Search Results

Search found 14771 results on 591 pages for 'security policy'.

Page 113/591 | < Previous Page | 109 110 111 112 113 114 115 116 117 118 119 120  | Next Page >

  • Prevent acccess to the C drive

    - by Jenko
    Is it possible to prevent regular users from accessing the C drive via Windows Explorer? they should be allowed to execute certain programs. This is to ensure that employees cannot steal or copy out proprietary software even though they should be able to execute it. One way would be to change the option in windows Group Policy and set the "shell" to something other than "explorer.exe". I'm looking for a similar windows setting that just hides the C drive or otherwise prevents trivial access. This is for Windows XP/7.

    Read the article

  • Why is Internet said to be an untrusted network?

    - by Ant's
    From Wikipedia In computer security, a DMZ (sometimes referred to as a perimeter networking) is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. Why does it say … larger untrusted network, usually the Internet. I often see that internet is said to be an untrusted network. Are there any reasons for it?

    Read the article

  • Clipboard Copy-Paste doesn't work on Win Server 2008/Vista 64bit

    - by Itay Levin
    Hi, I am trying to use Clipboard API (in Delphi) to extract images from Word documents. my code works OK in Windows XP/2003 but in windows 2008 64 bit it doesn't work. in win 2008 i get an error saying that Clipboard.Formats is empty and doesn't contain any format. The image seems to be copied to the Clipboard (i can see it in the clipboard via Word) but when i try to ask the clipboard what format does he have it said it doesn't have any formats. how can i access the clipboard programmatically on win 2008/Vista? from what i know of 2008 64 bit, it might be a security issue... here is the code snippet: This is how i am trying to copy the Image to the clipboard: W.ActiveDocument.InlineShapes.Item(1).Select; // W is a word ole object W.Selection.Copy; and this is how i try to paste it. Clipboard.Open; Write2DebugFile('FormatCount = ' + IntToStr(Clipboard.FormatCount)); // FormatCount=0 For JJ := 1 to Clipboard.FormatCount Do Write2DebugFile('#'+ IntToStr(JJ) + ':' + IntToStr(Clipboard.Formats[JJ])); If (Clipboard.HasFormat(CF_BITMAP)) or (Clipboard.HasFormat(CF_PICTURE)) or (Clipboard.HasFormat(CF_METAFILEPICT)) then // all HasFormat calls returns false. Begin Jpeg := TJPEGImage.Create; Bitmap := TBitmap.Create; Bitmap.LoadFromClipboardFormat(cf_BitMap,ClipBoard.GetAsHandle(cf_Bitmap),0); Jpeg.Assign(Bitmap); Jpeg.SaveToFile(JpgFileN); try Jpeg.Free; except; end; ResizeImage(JpgFileN,750); Write2DebugFile('Saving ' + JpgFileN); End else Write2DebugFile('Doesnt have the right format'); Thanks in advance, Itay

    Read the article

  • Asp.net mvc application deployment / security issues

    - by WestDiscGolf
    I'll start with appologies; I wasn't sure if this was best posted here of Server Fault so if its in the wrong place then please move :-) Basic information I have written the first module of a new application at work. This is written using Visual Studio 2010, targetting .net 3.5 (at the moment) and asp.net mvc 2. This has been working fine during development running on the built in Development server from VS but however does not work once deployed to IIS 7/7.5. To deploy the application, I have built it in release mode and created a deployment package by right clicking on the project in the solution explorer (this will be done with an automated build in tfs once upgrade from the beta). This has then been imported into IIS on the server. The application is using windows/domain authentication. Issue #1 I can fire up internet explorer and browse to the application from a client computer as well as on a remote desktop connection. I can execute the code which reads/stores data in Session fine from the IE instance on the remote desktop but if I browse to it from the client pc it seems to lose the session state. I click on the form submit and the page refreshes and doesn't execute the required code. I've tried setting with; InProc, SQLServer and StateServer. but with no luck :-( Issue #2 As part of the application it views PDF and Tiff documents on the fly which are on a network share on the office network and creates thumbnails if the document hasn't been viewed before. This works if running on the machine the application is deployed to; however when browsing from a client pc I get an error saying: Access to the path '\\fileserver\folder\file.tif' is denied Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.UnauthorizedAccessException: Access to the path '\\fileserver\folder\file.TIF' is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via , the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user. As this is on a different server the user is not accessible. To get round this I have tried: 1 - setting the application pool to run as domain administrator (I know this is a security risk, but I'm just trying to get it to work at the moment!) 2 - to set the log on account for World Wide Web Publishing service to be the domain admin . When trying to restart the service I get ... Windows could not start the World Wide Web Publishing Service service on the Local Computer. Error 1079: The account specified for this service is different from the account specified fro the other services running in the same process. Any pointers/help would be much appriciated as I'm pulling my hair out (of what little I have left). Update I've been using this funky little tool I found - DelegConfig v2 beta (Delegation / Kerberos Configuration Tool). This has been really usefull. So I've got the accessing of the file share working (there is a test page which will read the files) so now I've just got the issue of passing through the users credentials through to the SQL Server (wans't my choice to do it this way!!) to execute the queries etc. but I can't get it to log on as the user. It tries to access it as "NT Authority\Network Service" which doesn't have a sql login (as should be the logged on user). My connection string is: <add name="User" connectionString="Data Source=.;Integrated Security=True" providerName="System.Data.SqlClient" /> No initial catalog is specified as the system is over multiple dbs (also wasn't my choice!!). I really appriciate all the help so far! :-) Any further hints?!

    Read the article

  • Security Exception when using Custom ASP.NET Healthmonitoring event in medium trust

    - by Elementenfresser
    Hi, I'm using custom healthmonitoring events in ASP.NET We recently moved to a new server with default High Trust Permissions. Literature says that healthmonitoring and custom events should work under Medium or higher trust (http://msdn.microsoft.com/en-us/library/bb398933.aspx). Problem is - it doesn't. In less than full trust I get a SecurityException saying The application attempted to perform an operation not allowed by the security policy It works in Full trust or when I remove the inheritance of System.Web.Management.WebErrorEvent. Any suggestions anyone? Here is the super simple code behind with a custom event defined: public partial class Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { try { CallCustomEvent(); } catch (Exception ex) { Response.Write(ex.Message); throw ex; } } /// <summary> /// this metho is never called due to lacking permissions... /// </summary> private void CallCustomEvent() { try { //do something useful here } catch (Exception) { //code to instantiate the forbidden inheritance... WebBaseEvent.Raise(new CustomEvent()); } } } /// <summary> /// custom error inheriting WebErrorEvent which is not allowed in high trust? can't believe that... /// </summary> public class CustomEvent : WebErrorEvent { public CustomEvent() : base("test", HttpContext.Current.Request, 100001, new ApplicationException("dummy")) { } } and the Web Config excerpt for high trust: <system.web> <trust level="High" originUrl="" />

    Read the article

  • How can I test a form that requires the entry of two random characters from a security phrase?

    - by lawm
    I need to test a two-stage login system which first asks for your email address and password and then presents the user with two select lists containing [a-zA-Z0-9]. The labels beside the drop down's are of the form 'Select character X from your security phrase', where X is a random character index from a known security phrase. I'd rather not stub the code for an acceptance test, so is it possible to write a matcher in cucumber which will, given that we know the whole phrase, select the required character in each of the two lists? Here is the scenario I have so far and the steps involved: Scenario: valid login email, password and secret phrase takes me to the dashboard Given I am not logged in When I log in as "[email protected]" Then I should be on the dashboard page And I should see "Your Dashboard" When /^I log in as "([^\"]*)"$/ do |login| visit path_to('Login page') fill_in "Email", :with => login fill_in "Password", :with => "Password123" click_button "Log in" response.should contain("Please verify some characters from your security phrase") select "a", :from => "Select character X of your security phrase" select "b", :from => "Select character Y of your security phrase" click_button "Submit" end For example, if the security phrase is 'Secret123', X = 3 and Y = 8, the above would have to produce the equivalent of: select "c", :from => "Select character 3 of your security phrase" select "2", :from => "Select character 8 of your security phrase" The numbers X and Y in the actual page are inside span#svc_1 and span#svc_2 respectively. Thanks,

    Read the article

  • WCF: Using Streaming and Username/Password authentication at the same time

    - by Kay
    Hi, I have a WCF Service with the following requirements: a) The client requests a file from the server which is transferred as a Stream. Files may be 100MB or larger. I need streaming or chucking or whatever to make sure that IIS is not loading the whole package into memory before starting to send it. b) The client will transfer an ID to identify the file to be downloaded. The user should be authenticated by providing username/password. c) While the username/password part of the communication needs to be encrypted, encryption of the downloaded file is optional for our use case. My other services, where I am returning smaller files, I am using the following binding: <ws2007HttpBinding> <binding name="ws2007HttpExtern" maxReceivedMessageSize="65536000"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </ws2007HttpBinding> But, as I said, that is no good for streaming (Message encryption needs the complete message to encrypt and that is not the case when streaming). So, I asked Microsoft support and I got more or less the following proposal: <bindings> <basicHttpBinding> <binding name="basicStreaming" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </bindings> <services> <service behaviorConfiguration="MyProject.WCFInterface.DownloadBehavior" name="MyProject.WCFInterface.DownloadFile"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicStreaming" contract="MyProject.WCFInterface.IDownloadFile" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyProject.WCFInterface.DownloadBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> When I use this, I get the following error message: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. I am using the Web Development Server so far (for production IIS7). I have two questions. a) How would you configure WCF to achieve the goal? b) If the MS proposal is good: What I am doing wrong, the error message does not really help me. Thanks.

    Read the article

  • Winforms role based security limitations

    - by muhan
    I'm implementing role based security using Microsoft's membership and role provider. The theoretical problem I'm having is that you implement a specific role on a method such as: [PrincipalPermissionAttribute(SecurityAction.Demand, Role="Supervisor")] private void someMethod() {} What if at some point down the road, I don't want Supervisors to access someMethod() anymore? Wouldn't I have to change the source code to make that change? Am I missing something? It seems there has to be some way to abstract the relationship between the supervisors role and the method so I can create a way in the application to change this coupling of role permission to method. Any insight or direction would be appreciated. Thank you.

    Read the article

  • Creating Custom Assertions in Oracle Web service Manager (OWSM)

    - by sachin
    I am trying to create example given at this site: http://download.oracle.com/docs/cd/E12839_01/web.1111/b32511/custom_assertions.htm#CIHFGJAG but While compiling I get following errors: Error(63,64): cannot access oracle.annotation.logging.Publish Error: error: in class file D:\Installations\Oracle\Middleware_11g\oracle_common\modules\oracle.wsm.common_11.1.1\wsm-policy-core.jar/oracle/wsm/resources/enforcement/EnforcementMessageID.class: unknown enum constant oracle.annotation.logging.Publish.NO Error(69,28): cannot access oracle.annotation.logging.Category Error(70,48): cannot find variable FAULT_FAILED_CHECK Error(75,17): cannot access oracle.annotation.logging.Severity I have included: wsm-policy-core.jar, wsm-agent-core.jar findjars.com shows oracle.annotation.logging.Publish present in: logging-utils.jar I downloaded latest oc4j, but still not able to find this jar or resolve the issue. Please help!

    Read the article

  • System.Security.VerificationException: Operation could destabilize the runtime

    - by Rigobert Song
    I have a web service which is queried using linq to sql but returns an array of objects. I keep getting the following error: System.Security.VerificationException: Operation could destabilize the runtime When I run a method that uses a linq statement to return an array I get this error, but only on my test server, which is windows server 2008. Everything works fine in my win 7 machine. The project is a .net 3.5. Any ideas what the problem might be? Thanks UPDATE: My linq queries return IQueryable.

    Read the article

  • Quick question on session security.

    - by Scarface
    Hey guys, I was scanning my site for security and I noticed that it was possible for non users to send requests and post information, so I decided to put login checks on all information posts. I was wondering if it was a good way to keep a session id that is created by md5(uniqid()); in a session variable $_SESSION['id']=md5(uniqid()); for each user and then store that in a database under active users for that user. Then when a user tries to insert information, verify that their $_SESSION['id'] variable is equal to the one in the database where the username equals their $_SESSION['username']. What are your ideas on this guys? Thanks in advance!

    Read the article

  • Implementing Security on custom BCS/.net class?

    - by Michael Stum
    I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account. All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad. Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough). I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

    Read the article

  • Hacking your own application

    - by instigator
    I am a web developer that is very conscious of security and try and make my web applications as secure as possible. How ever I have started writing my own windows applications in C# and when it comes testing the security of my C# application, I am really only a novice. Just wondering if anyone has any good tutorials/readme's on how to hack your own windows application and writing secure code.

    Read the article

  • Objective-C Plugin Architecture Security (Mac, not iphone)

    - by Tom Dalling
    I'm possibly writing a plugin system for a Cocoa application (Mac, not iphone). A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys. Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only. Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?

    Read the article

  • Flash security popup is unclickable on a layered window

    - by sjlewis
    I have a layered (TransparencyKey is set) winform w/ a WebBrowser control on it that navigates to a page that contains flash (swf). Everything works okay except that when flash shows a security popup, none of the buttons on the popup respond to mouse click, so I can't click Allow/Deny. Right-click works but only shows the context menu that is normal to flash. I tried overriding WndProc on the WebBrowser control, as suggested here, but it still does not respond to mouse click. If I comment out the TransparencyKey setting, even w/o the WndProc override, the buttons respond. I thought this'd be a container issue so I decided to host the swf file on the form, using the example here, but this, too, had the same problem w/ layered window. So, is there another way that can get around this problem? What is it w/ layered window that renders the buttons on the flash popup unclickable? What is it w/ flash...?

    Read the article

  • ie6 p3p 'file download security warning'

    - by cometta
    i have a page inside iframe, so i set the header to "P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"" after that my page inside iframe able to load properly and i able to authenticate user with 'form' post . but on ie6, when i post 'form' inside iframe, i get ie6 message 'file download security warning on javascript file' . those javascript files are put on 'head' of pages inside iframe. how comes ie6 suddenly pop up dialog asking to download those files? anyone know which p3p parameter cause this problem?

    Read the article

  • outputting html in runtime in asp.net

    - by madness800
    Hi all, I'm building a website at the moment, I've some html fragment that is being stored into the database, I've been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it. So, my question is there any alternative way to safely display the html code and won't pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database? Cheers

    Read the article

  • Need a Security Scenario for asp.net webservice

    - by Karamafrooz
    I have developed a .Net 3.5 windows forms application. I also want to design a website that has a webservice with multiple Webmethods to query the database on the host machine. I want the webservice to be called ONLY through my winapp and my website! And I don't want any other people to be able to call and use my webservice but only some people who have access to the windows application that I have developed. I need a good security scenario for this! I truly appreciate anyone who can help me because this is my first experience of developing a webservice and I really need it to be as secure as I mentioned!

    Read the article

  • Making sure a web page is not cached, across all browsers.

    - by Edward Wilde
    Our investigations have shown us that not all browsers respect the http cache directives in a uniform manner. For security reasons we do not want certain pages in our application to cached, ever, by the web browser. This must work for at least the following browsers: Internet Explorer versions 6-8 FireFox versions 1.5 - 3.0 Safari version 3 Opera 9 Our requirement came from a security test. After logging out from our website you could press the back button and view cached pages.

    Read the article

  • Google Web Toolkit Deferred Binding Issue

    - by snctln
    I developed a web app using GWT about 2 years ago, since then the application has evolved. In its current state it relies on fetching a single XML file and parsing the information from it. Overall this works great. A requirement of this app is that it needs to be able to be ran from the filesystem (file:///..) as well as the traditional model of running from a webserver (http://...) Fetching this file from a webserver works exactly as expected using a RequestBuilder object. When running the app from the filesystem Firefox, Opera, Safari, and Chrome all behave as expected. When running the app from the filesystem using IE7 or IE8 the RequestBuilder.send() call fails, the information about the error suggests that there is a problem accessing the file due to violating the same origin policy. The app worked as expected in IE6 but not in IE7 or IE8. So I looked at the source code of RequestBuilder.java and saw that the actual request was being executed with an XMLHttpRequest GWT object. So I looked at the source code for XMLHttpRequest.java and found out some information. Here is the code (starts at line 83 in XMLHttpRequest.java) public static native XMLHttpRequest create() /*-{ if ($wnd.XMLHttpRequest) { return new XMLHttpRequest(); } else { try { return new ActiveXObject('MSXML2.XMLHTTP.3.0'); } catch (e) { return new ActiveXObject("Microsoft.XMLHTTP"); } } }-*/; So basically if an XMLHttpRequest cannot be created (like in IE6 because it is not available) an ActiveXObject is used instead. I read up a little bit more on the IE implementation of XMLHttpRequest, and it appears that it is only supported for interacting with files on a webserver. I found a setting in IE8 (Tools-Internet Options-Advanced-Security-Enable native XMLHTTP support), when I uncheck this box my app works. I assume this is because I am more of less telling IE to not use their implementation of XmlHttpRequest, so GWT just uses an ActiveXObject because it doesn't think the native XmlHttpRequest is available. This fixes the problem, but is hardly a long term solution. I can currently catch a failed send request and verify that it was trying to fetch the XML file from the filesystem using normal GWT. What I would like to do in this case is catch the IE7 and IE8 case and have them use a ActiveXObject instead of a native XmlHttpRequest object. There was a posting on the GWT google group that had a supposed solution for this problem (link). Looking at it I can tell that it was created for an older version of GWT. I am using the latest release and think that this is more or less what I would like to do (use GWT deferred binding to detect a specific browser type and run my own implementation of XMLHttpRequest.java in place of the built in GWT implementation). Here is the code that I am trying to use package com.mycompany.myapp.client; import com.google.gwt.xhr.client.XMLHttpRequest; public class XMLHttpRequestIE7or8 extends XMLHttpRequest { // commented out the "override" so that eclipse and the ant build script don't throw errors //@Override public static native XMLHttpRequest create() /*-{ try { return new ActiveXObject('MSXML2.XMLHTTP.3.0'); } catch (e) { return new ActiveXObject("Microsoft.XMLHTTP"); } }-*/; // have an empty protected constructor so the ant build script doesn't throw errors // the actual XMLHttpRequest constructor is empty as well so this shouldn't cause any problems protected XMLHttpRequestIE7or8() { } }; And here are the lines that I added to my module xml <replace-with class="com.mycompany.myapp.client.XMLHttpRequestIE7or8"> <when-type-is class="com.google.gwt.xhr.client.XMLHttpRequest"/> <any> <when-property-is name="user.agent" value="ie7" /> <when-property-is name="user.agent" value="ie8" /> </any> </replace-with> From what I can tell this should work, but my code never runs. Does anyone have any idea of what I am doing wrong? Should I not do this via deferred binding and just use native javascript when I catch the fail case instead? Is there a different way of approaching this problem that I have not mentioned? All replies are welcome.

    Read the article

  • serving files using django - is this a security vulnerability

    - by Tom Tom
    I'm using the following code to serve uploaded files from a login secured view in a django app. Do you think that there is a security vulnerability in this code? I'm a bit concerned about that the user could place arbitrary strings in the url after the upload/ and this is directly mapped to the local filesystem. Actually I don't think that it is a vulnerability issue, since the access to the filesystem is restricted to the files in the folder defined with the UPLOAD_LOCATION setting. UPLOAD_LOCATION = is set to a not publicly available folder on the webserver url(r'^upload/(?P<file_url>[/,.,\s,_,\-,\w]+)', 'aeon_infrastructure.views.serve_upload_files', name='project_detail'), @login_required def serve_upload_files(request, file_url): import os.path import mimetypes mimetypes.init() try: file_path = settings.UPLOAD_LOCATION + '/' + file_url fsock = open(file_path,"r") file_name = os.path.basename(file_path) file_size = os.path.getsize(file_path) print "file size is: " + str(file_size) mime_type_guess = mimetypes.guess_type(file_name) if mime_type_guess is not None: response = HttpResponse(fsock, mimetype=mime_type_guess[0]) response['Content-Disposition'] = 'attachment; filename=' + file_name #response.write(file) except IOError: response = HttpResponseNotFound() return response

    Read the article

  • How would a php or java client authenticate if I'm using WCF w/ forms auth?

    - by Toran Billups
    I have a generic proof of concept WCF service that is using forms authentication to secure access. All works great when my client is .NET (vb code below) Dim client As SupplierServiceClient = New SupplierServiceClient() client.ClientCredentials.UserName.UserName = "[email protected]" client.ClientCredentials.UserName.Password = "password" Dim SupplierList As List(Of Supplier) = client.GetSuppliers() but as I want this to interop w/ anyone who can do SOAP 1.1/1.2 - how would a PHP or Java client connect? My WCF web.config is listed below (fyi) <system.serviceModel> <services> <service name="SampleApplicationWCF.Library.SupplierService" behaviorConfiguration="NorthwindBehavior"> <endpoint address="" name="wsHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="wsHttpBinding" bindingConfiguration="wsHttp"/> <endpoint address="https://server/SampleApplicationWCF/SupplierService.svc/Basic" name="basicHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="basicHttpBinding" bindingConfiguration="basicHttp"/> <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/> </service> </services> <bindings> <wsHttpBinding> <binding name="wsHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/> </security> </binding> </wsHttpBinding> <basicHttpBinding> <binding name="basicHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName"/> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="NorthwindBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceAuthorization principalPermissionMode="UseAspNetRoles"/> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel>

    Read the article

  • Security Token/Cross Domain Cookie in Classic ASP?

    - by jlrolin
    I have an interesting conundrum. We have a site that is a completely separate domain, we'll say http://www.x.com and our own site that is http://www.y.com. The y.com site is actually a classic ASP site, and we aren't converting it to .NET at this time. The problem is that there is a link on x.com that redirects to y.com from a members area. We want to "authenticate" the user to make sure they are a member from the other site. If they are, they are directed to a members area on y.com. If not, they have to provide login information on y.com. Cookies obviously don't work due to the cross domain security, but is there a way around this? I've also looked at a service for tokens, but I'm not sure exactly how that works in Classic ASP. Any ideas or suggestions?

    Read the article

< Previous Page | 109 110 111 112 113 114 115 116 117 118 119 120  | Next Page >