Search Results

Search found 54190 results on 2168 pages for 'http authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 14/2168 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • How to: SSH private key authentication on OS X

    - by dan
    Hi, I need to ssh into a linux box. The server admin gave me a public and private ssh key. When I'm trying to login with the private key the login times out ("Operation timed out"). I'm using this command to login: ssh -v -i /path/to/private_key host What would be the right way to login? Do I need the public key for authentication? Thanks for any help.

    Read the article

  • Nginx - basic http authentication on PHP-script

    - by half_bit
    I added a PHP-Script that serves as "cgi-bin", Configuration: location ~^/cgi-bin/.*\.(cgi|pl|py|rb) { gzip off; fastcgi_pass 127.0.0.1:9000; fastcgi_index cgi-bin.php; fastcgi_param SCRIPT_FILENAME /etc/nginx/cgi-bin.php; fastcgi_param SCRIPT_NAME /cgi-bin/cgi-bin.php; fastcgi_param X_SCRIPT_FILENAME /usr/lib/$fastcgi_script_name; fastcgi_param X_SCRIPT_NAME $fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param REMOTE_USER $remote_user; } PHP-Script: <?php $descriptorspec = array( 0 => array("pipe", "r"), // stdin is a pipe that the child will read from 1 => array("pipe", "w"), // stdout is a pipe that the child will write to 2 => array("pipe", "w") // stderr is a file to write to ); $newenv = $_SERVER; $newenv["SCRIPT_FILENAME"] = $_SERVER["X_SCRIPT_FILENAME"]; $newenv["SCRIPT_NAME"] = $_SERVER["X_SCRIPT_NAME"]; if (is_executable($_SERVER["X_SCRIPT_FILENAME"])) { $process = proc_open($_SERVER["X_SCRIPT_FILENAME"], $descriptorspec, $pipes, NULL, $newenv); if (is_resource($process)) { fclose($pipes[0]); $head = fgets($pipes[1]); while (strcmp($head, "\n")) { header($head); $head = fgets($pipes[1]); } fpassthru($pipes[1]); fclose($pipes[1]); fclose($pipes[2]); $return_value = proc_close($process); } else { header("Status: 500 Internal Server Error"); echo("Internal Server Error"); } } else { header("Status: 404 Page Not Found"); echo("Page Not Found"); } ?> The problem with it thought is that I cannot add basic authentication. As soon as I enable it for location ~/cgi-bin it gives me a 404 error when I try to look it up. How can I solve this? I thought about restricting access to only my second server where I then add basic authentication over a proxy, but there must be a simpler solution. Sorry for the bad title, I couldn't think of a better one.

    Read the article

  • Two way SSH authentication

    - by Saif Bechan
    I have installed ASL and it recommends me that I implement a two way SSH authentication. I have some questions about it. I understand the general idea that you need to login with both a key and a password. I am working from a laptop, what will happen if my laptop get's stolen. Will I never be able to login again??

    Read the article

  • Windows authentication skip for one folder and allow local domain's user

    - by Developer
    I have intranet application with windows authentication on it. Annonymous users are not allowed. Now i am trying to add one subfolder which should be allowed to local domain users too. I enabled "annonymous access" iis on that subfolder and that worked. but i am using AJAX(timer control) on one of page of that subfolder and when timer_ticks it gives "sys is undefined error". any idea to solve this issue? Thanks,

    Read the article

  • Certificate Authentication

    - by Steve McCall
    I am currently working on deploying a website for staff to use remotely and would like to make sure it is secure. I was thinking would it be possible to set up some kind of certificate authentication where I would generate a certificate and install it on their laptop so they could access the website? I don't really want them to generate the certificates themselves though as that could easily go wrong. How easy / possible is this and how do I go about doing it?

    Read the article

  • Is there any real benefit to using ASP.Net Authentication with ASP.Net MVC?

    - by alchemical
    I've been researching this intensely for the past few days. We're developing an ASP.Net MVC site that needs to support 100,000+ users. We'd like to keep it fast, scalable, and simple. We have our own SQL database tables for user and user_role, etc. We are not using server controls. Given that there are no server controls, and a custom membershipProvider would need to be created, where is there any benefit left to use ASP.Net Auth/Membership? The other alternative would seem to be to create custom code to drop a UniqueID CustomerID in a cookie and authenticate with that. Or, if we're paranoid about sniffers, we could encrypt the cookie as well. Is there any real benefit in this scenario (MVC and customer data is in our own tables) to using the ASP.Net auth/membership framework, or is the fully custom solution a viable route?

    Read the article

  • Is it possible to implement X-HTTP-Method-Override in ASP.NET MVC?

    - by Greg Beech
    I'm implementing a prototype of a RESTful API using ASP.NET MVC and apart from the odd bug here and there I've achieve all the requirements I set out at the start, apart from callers being able to use the X-HTTP-Method-Override custom header to override the HTTP method. What I'd like is that the following request... GET /someresource/123 HTTP/1.1 X-HTTP-Method-Override: DELETE ...would be dispatched to my controller method that implements the DELETE functionality rather than the GET functionality for that action (assuming that there are multiple methods implementing the action, and that they are marked with different [AcceptVerbs] attributes). So, given the following two methods, I would like the above request to be dispatched to the second one: [ActionName("someresource")] [AcceptVerbs(HttpVerbs.Get)] public ActionResult GetSomeResource(int id) { /* ... */ } [ActionName("someresource")] [AcceptVerbs(HttpVerbs.Delete)] public ActionResult DeleteSomeResource(int id) { /* ... */ } Does anybody know if this is possible? And how much work would it be to do so...?

    Read the article

  • how to configure Firefox to automatically reuse the login credentials like IE

    - by Black Eagle
    Multiple HTTP Authentication Prompts in Firefox We are currently working on porting our application from Internet Explorer to Firefox and the application currently uses HTTP Digest Authentication. In case of Internet Explorer, the popup dialog to enter the Username/password appears only once and the entered login credentials are reused for subsequent HTTP requests to the web server. However in case of Firefox, the Authentication popups appears whenever the request is made to the Web Server. The Web Server used is Emweb Server. We would like to know how to configure Firefox to automatically reuse the login credentials like IE.

    Read the article

  • Trying to use Digest Authentication for Folder Protection

    - by Jon Hazlett
    StackOverflow users suggested I try my question here. I'm using Server 2008 EE and IIS 7. I've got a site that I've migrated over from XP Pro using IIS 5. On the old system, I was using IIS Password to use simple .htaccess files to control a couple of folders that I didn't want to be publicly viewable. Now that I'm running a full-blown DC with a more powerful version of IIS, I decided it'd be a good idea to start using something slightly more sophisticated. After doing my research and trying to keep things as cheap as possible with a touch of extra security, I decided that Digest Authentication would be the best way to go. My issue is this: With Anon access disabled and Digest enabled, I am never prompted for credentials. when on the server, viewing domain[dot]com/example will simply show my 401.htm page without prompting me for credentials. when on a different network/computer, viewing domain[dot]com/example again shows my 401.htm without prompting for credentials. At the site level I only have Anon enabled. Every subfolder, unless I want it protected, has just Anon enabled. Only the folders I want protected have Anon disabled and Digest enabled. I have tried editing the bindings to see if that would spark any kind of change... www.domain.com, domain.com, and localhost have all been tried. There was never a change in behavior at any permutation (aside from the page not being found when I un-bound localhost to the site). I might have screwed up when I deleted the default site from IIS. I didn't think I'd actually need it for anything, but some of what I have read online is telling me otherwise now. As for Digest settings, I have it pointed to local.domain.com, which is the name assigned to my AD Domain. I'm guessing that's right, but honestly have no clue about what a realm actually is. Would it matter that I have an A record for local.domain.com pointing to my IP address? I had problems initially with an absolute link for 401.htm pages, but have since resolved that. Instead of D:\HTTP\401.htm I've used /401.htm and all is well. I used to get error 500's because it couldn't find the custom 401.htm file, but now it loads just fine. As for some data, I was getting entries like this from access logs: 2009-07-10 17:34:12 10.0.0.10 GET /example/ - 80 - [workip] Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+InfoPath.2) 401 2 5 132 But after correcting my 401.htm links now get logs like this: 2009-07-10 18:56:25 10.0.0.10 GET /example - 80 - [workip] Mozilla/5.0+(Windows;+U;+Windows+NT+5.1;+en-US;+rv:1.9.0.11)+Gecko/2009060215+Firefox/3.0.11 200 0 0 146 I don't know if that means anything or not. I still don't get any credential challenges, regardless of where I try to sign in from ( my workstation, my server, my cellphone even ). The only thing that's seemed to work is viewing localhost and I donno what could be preventing authentication from finding it's way out of the server. Thanks for any help! Jon

    Read the article

  • Apache, Tomcat 5 and problem with HTTP basic auth

    - by Juha Syrjälä
    I have setup a Tomcat with a webapp that uses http basic auth in some of its URLs. There is a Apache server in front of the Tomcat. I have setup Apache as a proxy like this (all traffic should go directly to tomcat): /etc/httpd/conf.d/proxy_ajp.conf: LoadModule proxy_ajp_module modules/mod_proxy_ajp.so ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ There is a webapp installed to root of Tomcat (ROOT.war), so I should be able to use http://localhost/ to access my webapp. But it is not working with http basic auth. The problem is that everything works until I try to access URL that are protected by the HTTP basic auth. URLs without authentication work just fine. When accessing this url via apache I am getting an error message from Apache. If I access the same URL directly from tomcat, everything works just fine. I am getting this to Apache error log: [Wed Sep 01 21:34:01 2010] [error] proxy: dialog to [::1]:8009 (localhost) failed access log looks like this: ::1 - - [01/Sep/2010:21:34:01 +0300] "GET /protected_path/ HTTP/1.0" 503 360 "-" "w3m/0.5.2" I am using: Fedora release 13 (Goddard) httpd-2.2.16-1.fc13.x86_64 tomcat5-5.5.27-7.4.fc12.noarch The basic auth is implemented in the webapp (not in Apache or Tomcat). The webapp is actually implemented in Scala/Lift, but that shouldn't matter. The auth works if I access the tomcat directly. Error message that I am getting from Apache. It is curious that the title is Unauthorized and not Internal error: Unauthorized The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/2.2.16 (Fedora) Server at my.server.name.com Port 80 It could be that Apache is seeing a some thing else than 200 OK response and thinks that it is an error when it actually should pass the received 401 Unauthorized response directly to browser. If this is the problem, how to fix it?

    Read the article

  • Squid/Kerberos authentication with only Linux

    - by user28362
    Hi, I would like to know if it possible to let a Windows Xp machine authenticate to Squid (Linux) using Kerberos without the need of an Active Directory domain. I only want to create a Kerberos ticket on the client side, which should give the client access to squid (using I.E.). I only found tutorials about configuring A.D./Squid, not an environment with only Linux servers. Thanks Update: The kerberos setup is correctly done, the proxy and client can get tickets. As for the browser (FF/IE), I get: ERROR Cache Access Denied While trying to retrieve the URL: http://www.google.com/ The following error was encountered: * Cache Access Denied. Sorry, you are not currently allowed to request: http://www.google.com/ from this cache until you have authenticated yourself. In kerberos, I get: squid_kerb_auth: Got 'YR ElRNTVMTUABBAABAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgDAAAADw==' from squid (length: 59). squid_kerb_auth: parseNegTokenInit failed with rc=101 squid_kerb_auth: received type 1 NTLM token This message is strange, as I didn't configure NTLM. It looks like the browser uses the wrong authentication methode.

    Read the article

  • HTTP 401 error in Windows Authentication disappears after swapping Providers

    - by Ray Cheng
    The IIS 7 on Windows 2008 R2 is acting really weird. We deploy our web apps as web sites with appcmd.exe. After they are deployed, if I browse to them, I'll get HTTP 401 errors. The web sites are only have Windows Authentication enabled and the providers are Negotiate and NTLM in such order. But if I swap the providers, the HTTP 401 error goes away. Even if I swap it back, the errors are still gone. So the order of the providers doesn't seem to matter, what matters is the swapping. It must have triggered something. Even if we delete the web site and application pool and reinstall the web sites, the errors are still gone. So far, we can't reproduce it easily since it happens randomly. Has anyone experienced this? How do I go about to troubleshoot it?

    Read the article

  • Dynamic authentication realms in Apache

    - by Cogsy
    I have a front end server acting as a gateway proxy for many (a dynamic 'many') building monitors with embedded webservers. They are accessed with a URL like: http://www.example.com/monitor1/ http://www.example.com/monitor2/ ... I'm trying to restrict access to these monitors to only the users that own them. So what I need is a way of specifying rights to users or groups for specific directories. The standard auth mechanisms I see in Apache won't work because I need to specify every location. I'd prefer some dynamic map or script. Any suggestions?

    Read the article

  • Cannot get to configure Kerberos for Reporting Services

    - by Ucodia
    Context I am trying to configure Kerberos in the domain for double-hop authentication. So here are the machines and their respective roles: client01: Windows 7 as client dc01: Windows Server 2008 R2 as domain controller and dns server01: Windows Server 2008 R2 as reporting server (native mode) server02: Windows Server 2008 R2 as SQL Server database engine I want my client01 to connect to server01 and configure a data source that is located on server02 using Intergrated Security. So as NTLM cannot push credentials that far, I need to setup Kerberos to enable double-hop authentication. The reporting service is runned by the Network Service service account and is configured only with the RSWindowsNegotiate options for authentication. Issue I cannot get to pass my client01 credential to server02 when configuring the data source on server01. Therefore I get the error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. So I went on dc01 and delegated full trust for any service to server01 but it not fixed the problem. I want to notice that I did not configured any SPNs for server01 because Reporting Service is runned by Network Service and from what I read on the Internet, when Reporting Services is going up with Network Service, SPNs are automatically registered. My problem is that even if that I want to configure SPNs manually, I do not know where I have to set them up. On dc01 or on server01? So I went a bit further on the issue and tried to trace this problem. From my understanding of Kerberos, this is what should happen on the network when I try to connect the data source: client01 ---- AS_REQ ---> dc01 <--- AS_REP ---- client01 ---- TGS_REQ ---> dc01 <--- TGS_REP ---- client01 ---- AP_REQ ---> server01 <--- AP_REP ---- server01 ---- TGS_REQ ---> dc01 <--- TGS_REP ---- server01 ---- AP_REQ ---> server02 <--- AP_REP ---- So captured my local network with Wireshark, but whenever I try to configure my data source from client01 on server01 to pass my credentials to server02, my client never sends a AS_REQ or TGS_REQ to the KDC on dc01. Questions So does anyone can tell me if I should configure the SPNs and on which machine does it have to be configured? Also why client01 never request for a TGT or a TGS to my KDC. Do you think there is something going wrong with the DC role of dc01?

    Read the article

  • Configuring LiveID authentication with SharePoint2010

    - by ybbest
    With the addition of the new claims based authentication framework in SharePoint 2010, SharePoint is now more loosely coupled to the authentication layer than ever. You’ve probably seen presentations or webinars where it was mentioned that you can use claims authentication against authentication providers such as Live ID and OpenID. In this blog I will show you the common problems while you configure you LiveID integration with SharePoint2010.The detailed configuration can be found in the following blogs. Part 1 – http://www.wictorwilen.se/Post/Visual-guide-to-Windows-Live-ID-authentication-with-SharePoint-2010-part-1.aspx Part 2 – http://www.wictorwilen.se/Post/Visual-guide-to-Windows-Live-ID-authentication-with-SharePoint-2010-part-2.aspx Part 3 – http://www.wictorwilen.se/Post/Visual-guide-to-Windows-Live-ID-authentication-with-SharePoint-2010-part-3.aspx Here are some problems I have following the instructions: Problem 1: If you had the following exceptions when you run the PowerShell scripts to create the new LiveID authentication provider New-SPTrustedIdentityTokenIssuer : Exception of type ‘System.ArgumentException’ was thrown.Parameter name: claimType At line:1 char:42 + $authp = New-SPTrustedIdentityTokenIssuer <<<< -Name “LiveID INT” -Description “LiveID INT” -Realm $realm -ImportTrustCertificate $certfile -ClaimsMappings $emailclaim,$upnclaim -SignInUrl “https://login.live-int.com/login.srf” -IdentifierClaim $emailclaim.InputClaimType + CategoryInfo : InvalidData:(Microsoft.Share…dentityProvider:SPCmdletNewSPIdentityProvider) [New-SPTrustedIdentityTokenIssuer], ArgumentException + FullyQualifiedErrorId :Microsoft.SharePoint.PowerShell.SPCmdletNewSPIdentityProvider Solution: You need to Remove the existing the SPTrustedIdentityTokenIssuer.     1. You need to first get the existing TokenIssuer name by Get-SPTrustedIdentityTokenIssuer, and then run Remove- SPTrustedIdentityTokenIssuer to remove the existing TokenIssuer.     2. After that , you can re-run the script , everything should work fine now. Problem 2: Live INT automatically logs out Whenever I try to log in (https://login.live-int.com/login.srf), after entering valid email/password I get redirected to the logout page. Solution: You can find the solution in my previous blog.

    Read the article

  • Keeping up with Technology

    - by kennedysteve
    If you're like me, you have a hard time keeping up with all the technologies out there. The reality is there's too many new technologies (languages, methodologies,  tools, etc). One of the ways I try to keep up with everything is by using good ol' RSS feeds in conjunction with Google Reader. Google Reader is both an online aggregator of RSS feeds, and it also has a good companion app on Google Android. The nicest part of Google Reader for me is the "All Listings" view which gives me a reverse chronological view of ALL articles (mixed together) regardless of the actual RSS feed.  This way, I get to see the newest articles first. I can then choose to hide the articles I've viewed, etc. Here is a list of my RSS feeds. Admittedly, some of these are all over the spectrum. But you might find one or two interesting. .NET Rocks! RSS = http://feeds.feedburner.com/netRocksFullMp3Downloads Main Web Site = http://www.dotnetrocks.com Channel 9 RSS = http://channel9.msdn.com/Feeds/RSS Main Web Site = http://channel9.msdn.com/ CodePlex  RSS = http://www.codeplex.com/site/feeds/rss Main Web Site = http://www.codeplex.com/site/feeds/rss Connected Show Developer Podcast! RSS = http://feeds.connectedshow.com/ConnectedShow Main Web Site = http://www.ConnectedShow.com/ dnrTV RSS = http://feeds.feedburner.com/DnrtvWmv?format=xml Main Web Site = http://dnrtv.com ebookshare RSS = http://www.ebookshare.net/feed/ Main Web Site = http://www.ebookshare.net Geekswithblogs.net RSS = http://feeds.feedburner.com/geekswithblogs Main Web Site = http://geekswithblogs.net/mainfeed.aspx Gmail Blog RSS = http://feeds.feedburner.com/OfficialGmailBlog?format=xml Main Web Site = http://gmailblog.blogspot.com/ Google Mobile Blog RSS = http://feeds.feedburner.com/OfficialGoogleMobileBlog Main Web Site = http://googlemobile.blogspot.com/ Herding Code RSS = http://feeds.feedburner.com/herdingcode Main Web Site = http://herdingcode.com LearnVisualStudio.NET Videos RSS = http://www.learnvisualstudio.net/videos.rss Main Web Site = http://www.learnvisualstudio.net/ Microsoft Learning Upcoming = Microsoft Learning Upcoming Titles RSS = http://learning.microsoft.com/rss/en-US/upcomingtitles?brand=Learning Main Web Site = http://learning.microsoft.com:80/rss/en-US/upcomingtitles?brand=Learning MS On-demand Webcasts RSS = http://www.microsoft.com/communities/rss.aspx?&Title=On-Demand+Webcasts&RssTitle=Microsoft+Webcasts%3A+On-Demand+Webcasts&CMTYSvcSource=MSCOMMedia&WebNewsURL=http%3A%2F%2Fwww.microsoft.com%2Fevents%2FEventDetails.aspx&CMTYRawShape=list&Params=+%0D%0A%09~CMTYDataSvcParams%5E%0D%0A%09~arg+Name%3D'EventType'+Value%3D'OnDemandWebcast'%2F%5E%0D%0A%09~arg+Name%3D'ProviderID'+Value%3D'A6B43178-497C-4225-BA42-DF595171F04C'%2F%5E%0D%0A%09~arg+Name%3D'StartDate'+Value%3D'06%2F30%2F2006'%2F%5E%0D%0A%09~arg+Name%3D'EndDate'+Value%3D'Now%2B0'%2F%5E%0D%0A%09~%2FCMTYDataSvcParams%5E+&NumberOfItems=100 Main Web Site = http://www.microsoft.com/events/default.mspx MS Podcasts for Devs RSS = http://www.microsoft.com/events/podcasts/default.aspx?podcast=rss&audience=Audience-e5381407-359f-4922-97d0-0237af790eee&pageId=x40 Main Web Site = http://www.microsoft.com/events/podcasts/default.aspx?audience=Audience-e5381407-359f-4922-97d0-0237af790eee&pageId=x40&WT.rss_ev=f MSDN Blogs RSS = http://blogs.msdn.com/b/mainfeed.aspx?Type=BlogsOnly Main Web Site = http://blogs.msdn.com/b/ MSDN Radio RSS = http://www.microsoft.com/events/podcasts/default.aspx?topic=&audience=&view=&pageId=x73&seriesID=Series-b9139976-8d48-4249-9b89-ccd17891de1e.xml&podcast=rss&type=wma Main Web Site = http://www.microsoft.com/events/podcasts/default.aspx?seriesID=Series-b9139976-8d48-4249-9b89-ccd17891de1e.xml&pageId=x73&WT.rss_ev=f O'Reilly Deal of the Day RSS = http://feeds.feedburner.com/oreilly/ebookdealoftheday Main Web Site = http://oreilly.com O'Reilly New RSS = http://feeds.feedburner.com/oreilly/newbooks Main Web Site = http://oreilly.com/ Safari Books Online RSS = http://my.safaribooksonline.com/rss Main Web Site = http://my.safaribooksonline.com/ ScottGu's Blog RSS = http://weblogs.asp.net/scottgu/rss.aspx Main Web Site = http://weblogs.asp.net/scottgu/default.aspx SourceForge Community Blog RSS = http://sourceforge.net/blog/feed/ Main Web Site = http://sourceforge.net/blog Stack Overflow RSS = http://blog.stackoverflow.com/feed/ Main Web Site = http://blog.stackoverflow.com Stepcase Lifehack RSS = http://www.lifehack.org/feed/ Main Web Site = http://www.lifehack.org TechNet Radio RSS = http://www.microsoft.com/events/podcasts/default.aspx?topic=&audience=&view=&pageId=x73&seriesID=Series-cc4e3db2-9212-43c5-a57b-d43fa31e6452.xml&podcast=rss&type=wma Main Web Site = http://www.microsoft.com/events/podcasts/default.aspx?seriesID=Series-cc4e3db2-9212-43c5-a57b-d43fa31e6452.xml&pageId=x73&WT.rss_ev=f Wrox All New Titles RSS = http://www.wrox.com/WileyCDA/feed/RSS_WROX_ALLNEW.xml Main Web Site = http://www.wrox.com

    Read the article

  • Mutual SSL Client Authentication

    - by nordisk
    Hi, I'm trying to achieve mutual SSL client authentication but without much success so far. Let me explain my scenario first: I have a client certificate issued by an intermediate CA whose certificate in turn was issued by a root CA (the intermediate and root CAs are within the company's network). This is the certificate I am including as part of my call to the server (using the HttpWebRequest object). The server has imported my client certificate and it is one of the certificates presented to me. An important thing to note is that the server does not trust the intermediate CA or the root for that matter. What we're trying to achieve is authentication against the certificate directly, i.e. mutual authentication using my client certificate. The error I'm getting is: "The request was aborted: Could not create SSL/TLS secure channel." From my trace logs I also get the following: System.Net Information: 0 : [3380] SecureChannel#34868631 - We have user-provided certificates. The server has specified 2 issuer(s). Looking for certificates that match any of the issuers. System.Net Information: 0 : [3380] SecureChannel#34868631 - Left with 0 client certificates to choose from. One of the certificates presented to us from the server is the same as our client certificate but the matching between them seems to fail. It looks like it's trying to verify the issuer. Now to make things even more interesting: If the server trusts and sends back the intermediate CA then everything works fine! (This is not an option for the production environment though I'm told) Using jmeter to test the request works fine too. I can only assume that Java's SSL handshake implementation is somewhat different. So it really comes down to this: Do you need to implement mutual SSL authentication differently from normal client SSL authentication? Any ideas or comments would be greatly appreciated.

    Read the article

  • MVC2 Apps (and others) sharing WCF services and authentication

    - by stupid-phil
    Hi, I've seen several similar scenarios explained here but not my particular one. I wonder if someone could tell me which direction to go in? I am developing two (and more later) MVC2 apps. There will also be another (thicker) client later on (WPF or Silverlight, TBD). These all need to share the same authentication. For the MVC2 apps they (preferably) need to be single log on - ie if a user logs in to one MVC2 app, they should be authorised on the other, as long as the cookie hasn't timed out. Forms authentication is to be used. All the apps need to use common business functionality and perform db access via a common WCF Service App. It would be nice (I think) if the WCF is not publicly accessible (ie blocked behind FW). The thicker client could use an additional service layer to access the Common WCF App. What this should look like is: MVCApp1 - WCFAppCommon MVCApp2 - WCFAppCommon ThickClient - WCFApp2 - WCFAppCommon Is it possible to carry out all the authentication/authorization in the WCFAppCommon? Otherwise I think I'll have to repeat all the security logic in the MVCApps and WCFApp2, whereas, to me, it seems to sit naturally in WCFAppCommon. On the otherhand, it seems if I authenticate/authorize in WCFAppCommon, I wouldn't be able to use Forms Authentication. Where I've seen possible solutions (that I haven't tried yet) they seem much more complex than Forms Authentication and a single DB. Any help appreciated, Phil

    Read the article

  • Blackberry support for Forms Authentication - ASP.NET MVC app

    - by Derek Mitchell
    I'm writing an ASP.NET MVC application that uses Forms Authentication. The target clients are a variety of mobile web browsers. When I use the BlackBerry 8530 simulator my MVC app authenticates as expected. I can visit pages whose controller methods are decorated with the [Authorize] attribute - no problem - they display and therefore I assume my Forms Authentication is working correctly. Using a physical Windows Mobile device to browse my site, I have the same experience as the BB simulator, the forms authentication works as I would expect. BUT when I try to visit the site using a Blackberry 8900 physical device the Login page keeps on looping back when I click the Login page. The device is not retaining it's "authenticated" status. I added code to verify this and I can see that: Request.IsAuthenticated: False User.Identity.IsAuthenticated: False So my question is what next steps can I take to try and find out why the Blackberry 8900 is losing it's authentication status. Is this cookie related? Anyone have any ideas? Cheers Derek

    Read the article

  • Spring Security HTTP Basic Authentication

    - by Raspayu
    Hi people! I am trying to do a really simple basic authentication with Spring Security. I have configured properly the namespace, and there are no Exceptions in the server. In my "servlet.xml" I have got the next for Spring Security: <security:http> <security:http-basic></security:http-basic> <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" /> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider> <security:user-service> <security:user name="cucu" password="tas" authorities="ROLE_USER" /> <security:user name="bob" password="bobspassword" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> It nearly all goes perfect: the methods that are not POST doesn't prompt any login form, and the POST method prompt it. The problem is, that nor "cucu", neither "bob" can login there. Can anyone see what am I doing wrong? Thanks in advance! ;-)

    Read the article

  • google-app-engine-django: authentication without Google accounts?

    - by cv12
    google-app-engine-django/ claims to have an "App Engine compatible implementation of the Django authentication framework". Does this authentication work only with Google Accounts? Is it possible to register a user with a username/password and authenticate him/her with that username/password without that user having a Google account? I would appreciate any pointers to how this could be done with google-app-engine-django without Google Accounts authentication.

    Read the article

  • Problem between Glassfish and Spring Security Basic Authentication

    - by Raspayu
    Hi! I am enabling a simple HTTP Basic Authentication with Spring security in my project. My environment is an Glassfish Server (bundled with Netbeans), and almost everything works perfect: I have set up it to just ask for authentication with the POST method, with hardcoded users with "user-service", and it works with user names with no special characters. The problem comes when I set up an user with "@" or "." Here is the spring-security related part of my servlet.xml: <security:http> <security:intercept-url method="POST" pattern="/**" access="ROLE_USER" /> <security:http-basic/> </security:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider user-service-ref="uservice"/> </security:authentication-manager> <security:user-service id="uservice"> <security:user name="[email protected]" password="pswd1" authorities="ROLE_USER" /> <security:user name="[email protected]" password="pswd2" authorities="ROLE_USER" /> <security:user name="pepe" password="pepito" authorities="ROLE_USER" /> </security:user-service> I have looked also for what did the browser send to the listening port, and it sends right the par "username:password" in base 64, so i think the problem is in my server(Glassfish v3). Does anyone have any idea? Thanks in advance! Raspayu

    Read the article

  • Talking to an Authentication Server

    - by Kyle Terry
    I'm building my startup and I'm thinking ahead for shared use of services. So far I want to allow people who have a user account on one app to be able to use the same user account on another app. This means I will have to build an authentication server. I would like some opinions on how to allow an app to talk to the authentication server. Should I use curl? Should I use Python's http libs? All the code will be in Python. All it's going to do is ask the authentication server if the person is allowed to use that app and the auth server will return a JSON user object. All authorization (roles and resources) will be app independent, so this app will not have to handle that. Sorry if this seems a bit newbish; this is the first time I have separated authentication from the actual application.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >