Search Results

Search found 54190 results on 2168 pages for 'http authentication'.

Page 186/2168 | < Previous Page | 182 183 184 185 186 187 188 189 190 191 192 193  | Next Page >

• Where is .ASPXAUTH cookie

  - by Costa

  Hi In javascript alert(document.cookie); does not show the .ASPXAUTH Cookie although a sniffer is showing it, I need it because I have an AJAX Request to the server, the request should not take place when the user is already logged in, if I cannot check .ASPXAUTH for security reason, what I should do to check whether the user is already logged in. Thanks

  Read the article

• setUserCredentials from Google data api is stuck

  - by yogsma

  Well, since I am facing some issues with OAuth implementation, I decided to go back to normal method where users will input their login id and password and I will use them in my code to validate their google account to fetch calendar information. So when user enters login id and password, the page is getting stuck. When I check the code, setUserCredentials is the method where it is getting stuck. But when I enter my login id and password and debug on development site, it works fine. There is no problem when I debug. And importantly , the problem appears for first time only, once I debug the code and next time I try it without breakpoint, it works fine. Does anyone know why setUserCredentials takes time or any way I can track why it is taking so time? I have asked the same question on Google data api forum, but nobody answered it.

  Read the article

• ValidateCredentials() returns FALSE on First Call but TRUE on Subsequent Calls

  - by Nick Gotch

  I'm using the following code to authenticate users on my web service: using (PrincipalContext context = new PrincipalContext(ContextType.Domain, domain)) { return context.ValidateCredentials(userName, password); } The obstacle I'm running into is that the first call to ValidateCredentials() is returning false but subsequent calls return true. I placed a breakpoint at this line and in the Intermediate window I see the same results: first call returns false, second returns true, even though nothing was changed (by me) between calls. The 'domain' is String.Empty but I've also tried it with the actual domain name and get the same results. I'm not that versed in network administration so any help would be appreciated,

  Read the article

• Pyramid.security: Is getting user info from a database with unauthenticated_userid(request) really secure?

  - by yourfriendzak

  I'm trying to make an accesible cache of user data using Pyramid doc's "Making A “User Object” Available as a Request Attribute" example. They're using this code to return a user object to set_request_property: from pyramid.security import unauthenticated_userid def get_user(request): # the below line is just an example, use your own method of # accessing a database connection here (this could even be another # request property such as request.db, implemented using this same # pattern). dbconn = request.registry.settings['dbconn'] userid = unauthenticated_userid(request) if userid is not None: # this should return None if the user doesn't exist # in the database return dbconn['users'].query({'id':userid}) I don't understand why they're using unauthenticated_userid(request) to lookup user info from the database...isn't that insecure? That means that user might not be logged in, so why are you using that ID to get there private info from the database? Shouldn't userid = authenticated_userid(request) be used instead to make sure the user is logged in? What's the advantage of using unauthenticated_userid(request)? Please help me understand what's going on here.

  Read the article

• Alternatives to RPX?

  - by keruilin

  I'm looking into integrating with some external APIs that will improve website sign-in experience. RPX seems to be highly functional. The one issue that I have with it is that you can't link accounts unless you purchase the premium. With that said... Are there currently any viable alternatives to RPX? Strengths/weaknesses?

  Read the article

• Invalidating ASP.NET FormsAuthentication server side

  - by Rob Walker

  I am experimenting with FormsAuthentication (using ASP.NET MVC2) and it is working fairly well. However, one case I can't work out how to deal with is validating the user identity on the server to ensure it is still valid from the server's perspective. eg. User logs in ... gets a cookie/ticket Out of band the user is deleted on the server side User makes a new request to the server. HttpContext.User.Identity.Name is set to the deleted user. I can detect this fine, but what is the correct way to handle it? Calling FormsAuthentication.SignOut in the OnAuthorization on OnActionExecuting events is too late to affect the current request. Alternatively I would like to be able to calls FormsAuthentication.InvalidateUser(...) when the user is deleted (or database recreated) to invalidate all tickets for a given (or all) users. But I can't find an API to do this.

  Read the article

• HttpWebRequest Cookie weirdness

  - by Lachman

  I'm sure I must be doing something wrong. But can't for the life of me figure out what is going on. I have a problem where it seems that the HttpWebRequest class in the framework is not correctly parsing the cookies from a web response. I'm using Fiddler to see what is going on and after making a request, the headers of the response look as such: HTTP/1.1 200 Ok Connection: close Date: Wed, 14 Jan 2009 18:20:31 GMT Server: Microsoft-IIS/6.0 P3P: policyref="/w3c/p3p.xml", CP="CAO DSP IND COR ADM CONo CUR CUSi DEV PSA PSD DELi OUR COM NAV PHY ONL PUR UNI" Set-Cookie: user=v.5,0,EX01E508801E$97$2E401000t$1BV6$A1$EC$104$A1$EC$104$A1$EC$104$21O001000$1E31!90$7CP$AE$3F$F3$D8$19o$BC$1Cd$23; Domain=.thedomain.com; path=/ Set-Cookie: minfo=v.4,EX019ECD28D6k$A3$CA$0C$CE$A2$D6$AD$D4!2$8A$EF$E8n$91$96$E1$D7$C8$0F$98$AA$ED$DC$40V$AB$9C$C1$9CF$C9$C1zIF$3A$93$C6$A7$DF$A1$7E$A7$A1$A8$BD$A6$94c$D5$E8$2F$F4$AF$A2$DF$80$89$BA$BBd$F6$2C$B6$A8; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: accttype=v.2,3,1,EX017E651B09k$A3$CA$0C$DB$A2$CB$AD$D9$8A$8C$EF$E8t$91$90$E1$DC$C89$98$AA$E0$DC$40O$A8$A4$C1$9C; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: tpid=v.1,20001; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: MC1=GUID=541977e04a341a2a4f4cdaaf49615487; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: linfo=v.4,EQC|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Set-Cookie: group=v.1,0; expires=Sunday, 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Content-Type: text/html But when I look at the response.Cookies, I see far more cookies that I am expecting, with values of different cookies being split up into different cookies. Manually getting the headers seems to result in more wierdness eg: the code foreach(string cookie in response.Headers.GetValues("Set-Cookie")) { Console.WriteLine("Cookie found: " + cookie); } produces the output: Cookie found: user=v.5 Cookie found: 0 Cookie found: EX01E508801E$97$2E401000t$1BV6$A1$EC$104$A1$EC$104$A1$EC$104$21O00 1000$1E31!90$7CP$AE$3F$F3$D8$19o$BC$1Cd$23; Domain=.thedomain.com; path=/ Cookie found: minfo=v.4 Cookie found: EX019ECD28D6k$A3$CA$0C$CE$A2$D6$AD$D4!2$8A$EF$E8n$91$96$E1$D7$C8$0 F$98$AA$ED$DC$40V$AB$9C$C1$9CF$C9$C1zIF$3A$93$C6$A7$DF$A1$7E$A7$A1$A8$BD$A6$94c$ D5$E8$2F$F4$AF$A2$DF$80$89$BA$BBd$F6$2C$B6$A8; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: accttype=v.2 Cookie found: 3 Cookie found: 1 Cookie found: EX017E651B09k$A3$CA$0C$DB$A2$CB$AD$D9$8A$8C$EF$E8t$91$90$E1$DC$C89 $98$AA$E0$DC$40O$A8$A4$C1$9C; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: tpid=v.1 Cookie found: 20001; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: MC1=GUID=541977e04a341a2a4f4cdaaf49615487; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: linfo=v.4 Cookie found: EQC|0|0|255|1|0||||||||0|0|0||0|0|0|-1|-1; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ Cookie found: group=v.1 Cookie found: 0; expires=Sunday Cookie found: 31-Dec-2014 23:59:59 GMT; Domain=.thedomain.com; path=/ as you can see - the first cookie in the list raw response: Set-Cookie: user=v.5,0,EX01E508801 is getting split into: Cookie found: user=v.5 Cookie found: 0 Cookie found: EX01E508801E$.......... So - what's going on here? Am I wrong? Is the HttpWebRequest class incorrectly parsing the http headers? Is the webserver that it spitting out the requests producing invalid http headers?

  Read the article

• Unable to login magento administration

  - by SIA

  Hi Everybody, I have just installed Magento on Windows using WAMP. Installation was successfull without any errors or warnings. When i browse administration page, i can see login screen. After entering the correct credentials it is not displaying me the Dashboard/Control Panel. Its displaying the same login page. If i enter wrong credentials, its authenticating and displaying a message as "invalid username or password" I am unable to determine the issue. If anybody has been through this issue and solved it please help me. How can i login Magento administration. Note: While installation i have selected session=Database. Will that be a issue? Kindly Advice, SIA

  Read the article

• Is there an objective-C library to talk with a CAS server

  - by Jason

  Is there a library already created to talk with an CAS server via objective-c? I know there are many supported clients but have yet to find anything I can use on the iPhone.

  Read the article

• Forgot the username

  - by prithviraj

  Hello all I have fedora installed in my system. I know the password but i forgot the user name. I can access through terminal but i don't no how to login through gui. Please help me. Thanks in advance.

  Read the article

• SharePoint Groups\Roles using FBA

  - by Itay

  Hi All, I'm running an FBA web app, having 2 Site collections. Currently I have a SharePoint group in one site collection, and I would like to assign permission to that group in the other site collection. Since SharePoint groups are site scoped, I thought using FBA roles.. Any words on how to do this, or if this it the recommended way? Thanks.

  Read the article

• ASP.NET and Session State/Login info

  - by V-Man

  Are Session variables (in ASP.NET) the safest way to store data relating to whether a user is logged in or not? i.e. Session["LoggedIn"] = 'No' I know Session variables can be spoofed so I assume there must be a safer way. Any ideas for ASP.NET? Thanks!

  Read the article

• Authlogic Current User Question - hiding admin links...

  - by bgadoci

  I think I am missing something while using the Authlogic gem w/ Rails. To set the stage I have multiple users and each user can create posts and comments. Upon the display of a post or comment I would like to give the user who created them the option to edit or destroy. I am successfully using the following code to hide and show elements based on if a user is logged in or not but can't seem to find out how to only show these links to the actual user who created them...not any user that is logged in. <% if current_user %> <%= link_to 'Edit', edit_question_path(question) %> | <%= link_to 'Destroy', question, :confirm => 'Are you sure?', :method => :delete %> <% else %> <p>nothing to see here</p> <% end %> Here is the def of current_user located in the application controller in case I need to change something here. class ApplicationController < ActionController::Base helper :all # include all helpers, all the time protect_from_forgery # See ActionController::RequestForgeryProtection for details# helper_method :current_user private def current_user_session return @current_user_session if defined?(@current_user_session) @current_user_session = UserSession.find end def current_user return @current_user if defined?(@current_user) @current_user = current_user_session && current_user_session.record end end

  Read the article

• Can IIS admin change password of Windows Service account

  - by sweta Jha

  We have a service account defined for anonymous access which is used for several web sites hosted on the web server. This account has access to several network resources like report server, file servers and so on. While deploying a new web site, we used the same service account for anonymous access. IIS takes the username/password for the account and then a dialog opens for confirm password. Accidently, we gave a wrong password in both the text boxes, the new site with wrong password is working fine but all other previously hosted sites which were using the service account, started giving the unautorized access error. Is it possible that when we entered wrong password for the new web site, the password of the account got reset and all sites stopped functioning?

  Read the article

• Kohana 3 - Constructor

  - by pigfox

  I attempted to use public function __construct(){} but got the error ErrorException [ Strict ]: Creating default object from empty value. The reason behind this is that I use a controller that is protected for logged in users only, I don't want to have to call $this-protect(); from every action in the controller. Hence my attempt to use a constructor that calls $this-protect();

  Read the article

• ChangePassword control without provider

  - by EugeneK

  Hello, Is there a way to make ChangePassword control work without Membership provider? Like the same way Login control works through an Authenticate event, could I make this component to use my password changing function and then showing success view without me writing custom provider? Thanks, Eugene.

  Read the article

• Can't log in a user in MVC!

  - by devlife

  I have been scratching my head on this for a while now but still can't get it. I'm trying to simply log in a user in an MVC2 application. I have tried everything that I know to try but still can't figure out what I'm doing wrong. Here are a few things that I have tried: FormsAuthentication.SetAuthCookie( emailAddress, rememberMe ); var cookie = FormsAuthentication.GetAuthCookie( emailAddress, rememberMe ); HttpContext.Response.Cookies.Add( cookie ); FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( emailAddress, rememberMe, 15 ); FormsIdentity identity = new FormsIdentity( ticket ); GenericPrincipal principal = new GenericPrincipal(identity, new string[0]); HttpContext.User = principal; I'm not sure if any of this is the right thing to do (as it's not working). After setting HttpContext.User = principal then Request.IsAuthenticated == true. However, in Global.asax I have this: HttpCookie authenCookie = Context.Request.Cookies.Get( FormsAuthentication.FormsCookieName ); The only cookie that ever is available is the aspnet session cookie. Any ideas at all would be much appreciated!

  Read the article

• How to set Img scr from a server that is not live but connected with live server.

  - by Ghulam Haider

  I want to display photo of employee who is login but our company doesn't want to expose the photos of all employees publically that is why we put that employees photos on a server that is not live but connected with the live server. Now problem it that when I run my website on localhost the photos of employees display but as soon as I publish it on IIS it doesn't display images. Please suggest a solution.

  Read the article

• using sfDoctrineGuardPlugin for regular member login?

  - by fayer

  i want to create users for my webapplication. im using symfony. i wonder if i should do that with sfDoctrineGuardPlugin or symfony's provided methods for this? // Add one or more credentials $user->addCredential('foo'); $user->addCredentials('foo', 'bar'); // Check if the user has a credential echo $user->hasCredential('foo'); => true // Check if the user has both credentials echo $user->hasCredential(array('foo', 'bar')); => true // Check if the user has one of the credentials echo $user->hasCredential(array('foo', 'bar'), false); => true // Remove a credential $user->removeCredential('foo'); echo $user->hasCredential('foo'); => false // Remove all credentials (useful in the logout process) $user->clearCredentials(); echo $user->hasCredential('bar'); => false or is the purpose of sfDoctrineGuardPlugin just securing the admin page and not the frontend logging system? thanks.

  Read the article

• Django's self.client.login(...) does not work in unit tests

  - by thebossman

  I have created users for my unit tests in two ways: 1) Create a fixture for "auth.user" that looks roughly like this: { "pk": 1, "model": "auth.user", "fields": { "username": "homer", "is_active": 1, "password": "sha1$72cd3$4935449e2cd7efb8b3723fb9958fe3bb100a30f2", ... } } I've left out the seemingly unimportant parts. 2) Use 'create_user' in the setUp function (although I'd rather keep everything in my fixtures class): def setUp(self): User.objects.create_user('homer', '[email protected]', 'simpson') Note that the password is simpson in both cases. I've verified that this info is correctly being loaded into the test database time and time again. I can grab the User object using User.objects.get. I can verify the password is correct using 'check_password.' The user is active. Yet, invariably, self.client.login(username='homer', password='simpson') FAILS. I'm baffled as to why. I think I've read every single Internet discussion pertaining to this. Can anybody help? The login code in my unit test looks like this: login = self.client.login(username='homer', password='simpson') self.assertTrue(login) Thanks.

  Read the article

• How to POST to Vitalist.com's API via Powershell?

  - by GollyJer

  I'd liketo use Powershell to post a new action to my Vitalist.com account. The Vitalist API documentation is here. I've tried HttpWebResponse in Powershell but I'm missing something. Any pointers are appreciated. Thanks.

  Read the article

• Secure Webservice (WCF) without storing credentials on consumer application

  - by Pai Gaudêncio

  Howdy folks, I have a customer that sells a lottery analysis application. In this application, he consumes a webservice (my service, I mean, belongs to the company I work for now) to get statistical data about lottery results, bets made, amounts, etc., from all across the globe. The access to this webservice is paid, and each consult costs X credits. Some people have disassembled this lottery application and found the api key/auth key used to access the paid webservice, and started to use it. I would like to prevent this from happening again, but I can't find a way to authenticate on the webservice without storing the auth. keys on the application. Does anyone have any ideas on how to accomplish such task? ps1.Can't ask for the users to input any kind of credentials. Has to be transparent for them (they shouldn't know what is happening). ps2. Can't use digital certificates for the same reason above, not to mention it's easy to retrieve them and we would fall into the original problem. Thanks in advance.

  Read the article

• Multiple user roles in Ruby on Rails

  - by aguynamedloren

  I am building an inventory management application with four different user types: admin, employee, manufacturer, transporter. I haven't started coding yet, but this is what I'm thinking.. Manufacturers and transporters are related with has_many :through many-to-many association with products as follows: class Manufacturer < ActiveRecord::Base has_many :products has_many :transporters, :through => :products end class Product < ActiveRecord::Base belongs_to :manufacturer belongs_to :transporter end class Transporter < ActiveRecord::Base has_many :products has_many :manufacturers, :through => :products end All four user types will be able to login, but they will have different permissions and views, etc. I don't think I can put them in the same table (Users), however, because they will have different requirements, ie: vendors and manufacturers must have a billing address and contact info (through validations), but admins and employees should not have these fields. If possible, I would like to have a single login screen as opposed to 4 different screens. I'm not asking for the exact code to build this, but I'm having trouble determining the best way to make it happen. Any ideas would be greatly appreciated - thanks!

  Read the article

• Google's Oauth for Installed apps vs. Oauth for Web Apps

  - by burgerguy

  So I'm having trouble understanding something... If you do Oauth for Web Apps, you register your site with a callback URL and get a unique consumer secret key. But once you've obtained an Oauth for Web Apps token, you don't have to generate Oauth calls to the google server from your registered domain. I regularly use my key and token from scripts running via an apache server at localhost on my laptop and Google never says "you're not sending this request from the registered domain." It just sends me the data. Now, as I understand it, if you do Oauth for Installed Apps, you use "anonymous" instead of a secret key you got from Google. I've been thinking of just using the OAuth for Web Apps auth method, then passing that token to an installed app that has my secret code embedded in its innards. The worry is that the code could be discovered by bad people. But what's more secure... making them work for the secret code or letting them default to anonymous? What really goes bad if the "secret" is discovered when the alternative is using "anonymous" as the secret?

  Read the article

• OpenID like Stack Overflow

  - by eWolf

  I want to create an OpenID login with PHP just like it can be found on Stack Overflow. I know there are many questions for this, but mine is different. If I understood it correctly, every OpenID is defined by a unique URL. But: If I hit the Google button on the Stack Overflow login page, one generic URL is inserted in the text field. Is this the direct URL to the OpenID server? And if it is, how do I have to pass the URL to this class?

  Read the article

< Previous Page | 182 183 184 185 186 187 188 189 190 191 192 193  | Next Page >