Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 128/886 | < Previous Page | 124 125 126 127 128 129 130 131 132 133 134 135  | Next Page >

  • Getting rid of the Expires node in the WS security header

    - by Nick
    From the snippet below, how do i get rid of the <wsu:Expires> tag? I want to either get rid of it or pass it in as a empty element. It is a read only property in objClient.RequestSoapContext.Security.Timestamp.Expires. Any help is appreciated. <wsse:Security soap:mustUnderstand="1"> <wsu:Timestamp wsu:Id="Timestamp-26d09d54-10ef-4141-aa2c-11c75ed8172b"> <wsu:Created>2010-03-08T15:32:16Z</wsu:Created> <wsu:Expires>2010-03-08T15:37:16Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-7c9b80ec-98e9-4e41-af2e-ad37070cbdd3"> <wsse:Username>bubba</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">dsfdfsdfsfs+-dasdf=</wsse:Password> <wsse:Nonce>QQ3C4HUfO2CyGx7HrjzMzg==</wsse:Nonce> <wsu:Created>2010-03-08T15:32:16Z</wsu:Created> </wsse:UsernameToken> </wsse:Security>

    Read the article

  • ActiveX not working properly with default security settings

    - by Ummar
    I have written an ActiveX control in C# and have made it working using regasm command, and it works fine as long as the security level is set to low.. Then as a next step I have made a .cab installer (ICD - Internet component downloader), and have signed my .cab file and ActiveX .dll file with a test certificate. when I hit the html page from my browser the installation parts works fine with default security settings of IE, but at the end it seems that nothing is installed and a red cross is shown on place of ActiveX. Moreover I have explored the Download Program Files folder under Windows directory, in status column it is showing word "unknown". while it is "installed" for all other activeX. what may be the problem. Moreover if i use the regasm command to register the assembly it works fine, and I have signed the ActiveX but still I have to move the security bar to low in my browser setting? why it is so? then what is the purpose of signing? I have used RegisterServer=yes in my .inf file Please let me know, if some one has gone through this problem already?

    Read the article

  • Getting rid of the Expires node (xml) in the WS security header

    - by Nick
    From the snippet below, how do i get rid of the (xml node) <wsu:Expires> tag? I want to either get rid of it or pass it in as a empty element. It is a read only property in objClient.RequestSoapContext.Security.Timestamp.Expires. Any help is appreciated. <wsse:Security soap:mustUnderstand="1"> <wsu:Timestamp wsu:Id="Timestamp-26d09d54-10ef-4141-aa2c-11c75ed8172b"> <wsu:Created>2010-03-08T15:32:16Z</wsu:Created> <wsu:Expires>2010-03-08T15:37:16Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-7c9b80ec-98e9-4e41-af2e-ad37070cbdd3"> <wsse:Username>bubba</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">dsfdfsdfsfs+-dasdf=</wsse:Password> <wsse:Nonce>QQ3C4HUfO2CyGx7HrjzMzg==</wsse:Nonce> <wsu:Created>2010-03-08T15:32:16Z</wsu:Created> </wsse:UsernameToken> </wsse:Security>

    Read the article

  • authentication question (security code generation logic)

    - by Stick it to THE MAN
    I have a security number generator device, small enough to go on a key-ring, which has a six digit LCD display and a button. After I have entered my account name and password on an online form, I press the button on the security device and enter the security code number which is displayed. I get a different number every time I press the button and the number generator has a serial number on the back which I had to input during the account set-up procedure. I would like to incorporate similar functionality in my website. As far as I understand, these are the main components: Generate a unique N digit aplha-numeric sequence during registration and assign to user (permanently) Allow user to generate an N (or M?) digit aplha-numeric sequence remotely For now, I dont care about the hardware side, I am only interested in knowing how I may choose a suitable algorithm that will allow the user to generate an N (or M?) long aplha-numeric sequence - presumably, using his unique ID as a seed Identify the user from the number generated in step 2 (which decryption method is the most robust to do this?) I have the following questions: Have I identified all the steps required in such an authentication system?, if not please point out what I have missed and why it is important What are the most robust encryption/decryption algorithms I can use for steps 1 through 3 (preferably using 64bits)?

    Read the article

  • WCF client endpoint identity - configuration question

    - by Roel
    Hi all, I'm having a strange situation here. I got it working, but I don't understand why. Situation is as follows: There is a WCF service which my application (a website) has to call. The WCF service exposes a netTcpBinding and requires Transport Security (Windows). Client and server are in the same domain, but on different servers. So generating a client results in the following config (mostly defaults) <system.serviceModel> <bindings> <netTcpBinding> <binding name="MyTcpEndpoint" ...> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/> <message clientCredentialType="Windows" /> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint address="net.tcp://localhost:xxxxx/xxxx/xxx/1.0" binding="netTcpBinding" bindingConfiguration="MyTcpEndpoint" contract="Service.IMyService" name="TcpEndpoint"/> </client> </system.serviceModel> When I run the website and make the call to the service, I get the following error: System.ServiceModel.Security.SecurityNegotiationException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed --- End of inner exception stack trace --- at System.Net.Security.NegoState.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.NegotiateStream.EndAuthenticateAsClient(IAsyncResult asyncResult) at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.InitiateUpgradeAsyncResult.OnCompleteAuthenticateAsClient(IAsyncResult result) at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorAsyncResult.CompleteAuthenticateAsClient(IAsyncResult result) --- End of inner exception stack trace --- Server stack trace: at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result) .... Now, if I just alter the configuration of the client like so: <endpoint address="net.tcp://localhost:xxxxx/xxxx/xxx/1.0" binding="netTcpBinding" bindingConfiguration="MyTcpEndpoint" contract="Service.IMyService" name="TcpEndpoint"> <identity> <dns /> </identity> </endpoint> everything works and my server happily reports that it got called by the service account which hosts the AppPool for my website. All good. My question now is: why does this work? What does this do? I got to this solution by mere trial-and-error. To me it seems that all the <dns /> tag does is tell the client to use the default DNS for authentication, but doesn't it do that anyway? Thanks for providing me with some insight.

    Read the article

  • The HTTP request was forbidden with client authentication scheme 'Anonymous'

    - by dudia
    I am trying to configure a WCF server\client to work with SSL I get the following exception: The HTTP request was forbidden with client authentication scheme 'Anonymous' I have a self hosted WCF server. I have run hhtpcfg both my client and server certificates are stored under Personal and Trusted People on the Local Machine Here is the server code: binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; binding.Security.Mode = WebHttpSecurityMode.Transport; _host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust; _host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; _host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine; _host.Credentials.ServiceCertificate.SetCertificate("cn=ServerSide", StoreLocation.LocalMachine, StoreName.My); Client Code: binding.Security.Mode = WebHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; WebChannelFactory<ITestClientForServer> cf = new WebChannelFactory<ITestClientForServer>(binding, url2Bind); cf.Credentials.ClientCertificate.SetCertificate("cn=ClientSide", StoreLocation.LocalMachine, StoreName.My); ServicePointManager.ServerCertificateValidationCallback += RemoteCertificateValidate; Looking at web_tracelog.svclog and trace.log reveals that the server cannot autheticate the client certificate My certificate are not signed by an Authorized CA but this is why I added them to the Trusted People.... What Am I missing? What am I missing?

    Read the article

  • Query specific logs from event log using nxlog

    - by user170899
    Below is my nxlog configuration define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension json> Module xm_json </Extension> <Input internal> Module im_internal </Input> <Input eventlog> Module im_msvistalog Query <QueryList>\ <Query Id="0">\ <Select Path="Security">*</Select>\ </Query>\ </QueryList> </Input> <Output out> Module om_tcp Host localhost Port 3515 Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; \ to_json(); </Output> <Route 1> Path eventlog, internal => out </Route> <Select Path="Security">*</Select>\ - * gets everything from the Security log, but my requirement is to get specific logs starting with EventId - 4663. How do i do this? Please help. Thanks.

    Read the article

  • Problems with data driven testing in MSTest

    - by severj3
    Hello, I am trying to get data driven testing to work in C# with MSTest/Selenium. Here is a sample of some of my code trying to set it up: [TestClass] public class NewTest { private ISelenium selenium; private StringBuilder verificationErrors; [DeploymentItem("GoogleTestData.xls")] [DataSource("System.Data.OleDb", "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=GoogleTestData.xls;Persist Security Info=False;Extended Properties='Excel 8.0'", "TestSearches$", DataAccessMethod.Sequential)] [TestMethod] public void GoogleTest() { selenium = new DefaultSelenium("localhost", 4444, "*iehta", http://www.google.com); selenium.Start(); verificationErrors = new StringBuilder(); var searchingTerm = TestContext.DataRow["SearchingString"].ToString(); var expectedResult = TestContext.DataRow["ExpectedTextResults"].ToString(); Here's my error: Error 3 An object reference is required for the non-static field, method, or property 'Microsoft.VisualStudio.TestTools.UnitTesting.TestContext.DataRow.get' E:\Projects\SeleniumProject\SeleniumProject\MaverickTest.cs 32 33 SeleniumProject The error is underlining the "TestContext.DataRow" part of both statements. I've really been struggling with this one, thanks!

    Read the article

  • Configuring multiple distinct WCF binding configurations causes an exception to be thrown

    - by Sandor Drieënhuizen
    I have a set of IIS7-hosted net.tcp WCF services that serve my ASP.NET MVC web application. The web application is accessed over the internet. WCF Services (IIS7) <--> ASP.NET MVC Application <--> Client Browser The services are username authenticated, the account that a client (of my web application) uses to logon ends up as the current principal on the host. I want one of the services to be authenticated differently, because it serves the view model for my logon view. When it's called, the client is obviously not logged on yet. I figure Windows authentication serves best or perhaps just certificate based security (which in fact I should use for the authenticated services as well) if the services are hosted on a machine that is not in the same domain as the web application. That's not the point here though. Using multiple TCP bindings is what's giving me trouble. I tried setting it up like this: <bindings> <netTcpBinding> <binding> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> <binding name="public"> <security mode="Transport"> <message clientCredentialType="Windows"/> </security> </binding> </netTcpBinding> </bindings> The thing is that both bindings don't seem to want live together in my host. When I remove either of them, all's fine but together they produce the following exception on the client: The requested upgrade is not supported by 'net.tcp://localhost:8081/Service2.svc'. This could be due to mismatched bindings (for example security enabled on the client and not on the server). In the server trace log, I find the following exception: Protocol Type application/negotiate was sent to a service that does not support that type of upgrade. Am I looking into the right direction or is there a better way to solve this?

    Read the article

  • Testing VSTO Applications?

    - by Matthew Sposato
    I'm developing an Word 2007 VSTO application in VS2008. The part of the application that interacts with VSTO is difficult to test. VSTO objects behave differently than most class libraries. Their state and behaviors depend on how the user is interacting with Word, where they clicked, what's around the insertion point, etc. Mock objects could work in some scenarios, but they don't capture many of the subtleties of the VSTO objects. Anyone have any experience with testing VSTO based application they can share?

    Read the article

  • Warning flagged by the 'rkhunter'

    - by gkt.pro
    when I scanned my Ubuntu 10.04 with rkhunter a root kit hunter toolkit, it gave following warning: Is there something that I have to worry about. [23:06:19] /usr/sbin/adduser [ Warning ] [23:06:19] Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable [23:06:20] /usr/sbin/rsyslogd [ Warning ] [23:06:20] Warning: The file properties have changed: [23:06:22] /usr/bin/dpkg [ Warning ] [23:06:22] Warning: The file properties have changed: [23:06:22] /usr/bin/dpkg-query [ Warning ] [23:06:22] Warning: The file properties have changed: [23:06:24] /usr/bin/ldd [ Warning ] [23:06:24] Warning: The file properties have changed: [23:06:24] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable [23:06:24] /usr/bin/logger [ Warning ] [23:06:24] Warning: The file properties have changed: [23:06:25] /usr/bin/mail [ Warning ] [23:06:25] Warning: The file '/usr/bin/mail' exists on the system, but it is not present in the rkhunter.dat file. [23:06:27] /usr/bin/sudo [ Warning ] [23:06:27] Warning: The file properties have changed: [23:06:29] /usr/bin/whereis [ Warning ] [23:06:29] Warning: The file properties have changed: [23:06:29] /usr/bin/lwp-request [ Warning ] [23:06:29] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable [23:06:29] /usr/bin/bsd-mailx [ Warning ] [23:06:29] Warning: The file '/usr/bin/bsd-mailx' exists on the system, but it is not present in the rkhunter.dat file. [23:06:30] /sbin/fsck [ Warning ] [23:06:30] Warning: The file properties have changed: [23:06:30] /sbin/ifdown [ Warning ] [23:06:30] Warning: The file properties have changed: [23:06:31] /sbin/ifup [ Warning ] [23:06:31] Warning: The file properties have changed: [23:06:34] /bin/dmesg [ Warning ] [23:06:34] Warning: The file properties have changed: [23:06:35] /bin/more [ Warning ] [23:06:35] Warning: The file properties have changed: [23:06:36] /bin/mount [ Warning ] [23:06:36] Warning: The file properties have changed: [23:06:37] /bin/which [ Warning ] [23:06:37] Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable [23:08:58] Checking /dev for suspicious file types [ Warning ] [23:08:58] Warning: Suspicious file types found in /dev: [23:08:58] Checking for hidden files and directories [ Warning ] [23:08:58] Warning: Hidden directory found: /etc/.java [23:08:58] Warning: Hidden directory found: /dev/.udev [23:08:58] Warning: Hidden directory found: /dev/.initramfs [23:09:01] Checking version of Exim MTA [ Warning ] [23:09:01] Warning: Application 'exim', version '4.71', is out of date, and possibly a security risk. [23:09:01] Checking version of GnuPG [ Warning ] [23:09:01] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk. [23:09:01] Checking version of OpenSSL [ Warning ] [23:09:01] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk.

    Read the article

  • TFS Load Testing Web Tests

    - by durilai
    I am configuring a load test and am curious/confused on settings. I am testing an intranet website, that is expected to have 6000 concurrent users. My employer had some previous consultant tell them that the load test users does not matter and that we need to worry about requests/second. They have previously determined that those 6000 users would generate 30 rps, while I feel that is not correct we need to show that we can exceed that number. The previous load test was set for only 200 users and the results showed that it did exceed the 200 rps. They were happy with the results, but that is not how I understand this. My question is, if we need to support 6000 concurrent users should I just set my users to 6000 and run, or is the rps an adequate piece of data to rely on? Any help is appreciated. Thanks

    Read the article

  • Java and junit: derivative of polynomial method testing issue

    - by Curtis
    Hello all, im trying to finish up my junit testing for finding the derivative of a polynomial method and im having some trouble making it work. here is the method: public Polynomial derivative() { MyDouble a = new MyDouble(0); MyDouble b = this.a.add(this.a); MyDouble c = this.b; Polynomial poly = new Polynomial (a, b, c); return poly; } and here is the junit test: public void testDerivative() { MyDouble a = new MyDouble(2), b = new MyDouble(4), c = new MyDouble(8); MyDouble d = new MyDouble(0), e = new MyDouble(4), f = new MyDouble(4); Polynomial p1 = new Polynomial(a, b, c); Polynomial p2 = new Polynomial(d,e,f); assertTrue(p1.derivative().equals(p2)); } im not too sure why it isnt working...ive gone over it again and again and i know im missing something. thank you all for any help given, appreciate it

    Read the article

  • How to inspect remote SMTP server's TLS certificate?

    - by Miles Erickson
    We have an Exchange 2007 server running on Windows Server 2008. Our client uses another vendor's mail server. Their security policies require us to use enforced TLS. This was working fine until recently. Now, when Exchange tries to deliver mail to the client's server, it logs the following: A secure connection to domain-secured domain 'ourclient.com' on connector 'Default external mail' could not be established because the validation of the Transport Layer Security (TLS) certificate for ourclient.com failed with status 'UntrustedRoot. Contact the administrator of ourclient.com to resolve the problem, or remove the domain from the domain-secured list. Removing ourclient.com from the TLSSendDomainSecureList causes messages to be delivered successfully using opportunistic TLS, but this is a temporary workaround at best. The client is an extremely large, security-sensitive international corporation. Our IT contact there claims to be unaware of any changes to their TLS certificate. I have asked him repeatedly to please identify the authority that generated the certificate so that I can troubleshoot the validation error, but so far he has been unable to provide an answer. For all I know, our client could have replaced their valid TLS certificate with one from an in-house certificate authority. Does anyone know a way to manually inspect a remote SMTP server's TLS certificate, as one can do for a remote HTTPS server's certificate in a web browser? It could be very helpful to determine who issued the certificate and compare that information against the list of trusted root certificates on our Exchange server.

    Read the article

  • Testing an XQuery Transformation

    - by hakish
    Hi, I'm using Workshop for Weblogic and I'm testing an XQuery Transformation. Both MFL and XSD are valid. But the XQuery doesn't seem to work... it gives me this error: Error occurred while executing XQuery: loader constraint violation: when resolving method "javax.xml.stream.XMLInputFactory.createXMLStreamReader(Ljava/io/Reader;)Ljavax/xml/stream/XMLStreamReader;" the class loader (instance of org/eclipse/osgi/internal/baseadaptor/DefaultClassLoader) of the current class, weblogic/xml/query/parsers/StAXCursorAdaptor, and the class loader (instance of ) for resolved class, javax/xml/stream/XMLInputFactory, have different Class objects for the type javax/xml/stream/XMLStreamReader used in the signature Have you ever seen this before? How can I solve this please?

    Read the article

  • Django: testing get query

    - by Brant
    Okay, so I am sick of writing this... res = Something.objects.filter(asdf=something) if res: single = res[0] else: single = None if single: # do some stuff I would much rather be able to do something like this: single = Something.objects.filter(asdf=something) if single: #do some stuff I want to be able to grab a single object without testing the filtered results. In other words, when i know there is either going to be 1 or 0 matching entries, I would like to jump right to that entry, otherwise just get a 'None'. The DoesNotExist error that goes along with .get does not always work so well when trying to compress these queries into a single line. Is there any way to do what I have described?

    Read the article

  • testing SpringMVC controllers

    - by Don
    Hi, I'm unit-testing my SpringMVC (v. 2.5) controllers using code like the following: public void testParamValidation() { MyController controller = new MyController(); MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter("foo", "bar"); request.addParameter("bar", baz"); ModelAndView mav = controller .handleRequest(request, new MockHttpServletResponse()); // Do some assertions on mav } This controller is a subclass of AbstractCommandController, so the parameters are bound to a command bean, and any binding or validation errors are stored in an object that implements the Errors interface. I can't seem to find any way to access this Errors from within the test, is this possible? Thanks, Don

    Read the article

  • Testing MPMoviePlayerViewController in iPad simulator

    - by hgpc
    I have a view that shows a MPMoviePlayerViewController modally. When testing it in the iPad simulator it works well on the first try. If I dismiss the video and then show the view again, the player only plays the audio, but not the video. Is this a simulator quirk or am I doing something wrong? Here's my code: - (void)viewWillAppear:(BOOL)animated { [super viewWillAppear:animated]; MPMoviePlayerViewController* v = [[MPMoviePlayerViewController alloc] initWithContentURL:url]; [[NSNotificationCenter defaultCenter] addObserver:self selector: @selector(playbackDidFinish:) name:MPMoviePlayerPlaybackDidFinishNotification object:v.moviePlayer]; [self presentMoviePlayerViewControllerAnimated:v]; [v release]; } -(void) playbackDidFinish:(NSNotification*)aNotification { MPMoviePlayerController *player = [aNotification object]; [[NSNotificationCenter defaultCenter] removeObserver:self name:MPMoviePlayerPlaybackDidFinishNotification object:player]; [player stop]; [self dismissMoviePlayerViewControllerAnimated]; }

    Read the article

  • Automation of testing using JUnit

    - by Vijay Selvaraj
    Hi, i am trying to automate manual testing of modules in my project. We are dealing with IBM Websphere Message queue software. We have a trigger component written in core java which when executed polls for availability of message in the configured queue. Its an indefinite while loop that keeps the trigger component running. I have written test cases in JUnit to put message in the queue and now will i be able to start/stop the trigger component on demand? Invoking the trigger component keeps it running and i am not getting the control back to check the expected output. If i start it in thread then the log files to which the trigger component is supposed to update when processing the message is not getting updated. How can i resolve this situation. Your suggestion and directions is highly appreciated. Thanks, -Vijay

    Read the article

  • NHibernate + Remoting = ReflectionPermission Exception

    - by Pedro
    Hi all, We are dealing with a problem when using NHibernate with Remoting in a machine with full trust enviroment (actually that's our dev machine). The problem happens when whe try to send as a parameter an object previously retrieved from the server, that contains a NHibernate Proxy in one of the properties (a lazy one). As we are in the dev machine, there's no restriction in the trust level of the web app (it's set to Full) and, as a plus, we've configured NHibernate's and Castle's assemblies to full trust in CAS (even thinking that it'd not be necessary as the remoting app in IIS has the full trust level). Does anyone have any idea of what can be causing this exception? Stack trace below. InnerException: System.Security.SecurityException Message="Falha na solicitação da permissão de tipo 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'." Source="mscorlib" GrantedSet="" PermissionState="<IPermission class=\"System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"\r\nversion=\"1\"\r\nFlags=\"ReflectionEmit\"/>\r\n" RefusedSet="" Url="" StackTrace: em System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) em System.Security.CodeAccessPermission.Demand() em System.Reflection.Emit.AssemblyBuilder.DefineDynamicModuleInternalNoLock(String name, Boolean emitSymbolInfo, StackCrawlMark& stackMark) em System.Reflection.Emit.AssemblyBuilder.DefineDynamicModuleInternal(String name, Boolean emitSymbolInfo, StackCrawlMark& stackMark) em System.Reflection.Emit.AssemblyBuilder.DefineDynamicModule(String name, Boolean emitSymbolInfo) em Castle.DynamicProxy.ModuleScope.CreateModule(Boolean signStrongName) em Castle.DynamicProxy.ModuleScope.ObtainDynamicModuleWithWeakName() em Castle.DynamicProxy.ModuleScope.ObtainDynamicModule(Boolean isStrongNamed) em Castle.DynamicProxy.Generators.Emitters.ClassEmitter.CreateTypeBuilder(ModuleScope modulescope, String name, Type baseType, Type[] interfaces, TypeAttributes flags, Boolean forceUnsigned) em Castle.DynamicProxy.Generators.Emitters.ClassEmitter..ctor(ModuleScope modulescope, String name, Type baseType, Type[] interfaces, TypeAttributes flags, Boolean forceUnsigned) em Castle.DynamicProxy.Generators.Emitters.ClassEmitter..ctor(ModuleScope modulescope, String name, Type baseType, Type[] interfaces, TypeAttributes flags) em Castle.DynamicProxy.Generators.Emitters.ClassEmitter..ctor(ModuleScope modulescope, String name, Type baseType, Type[] interfaces) em Castle.DynamicProxy.Generators.BaseProxyGenerator.BuildClassEmitter(String typeName, Type parentType, Type[] interfaces) em Castle.DynamicProxy.Generators.BaseProxyGenerator.BuildClassEmitter(String typeName, Type parentType, IList interfaceList) em Castle.DynamicProxy.Generators.ClassProxyGenerator.GenerateCode(Type[] interfaces, ProxyGenerationOptions options) em Castle.DynamicProxy.Serialization.ProxyObjectReference.RecreateClassProxy() em Castle.DynamicProxy.Serialization.ProxyObjectReference.RecreateProxy() em Castle.DynamicProxy.Serialization.ProxyObjectReference..ctor(SerializationInfo info, StreamingContext context) Thank you in advance.

    Read the article

  • SecurityFlushSessionListener in jboss

    - by techzen
    In jboss-web.deployer/conf/web.xml there is a listener defined called SecurityFlustSessionListener. This listener searches for the component java:comp/env/security/securityMgr and if not found prints that info in the debug log. It is understood that if this security feature is not needed then, one can simply remove this listener. How have you used this listener for configuring security at the time of session destroying? As in, can you highlight the use cases of this listener and the scenarios where it was found useful?

    Read the article

  • SecurityException in Sandboxed AppDomain

    - by Galen
    I'm attempting to use C# as a scripting language using CSharpCodeProvider (using VS2010 and .NET 4.0). I want the scripts to be run in a restricted AppDomain with minimal permissions. Currently, I'm getting an exception while trying to instantiate a class in the AppDomain (The call to CreateInstanceAndUnwrap()). Here is some simplified code that reproduces the exception: using System; using System.Collections.Generic; using Microsoft.CSharp; using System.CodeDom; using System.CodeDom.Compiler; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Reflection; using System.Runtime.Remoting; namespace ConsoleApp { class Program { static void Main(string[] args) { // set permissions PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new SecurityPermission( SecurityPermissionFlag.Execution)); AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory; //Create a list of fully trusted assemblies Assembly[] asms = AppDomain.CurrentDomain.GetAssemblies(); List<StrongName> sns = new List<StrongName>(); for (int x = 0; x < asms.Length; x++) { StrongName sn = asms[x].Evidence.GetHostEvidence<StrongName>(); if (sn != null && sns.Contains(sn) == false) sns.Add(sn); } //this includes: "mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" AppDomain domain = AppDomain.CreateDomain("NewAppDomain", AppDomain.CurrentDomain.Evidence, adSetup, permissions);//, sns);//, sn4, sn, sn2, sn3); try { String asmName = Assembly.GetExecutingAssembly().FullName; String typeName = typeof(ConsoleApp.ScriptRunner).FullName; //Throws exception here ScriptRunner scriptRunner = domain.CreateInstanceAndUnwrap(asmName, typeName) as ScriptRunner; } catch (SecurityException se) { System.Diagnostics.Debug.WriteLine(se.Message); } catch (Exception ex) { System.Diagnostics.Debug.WriteLine(ex.Message); } } } public class ScriptRunner : MarshalByRefObject { public ScriptRunner() { //A breakpoint placed here is never reached. CompilerParameters param; param = new CompilerParameters(); param.CompilerOptions = ""; param.GenerateExecutable = false; param.GenerateInMemory = true; param.IncludeDebugInformation = false; // C# compiler CSharpCodeProvider codeProvider = new CSharpCodeProvider(); CompilerResults results = codeProvider.CompileAssemblyFromFile(param, "Danger.cs"); } } } The exception is being thrown from mscorlib and it is a System.Reflection.TargetInvocationException that has an inner System.Security.SecurityException. Here is the exception: System.Reflection.TargetInvocationException was unhandled Message=Exception has been thrown by the target of an invocation. Source=mscorlib StackTrace: at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache) at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo, StackCrawlMark& stackMark) at System.Activator.CreateInstance(String assemblyName, String typeName) at System.AppDomain.CreateInstance(String assemblyName, String typeName) at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName) at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName) at ConsoleApp.Program.Main(String[] args) in C:\Documents and Settings\NaultyCS\my documents\visual studio 2010\Projects\ConsoleApplication4\ConsoleApplication4\Program.cs:line 46 at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args) at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args) at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() InnerException: System.Security.SecurityException Message=Request failed. Source=ConsoleApplication4 GrantedSet=<PermissionSet class="System.Security.PermissionSet" version="1"> <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execution"/> </PermissionSet> PermissionState=<PermissionSet class="System.Security.PermissionSet" version="1" Unrestricted="true"/> RefusedSet="" Url=file:///C:/Documents and Settings/NaultyCS/my documents/visual studio 2010/Projects/ConsoleApplication4/ConsoleApplication4/bin/Debug/ConsoleApplication4.EXE StackTrace: at ConsoleApp.ScriptRunner..ctor() InnerException: So it appears to me that mscorlib is demanding full trust. I've added it as a fully trusted assembly, but it has no effect. What am I doing wrong here?

    Read the article

  • SharePoint 2010 Custom WCF Service - Windows and FBA Authentication

    - by e-rock
    I have SharePoint 2010 configured for Claims Based Authentication with both Windows and Forms Based Authentication (FBA) for external users. I also need to develop custom WCF Services. The issue is that I want Windows credentials passed into the WCF Service(s); however, I cannot seem to get the Windows credentials passed into the services. My custom WCF service appears to be using Anonymous authentication (which has to be enabled in IIS in order to display the FBA login screen). The example I have tried to follow is found at http://msdn.microsoft.com/en-us/library/ff521581.aspx. The WCF service gets deployed to _vti_bin (ISAPI folder). Here is the code for the .svc file <%@ ServiceHost Language="C#" Debug="true" Service="MyCompany.CustomerPortal.SharePoint.UI.ISAPI.MyCompany.Services.LibraryManagers.LibraryUploader, $SharePoint.Project.AssemblyFullName$" Factory="Microsoft.SharePoint.Client.Services.MultipleBaseAddressBasicHttpBindingServiceHostFactory, Microsoft.SharePoint.Client.ServerRuntime, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" CodeBehind="LibraryUploader.svc.cs" %> Here is the code behind for the .svc file [ServiceContract] public interface ILibraryUploader { [OperationContract] string SiteName(); } [BasicHttpBindingServiceMetadataExchangeEndpoint] [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)] public class LibraryUploader : ILibraryUploader { //just try to return site title right now… public string SiteName() { WindowsIdentity identity = ServiceSecurityContext.Current.WindowsIdentity; ClaimsIdentity claimsIdentity = new ClaimsIdentity(identity); return SPContext.Current.Web.Title; } } The WCF test client I have just to test it out (WPF app) uses the following code to call the WCF service... private void Button1Click(object sender, RoutedEventArgs e) { BasicHttpBinding binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm; EndpointAddress endpoint = new EndpointAddress( "http://dev.portal.data-image.local/_vti_bin/MyCompany.Services/LibraryManagers/LibraryUploader.svc"); LibraryUploaderClient libraryUploader = new LibraryUploaderClient(binding, endpoint); libraryUploader.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; MessageBox.Show(libraryUploader.SiteName()); } I am somewhat inexperienced with IIS security settings/configurations when it comes to Claims and trying to use both Windows and FBA. I am also inexperienced when it comes to WCF configurations for security. I usually develop internal biz apps and let Visual Studio decide what to use because security is rarely a concern.

    Read the article

  • htaccess rewrite issue while testing on localhost

    - by James Doc
    I'm running OSX (10.6) with Apache with .htaccess enabled. In the htaccess file I have the code: Options +FollowSymlinks RewriteEngine on RewriteRule ^page/([A-Z0-9._%+-]+) index.php?page=$1 [NC] This runs perfectly on my external server and redirects nicely to index.php?page=whatever However when testing locally from localhost/~james/In%20Progress/Vila%20Maninga/page/whatever I get redirected to localhost/~james/Users/James/Sites/In%20Progress/Vila%20Maninga/index.php?page=whatever. For some reason 'Users/James/Sites/' is being added. Does anyone why this is happening and how to prevent it? Many thanks, James

    Read the article

  • RSA example that do not use NoPadding

    - by Tom Brito
    Where can I find a RSA encrypt example that does not use "NoPadding"? --update Better: how to make this code run correctly without throw the "too much data for RSA block" exception? import java.math.BigInteger; import java.security.KeyFactory; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.RSAPrivateKeySpec; import java.security.spec.RSAPublicKeySpec; import javax.crypto.Cipher; /** * Basic RSA example. */ public class TestRSA { public static void main(String[] args) throws Exception { byte[] input = new byte[100]; Cipher cipher = Cipher.getInstance("RSA/None/NoPadding", "BC"); KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC"); // create the keys RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger("d46f473a2d746537de2056ae3092c451", 16), new BigInteger("11", 16)); RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger( "d46f473a2d746537de2056ae3092c451", 16), new BigInteger("57791d5430d593164082036ad8b29fb1", 16)); RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec); RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec); // encryption step cipher.init(Cipher.ENCRYPT_MODE, pubKey); byte[] cipherText = cipher.doFinal(input); // decryption step cipher.init(Cipher.DECRYPT_MODE, privKey); byte[] plainText = cipher.doFinal(cipherText); } }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 124 125 126 127 128 129 130 131 132 133 134 135  | Next Page >