Search Results

Search found 3868 results on 155 pages for 'wildcard ssl'.

Page 142/155 | < Previous Page | 138 139 140 141 142 143 144 145 146 147 148 149  | Next Page >

  • Moving StarterSTS to the (Azure) Cloud

    - by Your DisplayName here!
    Quite some people asked me about an Azure version of StarterSTS. While I kinda knew what I had to do to make the move, I couldn’t find the time. Until recently. This blog post briefly documents the necessary changes and design decisions for the next version of StarterSTS which will work both on-premise and on Azure. Provider Fortunately StarterSTS is already based on the idea of “providers”. Authentication, roles and claims generation is based on the standard ASP.NET provider infrastructure. This makes the migration to different data stores less painful. In my case I simply moved the ASP.NET provider database to SQL Azure and still use the standard SQL Server based membership, roles and profile provider. In addition StarterSTS has its own providers to abstract resource access for certificates, relying party registration, client certificate registration and delegation. So I only had to provide new implementations. Signing and SSL keys now go in the Azure certificate store and user mappings (client certificates and delegation settings) have been moved to Azure table storage. The one thing I didn’t anticipate when I originally wrote StarterSTS was the need to also encapsulate configuration. Currently configuration is “locked” to the standard .NET configuration system. The new version will have a pluggable SettingsProvider with versions for .NET configuration as well as Azure service configuration. If you want to externalize these settings into e.g. a database, it is now just a matter of supplying a corresponding provider. Moving between the on-premise and Azure version will be just a matter of using different providers. URL Handling Another thing that’s substantially different on Azure (and load balanced scenarios in general) is the handling of URLs. In farm scenarios, the standard APIs like ASP.NET’s Request.Url return the current (internal) machine name, but you typically need the address of the external facing load balancer. There’s a hotfix for WCF 3.5 (included in v4) that fixes this for WCF metadata. This was accomplished by using the HTTP Host header to generate URLs instead of the local machine name. I now use the same approach for generating WS-Federation metadata as well as information card files. New Features I introduced a cache provider. Since we now have slightly more expensive lookups (e.g. relying party data from table storage), it makes sense to cache certain data in the front end. The default implementation uses the ASP.NET web cache and can be easily extended to use products like memcached or AppFabric Caching. Starting with the relying party provider, I now also provide a read/write interface. This allows building management interfaces on top of this provider. I also include a (very) simple web page that allows working with the relying party provider data. I guess I will use the same approach for other providers in the future as well. I am also doing some work on the tracing and health monitoring area. Especially important for the Azure version. Stay tuned.

    Read the article

  • Ubuntu 12.10 no network and no graphics

    - by khasiKoMasu
    I recently upgraded Ubuntu 12.04 to 12.10 only to find out that it won't connect to any network, neither wired nor wireless and the graphics is messed up too as in a low screen resolution. For 12.04, my system was running perfectly. I don't know why upgrade messed it up so bad. Reinstalling the OS is an issue because I have set up a lot of development environments that I cannot afford to set it up again. Some of the outputs: lspci -nn | grep 0200 02:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8101E/RTL8102E PCI Express Fast Ethernet controller [10ec:8136] (rev 02) nm-tool NetworkManager Tool State: disconnected cat /etc/network/interfaces auto lo iface lo inet loopback sudo cat /var/log/syslog | grep etwork | tail -n20 Nov 2 13:50:22 Cobalt NetworkManager[978]: SCPlugin-Ifupdown: (-1240454760) ... get_connections (managed=false): return empty list. Nov 2 13:50:22 Cobalt NetworkManager[978]: Ifupdown: get unmanaged devices count: 0 Nov 2 13:50:22 Cobalt bluetoothd[1016]: Failed to init network plugin Nov 2 13:50:22 Cobalt NetworkManager[978]: <info> modem-manager is now available Nov 2 13:50:22 Cobalt NetworkManager[978]: <info> monitoring kernel firmware directory '/lib/firmware'. Nov 2 13:50:22 Cobalt NetworkManager[978]: <info> WiFi enabled by radio killswitch; enabled by state file Nov 2 13:50:22 Cobalt NetworkManager[978]: <info> WWAN enabled by radio killswitch; enabled by state file Nov 2 13:50:22 Cobalt NetworkManager[978]: <info> WiMAX enabled by radio killswitch; enabled by state file Nov 2 13:50:22 Cobalt NetworkManager[978]: <info> Networking is enabled by state file Nov 2 13:50:22 Cobalt NetworkManager[978]: <warn> /sys/devices/virtual/net/lo: couldn't determine device driver; ignoring... Nov 2 13:50:22 Cobalt NetworkManager[978]: <warn> /sys/devices/virtual/net/lo: couldn't determine device driver; ignoring... Nov 2 13:50:22 Cobalt NetworkManager[978]: <warn> bluez error getting default adapter: Message did not receive a reply (timeout by message bus) Nov 2 13:50:22 Cobalt NetworkManager[978]: <warn> bluez error getting default adapter: Message did not receive a reply (timeout by message bus) Nov 2 13:50:22 Cobalt kernel: [ 28.688167] type=1400 audit(1351882222.452:10): apparmor="STATUS" operation="profile_replace" name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=1046 comm="apparmor_parser" Nov 2 13:50:22 Cobalt bluetoothd[1062]: Failed to init network plugin Nov 2 13:50:22 Cobalt NetworkManager[978]: <warn> bluez error getting default adapter: Message did not receive a reply (timeout by message bus) Nov 2 13:50:22 Cobalt bluetoothd[1118]: Failed to init network plugin Nov 2 13:50:22 Cobalt NetworkManager[978]: <warn> bluez error getting default adapter: Message did not receive a reply (timeout by message bus) Nov 2 13:50:22 Cobalt bluetoothd[1237]: Failed to init network plugin Nov 2 13:50:22 Cobalt NetworkManager[978]: <warn> bluez error getting default adapter: Message did not receive a reply (timeout by message bus) ps aux | grep -i network root 978 0.0 0.1 23732 4808 ? Ssl 13:50 0:00 NetworkManager sudo modprobe -r forcedeth FATAL: Module forcedeth not found

    Read the article

  • Mod_Rewrite Apache ProxyPass ?

    - by Anon
    I have two websites; OLDSITE and NEWSITE. The OLDSITE has 120 IP Address that it has with it, and the NEWSITE had 5. I want to be able to separate everything from OLDSITE and NEWSITE so they are not tied together but use them on the same linux computer. My current apache setup is this: Listen 80 NameVirtualHost * <VirtualHost *> ServerName oldsite.com ServerAdmin [email protected] DocumentRoot /var/www/ <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> RewriteEngine on RewriteCond %{HTTP_HOST} ^([^.]+)\.oldsite\.com$ RewriteCond /home/%1/ -d RewriteRule ^(.+) %{HTTP_HOST}$1 RewriteRule ^([^.]+)\.oldsite\.com/media/(.*) /home/$1/dir/media/$2 RewriteRule ^([^.]+)\.oldsite\.com/(.*) /home/$1/www/$2 </VirtualHost> <VirtualHost newsite.com> ServerName newsite.com ServerAdmin [email protected] DocumentRoot /var/newsite/ <Directory /var/newsite/> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> RewriteEngine on RewriteCond %{HTTP_HOST} ^([^.]+)\.newsite\.com$ RewriteCond /home/%1/ -d RewriteRule ^(.+) %{HTTP_HOST}$1 RewriteRule ^([^.]+)\.newsite\.com/media/(.*) /home/$1/dir/media/$2 RewriteRule ^([^.]+)\.newsite\.com/(.*) /home/$1/www/$2 </VirtualHost> <VirtualHost *> ServerName panel.oldsite.com ProxyPass / http://panel.oldsite.com:10000/ ProxyPassReverse / http://panel.oldsite.com:10000/ <Proxy *> allow from all </Proxy> </VirtualHost> <VirtualHost *> ServerName panel.newsite.com ProxyPass / http://panel.newsite.com:10000/ ProxyPassReverse / http://panel.newsite.com:10000/ <Proxy *> allow from all </Proxy> </VirtualHost> I want to be able to access anything that is newsite.com and have it go to the /var/newsite unless their is a home directory...and then if its panel.newsite.com I want it to automatically do a proxypass to panel.newsite.com:10000... With this setup, it works perfect for oldsite.com.... both the proxy and the webpages... However, having the Virtualhost set to newsite.com renders the proxypass worthless. If I change the Virtualhost for the newsite.com to a wildcard, the proxypass will work but anything thats a subdomain of newsite.com won't work. so newsite.com will work, but www.newsite.com will not load correctly. I am assuming that when everything is wildcarded, then the ServerName somewhat acts like a RewriteCond and actually just applies the stuff to that URL. It uses the Virtualhost * (oldsite.com) and lets ANYTHING.oldsite.com work, but the second virtualhost * (newsite.com) only newsite.com will work... www.newsite.com will not. If I change the order of them, the opposite is true. So apparently it doesn't like me using 2 wildcards... I tried just making the Servername *.newsite.com .......but that would be too easy. I am not sure what I can do to do what I want? Perhaps I should make the ProxyPass included in the VirtualHosts and use something like: RewriteCond %{HTTP_HOST} ^panel\.newsite\.com$ [NC] RewriteRule ^(.*)$ http://panel.newsite.com:10000/ [P] ProxyPassReverse / http://panel.newsite.com:10000/ but that doesnt seem to want to login to webmin, it loads the login page but isnt working how the ProxyPass & ProxyPassReverse does.

    Read the article

  • What's the difference between find and findstr commands in Windows?

    - by Prashant Bhate
    In Windows, what are the differences between find and findstr commands? Both seems to search text in files: find c:\>find /? Searches for a text string in a file or files. FIND [/V] [/C] [/N] [/I] [/OFF[LINE]] "string" [[drive:][path]filename[ ...]] /V Displays all lines NOT containing the specified string. /C Displays only the count of lines containing the string. /N Displays line numbers with the displayed lines. /I Ignores the case of characters when searching for the string. /OFF[LINE] Do not skip files with offline attribute set. "string" Specifies the text string to find. [drive:][path]filename Specifies a file or files to search. If a path is not specified, FIND searches the text typed at the prompt or piped from another command. findstr c:\>findstr /? Searches for strings in files. FINDSTR [/B] [/E] [/L] [/R] [/S] [/I] [/X] [/V] [/N] [/M] [/O] [/P] [/F:file] [/C:string] [/G:file] [/D:dir list] [/A:color attributes] [/OFF[LINE]] strings [[drive:][path]filename[ ...]] /B Matches pattern if at the beginning of a line. /E Matches pattern if at the end of a line. /L Uses search strings literally. /R Uses search strings as regular expressions. /S Searches for matching files in the current directory and all subdirectories. /I Specifies that the search is not to be case-sensitive. /X Prints lines that match exactly. /V Prints only lines that do not contain a match. /N Prints the line number before each line that matches. /M Prints only the filename if a file contains a match. /O Prints character offset before each matching line. /P Skip files with non-printable characters. /OFF[LINE] Do not skip files with offline attribute set. /A:attr Specifies color attribute with two hex digits. See "color /?" /F:file Reads file list from the specified file(/ stands for console). /C:string Uses specified string as a literal search string. /G:file Gets search strings from the specified file(/ stands for console). /D:dir Search a semicolon delimited list of directories strings Text to be searched for. [drive:][path]filename Specifies a file or files to search. Use spaces to separate multiple search strings unless the argument is prefixed with /C. For example, 'FINDSTR "hello there" x.y' searches for "hello" or "there" in file x.y. 'FINDSTR /C:"hello there" x.y' searches for "hello there" in file x.y. Regular expression quick reference: . Wildcard: any character * Repeat: zero or more occurances of previous character or class ^ Line position: beginning of line $ Line position: end of line [class] Character class: any one character in set [^class] Inverse class: any one character not in set [x-y] Range: any characters within the specified range \x Escape: literal use of metacharacter x \<xyz Word position: beginning of word xyz\> Word position: end of word For full information on FINDSTR regular expressions refer to the online Command Reference.

    Read the article

  • Setting up home DNS with Ubuntu Server

    - by Zeophlite
    I have a webserver (with static IP 192.168.1.5), and I want to have my machines on my local network to be able to access it without modifying /etc/hosts (or equivalent for Windows/OSX). My router has Primary DNS server 192.168.1.5 Secondary DNS server 8.8.8.8 (Google's public DNS). Nginx is set up to server websites externally as *.example.com Internally, I want *.example.local to point to the server. My webserver has BIND9 installed, but I'm unsure of the settings. I've been through various contradicting tutorials, and so most of my settings have been clobbered. I've stripped out the lines which I'm confused about. The tutorials I looked at are http://tech.surveypoint.com/blog/installing-a-local-dns-server-behind-a-hardware-router/ and http://ubuntuforums.org/showthread.php?t=236093 . They mostly differ on what should be put in /etc/bind/zones/db.example.local and /etc/bind/zones/db.192, so I've left the conflicting lines out below. Can someone suggest what the correct lines are to give my above behaviour (namely *.example.local pointing to 192.168.1.5)? /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.5 netmask 255.255.255.0 broadcast 192.168.1.255 gateway 192.168.1.254 /etc/hostname avalon /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN /etc/bind/named.conf.options options { directory "/var/cache/bind"; forwarders { 8.8.8.8; 8.8.4.4; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; /etc/bind/named.conf.local zone "example.local" { type master; file "/etc/bind/zones/db.example.local"; }; zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.192"; }; /etc/bind/zones/db.example.local $TTL 604800 @ IN SOA avalon.example.local. webadmin.example.local. ( 5 ; Serial, increment each edit 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL /etc/bind/zones/db.192 $TTL 604800 @ IN SOA avalon.example.local. webadmin.example.local. ( 4 ; Serial, increment each edit 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; What do I need to add to the above files so that on a laptop on the internal network, I can type in webapp.example.local, and be served by my webserver? EDIT I made several changes to the above files on the webserver. /etc/network/interfaces (end of file) dns-nameservers 127.0.0.1 dns-search example.local /etc/bind/zones/db.example.local (end of file) @ IN NS avalon.example.local. @ IN A 192.168.1.5 avalon IN A 192.168.1.5 webapp IN A 192.168.1.5 www IN CNAME 192.168.1.5 /etc/bind/zones/db.192 (end of file) IN NS avalon.example.local. 73 IN PTR avalon.example.local. As a side note, my spare Win7 machine was able to connect directly to webapp.example.local, but for a Ubuntu 13.10 machine, I had to make the following changes as well (not on the webserver, but on a separate machine): /etc/nsswitch.conf before hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 after hosts: files dns /etc/NetworkManager/NetworkManager.conf before dns=dnsmasq after #dns=dnsmasq The issue remains that its not wildcard DNS, and so I have to add entries to /etc/bind/zones/db.example.local for webapp1, webapp2, ...

    Read the article

  • The HTTP request was forbidden with client authentication scheme 'Anonymous'

    - by dudia
    I am trying to configure a WCF server\client to work with SSL I get the following exception: The HTTP request was forbidden with client authentication scheme 'Anonymous' I have a self hosted WCF server. I have run hhtpcfg both my client and server certificates are stored under Personal and Trusted People on the Local Machine Here is the server code: binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; binding.Security.Mode = WebHttpSecurityMode.Transport; _host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust; _host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; _host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine; _host.Credentials.ServiceCertificate.SetCertificate("cn=ServerSide", StoreLocation.LocalMachine, StoreName.My); Client Code: binding.Security.Mode = WebHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; WebChannelFactory<ITestClientForServer> cf = new WebChannelFactory<ITestClientForServer>(binding, url2Bind); cf.Credentials.ClientCertificate.SetCertificate("cn=ClientSide", StoreLocation.LocalMachine, StoreName.My); ServicePointManager.ServerCertificateValidationCallback += RemoteCertificateValidate; Looking at web_tracelog.svclog and trace.log reveals that the server cannot autheticate the client certificate My certificate are not signed by an Authorized CA but this is why I added them to the Trusted People.... What Am I missing? What am I missing?

    Read the article

  • How to implement Gmail OAuth API to send email (especially via SMTP)?

    - by Curtis Gibby
    I'm developing a web application that will send emails on behalf of a logged-in user. I'm trying to use the new Gmail OAuth protocol announced described here to send these emails through the user's Gmail account (preferably using SMTP rather than IMAP, but I'm easy). However, the sample PHP code gives me a couple of problems. All of the sample code is based on IMAP, not SMTP. Why "support" the SMTP protocol if you're not going to show people how to use it? The sample code gives me a fatal error from an uncaught Zend exception -- it can't find the "INBOX" folder. Fatal error: Uncaught exception 'Zend_Mail_Storage_Exception' with message 'cannot change folder, maybe it does not exist' in path\to\xoauth-php-samples\Zend\Mail\Storage\Imap.php:467 Stack trace: #0 path\to\xoauth-php-samples\Zend\Mail\Storage\Imap.php(248): Zend_Mail_Storage_Imap-selectFolder('INBOX') #1 path\to\xoauth-php-samples\three-legged.php(184): Zend_Mail_Storage_Imap-__construct(Object(Zend_Mail_Protocol_Imap)) #2 {main} Next exception 'Zend_Mail_Storage_Exception' with message 'cannot select INBOX, is this a valid transport?' in path\to\xoauth-php-samples\Zend\Mail\Storage\Imap.php:254 Stack trace: #0 path\to\xoauth-php-samples\three-legged.php(184): Zend_Mail_Storage_Imap-__construct(Object(Zend_Mail_Protocol_Imap)) #1 {main} in path\to\xoauth-php-samples\Zend\Mail\Storage\Imap.php on line 254 I've verified that I'm getting good OAuth tokens back, I just don't know how to make the actual email transaction happen. This protocol is still rather new, so there's not much unofficial community documentation about it out there, and the official docs are unhelpfully dry stuff about the SMTP RFC. So if anyone can help get this going, I'd greatly appreciate it. Note: I've already been able to connect to Gmail's SMTP server via SSL and successfully send an email, provided that the user has given my application his/her Gmail username and password. I'd like to avoid this method, because it encourages phishing and security-minded users won't accept it. This question is not about that.

    Read the article

  • How to Authenticate to Active Directory Services (ADs) using .NET 3.5 / C#

    - by Ranger Pretzel
    After much struggling, I've figured out how to authenticate to my company's Active Directory using just 2 lines of code with the Domain, Username, and Password in .NET 2.0 (in C#): // set domain, username, password, and security parameters DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, username, password, AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer); // force Bind to AD server to authenticate object obj = entry.NativeObject; If the 2nd line throws an exception, then the credentials and/or parameters were bad. (Specific reason can be found in the exception.) If no exception, then the credentials are good. Trying to do this in .NET 3.5 looks like it should be easy, but has me at a roadblock instead. Specifically, I've been working with this example: PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, domain); using (domainContext) { return domainContext.ValidateCredentials(UserName, Password); } Unfortunately, this doesn't work for me as I don't have both ContextOptions set to Sealed/Secure and SSL (like I did above in the .NET 2.0 code.) There is an alternate constructor for PrincipalContext that allows setting the ContextOptions, but this also requires supplying a Distinguished Name (DN) of a Container Object and I don't know exactly what mine is or how I would find out. public PrincipalContext(ContextType contextType, string name, string container, ContextOptions options); // container: // The container on the store to use as the root of the context. All queries // are performed under this root, and all inserts are performed into this container. // For System.DirectoryServices.AccountManagement.ContextType.Domain and System.DirectoryServices.AccountManagement.ContextType.ApplicationDirectory // context types, this parameter is the distinguished name of a container object. Any suggestions?

    Read the article

  • python unhashable type - posting xml data

    - by eterry28
    First, I'm not a python programmer. I'm an old C dog that's learned new Java and PHP tricks, but python looks like a pretty cool language. I'm getting an error that I can't quite follow. The error follows the code below. import httplib, urllib url = "pdb-services-beta.nipr.com" xml = '<?xml version="1.0"?><!DOCTYPE SCB_Request SYSTEM "http://www.nipr.com/html/SCB_XML_Request.dtd"><SCB_Request Request_Type="Create_Report"><SCB_Login_Data CustomerID="someuser" Passwd="somepass" /><SCB_Create_Report_Request Title=""><Producer_List><NIPR_Num_List_XML><NIPR_Num NIPR_Num="8980608" /><NIPR_Num NIPR_Num="7597855" /><NIPR_Num NIPR_Num="10166016" /></NIPR_Num_List_XML></Producer_List></SCB_Create_Report_Request></SCB_Request>' params = {} params['xmldata'] = xml headers = {} headers['Content-type'] = 'text/xml' headers['Accept'] = '*/*' headers['Content-Length'] = "%d" % len(xml) connection = httplib.HTTPSConnection(url) connection.set_debuglevel(1) connection.request("POST", "/pdb-xml-reports/scb_xmlclient.cgi", params, headers) response = connection.getresponse() print response.status, response.reason data = response.read() print data connection.close Here's the error: Traceback (most recent call last): File "C:\Python27\tutorial.py", line 14, in connection.request("POST", "/pdb-xml-reports/scb_xmlclient.cgi", params, headers) File "C:\Python27\lib\httplib.py", line 958, in request self._send_request(method, url, body, headers) File "C:\Python27\lib\httplib.py", line 992, in _send_request self.endheaders(body) File "C:\Python27\lib\httplib.py", line 954, in endheaders self._send_output(message_body) File "C:\Python27\lib\httplib.py", line 818, in _send_output self.send(message_body) File "C:\Python27\lib\httplib.py", line 790, in send self.sock.sendall(data) File "C:\Python27\lib\ssl.py", line 229, in sendall v = self.send(data[count:]) TypeError: unhashable type My log file says that the xmldata parameter is empty. Any ideas?

    Read the article

  • Silverlight and Encryption, how to store/generate they key/iv pair?

    - by cmaduro
    I have a Silverlight app that connects to a php webservice. I want to encrypt the communication between the webservice and the Silverlight client. I'm not relying on SSL. I'm encrypting/decrypting the POST string myself using AES 256bit Key and IV. The big questions then are: How do I generate a random unique key/iv pair in PHP. How do I share this key/iv pair between the web service and silverlight client in a secure way. It seems impossible without having some kind of hard coded key or iv on the client. Which would compromise security. This is a public website, there are no logins. Just the requirement of secure communication. I can hard code the seed for the key/iv (which is hashed with SHA256 with a time stamp salt and then assigned as the key or iv) in PHP source code, that's on the server so that is pretty safe. However on the client the seed for the key/iv pair would be visible, if it is hard coded. Further more using a time stamp as the basis for uniqueness/randomness is definitely not ok, since timestamps are predictable. It does however provide a common factor between the C# code and the PHP code. The only other option that I can think of would be to have a 3rd service involved that provides the key/iv to the Silverlight client, as well as the php webservice. This of course start the cycle anew, with the question of how to store the credentials for accessing the key/iv distribution service on the Silverlight client. Sounds like the solution is then asymmetric encryption, since sensitive data will be viewed only on the administrative back end of the website. Unfortunately Silverlight has no asymmetric encryption classes. The solution? Roll my own Diffie-Hellman key exchange! Plug that key into AES256!

    Read the article

  • DotNetOpenAuth RelayParty not working on load balanced cluster

    - by Garth
    We're trying to move an ASP.NET MVC application, which uses DotNetOpenAuth OpenID Version 3.4.1, from a single server web garden to a physical server cluster held behind a hardware load balancer. Our old setup (OpenID RP working): Browser = SHTTP = Server = WebGarden = Nonce/Session Store Our new setup (OpenID RP not working): Browser = SHTTP = Load Balancer = HTTP = Cluster Node = WebGarden = Nonce/Session Store DB When we authenticate with the new setup we are correctly redirected to the OpenID Provider but after authenticated we are redirected back to our cluster (relay party) and get the following exception: Exception DotNetOpenAuth.Messaging.ProtocolException: Redirects on POST requests that are to untrusted servers is not supported. at DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(Boolean condition, String message, Object[] args) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\ErrorUtilities.cs:line 235 at DotNetOpenAuth.Messaging.UntrustedWebRequestHandler.GetResponse(HttpWebRequest request, DirectWebRequestOptions options) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\UntrustedWebRequestHandler.cs:line 258 at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.GetDirectResponse(HttpWebRequest webRequest) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 277 at DotNetOpenAuth.Messaging.Channel.RequestCore(IDirectedProtocolMessage request) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 542 at DotNetOpenAuth.Messaging.Channel.Request(IDirectedProtocolMessage requestMessage) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 425 at DotNetOpenAuth.Messaging.Channel.Request[TResponse](IDirectedProtocolMessage requestMessage) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 405 at DotNetOpenAuth.OpenId.ChannelElements.SigningBindingElement.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\SigningBindingElement.cs:line 154 at DotNetOpenAuth.Messaging.Channel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 992 at DotNetOpenAuth.OpenId.ChannelElements.OpenIdChannel.ProcessIncomingMessage(IProtocolMessage message) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\ChannelElements\OpenIdChannel.cs:line 172 at DotNetOpenAuth.Messaging.Channel.ReadFromRequest(HttpRequestInfo httpRequest) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\Messaging\Channel.cs:line 386 at DotNetOpenAuth.OpenId.RelyingParty.OpenIdRelyingParty.GetResponse(HttpRequestInfo httpRequestInfo) in c:\TeamCity\buildAgent\work\bf9e2ca68b75a334\src\DotNetOpenAuth\OpenId\RelyingParty\OpenIdRelyingParty.cs:line 501 We have added a machines involved into the trusted machine list and turned off requires ssl but it makes no difference. We even tried removing out nonce store and using a stateless connection, but that didn't work either. We always get the same error. We suspected the issue is arising as a result of the cluster node having a different IP from the load balancer when it connects to the OpenID Provider, but we're not sure. Any ideas?

    Read the article

  • how many types of code signing certificates do I need?

    - by gerryLowry
    in Canada, website SSL certificates can be had for as low as US$10. unfortunately, code signing certificates cost about 10 time as much, one website mentions Vista compatibility ... this seems strange because my assumption is they must support XP, Vista, Windows 7, Server 2003, and Server 2008 or they would be useless. https://secure.ksoftware.net/code_signing.html US$99 Support Platforms Microsoft Authenticode. Sign any Microsoft executable format (32 and 64 bit EXE, DLL, OCX, DLL or any Active X control). Signing hardware drivers is not currently supported. Abode AIR. Sign any Adobe AIR application. Java. Sign any JAR applet Microsoft Office. Sign any MS Office Macro or VBA (Visual Basic for Applications) file. Mozilla. Sign any Mozilla Object file. The implication is that a single code signing certificate can do ALL of the above. ksoftware actually discounts Commodo certificates and the Commode website is unclear. QUESTION: Will ONE code signing certificate be enough or do I need one for Microsoft executables, and a second for things like Word and Excel macros? my main goal is to sign things like vs2008 code snippets so that I can export them securely; however, I would like to be able to use the same code signing certificate for signing other items too. Thank you ~~ regards, Gerry (Lowry)

    Read the article

  • Rails : soap4r - Error while running wsdl2ruby.rb

    - by Mathieu
    when I execute Mathieu$ /Users/Mathieu/.gem/ruby/1.8/bin/wsdl2ruby.rb path --wsdl https://www.arello.com/webservice/verify.cfc?wsdl --type client --force I get at depth 0 - 20: unable to get local issuer certificate F, [2010-05-06T10:41:11.040288 #35933] FATAL -- app: Detected an exception. Stopping ... SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError) /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:in connect' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:247:inssl_connect' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:639:in connect' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient/timeout.rb:128:intimeout' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:631:in connect' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:522:inquery' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient/session.rb:147:in query' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:953:indo_get_block' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:765:in do_request' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:848:inprotect_keep_alive_disconnected' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:764:in do_request' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:833:infollow_redirect' /Users/Mathieu/.gem/ruby/1.8/gems/httpclient-2.1.5.2/lib/httpclient.rb:519:in get_content' /Users/Mathieu/.gem/ruby/1.8/gems/soap4r-1.5.8/lib/wsdl/xmlSchema/importer.rb:73:infetch' /Users/Mathieu/.gem/ruby/1.8/gems/soap4r-1.5.8/lib/wsdl/xmlSchema/importer.rb:36:in import' /Users/Mathieu/.gem/ruby/1.8/gems/soap4r-1.5.8/lib/wsdl/importer.rb:18:inimport' /Users/Mathieu/.gem/ruby/1.8/gems/soap4r-1.5.8/lib/wsdl/soap/wsdl2ruby.rb:206:in import' /Users/Mathieu/.gem/ruby/1.8/gems/soap4r-1.5.8/lib/wsdl/soap/wsdl2ruby.rb:36:inrun' /Users/Mathieu/.gem/ruby/1.8/gems/soap4r-1.5.8/bin/wsdl2ruby.rb:46:in run' /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/logger.rb:659:instart' /Users/Mathieu/.gem/ruby/1.8/gems/soap4r-1.5.8/bin/wsdl2ruby.rb:137 /Users/Mathieu/.gem/ruby/1.8/bin/wsdl2ruby.rb:19:in `load' /Users/Mathieu/.gem/ruby/1.8/bin/wsdl2ruby.rb:19 I, [2010-05-06T10:41:11.040855 #35933] INFO -- app: End of app. (status: -1)

    Read the article

  • Apple Push Notification-Unable to callback didRegisterForRemoteNotificationsWithDeviceToken

    - by Shailesh Kanzariya
    I have been simply trying to get deviceToken from my iPhone application using Apple Push Notification Service. I don't have any implementation on server side for the time being. I have created APP Id, got SSL certificate, Provision Profile with APN and calling - (void)applicationDidFinishLaunching:(UIApplication *)application { //view init and add sub view to window [[UIApplication sharedApplication] registerForRemoteNotificationTypes:UIRemoteNotificationTypeAlert | UIRemoteNotificationTypeBadge | UIRemoteNotificationTypeSound]; } method. When I execute the application it pop ups action box to allow Push Notification (means my request for APN registration is working) but my callback is not executed. Neither didRegisterForRemoteNotificationsWithDeviceToken nor didFailToRegisterForRemoteNotificationsWithError is called? can anybody help me to resolve the issue? Following are my callbacs for reference. - (void)application:(UIApplication *)app didFailToRegisterForRemoteNotificationsWithError:(NSError *)err { UIAlertView *myAlert = [[UIAlertView alloc] initWithTitle:@"APNClient" message:@"Entered into Error Method" delegate:self cancelButtonTitle:@"OK" otherButtonTitles:nil]; [myAlert show]; [myAlert release]; NSLog(@"Error in registration. Error: %@", err); } - (void)application:(UIApplication *)app didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)devToken { UIAlertView *myAlert = [[UIAlertView alloc] initWithTitle:@"APNClient" message:@"Got the deviceToken..!" delegate:self cancelButtonTitle:@"OK" otherButtonTitles:nil]; [myAlert show]; [myAlert release]; }

    Read the article

  • Grails Mail port configuration

    - by bsreekanth
    Hello, I am trying to send mail through grails mail plugin. I configured according to the documentation, and also followed few blog posts (http://blog.lourish.com/2010/04/02/sending-asynchronous-html-email-in-grails-with-activemq-jms-and-gmail/). That post mention that the closure way of declaring the configuration overrides others, but not true. Anyway I tried both approach, but seems like the port is still use the smtp default one. I get the below exception. exception: org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not connect to SMTP host: localhost, port: 25; nested exception is: java.net.ConnectException: Connection refused: connect Now, I wrote a small program directly using the java mail library, and I could send the mail with that. The configuration is shown below. tried additional config "mail.smtp.port":"465"", but no change.. used the parameters mentioned in the above blog post, result same grails { mail { host = "smtp.gmail.com" port = "465" username = "[email protected]" password = "mypwd" props = ["mail.smtp.auth":"true", // "mail.smtp.port":"465", "mail.smtp.socketFactory.port":"465", "mail.smtp.socketFactory.class":"javax.net.ssl.SSLSocketFactory", "mail.smtp.socketFactory.fallback":"false"] } } thanks in advance.. Update: It is not port or firewall config, as when I made a grails application from scratch, and tried with the same config, everything works. Also, asked in grails forum http://grails.1312388.n4.nabble.com/grails-mail-mailSender-does-not-have-config-values-td2237704.html#a2237704 . Hope get a lead to try.

    Read the article

  • How to scrape a _private_ google group?

    - by John
    Hi there, I'd like to scrape the discussion list of a private google group. It's a multi-page list and I might have to this later again so scripting sounds like the way to go. Since this is a private group, I need to login in my google account first. Unfortunately I can't manage to login using wget or ruby Net::HTTP. Surprisingly google groups is not accessible with the Client Login interface, so all the code samples are useless. My ruby script is embedded at the end of the post. The response to the authentication query is a 200-OK but no cookies in the response headers and the body contains the message "Your browser's cookie functionality is turned off. Please turn it on." I got the same output with wget. See the bash script at the end of this message. I don't know how to workaround this. am I missing something? Any idea? Thanks in advance. John Here is the ruby script: # a ruby script require 'net/https' http = Net::HTTP.new('www.google.com', 443) http.use_ssl = true path = '/accounts/ServiceLoginAuth' email='[email protected]' password='topsecret' # form inputs from the login page data = "Email=#{email}&Passwd=#{password}&dsh=7379491738180116079&GALX=irvvmW0Z-zI" headers = { 'Content-Type' => 'application/x-www-form-urlencoded', 'user-agent' => "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/6.0"} # Post the request and print out the response to retrieve our authentication token resp, data = http.post(path, data, headers) puts resp resp.each {|h, v| puts h+'='+v} #warning: peer certificate won't be verified in this SSL session Here is the bash script: # A bash script for wget CMD="" CMD="$CMD --keep-session-cookies --save-cookies cookies.tmp" CMD="$CMD --no-check-certificate" CMD="$CMD --post-data='[email protected]&Passwd=topsecret&dsh=-8408553335275857936&GALX=irvvmW0Z-zI'" CMD="$CMD --user-agent='Mozilla'" CMD="$CMD https://www.google.com/accounts/ServiceLoginAuth" echo $CMD wget $CMD wget --load-cookies="cookies.tmp" http://groups.google.com/group/mygroup/topics?tsc=2

    Read the article

  • libdb4.6-dev vs libdb4.7-dev

    - by routinet
    I want to install PHP 5.3 on Ubuntu Intrepid. To install apxs, I need to install libaprutil1-dev, which depends on libdb4.6-dev. When I look at installing that, apt-get wants to remove the currently installed libdb-dev and libdb4.7-dev. Any advice on how to proceed? [root@server:/usr/local] #> apt-get -s install libaprutil1-dev Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. Since you only requested a single operation it is extremely likely that the package is simply not installable and a bug report against that package should be filed. The following information may help to resolve the situation: The following packages have unmet dependencies: libaprutil1-dev: Depends: libdb4.6-dev but it is not going to be installed E: Broken packages [root@server:/usr/local] #> apt-get -s install libdb4.6-dev Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: debhelper libltdl7-dev po-debconf intltool-debian libtool courier-ssl gettext libgdbm-dev libzip1 html2text autotools-dev libmail-sendmail-perl Use 'apt-get autoremove' to remove them. Suggested packages: db4.6-doc The following packages will be REMOVED: libdb-dev libdb4.7-dev The following NEW packages will be installed: libdb4.6-dev 0 upgraded, 1 newly installed, 2 to remove and 54 not upgraded. Remv libdb-dev [4.7.25.2ubuntu1] Remv libdb4.7-dev [4.7.25-3] Inst libdb4.6-dev (4.6.21-10 Ubuntu:8.10/intrepid) Conf libdb4.6-dev (4.6.21-10 Ubuntu:8.10/intrepid)

    Read the article

  • Web-based clients vs thick/rich clients?

    - by rudolfv
    My company is a software solutions provider to a major telecommunications company. The environment is currently IBM WebSphere-based with front-end IBM Portal servers talking to a cluster of back-end WebSphere Application Servers providing EJB services. Some of the portlets use our own home-grown MVC-pattern and some are written in JSF. Recently we did a proof-of-concept rich/thick-client application that communicates directly with the EJB's on the back-end servers. It was written in NetBeans Platform and uses the WebSphere application client library to establish communication with the EJB's. The really painful bit was getting the client to use secure JAAS/SSL communications. But, after that was resolved, we've found that the rich client has a number of advantages over the web-based portal client applications we've become accustomed to: Enormous performance advantage (CORBA vs. HTTP, cut out the Portal Server middle man) Development is simplified and faster due to use of NetBeans' visual designer and Swing's generally robust architecture The debug cycle is shortened by not having to deploy your client application to a test server No mishmash of technologies as with web-based development (Struts, JSF, JQuery, HTML, JSTL etc., etc.) After enduring the pain of web-based development (even JSF) for a while now, I've come to the following conclusion: Rich clients aren't right for every situation, but when you're developing an in-house intranet-based solution, then you'd be crazy not to consider NetBeans Platform or Eclipse RCP. Any comments/experiences with rich clients vs. web clients?

    Read the article

  • WCF Service Throttling

    - by Mubashar Ahmad
    Dear All I have a WCF Service Deployed in a Console App with BasicHTTPBinding and SSL enabled on port using NetSH command and more over following attribute is set as well. [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] And also i have set the Throttling behavior as <serviceThrottling maxConcurrentCalls="2147483647" maxConcurrentSessions="2147483647" maxConcurrentInstances="2147483647" /> On the other hand i have created a Test Client(for load test) that initiates multiple clients simultaneously(multiple threads) and performs transactions on server. everything seems fine and working properly but on server the CPU utilization is doesn't grow so i added some logging to view the number of concurrent calls to the server and found that its never went over 6. i have reviewed the performance counter logging code more than twice and it seems fine to me. So i want to ask where is the problem in this situation and one more thing i haven't specified any kind of ContextMode or ConcurrencyMode yet. After this Post I noticed that whenever i start another Intance of Test Client my concurrent Server Calls counter increase to 2 like if i am running only 1 instance the maximum Concurrent Rcvd Calls will be 2 and if there are two instance the same value goes to 4 and so on. Is there any limit of Number of WCF Calls from once process? Looking for help Mubashar *Added on 17-March******************* Today i ran another test with one test client(with 50 concurrent users) on the same machine on which the server is running this time i am getting exact result what i wanted it to show i.e. Maximum concurrent Calls Rcvd by Server = 50 but i need to do it the same on others machines as well. Can anybody help me on this.

    Read the article

  • error with swiftmailer

    - by user1298805
    I'm trying to add a contact form to my website. In localhost it worked fine, now moving on Tiscali server I'm getting this error: Warning: is_writable() [function.is-writable]: open_basedir restriction in effect. File(/tmp) is not within the allowed path(s): (/var/www/virtual/mydomain.it/:/usr/share/php/:/var/www/ispcp/gui/tools/filemanager/) in /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/preferences.php on line 15` Fatal error: Uncaught exception Swift_TransportException' with message 'Expected response code 220 but got code "554", with message "554 santino.mail.tiscali.it ESMTP server not available from your IP "' in /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Transport/AbstractSmtpTransport.php:422 Stack trace: #0 /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Transport/AbstractSmtpTransport.php(315):` Swift_Transport_AbstractSmtpTransport->_assertResponseCode('554 santino.mai...', Array) #1 /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Transport/AbstractSmtpTransport.php(123): Swift_Transport_AbstractSmtpTransport->_readGreeting() #2 /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Mailer.php(79): Swift_Transport_AbstractSmtpTransport->start() #3 /var/www/virtual/mydomain.it/htdocs/prova-intro/mail_SwiftMailer.php(129): Swift_Mailer->send(Object(Swift_Message) in /var/www/virtual/mydomain.it/htdocs/prova-intro/Swift-4.1.6/lib/classes/Swift/Transport/AbstractSmtpTransport.php on line 422` Parameter I'm using: define('HOST_SMTP', 'smtp.mydomain.it'); define('PORT_SMTP', 465); define('SECUTITY_SMTP', ssl); define('EMAIL_SMTP', '[email protected]'); define('PASSWORD_SMTP', 'xxxxxxx'); define('EMAIL_DESTINATARIO', $_POST['destinatario']); define('MAX_DIM_FILE', 1048576); // 1mb

    Read the article

  • How do I use WS-Security with WCF?

    - by Jonathan Allen
    Below is the style of header I need to create. I am expected to use either a public/private key or a SSL style certificate. I don't know for certain, but I think my counter-party is using some form of Java. <soap-env:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#secinfo"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>xxxxxxxxxxxxx</ds:DigestValue> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <ds:XPath>//*[@id='secinfo']/child::*/text()</ds:XPath> </ds:Transform> </ds:Transforms> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>xxxxxxxxxxds:SignatureValue> <ds:KeyInfo> <ds:KeyName>xxxxxxx</ds:KeyName> </ds:KeyInfo> </ds:Signature> <t:UsernameToken xmlns:t="http://schemas.xmlsoap.org/ws/2002/04/secext" id="secinfo"> <t:UserInfo>USER=xxxx;CORR=xxxx;TIMESTAMP=201003161916</t:UserInfo> </t:UsernameToken> </wsse:Security> </soap-env:Header>

    Read the article

  • no pg_hba.conf entry for host

    - by Priya
    Hi All I am new to Perl as well as Postgresql I get following error when i try to connect using DBI DBI connect('database=chaosLRdb;host=192.168.0.1;port=5433','postgres',...) failed: FATAL: no pg_hba.conf entry for host "192.168.0.1", user "postgres", database "chaosLRdb", SSL off Here is my pg_hba.conf file: # "local" is for Unix domain socket connections only local all all md5 # IPv4 local connections: host all all 127.0.0.1/32 md5 # IPv6 local connections: host all all ::1/128 md5 host all postgres 127.0.0.1/32 trust host all postgres 192.168.0.1/32 trust host all all 192.168.0.1/32 trust host all all 192.168.0.1/128 trust host all all 192.168.0.1/32 md5 host chaosLRdb postgres 192.168.0.1/32 md5 local all all 192.168.0.1/32 trust My perl code is #!/usr/bin/perl-w use DBI; use FileHandle; print "Start connecting to the DB...\n"; @ary = DBI->available_drivers(true); %drivers = DBI->installed_drivers(); my $dbh = DBI->connect("DBI:PgPP:database=chaosLRdb;host=192.168.0.1;port=5433", "postgres", "chaos123"); May I know what i miss here?

    Read the article

  • Sharepoint.OpenDocuments Control Compatible with Forms Authentication?

    - by Richard Collette
    We are using the Sharepoint.OpenDocuments.EditDocument2 ActiveX control and method. The method is being called from JavaScript in an IE6 client on a Windows XP SP3 client (fully patched). The server is running IIS6 on Windows Server 2003 SP1 Fronting the IIS server is Tivoli Access Manager (TAM) which proxies access to the web applications sitting behind it. Similar to forms authentication, it creates a session cookie for authentication purposes, that must be present for the HTTP request to reach the IIS server. In front of TAM is an F5/BigIP load balancer and SSL encryption offloader, which enforces that incoming requests use the HTTPS protocol. What is happening is that HTTP requests issued by this control do not contain any session cookies that were present in the browser. It drops the ASP.NET session cookie, the ASP.NET forms authentication cookie and the TAM cookie Because the TAM cookie is missing the request is redirected to the TAM login page, which then shows up via HTML conversion in Word or Excel. The API documentation at http://msdn.microsoft.com/en-us/library/ms440037.aspx mentions nothing about security or appropriate usage scenarios for this control. Should these controls work in an ASP.Net Forms Authentication scenario or are they only supported with Windows Authentication. If Forms Authentication is supposed to function, how do we get the control to include the necessary session cookies in its requests?

    Read the article

  • Proper way to cleanup dynamic engines and can they be loaded twice?

    - by Becky
    Hello - I am having problems loading Engine PKCS #11 as a dynamic engine using python and M2Crypto. I am trying to access an Aladdin USB eToken. Here are the important steps from my python code: dynamic = Engine.load_dynamic_engine("pkcs11", "/usr/local/ssl/lib/engines/engine_pkcs11.so") pkcs11 = Engine.Engine("pkcs11") pkcs11.ctrl_cmd_string("MODULE_PATH", "/usr/lib/libeTPkcs11.so") pkcs11.engine_init_custom() # initialize engine with custom M2Crypto patch # next few steps which I deleted pass password and grab key & cert off token Engine.cleanup() This works fine the first time this method gets run. The second time, it fails when loading the dynamic engine (see error below). Traceback (most recent call last): File "", line 1, in ? File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 98, in load_dynamic_engine e.ctrl_cmd_string("LOAD", None) File "/usr/local/lib/python2.4/site-packages/M2Crypto/Engine.py", line 38, in ctrl_cmd_string raise EngineError(Err.get_error()) M2Crypto.Engine.EngineError: 4002:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:521: Is it impossible to load engines twice in a python session? Am I missing some kind of engine cleanup/deletion? The OpenSSL docs talk about engine_finish() but I don't think M2Crypto offers that. Is there a method to tell if the engine is already loaded? Thanks!

    Read the article

  • Apache unresponsive on Vista [closed]

    - by William Hudson
    I had been running Apache on Vista for around a year, but recently upgraded my workstation. I did a clean install of Vista Ultimate and installed the latest version of the Apache server for win32 (2.2.11, no SSL). The service runs fine and there were no errors reported during the install, nor are there any errors in the Apache logs. However, any attempt to access the web site on localhost (or 127.0.0.1) just hangs the browser. I have used netstat to check who is listening to port 80 and it shows httpd.exe. I have also tried adjusting the .conf file to use port 8080 but this had no effect either (except to change the netstat output). This is a development system with quite a few other pieces of software installed. However, when I tried installing IIS, it worked fine (I removed it soon after before reattempting the Apache install). Using the older 2.0 version of Apache has no effect. Windows firewall is not running. I have disabled my NOD32 anti-virus. Any ideas what is going on? Regards, William

    Read the article

< Previous Page | 138 139 140 141 142 143 144 145 146 147 148 149  | Next Page >