Search Results

Search found 3942 results on 158 pages for 'logged'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 129/158 | < Previous Page | 125 126 127 128 129 130 131 132 133 134 135 136  | Next Page >

  • ASP.NET MVC - Entending the Authorize Attribute

    - by Mad Halfling
    Hi folks, currently I use [Authorize(Roles = ".....")] to secure my controller actions on my ASP.NET MVC 1 app, and this works fine. However, certain search views need to have buttons that route to these actions that need to be enabled/disabled based on the record selected on the search list, and also the security privs of the user logged in. Therefore I think I need to have a class accessing a DB table which cross-references these target controller/actions with application roles to determine the state of these buttons. This will, obviously, make things messy as privs will need to be maintained in 2 places - in that class/DB table and also on the controller actions (plus, if I want to change the access to the action I will have to change the code and compile rather than just change a DB table entry). Ideally I would like to extend the [Authorize] functionality so that instead of having to specify the roles in the [Authorize] code, it will query the security class based on the user, controller and action and that will then return a boolean allowing or denying access. Are there any good articles on this - I can't imagine it's an unusual thing to want to do, but I seem to be struggling to find anything on how to do it (could be Monday-morning brain). I've started some code doing this, looking at article http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/ , and it seems to be starting off ok but I can't find the "correct" way to get the calling controller and action values from the httpContext - I could possibly fudge a bit of code to extract them from the request url, but that doesn't seem right to me and I'd rather do it properly. Cheers MH

    Read the article

  • Get Mechanize to handle cookies from an arbitrary POST (to log into a website programmatically)

    - by Horace Loeb
    I want to log into https://www.t-mobile.com/ programmatically. My first idea was to use Mechanize to submit the login form: However, it turns out that this isn't even a real form. Instead, when you click "Log in" some javascript grabs the values of the fields, creates a new form dynamically, and submits it. "Log in" button HTML: <button onclick="handleLogin(); return false;" class="btnBlue" id="myTMobile-login"><span>Log in</span></button> The handleLogin() function: function handleLogin() { if (ValidateMsisdnPassword()) { // client-side form validation logic var a = document.createElement("FORM"); a.name = "form1"; a.method = "POST"; a.action = mytmoUrl; // defined elsewhere as https://my.t-mobile.com/Login/LoginController.aspx var c = document.createElement("INPUT"); c.type = "HIDDEN"; c.value = document.getElementById("myTMobile-phone").value; // the value of the phone number input field c.name = "txtMSISDN"; a.appendChild(c); var b = document.createElement("INPUT"); b.type = "HIDDEN"; b.value = document.getElementById("myTMobile-password").value; // the value of the password input field b.name = "txtPassword"; a.appendChild(b); document.body.appendChild(a); a.submit(); return true } else { return false } } I could simulate this form submission by POSTing the form data to https://my.t-mobile.com/Login/LoginController.aspx with Net::HTTP#post_form, but I don't know how to get the resultant cookie into Mechanize so I can continue to scrape the UI available when I'm logged in. Any ideas?

    Read the article

  • Facebook Graph API authentication in canvas app and track session

    - by cdpnet
    Short question is: how can i use graph api oauth redirects mechanism to authenticate user and save retrieved access_token and also use javascript SDK when needed (the problem is javascript SDK will have different access_token when initialized). I have initially setup my facebook iframe canvas app, with single sign on. This works well with graph api, as I am able to use access_token saved by facebook's javascript when it detects sessionchange(user logged in). But, I want to rather not do single sign-on. But, use graph api redirect and force user to send to a permissions dialog. But, if he has already given permissions, I shouldn't redirect user. How to handle this? Another question: I have done graph api redirects for authentication and have retrieved access_token also. But then, what if I want to use javascript call FB.ui to do stream.Publish? I think it will use it's own access_token which is set during FB.init and detecting session. So, I am looking for some path here. How to use graph api for authentication and also use facebook's javascript SDK when needed. P.S. I'm using ASP .NET MVC 2. I have an authentication filter developed, which needs to detect the user's authentication state and redirect.(currently it does this to graph api authorize url)

    Read the article

  • Any way to identify a redirect when using jQuery's $.ajax() or $.getScript() methods?

    - by Bungle
    Within my company's online application, we've set up a JSONP-based API that returns some data that is used by a bookmarklet I'm developing. Here is a quick test page I set up that hits the API URL using jQuery's $.ajax() method: http://troy.onespot.com/static/3915/index.html If you look at the requests using Firebug's "Net" tab (or the like), you'll see that what's happening is that the URL is requested successfully, but since our app redirects any unauthorized users to a login page, the login page is also requested by the browser and seemingly interpreted as JavaScript. This inevitably causes an exception since the login page is HTML, not JavaScript. Basically, I'm looking for any sort of hook to determine when the request results in a redirect - some way to determine if the URL resolved to a JSONP response (which will execute a method I've predefined in the bookmarklet script) or if it resulted in a redirect. I tried wrapping the $.ajax() method in a try {} catch(e) {} block, but that doesn't trap the exception, I'm assuming because the requests were successful, just not the parsing of the login page as JavaScript. Is there anywhere I could use a try {} catch(e) {} block, or any property of $.ajax() that might allow me to hone in on the exception or otherwise determine that I've been redirected? I actually doubt this is possible, since $.getScript() (or the equivalent setup of $.ajax()) just loads a script dynamically, and can't inspect the response headers since it's cross-domain and not truly AJAX: http://api.jquery.com/jQuery.getScript/ My alternative would be to just fire off the $.ajax() for a period of time until I either get the JSONP callback or don't, and in the latter case, assume the user is not logged in and prompt them to do so. I don't like that method, though, since it would result in a lot of unnecessary requests to the app server, and would also pile up the JavaScript exceptions in the meantime. Thanks for any suggestions!

    Read the article

  • How do I create a .NET Web Service that Posts items to a users Facebook Wall?

    - by Jourdan
    I'm currently toying around with the Clarity .NET Facebook API but am finding certain situations with authentication to be kind of limiting. I keep going through the tutorials but always end up hitting a brick wall with what I want to do. Perhaps I just cannot do it? I want to make a Web Service that takes in the require credentials (APIKey, SecretKey, UsersId (or Session Key?) and whatever else I would need), and then do various tasks: Post to users wall, add events etc. The problem I am having is this: The current documentation, examples and support provide a way to do this within the context of a Web site. Within this context, the required "connect" popup can be initiated and allow the user to authenticate and and connect the application. From that point on the Web can go on with its business to do what it needs to do. If I close the browser and come back to the page, I have to push the connect button again. Except this time, since I was already logged into facebook, I don't have to go through the whole connection process. But still ... How do applications like Tweetdeck get around this? They seemingly have you connect once, when you install their application, and you don't have to do it again. I would assume that this same idea would have to applied towards making a web service because: You don't know what context the user is in when making the Web service call. The web service methods being called could be coming from a Windows Form app, or code behind in a workflow.

    Read the article

  • How to display NotifyIcon and SSDP Service running during AutoLogon

    - by Paul Farry
    I've got an application (that is targetting .Net Framework 2.0) that is running on startup of the System, and I'm trying to get a NotifyIcon to display. When my program starts up when a user either Runs it normally or is started as a child process after the system has already logged on everything is fine. If my application starts up as the system is performing an AutoLogon using POSReady2009 (basically XP with Single User set). Then the NotifyIcon never becomes active. If you subsequently check (in a timer) the .Visible of the Icon at any point later it always reports that it is visible = true. If you disable the SSDPSrv and restart the Computer, the Icon displays correctly. I have a sneaking suspicion this is related to .Net 3.5sp1 installed over the top of a .Net 2 system. Is there some process that I should be following to ensure that my NotifyIcon is always available to the user. I have setup RegisterWindowMessage("TaskbarCreated") but I don't get this message called, except when you forcilbly Kill Explorer.exe and restart it. Even so, a NotifyIcon interally registers for these notifications anyway, so it shouldn't be required. I'm happy to stall the startup of my program, but once the program starts up, I expect that the icon shows correctly. If there is a KB article that I cannot find detailing this I'd be happy with that too.

    Read the article

  • User roles - why not store in session?

    - by Phil
    I'm porting an ASP.NET application to MVC and need to store two items relating to an authenitcated user: a list of roles and a list of visible item IDs, to determine what the user can or cannot see. We've used WSE with a web service in the past and this made things unbelievably complex and impossible to debug properly. Now we're ditching the web service I was looking foward to drastically simplifying the solution simply to store these things in the session. A colleague suggested using the roles and membership providers but on looking into this I've found a number of problems: a) It suffers from similar but different problems to WSE in that it has to be used in a very constrained way maing it tricky even to write tests; b) The only caching option for the RolesProvider is based on cookies which we've rejected on security grounds; c) It introduces no end of complications and extra unwanted baggage; All we want to do, in a nutshell, is store two string variables in a user's session or something equivalent in a secure way and refer to them when we need to. What seems to be a ten minute job has so far taken several days of investigation and to compound the problem we have now discovered that session IDs can apparently be faked, see http://blogs.sans.org/appsecstreetfighter/2009/06/14/session-attacks-and-aspnet-part-1/ I'm left thinking there is no easy way to do this very simple job, but I find that impossible to believe. Could anyone: a) provide simple information on how to make ASP.NET MVC sessions secure as I always believed they were? b) suggest another simple way to store these two string variables for a logged in user's roles etc. without having to replace one complex nightmare with another as described above? Thank you.

    Read the article

  • Xcode raises exception when refactoring

    - by Sam Gwydir
    When I run a refactor on my code in xcode, all the files are correctly refactored except one, and when I click to check the changes made in that file, the following 'Internal Error Occurs': Uncaught Exception: Invalid parameter not satisfying: fileName Stack Backtrace: The stack backtrace has been logged to the console. Here is what it spat out in the console: 4/7/10 06:47:30 Xcode[35355] [MT] Uncaught Exception: Invalid parameter not satisfying: fileName Backtrace: 0 0x92842bbd __raiseError (in CoreFoundation) 1 0x914b9509 objc_exception_throw (in libobjc.A.dylib) 2 0x92842908 +[NSException raise:format:arguments:] (in CoreFoundation) 3 0x98801dc3 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] (in Foundation) 4 0x98db0f8e -[NSDocument(NSDeprecated) initWithContentsOfFile:ofType:] (in AppKit) 5 0x0075c07e -[PBXTextFileDocument initWithContentsOfFile:ofType:] (in DevToolsInterface) 6 0x007dc5be -[PBXFileDocument initWithFileReference:usingType:] (in DevToolsInterface) 7 0x00b1c0f8 -[XCRefactoringFileChangeSet(XCRefactoringModule_HelperMethods) referencedTextFileDocument] (in DevToolsInterface) 8 0x00b1d1f4 -[XCRefactoringEditableExistingTextFileChangeSet populateComparator:] (in DevToolsInterface) 9 0x00ab19b7 -[XCRefactoringModuleFileItem populateComparator:previewFinished:] (in DevToolsInterface) 10 0x00aa4606 -[XCRefactoringModule(MasterListDelegate) outlineViewSelectionDidChange:] (in DevToolsInterface) 11 0x987381cb _nsnote_callback (in Foundation) 12 0x927ca3f9 __CFXNotificationPost (in CoreFoundation) 13 0x927c9e2a _CFXNotificationPostNotification (in CoreFoundation) 14 0x9872d098 -[NSNotificationCenter postNotificationName:object:userInfo:] (in Foundation) 15 0x9873a475 -[NSNotificationCenter postNotificationName:object:] (in Foundation) 16 0x98af1de2 -[NSTableView _enableSelectionPostingAndPost] (in AppKit) 17 0x98bd11d0 -[NSTableView mouseDown:] (in AppKit) 18 0x98bcfeea -[NSOutlineView mouseDown:] (in AppKit) 19 0x007596c3 -[PBXExtendedOutlineView mouseDown:] (in DevToolsInterface) 20 0x98b6e548 -[NSWindow sendEvent:] (in AppKit) 21 0x00757a06 -[XCWindow sendEvent:] (in DevToolsInterface) 22 0x98a871af -[NSApplication sendEvent:] (in AppKit) 23 0x006f6dec -[PBXExtendedApplication sendEvent:] (in DevToolsInterface) 24 0x98a1ac4f -[NSApplication run] (in AppKit) 25 0x98a12c85 NSApplicationMain (in AppKit) 26 0x0000eee1 27 0x000021a5 If you would like to take a look at the project I'm working on, here is a link to download my xcodeproject: Tea Timer.zip To recreate my problem, open Timer.h, attempt to refactor timeField to minuteField, use the preview function of refactor and then select Timer.m, to look at the changes supposedly made within. It will then raise this error without editing the file.

    Read the article

  • facebook connect button not producing pop-up

    - by bigmac
    This is a really simple question, but I can't seem to find the answer. I am just getting started with Facebook Connect. I would like to use it only for user authentication, so there is no need for my users to create another account. I used a very basic example from wiki.developers.facebook.com : <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"> <head></head> <body> <fb:login-button></fb:login-button> <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript"></script> <script type="text/javascript"> FB.init("***api-key***", "xd_receiver.htm"); </script> </body> </html> Very straight forward. It seems to work fine. However, if I am currently already logged in to Facebook, the pop-up window doesn't come up when I click the login button. Why is that?

    Read the article

  • Facebook Connect iPhone API logout not working

    - by Hunter Bridges
    I am attempting to write a Facebook integration in an iPhone app I'm working on. I have it logging in just fine, but I don't like the idea of being able to turn a feature on without being able to turn it off. So, in working on the logout functionality, I have been caught in a snag. - (IBAction) logoutClicked:(id)sender { if (fbLoggedIn) { FBSession * mySession = [FBSession session]; [mySession logout]; } } - (void)sessionDidLogout:(FBSession*)session { NSLog(@"Session logged out."); [theLoginButton setTitle:@"Facebook Time!" forState:UIControlStateNormal]; fbLoggedIn = FALSE; theLogoutButton.enabled = NO; theLogoutButton.alpha = 0; } The logoutClicked method responds to a button in my xib. The delegate method is not getting called. I have tried setting the Facebook session as a property in my ViewController in order to store/access the data across methods, but that didn't seem to work either. Anybody have any solutions?

    Read the article

  • Sugar CRM Soap call not working properly

    - by Jasim
    I have sugar crm instance and i was trying to get some data from it using soap service. Below is the code which i am using for it. When i run the same code , sometimes it is returning correct data, sometimes it not. Can any one tell me what the problem is?? include "nusoap.php"; $client = new soapclient('http://asdf.net/test/urbancrm_2009_06_22/soap.php'); // Login to SugarCRM $auth_array = array( 'user_auth' => array( 'user_name' => '******', 'password' => '*******' ), ); $response = $client->call('login', $auth_array); if (!$response['error']['number']){ // Successfully logged in $session_id = $response['id']; //$response = $client->call('get_entry_list',array('session'=>$session_id , 'module_name'=>'Users', 'query'=>'', 'order_by'=>'','offset'=>'','select_fields'=>array('id','user_name'))); $response = $client->call('get_entry_list',array('session'=>$session_id , 'module_name'=>'itf_Apartments', "query"=>"itf_apartments_cstm.neighborhood_c='Loop'", 'order_by'=>'','offset'=>'','select_fields'=>array('name','studio','convertible','one_bedroom','one_bedroom_plus_den','two_bedroom','two_bedroom_plus_den','penthouse','photo_c','building_type_c','neighborhood_c'))); //$response = $client->call('get_entry_list',array('session'=>$session_id , 'module_name'=>'itf_Apartments', 'query'=>'itf_apartments_cstm.urbanlux_id_c="1"', 'order_by'=>'','offset'=>'','select_fields'=>array('name','studio','convertible','one_bedroom','one_bedroom_plus_den','two_bedroom','two_bedroom_plus_den','penthouse',))); //store id and user name as a key value pair in array //echo "---"; print_r($response); } else { echo "else"; print_r($response); } ?

    Read the article

  • How to log in to a vbulletin forum with C#?

    - by Yustme
    Hi, I'm trying to log into a vbulletin forum. I got this far: private string login(string url, string username, string password) { string values = "vb_login_username={0}&vb_login_password={1}" values += "&securitytoken=guest&cookieuser=checked&do=login"; values = string.Format(values, username, password); HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url); CookieContainer a = new CookieContainer(); req.CookieContainer = a; System.Net.ServicePointManager.Expect100Continue = false; // prevents 417 error using (StreamWriter writer = new StreamWriter(req.GetRequestStream(), System.Text.Encoding.ASCII)) { writer.Write(values); } this.response = (HttpWebResponse)req.GetResponse(); StringBuilder output = new StringBuilder(); foreach (var cookie in response.Cookies) { output.Append(cookie.ToString()); output.Append(";"); } return output.ToString(); } It looks like i am getting logged in, but when i download the page, i can't find my username in it. Do you guys see anything that i might be doing wrong? Thanks in advance!

    Read the article

  • struts2: Redirect from global interceptor

    - by Dewfy
    In struts2 I have very simple task, after user is logged-in I'm checking if they profile is complete. If not user should be blocked from any other action and redirected to edit page. So I have created my default package: <package name="main" extends="tiles-default" > <interceptors> <interceptor name="checkProfile" class="my.CheckProfileInterceptor" /> <interceptor-stack name="secure"> <interceptor-ref name="defaultStack"/> <interceptor-ref name="checkProfile"/> </interceptor-stack> </interceptors> <default-interceptor-ref name="secure"/> </package> After it all my packages would include this template as a base: <package namespace="/packageA" name="packageA" extends="main"> ... <package namespace="/packageB" name="packageB" extends="main"> ... Saying editing page is /packageA/editProfile, my interceptor does following: public String intercept(ActionInvocation actionInvocation) throws Exception { if( currentUser.isOk() ) return "editProfile"; ... BUT! interceptor is global, so it raises struts2 error: No result defined for action (name of editProfile action class) When interceptor is placed inside some package - then everything ok. What should i do to declare global action?

    Read the article

  • sqlite is must for merb ?????

    - by mayank
    Hello All, I have a doubt regarding merb dependency with sqlite. I am going to install merb on my m/c and I don't have installed sqlite on my m/c . I tried this command "gem install merb" and faced following error. If is there any way to install merb with mysql please tell me. Thanks Mayank Building native extensions. This could take a while... ERROR: Error installing merb: ERROR: Failed to build gem native extension. /usr/bin/ruby1.8 extconf.rb checking for sqlite3.h... no * extconf.rb failed * Could not create Makefile due to some reason, probably lack of necessary libraries and/or headers. Check the mkmf.log file for more details. You may need configuration options. Provided configuration options: --with-opt-dir --without-opt-dir --with-opt-include --without-opt-include=${opt-dir}/include --with-opt-lib --without-opt-lib=${opt-dir}/lib --with-make-prog --without-make-prog --srcdir=. --curdir --ruby=/usr/bin/ruby1.8 --with-sqlite3-dir --without-sqlite3-dir --with-sqlite3-include --without-sqlite3-include=${sqlite3-dir}/include --with-sqlite3-lib --without-sqlite3-lib=${sqlite3-dir}/lib Gem files will remain installed in /usr/lib/ruby/gems/1.8/gems/do_sqlite3-0.10.2 for inspection. Results logged to /usr/lib/ruby/gems/1.8/gems/do_sqlite3-0.10.2/ext/do_sqlite3/gem_make.out

    Read the article

  • Problem installing RMagick rubygem on Centos 5

    - by Keith Pitty
    I'm having problems installing the RMagick rubygem on Centos 5. I've followed the steps detailed in http://rmagick.rubyforge.org/install2-linux.html but when I try: sudo gem install rmagick the result is: Building native extensions. This could take a while... ERROR: Error installing rmagick: ERROR: Failed to build gem native extension. /usr/local/bin/ruby extconf.rb checking for Ruby version >= 1.8.5... yes checking for gcc... yes checking for Magick-config... no Can't install RMagick 2.11.0. Can't find Magick-config in /usr/bin:/bin *** extconf.rb failed *** Could not create Makefile due to some reason, probably lack of necessary libraries and/or headers. Check the mkmf.log file for more details. You may need configuration options. Provided configuration options: --with-opt-dir --without-opt-dir --with-opt-include --without-opt-include=${opt-dir}/include --with-opt-lib --without-opt-lib=${opt-dir}/lib --with-make-prog --without-make-prog --srcdir=. --curdir --ruby=/usr/local/bin/ruby Gem files will remain installed in /usr/local/lib/ruby/gems/1.8/gems/rmagick-2.11.0 for inspection. Results logged to /usr/local/lib/ruby/gems/1.8/gems/rmagick-2.11.0/ext/RMagick/gem_make.out The directory /usr/local/bin contains Magick-config but I haven't been able to get rubygems to look there. I tried the following but the result was the same: sudo gem install rmagick -- --with-opt-dir=/usr/local/bin Any suggestions would be appreciated.

    Read the article

  • Is android's motion event handling accurate??

    - by Peterdk
    Bug I have a weird bug in my piano app. Sometimes keys (and thus notes) hang. I did a lot of debugging and narrowed it down to what looks like androids inaccuracy of motion event handling: DEBUG/(2091): ACTION_DOWN A4 DEBUG/(2091): KeyDown: A4 DEBUG/(2091): ACTION_MOVE A4 => A4 DEBUG/(2091): ACTION_MOVE ignoring DEBUG/(2091): ACTION_MOVE A4 => A4 DEBUG/(2091): ACTION_MOVE ignoring DEBUG/(2091): ACTION_MOVE A4 => A4 DEBUG/(2091): ACTION_MOVE ignoring DEBUG/(2091): ACTION_UP B4 //HOW CAN THIS BE???? DEBUG/(2091): KeyUp: B4 DEBUG/(2091): Stream is null, can't stop DEBUG/(2091): Hanging Note: A4 X=240-287 EventX=292 Y=117-200 EventY=164 DEBUG/(2091): KeyUp Note: B4 X=288-335 EventX=292 Y=117-200 EventY=164 Clearly it can be seen here that out of nowhere I suddenly have an ACTION_UP for another note. Shouldn't I definitely get a ACTION_MOVE first? As shown in the end of the log, it's definitely not an error in region detection, since the ACTION_UP event is clearly in the B4 region. Logging Implementation details Every onTouchEvent() call is logged, so the log is accurate. The relevant pseudo-code for the ACTION_MOVE logging is: Key oldKey = Key.get(event.getHistoricalX(), event.getHistoricalY()); Key newKey = Key.get(event.getX(), event.getY()); Question Is this normal behaviour for Android (the jumping in coordinates)? Am I missing something?

    Read the article

  • Authentication problem with Wufoo

    - by fudgey
    I set up a Wufoo form with admin only portions that will only show up if I am logged in. I read through the Wufoo API documentation and I can get the authenication to work, but when I try to access the form after I authenticate, it says I need to authenticate. This is what I have so far (subdomain, api key & form id changed) <?php error_reporting(E_ALL); ini_set('display_errors', 1); $curl1 = curl_init('http://fishbowl.wufoo.com/api/v3/users.xml'); curl_setopt($curl1, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl1, CURLOPT_USERPWD, 'AOI6-LFKL-VM1Q-IEX9:footastic'); curl_setopt($curl1, CURLOPT_HTTPAUTH, CURLAUTH_ANY); curl_setopt($curl1, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl1, CURLOPT_FOLLOWLOCATION, false); curl_setopt($curl1, CURLOPT_USERAGENT, 'Wufoo Sample Code'); $response = curl_exec($curl1); $resultStatus = curl_getinfo($curl1); if($resultStatus['http_code'] == 200) { echo 'success!<br>'; } else { echo 'Call Failed '.print_r($resultStatus); } $curl2 = curl_init("http://fishbowl.wufoo.com/api/v3/forms/w7x1p5/entries.json"); curl_setopt($curl2, CURLOPT_HEADER, 0); curl_setopt($curl2, CURLOPT_RETURNTRANSFER, 1); $response = curl_exec($curl2); curl_close ($curl2); echo $response; curl_close($curl1); ?> It doesn't matter if I close $curl1 before or after I call $curl2, I get the same message on my screen: success! You must authenticate to get at the goodies. and I know the api, subdomain and form id are all correct. And one last bonus question... can I do all of this using Ajax instead? - the page I will be displaying the form on will already be limited to admin access, so exposing the API shouldn't matter.

    Read the article

  • Asp.net Login Status Question: It Aint Working

    - by contactmatt
    I'm starting to use Role Management in my website, and I'm current following along on the tutorial from http://www.asp.net/Learn/Security/tutorial-02-vb.aspx . I'm having a problem with the asp:LoginStatus control. It is not telling me that I am currently logged in after a successful login. This can't be true because after successfully logging in, my LoggedInTemplate is shown. The username and passwords are simply stored in a array. Heres the Login.aspx page code. Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As System.EventArgs) _ Handles btnLogin.Click ' Three valid username/password pairs: Scott/password, Jisun/password, and Sam/password. Dim users() As String = {"Scott", "Jisun", "Sam"} Dim passwords() As String = {"password", "password", "password"} For i As Integer = 0 To users.Length - 1 Dim validUsername As Boolean = (String.Compare(txtUserName.Text, users(i), True) = 0) Dim validPassword As Boolean = (String.Compare(txtPassword.Text, passwords(i), False) = 0) If validUsername AndAlso validPassword Then FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, chkRemember.Checked) End If Next ' If we reach here, the user's credentials were invalid lblInvalid.Visible = True End Sub Here is the content place holder on the master page specifically designed to hold Login Information. On successfull login, the page is redirected to '/Default.aspx', and the LoggedIn Template below is shown...but the status says Log In. <asp:ContentPlaceHolder Id="LoginContent" runat="server"> <asp:LoginView ID="LoginView1" runat="server"> <LoggedInTemplate> Welcome back, <asp:LoginName ID="LoginName1" runat="server" />. </LoggedInTemplate> <AnonymousTemplate> Hello, stranger. </AnonymousTemplate> </asp:LoginView> <br /> <asp:LoginStatus ID="LoginStatus1" runat="server" LogoutAction="Redirect" LogoutPageUrl="~/Logout.aspx" /> </asp:ContentPlaceHolder> Forms authentication is enabled. I'm not sure what to do about this :o.

    Read the article

  • Using DPAPI / ProtectedData in a web farm environment with the User Store

    - by Lachman
    I was wondering if anyone had successfully used DPAPI with a user store in a web farm enviroment? Because our application is a recently converted from 1.1 to 2.0 asp.net app, we're using a custom wrapper which directly calls the CryptUnprotect methods. But this should be the same as the ProtectedData method available in the 2.0 framework. Because we are operating in a web farm environment, we can't guarantee that the machine that did the encryption is going to be the one decrypting it. (Also because machine failures shouldn't destroy our encrypted data). So what we have is a serviced component that runs in a service under a particular user account on each one of our web boxes. This user is a set up to have a roaming profile, as per the recomendation. The problem we have is that info encrypted on one machine can not be decrypted on another, this fails with the win32 error 'Key not valid for use in specified state'. I suspect that this is because I've made a mistake by having the encryption service running as the user on multiple machines, hence keeping the user logged in on more than one machine at the same time. If this is the problem, how are other using DPAPI with the User Store in a web farm environment?

    Read the article

  • Find the flaws in the concept...

    - by Trindaz
    A web based web browser. Sounds silly right? Here's a use case. All comments about what could go wrong, and if anyone has tried and failed at this, very much wanted User goes to www.theBrowser.com and logs in with credentials specific to theBrowser.com. User tells theBrowser what their username and password for various sites are User goes to theBrowser.com/?uri=somesite.com theBrowser sends off the http request with User's log in details, then sends the http response back to User. This lets theBrowser do weird and wonderful functions like change colours / style sheets / etc. to every site that gets passed through it. From a technical stand point, storing username and password and passing them along is not a challenge for one user, but if there were a few, I'd have to use some kind of server based browser software to store a session per user logged in at theBrowser.com. How could I do that? Will I have to start from scratch? Obviously privacy and security are issues. Would theBrowser.com be too great a risk, even if users are fully warned? Cheers, Dave

    Read the article

  • problem getting info from a cookie with javascript

    - by Jason
    I am having an issue with my cookies and I can't figure it out. Basically I have it set up so it checks for the cookie to see if the user is logged in, and then displays either a welcome message or a login link. It works - except that instead of returning the persons name in the welcome message it just is blank where the name should be. The cookie is there, with all the appropriate info.. not sure what I am doing wrong. var itm = new Array(); itm[0] = findCookie("ui"); if (itm[0] == null) { document.write("<h2><a href='logreg.html'>Log In or Sign Up</a></h2>"); } else { var c1 = itm[0].indexOf(","); var c2 = itm[0].indexOf(",",c1); var c3 = itm[0].indexOf(",",c2); var gname = itm[0].substring(c2,c3); document.write("<h2>Welcome "+gname+"!</h2>"); } The findCookie function is.. function findCookie(val){ var cookie = null; var findVal = val + "="; var dc = document.cookie; if (dc.length > 0) { var start = dc.indexOf(findVal); if (start >= 0) { start += findVal.length; lastVal = dc.indexOf(";", start); if (lastVal == -1) { lastVal = dc.length; } cookie = (dc.substring(start, lastVal)); } else { return cookie; } } return cookie; }

    Read the article

  • Magento - Authorize.net - Get Payment Update for expired transactions

    - by pspahn
    Magento 1.6.1 I have set up Authorize.net (AIM) for the client's store. Previously they were using saved CC method and entering information manually in Authorize.net's merchant terminal. Most of it is working as expected, however for transactions that are flagged as 'Suspected Fraud' by Authorize.net, if the client does not update the transaction manually before the authorization expires, using 'Get Payment Update' in Magento fails because the transaction is expired (I believe it's five days for an authorize only transaction). For the client, it seems the only way to update this order in Magento is to simply delete the order, as it doesn't appear the Paygate model knows about expired transactions. Performing 'Get Payment Update' simply returns 'There is no update for this payment'. I have already modified the file: /app/code/core/Mage/Paygate/Model/Authorize.net to have the correct API URL as described in issue #27117 ( http://www.magentocommerce.com/bug-tracking/issue?issue=12991 - must be logged in to view ). This resolved the button not working for all other orders; however this does not fix the issue I am describing. Is anyone familiar with Authorize.net's AIM API so that we can update these orders in Magento to something that makes sense (canceled, etc.) without having to delete the order? I am thinking it should be a case of adding a new order status to Magento, checking the update for an 'Expired' status, and setting the order to the newly created order status. -- edit -- I just ran a diff for the file mentioned above and noticed that Magento 1.7.0.2 includes the _isTransactionExpired() method which seems like it would be the fix. Can it be as simple as updating this model with the newer version?

    Read the article

  • can I make this select follower/following script more organized? (PHP/Mysql)

    - by ggfan
    In this script, it gets the followers of a user and the people the user is following. Is there a better relationship/database structure to get a user's followers and who they are following? All I have right now is 2 columns to determine their relationship. I feel this is "too simple"? (MYSQL) USER | FRIEND avian gary cend gary gary avian mike gary (PHP) $followers = array(); $followings = array(); $view = $_SESSION['user']; //view is the person logged in $query = "SELECT * FROM friends WHERE user='$view'"; $result = $db->query($query); while($row=$result->fetch_array()) { $follower=$row['friend']; $followers[] = $follower; } print_r($followers); echo "<br/>"; $query2 = "SELECT * FROM friends WHERE friend='$view'"; $result2 = $db->query($query2); while($row2=$result2->fetch_array()) { $following=$row2['user']; $followings[] = $following; } print_r($followings); echo "<br/>"; $mutual = array_intersect($followers, $followings); print_r($mutual); **DISPLAY** Your mutual friends avian Your followers avian You are following avian cen mike (I know avian is in all 3 displays, but I want to keep it that way)

    Read the article

  • Problem with authentication from different domains using Django sessions.

    - by Greg
    Hi all, I am developing a bookmarklet which essentially adds a toolbar to a web page user is currently looking at. To use it, user needs to be logged in. To login user clicks on 'Singin' which displays a standard form containing Username, Password etc fields. When user successfully logs in they may chose to navigate to a different web-site. When on another page, they (a) re-load the bookmarklet (b) their session is retrieved from the server (c) user doesn't need to login again. Pretty standard I've would have thought. Using Django sessions and JQuery. I'm having troubles implementing the above usecase. Here are some problems I've encountered: Cross domain POST AJAX requests are disallowed. That was solved with JSONp. I doubt it is a very secure approach but for now it works. My server returns the session id in a cookie, however when the user navigates to a different page I don't really know how to retrieve that session id to send back to my server. Can I even read third party cookies from my JavaScript? I'm looking for some guidelines on implementing the above usecase. Ideally I don't want to redirect user to another page for them to sign in. Any suggestion would be greatly appreciated. Thanks.

    Read the article

  • What are some techniques to monitor multiple instances of a piece of software?

    - by Geo Ego
    I have a piece of self-serve kiosk software that will be running at multiple sites. I'd like to monitor their status remotely. The kiosk application itself is pretty much finished. I am now in the process of creating a piece of software that will monitor all of the kiosks from a central location so that the customer can view particular details remotely (for instance, how many bills are in the acceptor's cash cartridge, what customer is currently logged in, etc.). Because I am in such an early stage of development, my options are quite open. I understand that I'm not giving very many qualifications, but I'd like to try to get a good variety of potential solutions. Some details: Kiosk software is a VB6 app running on Windows Embedded Monitoring software will be run on a modern desktop version of Windows (either XP, Vista, or 7) Database is SQL Server 2008 My initial idea was to develop a .NET app that would simply report the last database transaction for each kiosk at a set interval (say every second or so) but I'd really like for the kiosk software to report its status directly. I'm not exactly sure where to begin in terms of what modifications may need to be made to the kiosk software, and what the monitoring software will require. Links to articles on these topics would be most welcome.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 125 126 127 128 129 130 131 132 133 134 135 136  | Next Page >