Search Results

Search found 8766 results on 351 pages for 'integrated authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 304/351 | < Previous Page | 300 301 302 303 304 305 306 307 308 309 310 311  | Next Page >

  • Asp.net MVC error with custom HttpModule

    - by Robert Koritnik
    I have a custom authentication HttpModule that is pretty strait forward. But I want it to run only for managed requests (and not for static ones). Asp.net MVC automatically adds configuration section for IIS7 web server: <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <modules runAllManagedModulesForAllRequests="true"> <remove name="ScriptModule" /> <remove name="UrlRoutingModule" /> <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule,..." /> <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule,..." /> </modules> <handlers> ... </handlers> </system.webServer> When I add my own module I also set its preCondition="managedHandler", but since there's runAllManagedModulesForAllRequests="true" on parent <module> element my preCondition is ignored by design (as I read on MSDN). When I try to set though: <modules runAllManagedModulesForAllRequests="false"> I get this error: [image no longer valid] What else (which other module) do I have to set in web.config to make it work with this setting: <modules runAllManagedModulesForAllRequests="false">

    Read the article

  • How to I display results of phpcs in VIM?

    - by Matt
    I am presently trying to use PHP Codesniffer (PEAR) in vim for PHP Files. I have found 2 sites that give code to add into the $HOME/.vim/plugin/phpcs.vim file. I have added the code and I "think" it is working, but I cannot see the results, I only see one line at the very bottom of vim that says (1 of 32) but I cannot see any of the 32 errors. Here is my .vimrc file " Backup Options -> Some People may not want this... it generates extra files set backup " Enable Backups set backupext=.bak " Add .bak extention to modified files set patchmode=.orig " Copy original file to with .orig extention Before saving. " Set Tabs and spacing for PHP as recomended by PEAR and Zend set expandtab set shiftwidth=4 set softtabstop=4 set tabstop=4 " Set Auto-indent options set cindent set smartindent set autoindent " Show lines that exceed 80 characters match ErrorMsg '\%80v.\+' " Set Colors set background=dark " Show a status bar set ruler set laststatus=2 " Set Search options highlight, and wrap search set hls is set wrapscan " File Type detection filetype on filetype plugin on " Enable Spell Checking set spell " Enable Code Folding set foldenable set foldmethod=syntax " PHP Specific options let php_sql_query=1 " Highlight sql in php strings let php_htmlInStrings=1 " Highlight HTML in php strings let php_noShortTags=1 " Disable PHP Short Tags let php_folding=1 " Enable Ability to FOLD html Code I have tried 2 different versions of phpcs.vim, and I get the same results for both: Version 1 (found at: VIM an a PHP IDE) function! RunPhpcs() let l:filename=@% let l:phpcs_output=system('phpcs --report=csv --standard=YMC '.l:filename) " echo l:phpcs_output let l:phpcs_list=split(l:phpcs_output, "\n") unlet l:phpcs_list[0] cexpr l:phpcs_list cwindow endfunction set errorformat+=\"%f\"\\,%l\\,%c\\,%t%*[a-zA-Z]\\,\"%m\" command! Phpcs execute RunPhpcs() Version 2: (found at Integrated PHP Codesniffer in VIM ) function! RunPhpcs() let l:filename=@% let l:phpcs_output=system('phpcs --report=csv --standard=YMC '.l:filename) let l:phpcs_list=split(l:phpcs_output, "\n") unlet l:phpcs_list[0] cexpr l:phpcs_list cwindow endfunction set errorformat+="%f"\\,%l\\,%c\\,%t%*[a-zA-Z]\\,"%m" command! Phpcs execute RunPhpcs() Both of these produce identical results. phpcs is installed on my system, and I am able to generate results outside of vim. Any help would be appreciated I am just learning more about vim...

    Read the article

  • Spring Stripes framework problem

    - by ali
    I am new to stripes and am attempting to integrate spring into stripes In the following code : public class ContactFormActionBeanTest { private static MockServletContext mockServletContext; private static MockHttpSession mockSession; @BeforeClass public static void setup() throws Exception { mockServletContext = new MockServletContext("webmail"); Map<String,String> params = new HashMap<String,String>(); params.put("ActionResolver.Packages", "stripesbook.action"); params.put("Extension.Packages", "stripesbook.ext," + "net.sourceforge.stripes.integration.spring"); mockServletContext.addFilter(StripesFilter.class, "StripesFilter", params); mockServletContext.setServlet(DispatcherServlet.class, "DispatcherServlet", null); mockSession = new MockHttpSession(mockServletContext); mockServletContext.addInitParameter("contextConfigLocation", "/WEB-INF/applicationContext-test.xml"); ContextLoaderListener springContextLoader = new ContextLoaderListener(); springContextLoader.contextInitialized( new ServletContextEvent(mockServletContext)); // Load mock user MockRoundtrip trip = new MockRoundtrip(mockServletContext, MockDataLoaderActionBean.class, mockSession); trip.execute(); // Login mock user trip = new MockRoundtrip(mockServletContext, LoginActionBean.class, mockSession); trip.setParameter("username", "freddy"); trip.setParameter("password", "nadia"); trip.execute("login"); } I get null in springContextLoader ContextLoaderListener springContextLoader = new ContextLoaderListener(); and test fails. Am I missing something? I am using eclipse with maven. Also when I try to deploy it for tomcat 6.0 I get following warnings: WARN net.sourceforge.stripes.util.ResolverUtil - Could not examine class 'stripesbook/ext/ContactFormatter.class' due to a java.lang.UnsupportedClassVersionError with message: Bad version number in .class file (unable to load class stripesbook.ext.ContactFormatter) I have checked to be sure that I am compiling with Java 5(set JDK compiler to 1.5) instead of 1.6 (Java 6); but didn't work out for me and still have problems running spring-stripes integrated project.

    Read the article

  • JavaEE : "Access to default session denied" when sending mail using smtp.gmail.com

    - by Harry Pham
    I am trying to write email authentication feature for my website and I encounter some issues. I got java.lang.SecurityException: Access to default session denied, when I try to do Session.getDefaultInstance. Here are my codes: private static final String SMTP_HOST_NAME = "smtp.gmail.com"; private static final String SMTP_PORT = "465"; private static final String emailSubjectTxt = "Email Confirmation"; private static final String emailFromAddress = "[email protected]"; private static final String SSL_FACTORY = "javax.net.ssl.SSLSocketFactory"; ... String sendTo = "[email protected]"; boolean debug = true; Properties props = new Properties(); props.put("mail.smtp.host", SMTP_HOST_NAME); props.put("mail.smtp.auth", "true"); props.put("mail.debug", "true"); props.put("mail.smtp.port", SMTP_PORT); props.put("mail.smtp.socketFactory.port", SMTP_PORT); props.put("mail.smtp.socketFactory.class", SSL_FACTORY); props.put("mail.smtp.socketFactory.fallback", "false"); //It dies at the next line Session session = Session.getDefaultInstance(props, new javax.mail.Authenticator() { @Override protected PasswordAuthentication getPasswordAuthentication() { return new PasswordAuthentication("myUserName", "myPassword"); } }); session.setDebug(debug); //Set the FROM address Message msg = new MimeMessage(session); InternetAddress addressFrom = new InternetAddress(emailFromAddress); msg.setFrom(addressFrom); //Set the TO address InternetAddress[] addressTo = new InternetAddress[1]; addressTo[0] = new InternetAddress(sendTo); msg.setRecipients(Message.RecipientType.TO, addressTo); //Construct the content of the email confirmation String message = "Test Content" // Setting the Subject and Content Type msg.setSubject(emailSubjectTxt); msg.setContent(message, "text/plain"); Transport.send(msg);

    Read the article

  • How to trace the connection pool in a Java Web application - DBMS_APPLICATION_INFO

    - by Cleiton Garcia
    Hello, I need improve the traceability in a Web Application that usually run on fixed db user. The DBA should have a fast access for the information about the heavy users that are degrading the database. 5 years ago, I implemented a .NET ORM engine which makes a log of user and the server using the DBMS_APPLICATION_INFO package. Using a wrapper above the connection manager with the following code: DBMS_APPLICATION_INFO.SET_MODULE('" + User + " - " + appServerMachine + "',''); Each time that a connection get a connection from the pool, the package is executed to log the information in the V$SESSION. Has anyone discover or implemented a solution for this problem using the Toplink or Hibernate? Is there a default implementation for this problem? I found here a solutions as I implemented 5 years ago, but I'd like to know with anyone have a better solution and integrated with the ORM. http://stackoverflow.com/questions/53379/using-dbmsapplicationinfo-with-jboss My application is above Spring, the DAO are implemented with JPA (using hibernate) and actually running directly in Tomcat, with plans to (next year) migrate to SAP Netwevare Application Server. Thanks.

    Read the article

  • T4MVC not generating an action

    - by Maslow
    I suspected there was some hidden magic somewhere that stopped what looks like actual method calls all over the place in T4MVC. Then I had a view fail to compile, and the stackTrace went into my actual method. [Authorize] public string Apply(string shortName) { if (shortName.IsNullOrEmpty()) return "Failed alliance name was not transmitted"; if (Request.IsAuthenticated == false || User == null || User.Identity == null) return "Apply authentication failed"; Models.Persistence.AlliancePersistance.Apply(User.Identity.Name, shortName); return "Applied"; } So this method isn't generating in the template after all. <%=Ajax.ActionLink("Apply", "Apply", new RouteValueDictionary() { { "shortName", item.Shortname } }, new AjaxOptions() { UpdateTargetId = "masterstatus" })%> <%=Html.ActionLink("Apply",MVC.Alliance.Apply(item.Shortname),new AjaxOptions() { UpdateTargetId = "masterstatus" }) %> The second method threw an exception on compile because the method Apply in my controller has an [Authorize] attribute so that if someone that isn't logged on clicks this, they get redirected to login, then right back to this page. There they can click on apply again, this time being logged in. And yes I realize one is Ajax.ActionLink while the other is Html.ActionLink I did try them both with the T4MVC version.

    Read the article

  • ASP.NET MVC intermittent slow response

    - by arehman
    Problem In our production environment, system occasionally delays the page response of an ASP.NET MVC application up to 30 seconds or so, even though same page renders in 2-3 seconds most of the times. This happens randomly with any arbitrary page, and GET or POST type requests. For example, log files indicates, system took 15 seconds to complete a request for jquery script file or for other small css file it took 10 secs. Similar Problems: Random Slow Downs Production Environment: Windows Server 2008 - Standard (32-bit) - App Pool running in integrated mode. ASP.NET MVC 1.0 We have tried followings/observations: Moved the application to a stand alone web server, but, it didn't help. We didn't ever notice same issue on the server for any 'ASP.NET' application. App Pool settings are fine. No abrupt recycles/shutdowns. No cpu spikes or memory problems. No delays due to SQL queries or so. It seems as something causing delay along HTTP Pipeline or worker processor seeing the request late. Looking for other suggestions. -- Thanks

    Read the article

  • Where are the real risks in network security?

    - by Barry Brown
    Anytime a username/password authentication is used, the common wisdom is to protect the transport of that data using encryption (SSL, HTTPS, etc). But that leaves the end points potentially vulnerable. Realistically, which is at greater risk of intrusion? Transport layer: Compromised via wireless packet sniffing, malicious wiretapping, etc. Transport devices: Risks include ISPs and Internet backbone operators sniffing data. End-user device: Vulnerable to spyware, key loggers, shoulder surfing, and so forth. Remote server: Many uncontrollable vulnerabilities including malicious operators, break-ins resulting in stolen data, physically heisting servers, backups kept in insecure places, and much more. My gut reaction is that although the transport layer is relatively easy to protect via SSL, the risks in the other areas are much, much greater, especially at the end points. For example, at home my computer connects directly to my router; from there it goes straight to my ISPs routers and onto the Internet. I would estimate the risks at the transport level (both software and hardware) at low to non-existant. But what security does the server I'm connected to have? Have they been hacked into? Is the operator collecting usernames and passwords, knowing that most people use the same information at other websites? Likewise, has my computer been compromised by malware? Those seem like much greater risks. What do you think?

    Read the article

  • Using Active Directory to authenticate users in a WWW facing website

    - by Basiclife
    Hi, I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database. This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions) So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it. Any input appreciated Regards Basiclife

    Read the article

  • HTTP 500 a problem on CAS Server while setting SSLVerifyClent as "required"

    - by Huiyu.Bird
    I have 3 server, a Apache Server, a JBOSS Server and a CAS Server for SSO. The Apache Server resolve all request with a domain such as www.request.com, and the path of CAS Server is www.request.com/cas, and JBOSS Server is www.request.com/jboss (This app got a CAS client). My problem is if I set SSLVerifyClient require for the NameVirtualHost of www.request.com in my Apache Server, I got a HTTP 500 error during the redirecting to the JBOSS Server(http://www.request.com/jboss), after logined in the CAS login page successfully. But everything goes successfully if there is no SSLVerifyClient require . Error logs of my Apache Server : [Mon Apr 19 17:07:25 2010] [error] Re-negotiation handshake failed: Not accepted by client!? Error logs of my JBOSS Server : 2010-04-19 17:29:57,263 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/jboss].[jsp]] (ajp-0.0.0.0-8009-1) Servlet.service() for servlet jsp threw exception org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response. at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:78) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.in Any tips will be highly appreciated. Thanks in advance.

    Read the article

  • Override ActiveRecord#save, Method Alias? Trying to mixin functionality into save method...

    - by viatropos
    Here's the situation: I have a User model, and two modules for authentication: Oauth and Openid. Both of them override ActiveRecord#save, and have a fair share of implementation logic. Given that I can tell when the user is trying to login via Oauth vs. Openid, but that both of them have overridden save, how do "finally" override save such that I can conditionally call one of the modules' implementations of it? Here is the base structure of what I'm describing: module UsesOauth def self.included(base) base.class_eval do def save puts "Saving with Oauth!" end def save_with_oauth save end end end end module UsesOpenid def self.included(base) base.class_eval do def save puts "Saving with OpenID!" end def save_with_openid save end end end end module Sequencer def save if using_oauth? save_with_oauth elsif using_openid? save_with_openid else super end end end class User < ActiveRecord::Base include UsesOauth include UsesOpenid include Sequencer end I was thinking about using alias_method like so, but that got too complicated, because I might have 1 or 2 more similar modules. I also tried using those save_with_oauth methods (shown above), which almost works. The only thing that's missing is that I also need to call ActiveRecord::Base#save (the super method), so something like this: def save_with_oauth # do this and that super.save # the rest end But I'm not allowed to do that in ruby. Any ideas for a clever solution to this?

    Read the article

  • Does Team Foundation support cross-app workitem groups?

    - by drachenstern
    We're currently using Visual Source Safe and BugNet and looking to migrate up and away from VSS. I've been pushing for either SVN ( a) we're an ASP.NET shop, b) DCVS is not an option - no matter how much I like Hg ;-) or TFS. Well we finally got a new dev server, so I talked the boss into installing TFS on it (30 day trial). In the meantime, we had started experimenting with FogBugz. We really like FogBugz for about 80% of what we want to do, and the other 20% is probably stuff that we don't know what we want. I'm pushing for TFS because it allows for IDE integrated (mostly) everything. He's pushing for FogBugz because he can group tasks by customer and then project and manage everything from one dashboard. (which means I lose most of my IDE integration - no huge loss I agree) Does TFS support a single dashboard that would span all our solutions (in this case each solution is a full app that we sell to a vertical market client) and let us assign workitems to each solution-spanning-group? So for instance I think we envision something like this: PROJECT1 - Bugtracker and workitems PROJECT2 - Bugtracker and workitems PROJECT3 - Bugtracker and workitems CUSTOMER1 - Deployment schedules, required features, specific notes (Uses PROJECT1, PROJECT2) CUSTOMER2 - Deployment schedules, required features, specific notes (Uses PROJECT2, PROJECT3) CUSTOMER3 - Deployment schedules, required features, specific notes (Uses PROJECT1, PROJECT3) Hopefully that makes sense. naturally it's more complicated than this but I think I've given the details enough to paint a picture. I offered the option of creating dummy projects per customer but he doesn't like that and it doesn't really give us the single dashboard view that we're hoping to end up with (and that FogBugz as we've sorta implmented things does do now). Has anyone got a good suggestion on a management app that would accomplish what both of us want?

    Read the article

  • Is there an event that raises after a View/PartialView executes in ASP.NET MVC 2 RC2?

    - by sabanito
    I have the following problem: We have an ASP.NET MVC 2 RC 2 application that programmatically impersonates an AD Account that the user specifies at logon. This account is used to access the DB. At first we had the impersonating code in the begin_request and we were undoing the impersonation at the end_request, but when we tried to use IIS 7.5 in integrated mode, we learned that it's not possible to impersonate in the Global.asax so we tried different things. We have succesfully moved our code from the BeginRequest to the ActionExecuting event and the EndRequest to the ResultExecuted, and now, about 80% of our code works. We've just discovered that since we're passing the Entity Framework objects as models for our views, there's this remaining 20% that won't work because some Navigation Properties are not loaded when the view begins it's execution, so we're getting connection exceptions from Sql Server. Is there any event or method that executes AFTER the view, so we can undo the impersonation in it? We thought ResultExecuted will do just that, but it doesn't. We've been told that passing the plain Entities into the view as models is not a good idea, but we have A LOT of views that may have this problem and there's not automated way to know it. If some of you could explain why it's not a good idea, maybe we can convince the team to fix it!

    Read the article

  • How to do a javascript redirection to a ClickOnce deployment URL?

    - by jerem
    I have a ClickOnce application used to view some documents on a website. When connected, the user sees a list of documents as links to http://server/myapp.application?document=docname. It worked fine until I had to integrate the website authentication/security system into my application. The website uses a ticketing system to grant access to its users. A ticket is generated by a web application and needs to be added to the deployment URL querystring, then I have to check at application startup that the ticket given in querystring was right by making another request to the web application. So the deployment URL becomes something like: h ttp://server/myapp.application?document=docname&ticket=ticketnumber. The problem is the ticket is valid only 10 seconds, so I have to get it only after the user has clicked a link. My first try was to have some javascript do the request to get the ticket, generate the proper deployment URL and then redirect the user to this URL with "window.location = deploymentUrl;". It works fine in Firefox, but IE does not prompt the user for installation. I guess it is a ClickOnce security constraints, but I am able to do the redirection when doing it on localhost, so I hope there is a workaround. I have also added the server on the "trusted sites" list in IE options. Is it possible to have that working in IE? What are my other options to do that?

    Read the article

  • GoDaddy Subdomain Hosting Issue/Question with Disk Access (C#/ASP.NET 3.5)

    - by Vogel
    This isn't a very complicated scenario really, but as I start to type out the problem I'm realizing how convoluted it can become textually. Let me try and be very clear: First, the set up... I have a C#/ASP.NET web application that is publicly facing on my main domain (www), let's call it www.mysite.com. Nothing fancy, just a front-end that connects to SQL to display records. Then, I have a second C#/ASP.NET web application that is secured using forms authentication running on a subdomain, let's call it admin.mysite.com. This is a very light-weight CMS system to administer the public site. Now, the problem... Both of these sites run fine for basic tasks, however, my problem arises when I try to gain access to the file system for uploading. GoDaddy requires subdomains to run as a virtual directories under the main application in IIS (so the subdomains actually resolve/re-direct to www.mysite.com/admin when you type in admin.mysite.com), but because of this I am unable to write to my website root from the subfolder. Let me explain a little more... The CMS system (running as a virtual directory) gives the admin the ability to upload photos for display on the main site, the target folder of which is www.mysite.com/images - when attempting disk access from the root app, I am able to write to the virtual directory, but cannot do the opposite -- that is, write to the root from the virtual directory, getting security violations. If I can only upload to the /admin/ virtual directory, the entire point is moot because it's a secured folder that the public can't see! The only solution I can think of is to upload the files to the /admin/ virtual directory, then call a URL in the root that moves files from /admin/ back to the root, but that is entirely ghetto. I hope this post makes sense. Anyone else experience anything like this? The bottom line is that it seems virtual directories ONLY have access to themselves, and not their parent directories, no matter what credentials are used. Thanks!

    Read the article

  • Simple imeplementation of admin/staff panel?

    - by Michael Mao
    Hi all: A new project requires a simple panel(page) for admin and staff members that : Preferably will not use SSL or any digital ceritification stuff, a simple login from via http will just be fine. has basic authentication which allows only admin to login as admin, and any staff member as of the group "staff". Ideally, the "credentials(username-hashedpassword pair)" will be stored in MySQL. is simple to configure if there is a package, or the strategy is simple to code. somewhere (PHP session?) somehow (include a script at the beginning of each page to check user group before doing anything?), it will detect any invalid user attempt to access protected page and redirect him/her to the login form. while still keeps high quality in security, something I worry about the most. Frankly I am having little knowledge about Internet security, and how modern CMS such as WordPress/Joomla do with their implementation in this. I only have one thing in my mind that I need to use a salt to hash the password (SHA1?) to make sure any hacker gets the username and password pair across the net cannot use that to log into the system. And that is what the client wants to make sure. But I really not sure where to start, any ideas? Thanks a lot in advance.

    Read the article

  • How to safely let users submit custom themes/plugins for a Rails app

    - by Brian Armstrong
    In my rails app I'd like to let users submit custom "themes" to display data in various ways. I think they can get the data in the view using API calls and I can create an authentication mechanism for this. Also an authenticated API to save data. So this is probably safe. But i'm struggling with the best way to let users upload/submit their own code for the theme. I want this to work sort of like Wordpress themes/plugins where people can upload the thing. But there are some security risks. For example, if I take the uploaded "theme" a user submits and put it in it's own directory somewhere inside the rails app, what are the risks of this? If the user inserts any rails executable code in their theme, even though it's the view they have full access at that point to all the models, everyone's data, etc. Even from other users. So that is not good. I need some way to let the uploaded themes exist in a sandbox of the rails app, but I haven't seen a good way to do this. Any ideas?

    Read the article

  • Global.asax Event: Application_OnPostAuthenticateRequest

    - by Hemant Kothiyal
    Hi, I am using Application_OnPostAuthenticateRequest event in global.asax to get roles and permissions of authenticated user also i have made my custom principal class to get user detail and roles and permission. To get some information which remain same for that user. following are the code void Application_OnPostAuthenticateRequest(object sender, EventArgs e) { // Get a reference to the current User IPrincipal objIPrincipal = HttpContext.Current.User; // If we are dealing with an authenticated forms authentication request if ((objIPrincipal.Identity.IsAuthenticated) && (objIPrincipal.Identity.AuthenticationType == "Forms")) { CustomPrincipal objCustomPrincipal = new CustomPrincipal(); objCustomPrincipal = objCustomPrincipal.GetCustomPrincipalObject(objIPrincipal.Identity.Name); HttpContext.Current.User = objCustomPrincipal; CustomIdentity ci = (CustomIdentity)objCustomPrincipal.Identity; HttpContext.Current.Cache["CountryID"] = FatchMasterInfo.GetCountryID(ci.CultureId); HttpContext.Current.Cache["WeatherLocationID"] = FatchMasterInfo.GetWeatherLocationId(ci.UserId); Thread.CurrentPrincipal = objCustomPrincipal; } } My question is as following This event fires every time for every request. Hence for each request the code execute? My approach is right or not? Is it right to add HttpContext.Current.Cache in this event or we should move it on session start

    Read the article

  • mySQL ORDER BY ASC works, DESC does not...

    - by Ben
    I've "integrated" SMF into Wordpress by querying the forum for a list of the most recent videos from a specific forum board and displaying them on the Wordpress homepage. However when I add the ORDER BY clause, the query (which I tested on other parts of the same page successfully), breaks. To add to the mix, I am using the Auto Embed plugin to allow the videos to be played on the homepage, as well as using a jCarousel feature to rotate them. People were kind enough to help me here last time with the regexp to filter the video urls, I'm hoping for the same luck this time! Here is the entire function (remove the DESC and it works...): function SMF_getRecentVids($limit=10){ global $smf_settingsphp_d; if(file_exists($smf_settingsphp_d)) include($smf_settingsphp_d); include "AutoEmbed-1.4/AutoEmbed.class.php"; $AE = new AutoEmbed(); $connect = new wpdb($db_user,$db_passwd,$db_name,$db_server); $connect->query("SET NAMES 'UTF8'"); $sql = SELECT m.subject, m.ID_MSG, m.body, m.ID_TOPIC, m.ID_BOARD, t.ID_FIRST_MSG FROM {$db_prefix}messages AS m LEFT JOIN {$db_prefix}topics AS t ON (m.ID_TOPIC = t.ID_TOPIC) WHERE (m.ID_BOARD = 8) ORDER BY t.ID_FIRST_MSG DESC"; $vids = $connect->get_results($sql); $c = 0; $content = "imageCarousel_itemList = ["; foreach ($vids as $vid) { if ($c > $limit) continue; //extract video code from body $input = $vid->body; $regexp = "/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i"; if(preg_match_all($regexp, $input, $matches)) { $AE->parseUrl($matches[0][0]); $imageURL = $AE->getImageURL(); $AE->setWidth(290); $AE->setHeight(240); $content .= "{url: '".$AE->getEmbedCode()."', title: '".$vid->subject."', caption: '', description: ''},"; } $c++; } $content .= "]"; echo $content; $wpdb = new wpdb(DB_USER, DB_PASSWORD, DB_NAME, DB_HOST); }

    Read the article

  • Create a new app pool and assign it to a site subfolder on a remote host, using C# and IIS7

    - by Soeren
    I have a web site running on IIS7 on a remote server. I would like to do the following: Create a new subfolder under the root virtual directory. Create a new app pool. Add this new app pool to the new subfolder Normally, I would do this manually in IIS by first creating the app pool, and then right-clicking the sub folder an choose "add application", but I need to do this programmatically in C#. I've managed to make the above points 1 and 2 work, but I can't find the way to adding the application to the sub folder. This is the code I have used so far for 1 and 2: ServerManager mgr = new ServerManager(); ApplicationPool myAppPool = mgr.ApplicationPools.Add("MyAppPool"); myAppPool.AutoStart = true; myAppPool.Cpu.Action = ProcessorAction.KillW3wp; myAppPool.ManagedPipelineMode = ManagedPipelineMode.Integrated; myAppPool.ManagedRuntimeVersion = "V4.0"; myAppPool.ProcessModel.IdentityType = ProcessModelIdentityType.NetworkService; mgr.CommitChanges(); if (!Directory.Exists(@"D:\webroot\TestSite\NytSite")) { Directory.CreateDirectory(@"D:\webroot\TestSite\NytSite"); } So, I need to add "MyAppPool" to the "NytSite" folder... Is this even the correct way to do this? Any experiences out there? Thnx

    Read the article

  • How to use Profile in asp.net?

    - by Phsika
    i try to learn asp.net Profile management. But i added below xml firstName,LastName and others. But i cannot write Profile. if i try to write Profile property. drow my editor Profile : Error 1 The name 'Profile' does not exist in the current context C:\Documents and Settings\ykaratoprak\Desktop\Security\WebApp_profile\WebApp_profile\Default.aspx.cs 18 13 WebApp_profile How can i do that? <authentication mode="Windows"/> <profile> <properties> <add name="FirstName"/> <add name="LastName"/> <add name="Age"/> <add name="City"/> </properties> </profile> protected void Button1_Click(object sender, System.EventArgs e) { Profile.FirstName = TextBox1.Text; Profile.LastName = TextBox2.Text; Profile.Age = TextBox3.Text; Profile.City = TextBox4.Text; Label1.Text = "Profile stored successfully!<br />" + "<br />First Name: " + Profile.FirstName + "<br />Last Name: " + Profile.LastName + "<br />Age: " + Profile.Age + "<br />City: " + Profile.City; }

    Read the article

  • asp.net mvc and portal like functionality

    - by richard-heesbeen
    fHi, I need to build an site with some portal like functionality where an param in the request will indentify the portal. like so http:/domain/controller/action/portal Now my problem is if an portal doesn't exists there must be an redirect to an other site/page and an user can login in to one portal but if the user comes to an other portal the user must be redirected back to the login page for that portal. I have something working now, but i feel like there must be an central place in the pipeline to handle this. My current solution uses an custom action filter which checks the portal param and sees if the portal exists and checks if the user logged on in that portal (the portal the user logged on for is in the authentication cookie). I make my own IIndentiy and IPrincipal in the application_postauthentication event. I have 2 problems with my current approach: 1: It's not really enforced, i have to add the attributes to all controllers and/or actions. 2: The isauthenticated on an user isn't really working, i would like that to work. But for that i need to have access to the params of the route when i create my IPrincipal/IIndenty and i can't seem to find an correct place to do that. Hope someone can give me some pointers, Richard.

    Read the article

  • Convert C# Silverlight App To AZURE CLOUD Platform?!?!

    - by Goober
    The Scenario I've been following Brad Abrams Silverlight tutorial on his blog.... I have tried following Brads "How to deploy your app to the Cloud" tutorial however i'm struggling with it, even though it is in the same context as the first tutorial.... The Question Is the application structure essentially the same as the original "non-cloud based version"!? If not, which parts are different? (I get that there is a Cloud Service project added to the solution) - but what else?! Connection String Issue In my "Non-Cloud based application", I make use of the ADO.Net Entity Framework to communicate with my database. The connection string in my web.config file looks like: <add name="InmZenEntities" connectionString="metadata=res://*/InmZenModel.csdl|res://*/InmZenModel.ssdl|res://*/InmZenModel.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=CHASEDIGITALWS3;Initial Catalog=InmarsatZenith;Integrated Security=True;MultipleActiveResultSets=True&quot;" providerName="System.Data.EntityClient" /></connectionStrings> However However the connection string that I get from SQL AZURE looks like: Server=tcp:k12ioy1rsi.ctp.database.windows.net;Database=master;User ID=simongilbert;Password=myPassword;Trusted_Connection=False; So how do I go about merging the two when I move the "non-cloud based application" to THE CLOUD?! Any help regarding converting a silverlight application to a cloud service and deploying it would be greatly appreciated

    Read the article

  • Configure Windows firewall to prevent an application from listening on a specific port [closed]

    - by U-D13
    The issue: there are many applications struggling to listen on port 80 (Skype, Teamviewer et al.), and to many of them that even is not essential (in the sense that you can have a httpd running and blocking the http port, and the other application won't even squeak about being unable to open the port). What makes things worse, some of the apps are... Well, I suppose, that it's okay that the mentally impaired are being integrated in the society by giving them a job to do, but... Programming requires some intellectual effort, in my humble opinion... What I mean is that there is no way to configure the app not to use specific ports (that's what you get for using proprietary software) - you can either add it to windows firewall exceptions (and succumb to undesired port opening behavior) or not (and risk losing most - if not all - of the functionality). Technically, it is not impossible for the firewall to deny an application opening an incoming port even if the application is in the exception list. And if this functionality is built into the Windows firewall somewhere, there should be a way to activate it. So, what I want to know is: whether there exists such an option, and if it does how to activate it.

    Read the article

  • How can I exclude pages created from a specific template from the CQ5 dispatcher cache?

    - by Shawn
    I have a specific Adobe CQ5 (5.5) content template that authors will use to create pages. I want to exclude any page that is created from this template from the dispatcher cache. As I understand it currently, the only way I know to prevent caching is to configure dispatcher.any to not cache a particular URL. But in this case, the URL isn't known until a web author uses the template to create a page. I don't want to have to go back and modify dispatcher.any every time a page is created--or at least I want to automate this if there is no other way. I am using IIS for the dispatcher. The reason I don't want to cache the pages is because the underlying JSPs that render the content for these pages produce dynamic content, and the pages don't use querystrings and won't carry authentication headers. The pages will be created in unpredictable directories, so I don't know the URL pattern ahead of time. How can I configure things so that any page that is created from a certain template will be automatically excluded from the dispatcher cache? It seems like CQ ought to have some mechanism to respect HTTP response/caching headers. If the HTTP response headers specify that the response shouldn't be cached, it seems like the dispatcher shouldn't cache it--regardless of what dispatcher.any says. This is the CQ5 documentation I have been referencing.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 300 301 302 303 304 305 306 307 308 309 310 311  | Next Page >