xml). In Tomcat I use the tomcat-users.xml file to define my users/passwords and to what roles they belong. How do I do this "simply" in Websphere? When deploying the EAR to Websphere it also asks me to map my role from web.xml to a user or group. Do I have to set up some sort of realm? Custom user registry? Thanks. UPDATE: I configured a Standalone custom registry, however I can't get a log-in prompt for username/password. It works just fine in Tomcat, and it doesn't in Websphere. Code from web.xml <security-constraint> <web-resource-collection> <web-resource-name>basic-auth security</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>HELLO_USER</role-name> </auth-constraint> <user-data-constraint>NONE</user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>HELLO_USER</role-name> </security-role>

    Read the article

  • Sharepoint web services -- The HTTP request is unauthorized with client authentication scheme 'Ntlm'

    - by Pandincus
    I know there's a lot of questions on SO similar to this, but I couldn't find one for this particular issue. A couple of points, first: I have no control over our Sharepoint server. I cannot tweak any IIS settings. I believe our IIS server version is IIS 7.0. Our Sharepoint Server is anticipating requests via NTLM. Our Sharepoint Server is on the same domain as my client computer. I am using .NET Framework 3.5, Visual Studio 2008 I am trying to write a simple console app to manipulate Sharepoint data using Sharepoint Web Services. I have added the Service Reference, and the following is my app.config: <system.serviceModel> <bindings> <basicHttpBinding> <binding name="ListsSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="Transport"> <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://subdomain.companysite.com/subsite/_vti_bin/Lists.asmx" binding="basicHttpBinding" bindingConfiguration="ListsSoap" contract="ServiceReference1.ListsSoap" name="ListsSoap" /> </client> </system.serviceModel> This is my code: static void Main(string[] args) { using (var client = new ListsSoapClient()) { client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "password", "domain"); client.GetListCollection(); } } When I call GetListCollection(), the following MessageSecurityException gets thrown: The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'. With an inner WebException: "The remote server returned an error: (401) Unauthorized." I've tried various bindings and various code tweaks to try to authenticate properly, but to no avail. I'll list those below. I've tried the following steps: Using a native Win32 Impersonator before creating the client using (new Impersonator.Impersonator("username", "password", "domain")) using (var client = new ListsSoapClient()) { client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("dpincas", "password", "domain"); client.GetListCollection(); } This produced the same error message. Setting TokenImpersonationLevel for my client credentials using (var client = new ListsSoapClient()) { client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation; client.GetListCollection(); } This produced the same error message. Using security mode=TransportCredentialOnly <security mode="TransportCredentialOnly"> <transport clientCredentialType="Ntlm" /> </security> This resulted in a different error message: The provided URI scheme 'https' is invalid; expected 'http'. Parameter name: via However, I need to use https, so I cannot change my URI scheme. I've tried some other combinations that I can't remember, but I'll post them when I do. I'm really at wits end here. I see a lot of links on Google that say "switch to Kerberos", but my server seems to only be accepting NTLM, not "Negotiate" (as it would say if it was looking for Kerberos), so that is unfortunately not an option. Any help out there, folks?

    Read the article

  • Download a file with DefaultHTTPClient and preemptive authentication

    - by Nils
    After I had a lot of problems with preemptive authentication , I got it finally working. Now the next problem. I want to get a file with it, but I don't know how. I thought the file data might be in the variable response, but it isn't. Any ideas how this might work? I'm trying it since days without success :( - Basically I'm trying to download an jpeg file, which is on a server protected by prem. auth. // BASIC AUTH /* * ==================================================================== * * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. */ //http://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.0.x/httpclient/src/examples/org/apache/http/examples/client/ClientPreemptiveBasicAuthentication.java httpclient = new DefaultHttpClient(); httpclient.getCredentialsProvider().setCredentials( new AuthScope(host, port), new UsernamePasswordCredentials(username, password)); // Generate BASIC scheme object and stick it to the local // execution context BasicHttpContext localcontext = new BasicHttpContext(); BasicScheme basicAuth = new BasicScheme(); localcontext.setAttribute("preemptive-auth", basicAuth); //first request interceptor httpclient.addRequestInterceptor(new PreemptiveAuth(), 0); HttpHost targetHost = new HttpHost(host, port, "http"); //HttpGet httpget = new HttpGet("/"); HttpGet httpget = new HttpGet(http.url); System.out.println("executing request" + httpget.getRequestLine()); /// !!! HttpResponse response = httpclient.execute(targetHost, httpget, localcontext); HttpEntity entity = response.getEntity(); System.out.println("----------------------------------------"); System.out.println("+"+response.getStatusLine()+"+"); ...

    Read the article

  • People Picker can't find Forms Authentication Users in WSS 3.0

    - by beyti
    I used a lot of tutorials to turn my windows authenticated default wss web app to use Forms Authentication. What I've done since; 1. created a web app. and a site in wss 3.0. Made its anonymous access enabled for all site content. This wss app is in the "wss3" server. 2. created a membership db with regsql.exe in .net framework folder.Created it with its default settings, like aspnetdb named database.This db is in the "sqlserver" server. 3. gave db.owner permission to the web app. admin of wss to the aspnetdb database. The user is registered under the same domain as the sql and the wss machines. 4. configured site's web.config file with following changes/adds: ..added the connectionString: <connectionStrings> <clear /> <add name="LocalSqlServer" connectionString="server=sqlserver;database=aspnetdb; Integrated Security=SSPI" providerName="System.Data.SqlClient" /> </connectionStrings> ..added the membershipProvider: <membership> <providers> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" /> </providers> </membership> ..also checked the peoplepicker settings: <PeoplePickerWildcards> <clear /> <add key="AspNetSqlMembershipProvider" value="%" /> </PeoplePickerWildcards> 5. After all, I changed the application provider of the site I created to use forms. Gave it the provider name of "AspNetSqlMembershipProvider". 6. I've created some users for Forms Authentication via ASP.net Configuration page by visual studio. 7. Checked the users in the db aspnetdb. They are there. 8. Tried to login to wss with one of them. Successfully logged in. With no privilages ofcourse. 9. Tried to give permission via Web Application Policy to that user which logged in. 10. People Picker couldn't find it at all. Any of the forms users couldn't be found. But it clearly tells that AD connection is also changed that none of the AD users couldn't be found either. It seems I'm missing something to configure about people picker. Any help would be appreciated. Thanks in advance. Beytan

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >