Search Results

Search found 5866 results on 235 pages for 'authentication'.

Page 141/235 | < Previous Page | 137 138 139 140 141 142 143 144 145 146 147 148 | Next Page >

Can I use OAuth for a SOAP web service?

- by Olaseni

The standard HTTP Authentication for SOAP passed the password etc in cleartext,and I'm looking for an alternative, possibly a key based mechanism to authenticate web services in lieu of the password. OAuth is gaining a lot of popularity; would it be appropriate, and how would I implement it? Or perhaps there are other methods I should use. The project itself is relatively simple, with just a one or two methods to be exposed, but security is of the utmost importance.

Read the article
Open Source Alternative to ASP.NET membership

- by Tony Lenzi

I'm currently supporting a Python web app with increasingly complicated user/role/permission management requirements. Currently, we are rolling our own user, groups, permissions, etc. code and supporting database. I'd like to find something like ASP.NET membership that can help manage user authentication and authorization, rather than risk security issues in continuing to create an increasingly complicated custom solution. Are there any similar projects out there worth taking a look at?

Read the article
JSON Post To Rails From Android

- by Stealthnh

I'm currently working on an android app that interfaces with a Ruby on Rails app through XML and JSON. I can currently pull all my posts from my website through XML but I can't seem to post via JSON. My app currently builds a JSON object from a form that looks a little something like this: { "post": { "other_param": "1", "post_content": "Blah blah blah" } } On my server I believe the Create method in my Posts Controller is set up correctly: def create @post = current_user.posts.build(params[:post]) respond_to do |format| if @post.save format.html { redirect_to @post, notice: 'Post was successfully created.' } format.json { render json: @post, status: :created, location: @post } format.xml { render xml: @post, status: :created, location: @post } else format.html { render action: "new" } format.json { render json: @post.errors, status: :unprocessable_entity } format.xml { render xml: @post.errors, status: :unprocessable_entity } end end end And in my android app I have a method that takes that JSON Object I posted earlier as a parameter along with the username and password for being authenticated (Authentication is working I've tested it, and yes Simple HTTP authentication is probably not the best choice but its a quick and dirty fix) and it then sends the JSON Object through HTTP POST to the rails server. This is that method: public static void sendPost(JSONObject post, String email, String password) { DefaultHttpClient client = new DefaultHttpClient(); client.getCredentialsProvider().setCredentials(new AuthScope(null,-1), new UsernamePasswordCredentials(email,password)); HttpPost httpPost = new HttpPost("http://mysite.com/posts"); JSONObject holder = new JSONObject(); try { holder.put("post", post); StringEntity se = new StringEntity(holder.toString()); Log.d("SendPostHTTP", holder.toString()); httpPost.setEntity(se); httpPost.setHeader("Content-Type","application/json"); } catch (UnsupportedEncodingException e) { Log.e("Error",""+e); e.printStackTrace(); } catch (JSONException js) { js.printStackTrace(); } HttpResponse response = null; try { response = client.execute(httpPost); } catch (ClientProtocolException e) { e.printStackTrace(); Log.e("ClientProtocol",""+e); } catch (IOException e) { e.printStackTrace(); Log.e("IO",""+e); } HttpEntity entity = response.getEntity(); if (entity != null) { try { entity.consumeContent(); } catch (IOException e) { Log.e("IO E",""+e); e.printStackTrace(); } } } Currently when I call this method and pass it the correct JSON Object it doesn't do anything and I have no clue why or how to figure out what is going wrong. Is my JSON still formatted wrong, does there really need to be that holder around the other data? Or do I need to use something other than HTTP POST? Or is this just something on the Rails end? A route or controller that isn't right? I'd be really grateful if someone could point me in the right direction, because I don't know where to go from here.

Read the article
Aspect oriented Programming?

- by Jaswant Agarwal

How can we apply attributes to class fucntion using AOP in C#? UPDATE: I am slightly not clear in what context AOP should be used? As we can use AOP for logging purpose, security(Authentication), please suggest some other scenarios where we can take benefit of AOP Is AOP can be use to share data among different running threads in application process?

Read the article
How to automatically add user account *and* password with a Bash script

- by ModernCarpentry

I need to have the ability to create user accounts on my Linux ( Fedora 10 ) and automatically assign a password via a bash script ( or otherwise, if need be ). It's easy to create the user via Bash eg: [whoever@server ]# /usr/sbin/useradd newuser But is it possible to assign a password in Bash, something functionally similar to this (but automated): [whoever@server ]# passwd newuser Changing password for user testpass. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [whoever@server ]#

Read the article
ASP.NET MVC Login ReturnUrl always NULL?

- by aherrick

Using Forms Authentication in ASP.NET MVC when trying to log back into a site, it puts a ReturnUrl parameter in the query string. My Logon action method accepts a "returnUrl" string. However it seems that returnUrl string is always null, even when it is clearly in the query string. Any thoughts on why this might be the case or a possible fix?

Read the article
reading from File in assembly

- by Natasha

i am trying to read a username and a password from a file in x86 assembly for the perpose of authentication obviously the file consists of two lines , the user name and the password how can i read the two lines seperately and compare them? My attempt: proc read_file mov ah,3dh lea dx,file_name int 21h mov bx, ax xor si,si repeat: mov ah, 3fh lea dx, buffer mov cx, 100 int 21h mov si, ax mov buffer[si], '$' mov ah, 09h int 21h ;print on screen cmp si, 100 je repeat jmp stop;jump to end stop: RET read_file ENDP

Read the article
WSE 3.0 cookies support?

- by aloneguid

Hi, I'm trying to call a web service with WSE 3.0 which uses cookies for authentication. With standard SoapHttpClientProtocol, I could assign my CookieContainer to a request. However, WSE 3.0 web services does not directly or indirectly inherit from it. How can I set cookies to WSE 3.0 request?

Read the article
OpenID with Kohana , how to?

- by grokker

Hi, I've used CakePHP and now I'm trying to build a project using Kohana 3. It's also my first time to use OpenID as a means for user registration/authentication for my site. That's why I'm wondering, how do I use OpenId with Kohana 3?

Read the article
PCI compliance: using SSL as transport layer for RDP (Terminal Service)

- by Crashalot

My client failed her PCI compliance audit. The server supports Remote Desktop (Terminal Service) but only provides encryption and not authentication. This exposes the server to Man-In-The-Middle attacks. The supposed solution is to force SSL as the transport layer for RDP. Anyone know how to do this? The server runs Windows 2003.

Read the article
Custom MembershipProvider attempts to pass empty creds after IIS restart

- by Joseph DeCarlo

I have a C# custom ASP.Net MembershipProvider. When the user attempts to navigate to another part of the site after IIS is restarted, it doesn't navigate to the login page to collect credentials, but instead attempts to authenticate with empty credentials. Can anyone tell me what I have to do to identify that the new authentication needs to take place and that new creds need to be gathered? I have a complementary custom IHttpModule implementation that allows me to intercept events like BeginRequest and AuthenticateRequest, if that helps.

Read the article
Regarding jdbc Realm

- by Priyanka

I want to do login using form based authentication. i have been followed all steps for creating jdbc realm but run time error is coming. error is like-SEVERE: SEC1111: Cannot load group for JDBC realm user [pqr]. WARNING: Web login failed: Login failed: javax.security.auth.login.LoginException: Security Exception

Read the article
Unable to add SSH pub key for GitHub

- by Kaushik

I am trying to set up a new GitHub account as part of learning ruby on rails. My OS is windows. I am having the following problem while trying to add my public key to the GitHub SSH public keys. When I put the key in the text area, supply a name, and click 'Add Key', I am taken to the Job profile page without any confirmation that the key has been added.(I am using SSH client GUI to generate RSA keys). When I come back to the SSH public keys page, I see that the key is not there. I tried this multiple times...without any result. Just as a test, I tried to ssh to the GitHub account using 'ssh -v [email protected]' and here is the verbose output: OpenSSH_4.6p1, OpenSSL 0.9.8e 23 Feb 2007 debug1: Connecting to github.com [207.97.227.239] port 22. debug1: Connection established. debug1: identity file /c/Users/Administrator/.ssh/identity type -1 debug1: identity file /c/Users/Administrator/.ssh/id_rsa type -1 debug1: identity file /c/Users/Administrator/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5github2 debug1: match: OpenSSH_5.1p1 Debian-5github2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.6 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'github.com' is known and matches the RSA host key. debug1: Found key in /c/Users/Administrator/.ssh/known_hosts:1 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Trying private key: /c/Users/Administrator/.ssh/identity debug1: Trying private key: /c/Users/Administrator/.ssh/id_rsa debug1: Trying private key: /c/Users/Administrator/.ssh/id_dsa debug1: No more authentication methods to try. Permission denied (publickey). Also, why is it looking for the keys in c/Users/Administrator/.ssh/ Is there a possibility of changing this default location? EDIT: With Mozila, I get error msg: Oops! The key has already been taken. The key is invalid. It must begin with 'ssh-rsa' or 'ssh-dss'. My key looks like: ---- BEGIN SSH2 PUBLIC KEY ---- Comment: "[2048-bit rsa, Administrator@Kaushik-THINK, Sun Jan 02 2011 \ 02:40:03]" AAAAB3NzaC1yc2EAAAADAQABAAABAQDoA5xqJozKmAHTGh9hgmagsFOl2hdPzS8ZPV9Ta1 xU0JiUnHef38Rvz/5oqL1wW7SjmZbc/+tCPOfU1lg3UisFXajJhek2bjJ2qsKd4Sjax2Nj ZMYD7djPb8rokUYSKW3bdYyJHtJH+murz04UGdCcZ8HqkMTzqlh3zAIK7SIlCy+mtAi5A/ sm0JbqlNGHB6YrL1aWIcOSolIx2HWt8cWhlK77guT9dPgd0HT59Gn0uhO7UWGLrNdJut0x ian3HdvNYMUXoO/SkNlxvWRgZ1UOhaB+qf4hw5RCGcBbqP3fM4LKpurHZx4wEpgmM0e4EM +2PYdf46uxChNdBl7J5sZF ---- END SSH2 PUBLIC KEY ---- I still can't see the key..so not sure how it says it is already taken.

Read the article
c# sample code of orkut integration with an ASP.NET web site

- by preguntón

Is there any c# sample code of integrating orkut from an ASP.NET web site (oauth authentication, retrieving friends, etc.) Any help would be appreciated Thank you

Read the article
How to login to youtube from php?

- by dan

Hi, I want to use the youtube api to get the users new subscription videos with this api call: http://gdata.youtube.com/feeds/api/users/default/newsubscriptionvideos Without logging in I get this response: User authentication required. Error 401 How can I login to youtube from php?

Read the article
Hidden WCF endpoints

- by Matt

For the sake of arguement, lets say that I've got a basicHttp WCF service. Besides implementing authentication (login/logout methods), what is stopping someone from just cracking open Visual Studio, adding a web reference to my website's service, and then playing playing around with my service? I'm not familiar with a method of stopping someone from doing this. The idea of someone downloading all of my Data/Operation contracts and then start playing around is keeping me up at night, and I like my sleep!

Read the article
Why am i getting these errors from GitHub?

- by acidzombie24

I followed these instruction and could not connect to github for the life of me. >plink -ssh github.com FATAL ERROR: Disconnected: No supported authentication methods available plink -ssh [email protected] You've successfully authenticated, but GitHub does not with tortoisegit git.exe push "origin" master ERROR: Permission to name/MyEmptyRepoOnGitHubHere denied to name. fatal: The remote end hung up unexpectedly Whats going on? NOTE: I followed the instructions carefully. It was a lot worse before i followed them.

Read the article
Basic social network functionality

- by Dimitar Vouldjeff

Hi, I'm going to develop a social like network using Ruby on Rails. For this app I need basic social functionality like friends, activities, authentication, user profile, facebook connect, comments. I searched for rails plugins with social functions and i found - tog and community engine. So which is better and more easier to extend? Thanks

Read the article
RESTful issue with data access when using HTTP DELETE method ...

- by Wilhelm Murdoch

I'm having an issue accessing raw request information from PHP when accessing a script using the HTTP DELETE directive. I'm using a JS front end which is accessing a script using Ajax. This script is actually part of a RESTful API which I am developing. The endpoint in this example is: http://api.site.com/session This endpoint is used to generate an authentication token which can be used for subsequent API requests. Using the GET method on this URL along with a modified version of HTTP Basic Authentication will provide an access token for the client. This token must then be included in all other interactions with the service until it expires. Once a token is generated, it is passed back to the client in a format specified by an 'Accept' header which the client sends the service; in this case 'application/json'. Upon success it responds with an HTTP 200 Ok status code. Upon failure, it throws an exception using the HTTP 401 Authorization Required code. Now, when you want to delete a session, or 'log out', you hit the same URL, but with the HTTP DELETE directive. To verify access to this endpoint, the client must prove they were previously authenticated by providing the token they want to terminate. If they are 'logged in', the token and session are terminated and the service should respond with the HTTP 204 No Content status code, otherwise, they are greeted with the 401 exception again. Now, the problem I'm having is with removing sessions. With the DELETE directive, using Ajax, I can't seem to access any parameters I've set once the request hits the service. In this case, I'm looking for the parameter entitled 'token'. I look at the raw request headers using Firebug and I notice the 'Content-Length' header changes with the size of the token being sent. This is telling me that this data is indeed being sent to the server. The question is, using PHP, how the hell to I access parameter information? It's not a POST or GET request, so I can't access it as you normally would in PHP. The parameters are within the content portion of the request. I've tried looking in $_SERVER, but that shows me limited amount of headers. I tried 'apache_request_headers()', which gives me more detailed information, but still, only for headers. I even tried 'file_get_contents('php://stdin');' and I get nothing. How can I access the content portion of a raw HTTP request? Sorry for the lengthy post, but I figured too much information is better than too little. :)

Read the article
What is the security advantage of STS in web services?

- by Neil McF

Hello, I've started reading up on security (particularly authentication) with web services and I see a lot of references to security token services. From what I see, they take a username-password (or something) and, on validation, return a digital token. How is using this token any more secure then just relying on the username-password in the first place?

Read the article
Post "Hello World" to twitter from .NET application

- by cf_PhillipSenn

My client would like me to use .NET to post to Twitter, and suggests that I use C#. Q: How do I post "Hello World" to twitter using C#? This post mentions a library called twitterizer. Isn't there a native way to do it without using a 3rd party library? (Maybe not since authentication is one of the requirements).

Read the article
.NET Impersonate not working!

- by Jagd

I have a webpage that allows a user to upload a file to a network share. When I run the webpage locally (within VS 2008) and try to upload the file, it works! However, when I deploy the website to the webserver and try to upload the file through the webpage, it doesn't work! The error being returned to me on the webserver says "Access to the path '\05prd1\emp\test.txt' is denied. So, obviously, this is a permissions issue. The network share is configured to allow full access both to me (NT authentication) and to the NETWORK SERVICE (which is .NET's default account and what we have set in our IIS application pool as the default user for this website). I have tried this with and without authentication, and neither one works on the webserver, yet both ways works on my local machine. The code that does the file upload is below. Please note that the code below includes impersonation, but like I said above, I've tried it with and without impersonation and it's made no difference. if (fuCourses.PostedFile != null && fuCourses.PostedFile.ContentLength > 0) { System.Security.Principal.WindowsImpersonationContext impCtx; impCtx = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate(); try { lblMsg.Visible = true; // The courses file to be uploaded HttpPostedFile file = fuCourses.PostedFile; string fName = file.FileName; string uploadPath = "\\\\05prd1\\emp\\"; // Get the file name if (fName.Contains("\\")) { fName = fName.Substring( fName.LastIndexOf("\\") + 1); } // Delete the courses file if it is already on \\05prd1\emp FileInfo fi = new FileInfo(uploadPath + fName); if (fi != null && fi.Exists) { fi.Delete(); } // Open new file stream on \\05prd1\emp and read bytes into it from file upload FileStream fs = File.Create(uploadPath + fName, file.ContentLength); using (Stream stream = file.InputStream) { byte[] b = new byte[4096]; int read; while ((read = stream.Read(b, 0, b.Length)) > 0) { fs.Write(b, 0, read); } } fs.Close(); lblMsg.Text = "File Successfully Uploaded"; lblMsg.ForeColor = System.Drawing.Color.Green; } catch (Exception ex) { lblMsg.Text = ex.Message; lblMsg.ForeColor = System.Drawing.Color.Red; } finally { impCtx.Undo(); } } Any help on this would be very appreciated!

Read the article
gSOAP: How to pass info inside soap header

- by Kangkan

I wish to send some information like authentication token inside SOAP header. I am using gSOAP/c/Linux. Please help me how to pass? My SOAP_ENV__Header looks like /* SOAP Header: */ struct SOAP_ENV__Header { struct ns3__Header *ns3__MyHeader; /* mustUnderstand */ }; and ns3__Header looks like /* ns3:Header */ struct ns3__Header { char *Value; /* optional element of type xsd:string */ };

Read the article
Same OpenID code working on 1 server not working on another

- by Frraaz

We implemented OpenID for Google Marketplace on this online hosting and it worked perfectly fine. But its not working on another server which DOES NOT have cPanel unlike the online hosting. Its failing authentication with this message: "Nonce already used or out of range" Does anyone have any idea what could be causing this problem?

Read the article
Securing Elmah RSS Feeds in ASP.NET website

- by olivehour

I followed the answer to this question http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website to restrict access to the elmah handler. However, it seems that adding an RSS feed to Outlook for the URL elmah.axd/rss or elmah.axd/digestrss bypasses the authentication. What's the point of securing the handler if someone can guess the RSS URL and subscribe to a feed of the error log?

Read the article

< Previous Page | 137 138 139 140 141 142 143 144 145 146 147 148 | Next Page >