Search Results

Search found 3942 results on 158 pages for 'logged'.

Page 105/158 | < Previous Page | 101 102 103 104 105 106 107 108 109 110 111 112 | Next Page >

ASP NET forms Authorization: how to reduce duration?

- by eddo

I've got a web page which is implementing cookie based ASPNET Forms Authentication. Once the user has logged in the page, he can edit some information using a form which is created using a partialview and returned to him as a dialog for editing. The action linked to the partial view is decorated as follows: [HttpGet] [OutputCache(Duration = 0, VaryByParam = "None")] [Authorize(Roles = "test")] public ActionResult changeTripInfo(int tripID, bool ovride=false) { ... } The problem i am experiencing is the latency between the request and the time when the dialog is shown to the user: time ranges between 800 and 1100 ms which is not justified by the complexity of the form. Investigating with Glimpse turns out that the time to process the AuthorizeAttribute (see snip) sums up to at least 650 ms which is troubling me. Looking at the Sql server log, the call which checks the user roles takes, as expected, virtually nothing (duration 0). How can I reduce this time? Am I missing some optimization?

Read the article
How to Tweet from multiple acounts with twitter Gem in Rails?

- by Jmlevick

I have an application wich has Oauth access using Twitter as provider. I also have the ability to ask the logged user permisson to Read and Write in his/her account and once a user authorized the app, I can send tweets as the user with something like: u = User.find(id) u.twitter.update("Some-Status-Here") in the rails console... What I want to do is to Tweet as all the users in one command, but if I try something like: u = User.all u.twitter.update("Some-Status-Here") I get this error: undefined method `twitter' for #<Array:0x00000002e2f188> How can I tweet as all the users in one command? What am I doing wrong? I feel it is a very basic thing I'm missing... Can someone help me? Thank You.

Read the article
Problem with Wicket and SignInExample in IE8

- by KJQ

I have an interesting problem with Wicket. I'm basically duplicating the 'authentication' example from the v1.4.x in SVN. It works fine in FireFox and Chrome but not in IE8. When in IE8, after I click the submit button it returns with a 404 error but i can manually paste the "destination" url in and it goes there fine (as an authenticated user). Another scenario is, I try to login, it gives me a 404, I hit refresh (looking at the html source I see the page version incremented), relogin and it works fine. So to summarize: I login the first time in IE8 and it returns a 404 error, hit refresh and ogin again and it works fine. I login the first time in IE8 and it returns a 404 error, manually paste the destination url in the browser and it goes there fine as if im logged in. I've compared everything between IE8 and FireFox from the rendered source and the code is not doing anything special but I cannot figure out what the differences are? Thanks. KJQ

Read the article
How do I restrict the WCF service called by an ASP.NET AJAX page to only allow calls for that page?

- by NovaJoe

I have an AjaxControlToolkit DynamicPopulate control that is updated by calls to a WCF service. I know I can check the HttpContext in the service request to see if a user of the page (and thus, the control) is authenticated. However, I don't want anyone clever to be able to call the service directly, even if they're logged in. I want access to the service to be allowed ONLY to requests that are made from the page. Mainly, I don't want anyone to be able to programatically make a large number of calls and then reverse-engineer the algorithm that sits behind the service. Any clever ideas on how this can be done? Maybe I'm over-thinking this? Thanks in advance.

Read the article
Reset application and settings on user change

- by Don

Currently working on a project where a login will be required to use the application. I'm trying to figure out a smarter way to reset the application if someone is somehow logged out and the next one to login is not the same user. The option I have come up with at the moment is storing all user specific data/information in a DTO but this leaves me with cleaning up some parts of the work area. Is a ResetControls my only option here? I'm afraid that when updating the application someone might forget to update that part, most likely myself now that wrote it out. Anybody with experience in this that could provide some ideas to a simple yet fairly automagic solution?

Read the article
Authenticating a user for a single app with multiple domains

- by hofnarwillie

I have one asp.net web application, but two different domains point to this web app. For instance: www.one.com and www.two.com both point to the same web app. I have an issue where I need certain pages to be on a specific domain (due to some security requirements from our online payment provider - a third party website). So let's say page1.aspx needs to be called on www.two.com The process is as follows: A user logs into www.one.com The authentication cookie is saved to the browser The user then navigates to page1.aspx and, if on the wrong domain, gets redirected to the correct domain. (this redirection happens on page1.aspx in the page_load event) Then asp.net redirects the user to the login screen, because the authentication cookie is not sent to www.two.com. How can I track the user and keep him/her logged in between the two domains?

Read the article
SQL Server db_owner

- by andrew007

Hi, in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying: You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own. Of course, I would like to avoid such message, but until now I did find the way... Therefore, I try to modify the user by adding him to the "db_owner" role, and of course I do not have the message above. My question is: Is it possible to keep the user in the "db_owner" role, but deny some actions like alter user or ? I try "alter any user" securable on DB level, but it does not work... THANKS!

Read the article
Confusion with cookie session token and oauth2.0 don't know where to go anymore

- by byte_slave

Hi guys, I'm completely confused, frustrated and nothing seems to make sense and work any more. I' dev some iframe fb app and i've been using the javascript sdk (FB.Init()) to get the access_token, but doesn't always work, sometimes i'm already logged into FB and doesn't works... Did some reading, and read also that there is problems using cookies in iframes in Opera and IE, so I was thinking in use the OAuth 2.0 but i'm not sure how via facebook sdk c# and now I'm now completely lost, don't know if i still need to use the javascript FB.Init(). Documentation out there is poor and unclear, a lot of stuff refers to old code, and after hours of reading, jumping on examples, i'm completely messed up and confused. Can some, please, point/explain/enlightening me about this? Thanks a lot guys, appreciated! Merry christmas!

Read the article
CakePHP Auth how to allow specific controller and actions

- by nolandark

I have a "Posts" and a "Users" controller. I use the Auth Component and I want that all users can visit "Post.index" but only logged in users can visit "User.index". In my app_controller.php I have this $this->Auth->allow('signup', 'confirm', 'index'); but with that all users can visit post.index and user.index. How can I specify a Controller in the allow-method? This didn't work for me: $this->Auth->allow('signup', 'confirm', 'Post.index');

Read the article
MySQL: Limit output according to associated ID

- by Jess

So here's my situation. I have a books table and authors table. An author can have many books... In my authors page view, the user (logged in) can click an author in a tabled row and be directed to a page displaying the author's books (collected like this URI format: viewauthorbooks.php?author_id=23), very straight forward... However, in my query, I need to display the books for the author only, and not all books stored in the books table (as i currently have!) As I am a complete novice, I used the most simple query of: SELECT * FROM tasks_tb This returns the books for me, but returns every single value (book) in the database, and not ones associated with the selected author. And when I click a different author the same books are displayed for them...I think everyone gets what I'm trying to achieve, I just don't know how to perform the query. I'm guessing that I need to start using more advanced query clauses like INNER JOIN etc. Anyone care to help me out :)

Read the article
Silverlight - Timeout Issue

- by user70192

Hello, I have a Silverlight 3 application that is querying a large dataset. This query is taking over one minute. After approx. one minute into the attempt, an error is getting logged into the event viewer that says: "Membership credential verification failed" Oddly queries that are taking shorter than 1 minute are running successfully. Because of this, I do not believe it is a "credential" issue, unless somehow it is expiring. But how do I set the expiration? I have no idea what else this could be. Thank you,

Read the article
How to authenticate users against a Windows AD?

- by Potinos

I've a JSF-Hibernate web application. I need to authenticate users against a Windows AD and the web application should only allow logins from members of group X, otherwise it should redirect to an error page. How can I configure this? Also, I would like to display the name of the logged-in user on all pages, not the name of the Windows user of the server machine. I have tried the System.property("user.name") for this, but this only returns the name of the Windows user of the server name.

Read the article
Spring MVC 3.1 How to access HttpSession in Custom Authentication Provider (which implements AuthenticationProvider)

- by user1506231

My application calls a web service during the Authentication process (as shown in code below). How can I save some information in HttpSession during this process? This information like customer-account-number will be used in various other places in the application after the user is logged in. Is it possible to pass HttpSession parameter to the MyServiceManager's static login method? public class MyAuthenticationManager implements AuthenticationProvider { @Override public boolean supports(Class<? extends Object> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } @Override public Authentication authenticate(Authentication authentication) { //MyServiceManager.login - makes a call to web service if(MyServiceManager.login(authentication.getName(), authentication.getCredentials().toString(), XXX_HTTP_SESSION_XXX)) { List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority> (); authorities.add(new GrantedAuthorityImpl("ROLE_USER")); authorities.add(new GrantedAuthorityImpl("ROLE_SUPERVISOR")); return new UsernamePasswordAuthenticationToken(authentication.getName(), authentication.getCredentials(),authorities); } else { return null; } } }

Read the article
In grails how to insert additional parameters (from session) in all url's

- by HeDinges

I would like to add an additional parameter in my url, the use case is the following: When user do their login they also specify a 'company' name and from that moment on, all urls should map to: /$company/$controller/$action/$id The main idea is to have the current company name available in all url's, have it bookmarkable, and not to have to pass the company name everywhere as a request parameter. Also, once users are logged in it is acceptable to have the chosen company name in session scope. What is the right way of inserting this parameter in all our urls? I tried to modify my UrlMappings mapping, but I didn't found a way to insert the company name. Thanks,

Read the article
Google App Engine - Is os.environ reset between requests?

- by Ian Charnas

Hello I can't think of a way to test this and was hoping someone here knew the answer... I'm storing some request-specific data in os.environ, and was wondering if that data was going to leak to other requests. Does anyone know? Yes I realize that it's normal to use request.environ for this, and usually I do, but I want to store the currently authorized user ID (I'm using custom auth, not GAE auth) inside os.environ so that the models know the currently logged in user (remember, they don't have access to request.environ) without me having to pass the request object to just about every single model method. any help would be greatly appreciated Ian

Read the article
What are the best security measures to take for making certain directories private?

- by Sattvic

I have a directory on my server that I do not want Search Engines to crawl and I already set this rule in robots.txt I do want people that have logged in to be able to have access to this directory without having to enter a password or anything. I am thinking that a cookie is the best thing to put on users computers after they login, and if they have a cookie, they can access the directory. Is this possible, or is there a better way? I want people without this cookie to not have access to this directory - access for members only Any suggestions on the best design for this?

Read the article
Can Grails exceptionHandler support the following Error Handling Flow

- by Andrew

In my rails app that I am porting to grails whenever an unexpected error occurs I intercept the error automatically and display a form to the user informing them that an error has occured and asking them for further information. Meanwhile, as the form is rendered I write the stack trace and other information about who was logged in to a database table. Then if the form is submitted I add that information to the error report. I cannot tell from the exceptionHandler documentation and BootStrap examples whether that will allow me to grab all the information including various session and request parameters and then stuff them into a database and then post a form. Any thoughts?

Read the article
Windows Azure:broken logging after migration to the new SDK 1.3

- by cloud.dev

Hi, pls, help. I've migrated to new SDK 1. (Full-IIS mode) I use the following logging: case TraceLevel.Error: Trace.TraceError(message); break; case TraceLevel.Warning: Trace.TraceWarning(message); break; case TraceLevel.Info: Trace.TraceInformation(message); break; case TraceLevel.Verbose: Trace.WriteLine(message); break; it worked fine until I migrated to the new SDK. now, logging works only for Worker Roles. Web-Role can log only inside OnStart-method of WebRole.cs in other cases: logged nothing I understand that Full-IIS means different domains. so, I must call someway WaIIS.exe from w3wp.exe or ...?

Read the article
help regarding PERL program

- by riya

Could someone write simple PERL programs for the following scenarios: 1) convert a list from {1,2,3,4,5,7,9,10,11,12,34} to {1-5,7,9-12,34} 2) to sort a list of negative numbers 3) to insert values to hash array 4) there is a file with content: C1 c2 c3 c4 r1 r2 r3 r4 put it into an hash array where keys = {c1,c2,c3,c4} and values = {r1,r2,r3,r4} 5) There are testcases running each testcase runs as a process and has a process ID. The logs are logged in a logfile process ID appended to each line. Prog to find out if the test case has passed or failed. The program shoud be running till the processes are running and display output.

Read the article
How to secure images with Rails?

- by NotDan

I have a gallery in my rails app that needs to only allow certain images to be shown to specific, logged in users. I am using Paperclip for image processing now, but it saves all images in a public folder available to anyone. Note that I don't have to use Paperclip if there is a better way, and I already have the login system in place. I just need a way to place the images in a non-public location, but still be able to serve them as needed. Is it possible to only allow these images to be served to authenticated users?

Read the article
Simple rails routing / url question

- by justinbach

I'm using Ryan Bates' nifty authentication in my application for user signup and login. Each user has_many :widgets, but I'd like to allow users to browse other users' widgets. I'm thinking that a url scheme like /username/widgets/widget_id would make a lot of sense--it would keep all widget-related code in the same place (the widgets controller). However, I'm not sure how to use this style of URL in my app. Right now my codebase is such that it permits logged-in users to browse only their own widgets, which live at /widgets/widget_id. What changes would I need to make to routes.rb, my models classes, and any place where links to a given widget are needed? I've done Rails work before but am a newb when it comes to more complicated routing, etc, so I'd appreciate any feedback. Thanks for your consideration!

Read the article
Testing the load factor in my lab [closed]

- by Ami Winter

I am a system admin in a lab, I have ~90 computers in the lab and I want to check the load factor on them.. meaning, to check how many people are working on the computers hourly.. To see if I need to buy more computers or not. I am looking for a way to build a script to check if a computer is logged on or not.. (0 for log off - 1 for log on) After I will have this data, I know how to build a script to build me the graphs. All the computers are linked via a domain and most of them have windows XP (few windows 7) I'll be happy to get some help. Amihay

Read the article
Logging out of Facebook invalidates offline_access token

- by Mike Pateras

I'm getting an offline access token like this: https://graph.facebook.com/oauth/access_token?scope=offline_access&client_id=MYCLIENTID&redirect_uri=MYREDIRECTURI&client_secret=MYSECRET&code=MYCODE obviously the MYCLIENTID and stuff have been changed for the sake of this post. Anyway, as soon as the user logs out of facebook, the key seems to no longer be valid. Am I not requesting offline_access properly (there's still an "expires" value on it, should there be if it is actually getting offline access), or is that just how it works? If it's the latter, how can I get a key that will persist, regardless of if the user logs out of facebook? I'm sure this is possible, because Tweetdeck can still write to Facebook, even though I'm currently logged out.

Read the article
CSS Selector Issue

- by YsoL8

Hello html body .home blog logged-in div #wrapper div #page div .cats I have a problem with selecting unordered lists (i.e ul li.class-name class-name-number) at the above dom location in CSS. I am working with a wordpress theme. Basically could I have suggestions for the correct selector to use in order to influence this tag? I can provide a simplified html structure if it will help. I've tried a number of selectors along the lines of: (sometimes)#page (# or .)cats (sometimes)ul li(sometimes with class name) EDIT: I've tried the selectors suggested in the wordpress docs. Thanks!

Read the article
Web Form based login in Java

- by BrunoLM

How can I block access to the site if a user is not logged in? Under web.xml Security I checked Form authentication then I selected Login and Error page, but I don't know how to block the access and redirect the user to the login page. Do I need a filter? If so, how can I get the login url I specified? And how should I call the validation method? I saw in some examples this code <form method=post action="j_security_check"> <input type="text" name="j_username" /> <input type="password" name="j_password" /> </form> What does it do?

Read the article

< Previous Page | 101 102 103 104 105 106 107 108 109 110 111 112 | Next Page >