Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

Page 131/388 | < Previous Page | 127 128 129 130 131 132 133 134 135 136 137 138  | Next Page >

• Trouble with authlogic_rpx

  - by Andrei

  Hi, I'm trying to run http://github.com/tardate/rails-authlogic-rpx-sample (only rails version was changed) but get error message http://gist.github.com/385696, when RPX returns information after successful authentication via Google Account. What is wrong here? And how I can fix it? The code was successfully tested with rails 2.3.3 by its author: http://rails-authlogic-rpx-sample.heroku.com/ I run on Windows with cygwin and rails (2.3.5), rpx_now (0.6.20), authlogic_rpx (1.1.1). Update In several hours RPX rejected my app http://img96.imageshack.us/img96/2508/14128362.png

  Read the article

• How can I use htaccess to protect a subdirectory of codeigniter installation?

  - by Art Peterson

  I have codeigniter installed at the root directory, and would like to have a subdirectory called "test" password protected using htaccess. I keep getting a "404 page not found" no matter what I try. The directory structure is: /public_html /css /images /system (codeigniter directory) /test .htaccess .htaccess .htpasswd index.php The root .htaccess file looks like: RewriteEngine On RewriteBase / Options -Indexes # Removes trailing slashes RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.+)/$ $1 [L,R=301] # Enforce www RewriteCond %{HTTP_HOST} !^(www) [NC] RewriteRule ^(.*)$ http://www.mydomain.com/$1 [L,R=301] #Checks to see if the user is attempting to access a valid file, #such as an image or css document, if this isn't true it sends the #request to index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^(.*)test(.*) RewriteRule ^(.*)$ index.php?/$1 [L] The /test/.htaccess file: AuthUserFile /home/dir/.htpasswd AuthName "Protected Area" AuthType Basic <limit GET POST PUT> require user adminuser </limit> I'm not even getting the authentication prompt, just the codeigniter 404 page when I navigate to the url "http://www.mydomain.com/test/". Please advise!

  Read the article

• can I see all SQL statements sent over an ODBC connection?

  - by Dave Cameron

  I'm working with a third-party application that uses ODBC to connect to, and alter, a database. During certain failure modes, the end-results are not what I expect. To understand it better, I'd like some way of inspecting all the statements sent to the database. Is there a way to do this with ODBC? I know with JDBC I could use http://www.p6spy.com/ to see all statements sent, for example when debugging hibernate. p6spy is a "proxy" driver that records commands sent and forwards them on to the real JDBC driver. Another possibility might be a protocol sniffer that would capture statements over the wire. Although, I'm unsure if ODBC includes a standard wire protocol, or only specifieds the API. Does anyone know of existing tools that would allow me to do either of these things? Alternatively, is there another approach I could take?

  Read the article

• Accessing protected REST endpoint with JQuery

  - by Andy

  I have a site where members login to their account (FormsAuth). I would like to set up a RESTful service that I can access using jQuery. I would like to protect these services using the same FormsAuth. How would a third-party site be able to access these services? They would need to pass in the Principal/Identity to the service, right? I've only seen examples of Basic Authentication (which Twitter uses and jQuery supports). I'm very new to WCT/REST, so not sure how this should be done.

  Read the article

• Problem with Validate Anti Forgery

  - by Mikael Egnér

  Hi! I have a problem regarding MVC Anti forgery token. When I do my authentication I have pseudo code like this: var user = userRepository.GetByEmail(email); System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User = user; by doing so I'm able to get the current user in my code like this: var user = HttpContext.Current.User as EntityUser; This works fine until I add the [ValidateAntiForgeryToken] attribute to an action. When I add the attribute I get A required anti-forgery token was not supplied or was invalid. If I comment out this line: System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User = user; The antiforgery validation works fine, but the I don't have my convenient way of getting my "EntityUser" from the HttpContext. Any ideas of how to work around this? Best regards Mikael

  Read the article

• Invoke an action that is using ASP.NET MVC [Authorize] from outside the application

  - by Nate Bross

  Is this possible? I'd like to expose a URL (action) such as http://mysever/myapp/UpdateHeartbeat/. In my MVC application it looks like [Authorize] [AcceptsVerbs(HttpVerbs.Post)] public ActionResult UpdateHeartbeat() { // update date in DB to DateTime.Now } Now, in my MVC application the user has logged in via FORMS authentication and they can execute that action to their hearts content. What I want to do, is hit that URL progromatically (as part of an API that I wouldl like to build) -- is there a way I can do that without removing the [Authorize] attribute and adding username/password as parameters to the POST?

  Read the article

• Fully customized login system in Django?

  - by user367817

  Hey, I am currently writing an application which I plan to sell as SaaS. Without giving away "secrets," I can say that it is basically a "document editing system" in which many users will be submitting documents. The basic heirarchy is this: Institution Individual Document Sub-document So each Individual should be able to BROWSE all documents that were submitted by anybody in their institution, but should only be able to EDIT documents that they created. No individual should even be aware of the existence of another Institution--that should all be completely hidden. I have written a Django/Python class that would facilitate this, but every document regarding authentication that I have read requires that I use the User object. Is this just a limitation of Django, or is there a way to do this? If there is a way, how can I get my own "Individual" class details attached to the "request" objects so I can validate the things I should be showing the users?

  Read the article

• asp.net: Is it possible to have multiple login forms to access different subfolders?

  - by Anthony

  Hi, Is it possible to have multiple login pages for different folders within an asp.net application? Say I have this structure: /admin /customer /login-admin.aspx /login-customer.aspx I have 2 different login forms. One for the admin people and one for the customers (the forms are different as the customers need to provide extra information on their login page). In the authentication section of the webconfig file (which is at the root of the web app), I can only specify one Login page. So how can I make sure thaf if anyone tries to access a webpage in /admin they will be redirected to /login-admin.aspx and if they try to access a webpage in /customer they will be redirected to /login-customer.aspx ? Thanks, Anthony

  Read the article

• Sending a signup confirmation email with having to confirm using Devise

  - by slythic

  Hi all, I'm using devise to handle user authentication with my rails app. I'd like to allow my users to sign up and be instantly logged in and receive a confirmation email. Devise has the Confirmable module which sends out an email but requires the user to open up their mail application, find the email and click a link which then leads them to the site again. I'd like to just email the user a confirmation that they signed up and that's it. Is there a way for devise to do this or do I need to resolve to handling ActionMailer myself (if so, is there a quick and non-complex example)? Many thanks! -Tony

  Read the article

• Not Seeing Ajax Requests In Firebug If Header Has Been Modified

  - by FluidFoundation

  Hey braintrust, I'm making an ajax call using jQuery's library to an api, which requires a username and password encoded to base64 be added to the header. here's a basic example: $.ajax({ type: "GET", contentType: 'application/json', beforeSend:function(xhr){ xhr.setRequestHeader("Authentication", "Basic " + base64EncodedValue); } url: 'https://api.company.com/uri/', complete: function(result) { alert(result); } }); But when this fires off, I get a black alert box, so it doesn't appear as if something is coming back. There is no log in the Firebug console that a get ajax request was done. However, if I remove the beforeSend option, I do see the ajax request get logged, but the request gets back a 'not authorized', so it definitely hit the right place. Any ideas on why it's not showing up in Firebug so I can verify the headers are being sent out correctly?

  Read the article

• Can I turn off an Apache Directive then turn it on in an include?

  - by javafueled

  I have a VirtualHost block that includes common configuration items, one directive is ProxyPreserveHost. Can I "procedurally" turn off ProxyPreserveHost for a Rewrite directive then have the include turn it back on? For example: <VirtualHost *:80> ServerName www.blah.com ... ... ProxyPreserveHost off RewriteRule /somepath http://otherhost/otherpath [P] Include /path/to/file/turning-on-ProxyPreserveHost </VirtualHost> The otherhost is on a CDN and preserving the host is creating some name resolution issue that is not allowing the proxying of content in the host namespace. ProxyReserveHost is only allowed in a Server Config or VirtualHost. It doesn't look like I can selectively turn it off for the ProxyPass and ProxyPassReverse directives (encapsulated in the proxy flag of mod_rewrite).

  Read the article

• losing session in rails 2.3.2 app using subdomain

  - by mike in africa

  i have a 2.2.3 app which i upgraded to 2.3.2 it's a multi-site (using subdomain) that creates one top level session for all sites. this is how i change the domain in production.rb: ActionController::Base.session_options[:domain] = "xxx.com" # in rails 2.2.2, this is what i used to do: # ActionController::Base.session_options[:session_domain] = "xxx.com" strange things started to happen after i upgraded i can no longer login using restful authentication; it does authenticate me, but as soon as i'm redirected, it would ask me to login again. as i said, i use restful_authentication and i also use passenger 2.1.2. anyone can help?

  Read the article

• How can I make a security token automatically expire in a passive STS setup?

  - by Rising Star

  I have a passive STS set up for a new application I'm working on. I've noticed that when a user's session expires, the user is still authenticated. I would have thought that when the session expires, the user would no longer be authenticated. My boss discussed this with me as I am currently charged with setting up the authentication. He says that it would be good if we could make the user's log on expire after a certain period of inactivity similar to how the session expires. I am familiar with how to sign a user out with a few lines of code. How can I make it so that the user is automatically signed out after a specified period of inactivity? Currently, I have some code in the global.asax file that programmatically checks when the last request was and compares it to the current time; it then signs the user out if a certain period of time has expired.

  Read the article

• Why Shouldn't I Programmatically Submit Username/Password to Facebook/Twitter/Amazon/etc?

  - by viatropos

  I wish there was a central, fully customizable, open source, universal login system that allowed you to login and manage all of your online accounts (maybe there is?)... I just found RPXNow today after starting to build a Sinatra app to login to Google, Facebook, Twitter, Amazon, OpenID, and EventBrite, and it looks like it might save some time. But I keep wondering, not being an authentication guru, why couldn't I just have a sleek login page saying "Enter username and password, and check your login service", and then in the background either scrape the login page from say EventBrite and programmatically submit the form with Mechanize, or use an API if there was one? It would be so much cleaner and such a better user experience if they didn't have to go through popups and redirects and they could use any previously existing accounts. My question is: What are the reasons why I shouldn't do something like that? I don't know much about the serious details of cookies/sessions/security, so if you could be descriptive or point me to some helpful links that would be awesome. Thanks!

  Read the article

• Subversion LDAP Configuration

  - by dbyrne

  I am configuring a subversion repository to use basic LDAP authentication. I have an entry in my http.conf file that looks like this: <Location /company/some/location> DAV svn SVNPath /repository/some/location AuthType Basic AuthName LDAP AuthBasicProvider ldap Require valid-user AuthLDAPBindDN "cn=SubversionAdmin,ou=admins,o=company.com" AuthLDAPBindPassword "XXXXXXX" AuthLDAPURL "ldap://company.com/ou=people,o=company.com?personid" </Location> This works fine for living, breathing people who need to log in. However, I also need to provide application accounts access to the repository. These accounts are in a different OU. Do I need to add a whole new <location> element, or can I add a second AuthLDAPURLto the existing entry?

  Read the article

• Best implementation for MySQL replication with Rails 3?

  - by vonconrad

  We're looking at potentially setting up replication for our primary MySQL database, and while setting up the replication seems pretty straight-forward, the application implementation seems a bit murkier. My first idea would be to set up a master-slave configuration and RW-splitting, with all write queries (CREATE, INSERT, UPDATE) going to master, and all read queries (SELECT) going to slave. Having read up on it, it seems that there are essentially two options for how to implement this with our app: Using an independent middleware layer for all MySQL connections, such as MySQL proxy or DBSlayer. However, the former is in Alpha and the latter has limited documentation. Using a Ruby-based gem/plugin, such as Octopus to achieve RW-splitting in the framework. If we wanted to go with a master-slave setup, what you recommend moving forward? The other thought I've had was to use a master-master configuration, but am unsure about the implementation of such a setup. Thoughts?

  Read the article

• In Django, why is user.is_authenticated a method and not a member variable like is_staff

  - by luc

  Hello all, I've lost some time with a bug in my app due to user authentication. I think that it's a bit confusing but maybe someone can explain the reason and it will appear to me very logical. The user.is_staff is a member variable while user.is_authenticated is a method. However is_authenticated only returns True or False depending if the class is User or AnonymousUser (see http://docs.djangoproject.com/en/dev/topics/auth/) Is there a reason for that? Why user.is_authenticated is a method? Thanks in advance

  Read the article

• .NET ORM and Security

  - by Sphynx

  We're going to use an ORM tool with a .NET desktop application. The tool allows creation of persistent classes. It generates all database tables automatically. In addition to other data, our system needs to store user credentials, and deliver access control. The question is, is there any possibility of access control by means of ORM, without creating the database authentication mechanisms manually? Is there any product on the market which allows this? We thought of limiting the access in the program itself, but users can easily access the database directly, and bypass the program limitations. Thanks.

  Read the article

• How can one make a web-site accessible only when someone has a dongle?

  - by Brian M. Hunt

  Suppose you want to add an extra layer of credentials on top of a SSL-encrypted login/password, but you don't want to increase complexity to the user. Is there a way to add the requirement of the possession of a dongle to web-server authentication schemes with existing cross-platform browser capabilities? In other words, to get access to the web-site, you would need a username, password, and a USB dongle that has been plugged into the client computer. The dongle would presumably do some sort of challenge/response. It'd be ideal if this dongle solution worked with Firefox automatically or with the simple addition of a plugin. Thoughts and suggestions are appreciated.

  Read the article

• How do I protect static files with ASP.NET form auhentication on IIS 7.5?

  - by Egil Hansen

  Hi all I have a website running on a IIS 7.5 server with ASP.NET 4.0 on a shared host, but in full trust. The site is a basic "file browser" that allows the visitors to login and have a list of files available to them displayed, and, obviously, download the files. The static files (mostly pdf files) are located in a sub folder on the site called data, e.g. http://example.com/data/... The site uses ASP.NET form authentication. My question is: How do I get the ASP.NET engine to handle the requests for the static files in the data folder, so that request for files are authenticated by ASP.NET, and users are not able to deep link to a file and grab files they are not allowed to have? Best regards, Egil.

  Read the article

• Cherokee rule failover

  - by phretor

  I have a Cherokee virtual host configured as follows: 1st rule: "Directory /" -> HTTP Reverse Proxy 2nd rule: "Directory /" -> uWSGI I know the second rule is useless because it's never triggered. However, the first rule seldom returns a 504 Gateway Timeout error so I was thinking of failing over the second rule, yet I don't know how to achieve this. Is it possible? Unfortunately, I cannot use only one rule with load balanced information sources, because I use two different types of information sources (i.e., pure HTTP and WSGI).

  Read the article

• Rewrite content served by apache

  - by Andy

  Hi guys, I have an internal app (Jira) that i want to use internally and externally, now there might be another way of doing this in which case i'm open to it, but this is what i have so far: URL one: https://domainname.com/jira - external domain name for it URL two: https://domainname.local/jira - internal network name for it. I am running Apache as a reverse proxy and I have this: <Location /jira> ProxyPass http://127.0.0.1:8080/jira ProxyPassReverse http://127.0.0.1:8080/jira </Location> Jira creates all of its links using a base url, which in this case is set to 'https://domainname.local/jira', so obviously when pages get served to the outside world they have .local on them. The question is, is there a way to have the content rewritten as it is served in order to change the .local addresses within the HTML to be the .com ones? Or am i being a retard and there is an easier way to solve this? Cheers for any help.... Andy

  Read the article

• Custom User Management for Google App Engine Java

  - by Gopi

  I am using GAE Java for a multi-user application. There are multiple users with different roles. Each user can login, do some operations and logout. The business restricts me from using Google User Service and I need to implement my own for authentication and session management. Can anyone please share with me how should I go about implementing my own user management? I have read its very tricky to implement own user management. Any pointers in terms of best approaches/ design / existing frameworks if any ? I could see some similar posts but they are for python.

  Read the article

• Should I go with Varnish instead of nginx?

  - by gotts

  I really like nginx. But recently I've found that varnish gives you an opportunity to implement smart caching revers proxy layer(with URL purging). I have a cluster of mongrels which are pretty resource-intensive so if this caching layer can remove some load from mongrels this can be a great thing. I didn't find a way to implement the caching layer(with for application pages; static content is cacheable of course) same with nginx.. Should I use Varnish instead? What would you recommend?

  Read the article

• Strange Error - "Object moved to here."

  - by Dkong

  I get the strange error "Object moved to here." on a blank white page when I try to login on a site I created. It works fine locally but not when I deploy it to the test or production server. I am not doing anything odd, just using basic authentication code in a helper function as follows... public static bool AuthenticateUser(string Username, string Password, bool PersistLogin, string RedirectionURL) { if (Membership.ValidateUser(Username, Password)) { FormsAuthentication.SetAuthCookie(Username, PersistLogin); HttpContext.Current.Response.Redirect(RedirectionURL,true); return true; } else return false; }

  Read the article

< Previous Page | 127 128 129 130 131 132 133 134 135 136 137 138  | Next Page >