Search Results

Search found 15648 results on 626 pages for 'wcf security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 114/626 | < Previous Page | 110 111 112 113 114 115 116 117 118 119 120 121  | Next Page >

  • Small business: what should I know about computer security?

    - by geschema
    I run a small (1 man) consulting company in the field of embedded systems, working from home using a standard DSL internet access. My main development machine is a Windows XP PC, which is connected to the router with an ethernet cable. I also have a MacBook Pro laptop, which is connects to the network via WLAN (WPA-PSK). Besides enabling the Windows firewall, not using IE, having an up-to-date antivirus program and strong passwords, what do I need to know to keep my customers' data safe on these computers?

    Read the article

  • Can I lose files when changing security on an XP drive within Windows 7?

    - by Will
    Hard to come up with a title for this one, sheesh. Have a friend whose computer went down. He asked me to get all his data off his drive. His old computer was running XP. So, I've plugged it into my Windows 7 computer. When I attempt to open up his Documents and Settings folder, I get prompted to elevate in order to "permanently get access to this folder." If I do this, will I be able to access the files in this directory, or will all the current files be lost? I may be overly paranoid about this, but I can't find any information about exactly what will happen when I do this. TIA.

    Read the article

  • Is there a security concern exposing NTLM authentication over http or should it only be https?

    - by Shane
    We are setting up a SharePoint 2010 site. Don't worry, this is not a Sharepoint question, just adding it for context. Most of the site will be anonymous, but some users are able to authenticate in and edit content. They use NTLM (users exist in AD). Is there any concern about exposing NTLM login for users that can modify content over the internet via http or should that only be exposed via https?

    Read the article

  • ASP.NET MVC WebService - Security for Industrial Android Clients

    - by Chris Nevill
    I'm trying to design a system that will allow a bunch of Android devices to securely log into an ASP.NET MVC REST Web service. At present neither side are implemented. However there is an ASP.NET MVC website which the web service will site along side. This is currently using forms authentication. The idea will be that the Android devices will download data from the web service and then be able to work offline storing data in their own local databases, where users will be able to make updates to that data, and then syncing updates back to the main server where possible. The web service will be using HTTPS to prevent calls being intercepted and reduce the risk of calls being intercepted. The system is an industrial system and will not be in used by the general Android population. Instead only authorized Android devices will be authorized by the Web Service to make calls. As such I was thinking of using the Android devices serial number as a username and then a generated long password which the device will be able to pick up - once the device has been authorized server side. The device will also have user logins - but these will not be to log into the web service - just the device itself - since the device and user must be able to work offline. So usernames and passwords will be downloaded and stored on the devices themselves. My question is... what form of security is best setup on the web service? Should it use forms Authentication? Should the username and password just be passed in with each GET/POST call or should it start a session as I have with the website? The Android side causes more confusion. There seems to be a number of options here Spring-Android, Volley, Retrofit, LoopJ, Robo Spice which seems to use the aforementioned Spring, Retrofit or Google HttpClient. I'm struggling to find a simple example which authenticates with a forms based authentication system. Is this because I'm going about this wrong? Is there another option that would better suite this?

    Read the article

  • Oracle Magazine Sept/Oct 2012 - Security on the Move

    - by Darin Pendergraft
    This month's Oracle Magazine cover story is Security on the Move.  In it, two Oracle IDM customers discuss their impressions of the latest IDM release.  Kurt Lieber from Kaiser Permanente and Peter Boyle from BT discuss how they are using Oracle IDM to enable their business. Click this link to see the latest issue: http://www.oracle.com/technetwork/issue-archive/2012/12-sep/index.html Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} In addition to the cover article, the Analyst’s Corner features an interview with Sally Hudson from IDC focusing on IDM issues : http://www.oracle.com/technetwork/issue-archive/2012/12-sep/o52analyst-1735921.html And the Partner Perspectives contains information from our IDM partners Hub City Media, aurionPro SENA, and ICSynergy

    Read the article

  • Webcast: DB Enterprise User Security Integration with Oracle Directory Services

    - by B Shashikumar
    The typical enterprise has a large number of DBA (Database administrator) accounts that are locally managed, which is often very costly, problematic and error-prone. Databases are a crucial component of your enterprise IT infrastructure, housing sensitive corporate data and database user accounts and privileges. To ensure the integrity of your enterprise's data, it's imperative to have a well-managed identity management system. This begins with centralized management of user accounts and access rights. Enterprise User Security (EUS), an Oracle Database Enterprise Edition feature, combined with Oracle Identity Management, gives you the ability to centrally manage database users and their authorizations in one central place. The cost of user provisioning and password resets is dramatically reduced. This technology is a must for new application development and should be considered for existing applications as well. Join Oracle Advisors for a live webcast on Jul 11 at 8am Pacific Time where Oracle experts will briefly introduce EUS, followed by a detailed discussion about the various directory options that are supported, including integration with Microsoft Active Directory. We'll conclude how to avoid common pitfalls deploying EUS with directory services. To register for this event, click here  

    Read the article

  • wcf service creating proxy by using svcutil.exe in command prompt?

    - by Surya sasidhar
    when i am trying to generate proxy manually using comand prompt i am getting this error Setting environment for using Microsoft Visual Studio 2008 x86 tools. C:\Program Files\Microsoft Visual Studio 9.0\VC>cd\ C:\>svcutil /language:cs /out:proxy.cs /config:app.config /http://localhost:2544 /myservicewcf/Sasi.svc 'svcutil' is not recognized as an internal or external command, operable program or batch file. C:\>svcutil.exe /language:cs /out:proxy.cs /config:app.config /http://localhost: 2544/myservicewcf/sasi.svc 'svcutil.exe' is not recognized as an internal or external command, operable program or batch file. C:\> can u help me please

    Read the article

  • Spring Security DB Authentication w/Hibernate and hashed passwords?

    - by Seth
    I'm trying to set up spring security 3 to authenticate users against my hibernate 3 database. I'm storing only sha1 hashes of the passwords in the database (not plaintext). I've looked at this and this, which tell me to implement my own UserDetailsService. Unfortunately, the UserDetails that loadUserByUsername spits out seem to need the plaintext password, which I don't have. How is this usually handled? Can Spring Security actually do what I need here? Am I missing something?

    Read the article

  • How to generate a client certificate from configuration.svcinfo file

    - by som_che
    Hi, I am new to WCF and trying to create a WCF client. I created a project in VS 2008 and added the reference of WCF web service and it generated the WSDL,configuration.svcinfo and other relevant files. Now i would like to know how to create the client certificates based on these available files? In the .svcinfo file, i see that there are multiple bindings (wsHttpBinding) and multiple endpoints. Any help in this regard will be highly appreciated.

    Read the article

  • Cannot find the X.509 certificate after publishing

    - by Tr?n Qu?c Bình
    Hi everybody, I am building a WCF service as http://www.codeproject.com/KB/WCF/9StepsWCF.aspx#Beginner%20WCF%20FAQ%E2%80%99s and facing a trouble with X.509 certificate: when I debug, evething is OK. But when I pubish it to IIS (5.1, windowsXP SP3) I receive the error: **Cannot find the X.509 certificate using the following search criteria: StoreName 'My', StoreLocation 'CurrentUser', FindType 'FindBySubjectName', FindValue 'WCFServer'.** Thanks for any idea.

    Read the article

  • What is the difference in WCF when using KnownType and ServiceKnownType?

    - by Paul Speranza
    I have a service that returns an array of animal but the list can contain cats, dogs, etc, which all extend animal. I know I need to use either the KnownType or ServiceKnownType attribute, and on the entity class or the service class, respectively. What is the difference between the 2 attributes? I prefer the ServiceKnownType because it is applied on the service, exactly where it is needed and called for, as opposed to KnownType which is applied on my entity. To me applying it on the entity class means knowing too far ahead how my entity class is being used. For now I have it on my entity and it works like a charm, but I am looking for guidance here as to best practices and usefullness. Thanks, Paul Speranza

    Read the article

  • How would you implement API key in WCF Data Service?

    - by rushonerok
    Is there a way to require an API key in the URL / or some other way of passing the service a private key in order to grant access to the data? I have this right now... using System; using System.Data.Services; using System.Data.Services.Common; using System.Collections.Generic; using System.Linq; using System.ServiceModel.Web; using Numina.Framework; using System.Web; using System.Configuration; [System.ServiceModel.ServiceBehavior(IncludeExceptionDetailInFaults = true)] public class odata : DataService { public static void InitializeService(DataServiceConfiguration config) { config.SetEntitySetAccessRule("*", EntitySetRights.AllRead); //config.SetServiceOperationAccessRule("*", ServiceOperationRights.All); config.DataServiceBehavior.MaxProtocolVersion = DataServiceProtocolVersion.V2; } protected override void OnStartProcessingRequest(ProcessRequestArgs args) { HttpRequest Request = HttpContext.Current.Request; if(Request["apikey"] != ConfigurationManager.AppSettings["ApiKey"]) throw new DataServiceException("ApiKey needed"); base.OnStartProcessingRequest(args); } } ...This works but it's not perfect because you cannot get at the metadata and discover the service through the Add Service Reference explorer. I could check if $metadata is in the url but it seems like a hack. Is there a better way?

    Read the article

  • How to configure maximum number of channels in WCF?

    - by Hemant
    Consider following code which calls a calculator service: static void Main (string[] args) { for (int i = 0; i < 32; i++) { ThreadPool.QueueUserWorkItem (o => { var client = new CalcServiceClient (); client.Open (); while (true) { var sum = client.Add (2, 3); } }); } Console.ReadLine (); } If I use TCP binding then maximum 32 connections are opened but if I use HTTP binding, only 2 TCP connections are opened. How can I configure the maximum number of connections that can be opened using HTTP binding?

    Read the article

  • What could be causing a "Cannot access a disposed object" error in WCF?

    - by Nima
    I am using the following code: private WSHttpBinding ws; private EndpointAddress Srv_Login_EndPoint; private ChannelFactory<Srv_Login.Srv_ILogin> Srv_LoginChannelFactory; private Srv_Login.Srv_ILogin LoginService; The Login is my constructor: public Login() { InitializeComponent(); ws = new WSHttpBinding(); Srv_Login_EndPoint = new EndpointAddress("http://localhost:2687/Srv_Login.svc"); Srv_LoginChannelFactory = new ChannelFactory<Srv_Login.Srv_ILogin>(ws, Srv_Login_EndPoint); } And I'm using service this way: private void btnEnter_Click(object sender, EventArgs e) { try { LoginService = Srv_LoginChannelFactory.CreateChannel(); Srv_Login.LoginResult res = new Srv_Login.LoginResult(); res = LoginService.IsAuthenticated(txtUserName.Text.Trim(), txtPassword.Text.Trim()); if (res.Status == true) { int Id = int.Parse(res.Result.ToString()); } else { lblMessage.Text = "Not Enter"; } } catch (Exception ex) { MessageBox.Show(ex.Message); } finally { Srv_LoginChannelFactory.Close(); } } When the user enters a valid username and password, everything is fine. When the user enters a wrong username and password, the first try correctly displays a "Not Enter" message, but on the second try, the user sees this message: {System.ObjectDisposedException: Cannot access a disposed object. Object name: 'System.ServiceModel.ChannelFactory`1[Test_Poosesh.Srv_Login.Srv_ILogin]'. at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposed() at System.ServiceModel.ChannelFactory.EnsureOpened() at System.ServiceModel.ChannelFactory`1.CreateChannel(EndpointAddress address, Uri via) at System.ServiceModel.ChannelFactory`1.CreateChannel() How can I fix my code to prevent this error from occurring?

    Read the article

  • WCF SSL secure transfer or large payloads without changing firewall.

    - by Sir Mix
    I need to transfer small amounts of data intermittently from clients to our server in a secure fashion and pull down large binary files from the server ocassionally. It's important for all this to be reliable. I'm anticipating 100,000 clients. I control both ends, but I want to deliver a solution that doesn't require changing the firewall for the majority of customers. A lag of one or two minutes before the information migrates to the server or comes down seems to be acceptable at this time. We need to make the connection secure, so was thinking about SSL, but open to suggestions. Basically, what is the best binding to use in this situation so that we have a secure transmission and the system handles the stress and load in a way that works for 95% of clients out of the box (firewalls will not block in majority of firewall configurations).

    Read the article

  • How can I return json from my WCF rest service (.NET 4), using Json.Net, without it being a string,

    - by Samuel Meacham
    The DataContractJsonSerializer is unable to handle many scenarios that Json.Net handles just fine when properly configured (specifically, cycles). A service method can either return a specific object type (in this case a DTO), in which case the DataContractJsonSerializer will be used, or I can have the method return a string, and do the serialization myself with Json.Net. The problem is that when I return a json string as opposed to an object, the json that is sent to the client is wrapped in quotes. Using DataContractJsonSerializer, returning a specific object type, the response is: {"Message":"Hello World"} Using Json.Net to return a json string, the response is: "{\"Message\":\"Hello World\"}" I do not want to have to eval() or JSON.parse() the result on the client, which is what I would have to do if the json comes back as a string, wrapped in quotes. I realize that the behavior is correct; it's just not what I want/need. I need the raw json; the behavior when the service method's return type is an object, not a string. So, how can I have my method return an object type, but not use the DataContractJsonSerializer? How can I tell it to use the Json.Net serializer instead? Or, is there someway to directly write to the response stream? So I can just return the raw json myself? Without the wrapping quotes? Here is my contrived example, for reference: [DataContract] public class SimpleMessage { [DataMember] public string Message { get; set; } } [ServiceContract] [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] [ServiceBehavior(InstanceContextMode = InstanceContextMode.Single)] public class PersonService { // uses DataContractJsonSerializer // returns {"Message":"Hello World"} [WebGet(UriTemplate = "helloObject")] public SimpleMessage SayHelloObject() { return new SimpleMessage("Hello World"); } // uses Json.Net serialization, to return a json string // returns "{\"Message\":\"Hello World\"}" [WebGet(UriTemplate = "helloString")] public string SayHelloString() { SimpleMessage message = new SimpleMessage() { Message = "Hello World" }; string json = JsonConvert.Serialize(message); return json; } // I need a mix of the two. Return an object type, but use the Json.Net serializer. }

    Read the article

  • How to implement login page using Spring Security so that it works with Spring web flow?

    - by simon
    I have a web application using Spring 2.5.6 and Spring Security 2.0.4. I have implemented a working login page, which authenticates the user against a web service. The authentication is done by defining a custom authentincation manager, like this: <beans:bean id="customizedFormLoginFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> <beans:property name="defaultTargetUrl" value="/index.do" /> <beans:property name="authenticationFailureUrl" value="/login.do?error=true" /> <beans:property name="authenticationManager" ref="customAuthenticationManager" /> <beans:property name="allowSessionCreation" value="true" /> </beans:bean> <beans:bean id="customAuthenticationManager" class="com.sevenp.mobile.samplemgmt.web.security.CustomAuthenticationManager"> <beans:property name="authenticateUrlWs" value="${WS_ENDPOINT_ADDRESS}" /> </beans:bean> The authentication manager class: public class CustomAuthenticationManager implements AuthenticationManager, ApplicationContextAware { @Transactional @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { //authentication logic return new UsernamePasswordAuthenticationToken(principal, authentication.getCredentials(), grantedAuthorityArray); } The essential part of the login jsp looks like this: <c:url value="/j_spring_security_check" var="formUrlSecurityCheck"/> <form method="post" action="${formUrlSecurityCheck}"> <div id="errorArea" class="errorBox"> <c:if test="${not empty param.error}"> ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message} </c:if> </div> <label for="loginName"> Username: <input style="width:125px;" tabindex="1" id="login" name="j_username" /> </label> <label for="password"> Password: <input style="width:125px;" tabindex="2" id="password" name="j_password" type="password" /> </label> <input type="submit" tabindex="3" name="login" class="formButton" value="Login" /> </form> Now the problem is that the application should use Spring Web Flow. After the application was configured to use Spring Web Flow, the login does not work anymore - the form action to "/j_spring_security_check" results in a blank page without error message. What is the best way to adapt the existing login process so that it works with Spring Web Flow?

    Read the article

  • Configure Active Relying Party STS to Trust Multiple Identity Provider STSes

    - by CodeChef
    I am struggling with the configuration for the scenario below. I have a custom WCF/WIF STS (RP-STS) that provides security tokens to my WCF services RP-STS is an "Active" STS RP-STS acts as a claims transformation STS RP-STS trusts tokens from many customer-specific identity provider STSes (IdP-STS) When a WCF Client connects to a service it should authenticate with it's local IdP-STS The reading that I've done describes this as Home Realm Discovery. HRD is usually described within the context of web applications and Passive STSes. My questions is, for my situation, does the logic for choosing an IdP-STS endpoint belong in the RP-STS or the WCF Client application? I thought it belonged in the RP-STS, but I cannot figure out the configuration to make this happen. RP-STS has a single endpoint, but I cannot figure out how to add more than one trusted issuer per endpoint. Any guidance on this would be very appreciated (I'm out of useful keywords to Google.) Also, if I'm way off please offer alternative approaches. Thanks!

    Read the article

  • Calling end invoke on an asynchronous call when an exception has fired in WCF.

    - by james.ingham
    Hey, I currently have an asynchronous call with a callback, which fires this method on completion: private void TestConnectionToServerCallback(IAsyncResult iar) { bool result; try { result = testConnectionDelegate.EndInvoke(iar); Console.WriteLine("Connection made!"); } catch (EndpointNotFoundException e) { Console.WriteLine("Server Timeout. Are you connected?"); result = false; } ... } With the EndpointNotFoundException firing when the server is down or no connection can be made. My question is this, if I want to recall the testConnectionDelegate with some kind of re-try button, must I first call testConnectionDelegate.EndInvoke where the exception is caught? When I do call end invoke in the catch, I get another exception on result = testConnectionDelegate.EndInvoke(iar); whenever I call this method for the second time. This is "CommunicationObjectFaultedException". I'm assuming this is because I didn't end it properly, which is what I think I have to do. Any help would be appreciated. Thanks - James

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 110 111 112 113 114 115 116 117 118 119 120 121  | Next Page >