Search Results

Search found 1104 results on 45 pages for 'authorization'.

Page 14/45 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

• sql count conditions

  - by user1311030

  there! I have this question, hope you guys can help me out. So i have this table with two fields: type and authorization in type i have 2 different values: Raid and Hold in authorization i have 2 different values: Accepted or Denied I need to make a view that returns values like this: TYPE:RAID ACCEPTED:5 DENIED:7 Basically i need to know how many of the values in TYPE are Raid, and then how many of them are Accepted and Denied. Thank you in advance!!

  Read the article

• Using a WebView widget to authorize access

  - by tunneling

  I am trying to access a server that requires authorization using the WebView widget in Android. I think it's the .htaccess type of authorization. I works with the default browser provided with the OS, but when I try it with a WebView.. it gives a 401 immediately. Any ideas on how I can have a WebView present the dialog to enter the user/pass (and remember it)? Thanks.

  Read the article

• Security in Software

  The term security has many meanings based on the context and perspective in which it is used. Security from the perspective of software/system development is the continuous process of maintaining confidentiality, integrity, and availability of a system, sub-system, and system data. This definition at a very high level can be restated as the following: Computer security is a continuous process dealing with confidentiality, integrity, and availability on multiple layers of a system. Key Aspects of Software Security Integrity Confidentiality Availability Integrity within a system is the concept of ensuring only authorized users can only manipulate information through authorized methods and procedures. An example of this can be seen in a simple lead management application.  If the business decided to allow each sales member to only update their own leads in the system and sales managers can update all leads in the system then an integrity violation would occur if a sales member attempted to update someone else’s leads. An integrity violation occurs when a team member attempts to update someone else’s lead because it was not entered by the sales member.  This violates the business rule that leads can only be update by the originating sales member. Confidentiality within a system is the concept of preventing unauthorized access to specific information or tools.  In a perfect world the knowledge of the existence of confidential information/tools would be unknown to all those who do not have access. When this this concept is applied within the context of an application only the authorized information/tools will be available. If we look at the sales lead management system again, leads can only be updated by originating sales members. If we look at this rule then we can say that all sales leads are confidential between the system and the sales person who entered the lead in to the system. The other sales team members would not need to know about the leads let alone need to access it. Availability within a system is the concept of authorized users being able to access the system. A real world example can be seen again from the lead management system. If that system was hosted on a web server then IP restriction can be put in place to limit access to the system based on the requesting IP address. If in this example all of the sales members where accessing the system from the 192.168.1.23 IP address then removing access from all other IPs would be need to ensure that improper access to the system is prevented while approved users can access the system from an authorized location. In essence if the requesting user is not coming from an authorized IP address then the system will appear unavailable to them. This is one way of controlling where a system is accessed. Through the years several design principles have been identified as being beneficial when integrating security aspects into a system. These principles in various combinations allow for a system to achieve the previously defined aspects of security based on generic architectural models. Security Design Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation Privilege Least Common Mechanism Psychological Acceptability Defense in Depth Least Privilege Design PrincipleThe Least Privilege design principle requires a minimalistic approach to granting user access rights to specific information and tools. Additionally, access rights should be time based as to limit resources access bound to the time needed to complete necessary tasks. The implications of granting access beyond this scope will allow for unnecessary access and the potential for data to be updated out of the approved context. The assigning of access rights will limit system damaging attacks from users whether they are intentional or not. This principle attempts to limit data changes and prevents potential damage from occurring by accident or error by reducing the amount of potential interactions with a resource. Fail-Safe Defaults Design PrincipleThe Fail-Safe Defaults design principle pertains to allowing access to resources based on granted access over access exclusion. This principle is a methodology for allowing resources to be accessed only if explicit access is granted to a user. By default users do not have access to any resources until access has been granted. This approach prevents unauthorized users from gaining access to resource until access is given. Economy of Mechanism Design PrincipleThe Economy of mechanism design principle requires that systems should be designed as simple and small as possible. Design and implementation errors result in unauthorized access to resources that would not be noticed during normal use. Complete Mediation Design PrincipleThe Complete Mediation design principle states that every access to every resource must be validated for authorization. Open Design Design PrincipleThe Open Design Design Principle is a concept that the security of a system and its algorithms should not be dependent on secrecy of its design or implementation Separation Privilege Design PrincipleThe separation privilege design principle requires that all resource approved resource access attempts be granted based on more than a single condition. For example a user should be validated for active status and has access to the specific resource. Least Common Mechanism Design PrincipleThe Least Common Mechanism design principle declares that mechanisms used to access resources should not be shared. Psychological Acceptability Design PrincipleThe Psychological Acceptability design principle refers to security mechanisms not make resources more difficult to access than if the security mechanisms were not present Defense in Depth Design PrincipleThe Defense in Depth design principle is a concept of layering resource access authorization verification in a system reduces the chance of a successful attack. This layered approach to resource authorization requires unauthorized users to circumvent each authorization attempt to gain access to a resource. When designing a system that requires meeting a security quality attribute architects need consider the scope of security needs and the minimum required security qualities. Not every system will need to use all of the basic security design principles but will use one or more in combination based on a company’s and architect’s threshold for system security because the existence of security in an application adds an additional layer to the overall system and can affect performance. That is why the definition of minimum security acceptably is need when a system is design because this quality attributes needs to be factored in with the other system quality attributes so that the system in question adheres to all qualities based on the priorities of the qualities. Resources: Barnum, Sean. Gegick, Michael. (2005). Least Privilege. Retrieved on August 28, 2011 from https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/principles/351-BSI.html Saltzer, Jerry. (2011). BASIC PRINCIPLES OF INFORMATION PROTECTION. Retrieved on August 28, 2011 from  http://web.mit.edu/Saltzer/www/publications/protection/Basic.html Barnum, Sean. Gegick, Michael. (2005). Defense in Depth. Retrieved on August 28, 2011 from  https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/principles/347-BSI.html Bertino, Elisa. (2005). Design Principles for Security. Retrieved on August 28, 2011 from  http://homes.cerias.purdue.edu/~bhargav/cs526/security-9.pdf

  Read the article

• Combining Shared Secret and Certificates

  - by Michael Stephenson

  As discussed in the introduction article this walkthrough will explain how you can implement WCF security with the Windows Azure Service Bus to ensure that you can protect your endpoint in the cloud with a shared secret but also combine this with certificates so that you can identify the sender of the message.   Prerequisites As in the previous article before going into the walk through I want to explain a few assumptions about the scenario we are implementing but to keep the article shorter I am not going to walk through all of the steps in how to setup some of this. In the solution we have a simple console application which will represent the client application. There is also the services WCF application which contains the WCF service we will expose via the Windows Azure Service Bus. The WCF Service application in this example was hosted in IIS 7 on Windows 2008 R2 with AppFabric Server installed and configured to auto-start the WCF listening services. I am not going to go through significant detail around the IIS setup because it should not matter in relation to this article however if you want to understand more about how to configure WCF and IIS for such a scenario please refer to the following paper which goes into a lot of detail about how to configure this. The link is: http://tinyurl.com/8s5nwrz   Setting up the Certificates To keep the post and sample simple I am going to use the local computer store for all certificates but this bit is really just the same as setting up certificates for an example where you are using WCF without using Windows Azure Service Bus. In the sample I have included two batch files which you can use to create the sample certificates or remove them. Basically you will end up with: A certificate called PocServerCert in the personal store for the local computer which will be used by the WCF Service component A certificate called PocClientCert in the personal store for the local computer which will be used by the client application A root certificate in the Root store called PocRootCA with its associated revocation list which is the root from which the client and server certificates were created   For the sample Im just using development certificates like you would normally, and you can see exactly how these are configured and placed in the stores from the batch files in the solution using makecert and certmgr.   The Service Component To begin with let's look at the service component and how it can be configured to listen to the service bus using a shared secret but to also accept a username token from the client. In the sample the service component is called Acme.Azure.ServiceBus.Poc.Cert.Services. It has a single service which is the Visual Studio template for a WCF service when you add a new WCF Service Application so we have a service called Service1 with its Echo method. Nothing special so far!.... The next step is to look at the web.config file to see how we have configured the WCF service. In the services section of the WCF configuration you can see I have created my service and I have created a local endpoint which I simply used to do a little bit of diagnostics and to check it was working, but more importantly there is the Windows Azure endpoint which is using the ws2007HttpRelayBinding (note that this should also work just the same if your using netTcpRelayBinding). The key points to note on the above picture are the service behavior called MyServiceBehaviour and the service bus endpoints behavior called MyEndpointBehaviour. We will go into these in more detail later.   The Relay Binding The relay binding for the service has been configured to use the TransportWithMessageCredential security mode. This is the important bit where the transport security really relates to the interaction between the service and listening to the Azure Service Bus and the message credential is where we will use our certificate like we have specified in the message/clientCrentialType attribute. Note also that we have left the relayClientAuthenticationType set to RelayAccessToken. This means that authentication will be made against ACS for accessing the service bus and messages will not be accepted from any sender who has not been authenticated by ACS.   The Endpoint Behaviour In the below picture you can see the endpoint behavior which is configured to use the shared secret client credential for accessing the service bus and also for diagnostic purposes I have included the service registry element.     Hopefully if you are familiar with using Windows Azure Service Bus relay feature the above is very familiar to you and this is a very common setup for this section. There is nothing specific to the username token implementation here. The Service Behaviour Now we come to the bit with most of the certificate stuff in it. When you configure the service behavior I have included the serviceCredentials element and then setup to use the clientCertificate check and also specifying the serviceCertificate with information on how to find the servers certificate in the store.     I have also added a serviceAuthorization section where I will implement my own authorization component to perform additional security checks after the service has validated that the message was signed with a good certificate. I also have the same serviceSecurityAudit configuration to log access to my service. My Authorization Manager The below picture shows you implementation of my authorization manager. WCF will eventually hand off the message to my authorization component before it calls the service code. This is where I can perform some logic to check if the identity is allowed to access resources. In this case I am simple rejecting messages from anyone except the PocClientCertificate.     The Client Now let's take a look at the client side of this solution and how we can configure the client to authenticate against ACS but also send a certificate over to the service component so it can implement additional security checks on-premise. I have a console application and in the program class I want to use the proxy generated with Add Service Reference to send a message via the Azure Service Bus. You can see in my WCF client configuration below I have setup my details for the azure service bus url and am using the ws2007HttpRelayBinding.   Next is my configuration for the relay binding. You can see below I have configured security to use TransportWithMessageCredential so we will flow the token from a certificate with the message and also the RelayAccessToken relayClientAuthenticationType which means the component will validate against ACS before being allowed to access the relay endpoint to send a message.     After the binding we need to configure the endpoint behavior like in the below picture. This contains the normal transportClientEndpointBehaviour to setup the ACS shared secret configuration but we have also configured the clientCertificate to look for the PocClientCert.     Finally below we have the code of the client in the console application which will call the service bus. You can see that we have created our proxy and then made a normal call to a WCF in exactly the normal way but the configuration will jump in and ensure that a token is passed representing the client certificate.     Conclusion As you can see from the above walkthrough it is not too difficult to configure a service to use both a shared secret and certificate based token at the same time. This gives you the power and protection offered by the access control service in the cloud but also the ability to flow additional tokens to the on-premise component for additional security features to be implemented. Sample The sample used in this post is available at the following location: https://s3.amazonaws.com/CSCBlogSamples/Acme.Azure.ServiceBus.Poc.Cert.zip

  Read the article

• I can't shut down nor reboot without console

  - by jgomo3

  After update from 11.04 to 11.10 an wired conduct appears in my machine: Shutdown GUI methods (including reboot) cause only a log off, and in the login screen, shutdown nor reboot options do anything (if you wonder, reboot appears in the shutdown dialog). The only way i can reboot or shutdown is trough console sudo shutdown -h now or sudo reboot. This is OK for me, but not for the rest of the users. How to fix this? Update The syslog output when select shutdown from my desktop is: AptDaemon: INFO: Quitting due to inactivity AptDaemon: INFO: Quitting was requested CRON[5095]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib/php5/maxlifetime) ! -execdir fuser -s {} 2>/dev/null \; -delete) CRON[5094]: (root) MAIL (mailed 1 byte of output; but got status 0x00ff, #012) kernel: [17027.614974] psmouse.c: TouchPad at isa0060/serio4/input0 lost sync at byte 1 kernel: [17027.616510] psmouse.c: TouchPad at isa0060/serio4/input0 lost sync at byte 1 kernel: [17027.618037] psmouse.c: TouchPad at isa0060/serio4/input0 lost sync at byte 1 kernel: [17027.619557] psmouse.c: TouchPad at isa0060/serio4/input0 lost sync at byte 1 kernel: [17027.621046] psmouse.c: TouchPad at isa0060/serio4/input0 lost sync at byte 1 kernel: [17027.621051] psmouse.c: issuing reconnect request acpid: client 1032[0:0] has disconnected acpid: client connected from 1032[0:0] acpid: 1 client rule loaded gnome-session[1836]: WARNING: Unable to stop system: Authorization is required acpid: client 1032[0:0] has disconnected acpid: client connected from 6055[0:0] acpid: 1 client rule loaded rtkit-daemon[1313]: Successfully made thread 6134 of process 6134 (n/a) owned by '119' high priority at nice level -11. rtkit-daemon[1313]: Supervising 4 threads of 2 processes of 2 users. rtkit-daemon[1313]: Successfully made thread 6139 of process 6134 (n/a) owned by '119' RT at priority 5. rtkit-daemon[1313]: Supervising 5 threads of 2 processes of 2 users. rtkit-daemon[1313]: Successfully made thread 6140 of process 6134 (n/a) owned by '119' RT at priority 5. rtkit-daemon[1313]: Supervising 6 threads of 2 processes of 2 users. I suspect that the line gnome-session[1836]: WARNING: Unable to stop system: Authorization is required is related to the issue. When selecting shutdown from the login screen, the output is the same from the line pointed. This is the output: gnome-session[1836]: WARNING: Unable to stop system: Authorization is required acpid: client 1032[0:0] has disconnected acpid: client connected from 6055[0:0] acpid: 1 client rule loaded rtkit-daemon[1313]: Successfully made thread 6134 of process 6134 (n/a) owned by '119' high priority at nice level -11. rtkit-daemon[1313]: Supervising 4 threads of 2 processes of 2 users. rtkit-daemon[1313]: Successfully made thread 6139 of process 6134 (n/a) owned by '119' RT at priority 5. rtkit-daemon[1313]: Supervising 5 threads of 2 processes of 2 users. rtkit-daemon[1313]: Successfully made thread 6140 of process 6134 (n/a) owned by '119' RT at priority 5. rtkit-daemon[1313]: Supervising 6 threads of 2 processes of 2 users. acpid: client 6055[0:0] has disconnected acpid: client connected from 6055[0:0] acpid: 1 client rule loaded

  Read the article

• WebClient on WP7 - Throw "A request with this method cannot have a request body"

  - by Peter Hansen

  If I execute this code in a Consoleapp it works fine: string uriString = "http://url.com/api/v1.0/d/" + Username + "/some?amount=3&offset=0"; WebClient wc = new WebClient(); wc.Headers["Content-Type"] = "application/json"; wc.Headers["Authorization"] = AuthString.Replace("\\", ""); string responseArrayKvitteringer = wc.DownloadString(uriString); Console.WriteLine(responseArrayKvitteringer); But if I move the code to my WP7 project like this: string uriString = "http://url.com/api/v1.0/d/" + Username + "/some?amount=3&offset=0"; WebClient wc = new WebClient(); wc.Headers["Content-Type"] = "application/json"; wc.Headers["Authorization"] = AuthString.Replace("\\", ""); wc.DownloadStringCompleted += new DownloadStringCompletedEventHandler(wc_DownloadStringCompleted); wc.DownloadStringAsync(new Uri(uriString)); void wc_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e) { MessageBox.Show(e.Result); } I got the exception: A request with this method cannot have a request body. Why? The solution is to remove the Content-type: string uriString = "http://url.com/api/v1.0/d/" + Username + "/some?amount=3&offset=0"; WebClient wc = new WebClient(); //wc.Headers["Content-Type"] = "application/json"; wc.Headers["Authorization"] = AuthString.Replace("\\", ""); wc.DownloadStringCompleted += new DownloadStringCompletedEventHandler(wc_DownloadStringCompleted); wc.DownloadStringAsync(new Uri(uriString)); void wc_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e) { MessageBox.Show(e.Result); }

  Read the article

• How to pass a random User/Pass (for Basic Authentication) with JMeter?

  - by Pure.Krome

  Hi folks, I'm using JMeter to stress test an API. I've got Basic Authentication set up - seems to be working great. Now, i'm trying to randomize the credentials that JMeter passes across the wire. So, there's two ways I know I can do this. Add a custom HTTP Header (via an HTTP Header Manager Element) and set then value to the random fields (ie. something I've read in from a csv file) Use the HTTP Authorization Manager Element and pass in the username and password there. Now, if I try and use method (1) above, I need to create the following header/data :- Authorization: Basic <some Base64 encoded string in the format username:password> eg. Authorization: Basic OnVzZXIxOnBhc3Mx Kewl. simple. BUT that header value is not getting passed across the wire :( I can add any other header type and it's passed across the wire.. hmm .. ok then .. lets try method (2). Now that works .. but I can only hardcode in the username & password. I can't see how I can pass in a username VARIABLE (ie. ${usernmae} ) or a password VARIABLE (ie. ${password} ).... If it's hardcoded, then the server correctly replies with the correct page/data. so .. can someone please help?

  Read the article

• Selective replication with CouchDB

  - by FRotthowe

  I'm currently evaluating possible solutions to the follwing problem: A set of data entries must be synchonized between multiple clients, where each client may only view (or even know about the existence of) a subset of the data. Each client "owns" some of the elements, and the decision who else can read or modify those elements may only be made by the owner. To complicate this situation even more, each element (and each element revision) must have an unique identifier that is equal for all clients. While the latter sounds like a perfect task for CouchDB (and a document based data model would fit my needs perfectly), I'm not sure if the authentication/authorization subsystem of CouchDB can handle these requirements: While it should be possible to restict write access using validation functions, there doesn't seem to be a way to authorize read access. All solutions I've found for this problem propose to route all CouchDB requests through a proxy (or an application layer) that handles authorization. So, the question is: Is it possible to implement an authorization layer that filters requests to the database so that access is granted only to documents that the requesting client has read access to and still use the replication mechanism of CouchDB? Simplified, this would be some kind of "selective replication" where only some of the documents, and not the whole database is replicated. I would also be thankful for directions to some detailed information about how replication works. The CouchDB wiki and even the "Definite Guide" Book are not too specific about that.

  Read the article

• How to tell if leaving iOS app entered foreground from fast-app switching or manually?

  - by JPK

  Is there a way to tell if an iOS app enters the foreground from fast-app switching or manually? I need to know by the time applicationWillEnterForeground is called, so some specific code can be executed (or not executed) depending on the condition in which the app entered the foreground. EDIT: It turned out that this was more of a design issue for me. I moved my code to applicationDidBecomeActive. I also added a BOOL property to the appDelegate called fastAppSwitching (probably the wrong name for it). I set this to YES in application:handleOpenURL and application:openURL:sourceApplication:annotation. Then I added the following code to application:didFinishLaunchingWithOptions: if (launchOptions) { self.fastAppSwitching = YES; } else { self.fastAppSwitching = NO; } In applicationDidBecomeActive, I used the following code: if (fastAppSwitching == YES) { self.fastAppSwitching = NO; //stop, don't go any further } else { ... } EDIT2: MaxGabriel makes a good point below: "Just a warning to others taking the solution described here, applicationDidBecomeActive: is called when the user e.g. ignores a phone call or text message, unlike applicationWillEnterForeground". This is actually also true for in-app purchases and Facebook in-app authorization (new in iOS 6). So, with some further testing, this is the current solution: Add a new Bool called passedThroughWillEnterForeground. In applicationWillResignActive: self.passedThroughWillEnterForeground = NO; In applicationDidEnterBackground: self.passedThroughWillEnterForeground = NO; In applicationWillEnterForeground: self.passedThroughWillEnterForeground = YES; In applicationDidBecomeActive: if (passedThroughWillEnterForeground) { //we are NOT returning from 6.0 (in-app) authorization dialog or in-app purchase dialog, etc //do nothing with this BOOL - just reset it self.passedThroughWillEnterForeground = NO; } else { //we ARE returning from 6.0 (in-app) authorization dialog or in-app purchase dialog - IE //This is the same as fast-app switching in our book, so let's keep it simple and use this to set that self.fastAppSwitching = YES; } if (fastAppSwitching == YES) { self.fastAppSwitching = NO; } else { ... } EDIT3: I think we also need a bool to tell if app was launched from terminated.

  Read the article

• MMC and Server Manager Authentication Errors - Access Denied

  - by Vazgen

  I'm trying to connect remotely from my Windows 8 client to manage my Hyper-V Server 2012. I have done everything I can find to configure remote management of the server including: Added a net user on server Enabled anonymous dcom access on server and client Added firewall rules for "Windows Firewall Remote Management" and "Windows Management Instrumentation (WMI)" on server Added firewall exception on server for client IP Added cmdkey on client Added server to TrustedHost list on client Added LocalAccountTokenFilter policy registry entry on server Added client IP to server's host file Added server IP to client's host file I cannot believe I am still getting these errors. What's even more strange is that I can connect in Hyper-V Manager and create VM's but not in MMC and Server Manager. I also get Access Denied trying to Open the Authorization Store on my server from my client using Authorization Manager. I'm providing all the errors because I have a feeling they root from the same problem. Does anybody see anything I missed?

  Read the article

• FreeNX Server w/ nxagent 3.5 not able to create shadow sessions

  - by Jenna Whitehouse

  I am running a FreeNX server on Ubuntu 11.10 and am unable to do session shadowing. I get the authorization prompt, but the shadow client crashes after. The NX server log in the user's .nx directory is as follows: Error: Aborting session with 'Server is already active for display 3000 If this server is no longer running, remove /tmp/.X3000-lock and start again'. Session: Aborting session at 'Mon Oct 1 14:26:44 2012'. Session: Session aborted at 'Mon Oct 1 14:26:44 2012'. This then deletes the lock file, which is the lock file for the initial Unix session and crashes out. Everything works for a normal session, and shadowing works up to the authorization prompt. I am using this software: Ubuntu 11.10 freenx-server 0.7.3.zgit.120322.977c28d-0~ppa11 nx-common 0.7.3.zgit.120322.977c28d-0~ppa11 nxagent 1:3.5.0-1-2-0ubuntu1ppa8 nxlibs 1:3.5.0-1-2-0ubuntu1ppa8 Any help is appreciated, thanks!

  Read the article

• Cisco login on-failure using syslog doesn't show username on failure?

  - by Jim

  interesting issue I am running into. I am trying to get syslog rmeote logging working with a Cisco switch. i have it working and logging for both on-success and on-failure. However when it is a failed login attempt it does not show the user name that tried to log in in the logs? Here is what the log looks like after a failed login: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: ] [Source: 10.0. 0.6] [localport: 23] [Reason: Login Authentication Failed] Here is what I ahve in the sh run: login block-for 60 attempts 3 within 60 login delay 1 login on-failure log login on-success log archive log config logging enable notify syslog contenttype plaintext logging trap notifications logging facility local4 logging 10.0.0.8 aaa new-model aaa authentication login default local group tacacs+ aaa authorization config-commands aaa authorization exec default local group tacacs+

  Read the article

• how to manage credentials/access to multiple ssh servers

  - by geoaxis

  I would like to make a script which can maintain multiple servers via SSH. I want to control the authentication/authorization in such a manner that authentication is done by gateway and any other access is routed through this ssh server to internal services without any further authentication/authorization requirements. So if a user A can log into server_1 for example. He can then ssh to server_2 without any other authentication and do what ever he is allowed to do on server_2 (like shut down mysql, upgrade it and restart it. This could be done via some remote shell script). The problem that I am trying to solve is to come up with a deployment script for a JavaEE system which involves databases and tomcat instances. They need to be shutdown and re-spawned. The requirement is to have a deployment script which has minimal human interaction as possible for both developers and operation.

  Read the article

• ASPX code too run query

  - by Akoori

  I have web.config like below : </appSettings> <authentication mode="Windows" /> <authorization> <allow users="*" /> <!-- Allow all users --> </authorization> <trace enabled="false" requestLimit="10" pageOutput="false" traceMode="SortByTime" localOnly="true" /> <sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" sqlConnectionString="data source=127.0.0.1;Trusted_Connection=yes" ****ieless="false" timeout="30" /> <globalization requestEncoding="utf-8" responseEncoding="utf-8" / I need an aspx code to run query with this connection string that there in this web.config Regards

  Read the article

• Issue with translating a delegate function from c# to vb.net for use with Google OAuth 2

  - by Jeremy

  I've been trying to translate a Google OAuth 2 example from C# to Vb.net for a co-worker's project. I'm having on end of issues translating the following methods: private OAuth2Authenticator<WebServerClient> CreateAuthenticator() { // Register the authenticator. var provider = new WebServerClient(GoogleAuthenticationServer.Description); provider.ClientIdentifier = ClientCredentials.ClientID; provider.ClientSecret = ClientCredentials.ClientSecret; var authenticator = new OAuth2Authenticator<WebServerClient>(provider, GetAuthorization) { NoCaching = true }; return authenticator; } private IAuthorizationState GetAuthorization(WebServerClient client) { // If this user is already authenticated, then just return the auth state. IAuthorizationState state = AuthState; if (state != null) { return state; } // Check if an authorization request already is in progress. state = client.ProcessUserAuthorization(new HttpRequestInfo(HttpContext.Current.Request)); if (state != null && (!string.IsNullOrEmpty(state.AccessToken) || !string.IsNullOrEmpty(state.RefreshToken))) { // Store and return the credentials. HttpContext.Current.Session["AUTH_STATE"] = _state = state; return state; } // Otherwise do a new authorization request. string scope = TasksService.Scopes.TasksReadonly.GetStringValue(); OutgoingWebResponse response = client.PrepareRequestUserAuthorization(new[] { scope }); response.Send(); // Will throw a ThreadAbortException to prevent sending another response. return null; } The main issue being this line: var authenticator = new OAuth2Authenticator<WebServerClient>(provider, GetAuthorization) { NoCaching = true }; The Method signature reads as for this particular line reads as follows: Public Sub New(tokenProvider As TClient, authProvider As System.Func(Of TClient, DotNetOpenAuth.OAuth2.IAuthorizationState)) My understanding of Delegate functions in VB.net isn't the greatest. However I have read over all of the MSDN documentation and other relevant resources on the web, but I'm still stuck as to how to translate this particular line. So far all of my attempts have resulted in either the a cast error (see below) or no call to GetAuthorization. The Code (vb.net on .net 3.5) Private Function CreateAuthenticator() As OAuth2Authenticator(Of WebServerClient) ' Register the authenticator. Dim client As New WebServerClient(GoogleAuthenticationServer.Description, oauth.ClientID, oauth.ClientSecret) Dim authDelegate As Func(Of WebServerClient, IAuthorizationState) = AddressOf GetAuthorization Dim authenticator = New OAuth2Authenticator(Of WebServerClient)(client, authDelegate) With {.NoCaching = True} 'Dim authenticator = New OAuth2Authenticator(Of WebServerClient)(client, GetAuthorization(client)) With {.NoCaching = True} 'Dim authenticator = New OAuth2Authenticator(Of WebServerClient)(client, New Func(Of WebServerClient, IAuthorizationState)(Function(c) GetAuthorization(c))) With {.NoCaching = True} 'Dim authenticator = New OAuth2Authenticator(Of WebServerClient)(client, New Func(Of WebServerClient, IAuthorizationState)(AddressOf GetAuthorization)) With {.NoCaching = True} Return authenticator End Function Private Function GetAuthorization(arg As WebServerClient) As IAuthorizationState ' If this user is already authenticated, then just return the auth state. Dim state As IAuthorizationState = AuthState If (Not state Is Nothing) Then Return state End If ' Check if an authorization request already is in progress. state = arg.ProcessUserAuthorization(New HttpRequestInfo(HttpContext.Current.Request)) If (state IsNot Nothing) Then If ((String.IsNullOrEmpty(state.AccessToken) = False Or String.IsNullOrEmpty(state.RefreshToken) = False)) Then ' Store Credentials HttpContext.Current.Session("AUTH_STATE") = state _state = state Return state End If End If ' Otherwise do a new authorization request. Dim scope As String = AnalyticsService.Scopes.AnalyticsReadonly.GetStringValue() Dim _response As OutgoingWebResponse = arg.PrepareRequestUserAuthorization(New String() {scope}) ' Add Offline Access and forced Approval _response.Headers("location") += "&access_type=offline&approval_prompt=force" _response.Send() ' Will throw a ThreadAbortException to prevent sending another response. Return Nothing End Function The Cast Error Server Error in '/' Application. Unable to cast object of type 'DotNetOpenAuth.OAuth2.AuthorizationState' to type 'System.Func`2[DotNetOpenAuth.OAuth2.WebServerClient,DotNetOpenAuth.OAuth2.IAuthorizationState]'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.InvalidCastException: Unable to cast object of type 'DotNetOpenAuth.OAuth2.AuthorizationState' to type 'System.Func`2[DotNetOpenAuth.OAuth2.WebServerClient,DotNetOpenAuth.OAuth2.IAuthorizationState]'. I've spent the better part of a day on this, and it's starting to drive me nuts. Help is much appreciated.

  Read the article

• TDE Tablespace Encryption 11.2.0.1 Certified with EBS 12

  - by Steven Chan

  Oracle Advanced Security is an optional licenced Oracle 11g Database add-on.  Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features:  column encryption and tablespace encryption.  11.2.0.1 TDE Column encryption was certified with E-Business Suite 12 as part of our overall 11.2.0.1 database certification.  As of today, 11.2.0.1 TDE Tablespace encryption is now certified with Oracle E-Business Suite Release 12. What is Transparent Data Encryption (TDE) ? Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers. TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.

  Read the article

• Silverlight Cream for April 23, 2010 -- #845

  - by Dave Campbell

  In this Issue: Jason Allor, Bill Reiss, Mike Snow, Tim Heuer, John Papa, Jeremy Likness, and Dave Campbell. Shoutouts: You saw it at MIX10 and DevConnections... now you can give it a dance, John Papa announced eBay Simple Lister Beta Now Available Mike Snow posted some info about and a link to his new Flickr/Bing/Google High End Image Viewer and he's looking for feedback From SilverlightCream.com: Hierarchical Data Trees With A Custom DataSource Jason Allor is rounding out a series here in his new blog (bookmark it), and he's created his own custom HierarchicalDataSource class for use with the TreeView. Space Rocks game step 11: Start level logic Bill Reiss has Episode 11 up in his Space Rocks game ... working on NewGame and start level logic Silverlight Tip of the Day #3 – Mouse Right Clicks Mike Snow has Tip 3 up ... about handling right-mouse clicks in Silverlight 4 -- oh yeah, we got right mouse now ... grab Mike's project to check it out. Silverlight 4 enables Authorization header modification Tim Heuer talks about the ability to modify the Authorization header in network calls with Silverlight 4. He gives not only the quick-and-dirty of how to use it, but has some good examples, code, and code results for show and tell. WCF RIA Services - Hands On Lab John Papa built a bookstore app in roughly 10 minutes in the keynote at DevConnections. He now has a tutorial on doing just that plus all the code up. Transactions with MVVM Not strictly Silverlight (or WPF), but Jeremy Likness has an interesting article up on MVVM and transaction processing. Read the post then grab his helper class. Your First Windows Phone 7 Application As with the First Silverlight App a couple weeks ago, if you've got any WP7 experience at all, just keep going... this is for folks that have not looked at it yet, have not downloaded anything... oh, and it's by Dave Campbell Stay in the 'Light! Twitter SilverlightNews | Twitter WynApse | WynApse.com | Tagged Posts | SilverlightCream Join me @ SilverlightCream | Phoenix Silverlight User Group Technorati Tags: Silverlight    Silverlight 3    Silverlight 4    Windows Phone MIX10

  Read the article

• Inheritance versus Composition in a business application

  - by ProfK

  I have a training management and tracking system, with a high level structure as follows: We have a Role1, e.g. Manager, Shift-boss, miner, etc. and a Candidate, training for that Role. The role has a list of courses and their subjects the candidate needs to complete to qualify for the role. Candidate has a TrainingHistory attribute, containing the courses and subjects they have completed, their results, and the date completed. Now I see it as a TrainingHistoryCourse is-a Course, extended to add DateCompleted etc. but something is nagging at me to rather use something like a TrainingHistoryRecord that has-a Course. How can I further analyse this to determine which pattern to use? Then, a Role has a list of RoleTask definitions that the Candidate must be observed practising, and a Candidate has a history of RoleTaskObservation objects recording their performance at these tasks. This is very similar to the course/subject requirement and history pattern for the candidate, except for one less hierarchical level, but, a RoleTaskObservation clearly does not have an is-a relationship with RoleTask, unless I block my nose and rather use ObservedRoleTask. I would prefer to use the same pattern for both subject/course and task/observation structures, but I think that would force me to adopt a composition pattern for TrainingHistoryCourse. What is the wisdom here? Always inherit where possible and validated by a solid is-a association, or always favour composition wherever possible? 1 Client specified this to be called JobTitle, but he isn't writing the app, and a JobTitle is only one attribute of a Role. Authorization roles are handled by the DevExpress framework and its customization hooks, so there would be very little little confusion between a business Role in my domain objects and an authorization role in lower level, framework code.

  Read the article

• Recommended Approach to Secure your ADFdi Spreadsheets

  - by juan.ruiz

  ADF desktop integration leverages ADF security to provide access to published spreadsheets within your application. In this article I discussed a good security practice for your existing as well as any new spreadsheets that you create. ADF Desktop integration uses the adfdiRemoteServlet to process and send request back and fort from and to the ADFmodel which is allocated in the Java EE container where our application is deployed. In other words this is one of the entry points to the application server. Having said that, we need to make sure that container-based security is provided to avoid vulnerabilities. So what is needed? For existing an new ADFdi applications you need to create a Security Constraint for the ADFdi servlet on the Web.xml file of our application. Fortunately JDeveloper 11g provides a nice visual editor to do this. Open the web.xml file and go to the security category Add a new Web Resource Collection give it a meaningful name and on the URL Pattern add /adfdiRemoteServlet click on the Authorization tab and make sure the valid-users  role is selected for authorization and Voila! your application now is more secured.

  Read the article

• You Need BRM When You have EBS – and Even When You Don’t!

  - by bwalstra

  Here is a list of criteria to test your business-systems (Oracle E-Business Suite, EBS) or otherwise to support your lines of digital business - if you score low, you need Oracle Billing and Revenue Management (BRM). Functions Scalability High Availability (99.999%) Performance Extensibility (e.g. APIs, Tools) Upgradability Maintenance Security Standards Compliance Regulatory Compliance (e.g. SOX) User Experience Implementation Complexity Features Customer Management Real-Time Service Authorization Pricing/Promotions Flexibility Subscriptions Usage Rating and Pricing Real-Time Balance Mgmt. Non-Currency Resources Billing & Invoicing A/R & G/L Payments & Collections Revenue Assurance Integration with Key Enterprise Applications Reporting Business Intelligence Order & Service Mgmt (OSM) Siebel CRM E-Business Suite On-/Off-line Mediation Payment Processing Taxation Royalties & Settlements Operations Management Disaster Recovery Overall Evaluation Implementation Configuration Extensibility Maintenance Upgradability Functional Richness Feature Richness Usability OOB Integrations Operations Management Leveraging Oracle Technology Overall Fit for Purpose You need Oracle BRM: Built for high-volume transaction processing Monetizes any service or event based on any metric Supports high-volume usage rating, pricing and promotions Provides real-time charging, service authorization and balance management Supports any account structure (e.g. corporate hierarchies etc.) Scales from low volumes to extremely high volumes of transactions (e.g. billions of trxn per hour) Exposes every single function via APIs (e.g. Java, C/C++, PERL, COM, Web Services, JCA) Immediate Business Benefits of BRM: Improved business agility and performance Supports the flexibility, innovation, and customer-centricity required for current and future business models Faster time to market for new products and services Supports 360 view of the customer in real-time – products can be launched to targeted customers at a record-breaking pace Streamlined deployment and operation Productized integrations, standards-based APIs, and OOB enablement lower deployment and maintenance costs Extensible and scalable solution Minimizes risk – initial phase deployed rapidly; solution extended and scaled seamlessly per business requirements Key Considerations Productized integration with key Oracle applications Lower integration risks and cost Efficient order-to-cash process Engineered solution – certification on Exa platform Exadata tested at PayPal in the re-platforming project Optimal performance of Oracle assets on Oracle hardware Productized solution in Rapid Offer Design and Order Delivery Fast offer design and implementation Significantly shorter order cycle time Productized integration with Oracle Enterprise Manager Visibility to system operability for optimal up time

  Read the article

• Thinktecture.IdentityServer Beta 1

  - by Your DisplayName here!

  I just upload beta 1 to codeplex. Please test this version and give me feedback. Some quick notes on setup Watch the intro screencast on the codeplex site. Use the setup tool to set the signing and SSL certificate. You can now also set the ACLs on the private key for your worker pool account. IIS is required . SSL for the IIS site the STS runs in is required. Users of the STS must be in the 'IdentityServerUsers' role. Admins of the STS must be in the 'IdentityServerAdministrators' roles. What’s new? Mainly smaller bits and pieces and some refactoring. The biggest under the cover change is a new authorization model for the STS itself. If, e.g. you don’t like the new roles I introduced, you can easily change the behavior in the claims authorization manager in the STS web site project. What’s missing? The big one is Azure support. Not that I ran into unforeseeable problems here, I just wanted to wait until the on-premise version is more stabilized. Now with B1 I can start adding Azure support back.

  Read the article

• IIS Not Accepting Active Directory Login Credentials

  - by Dale Jay

  I have an ASP.NET web form using Microsoft's boilerplate Active Directory login page, set up exactly as suggested. Windows Authentication is activated on the "Default Website" and "MyWebsite" levels, and Domain\This.User is given "Allow" access to the site. After entering the valid credentials for This.User on the web form, a popup window appears asking me to enter my credentials yet again. Despite entering valid credentials for This.User (after attempting Domain\This.User and This.User formats), it rejects the credentials and returns an unauthorized security headers page (error 401.2). Active Directory user This.User is valid, the IP address of the AD server has been verified and SPN's have been set up for the server. Error Code: 0x80070005 Default Web Site security config: <system.web> <identity impersonate="true" /> <authentication mode="Windows" /> <customErrors mode="Off" /> <compilation debug="true" /> </system.web> Sub web site security <authentication mode="Windows"> <forms loginUrl="~/logon.aspx" timeout="2880" /> </authentication> <authorization> <deny users="?" /> <allow users="*" /> </authorization>

  Read the article

• Book Review&ndash;Getting Started With OAuth 2.0

  - by Lori Lalonde

  Getting Started With OAuth 2.0, by Ryan Boyd, provides an introduction to the latest version of the OAuth protocol. The author starts off by exploring the origins of OAuth, along with its importance, and why developers should care about it. The bulk of this book involves a discussion of the various authorization flows that developers will need to consider when developing applications that will incorporate OAuth to manage user access and authorization. The author explains in detail which flow is appropriate to use based on the application being developed, as well as how to implement each type with step-by-step examples. Note that the examples in the book are focused on the Google and Facebook APIs. Personally, I would have liked to see some examples with the Twitter API as well. In addition to that, the author also discusses security considerations, error handling (what is returned if the access request fails), and access tokens (when are access tokens refreshed, and how access can be revoked). This book provides a good starting point for those developers looking to understand what OAuth is and how they can leverage it within their own applications. The book wraps up with a list of tools and libraries that are available to further assist the developer in exploring the APIs supporting the OAuth specification. I highly recommend this book as a must-read for developers at all levels that have not yet been exposed to OAuth. The eBook format of this book was provided free through O'Reilly's Blogger Review program. This book can be purchased from the O'Reilly book store at: : http://shop.oreilly.com/product/0636920021810.do

  Read the article

• Bad previous code. To fix or not to fix?

  - by Viniyo Shouta

  As a freelancer programmer I am often asked to edit part of an application source code in order to add functionalities, fix bugs etc. While I'm on my adventure journey to study the source to do what I'm asked correctly I run into code like: World::User* GetWorld() { map<DWORD,World*>::iterator it = mapWld.find( m_userWorldId ) if( it != mapWld.end() ) return &it->second; return NULL; } if( pUser->GetWorld()->GetId() == 250 ) If I investigate further I end up finding that the DWORD class member of User, userWorldId can be a value non-found in the map mapWld, which will lead to a casuality as also known as crash! The obviously valid way to do it is: World* pWorld = pUser->GetWorld(); if( pWorld && pWorld->GetId() == 250 )//... Sometimes when it's something just 'small' I end up sort of 'fixing' it. But sometimes when I'm on a 500 thousand line source code and this kind of code is everywhere there is no much can do. The question is if it's politically correct to fix some of these things. Think of it; You are not paid to fix it. Perhaps you think it's right, but it was necessarily done that way for some reason and you should not be messing with it. You do not have authorization, you do not own the source and none of the copyrights belong to you. You have authorization to edit issues accordingly to the owners but you're in a hurry, you have many other projects to do, it's the end of the month, you must pay the bills. Sincerely, I think of it as seeing an animal die from a disease in front of you, you have the cure in your hands but you do nothing. What is the best to do in this scenario?

  Read the article

• Ubuntu 13.04 Sound Problem after following weird commands

  - by user206356

  After launching a few commands : echo autospawn = no >> ~/.config/pulse/client.conf #use ~/.pulse/client.conf on Ubuntu <= 12.10 killall pulseaudio $LANG=C pulseaudio -vvvv --log-time=1 > ~/pulseverbose.log 2>&1 My sound does not work. (just with the speakers, with headphones it works but I can not change the volume) The sound icon on the top right corner does show a speaker with a single non continuous line. I can not change the volume; it is frozen. There can be an extremely low output of the sound (I hear something but I am not sure...) It does not show a single output device that is avalaible, not even the "dummie". I have tried to reset pulseaudio, alsa, remove it, purging it, reinstalling it, without having success. EDIT: I have tried launching pulseaudio via the terminal. It worked :D However, I am very surprised why it does not automatically start at the start of the computer. Any ideas ? Here the console output : W: [pulseaudio] authkey.c: Failed to open cookie file '/home/simonm/.config/pulse/cookie': No such file or directory W: [pulseaudio] authkey.c: Failed to load authorization key '/home/simonm/.config/pulse/cookie': No such file or directory W: [pulseaudio] authkey.c: Failed to open cookie file '/home/simonm/.pulse-cookie': No such file or directory W: [pulseaudio] authkey.c: Failed to load authorization key '/home/simonm/.pulse-cookie': No such file or directory

  Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >