Search Results

Search found 6525 results on 261 pages for 'restful authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 13/261 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Users being forced to re-login randomly, before session and auth ticket timeout values are reached

    - by Don
    I'm having reports and complaints from my user that they will be using a screen and get kicked back to the login screen immediately on their next request. It doesn't happen all the time but randomly. After looking at the Web server the error that shows up in the application event log is: Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired. Everything that I read starts out with people asking about web gardens or load balancing. We are not using either of those. We're a single Windows 2003 (32-bit OS, 64-bit hardware) Server with IIS6. This is the only website on this server too. This behavior does not generate any application exceptions or visible issues to the user. They just get booted back to the login screen and are forced to login. As you can imagine this is extremely annoying and counter-productive for our users. Here's what I have set in my web.config for the application in the root: <authentication mode="Forms"> <forms name=".TcaNet" protection="All" timeout="40" loginUrl="~/Login.aspx" defaultUrl="~/MyHome.aspx" path="/" slidingExpiration="true" requireSSL="false" /> </authentication> I have also read that if you have some locations setup that no longer exist or are bogus you could have issues. My path attributes are all valid directories so that shouldn't be the problem: <location path="js"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <location path="images"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <location path="anon"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <location path="App_Themes"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <location path="NonSSL"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> The only thing I'm not clear on is if my timeout value in the forms property for the auth ticket has to be the same as my session timeout value (defined in the app's configuration in IIS). I've read some things that say you should have the authentication timeout shorter (40) than the session timeout (45) to avoid possible complications. Either way we have users that get kicked to the login screen a minute or two after their last action. So the session definitely should not be expiring. Update 2/23/09: I've since set the session timeout and authentication ticket timeout values to both be 45 and the problem still seems to be happening. The only other web.config in the application is in 1 virtual directory that hosts Community Server. That web.config's authentication settings are as follows: <authentication mode="Forms"> <forms name=".TcaNet" protection="All" timeout="40" loginUrl="~/Login.aspx" defaultUrl="~/MyHome.aspx" path="/" slidingExpiration="true" requireSSL="true" /> </authentication> And while I don't believe it applies unless you're in a web garden, I have both of the machine key values set in both web.config files to be the same (removed for convenience): <machineKey validationKey="<MYVALIDATIONKEYHERE>" decryptionKey="<MYDECRYPTIONKEYHERE>" validation="SHA1" /> <machineKey validationKey="<MYVALIDATIONKEYHERE>" decryptionKey="<MYDECRYPTIONKEYHERE>" validation="SHA1"/> Any help with this would be greatly appreciated. This seems to be one of those problems that yields a ton of Google results, none of which seem to be fitting into my situation so far.

    Read the article

  • Restfull authentication between two GAE apps.

    - by user259349
    Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials on the request that my consuming app will send. I dont like it cause SSL will slow things down. Security by obsecurity. Pass a long number by my consuming app that is in Xmod0, where X is a secret number that both applications know. I just,,,, dont like this. Check the HTTP header to see where is the request coming from. This option is the one that i hate the least, not alot of processing, and spoofing an HTTP request is not really worth it, for my application's data. Is there any other clean solution for this?

    Read the article

  • HttpClient commons-httpclient Digest Authentication.

    - by Dave
    I am getting this error from a PostMethod using commons-httpclient No credentials available for DIGEST 'realm'@localhost and a 401 back from the server. I followed the example from this post java client program to send digest authentication request using HttpClient API (2) However, it still seems to fail. I am trying to connect to a XML-RPC service, we use digest authentication. I tried using the Apache xmlrpc library but it seems to not support digest authentication. Any ideas? Thanks.

    Read the article

  • Hitting a ADO.NET Data Services from WPF client, forms authentication

    - by Soulhuntre
    Hey all! There are a number of questiosn on StackOverflow that ALMOST hit this topic head on, but they are either for other technologies, reference obsolets information or don;t supply an answer that I can suss out. So pardon the almost duplication :) I have a working ADO.NET Data Service, and a WPF client that hits it. Now that they are working fine I want to add authentication / security to the system. My understanding of the steps so far is... Turn on forms authentication and configure it on the server (I have an existing asp.net membership service DB for other aspects of this app, so that isnt a problem) so that it is required for the service URL In WCF apply for and recieve a forms authentication "ticket" as part of a login routine Add that "ticket" to the headers of the ADO.NET service calls in WPF Profit! All well and good - but does anyone have a line on a soup to nuts code sample, using the modern releases of these technologies? Thanks!

    Read the article

  • User authentication on a Jersey REST service

    - by Stefan
    I am currently developing a REST application, which is using the Jersey framework. I would like to know a way that I can control user authentication. I have search a lot of places, and the closest article I have found is this: http://weblogs.java.net/blog/2008/03/07/authentication-jersey. However this article can only be used whith a GlassFish server and a attached database. Is there anyway that I can implement an interface in Jersey and use it as a filter before reaching the requested REST resource? I want to use basic authentication right now, but it should be flexible enough such that I can change that at a later time. Thanks in Advance Stefan.

    Read the article

  • OpenID Authentication 2.0 in Joomla 1.0.x

    - by Michael Pliskin
    Is there any easy way to bring OpenID authentication into a Joomla 1.0.x website? I am particularly interested in Google authentication (so I'll want OAuth &/or OpenID Attribute Exchange as well later), but for now just authentication will work. I know Joomla 1.5.x supports OpenID natively but I have to stick with 1.0.x for now. Any ideas? There are some traces of com_openid component on the net but I cannot find anything to look at.. EDIT I managed to find a J-OpenID component, gonna give it a try.

    Read the article

  • MOSS 2007 authentication

    - by Dante
    Hi, I have a MOSS web site configured with Windows Integrated Authentication. I added a couple of local users in the server, added them to Sharepoint groups, and I can log into my site (as long as the local user is part of the administrators group... odd). If I add a domain user to the Owners group, I can't access the site with it. Anybody knows what must be done to open access to domain users in a site configured with Windows Authentication or Basic Authentication? Thanks in advance

    Read the article

  • HTTP Digest Authentication Fails With URL Parameters (CakePHP)

    - by NathanGaskin
    I have a RESTful API set up and working with CakePHP using mapResources() and parseExtensions(). Authentication is handled by CakePHP's security component using HTTP Digest Authentication. Everything works fine, unless I add parameters to the url, in the form: http://example.com/locations.xml?distance=4 Which causes the authentication to always fail. Any ideas? Edit: This seems to be an issue with the regex in parseDigestAuthData(). There's a semi-fix here: http://old.nabble.com/paginator-conflicts-with-Security-%3ErequireLogin---td16301573.html which now allows me to use the format: http://example.com/locations/index/distance:4/.xml But that's not RESTful and doesn't look all that pretty. Still, getting closer!

    Read the article

  • Setting a Forms Authentication cookie from a .NET client application

    - by Jon DellOro
    We currently have a .NET 2.0 web app that uses forms authentication via cookies. Associated with this web app is an old VB6 client application that has its own login system. Currently, the users have to login to the VB6 app, and then when they click on a link, need to authenticate themselves again with the .NET forms authentication system. I'm wondering if it's possible to create a client side .NET application, give it the username and password, and set the forms authentication cookie (without the browser being opened). Is that possible??

    Read the article

  • The Definitive Guide To Website Authentication (beta)

    - by Michiel de Mare
    Form Based Authentication For Websites Please help us create the definitive resource for this topic. We believe that stackoverflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form Based Authentication For Websites" should be a fine topic for such an experiment. It should include topics such as: how to log in how to remain logged in how to store passwords using secret questions forgotten password functionality OpenID "Remember me" checkbox Browser autocompletion of usernames and passwords secret urls (public urls protected by digest) checking password strength email validation and much more It should not include things like: roles and authorization http basic authentication Please help us by Suggesting subtopics Submitting good articles about this subject Editing the official answer (as soon as you have enough karma) UPDATE: See the terrific 7-part series by Jens Roland below.

    Read the article

  • How to write a custom (odd) authentication plugins for Wordpress, Joomla and MediaWiki

    - by Bart van Heukelom
    On our network (a group of related websites - not a LAN) we have a common authentication system which works like this: On a network site ("consumer") the user clicks on a login link This redirects the user to a login page on our auth system ("RAS"). Upon successful login the user is directed back to the consumer site. Extra data is passed in the query string. This extra data does not include any information about the user yet. The consumer site's backend contacts RAS to get the information about the logged in user. So as you can see, the consumer site knows nothing about the authentication method. It doesn't know if it's by username/password, fingerprint, smartcard, or winning a game of poker. This is the main problem I'm encountering when trying to find out how I could write custom authentication plugins for these packages, acting as consumer sites: Wordpress Joomla MediaWiki For example Joomla offers a pretty simple auth plugin system, but it depends on a username/password entered on the Joomla site. Any hints on where to start?

    Read the article

  • Use of WebDAV to access OWA (exchange 2003) mails with Basic authentication and SSL

    - by Mayuresh
    I have got a working C# code for accessing OWA mails using WebDAV against a FBA enabled exchange 2003 (http://support.microsoft.com/kb/891748/en-us/) But my client's OWA (exchange 2003) has Basic authentication and SSL (i-e when I try to access the web mail link through browser I get a grey login box instead of a web page I can log into the mail box once I enter the correct details) But my same fails with a 401 error against this mailbox. I got the simple request working for the Basic authentication using – String usernamePassword = strUserName + ":" + strPassword; WebReq.Headers.Add("Authorization", "Basic " + Convert.ToBase64String(new ASCIIEncoding().GetBytes(usernamePassword))); But the subsequent WebDAV SEARCH request fails with 404 (resource not found) error. Can we use WebDAV against an exchange 2k3 with SSL and Basic authentication?

    Read the article

  • How to Run Pam Face Authentication

    - by Supriyo Banerjee
    I am using Ubuntu 11.10. I went to the following URL to download the software 'Pam Face Authentication': http://ppa.launchpad.net/antonio.chiurazzi/ppa/ubuntu/pool/main/p/pam-face-authentication/ and downloaded the version for natty narhwall. I installed the software using the following commands: sudo apt-get install build-essential cmake qt4-qmake libx11-dev libcv-dev libcvaux-dev libhighgui2.1 libhighgui-dev libqt4-dev libpam0g-dev checkinstall cd /tmp && wget http://pam-face-authentication.googlecode.com /files/pam-face-authentication-0.3.tar.gz sudo add-apt-repository ppa:antonio.chiurazzi sudo apt-get update sudo apt-get install pam-face-authentication cat << EOF | sudo tee /usr/share/pam-configs/face_authentication /dev/null Name: face_authentication profile Default: yes Priority: 900 Auth-Type: Primary Auth: [success=end default=ignore] pam_face_authentication.so enableX EOF sudo pam-auth-update --package face_authentication The software installed and I can run the qt-facetrainer. But the problem is when I restarted my system, I saw that the default login screen is appearing where I should put my password to login. The webcam is not starting at all. And I cannot login with my face. Which means I think that pam face authentication programme is not starting at all. Please let me know how I can login with my face using pam face authentication programme.

    Read the article

  • Problems with cross forest authentication in SQL Reporting

    - by chunkyb2002
    We're currently running an SQL 2008 R2 Cluster with Reporting Services running, all for use with System Center Operations Manager 2007 R2 (RU3). Our users are on a different domains to the SCOM and SQL servers (we have two domains as we are in the process of a domain migration) We have no problems at all with users accessing reports via the SCOM Console or the Web interface if they are on the new domain which runs at 2008 R2 functional level. However users on the old domain (which runs at a 2003 functional level) cannot access reports on SCOM or via the web interface (http://sqlserver/reports) The error we get is: An error occurred when invoking the authorization extension. (rsAuthorizationExtensionError) For more information about this error navigate to the report server on the local server machine, or enable remote errors Taking the errors advise we logged on to the SQL server as a user on the old domain (which works fine!) and then try to authenticate with the reporting via the web interface which produces this most useful of errors: An error occurred when invoking the authorization extension. (rsAuthorizationExtensionError) The creator of this fault did not specify a Reason. Things we've tried: Recreating the trust between domains Ensuring the SQL Reporting service account was a member of Windows Authorization Access Group on the 2003 domain Added users on the 2003 domain explicitly to the Reporting Users group on the SQL Server Has anyone come across this issue before perhaps in a different scenario? If so how was it resolved? Thanks in advance for any help.

    Read the article

  • Intranet Site Authentication Issues on SBS 2008

    - by mwillmott
    Hello, Simply, the Sharepoint intranet site that is automatically installed with SBS 2008 is bound to port 5555 in IIS so to get to it you can browse to server-name:5555 and then authenticate using domain credentials. I have added another binding on port 80 using a host header so intranet.localdomain.local (and added the required record in the DNS). This works fine from any computer on the domain, you can go to the nicer address and authenticate no problem. However, when you browse to the port 80 binding on the local server it reaches it but fails to authenticate. I cannot figure out why and it is really annoying. Not essential to fix but it would be nice. Any ideas? Michael

    Read the article

  • OSX AFP authentication

    - by Jason S
    I've enabled file sharing (AFP) on my iMac so that I can access it via our MacBook. I've also created a directory ~/shared/family that I have shared to specific user accounts. When I use the Finder on my MacBook, I see my iMac computer listed, and I can see my ~/Public directory on the iMac, but I can't see ~/shared/family. How do I authenticate from my MacBook to my iMac? That seems like it's the missing step.

    Read the article

  • Debugging UI Problems in IE8 (Was IE8 on Windows 7 Authentication Mess)

    - by alharaka
    UPDATE: I think the real question I need to ask here is: how does a technician debug UI problems with Internet Explorer, and not HTML rendering issues that have pretty good tools? I am aware of the SysInternals tools and others mentioned below, but maybe I am not harnessing their power properly. Someone else in the TechNet forum I mentioned had a similar issue. Again, I have lots of data, I am not sure how to properly interpret it. ORIGINAL POST: So I tried the venerable Technet Forums to solve this isse. In short, the Windows Security dialog has no place to put credentials, rendering pretty much useless. This happens to apply for a whole bunch of our intranet websites, and only a select number of users with a few laptops have this problem. It ends up looking like this. Things I have tried so far: Disabling local Group Policy (not domain connected) Disabling local Security Policy Resetting IE settings A few system restores Re-registering a bunch of IE DLL's and all other steps here Reinstalling IE8 (dism /online /disable-feature /featurename:"internet-explorer-optional-x86, reboot, dism /online /enable-feature /featurename:"internet-explorer-optional-x86, and reboot) And SFC scan, which found nothing Still, nothing. Not only am I fed up, but I have begun to really work with APIExplorer and Procmon as mentioned in the Technet original because I want to know WHAT is happening, not just fix it. Any thoughts?

    Read the article

  • Samba authentication problem when attempting to connect from Windows client

    - by Camsoft
    I've got a Linux server running Ubuntu and Samba. I've created two shares in Samba that point to directories that are owned by the user "cameron". When I attempt to connect to these shares on Windows 7 is connects and allows me to see the files but they are read-only. This is the desired action for guest users but not for authenticated users. My user on the Windows client is "Cameron" and has the same password as the Linux user "cameron". I don't think my Windows user has authenticated against the Linux user. I even created a users.map file to map the user cameron (linux) to Cameron (windows) but still it does not work. Here is my samba config file (UPDATED): [global] server string = %h server (Samba, Ubuntu) map to guest = Bad User passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . username map = /etc/samba/users.map syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 os level = 65 preferred master = Yes dns proxy = No wins support = Yes usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d valid users = cameron write list = cameron [www] path = /usr/local/apache2/htdocs write list = @www-data force group = www-data guest ok = Yes [cameron] path = /home/cameron write list = @www-data force group = www-data guest ok = Yes

    Read the article

  • Debugging UI Problems in IE8 (Was IE8 on Windows 7 Authentication Mess)

    - by alharaka
    UPDATE: I think the real question I need to ask here is: how does a technician debug UI problems with Internet Explorer, and not HTML rendering issues that have pretty good tools? I am aware of the SysInternals tools and others mentioned below, but maybe I am not harnessing their power properly. Someone else in the TechNet forum I mentioned had a similar issue. Again, I have lots of data, I am not sure how to properly interpret it. ORIGINAL POST: So I tried the venerable Technet Forums to solve this isse. In short, the Windows Security dialog has no place to put credentials, rendering pretty much useless. This happens to apply for a whole bunch of our intranet websites, and only a select number of users with a few laptops have this problem. It ends up looking like this. Things I have tried so far: Disabling local Group Policy (not domain connected) Disabling local Security Policy Resetting IE settings A few system restores Re-registering a bunch of IE DLL's and all other steps here Reinstalling IE8 (dism /online /disable-feature /featurename:"internet-explorer-optional-x86, reboot, dism /online /enable-feature /featurename:"internet-explorer-optional-x86, and reboot) And SFC scan, which found nothing Still, nothing. Not only am I fed up, but I have begun to really work with APIExplorer and Procmon as mentioned in the Technet original because I want to know WHAT is happening, not just fix it. Any thoughts?

    Read the article

  • Nginx with PAM authentication through pam_script

    - by Envek
    Have anyone set up such a configuration? It's not work for me. So, I've installed nginx-extras on Ubuntu 12.04 (it's built with PAM module), and write to site config: location ^~ /restricted_place/ { auth_pam "Please specify login and password from main_site"; auth_pam_service_name "nginx"; } Afterwards, in /etc/pam.d/nginx: auth required pam_script.so dir=/path/to/my/auth_scripts And wrote simplest /path/to/my/auth_scripts/pam_script_auth (also I've tried to write complicated scripts) #!/bin/sh exit 0 # should allow anyone Doesn't work. The script is launched (I've wrote full functional script, that successfully executes, check credentials, writes to its own log and returns correct exit code, and executes noticeably long). But no access granted. Only rejected. In /var/log/nginx/error.log appears next record: 2012/09/13 10:44:42 [alert] 1666#0: waitpid() failed (10: No child processes) If I'm specify in /etc/pam.d/nginx: auth required pam_unix.so and grant for www-data user right to read /etc/shadow, unix authorization works fine. But script auth doesn't work. Can't understand, where is trouble. In nginx module, or in pam_script module.

    Read the article

  • SMTP authentication error using PHPMailer

    - by Javier
    I am using PHPMailer to send a basic form to an email address but I get the following error: SMTP Error: Could not authenticate. Message could not be sent. Mailer Error: SMTP Error: Could not authenticate. SMTP server error: VXNlcm5hbWU6 The weird thing is that if I try to send it again, IT WORKS! Every time I submit the form after that first error it works. But if I leave it for a few minutes and then try again I get the same error again. The username and password have to be right as sometimes it works fine. I even created the following (very basic) script just to test it and I got the same result <?php require("phpmailer/class.phpmailer.php"); $mail = new PHPMailer(); $mail->IsSMTP(); $mail->Host = "smtp.host.com"; $mail->SMTPAuth = true; $mail->Username = "[email protected]"; $mail->Password = "password"; $mail->From = "[email protected]"; $mail->FromName = "From Name"; $mail->AddAddress("[email protected]"); $mail->AddReplyTo("[email protected]"); $mail->IsHTML(true); $mail->Subject = "Here is the subject"; $mail->Body = "This is the HTML message body <b>in bold!</b>"; $mail->AltBody = "This is the body in plain text for non-HTML mail clients"; if(!$mail->Send()) { echo "Message could not be sent. <p>"; echo "Mailer Error: " . $mail->ErrorInfo; exit; } echo "Message has been sent"; ?> I don't think this is relevant, but I just changed my hosting to a Linux shared server. Any idea why this is happening? Thanks! ***UPDATED 02/06/2012 I've been doing some tests. The results: I tested the script in an IIS server and it worked fine. The error seems to happen only in the Linux server. Also, if I use the gmail mail server it works fine in both, IIS and Linux. Could it be a problem with the configuration of my Linux server??

    Read the article

  • Domain authentication over OPEN wireless pre-logon (Windows 7 Pro) - No logon servers avail

    - by Shadow00Caster
    I have a plethora of laptops that are joined to an AD domain. I have an enterprise wireless system setup, the users of these laptops will be using an OPEN unsecured SSID which will ultimately have a captive portal that uses Radius-AD auth and firewall rules to allow access pre-captive portal auth to the proper ip's/ports of DC's etc for auth etc. I already have other laptops/users connecting to another SSID with 802.11x and SSO, all works perfectly pre-logon etc. My problem is with this open network, for some reason I cannot get the machines to auth to AD. The laptops connect to the wireless network, I confirm this on the controller and can ping the laptop at startup. I sharked the wires on the 2 DC's that these machines auth to, I can see a DNS SOA update from a laptop im testing with and can ping that test laptop from both DC's. When I try to logon, "There are currently no logon servers available to service the logon request." The shark shows no incoming connections to either DC even though the laptop is connected and pingable. Any help is greatly appreciated.

    Read the article

  • VPN authentication and MAC addresses

    - by zakk
    I have to set up a VPN (various clients connecting to a web service on a server, which is also the VPN server) and I want to make sure that no user will share his/her credentials with third parties. I know that this problem is not solvable completely, but I'd want to set up some additional security checks... Some idea I have: 1) An additional check on MAC address, but... are MAC addresses preserved thru VPN? 2) Some kind of extra identification of the client (User Agent, open ports, I want to make sure that is the very same client I authorized). 3) I would like to avoid commercial solutions like a security token... I realize it would be the perfect solution, but it will be to expensive, I suppose... Do you feel that these options are viable? Do you have any other ideas? Thanks in advance for your replies!

    Read the article

  • Custom authentication method for GDM

    - by FMC
    I am trying to find a way of authenticating users on public computers through GDM, but I have a few things to be taken in account. The users do not have a login/password, they only thing they are given is a string. This string is unique and will allow us to identify them. You can see this string as a login without a password. The users must be present in a remote database The users must have the rights to login on the computer they are on at that time. A remote database would check if a booking on the computer had been set for that time by that user. Or if no booking had been made, allow to login. A default user id/home/gid has to be set to the user once logged in I have found ways to deal with most of those requirements, but not altogether. PAM looks nice to set up a custom way of checking if the user booked its computer. NSS MySQL looks nice to set up the environment. Would you know how to set up the environment by myself using a custom PAM module (using pam_python would be preferred)? Or any other method that could help me? Thanks in advance!

    Read the article

  • Web authentication using LDAP and Apache?

    - by Stephen R
    I am working on a project of setting up a web administered inventory database for my work (or if they don't want it then i'll enjoy learning about it) and hit the problem of allowing only authorized users to access the website (In its testing/development phase, I allow all people to navigate to the website to add entries to the database and query it). I am trying to make it so only particular users in the domain (Active Directory) are allowed to access the website after they are queried about their credentials. I read that Apache (I am using a LAMP server) has a means of asking visitors to the website to provide LDAP credentials in order to gain access to the site, but I wasn't sure if that was exactly what I was looking for. If anyone has experience in the LDAP configurations for Apache that I mentioned or any other means of securely authenticating with websites I would greatly appreciate advice or a direction to go Thank you!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >