Search Results

Search found 21 results on 1 pages for 'authenication'.

Page 1/1 | 1 

  • RAILS : authlogic authenication / session error , "session contains objects whose class definition i

    - by Surya
    Session contains objects whose class definition isn\'t available. Remember to require the classes for all objects kept in the session I am trying to integrate http://github.com/binarylogic/authlogic for authentication into my rails application . I follwed all the steps into mentioned in the documentation . Now i seem to be getting this error when i hit a controller . Looks like i am missing something obvious . stacktrace /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/session/abstract_store.rb:77:in `stale_session_check!' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/session/abstract_store.rb:61:in `load!' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/session/abstract_store.rb:28:in `[]' /Library/Ruby/Gems/1.8/gems/authlogic-2.1.3/lib/authlogic/session/session.rb:48:in `session_credentials' /Library/Ruby/Gems/1.8/gems/authlogic-2.1.3/lib/authlogic/session/session.rb:33:in `persist_by_session' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:178:in `send' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:178:in `evaluate_method' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:166:in `call' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:93:in `run' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:92:in `each' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:92:in `send' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:92:in `run' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:276:in `run_callbacks' /Library/Ruby/Gems/1.8/gems/authlogic-2.1.3/lib/authlogic/session/callbacks.rb:79:in `persist' /Library/Ruby/Gems/1.8/gems/authlogic-2.1.3/lib/authlogic/session/persistence.rb:55:in `persisting?' /Library/Ruby/Gems/1.8/gems/authlogic-2.1.3/lib/authlogic/session/persistence.rb:39:in `find' /Users/suryagaddipati/myprojects/groceryplanner/app/controllers/application_controller.rb:12:in `current_user_session' /Users/suryagaddipati/myprojects/groceryplanner/app/controllers/application_controller.rb:17:in `current_user' /Users/suryagaddipati/myprojects/groceryplanner/app/controllers/application_controller.rb:30:in `require_no_user' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:178:in `send' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:178:in `evaluate_method' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/callbacks.rb:166:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:225:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:629:in `run_before_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:615:in `call_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:610:in `perform_action_without_benchmark' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in `ms' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:10:in `realtime' /Library/Ruby/Gems/1.8/gems/activesupport-2.3.5/lib/active_support/core_ext/benchmark.rb:17:in `ms' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/rescue.rb:160:in `perform_action_without_flash' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/flash.rb:146:in `perform_action' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:532:in `send' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:532:in `process_without_filters' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/filters.rb:606:in `process' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:391:in `process' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/base.rb:386:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/routing/route_set.rb:437:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/dispatcher.rb:87:in `dispatch' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/dispatcher.rb:121:in `_call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/dispatcher.rb:130:in `build_middleware_stack' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/query_cache.rb:29:in `call' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/query_cache.rb:29:in `call' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/connection_adapters/abstract/query_cache.rb:34:in `cache' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/query_cache.rb:9:in `cache' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/query_cache.rb:28:in `call' /Library/Ruby/Gems/1.8/gems/activerecord-2.3.5/lib/active_record/connection_adapters/abstract/connection_pool.rb:361:in `call' /Library/Ruby/Gems/1.8/gems/actionpack-2.3.5/lib/action_controller/string_coercion.rb:25:in `call' /Users/suryagaddipati/.gem/ruby/1.8/gems/rack-1.0.1/lib/rack/head.rb:9:in `call'

    Read the article

  • Mediawiki authenication replacement showing "Login Required" instead of signing user into wiki

    - by arcdegree
    I'm fairly to MediaWiki and needed a way to automatically log users in after they authenticated to a central server (which creates a session and cookie for applications to use). I wrote a custom authentication extension based off of the LDAP Authentication extension and a few others. The extension simply needs to read some session data to create or update a user and then log them in automatically. All the authentication is handled externally. A user would not be able to even access the wiki website without logging in externally. This extension was placed into production which replaced the old standard MediaWiki authentication system. I also merged user accounts to prepare for the change. By default, a user must be logged in to view, edit, or otherwise do anything in the wiki. My problem is that I found if a user had previously used the built-in MediaWiki authentication system and returned to the wiki, my extension would attempt to auto-login the user, however, they would see a "Login Required" page instead of the page they requested like they were an anonymous user. If the user then refreshed the page, they would be able to navigate, edit, etc. From what I can tell, this issue resolves itself after the UserID cookie is reset or created fresh (but has been known to strangely come up sometimes). To replicate, if there is an older User ID in the "USERID" cookie, the user is shown the "Login Required" page which is a poor user experience. Another way of showing this page is by removing the user account from the database and refreshing the wiki page. As a result, the user will again see the "Login Required" page. Does anyone know how I can use debugging to find out why MediaWiki thinks the user is not signed in when the cookies are set properly and all it takes is a page refresh? Here is my extension (simplified a little for this post): <?php $wgExtensionCredits['parserhook'][] = array ( 'name' => 'MyExtension', 'author' => '', ); if (!class_exists('AuthPlugin')) { require_once ( 'AuthPlugin.php' ); } class MyExtensionPlugin extends AuthPlugin { function userExists($username) { return true; } function authenticate($username, $password) { $id = $_SESSION['id']; if($username = $id) { return true; } else { return false; } } function updateUser(& $user) { $name = $user->getName(); $user->load(); $user->mPassword = ''; $user->mNewpassword = ''; $user->mNewpassTime = null; $user->setRealName($_SESSION['name']); $user->setEmail($_SESSION['email']); $user->mEmailAuthenticated = wfTimestampNow(); $user->saveSettings(); return true; } function modifyUITemplate(& $template) { $template->set('useemail', false); $template->set('remember', false); $template->set('create', false); $template->set('domain', false); $template->set('usedomain', false); } function autoCreate() { return true; } function disallowPrefsEditByUser() { return array ( 'wpRealName' => true, 'wpUserEmail' => true, 'wpNick' => true ); } function allowPasswordChange() { return false; } function setPassword( $user, $password ) { return false; } function strict() { return true; } function initUser( & $user ) { } function updateExternalDB( $user ) { return false; } function canCreateAccounts() { return false; } function addUser( $user, $password ) { return false; } function getCanonicalName( $username ) { return $username; } } function SetupAuthMyExtension() { global $wgHooks; global $wgAuth; $wgHooks['UserLoadFromSession'][] = 'Auth_MyExtension_autologin_hook'; $wgHooks['UserLogoutComplete'][] = 'Auth_MyExtension_UserLogoutComplete'; $wgHooks['PersonalUrls'][] = 'Auth_MyExtension_personalURL_hook'; $wgAuth = new MyExtensionPlugin(); } function Auth_MyExtension_autologin_hook($user, &$return_user ) { global $wgUser; global $wgAuth; global $wgContLang; wfSetupSession(); // Give us a user, see if we're around $tmpuser = new User() ; $rc = $tmpuser->newFromSession(); $rc = $tmpuser->load(); if( $rc && $rc->isLoggedIn() ) { if ( $rc->authenticate($rc->getName(), '') ) { return true; } else { $rc->logout(); } } $id = trim($_SESSION['id']); $name = ucfirst(trim($_SESSION['name'])); if (empty($dsid)) { $result = false; // Deny access return true; } $user = User::newFromName($dsid); if (0 == $user->getID() ) { // we have a new user to add... $user->setName( $id); $user->addToDatabase(); $user->setToken(); $user->saveSettings(); $ssUpdate = new SiteStatsUpdate( 0, 0, 0, 0, 1 ); $ssUpdate->doUpdate(); } else { $user->saveToCache(); } // update email, real name, etc. $wgAuth->updateUser( $user ); $result = true; // Go ahead and log 'em in $user->setToken(); $user->saveSettings(); $user->setupSession(); $user->setCookies(); return true; } function Auth_MyExtension_personalURL_hook(& $personal_urls, & $title) { global $wgUser; unset( $personal_urls['mytalk'] ); unset($personal_urls['Userlogin']); $personal_urls['userpage']['text'] = $wgUser->getRealName(); foreach (array('login', 'anonlogin') as $k) { if (array_key_exists($k, $personal_urls)) { unset($personal_urls[$k]); } } return true; } function Auth_MyExtension_UserLogoutComplete(&$user, &$inject_html, $old_name) { setcookie( $GLOBALS['wgCookiePrefix'] . '_session', '', time() - 3600, $GLOBALS['wgCookiePath']); setcookie( $GLOBALS['wgCookiePrefix'] . 'UserName', '', time() - 3600, $GLOBALS['wgCookiePath']); setcookie( $GLOBALS['wgCookiePrefix'] . 'UserID', '', time() - 3600, $GLOBALS['wgCookiePath']); setcookie( $GLOBALS['wgCookiePrefix'] . 'Token', '', time() - 3600, $GLOBALS['wgCookiePath']); return true; } ?> Here is part of my LocalSettings.php file: ############################# # Disallow Anonymous Access ############################# $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['*']['createtalk'] = false; $wgGroupPermissions['*']['createaccount'] = false; $wgShowIPinHeader = false; # For non-logged in users ############################# # Extension: MyExtension ############################# require_once("$IP/extensions/MyExtension.php"); $wgAutoLogin = true; SetupAuthMyExtension(); $wgDisableCookieCheck = true;

    Read the article

  • Alternative Django Authenication

    - by pq
    Need to integrate Django with an existing authentication system. That system has it's own database, API, login/logout,edit profile web pages and cookie. (I may have to add a few additional profile fields stored/updated locally) What's the proper approach to substitute the out-of-the-box authentication in Django?

    Read the article

  • Google gadget to read https rss feeds?

    - by Carl
    Anyone run across a Google Gadget RSS reader that can read https feeds? I haven't been able to find any, and I'm not sure if this is because a) I'm the only one that needs one and/or b) there is something nasty about the browser security model here that I'll find out if I try to roll my own. Thanks much in advance.

    Read the article

  • Cross-Domain Cookie Problem

    - by Frederick
    Hi Guys, I have a domain A.com [my website] and a remote website B.com which integrates an iframe from my domain [A.com] with a piece of javascript. I want to share cookies across these domains [within the iframe]? How would I go about doing this so it works properly? I thought A.com and B.com are in the same-origin policy ?

    Read the article

  • How does WCF RIA Services handle authentication/authorization/security?

    - by Edward Tanguay
    Since no one answered this question: What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET server? Let me ask it another way: How does WCF RIA Services handle authentication/authorization/security at a low level? e.g. how does the application on the server determine that the incoming http request to change data is coming from a valid client and not from non-desirable source, e.g. a denial-of-service bot?

    Read the article

  • Calling a WCF from ASP.NET with same the single-signon user LogonUserIdentity

    - by Dennis Cheung
    I have a ASP.NET MVC page, which call WCF logic. The system is single-signon using NTML. Both the ASP page and the WCF will use the UserIdentity to get user login information. Other then NTML, I will also have a Form based authorization (with AD) in same system. The ASP page, is it simple and I can have it from HttpContext.Current.Request.LogonUserIdentity. However, it seem it is missing from the WCF which call by the ASP, not from browser. How to configure to pass the ID pass from the ASP to the WCF?

    Read the article

  • activesync not working with forms based authentication

    - by Chad
    I have an Exchange 2003 SP2 single backend server with an SSL cert. I was having trouble getting OMA to work so I found a MS article about making a reg hack and creating a new Exchange-OMA virtual directory. I am able to connect and access content from my mailbox by using secure mail.domainname.com/oma and using my credentials. ActiveSync was not working on a Windows mobile phone or iPhone. I found another article about using Forms Based Authenication and SSL on a single Exchange server environment and the fix was to elliminate FBA and SSL for the Exchange virtual directory. That allows ActiveSync to now work. I have very few mobile users, but they are management, so I need to make ActiveSync work but I would like to get back to using SSL. http://support.microsoft.com/kb/817379 Any ideas about this setup? Thanks.

    Read the article

  • ISA Proxy server

    - by user59931
    Have a proxy at work that runs Microsoft ISA. i used to be able to connect using 11.10 with firefox no problem at all. i could either put the settings in firefox or the settings in ubuntu network proxy settings. this would give me a connection no problem ( slow due to the work network being really lame) since i upgraded with 12.10 firefox just crashes if i have any proxy settings (manual added the proxy settings). if i connect to a diffrent network without the proxy settings it works fine and doesn't crash i tried chrome to see if that would work... simular problem. chrome doesn't crash but is so slow it just times out all the time and can take 10min for a page to load.... not really sure where to go with this? i have tried a clean install of 12.04 on 2 diffrent computers and also both tried just upgrading from 11.10. Only answer i can see at the moment is role back to 11.10 :( i have tried all sorts like turning of IPv6 to see if that would make any diffrence but no joy... really am lost now. whats weird is the repositys are also really really slow through 12.04. 50 megs took an hour to download (ISA server has Ubuntu rep servers enables without authenication). really am lost

    Read the article

  • Need Users to Re-authenticate with NTLM

    - by Trey Carroll
    I'm NTLM (authenication="windows" in the web.config) with an asp.net mvc 2.0 site. Right now once a user logs in it keeps them logged in for weeks at a time. The use of the application is being opened up to users who share computers that use logged in service accounts. I need the site to reprompt each user for their AD credentials each time in order to handle these users. (Activity on the site must be linked to a uniquely identified user.) Thanks for any help that you can provide. Trey Carroll

    Read the article

  • Best Pratice to Implement Secure Remember Me

    - by Yan Cheng CHEOK
    Sometimes, I came across certain web development framework which doesn't provide authentication feature as in Authenication ASP.NET I was wondering what is the security measure needs to be considered, when implementing "Remember Me" login feature, by hand coding? Here are the things I usually did. 1) Store the user name in cookie. The user name are not encrypted. 2) Store a secret key in cookie. The secret key is generated using one way function based on user name. The server will verify secret key against user name, to ensure this user name is not being changed. 3) Use HttpOnly in cookie. http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html Any things else I could miss out, which could possible lead a security hole.

    Read the article

  • Do all header("Location: member.php?id=$username") have to be the first thing in a script? (PHP)

    - by ggfan
    I know in the Manuel it says that the header has to be the first thing in a script, but how come I see some codes where header("Location: member.php?id=$username") is in a if-statement? Ex: //a bunch of codes above if($result!="0"){ // authenication correct lets login $_SESSION["password"] = $password;; $_SESSION["username"] = $username; header("Location: member.php?id=$username"); } else { echo "Wrong username or password. Please try again!"; } But when I do this, it sometimes would/won't throw an error. How do I allow the header (); to be used in a script without any errors? I want to redirect the user back to the login if they click "no" and to the homepage if they click "yes".

    Read the article

  • Recreating Cookies on another Domain

    - by Bill
    Hi, I have a site on A.com and an iframe on B.com which reads info from A.com. I realize that there is some problems with third party cookies, iframes and P3P - particularly in Safari [my problem] Is it possible to instead, use AJAX or a hidden iFrame to pass the cookie information from A.com to B.com which will then "recreate" another cookie with the same information on the iframe in B.com. I am trying to do this for authenication - i.e. a user is logged in on A.com and then goes to b.com and the iframe is also logged in ? I was hoping to perhaps pass the data in a hidden iframe and "recreate" the cookie in the iframe on B.com using JavaScript?

    Read the article

  • iFrames and Cookies

    - by Tom
    I have a site on A.com and an iframe on B.com which reads info from A.com. I realize that there is some problems with third party cookies, iframes and P3P - particularly in Safari [my problem] Is it possible to instead, use AJAX or a hidden iFrame to pass the cookie information from A.com to B.com which will then "recreate" another cookie with the same information on the iframe in B.com. I am trying to do this for authenication - i.e. a user is logged in on A.com and then goes to b.com and the iframe is also logged in ? I was hoping to perhaps pass the data in a hidden iframe and "recreate" the cookie in the iframe on B.com using JavaScript? Is this possible ? Security issues ? What about HTTPS?

    Read the article

  • Log Shipped but Won't Update

    - by MooCow
    I'm currently taking the MS SQL 2K5 Admin course at a local college and ran into a problem with the Log Shipping part. My setup is the following: Windows 7 x64 SQL 2005 SP3 2 SQL server instances on the same machine Log Shipping settings: Performed full then log back up of Primary Manually restore on Secondary in STANDBY MODE Insert a new record into the table Set up Log Shipping on Primary using SQL Authenication login to connect to the Secondary Set up timers and copy destination on Secondary Monitoring instance not being used I set up a shared folder for WORKGROUP so both instances on the machine can read & write to it. I can see transaction logs generated and copied as defined by the Transaction Shipping wizard. However, the specified table on the Secondary instance is not updating.

    Read the article

  • Glusterfs denied mount

    - by greg
    I'm using GlusterFS 3.3.2. Two servers, a brick on each one. The Volume is "ARCHIVE80" I can mount the volume on Server2; if I touch a new file, it appears inside the brick on Server1. However, if I try to mount the volume on Server1, I have an error: Mount failed. Please check the log file for more details. The log gives: [2013-11-11 03:33:59.796431] I [rpc-clnt.c:1654:rpc_clnt_reconfig] 0-ARCHIVE80-client-0: changing port to 24011 (from 0) [2013-11-11 03:33:59.796810] I [rpc-clnt.c:1654:rpc_clnt_reconfig] 0-ARCHIVE80-client-1: changing port to 24009 (from 0) [2013-11-11 03:34:03.794182] I [client-handshake.c:1614:select_server_supported_programs] 0-ARCHIVE80-client-0: Using Program GlusterFS 3.3.2, Num (1298437), Version (330) [2013-11-11 03:34:03.794387] W [client-handshake.c:1320:client_setvolume_cbk] 0-ARCHIVE80-client-0: failed to set the volume (Permission denied) [2013-11-11 03:34:03.794407] W [client-handshake.c:1346:client_setvolume_cbk] 0-ARCHIVE80-client-0: failed to get 'process-uuid' from reply dict [2013-11-11 03:34:03.794418] E [client-handshake.c:1352:client_setvolume_cbk] 0-ARCHIVE80-client-0: SETVOLUME on remote-host failed: Authentication failed [2013-11-11 03:34:03.794426] I [client-handshake.c:1437:client_setvolume_cbk] 0-ARCHIVE80-client-0: sending AUTH_FAILED event [2013-11-11 03:34:03.794443] E [fuse-bridge.c:4256:notify] 0-fuse: Server authenication failed. Shutting down. How comes I can mount on one server and not on the other one???

    Read the article

  • libsasl2 change paths

    - by mk_89
    I have been following the tutorial https://help.ubuntu.com/community/Postfix for installing Postfix on ubuntu. Im stuck at the Authenication section of the tutorial where you change paths to live in the false root, if you look at the link above I have a file (/etc/default/saslauthd) which is pretty much the same as the one from the tutorial. saslauthd # This needs to be uncommented before saslauthd will be run automatically START=yes PWDIR="/var/spool/postfix/var/run/saslauthd" PARAMS="-m ${PWDIR}" PIDFILE="${PWDIR}/saslauthd.pid" # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam" # Other options (default: -c) # See the saslauthd man page for information about these options. # # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" # Note: See /usr/share/doc/sasl2-bin/README.Debian #OPTIONS="-c" #make sure you set the options here otherwise it ignores params above and will not work OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" When I run the following command in ubuntu dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd I get the following error dpkg-statoverride: warning: An override for '/var/spool/postfix/var/run/saslauthd' already exists, but --force specified so will be ignored. dpkg-statoverride: warning: --update given but /var/spool/postfix/var/run/saslauthd does not exist I don't why this is happening, I literally followed the tutorial step by step and have installed all the packages necessary, what could be the problem? do I have to manually create

    Read the article

  • Silverlight 4 - MVC 2 ASP.NET Membership integration "single sign on"

    - by Scrappydog
    Scenario: I have an ASP.NET MVC 2 site using ASP.NET Forms Authentication. The site includes a Silverlight 4 application that needs to securely call internal web services. The web services also need to be publically exposed for third party authenticated access. Challenges: Securely accessing webservices from Silverlight using the current users identity without requiring the user to re-login in in the Silverlight application. Providing a secure way for third party applications to access the same webservices the same users credentials, ideally with out using ASP.NET Forms Authentication. Additional details and limitations: This application is hosted in Azure. We would rather NOT use RIA Services if at all possible. Solutions Under Consideration: I think that if the webservices are part of the same MVC site that hosts the Silverlight application then forms authentication should probably "just work" from Silverlight based on the users forms auth cookies. But this seems to rule out the possibility of hosting the webservices seperately (which is desirable in our scenario). For third-party access to the web services I'm guessing that seperate endpoints with a different authenication solution is probably the right answer, but I would rather only support one version of the services if possible... Questions: Can anybody point me towards any sample applications that implements something like this? How would you recommend implementing this solution?

    Read the article

  • Log in using Java where server's authentication could be sso or web applcation container's basic

    - by Ed
    Hi, I have a situation where ideally I want to be able to log-in to a secure area using a Java application. I would like to make an HTTP request and check the response to see if I need to do some kind of authenication before I can actually get the response expected, instead of effectively some login page. The complication is that the server that responds will not always be the same - the user of the Java app specifies the URL - and the server may be using some kind of single sign on authentication or the web container's. I don't know the field names for the username and password fields or the action of the form, is there a simple way to obtain this kind of information from the URL? I see the URLConnection object has methods getPermission() which has a method getActions() but are not suitable, anything that might be? I guess example things I am looking to determine: Does the response require authentication? If so; what type / which servlet? e.g. j_security_check, josso single sign on, ... And then some way of authenticating the client And finally managing the state of the authenticated user for other requests Do I need to know the attributes of the login form before attemping to login? And then, is the onoly way of verifying permission to the requested resource to manually manage the cookies? Thanks in advance.

    Read the article

  • Authentication problem with Wufoo

    - by fudgey
    I set up a Wufoo form with admin only portions that will only show up if I am logged in. I read through the Wufoo API documentation and I can get the authenication to work, but when I try to access the form after I authenticate, it says I need to authenticate. This is what I have so far (subdomain, api key & form id changed) <?php error_reporting(E_ALL); ini_set('display_errors', 1); $curl1 = curl_init('http://fishbowl.wufoo.com/api/v3/users.xml'); curl_setopt($curl1, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl1, CURLOPT_USERPWD, 'AOI6-LFKL-VM1Q-IEX9:footastic'); curl_setopt($curl1, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($curl1, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl1, CURLOPT_FOLLOWLOCATION, false); curl_setopt($curl1, CURLOPT_USERAGENT, 'Wufoo Sample Code'); $response = curl_exec($curl1); $resultStatus = curl_getinfo($curl1); if($resultStatus['http_code'] == 200) { echo 'success!<br>'; } else { echo 'Call Failed '.print_r($resultStatus); } $curl2 = curl_init("http://fishbowl.wufoo.com/api/v3/forms/w7x1p5/entries.json"); curl_setopt($curl2, CURLOPT_HEADER, 0); curl_setopt($curl2, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($curl2); curl_close ($curl2); echo $response; curl_close($curl1); ?> It doesn't matter if I close $curl1 before or after I call $curl2, I get the same message on my screen: success! You must authenticate to get at the goodies. and I know the api, subdomain and form id are all correct. And one last bonus question... can I do all of this using Ajax instead? - the page I will be displaying the form on will already be limited to admin access, so exposing the API shouldn't matter.

    Read the article

1