Search Results

Search found 54190 results on 2168 pages for 'http authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 188/2168 | < Previous Page | 184 185 186 187 188 189 190 191 192 193 194 195  | Next Page >

  • Facebook Flash app security?

    - by mhdouglas
    I'm developing a Facebook app implemented in Flash, and I'd like to authenticate communication between my app and my server. In other words, I'd like to guarantee that all communication with my server is coming from my app, which has been launched from within facebook by a valid facebook user. Does the Facebook actionscript API support this type of operation? Or am I on my own?

    Read the article

  • Calling https process from ASP Net

    - by David M
    I have an ASP NET web server application that calls another process running on the same box that creates a pdf file and returns it. The second process requires a secure connection via SSL. The second process has issued my ASP NET application with a digital certificate but I still cannot authenticate, getting a 403 error. The code is a little hard to show but here's a simplified method ... X509Certificate cert = X509Certificate.CreateFromCertFile("path\to\cert.cer"); string URL = "https://urltoservice?params=value"; HttpWebRequest req = HttpWebRequest.Create(URL) as HttpWebRequest; req.ClientCertificates.Add(cert); req.Credentials = CredentialCache.DefaultCredentials; req.PreAuthenticate = true; /// error happens here WebResponse resp = req.GetResponse(); Stream input = resp.GetResponseStream(); The error text is "The remote server returned an error: (403) Forbidden." Any pointers are welcome.

    Read the article

  • Login for webapp, needs to be available for support staff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". Authorized licenseholders which does all setup themselves. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support: we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • how to decrypt a string

    - by Avinash
    Hi, How to restore the value of a string after using FormsAuthentication.HashPasswordForStoringInConfigFile() i have a string s1 = "abc" then FormsAuthentication.HashPasswordForStoringInConfigFile(s1, "SHA1") = A9993E364706816ABA3E25717850C26C9CD0D89D How can i decrypt "A9993E364706816ABA3E25717850C26C9CD0D89D" back to "abc"??

    Read the article

  • Is it inmoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The inmediate reaction of other coworkers was a request to remove it, saying that it was innapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see innapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • Login with Kohana auth module - what am I doing wrong?

    - by keithjgrant
    I'm trying to login with the following controller action, but my login attempt keeps failing (I get the 'invalid username and/or password' message). What am I doing wrong? I also tried the other method given in the examples in the auth documentation, Auth::instance()->login($user->username, $form->password);, but I get the same result. Kohana version is 2.3.4. public function login() { $auth = Auth::instance(); if ($auth->logged_in()) { url::redirect('/account/summary'); } $view = new View('login'); $view->username = ''; $view->password = ''; $post = $this->input->post(); $form = new Validation($post); $form->pre_filter('trim', 'username') ->pre_filter('trim', 'password') ->add_rules('username', 'required'); $failed = false; if (!empty($post) && $form->validate()) { $login = array( 'username' => $form->username, 'password' => $form->password, ); if (ORM::factory('user')->login($login)) { url::redirect('/accounts/summary'); } else { $view->username = $form->username; $view->message = in_array('required', $form->errors()) ? 'Username and password are required.' : 'Invalid username and/or password.'; } } $view->render(true); }

    Read the article

  • FormsAuthentication.SetAuthCookie

    - by Miral
    hi we are using FormsAuthentication.SetAuthCookie(profile.Id, false); Now the question is when does this cookie expires? It ofcourse expires once i close all the browsers but it doesn't i keep the browser open and i dont know the timelimit.

    Read the article

  • Automatically authenticating windows users on an apache/Linux server

    - by Peter Carrero
    If I wanna authenticate windows accounts to AD when a user browses to an apache-running site on a Linux server, here are the usual suspects:   * mod_ntlm (which I used in a distant past) - last update on 2003 * mod_auth_ntlm_winbind - last update on 04/2007 * mod_auth_kerb - last update on 12/2008 No luck getting any of those to work with a recent, fully patched, windows 2000 AD server. Do you have any clues as to a recipe that does work?  -Peter -- UPDATE my current build environment is this: OS: Ubuntu Lucid Apache 2.2.14 (from repos) the auth modules I recompiled from source.

    Read the article

  • How to handle security constraints using GWT 2.1's RequestFactory?

    - by Marc
    I am currently developing a GWT 2.1 application that is to be deployed on Google App Engine. I would like to realise the server communication using the new RequestFactory. Now my question is how to handle fine-grained security issues in this context? Some server actions (of those declared in the RequestContext stubs) shall be restricted to certain users (possibly depending on the parameters of the remote call). If a call is unauthorised, I would like the client to show a login page (so that one may log in as a different user, for example). From the Expenses example, I know how to implement an automatic redirection to a login page, but in this example, the security model is quite simple: A client is allowed to access the servlet if and only if a user is logged in. Shall I raise a custom UnAuthorizedException in my server-side service? Where should I intercept this exception? (Can I do this in a servlet filter like the GaeAuthFilter of the Expenses example?)

    Read the article

  • Why always fires OnFailure when return View() to Ajax Form ?

    - by Wahid Bitar
    I'm trying to make a log-in log-off with Ajax supported. I made some logic in my controller to sign the user in and then return simple partial containing welcome message and log-Off ActionLink my Action method looks like this : public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { if (MembershipService.ValidateUser(model.UserName, model.Password)) { FormsService.SignIn(model.UserName, model.RememberMe); if (Request.IsAjaxRequest()) { //HERE IS THE PROBLEM :( return View("LogedInForm"); } else { if (!String.IsNullOrEmpty(returnUrl)) return Redirect(returnUrl); else return RedirectToAction("Index", "Home"); } } else { ModelState.AddModelError("", "The user name or password provided is incorrect."); if (Request.IsAjaxRequest()) { return Content("There were an error !"); } } } return View(model); } and I'm trying to return this simple partial : Welcome <b><%= Html.Encode(Model.UserName)%></b>! <%= Html.ActionLink("Log Off", "LogOff", "Account") %> and of-course the two partial are strongly-typed to LogOnModel. But if i returned View("PartialName") i always get OnFailure with status code 500. While if i returned Content("My Message") everything is going right. so please tell me why i always get this "StatusCode = 500" ??. where is the big mistake ??. By the way in my Site MasterPage i rendered partial to show long-on simple form this partial looks like this : <script type="text/javascript"> function ShowErrorMessage(ajaxContext) { var response = ajaxContext.get_response(); var statusCode = response.get_statusCode(); alert("Sorry, the request failed with status code " + statusCode); } function ShowSuccessMessage() { alert("Hey everything is OK!"); } </script> <div id="logedInDiv"> </div> <% using (Ajax.BeginForm("LogOn", "Account", new AjaxOptions { UpdateTargetId = "logedInDiv", InsertionMode = InsertionMode.Replace, OnSuccess = "ShowSuccessMessage", OnFailure = "ShowErrorMessage" })) { %> <%= Html.TextBoxFor(m => m.UserName)%> <%= Html.PasswordFor(m => m.Password)%> <%= Html.CheckBoxFor(m => m.RememberMe)%> <input type="submit" value="Log On" /> < <% } %>

    Read the article

  • Django Comments and Users integration

    - by Patrick
    Hi folks, I am new to django. I am trying to use django.contrib.comments, I saw the table in the database like this, but how can I integrate it with user_id, user_photos, user_name, user_email....and those things with the django commenting system? I also tried to use thread-comments, but I can't configure it properly, is the django threadedcomments table similar to following ? Please let me know if any of you have done this before....all I need is a user login, and post comments, and then show list of comments with users' profile photos and username, as well as there comments. I think shouldn't be that hard. Thank you very much again. +-----------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------------+--------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | content_type_id | int(11) | NO | MUL | NULL | | | object_pk | longtext | NO | | NULL | | | site_id | int(11) | NO | MUL | NULL | | | user_id | int(11) | YES | MUL | NULL | | | user_name | varchar(50) | NO | | NULL | | | user_email | varchar(75) | NO | | NULL | | | user_url | varchar(200) | NO | | NULL | | | comment | longtext | NO | | NULL | | | submit_date | datetime | NO | | NULL | | | ip_address | char(15) | YES | | NULL | | | is_public | tinyint(1) | NO | | NULL | | | is_removed | tinyint(1) | NO | | NULL | | +-----------------+--------------+------+-----+---------+----------------+

    Read the article

  • FormsAuthentication.RedirectFromLoginPage reload page

    - by Dofs
    Hi, I am using the .Net memebership system, and uptil now I haven't had any real troubles with it. I now have a overlay where a user can create a profile. When the profile is created I just want to redirect to the same page, and not to the default page or the return url - which doesn't exists. I have tried to stop the FormsAuthentication.RedirectFromLoginPage response, but with no effect: FormsAuthentication.RedirectFromLoginPage(username, false); // End the redirect so it doesnt redirect to default url (front-page) Response.End(); Response.Redirect(Request.RawUrl); Does anyone have an idea to how this can be solved?

    Read the article

  • Active Directory: User UPN or DN for NTLM name, using pure LDAP?

    - by Bernd Haug
    I have a Java app that can authenticate to LDAP by logging users into the AD LDAP server with the NTLM name (which they are used to - this is a requirement). I now also need to do authorization, and hence need to find a forest-unique identifier for the user (DN or UPN should work), from which I can further query the directory. The method needs to be absolutely portable, even if the AD is structured in an unusual fashion, otherwise I could just do a string replacement and search for a UPN of "${ntlm-user}@${ntlm-domain}.${configured-trailing-domain}" How can I do this, using pure LDAP? Currently, I'm using the java.naming.directory package, which I'd like to keep using, since it doesn't throw up problems when not binding with a DN but logging in with an NTLM name?

    Read the article

  • Rails creating a new session every page view

    - by danhere
    Hi everyone, I'm following the Agile RoR book somewhat to apply it to a project for school. It's going good until I get to sessions. I continually get Authenticity Invalid Tokens and when I look at my sessions table in the database, there's a new session being created every time I refresh the page. Is that right or is something messed up? Thanks.

    Read the article

  • Why second user login redirects me to /accounts/profile/ url?

    - by drupality
    I am using Django built in view for user login: url(r'^user/login/$', 'django.contrib.auth.views.login', {'template_name': 'users/templates/login.html'}, name='user-login'), After login when I goto user/login again I can login second time. I submit the form and getting: The current URL, accounts/profile/, didn't match any of these. I haven't declare this url in urls.py. What I am doing wrong? Why framework want to redirect to this url?

    Read the article

  • mod_rewrite with location-based ACL in apache?

    - by Alexey
    Hi. There is a CGI-script that provides some API for our customers. Call syntax is: script.cgi?module=<str>&func=<str>[&other-options] The task is to make different authentiction rules for different modules. Optionally, it will be great to have nice URLs. My config: <VirtualHost *:80> DocumentRoot /var/www/example ServerName example.com # Global policy is to deny all <Location /> Order deny,allow Deny from all </Location> # doesn't work :( <Location /api/foo> Order deny,allow Deny from all Allow from 127.0.0.1 </Location> RewriteEngine On # The only allowed type of requests: RewriteRule /api/(.+?)/(.+) /cgi-bin/api.cgi?module=$1&func=$2 [PT] # All others are forbidden: RewriteRule /(.*) - [F] RewriteLog /var/log/apache2/rewrite.log RewriteLogLevel 5 ScriptAlias /cgi-bin /var/www/example <Directory /var/www/example> Options -Indexes AddHandler cgi-script .cgi </Directory> </VirtualHost> Well, I know that problem is order of processing that directives. <Location>s will be processed after mod_rewrite has done its work. But I believe there is a way to change it. :) Using of standard Order deny,allow + Allow from <something> directives is preferable because it's commonly used in other places like this. Thank you for your attention. :)

    Read the article

  • Android: prevent user from coming back to login page after logging in

    - by user522559
    Hi all, I have a login page in my android app. I want to prevent the user after logging in to come back to the login page. Also, when the user reopens the app, if he has logged in before, I want to go directly to the main page without having to go to the login page. What the best way of doing that? One idea I thought of is to save the login parameters in a cookie, and then, when the app is reopens, if the cookie contains some login information, I inflate the main page, otherwise, I inflate the login page. Is this the best way of doing it? Thanks,

    Read the article

  • Restrict access to a specific URL, running on IIS7 / ASP.NET

    - by frankadelic
    I am deploying a public ASP.NET website on an IIS7 web farm. The application runs on 3 web servers and is behind a firewall. We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc. /admin/somepage.aspx What is the best way to control access to this page? We need to: Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks. Should this access control be done at the (a) network level, (b) application level, etc.?

    Read the article

  • Create an own "OpenID-like system" Provider

    - by user502052
    I know that Facebook use their own OpenID-like system called "Facebook connect", which you can use to authenticate users on your site, among other features. In my case I have multiple Ruby on Rails applications: users.example.com profiles.example.com photos.example.com ... I would like to use 'users.example.com' as a web service that allows users to authenticate to all my other applications the same way as works "Facebook connect" or OpenID. In few words, 'users.example.com' must works as a "OpenID-like system" for my applications in 'example.com'. Can anyone give me tips and links to some useful resources? P.S.: since I am a newbie in this matter, I do not know if I'm saying things that make sense. So someone could help me to understand (if I am wrong) ...

    Read the article

  • IIS7 integrated mode closing token between requests

    - by user607287
    We are migrating to IIS7 integrated mode and have come across an issue. We authenticate using WindowsAuthentication but then store a reference to the WindowsPrincipal so that on future requests we can authorize as needed against AD. In IIS 7 Integrated mode, the token is being closed (between requests) so that when we try to run IsInRole it generates a disposed exception. Is there a way to cache this token or change our use of WindowsPrincipal so that we don't need to make successive AD requests to get it for each authorization request? Here is the exception being thrown from WindowsPrincipal.IsInRole("") - System.ObjectDisposedException: {"Safe handle has been closed"} Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 184 185 186 187 188 189 190 191 192 193 194 195  | Next Page >