Search Results

Search found 32299 results on 1292 pages for 'unauthorized access'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 344/1292 | < Previous Page | 340 341 342 343 344 345 346 347 348 349 350 351  | Next Page >

  • Contructor parameters for dependent classes with Unity Framework

    - by Onisemus
    I just started using the Unity Application Block to try to decouple my classes and make it easier for unit testing. I ran into a problem though that I'm not sure how to get around. Looked through the documentation and did some Googling but I'm coming up dry. Here's the situation: I have a facade-type class which is a chat bot. It is a singleton class which handles all sort of secondary classes and provides a central place to launch and configure the bot. I also have a class called AccessManager which, well, manages access to bot commands and resources. Boiled down to the essence, I have the classes set up like so. public class Bot { public string Owner { get; private set; } public string WorkingDirectory { get; private set; } private IAccessManager AccessManager; private Bot() { // do some setup // LoadConfig sets the Owner & WorkingDirectory variables LoadConfig(); // init the access mmanager AccessManager = new MyAccessManager(this); } public static Bot Instance() { // singleton code } ... } And the AccessManager class: public class MyAccessManager : IAccessManager { private Bot botReference; public MyAccesManager(Bot botReference) { this.botReference = botReference; SetOwnerAccess(botReference.Owner); } private void LoadConfig() { string configPath = Path.Combine( botReference.WorkingDirectory, "access.config"); // do stuff to read from config file } ... } I would like to change this design to use the Unity Application Block. I'd like to use Unity to generate the Bot singleton and to load the AccessManager interface in some sort of bootstrapping method that runs before anything else does. public static void BootStrapSystem() { IUnityContainer container = new UnityContainer(); // create new bot instance Bot newBot = Bot.Instance(); // register bot instance container.RegisterInstance<Bot>(newBot); // register access manager container.RegisterType<IAccessManager,MyAccessManager>(newBot); } And when I want to get a reference to the Access Manager inside the Bot constructor I can just do: IAcessManager accessManager = container.Resolve<IAccessManager>(); And elsewhere in the system to get a reference to the Bot singleton: // do this Bot botInstance = container.Resolve<Bot>(); // instead of this Bot botInstance = Bot.Instance(); The problem is the method BootStrapSystem() is going to blow up. When I create a bot instance it's going to try to resolve IAccessManager but won't be able to because I haven't registered the types yet (that's the next line). But I can't move the registration in front of the Bot creation because as part of the registration I need to pass the Bot as a parameter! Circular dependencies!! Gah!!! This indicates to me I have a flaw in the way I have this structured. But how do I fix it? Help!!

    Read the article

  • Asp.net mvc application deployment / security issues

    - by WestDiscGolf
    I'll start with appologies; I wasn't sure if this was best posted here of Server Fault so if its in the wrong place then please move :-) Basic information I have written the first module of a new application at work. This is written using Visual Studio 2010, targetting .net 3.5 (at the moment) and asp.net mvc 2. This has been working fine during development running on the built in Development server from VS but however does not work once deployed to IIS 7/7.5. To deploy the application, I have built it in release mode and created a deployment package by right clicking on the project in the solution explorer (this will be done with an automated build in tfs once upgrade from the beta). This has then been imported into IIS on the server. The application is using windows/domain authentication. Issue #1 I can fire up internet explorer and browse to the application from a client computer as well as on a remote desktop connection. I can execute the code which reads/stores data in Session fine from the IE instance on the remote desktop but if I browse to it from the client pc it seems to lose the session state. I click on the form submit and the page refreshes and doesn't execute the required code. I've tried setting with; InProc, SQLServer and StateServer. but with no luck :-( Issue #2 As part of the application it views PDF and Tiff documents on the fly which are on a network share on the office network and creates thumbnails if the document hasn't been viewed before. This works if running on the machine the application is deployed to; however when browsing from a client pc I get an error saying: Access to the path '\\fileserver\folder\file.tif' is denied Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.UnauthorizedAccessException: Access to the path '\\fileserver\folder\file.TIF' is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user. As this is on a different server the user is not accessible. To get round this I have tried: 1 - setting the application pool to run as domain administrator (I know this is a security risk, but I'm just trying to get it to work at the moment!) 2 - to set the log on account for World Wide Web Publishing service to be the domain admin . When trying to restart the service I get ... Windows could not start the World Wide Web Publishing Service service on the Local Computer. Error 1079: The account specified for this service is different from the account specified fro the other services running in the same process. Any pointers/help would be much appriciated as I'm pulling my hair out (of what little I have left). Update I've been using this funky little tool I found - DelegConfig v2 beta (Delegation / Kerberos Configuration Tool). This has been really usefull. So I've got the accessing of the file share working (there is a test page which will read the files) so now I've just got the issue of passing through the users credentials through to the SQL Server (wans't my choice to do it this way!!) to execute the queries etc. but I can't get it to log on as the user. It tries to access it as "NT Authority\Network Service" which doesn't have a sql login (as should be the logged on user). My connection string is: <add name="User" connectionString="Data Source=.;Integrated Security=True" providerName="System.Data.SqlClient" /> No initial catalog is specified as the system is over multiple dbs (also wasn't my choice!!). I really appriciate all the help so far! :-) Any further hints?!

    Read the article

  • How do I convert Data::Dumper output back into a Perl data structure?

    - by newbee_me
    Hi all! I was wondering if you could shed some lights regarding the code I've been doing for a couple of days. I've been trying to convert a Perl-parsed hash back to XML using the XMLout() and XMLin() method and it has been quite successful with this format. #!/usr/bin/perl -w use strict; # use module use IO::File; use XML::Simple; use XML::Dumper; use Data::Dumper; my $dump = new XML::Dumper; my ( $data, $VAR1 ); Topology:$VAR1 = { 'device' => { 'FOC1047Z2SZ' => { 'ChassisID' => '2009-09', 'Error' => undef, 'Group' => { 'ID' => 'A1', 'Type' => 'Base' }, 'Model' => 'CATALYST', 'Name' => 'CISCO-SW1', 'Neighbor' => {}, 'ProbedIP' => 'TEST', 'isDerived' => 0 } }, 'issues' => [ 'TEST' ] }; # create object my $xml = new XML::Simple (NoAttr=>1, RootName=>'data', SuppressEmpty => 'true'); # convert Perl array ref into XML document $data = $xml->XMLout($VAR1); #reads an XML file my $X_out = $xml->XMLin($data); # access XML data print Dumper($data); print "STATUS: $X_out->{issues}\n"; print "CHASSIS ID: $X_out->{device}{ChassisID}\n"; print "GROUP ID: $X_out->{device}{Group}{ID}\n"; print "DEVICE NAME: $X_out->{device}{Name}\n"; print "DEVICE NAME: $X_out->{device}{name}\n"; print "ERROR: $X_out->{device}{error}\n"; I can access all the element in the XML with no problem. But when I try to create a file that will house the parsed hash, problem arises because I can't seem to access all the XML elements. I guess, I wasn't able to unparse the file with the following code. #!/usr/bin/perl -w use strict; #!/usr/bin/perl # use module use IO::File; use XML::Simple; use XML::Dumper; use Data::Dumper; my $dump = new XML::Dumper; my ( $data, $VAR1, $line_Holder ); #this is the file that contains the parsed hash my $saveOut = "C:/parsed_hash.txt"; my $result_Holder = IO::File->new($saveOut, 'r'); while ($line_Holder = $result_Holder->getline){ print $line_Holder; } # create object my $xml = new XML::Simple (NoAttr=>1, RootName=>'data', SuppressEmpty => 'true'); # convert Perl array ref into XML document $data = $xml->XMLout($line_Holder); #reads an XML file my $X_out = $xml->XMLin($data); # access XML data print Dumper($data); print "STATUS: $X_out->{issues}\n"; print "CHASSIS ID: $X_out->{device}{ChassisID}\n"; print "GROUP ID: $X_out->{device}{Group}{ID}\n"; print "DEVICE NAME: $X_out->{device}{Name}\n"; print "DEVICE NAME: $X_out->{device}{name}\n"; print "ERROR: $X_out->{device}{error}\n"; Do you have any idea how I could access the $VAR1 inside the text file? Regards, newbee_me

    Read the article

  • Problem with NHibernate

    - by Bernard Larouche
    I am trying to get a list of Products that share the Category. NHibernate returns no product which is wrong. Here is my Criteria API method : public IList<Product> GetProductForCategory(string name) { return _session.CreateCriteria(typeof(Product)) .CreateCriteria("Categories") .Add(Restrictions.Eq("Name", name)) .List<Product>(); } Here is my HQL method : public IList<Product> GetProductForCategory(string name) { return _session.CreateQuery("select from Product p, p.Categories.elements c where c.Name = :name").SetString("name",name).List<Product>(); } Both methods return no product when they should return 2 products. Here is the Mapping for the Product class : <?xml version="1.0" encoding="utf-8" ?> <hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" assembly="CBL.CoderForTraders.DomainModel" namespace="CBL.CoderForTraders.DomainModel"> <class name="Product" table="Products" > <id name="_persistenceId" column="ProductId" type="Guid" access="field" unsaved-value="00000000-0000-0000-0000-000000000000"> <generator class="assigned" /> </id> <version name="_persistenceVersion" column="RowVersion" access="field" type="int" unsaved-value="0" /> <property name="Name" column="ProductName" type="String" not-null="true"/> <property name="Price" column="BasePrice" type="Decimal" not-null="true" /> <property name="IsTaxable" column="IsTaxable" type="Boolean" not-null="true" /> <property name="DefaultImage" column="DefaultImageFile" type="String"/> <bag name="Descriptors" table="ProductDescriptors"> <key column="ProductId" foreign-key="FK_Product_Descriptors"/> <one-to-many class="Descriptor"/> </bag> <bag name="Categories" table="Categories_Products" > <key column="ProductId" foreign-key="FK_Products_Categories"/> <many-to-many class="Category" column="CategoryId"></many-to-many> </bag> <bag name="Orders" generic="true" table="OrderProduct" > <key column="ProductId" foreign-key="FK_Products_Orders"/> <many-to-many column="OrderId" class="Order" /> </bag> </class> </hibernate-mapping> And finally the mapping for the Category class : <?xml version="1.0" encoding="utf-8" ?> <hibernate-mapping xmlns="urn:nhibernate-mapping-2.2" assembly="CBL.CoderForTraders.DomainModel" namespace="CBL.CoderForTraders.DomainModel" default-access="field.camelcase-underscore" default-lazy="true"> <class name="Category" table="Categories" > <id name="_persistenceId" column="CategoryId" type="Guid" access="field" unsaved-value="00000000-0000-0000-0000-000000000000"> <generator class="assigned" /> </id> <version name="_persistenceVersion" column="RowVersion" access="field" type="int" unsaved-value="0" /> <property name="Name" column="Name" type="String" not-null="true"/> <property name="IsDefault" column="IsDefault" type="Boolean" not-null="true" /> <property name="Description" column="Description" type="String" not-null="true" /> <many-to-one name="Parent" column="ParentID"></many-to-one> <bag name="SubCategories" inverse="true"> <key column="ParentID" foreign-key="FK_Category_ParentCategory" /> <one-to-many class="Category"/> </bag> <bag name="Products" table="Categories_Products"> <key column="CategoryId" foreign-key="FK_Categories_Products" /> <many-to-many column="ProductId" class="Product"></many-to-many> </bag> </class> </hibernate-mapping> Can you see what could be the problem ?

    Read the article

  • How to get HandleUnauthorizedRequest to return correct url?

    - by Jova
    I'm writing a custom AuthorizeAttribute which should redirect unauthorized users to the login page. My HandleUnauthorizedRequest method looks like this, protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { RouteValueDictionary returnRoute = new RouteValueDictionary(); returnRoute["controller"] = "Account"; returnRoute["action"] = "Login"; returnRoute["returnUrl"] = filterContext.HttpContext.Request.Url.AbsolutePath; filterContext.Result = new RedirectToRouteResult(returnRoute); } Unfortunately it's not working properly as the returning url looks like this, www.mydomain.com/?controller=Account&action=Login&returnUrl=%2FUser%2FEditProfile%2FUsername What is the reason for this and how do I correct it?

    Read the article

  • 2-legged OAuth and the Gmail atom feed

    - by jdcotter
    We're trying to get 2-legged OAuth to work with the Gmail atom feed. We're using the Java library contributed by John Kristian, Praveen Alavilli and Dirk Balfanz. [http://oauth.net/code/] instead of the GData library. We know we have the correct CONSUMER_KEY and CONSUMER_SECRET, etc. becuase it works with the Contacts feed (http://www.google.com/m8/feeds/contacts/default/full) and have no problems. However with Gmail atom feed it always returns: HTTP/1.1 401 Unauthorized Any ideas? Should we try a different OAuth framework or does the problem lie on the Google side?

    Read the article

  • Anybody have any success getting around IIS7 issues with WiX 3.5?

    - by Will
    WiX 3.5 still is having issues with creating websites in IIS7. I can get around most of them, but I'm getting hosed by the inability to configure the website authentication mode. Traditionally, you would just use the WebDirProperties to, for instance, turn on windows authentication: <iis:WebDirProperties Id="OMFG3.5BUGSUX" WindowsAuthentication="yes" /> Well, this doesn't work. So, now, once my nice lovely installer exits you get a big fat screw-you-unauthorized-jerk message. Not exactly professional looking. Does anybody have any suggestions/tips on working around these shortcomings in WiX?

    Read the article

  • Symfony user authentication using Active Directory

    - by Radu Dragomir
    Is there a way to authenticate users in symfony apps using Active Directory? Can you please point out some documentation? edit What i need is to have a transparent login in my application. The user authenticates once at windows logon, then all applications should be accessed with the same credentials without being asked for the domain\username and password again. I tried the following in a simple php script: if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="my realm"'); header('HTTP/1.0 401 Unauthorized'); exit; } else { echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>"; } but then i get the authentication form popped up. Is there any way to pass the header the credentials used at windows logon? Thanks, Radu.

    Read the article

  • What does "Unatuthorized zone" mean when browsing xsd files with Visual Studio 2010?

    - by starskythehutch
    When I open up an xsd file that includes other xsd files, all of the included files are added to a section called "Unauthorized zone". Visual Studio highlights the element and gives the following error when trying to resolve the schemaLocation attribute: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. I've read the following blog post, but I'm not familiar enough with xsd yet to fully understand it. Can anyone explain why this is happening or point me to a good resource that can help?

    Read the article

  • DotNetOpenAuth DesktopConsumer with GData help needed

    - by DBa
    Hi folks, I am trying to get DotNetOpenAuth's DesktopConsumer to work with Google, with not much success actually... Here is what I am doing (reduced to essential code parts): myApp = new DesktopConsumer(google, tm); var extraParameters = new Dictionary<string, string> { { "scope", GetScopeUri(Applications.Calendar) }, }; AuthorizeForm af = new AuthorizeForm(); af.setAuthUrl(myApp.RequestUserAuthorization(extraParameters, null, out requestToken)); // This makes a webbrowser control in the AuthorizeForm navigate to the google page //which asks for login and authorization af.ShowDialog(); // Open the form, as modal var accessTokenResponse = myApp.ProcessUserAuthorization(requestToken, af.getVerifier()); // af.getVerifier gets the verificatino code which the user has to copy from the // webbrowser control to a textbox (if he grants the authorization, of course :D) HttpWebRequest req = myApp.PrepareAuthorizedRequest( new MessageReceivingEndpoint( "http://www.google.com/calendar/feeds/default/owncalendars/full", HttpDeliveryMethods.GetRequest ), accessTokenResponse.AccessToken); WebResponse rsp = req.GetResponse(); // Here I get the "401 Unauthorized" exception Any idea what I am doing wrong? Thanks in advance, Dmitri

    Read the article

  • Using ClaimsPrincipalPermissionAttribute, how do I catch the SecurityException?

    - by Ryan Roark
    In my MVC application I have a Controller Action that Deletes a customer, which I'm applying Claims Based Authorization to using WIF. Problem: if someone doesn't have access they see an exception in the browser (complete with stacktrace), but I'd rather just redirect them. This works and allows me to redirect: public ActionResult Delete(int id) { try { ClaimsPrincipalPermission.CheckAccess("Customer", "Delete"); _supplier.Delete(id); return RedirectToAction("List"); } catch (SecurityException ex) { return RedirectToAction("NotAuthorized", "Account"); } } This works but throws a SecurityException I don't know how to catch (when the user is not authorized): [ClaimsPrincipalPermission(SecurityAction.Demand, Operation = "Delete", Resource = "Customer")] public ActionResult Delete(int id) { _supplier.Delete(id); return RedirectToAction("List"); } I'd like to use the declarative approach, but not sure how to handle unauthorized requests. Any suggestions?

    Read the article

  • Rails 2.x http basic authentication

    - by randombits
    I'm trying to get basic http authentication working on my Rails app. I'm offering a simple REST interface served by a Rails server, only xml/json output. Every method needs authentication, so I put the authenticate filter in ApplicationController: class ApplicationController < ActionController::Base helper :all # include all helpers, all the time before_filter :authenticate protected def authenticate authenticate_or_request_with_http_basic do |u, p| true end end end Even with having the method return true, I'm receiving a 401 from the server: $ curl http://127.0.0.1:3000/myresource/1.xml -i HTTP/1.1 401 Unauthorized Cache-Control: no-cache WWW-Authenticate: Basic realm="Application" X-Runtime: 1 Content-Type: text/html; charset=utf-8 Content-Length: 27 Server: WEBrick/1.3.1 (Ruby/1.9.1/2010-01-10) Date: Thu, 03 Jun 2010 02:43:55 GMT Connection: Keep-Alive HTTP Basic: Access denied. If I'm explicitly returning true, yet getting served a 401.

    Read the article

  • WCF to WCF communication 401, HttpClient

    - by youwhut
    I have a WCF REST service that needs to communicate with another WCF REST service. There are three websites: Default Web Site Website1 Website2 If I set up both services in Default Web Site and connect to the other (using HttpClient) using the URI http://localhost/service then everything is okay. The desired set-up is to move these two services to separate websites and rather than using the URI http://localhost/service, accessing the service via http://website1.domain.com/service still using HttpClient. I received the exception: System.ArgumentOutOfRangeException: Unauthorized (401) is not one of the following: OK (200), Created (201), Accepted (202), NonAuthoritativeInformation (203), NoContent (204), ResetContent (205), PartialContent (206) I can see this is a 401, but what is going on here? Thanks

    Read the article

  • How to secure licensekey generation

    - by Jakob Gade
    Scenario, simplified for brevity: A developer creates an application for a customer. The customer sells this app to end-users. The app requires a license key to run, and this key is generated by the customer for each end-user with a simple tool created by the developer. The license key contains an expiry date for the license and is encrypted so the end-user can’t tamper with it. The problem here is that the developer (or anybody who has a copy of the license key generator) can easily create valid license keys. Should this generator fall into the wrong hands, it could spell disaster for the customers business. Ideally, the customer would have to use a password to create new license keys. And this password would be unknown to the developer, and somehow baked into the decryption algorithm in the application so it will fail if an attempt to use an unauthorized key is made. How would you implement a solution for this problem that is both transparent and secure?

    Read the article

  • How to receive userinfo with google adwords api libraries

    - by PatrickvKleef
    I'm using the Google Adwords API libraries and I would like to receive the userinfo of the logged in user. I added the userinfo scope as followed: googleAdwordsUser = new AdWordsUser(); string oauth_callback_url = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path); googleAdwordsUser.OAuthProvider = new AdsOAuthNetProvider("https://adwords-sandbox.google.com/api/adwords/ https://www.googleapis.com/auth/userinfo.email", oauth_callback_url, Session.SessionID); When the callback url is called, I'm trying to get the users emailaddress, but it isn't working, the error 'The remote server returned an error: (401) Unauthorized.' is thrown. string url = @"https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + token; HttpWebRequest objRequest = (HttpWebRequest)WebRequest.Create(url); objRequest.Method = "GET"; HttpWebResponse objResponse = (HttpWebResponse)objRequest.GetResponse(); string result = string.Empty; using (StreamReader sr = new StreamReader(objResponse.GetResponseStream())) { result = sr.ReadToEnd(); } Does somebody knows how to fix this? Thanks.

    Read the article

  • How to verify mail origin?

    - by MrZombie
    I wish to code a little service where I will be able to send an e-mail to a specific address used by my server to send specific commands to my server. I'll check against a list of permitted e-mail addresses to make sure no one unauthorized will send a command to the server, but how do I make sure that, say, an e-mail sent by "[email protected]" really comes from "thezombie.net"? I thought about checking the header for the original e-mail server's IP and pinging the domain to make sure it is the same, but would that be reliable? Example: Server receives a command from [email protected] [email protected] is authorized, proceed with checks Server checks "thezombie.net"'s IP from the header: W.X.Y.Z Server pings "thezombie.net" for it's IP: A.B.C.D The IPs do not correspond, do not process command Is there any better way to do that?

    Read the article

  • Creating and debugging a Sharepoint Services 3.0 WebPart

    - by Filip Ekberg
    I am trying to create a WebPart for my locally installed Sharepoint Services 3.0 and I've followed various tips and guides to get it all working. However somewhere on the road I must have missed something or this is just not "in all the books". When creating an empty Sharepoint WebPart and just hitting F5 to debug it, I get the following message: Error 1 The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. 0 0 And as this article from microsoft suggests I did enable Negotiate, NTLM. But it's still not working, Any suggestions?

    Read the article

  • Issues while downloading document from Sharepoint using JAVA

    - by Deepak Singh Rawat
    I am trying to download a file from Sharepoint 2007 sp2 document library using GetItem method of the Copy webservice. I am facing the following issues : In the local instance ( Windows Vista ) I can save only 10.5 Kb of any file. The webservice is returning only 10.5 Kb of data for any file. On the production server, I am able to List the documents using some credentials but when I am trying to download a document using the same credentials I get a 401 : Unauthorized message. I can download the document using the Sharepoint website successfully.

    Read the article

  • http_post_data basic authentication?

    - by kristian nissen
    I have a remote service that I need to access, according to the documentation it's restricted using basic authentication and all requests have to be posted (HTTP POST). The documentation contains this code example - VB script: Private Function SendRequest(ByVal Url, ByVal Username, ByVal Password, ByVal Request) Dim XmlHttp Set XmlHttp = CreateObject("MSXML2.XmlHttp") XmlHttp.Open "POST", Url, False, Username, Password XmlHttp.SetRequestHeader "Content-Type", "text/xml" XmlHttp.Send Request Set SendRequest = XmlHttp End Function how can I accomplish this in PHP? When I post data to the remote server it replies: 401 Unauthorized Access which is fine because I'm not posting my user/pass just the data. Bu when I add my user/pass as it's describe here: http://dk.php.net/manual/en/http.request.options.php like this: $res = http_post_data('https://example.com', $data, array( 'Content-Type: "text/xml"', 'httpauth' => base64_encode('user:pass'), 'httpauthtype' => HTTP_AUTH_BASIC ) ); the protocol is https - I get a runtime error in return (it's a .Net service). I have tried it without the base64_encode but with the same result.

    Read the article

  • How to secure authorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • What's the funniest user request you've ever had?

    - by Shaul
    Users sometimes come up with the most amusing, weird and wonderful requirements for programmers to design and implement. Today I read a memo from my boss that we need the "ability to import any excel or access data, irrespective of size, easily and quickly." From the same memo, we have a requirement to "know if anyone unauthorized accessed the system" - as if a hacker is going to leave his calling card wedged between an index and a foreign key somewhere. I think my boss has been watching too much "Star Trek"... :) What's the funniest user request you've ever had?

    Read the article

  • Can someone explain this block of ASP.NET MVC code to me, please?

    - by Pure.Krome
    Hi folks, this is the current code in ASP.NET MVC2 (RTM) System.Web.Mvc.AuthorizeAttribute class :- public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (this.AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback( new HttpCacheValidateHandler(this.CacheValidateHandler), null); } else { filterContext.Result = new HttpUnauthorizedResult(); } } so if i'm 'authorized' then do some caching stuff, otherwise throw a 401 Unauthorized response. Question: What does those 3 caching lines do? cheers :)

    Read the article

  • WCF client using basic HTTP authentication

    - by AZ
    I'm trying to connect to a service that uses basic HTTP authentication. I've configured my binding like this <bindings> <basicHttpBinding> <binding name ="binding"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> and i'm setting the credentials like this: client.ClientCredentials.UserName.UserName = Settings.UserName; client.ClientCredentials.UserName.Password = Settings.Password; Sill when i make a request i get a "The HTTP request is unauthorized with client authentication scheme 'Basic'" fault back. What am i doing wrong? (i don't have control over the service so all solutions must relate to the client configuration)

    Read the article

  • Twitter @Anywhere oauth_bridge_code

    - by AngelCabo
    I'm having trouble with Twitter's implementation of an oauth_bridge_code for the @anywhere api. I've seen a few walkthrough's on how to use this functionality but I can't seem to get the request to work for me. I'm using Ruby on Rails with the oauth gem. My code is as follows: def callback consumer = OAuth::Consumer.new(APP_CONFIG['twitter_key'], APP_CONFIG['twitter_secret'], :site => "http://api.twitter.com", :request_token_path => "/oauth/request_token", :authorize_path => "/oauth/authorize", :access_token_path => "/oauth/access_token", :http_method => :post) request = OAuth::AccessToken.new consumer json = request.post("https://api.twitter.com/oauth/access_token?oauth_bridge_code=#{params[:oauth_bridge_code]}") end I keep getting 401 unauthorized responses from the signed post request even though this is supposed to be working according to this walkthrough: http://blog.abrah.am/2010/09/using-twitter-anywhere-bridge-codes.html and a presentation from Matt Harris on slideshare. Any ideas on what I'm doing wrong (besides possibly trying to hit functionality that may not be in place)? Greatly appreciated!

    Read the article

  • ASP.NET Windows authentication with wrong identity over VPN

    - by Dilyan Dimitrov
    I have ASP.NET application with windows authentication. When I browse it from home over VPN (Cisco VPN Client) as a username in the windows identity I get "\" not the credentials from the AD of the server (the same that I am using to connect to the VPN) even though I fill them in the prompt for localhost authentication from the browser. This only happens with Firefox. In the IE and Chrome after the prompt I get 401.1 Unauthorized page from IIS. How to make IIS to use the right credentials or the problem is somewhere else? Any ideas?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 340 341 342 343 344 345 346 347 348 349 350 351  | Next Page >