Search Results

Search found 412 results on 17 pages for 'openid'.

Page 11/17 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • How do DotNetOpenAuth whitelist and blacklists work?

    - by Jeff
    Does anyone have any documentation on DotNetOpenAuth and the way it handles while lists and black lists? My config <untrustedWebRequest> <blacklistHosts> <add name="*" /> </blacklistHosts> <whitelistHosts> <add name="www.mysite.ca" /> <add name="mysite.ca" /> <add name="devel.mysite.ca" /> <add name="devel.mysite.com" /> <add name="mysite.com" /> <add name="www.mysite.com" /> </whitelistHosts> </untrustedWebRequest> What I want is to have it cancel the request if it's any site not in the whilelist. I'm currently running version 2.5.49045 but plan to update soon. using <blacklistHostsRegex> <add name=".*" /> </blacklistHostsRegex> blocked ever site even ones in the whitelist.

    Read the article

  • DotNetOpenID / DotNetOpenAuth

    - by Jeff
    Does anyone have any documentation on DotNetOpenAuth and the way it handles while lists and black lists? My config <untrustedWebRequest> <blacklistHosts> <add name="*" /> </blacklistHosts> <whitelistHosts> <add name="www.mysite.ca" /> <add name="mysite.ca" /> <add name="devel.mysite.ca" /> <add name="devel.mysite.com" /> <add name="mysite.com" /> <add name="www.mysite.com" /> </whitelistHosts> </untrustedWebRequest> What I want is to have it cancel the request if it's any site not in the whilelist. I'm currently running version 2.5.49045 but plan to update soon. using <blacklistHostsRegex> <add name=".*" /> </blacklistHostsRegex> blocked ever site even ones in the whitelist.

    Read the article

  • Using a javax.servlet.Filter with Compojure

    - by mikera
    I'm trying to build a simple web site using Clojure / Compojure and want to feed apply a servlet filter to the request / response (i.e. a standard javax.servlet.Filter instance). e.g. if the current source code is: (defroutes my-app (GET "/*" (html [:h1 "Hello Foo!!"])) ) I would like to add a filter like this: (defroutes my-app (GET "/*" (FILTER my-filter-name (html [:h1 "Hello Foo!!"]))) ) Where my-filter-name is some arbitrary instance of javax.servlet.Filter. Any idea how to do this effectively and elegantly?

    Read the article

  • RPX API Call auth_info is returning "missing parameter" error

    - by James Lawruk
    I cannot get the RPX auth_info API call to work. It keeps returning the error: "Missing parameter: apiKey" I am using the C# RPX Helper Class provided on their Wiki:RPX Helper Class Below is my code in my Page_Load method. The RPX service works by sending a POST to a Url that I specify. My code gets the token from the post data shown below. Then I call the AuthInfo API method. string token = Request.Params["token"]; string apiKey = "xxxxxxxxxxxxxxx"; //my API key Rpx rpx = new Rpx(apiKey, "http://rpxnow.com"); XmlElement xmlElement = rpx.AuthInfo(token); Everything looks good. The token is populated. Within their code, the "apiKey" value pair is added to the post data written to the Request stream. Has anyone had luck with this? Any ideas why this is not working? Thanks.

    Read the article

  • Confusion on using django socialauth

    - by Fedor
    http://github.com/uswaretech/Django-Socialauth/tree/master/socialauth/ I'm a bit confused on how I should use this. Of course, I read the notes at the bottom but I'm a Django novice so I'll need a little hand holding. The structure of this looks like a project structure since it contains a urls.py but I'm also aware that applications can also have that. It also has a manage.py which leads me to believe it's a project ( plus the subdirectories ). So should I just be integrating portions of this into my existing project? This isn't an application, right? The README also mentions grabbing API Keys. So if I want a standard interface where you click on a google/yahoo logo and it forwards itself via Javascript to the authentication page where you login if you already aren't logged in, kicks you back to your own page, would I need API keys? Any other special tips are appreciated.

    Read the article

  • ASP.Net MVC DotNetOpenAuth Sample Issue on publish

    - by Roger D. Pharr
    I'm trying to use the MSDN Open ID project template for ASP.NET MVC C#. I've been able to configure a local copy to run well. But when I publish it to my hosting provider - it craps out. The error is "500 internal server error". Is there something I should know about publishing this template that I haven't noticed? Here are some more details (for diligence): Hosting provider is GoDaddy/SQL2005/IIS7. When I configure & publish the blank MVC template, it works. The local database publishes successfully, but I haven't been able to troubleshoot the connection in web.config yet. I expect there are connection string problems in the file. I tried disabling all of the references to log4net, as it seemed to be invoked several times on startup. But those changes did not seem to make a difference in either the local or published application performance. My IDE is Visual Studio 2010 Pro Any help would be greatly appreciated!

    Read the article

  • drupal open id - how to get details

    - by Arun
    I'm try to use drupal open id module. When i used to login using any provider id(yahoo,google..) the step it goes to registration page of my site. My question is how to populate details of the user to my form without additional burden to the user ?. For ex name,email-id etc. Is there any module associated with it ?

    Read the article

  • Login via Google Apps

    - by steven
    How can I authenticate my users via our their Google Apps account. I also need access to their email. I've read Oauth is needed but I have no idea if that is correct. I'm using PHP.

    Read the article

  • can I change my open ID URL change?

    - by dhruvbird
    I wanted to know if I can change my open ID url from say: www.abc.com/username to www.pqr.com/username while the relying party still thinks I am the same user? or even say: www.abc.com/something/username to www.abc.com/somethingelse/username I intuitively think that this is not possible since if it were, then it is possible for anyone to spoof anyone else's identity. Also, does Open ID specify which fields the relying party should use to ensure secure determination of the user's identity? For example, I would expect it to club the URL provided with the username/email address sent back by the Open ID server.

    Read the article

  • How does this decorator make a call to the 'register' method?

    - by BryanWheelock
    I'm trying to understand what is going on in the decorator @not_authenticated. The next step in the TraceRoute is to the method 'register' which is also located in django_authopenid/views.py which I just don't understand because I don't see anywhere that register is even mentioned in signin() How is the method 'register' called? def not_authenticated(func): """ decorator that redirect user to next page if he is already logged.""" def decorated(request, *args, **kwargs): if request.user.is_authenticated(): next = request.GET.get("next", "/") return HttpResponseRedirect(next) return func(request, *args, **kwargs) return decorated @not_authenticated def signin(request,newquestion=False,newanswer=False): """ signin page. It manage the legacy authentification (user/password) and authentification with openid. url: /signin/ template : authopenid/signin.htm """ request.encoding = 'UTF-8' on_failure = signin_failure next = clean_next(request.GET.get('next')) form_signin = OpenidSigninForm(initial={'next':next}) form_auth = OpenidAuthForm(initial={'next':next}) if request.POST: if 'bsignin' in request.POST.keys() or 'openid_username' in request.POST.keys(): form_signin = OpenidSigninForm(request.POST) if form_signin.is_valid(): next = clean_next(form_signin.cleaned_data.get('next')) sreg_req = sreg.SRegRequest(optional=['nickname', 'email']) redirect_to = "%s%s?%s" % ( get_url_host(request), reverse('user_complete_signin'), urllib.urlencode({'next':next}) ) return ask_openid(request, form_signin.cleaned_data['openid_url'], redirect_to, on_failure=signin_failure, sreg_request=sreg_req) elif 'blogin' in request.POST.keys(): # perform normal django authentification form_auth = OpenidAuthForm(request.POST) if form_auth.is_valid(): user_ = form_auth.get_user() login(request, user_) next = clean_next(form_auth.cleaned_data.get('next')) return HttpResponseRedirect(next) question = None if newquestion == True: from forum.models import AnonymousQuestion as AQ session_key = request.session.session_key qlist = AQ.objects.filter(session_key=session_key).order_by('-added_at') if len(qlist) > 0: question = qlist[0] answer = None if newanswer == True: from forum.models import AnonymousAnswer as AA session_key = request.session.session_key alist = AA.objects.filter(session_key=session_key).order_by('-added_at') if len(alist) > 0: answer = alist[0] return render('authopenid/signin.html', { 'question':question, 'answer':answer, 'form1': form_auth, 'form2': form_signin, 'msg': request.GET.get('msg',''), 'sendpw_url': reverse('user_sendpw'), }, context_instance=RequestContext(request)) Looking at the request, it seems that account/register/ does reference the register method with 'PATH_INFO': u'/account/register/' Here is the request: <WSGIRequest GET:<QueryDict: {}>, POST:<QueryDict: {u'username': [u'BryanWheelock'], u'email': [u'[email protected]'], u'bnewaccount': [u'Signup']}>, COOKIES:{'__utma': '127460431.1218630960.1266769637.1266769637.1266864494.2', '__utmb': '127460431.3.10.1266864494', '__utmc': '127460431', '__utmz': '127460431.1266769637.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)', 'sessionid': 'fb15ee538320170a22d3a3a324aad968'}, META:{'CONTENT_LENGTH': '74', 'CONTENT_TYPE': 'application/x-www-form-urlencoded', 'DOCUMENT_ROOT': '/usr/local/apache2/htdocs', 'GATEWAY_INTERFACE': 'CGI/1.1', 'HTTP_ACCEPT': 'application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5', 'HTTP_ACCEPT_CHARSET': 'ISO-8859-1,utf-8;q=0.7,*;q=0.3', 'HTTP_ACCEPT_ENCODING': 'gzip,deflate,sdch', 'HTTP_ACCEPT_LANGUAGE': 'en-US,en;q=0.8', 'HTTP_CACHE_CONTROL': 'max-age=0', 'HTTP_CONNECTION': 'close', 'HTTP_COOKIE': '__utmz=127460431.1266769637.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=127460431.1218630960.1266769637.1266769637.1266864494.2; __utmc=127460431; __utmb=127460431.3.10.1266864494; sessionid=fb15ee538320170a22d3a3a324aad968', 'HTTP_HOST': 'workproject.com', 'HTTP_ORIGIN': 'http://workproject.com', 'HTTP_REFERER': 'http://workproject.com/account/signin/complete/?next=%2F&janrain_nonce=2010-02-22T18%3A49%3A53ZG2KXci&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.mode=id_res&openid.op_endpoint=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fud&openid.response_nonce=2010-02-22T18%3A49%3A53Znxxxxxxxxxw&openid.return_to=http%3A%2F%2Fworkproject.com%2Faccount%2Fsignin%2Fcomplete%2F%3Fnext%3D%252F%26janrain_nonce%3D2010-02-22T18%253A49%253A53ZG2KXci&openid.assoc_handle=AOQobUepU4xs-kGg5LiyLzfN3RYv0I0Jocgjf_1odT4RR9zfMFpQVpMg&openid.signed=op_endpoint%2Cclaimed_id%2Cidentity%2Creturn_to%2Cresponse_nonce%2Cassoc_handle&openid.sig=Jf76i2RNhqpLTJMjeQ0nnQz6fgA%3D&openid.identity=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItxxxxxxxxxs9CxHQ3PrHw_N5_3j1HM&openid.claimed_id=https%3A%2F%2Fwww.google.com%2Faccounts%2Fo8%2Fid%3Fid%3DAItOaxxxxxxxxxxx4s9CxHQ3PrHw_N5_3j1HM', 'HTTP_USER_AGENT': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.9 (KHTML, like Gecko) Chrome/5.0.307.7 Safari/532.9', 'HTTP_X_FORWARDED_FOR': '96.8.31.235', 'PATH': '/usr/bin:/bin', 'PATH_INFO': u'/account/register/', 'PATH_TRANSLATED': '/home/spirituality/webapps/work/spirit_app.wsgi/account/register/', 'QUERY_STRING': '', 'REMOTE_ADDR': '127.0.0.1', 'REMOTE_PORT': '59956', 'REQUEST_METHOD': 'POST', 'REQUEST_URI': '/account/register/', 'SCRIPT_FILENAME': '/home/spirituality/webapps/spirituality/spirit_app.wsgi', 'SCRIPT_NAME': u'', 'SERVER_ADDR': '127.0.0.1', 'SERVER_ADMIN': '[no address given]', 'SERVER_NAME': 'workproject.com', 'SERVER_PORT': '80', 'SERVER_PROTOCOL': 'HTTP/1.0', 'SERVER_SIGNATURE': '', 'SERVER_SOFTWARE': 'Apache/2.2.12 (Unix) mod_wsgi/2.5 Python/2.5.4', 'mod_wsgi.application_group': 'www.workProject.com|', 'mod_wsgi.callable_object': 'application', 'mod_wsgi.listener_host': '', 'mod_wsgi.listener_port': '25931', 'mod_wsgi.process_group': '', 'mod_wsgi.reload_mechanism': '0', 'mod_wsgi.script_reloading': '1', 'mod_wsgi.version': (2, 5), 'wsgi.errors': <mod_wsgi.Log object at 0xb7ce0038>, 'wsgi.file_wrapper': <built-in method file_wrapper of mod_wsgi.Adapter object at 0xb7e94b18>, 'wsgi.input': <mod_wsgi.Input object at 0x999cc78>, 'wsgi.multiprocess': True, 'wsgi.multithread': False, 'wsgi.run_once': False, 'wsgi.url_scheme': 'http', 'wsgi.version': (1, 0)}>

    Read the article

  • Intellitrace bug causes &ldquo;Operation could destabilize the runtime&rdquo; exception

    - by Magnus Karlsson
    We cant use it when we use simplemembership to handle external authorizations.   Server Error in '/' Application. Operation could destabilize the runtime. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Security.VerificationException: Operation could destabilize the runtime. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [VerificationException: Operation could destabilize the runtime.] DotNetOpenAuth.OpenId.Messages.IndirectSignedResponse.GetSignedMessageParts(Channel channel) +943 DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement.GetExtensionsDictionary(IProtocolMessage message, Boolean ignoreUnsigned) +282 DotNetOpenAuth.OpenId.ChannelElements.<GetExtensions>d__a.MoveNext() +279 DotNetOpenAuth.OpenId.ChannelElements.ExtensionsBindingElement.ProcessIncomingMessage(IProtocolMessage message) +594 DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) +933 DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) +326 DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestBase httpRequest) +1343 DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestBase httpRequestInfo) +241 DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse() +361 DotNetOpenAuth.AspNet.Clients.OpenIdClient.VerifyAuthentication(HttpContextBase context) +136 DotNetOpenAuth.AspNet.OpenAuthSecurityManager.VerifyAuthentication(String returnUrl) +984 Microsoft.Web.WebPages.OAuth.OAuthWebSecurity.VerifyAuthenticationCore(HttpContextBase context, String returnUrl) +333 Microsoft.Web.WebPages.OAuth.OAuthWebSecurity.VerifyAuthentication(String returnUrl) +192 PrioMvcWebRole.Controllers.AccountController.ExternalLoginCallback(String returnUrl) in c:hiddenforyou lambda_method(Closure , ControllerBase , Object[] ) +127 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) +250 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) +39 System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +87 System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +439 System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +439 System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeActionMethodWithFilters>b__36(IAsyncResult asyncResult) +15 System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +34 System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +221 System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +28 System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15 System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +42 System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +15 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +523 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +176 Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.17929

    Read the article

  • Web2.0, AJAX, HTML5, Facebook, Social web, openid, Oauth, web browsers... where is all this going ?

    - by jokoon
    We have seen many new things appear in the last 7 or 5 five years on the web: Facebook, html5 appeared, new browsers grew strongly, Google failed with Wave... Since Facebook and other stuff like Gtalk and Gmail, I thought and hoped that forums, chat, mail, usenet, conversation rooms and p2p protocols could inter operate to allow the user to use all those services transparently. Of course I realized that things are far much complicated, for several reasons: the IETF cannot invent new things: they just propose standards. Microsoft as well as big players often are obstacles to relevant innovation regarding open formats. The biggest stories being document formats or internet explorer with its long reaction to support web standards. Smartphones, thanks to the appearances of OSes such as iOS and Android, are finally able to navigate on internet: former devices were deaf, they weren't directly connected to internet. The mail protocol were left unchanged even with the grow of spam and malwares. I don't know what to think, because I think there is still a lot to do, but I feel like it will never happen or that nobody seems interested in those basic text transmit features... So what do you think what are the next big steps in the evolution of the web ? Do you think is will still walk hand in hand with open source ?

    Read the article

  • Cisco ASA user authentication options - OpenID, public RSA sig, others?

    - by Ryan
    My organization has a Cisco ASA 5510 which I have made act as a firewall/gateway for one of our offices. Most resources a remote user would come looking for exist inside. I've implemented the usual deal - basic inside networks with outbound NAT, one primary outside interface with some secondary public IPs in the PAT pool for public-facing services, a couple site-to-site IPSec links to other branches, etc. - and I'm working now on VPN. I have the WebVPN (clientless SSL VPN) working and even traversing the site-to-site links. At the moment I'm leaving a legacy OpenVPN AS in place for thick client VPN. What I would like to do is standardize on an authentication method for all VPN then switch to the Cisco's IPSec thick VPN server. I'm trying to figure out what's really possible for authentication for these VPN users (thick client and clientless). My organization uses Google Apps and we already use dotnetopenauth to authenticate users for a couple internal services. I'd like to be able to do the same thing for thin and thick VPN. Alternatively a signature-based solution using RSA public keypairs (ssh-keygen type) would be useful to identify user@hardware. I'm trying to get away from legacy username/password auth especially if it's internal to the Cisco (just another password set to manage and for users to forget). I know I can map against an existing LDAP server but we have LDAP accounts created for only about 10% of the user base (mostly developers for Linux shell access). I guess what I'm looking for is a piece of middleware which appears to the Cisco as an LDAP server but will interface with the user's existing OpenID identity. Nothing I've seen in the Cisco suggests it can do this natively. But RSA public keys would be a runner-up, and much much better than standalone or even LDAP auth. What's really practical here?

    Read the article

  • Cisco ASA user authentication options - OpenID, public RSA sig, others?

    - by Ryan
    My organization has a Cisco ASA 5510 which I have made act as a firewall/gateway for one of our offices. Most resources a remote user would come looking for exist inside. I've implemented the usual deal - basic inside networks with outbound NAT, one primary outside interface with some secondary public IPs in the PAT pool for public-facing services, a couple site-to-site IPSec links to other branches, etc. - and I'm working now on VPN. I have the WebVPN (clientless SSL VPN) working and even traversing the site-to-site links. At the moment I'm leaving a legacy OpenVPN AS in place for thick client VPN. What I would like to do is standardize on an authentication method for all VPN then switch to the Cisco's IPSec thick VPN server. I'm trying to figure out what's really possible for authentication for these VPN users (thick client and clientless). My organization uses Google Apps and we already use dotnetopenauth to authenticate users for a couple internal services. I'd like to be able to do the same thing for thin and thick VPN. Alternatively a signature-based solution using RSA public keypairs (ssh-keygen type) would be useful to identify user@hardware. I'm trying to get away from legacy username/password auth especially if it's internal to the Cisco (just another password set to manage and for users to forget). I know I can map against an existing LDAP server but we have LDAP accounts created for only about 10% of the user base (mostly developers for Linux shell access). I guess what I'm looking for is a piece of middleware which appears to the Cisco as an LDAP server but will interface with the user's existing OpenID identity. Nothing I've seen in the Cisco suggests it can do this natively. But RSA public keys would be a runner-up, and much much better than standalone or even LDAP auth. What's really practical here?

    Read the article

  • Rails: simple bundler question

    - by Joern Akkermann
    Hi! I just installed the ruby-openid gem and then bundled it by entering gem 'ruby-openid', :require => 'openid' in the gemfile. Then I started bundle install and bundle lock. Everything worked fine so far. But how can I now access the classes of ruby-openid. OpenID::method won't work for me. It raises a not found error. What have I forgot or done wrong? I'm thankful for any help!

    Read the article

  • meta.stackoverflow.com has a problem

    - by asker
    Sorry, this is off topic, but fact evolved that meta.stackoverflow does only allow posting with openid despite stating possibility of post per nick/email. Posted here because underlying prob stemmed from serverfault. So here is a copy: Despite stating that submission via nick/email were possible, required fields are not given. Please fix or state that critique be only issued non anonymously. Tags OpenID Login Get an OpenID Oops! Your question couldn't be submitted because: must include one of these tags -- bug feature-request discussion support users with less than 99 reputation can't create new tags. The tag 'limit' is new. Try using an existing tag instead. name and email, or your OpenID, are missing

    Read the article

  • one email have multiple open id , unable to retrive specific open id password?

    - by superUser
    I have multiple OPENID accouts refrencing same email address, now i forget one of my accout's password. and when i tried to recover my password then only one openid accout link sent to my mail address whereas i need another openid password reset link what i have to do?? although i m able to login through gmail, but i want to login through openid. i have mailed already? but no satisfactory answer?? how do i collect all open ID password reset link referencing same email address??

    Read the article

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17  | Next Page >