Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

Page 133/388 | < Previous Page | 129 130 131 132 133 134 135 136 137 138 139 140 | Next Page >

Best approach to store login credentials for website

- by Zerotoinfinite

I have created a site in ASP.NET 3.5 & I have only 2 or 3 user login IDs who can login to the website. What would be the best way to save these login details? Which of these approaches, or others, would be most suitable? Using Forms Authentication, and saving credentials (username and password) in web.config to create a text file in directory and modify it Which approach is best from a security and maintenance perspective? What other approaches are suitable for a login system for ASP.NET?

Read the article
single sign on in asp.net

- by gopal

Hi , We have developed implemented single sign on methodology to authenticate user. When a page is requested, if it is not authenticated then a login page will be redirected. Once they logged in the requested page will be shown. this is working when we don't assign a domain to the virtual directory. But when we assign the domain to virtual directory after the authentication the application is not redirecting to the requested page. We are using FormsAuthentication.GetRedirectUrl method to redirect the requested page. Why this is happening? How can we resolve this issue?

Read the article
WCF server component getting outdated user name

- by JoelFan

I am overriding System.IdentityModel.Policy.IAuthorizationPolicy.Evaluate as follows: public bool Evaluate(EvaluationContext evaluationContext,ref object state) { var ids = (IList<IIdentity>)evaluationContext.Properties["Identities"]; var userName = ids[0].Name; // look up "userName" in a database to check for app. permissions } Recently one of the users had her user name changed in Active Directory. She is able to login to her Windows box fine with her new user name, but when she tries to run the client side of our application, the server gets her old user name in the "userName" variable in the code above, which messes up our authentication (since her old user name is no longer in our database). Another piece of info: This only happens when she connects to the server code on the Production server. We have the same server code running on a QA server, and it does not have this issue (the QA server code gets her correct (new) user name) Any ideas what could be going on?

Read the article
Is it bad practice to select upstream servers based upon the HTTP method?

- by PartlyCloudy

I'm wondering if it is bad practice to have a reverse proxy that selects the upstream server depending on the HTTP method used? The background is that I have an abitrary web server that handles POST requests with some logic behind. The same resources also contain static content, that can be retrieved using GET. After some benchmarking I realized that nginx would handle the static content way faster than my abitrary web server doing this. I checked the option to forward incoming requests internally using nginx, which is feasible. But this would lead to the fact that different servers would serve a distinct resource, only depending on issuing a GET or POST, including different header fields.

Read the article
asp.net impersonation identity: Where does it come from?

- by Rising Star

Here's a simple question I've been stuck on for a while. When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from? This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user: Httpcontext.Current.user System.Threading.Thread.Current System.Security.Principal.WindowsIdentity.GetCurrent It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config. I would like to know where the impersonated identity comes from.

Read the article
Can SiteB Restrict Access Only to Users Authenticated on Site A? How?

- by DaveDev

I have recently been asked to estimate a piece of work which will provide functionality for authenticated users to access our site. The thing is, the user has to authenticate on a different site & domain to the one we are hosting. The user authenticates on SiteA.com and they are provided with a link to our site, SiteB. Only users who have authenticated on SiteA are allowed to access SiteB.com. I don't yet know what authentication system SiteA is using, but I thought I'd ask the community for some initial thoughts. Is this even possible? What do I need to consider? Thanks

Read the article
Dynamic proxies to auto-save models

- by atomman

I'm trying to make some auto-magic happen in java using proxies to track objects and saving them when a set* method is called. I started of using java's built in Proxy, and everything works just fine, but from what I can understand I need a interface for every model, which is something that I'm trying to avoid. This is where CGLIB comes in, it allows me to create proxies of my models without the use of interfaces. BUT, how can I now retrieve the original object, the one I am trying to save? The optimal solution to be would be something like the EntityManager interface used by hibernate, where you keep your original object, but it is still tracked.

Read the article
Logging on to two sites simultaneously

- by James Wakefield

I want to log on to two sites simultaneously to enable a single sign on solution. We have a smallish wiki that is created with Apple wiki and we have an intranet site on a aspx cms system by Elcom. Both use Active Directory for credentials. Currently they are on different domains, but we could enable a rewrite using our load-balancer (Citrix Netscaler) or IIS. These sites are on different servers, one a mysterious Mac system and the other an IIS v6.0 on windows 2003. Now I am almost certain that a reverse proxy set up will solve this but I really just need someone to agree that this solves this issue, and if there are things I should look out for what they might be. I just want to have an invisible log on screen in an iframe and enter clone the user name and password using javascript.

Read the article
Zend_Auth_Adapter_DbTable identity not unique

- by volf

For authentication on a website i use Zend_Auth_Adapter_DbTable. Everything work's fine, but Zend Framework only allow unique Identitys in the table. As an identity i use the mail-address from my users. The problem is, that there are more items in the table with this mail-adress. User can delete there account and so i don't delete the whole row, i only change the status to -2 or something else. active user has the status 1. i try to use it like so: $authAdapter = new Zend_Auth_Adapter_DbTable($db, 'user', 'email', 'password', "? AND `status`='1'"); $authAdapter->setIdentity($email); $authAdapter->setCredential($password); But it doesn't work. If i delete the inactive user with the same mail-address, everything work's. Why is that?

Read the article
How to set credential persistence permanent on Android

- by doreamon

My app has save login credential feature, so I store cookies for the next use after succeeding to sign in. However, after a time period, the session will be time out and cannot log in with the cookies any more. On iOS, after setting credential persistence to permanent, the app works nicely even after restarting the phone: [[challenge sender] useCredential:[NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistencePermanent] forAuthenticationChallenge:challenge]; On Android, I cannot find out such kind of this option. Here is from my HttpHelper class: ((AbstractHttpClient) HttpHelper.client).getAuthSchemes().register("ntlm",new NTLMSchemeFactory()); NTCredentials creds = new NTCredentials(user, pass, "", domain); ((AbstractHttpClient) HttpHelper.client).getCredentialsProvider().setCredentials(AuthScope.ANY, creds); The server is SharePoint so I have to deal with ntlm authentication by following this instruction If you have idea, please let me know. Thank you.

Read the article
Best approach to store username & password

- by Zerotoinfinite

Hi All, I have created a site in asp.net 3.5 & my query is this that I have only 2 or 3 login Id (user) who can login to my website, then what would be the better way to save the login details. What I know I am writing below, please let me know which would be the correct approach to achieve this also if their is any nice approach to get this done: 1: to save username and password in web.config file 2: to create a text file in directory and modify it 3: To use form authentication Please let me know the approach I can use to solve it. thanks in advance P.S. : I have to create only 2-3 users, or in future may be 1-2 more, that's it.

Read the article
HWID locking a PHP page?

- by Rob

Currently I sell a program, that accesses my webpage. The program is HWID (Hard Ware ID) locked, and the only reason I use the program to access the webpage instead of direct access via a webbrowser, is so that I can use HWID authentication. However, I've just been told I can code a script to get computer information, such as hardware ID etc. Is this actually possible completely server-side? If so, can I do it with PHP? If not, what language would this be, and what functions would I have to look into for this?

Read the article
Ruby on rails: Image downloads with Authentication/Authorization/Time outs

- by ak1dnar

Hi Guys, I'm having few doubts on implementing file downloads. I'm creating an app where I use attachment_fu with Amazon s3 to upload files. Things are working pretty well so far on uploading side. Now its the time to start the file downloads. Here is what I need, a logged in user search and browse for Images and they should able to add the files in to a download basket (Let's say its a Download Shopping Cart). Finally the user should be able to download these file(s) from S3 probably as a zipped file. Is there any plugin/gem where I can use for this?

Read the article
WCF: Using Streaming and Username/Password authentication at the same time

- by Kay

Hi, I have a WCF Service with the following requirements: a) The client requests a file from the server which is transferred as a Stream. Files may be 100MB or larger. I need streaming or chucking or whatever to make sure that IIS is not loading the whole package into memory before starting to send it. b) The client will transfer an ID to identify the file to be downloaded. The user should be authenticated by providing username/password. c) While the username/password part of the communication needs to be encrypted, encryption of the downloaded file is optional for our use case. My other services, where I am returning smaller files, I am using the following binding: <ws2007HttpBinding> <binding name="ws2007HttpExtern" maxReceivedMessageSize="65536000"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </ws2007HttpBinding> But, as I said, that is no good for streaming (Message encryption needs the complete message to encrypt and that is not the case when streaming). So, I asked Microsoft support and I got more or less the following proposal: <bindings> <basicHttpBinding> <binding name="basicStreaming" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </bindings> <services> <service behaviorConfiguration="MyProject.WCFInterface.DownloadBehavior" name="MyProject.WCFInterface.DownloadFile"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicStreaming" contract="MyProject.WCFInterface.IDownloadFile" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyProject.WCFInterface.DownloadBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> When I use this, I get the following error message: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. I am using the Web Development Server so far (for production IIS7). I have two questions. a) How would you configure WCF to achieve the goal? b) If the MS proposal is good: What I am doing wrong, the error message does not really help me. Thanks.

Read the article
Selenium RC 403 Error - Forbidden for proxy

- by FarmBoy

I'm trying to run Selenium RC 1.0.3 using Java 6, JUnit 4, and Eclipse on Snow Leopard. Here is my test class, from the Selenium docs: public class TestCase extends SeleneseTestCase { @Before public void before() throws Exception { setUp("http://www.google.com/", "*firefox"); } @Test public void test() { selenium.open("/"); selenium.type("q", "selenium rc"); selenium.click("btnG"); selenium.waitForPageToLoad("30000"); assertTrue(selenium.isTextPresent("Advanced search")); } } I've tried (finding various suggestions on the web) replacing *firefox with *chrome or *firefox, replacing http with https and adding selenium.start(), but none have helped, or even changed the behavior. Any ideas?

Read the article
Nginx as a proxy to Tomcat

- by Langali

Pardon me, this is my first attempt at Nginx-Jetty instead of Apache-JK-Tomcat. I deployed myapp.war file to $JETTY_HOME/webapps/, and the app is accessible at the url: http://myIP:8080/myapp I did a default installation of Nginx, and the default Nginx page is accessible at http://myIP Then, I modified the default domain under /etc/nginx/sites-enabled to the following: server { listen 80; server_name mydomain.com; access_log /var/log/nginx/localhost.access.log; location / { #root /var/www/nginx-default; #index index.html index.htm; proxy_pass http://127.0.0.1:8080/myapp/; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/www/nginx-default; } } Now I get the index page of mypp (running in jetty) when I hit myIP, which is good. But all the links are malformed. eg. The link to css is mydomain.com/myapp/css/style.css while what it should have been is mydomain.com/css/style.css. It seems to be mapping http://mydomain.com to http://127.0.0.1:8080 instead of http://127.0.0.1:8080/myapp/ Any idea what am missing? Do I need to change anything on the Jetty side too?

Read the article
WCF Service Authentication problem?

- by Marcus

I have an application which exposes lots of interfaces via net.tcp protocol, using both SecurityMode.Transport and SecurityMode.None (I really need support for both). My whole application is written in a DLL file. I have a form which consumes this DLL and now I made a Windows Service to consume this DLL. The problem is, when this windows service goes up, the insecure service throws this exception: Stream Security is required at http://www.w3.org/2005/08/addressing/anonymous, but no security context was negotiated. This is likely caused by the remote endpoint missing a StreamSecurityBindingElement from its binding. In the client side, nothing has changed. Is there any reason for this behaviour? The program is exactly the same. When I run the same test with the form app, it works... ps: I've already tried running the windows service as: SYSTEM, NETWORK SERVICE and my user account (which runs the form app) Thanks

Read the article
Authentication and Login on 2 website

- by xRobot

Hi at all, I have 2 site: example.com and exampletwo.com I want that when a user login on example.com then he is automatically authenticated also on exampletwo.com How can I do that ? I use Django + Nginx on first website and Tornado framework + Tornado server on second website. Thanks ;) . P.S. If you don't know this platforms ( Django or Tornado or Nginx ), I accept also a solution for a generic PHP+Apache platform and then I will do some research :)

Read the article
Cannot add Authorization field to HttpsUrlConnection in order to complete Basic authentication

- by ES

Hi, I'm using the Sun API HttpsURLConnection class, and have been trying for a day now to get it to send a simple request: URL url = new URL("https://thirdpartyserver.com/somelocation"); connection = (HttpsURLConnection)url.openConnection(); connection.setDoOutput(true); connection.setRequestMethod("POST"); if (doAuthorization) { Base64Converter converter = new Base64Converter(); connection.setRequestProperty("Authorization", "Basic " + converter.encode("username:password")); } OutputStreamWriter writer = new OutputStreamWriter(connection.getOutputStream()); writer.write("param1=100&param2=hello"); writer.flush(); writer.close(); I keep getting 401 from the third part server. When I look at the connection through the debugger, the method shows up as GET even though I set it to POST; the collection of request properties shows up as null. If I print the values out, the method shows up as POST, but the request parameters collection is still empty. I would love to be able to print the request and understand what's going on, but I could not figure out how to print the content of an output buffer. Any ideas? Thanks! ES

Read the article
WCF how to pass token for authentication?

- by Kevin

I have a WCF service which would like to support basicHttpBinding and webHttpBinding. When the client successfully login, server will generate a token for client to pass to server on all the request make later. Question is how the client can pass the token to server? I don't want to add an extra parameter on every web method to hold the token.

Read the article
Problem with Richfaces running with NGinx proxy

- by Michael

Hi, I got a problem with my Richfaces application. I am using it with JSF and GlassFish v.2 on my localhost and combination od dataTable and dataScroller works fine. While moving the app to the VPS running Tomcat but proxied by Nginx server, everything crashes. Exactly the scroller is working, but the dataTable view is not refreshed! I looked at responses with Firebug and figured out, that even on VPS the response contains 2nd page of the dataTable, but it is not shown on the screen. I tried everything - changing page attribute of dataScroller (it was taken from session bean, I changed that to request bean). I also removed page attribute from dataScroller - did not help either. Finally I added my table to reRender attribute of dataScroller - still whichever page I choose I am seeing only the first one. Does anyone even heard about such problem? I am going crazy with this. Best regards, Michael

Read the article
Facebook canvas Iframe App authentication problem.

- by itsoft3g

hi, I am in the conversion process of facebook app from fbml to iframe. Now i am testing using few iframe pages. $user = $facebook->require_login(); It gives the current user logged in. Once it get the variable from the facebook.com it saves in cookie by the PHP API provided by facebook). I logged out using another tab of facebook and i tryed using my app without refreshing the whole site (by just using the links inside my app). It still gives the $user variable. It indicates that user has logged in instead of user logged out. Please help me out. I want my app secured. It looks my iframe app accessible when we select "open this frame in new window". I need a solution for this too. Thanks in advance.

Read the article
Security and authentication in web services

- by King

Lets say we have a website that uses a web service for all of its functionality (i.e. retrieving and updating data from/to db), how does the web service authenticate requests? As I understand it, in a traditional java "website" a user provides a username & password, and upon validation a jsessionid is assigned to the user (client browser). Every time the client browser asks the website for something, the site checks for the jsessionid ensuring that the user is registered and authenticated. Is there a web services equivalent of this? If yes, what?

Read the article
Deploying Pylons with Nginx reverse proxy?

- by resopollution

Is there a tutorial on how to deploy Pylons with Nginx? I've been able to start nginx and then serve pylons to :8080 with paster serve development.ini However, I can't seem to do other stuff as pylons locks me into that serve mode. If I try to CTRL+Z out of pylons serving to do other stuff on my server, pylons goes down. There must be a different method of deployment. PS - I've done all this: http://wiki.pylonshq.com/display/pylonscookbook/Running+Pylons+with+NGINX?showComments=true#comments I just have no clue what to do with the Pylons app other than paster serve. Not sure if tehre is a different method.

Read the article
Forcing the GC to collect JNI proxy objects

- by SyBer

Hi. While I do my best to clean JNI objects to free native memory in the end of the usage, there are still some that hang around for a long time, wasting system native memory. Is there any way to force the GC to give priority in collection of these JNI proxies? I mean is there a way to cause GC to concentrate on a particular kind of object, namely the JNI proxies? Thanks.

Read the article

< Previous Page | 129 130 131 132 133 134 135 136 137 138 139 140 | Next Page >