Search Results

Search found 54190 results on 2168 pages for 'http authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 189/2168 | < Previous Page | 185 186 187 188 189 190 191 192 193 194 195 196  | Next Page >

  • How to implement a Client-side Ajax Login on Asp.Net MVC (A link to the solution for Asp.Net Webform

    - by Matt
    Hi, I'm trying to implement a client-side ajax login on Asp.Net MVC. I used to have this set up just fine on WebForms, but now that I've moved to MVC it's giving me some troubles. If you'd like a tutorial on Client-side Ajax Login for Asp.Net Webforms, it can be found here -- Easy, A++ Now... for some reason it's not working for Asp.Net MVC. I used the exact same tutorial as for the Webforms, except when it executes the ssa.login() (equivalently: Sys.Services.AuthenticationService.login()) it's not doing anything. I have alerts in both the onLoginComplete() function and the onError() function. As well I have an alert before the ssa.login gets called and right after... function loginHandler() { var username = $("#login_UserName").val(); var password = $("#login_Password").val(); var isPersistent = $("#login_RememberMe").attr("checked"); var customInfo = null; var redirectUrl = null; // Log them in. alert("try login"); ssa.login(username, password, isPersistent, customInfo, redirectUrl, onLoginComplete, onError); alert("made it here"); } The first alert fires but the second one doesn't which means the function is failing. Here's the function I pulled from Asp.Net Ajax to show you: function(c, b, a, h, f, d, e, g) { this._invoke(this._get_path(), "Login", false, { userName: c, password: b, createPersistentCookie: a }, Function.createDelegate(this, this._onLoginComplete), Function.createDelegate(this, this._onLoginFailed), [c, b, a, h, f, d, e, g]); } Anyone have any idea of why it's failing?

    Read the article

  • Restrict access to a specific URL, running on IIS7 / ASP.NET

    - by frankadelic
    I am deploying a public ASP.NET website on an IIS7 web farm. The application runs on 3 web servers and is behind a firewall. We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc. /admin/somepage.aspx What is the best way to control access to this page? We need to: Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks. Should this access control be done at the (a) network level, (b) application level, etc.?

    Read the article

  • Login From Multiple OAuth Services, Keeping Profiles in Sync

    - by viatropos
    Given the following: I have an application that allows people to login through twitter, myspace, yahoo, and google User creates initial account by logging in through Google User logs out User logs back in using Yahoo. ...is there a recommended way for the application to associate those two accounts together? Stack Overflow has this functionality but it seems like they need the user to manually say "this account google account is associated with that yahoo one". Is there no way to do this automatically?

    Read the article

  • on facebook, how do i authenticate an application, using JavaScript?

    - by GilShalit
    I can only find samples using php or curl. I want to do something like https://graph.facebook.com/<app_id>/accounts/test-users? installed=true&permissions=read_stream and the response is: { "error": { "type": "OAuthException", "message": "An access token is required to request this resource." } } as well is should... so how do i get the access token in JavaScript (using the JavaScript SDK obviously). thanks!

    Read the article

  • Best place to check user authenticity in a back end module where all pages are only available to mem

    - by understack
    I've a backend module which could only be accessed by only authorized members. So I need to check authenticity for all actions and for all controllers. Currently I'm doing it inside preDispatch() functions inside controller classes. So it takes care of all the actions inside that controller. But still I've to do it for all controllers. Is there a place I could check it for all the controllers as well. So basically I want one place authenticity check for whole backend module. Can I do it in bootstrap?

    Read the article

  • How to share the credentials between Webform and Winform?

    - by Daniel
    Hi! Question: I want to make a login form at the Clickonce deployment webpage, and only allow the authenticated users to download the application. and I want the downloaded application to use the same credentials entered at the webpage, without prompting the users to enter the credentials again. Details: I have an application(Windows Client) which needs customized settings for different users. the application is deployed through ClickOnce. Currently, the users are given the ClickOnce webpage URL, then download the application from there. after download and running the application, the application prompts users with a login form. If their credentials are authenticated, the application loads the customized settings from the server's database according to the credentials given. The problem is, any unauthenticated users can download the application if they just know the ClickOnce deployement webpage's URL. Unauthenticated users won't be able to run the application anyways, because the application asks for credentials when started, but I want to prevent the unauthenticated users from downloading the application at all. Am I asking the wrong question maybe? Your help is much appreciated!

    Read the article

  • Does CAS Support Application Level Impersonation?

    - by Rob Wilkerson
    I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and manage privileges (which are based on username). A new requirement has come up, though, that requires the original app to include, via an iframe, content from a second PHP app that is also CAS-enabled. Somehow, I need for the second app to know whether impersonation is happening in the first. I don't want to pass usernames around for security reasons, so I'm wondering whether I can offload the responsibility for handling impersonation to the CAS server which is shared by both apps. Thanks.

    Read the article

  • Self Authenticating Links in Django

    - by awolf
    In my web app I would like to be able to email self-authenticating links to users. These links will contain a unique token (uuid). When they click the link the token being present in the query string will be enough to authenticate them and they won't have to enter their username and password. What's the best way to do this?

    Read the article

  • Bizarre Bug with our Rails app in IE

    - by Callmeed
    We're experiencing a really bizarre bug in our Rails 2.3.4 app. This bug only happens in Internet Explorer (7 and 8). Here's what happens: A new customer creates an account at https://domain.com/signup/free (notice no subdomain) Their account is identified by a subdomain like "example.domain.com" After signing up, they get a welcome screen with a link to their account's home page They follow the link, then click the "log in" button and attempt to login Even though they provide valid credentials, the app redirects back to their account's root url ... they can never reach their admin area The only way they can login (on IE) is by quitting and re-opening IE ... then it works fine ... Something with their initial session is preventing them from logging in. If it matters, we are using restful_authentication and the ssl_requirement plugin ... I'm not sure if one or both of those has a problem with IE but we are stumped here. Also, I've read IE has an issue with subdomains that contain underscores ... this isn't what's going on.

    Read the article

  • Using web.config directory security and extensionless urls

    - by Matt Brailsford
    Hi Guys, I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows: Members Members/News Members/Press Members/Movies Users should be able to have access to the members parent page, but not child pages. My problem is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?

    Read the article

  • Is it a bad idea to have a login dialog inside an iframe?

    - by AyKarsi
    We're creating a website where we will be giving out code snippets to our users which they can place on their own websites. These snippets contain a link a javascript include. When clicking the link, an iframe containing the login dialog to our site opens. The user then authenticates inside the iframe, does his work and when he leaves the iframe his session is closed. We've got it working allready and it's very slick. Our main concern though is phishing. The user has absolutely now way of veryifying where the login page is really coming from. On the other hand, phising attacks are also succesfull even if the user can see the fake-url in the address bar. Would you enter your (OpenId) credentials in an iframe? Does anyone know a pattern with which we could minimise the chances of a phishing attack?

    Read the article

  • htaccess: only do [some lines of code] for one domain, no others.

    - by Coronatus
    Say I have a htaccess file shared by "dev.server" and "server.site.com". The first domain should allow all users to access it unchallenged (it only exists on my local development server). The second domain I want to authenticate users with Apache (NOT by database). The code to authenticate users is: AuthType Basic AuthName "Server Admin" AuthUserFile "/path/to/passwd" require valid-user What I can't do is make those 4 lines only matter if the domain is "server.site.com". How can I do this? I searched for something like <IfEnv HTTP_HOST "site.server.com"> but had no luck.

    Read the article

  • Problem with skipping login validation for authlogic

    - by Andrei
    Hi, I want to use email for signing in, and to allow users to have similar names. One way to do this is to rename login/username field to something different. However, I want to do it just by setting up authlogic. I tried the following acts_as_authentic do |c| c.login_field :email c.validate_login_field false c.validate_email_field true end but it still complains that the login already exists. What must be done to avoid username validation without renaming the field?

    Read the article

  • Comparing Page.User.Identity.Name to value in sql Table

    - by Peggy Fusselman
    First, I am SO sorry if the answer is out there. I've looked and looked and feel this is such a simple thing that it should be obvious. I'm wanting to make sure only the person who added an event can modify it. Simple! I already have a datasource that has event_added_by as a data point. It is populating a FormView. SelectCommand="SELECT * FROM [tbl_events] WHERE ([event_ID] = @event_ID)" And I have Page.User.Identity.Name. How do I compare the two? I can't pull the value from the label in the FormView so I need to find another way. if (!IsPostBack) { string uname = Page.User.Identity.Name; string owner = ""// this is where I need to grab the value from dsEvents; if (uname != owner) { //Send them somewhere saying they're not allowed to be here } } TIA for any help!

    Read the article

  • Is it possible to use Integrated Windows Auth when Server isn't on the domain?

    - by jskentzos
    Our production web servers ARE NOT part of the domain, but we'd like people to be able to log in automatically since they are logged into the domain on their PC. Is there anyway to get the browser (IE7+) to send the appropriate information to the server (IIS6) so I can retrieve the ServerVariables["AUTH_USER"] or ServerVariables["LOGON_USER"]? I presume the answer is no since if I set the security for windows auth to "on" and anonymous access to "off", then the server wouldn't know what do do with any user information for a domain which it has no knowledge of. I just want to know for sure before I give the SSO team a "not possible" answer.

    Read the article

  • Call REST service while impersonating a user that is already authorized to the glasfish server

    - by user1894489
    There are two web-applications deployed on a glassfish server. Both web applications provide a REST web service. the access to both web-services is secured via glassfish security constraints (at the moment BASIC Auth and file-realm). Let's say a user is accessing the service of web application A. After he is authorized, service A wants to call service B via REST client. Is there a way for a service to impersonate a user that is already authorized to the glasfish server? Maybe something like forwarding the security context or editing the headers? Is there another Filter? @Context private SecurityContext securityContext; username = securityContext.getUserPrincipal().getName(); password = ??? client.addFilter(new com.sun.jersey.api.client.filter.HTTPBasicAuthFilter(username, password)); Thanks!

    Read the article

  • Writing a custom auth system (like the default django auth system), use it to generate tables in DB

    - by dotty
    Hay all, I've been reading up on middleware and how to use it with a context object. I want to write a simple middleware class which i can use on my own applications, it will essentially be a cut down version of the django one. The problem i seem to have is that if i have INSTALLED_APPS = ('django.contrib.my_auth') in the settings file, all is well. I've also added MIDDLEWARE_CLASSES = ('django.contrib.my_auth.middleware.MyAuthMiddleware') in it and everything is fine. My question is, how would i make my middleware automatically generate tables from a models.py module, much like how the django auth does when i run manage.py syncdb? thanks

    Read the article

  • Programmatically login to a website and redirect the user to the logged in page?

    - by Santhosh
    Hi, Right now, I have all the employees of my company login to an external website using the company id, username and a password. We are trying to integrate it into an intranet portal which should provide seamless access to this website without requiring the user to enter these credentials. Is there any way of doing this programmatically (.NET C#)? Very similar to screenscraping, Can I simulate the appropriate POST action and then redirect the user to the logged in page? Any help is appreciated. Thanks.

    Read the article

  • Hashes or tokens for "remember me" cookies?

    - by Emanuil Rusev
    When it comes to remember me cookies, there are 2 distinct approaches: Hashes The remember me cookie stores a string that can identify the user (i.e. user ID) and a string that can prove that the identified user is the one it pretends to be - usually a hash based on the user password. Tokens The remember me cookie stores a random (meaningless), yet unique string that corresponds with with a record in a tokens table, that stores a user ID. Which approach is more secure and what are its disadvantages?

    Read the article

  • CakePHP ACO based on each entry

    - by Randuin
    I'm trying to make a blogging system but obviously certain users in certain groups should only be able to edit/delete their own posts/comments. How would I go about doing this in CakePHP? I followed the manual's basic Acl guide to setup my current Auth system.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 185 186 187 188 189 190 191 192 193 194 195 196  | Next Page >