Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

Page 144/388 | < Previous Page | 140 141 142 143 144 145 146 147 148 149 150 151 | Next Page >

Why does "request.getUserPrincipal().getName()" sometimes return a blank string?

- by Marcus

Has somebody an idea, why the getName method of the requests getUserPrincipal Method sometimes provides an empty String? Most of the time it returns the correct user name but not every time. This behaviour does occur randonmly. I can start the application, run the command and it works. The next time I start the application and run the command (exactly the same way as before!) it does not work... Any ideas?

Read the article
how to handle CONNECT http request

- by davidshen84

hi, i want to implement a simple web server for my self. i can handle GET and POST request now. but i have no idea what to do with CONNECT request. CONNECT request is send when the client is going to access a https site. according to http://muffin.doit.org/docs/rfc/tunneling_ssl.html, it says i should response '200 Connection established'. but i got 'A TLS packet with unexpected length was received' on the client. the wiki described about the ssl handshake protocol, but it did not mention how to implement it.

Read the article
ldap_bind_s returning LDAP_SUCCESS with wrong credentials

- by rezna

Hi guys, I have this little problem. I want to authenticate user against LDAP (Windows Active Directory), everything works OK, but the combination (good user, good password, wrong domain). LDAP* ldap = ldap_init(L"myserver", 389); ULONG ldap_version = 3; ULONG ret = LDAP_SUCCESS; ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, (void*)&ldap_version); ret = ldap_connect(ldap, NULL); SEC_WINNT_AUTH_IDENTITY ai; ai.Domain = (unsigned short*)BAD_DOMAIN; ai.DomainLength = wcslen(BAD_DOMAIN); ai.User = (unsigned short*)OK_USER; ai.UserLength = wcslen(OK_USER); ai.Password = (unsigned short*)OK_PASS; ai.PasswordLength = wcslen(OK_PASS); ai.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; ret = ldap_bind_s(ldap, NULL, (PWCHAR) &ai, LDAP_AUTH_NTLM); // !!! HERE !!! ret = ldap_unbind_s(ldap); On the line marke '!!! HERE !!!' I'd expect 0x31 or any other error returned. Instead I get LDAP_SUCCESS :( Any suggestions? Thx, Milan

Read the article
Membership.GetUser() vs Context.User

- by zimdanen

What are the differences between Membership.GetUser() and Context.User, and which is recommended for use in getting information about the current user?

Read the article
FormsAuthentication.SetAuthCookie in OnAuthorization of custom attribute

- by Prasad

I am trying to set an auth cookie in OnAuthorization of my custom attribute in asp.net mvc(C#) application. when the session expires(New Session), i am setting an auth cookie again to make it available until the users logout. I have used the following to set the auth cookie, //set forms auth cookie FormsAuthentication.SetAuthCookie(strUserName, true); But when i check HttpContext.User.Identity.IsAuthenticated, it returns false. How to set an auth cookie in OnAuthorization of custom attribute?

Read the article
Facebook Flash app security?

- by mhdouglas

I'm developing a Facebook app implemented in Flash, and I'd like to authenticate communication between my app and my server. In other words, I'd like to guarantee that all communication with my server is coming from my app, which has been launched from within facebook by a valid facebook user. Does the Facebook actionscript API support this type of operation? Or am I on my own?

Read the article
Bundler http auth support

- by brad

does anyone know if Bundler supports http auth? I'm pretty sure rubygems does (I think i read that somewhere) but I don't see anywhere in the docs where I might specify a username/pwd for a particular repo I'm trying to run my own private gem server so as not to expose sensitive code

Read the article
Application error passthru when using apache mod_proxy

- by user303442

Heyas. I'm using mod_proxy with apache2 provide vhost ability to multiple servlet apps running on the local machine. It works fine, for the most part. Requests come into apache then are directed to the application bound on a port on localhost. The app receives the request and responds, which is delivered back to the client by apache. The problem I'm having is that the application delivers 500's on errors, and mod_proxy stomps on them. Often these errors are caused in a ajax request and the error is handled in client side javascript. For example, a call to a server side createObject(name) might throw a NameNotUniqueException , which is delivered back as a 500. The client javascript might then display an appropriate error message. When an error is thrown by the application (resulting in a 500 response to mod_proxy), then apache stomps the error message and returns 500 Internal Server Error Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. .. the stock apache server side error message. I want mod_proxy to pass the original 500 back through to the client. Is there a directive I've missed which prevents clobbering of the 500? TIA

Read the article
Nginx for static files, Apache isn't working now...

- by matthewsteiner

So anything that is a "static file" that exists will just be done with nginx. Otherwise, it should pass it off to Apache. Right now, static files are working correctly. However, if something is passed to apache and it's example.com or subdomain.example.com, apache just spits out the "Apache 2 Test Page" that you get if there's nothing there. Here's my nginx.conf: location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ { root /var/www/vhosts/example.com/public/; access_log off; expires 30d; } location / { proxy_pass http://127.0.0.1:8080/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } Apache worked fine before, so I'm guessing it has to do with the way nginx is "asking". I'm not sure though. Any ideas?

Read the article
Nibernate, DynamicProxy, and Spring AOP

- by jeff

We have an Spring IOC managed application that uses NHibernate in its persistence layer. We have use the Spring AOP and understand its terminology and capabilities. We have some investment in Spring proxies. Now, we want to add a PropertyChangedMixin and a ValidatorInterceptor (not nhibernate validator, but based on Spring validation) onto our NHibernate managed objects. I've looked at the hooks for NHiberate IInterceptor and EventListeners and that gives me a place to apply the desired proxies. If I use the Spring proxies is it going to play nice with the existing nhibernate proxies. We don't lazy load. From the simple nhibernate stuff the benefits of DynamicProxy look appealing. I can go either way, but I'd like to hear suggestions. Thanks, jeff

Read the article
How can I authenticate when using the Bugzilla Perl API in a script?

- by Allan Anderson

Working from the Bugzilla API, I've written a quick Perl script to clone a Bugzilla Product (recreating all the Components under their new Product). The Bugzilla Perl API is quite easy to use from the command line. I could have just worked on the database directly, but I wanted a longer-term solution. Another option was the webservice, but I thought I'd try using the API directly this time. The one problem I'm running into is authenticating as my Bz admin user so I can create the new components. Looking at Bugzilla's Bugzilla.pm file, I see that they just run login() from a Bugzilla::Auth object. I'm not sure how to get the username and password in there. I suppose I could just add the script to the Bugzilla admin interface... Can any of you point me in the right direction?

Read the article
Django-allauth redirected to connections

- by camara90100

I'm using django-allauth to signup users with Facebook, and I'm setting the ACCOUNT_EMAIL_REQUIRED to True so when a user doesn't have email saved on his account I get redirected to the allauth/templates/socialaccount/Signup.html and when I use a test user to enter a valid email, I get redirect to "connections.html" which then asks me to choose one of the social accounts and remove it. and the form action method is set to 'connections url' so it becomes an infinite loop. anyone knows what's wrong? here's my settings SOCIALACCOUNT_PROVIDERS = \ { 'facebook': { 'SCOPE': ['email', 'publish_stream'], # 'AUTH_PARAMS': { 'auth_type': 'reauthenticate' }, 'METHOD': 'js_sdk' , 'LOCALE_FUNC': lambda request: 'en_US'}} ACCOUNT_EMAIL_REQUIRED =True ACCOUNT_ADAPTER = 'profiles.adapter.MyAccountAdapter' SOCIALACCOUNT_ADAPTER ='profiles.adapter.MySocialAccountAdapter'

Read the article
FormsAuthentication.SetAuthCookie

- by Miral

hi we are using FormsAuthentication.SetAuthCookie(profile.Id, false); Now the question is when does this cookie expires? It ofcourse expires once i close all the browsers but it doesn't i keep the browser open and i dont know the timelimit.

Read the article
Login for webapp, needs to be available for support staff

- by Christian W

I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". Authorized licenseholders which does all setup themselves. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support: we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

Read the article
Why is it not good to use $_SESSION in Restful Implementations?

- by keisimone

Original Question: i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i properly authenticate users without looking up database all the time to check for the user's roles? I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

Read the article
How to retreive SID's byte array

- by rursw1

Hello experts, How can I convert a PSID type into a byte array that contains the byte value of the SID? Something like: PSID pSid; byte sidBytes[68];//Max. length of SID in bytes is 68 if(GetAccountSid( NULL, // default lookup logic AccountName,// account to obtain SID &pSid // buffer to allocate to contain resultant SID ) { ConvertPSIDToByteArray(pSid, sidBytes); } --how should I write the function ConvertPSIDToByteArray? Thank you!

Read the article
apache front end using mod_proxy_ajp to tomcat on different servers

- by user302307

Anyone knows the steps to run Apache on server A as front end and run mod_proxy_ajp to connect to tomcat instances on server B? I want to run apache on sever A to do name based vhost that connects to many tomcat servers. I can run mod_proxy_ajp, only if apache and tomcat are on the same server. What I've tried so far: In server A, running Apache 2.2: NameVirtualHost *:80 ServerName tc0.domo.lan ErrorLog "C:\Apache\Apache2.2\logs\tc0.ajp.error.log" CustomLog "C:\Apache\Apache2.2\logs\tc0.ajp.access.log" combined DocumentRoot C:/htdocs0 AddDefaultCharset Off Order deny,allow Allow from all ProxyPass / ajp://192.168.77.233:8009/ ProxyPassReverse / ajp://192.168.77.233:8009/ Options FollowSymLinks AllowOverride None Order deny,allow Allow from all Server B: 192.168.77.233, tomcat 6 connector: I can confirm if going to http://192.168.77.233:8080/manager/html, tomcat works. When I use packet sniffer on server A, I found that server A is trying to connect to server B at port 80 when I'm connecting http://tc0.domo.lan/manager/html on server A

Read the article
how to decrypt a string

- by Avinash

Hi, How to restore the value of a string after using FormsAuthentication.HashPasswordForStoringInConfigFile() i have a string s1 = "abc" then FormsAuthentication.HashPasswordForStoringInConfigFile(s1, "SHA1") = A9993E364706816ABA3E25717850C26C9CD0D89D How can i decrypt "A9993E364706816ABA3E25717850C26C9CD0D89D" back to "abc"??

Read the article
How can I validate/secure/authenticate a JavaScript-based POST request?

- by Bungle

A product I'm helping to develop will basically work like this: A Web publisher creates a new page on their site that includes a <script> from our server. When a visitor reaches that new page, that <script> gathers the text content of the page and sends it to our server via a POST request (cross-domain, using a <form> inside of an <iframe>). Our server processes the text content and returns a response (via JSONP) that includes an HTML fragment listing links to related content around the Web. This response is cached and served to subsequent visitors until we receive another POST request with text content from the same URL, at which point we regenerate a "fresh" response. These POSTs only happen when our cached TTL expires, at which point the server signifies that and prompts the <script> on the page to gather and POST the text content again. The problem is that this system seems inherently insecure. In theory, anyone could spoof the HTTP POST request (including the referer header, so we couldn't just check for that) that sends a page's content to our server. This could include any text content, which we would then use to generate the related content links for that page. The primary difficulty in making this secure is that our JavaScript is publicly visible. We can't use any kind of private key or other cryptic identifier or pattern because that won't be secret. Ideally, we need a method that somehow verifies that a POST request corresponding to a particular Web page is authentic. We can't just scrape the Web page and compare the content with what's been POSTed, since the purpose of having JavaScript submit the content is that it may be behind a login system. Any ideas? I hope I've explained the problem well enough. Thanks in advance for any suggestions.

Read the article
Login with Kohana auth module - what am I doing wrong?

- by keithjgrant

I'm trying to login with the following controller action, but my login attempt keeps failing (I get the 'invalid username and/or password' message). What am I doing wrong? I also tried the other method given in the examples in the auth documentation, Auth::instance()->login($user->username, $form->password);, but I get the same result. Kohana version is 2.3.4. public function login() { $auth = Auth::instance(); if ($auth->logged_in()) { url::redirect('/account/summary'); } $view = new View('login'); $view->username = ''; $view->password = ''; $post = $this->input->post(); $form = new Validation($post); $form->pre_filter('trim', 'username') ->pre_filter('trim', 'password') ->add_rules('username', 'required'); $failed = false; if (!empty($post) && $form->validate()) { $login = array( 'username' => $form->username, 'password' => $form->password, ); if (ORM::factory('user')->login($login)) { url::redirect('/accounts/summary'); } else { $view->username = $form->username; $view->message = in_array('required', $form->errors()) ? 'Username and password are required.' : 'Invalid username and/or password.'; } } $view->render(true); }

Read the article
How to transfer url parameters to repoze custom predicate checkers

- by user281521

I would like to create a repoze custom predicate checker that is capable to access url parameters and validate something. But I would like to use allow_only to set this permission checker in all the controller's scope. Something like: class MyController(BaseController): allow_only = All(not_anonymous(msg=l_(u'You must be logged on')), my_custom_predicate(msg=l_(u'something wrong'))) def index(self, **kw): return dict() then, my_custom_predicate should check the url paramters for every request in every MyController method, and do whatever it do. The problem is just that: how to allow my_custom_predicate to check the url parameters, using it in that way I wrote above.

Read the article
How do I authenticate a user into Django , when I created that user without a password?

- by alex

new_user = User.objects.create_user(r_username, r_email) I created a user. Now I log him in. But how? loggedin_user = authenticate(username = r_email, password="!") loggedin_user = authenticate(username = r_email, password="") loggedin_user = authenticate(username = r_email) These don't work.

Read the article
Rails: Accessing the username/password used for HTTP Basic Auth?

- by Shpigford

I'm building a basic API where user information can be retrieved after that user's login and password are correctly sent. Right now I'm using something like this: http://foo:[email protected]/api/user.xml So, what I need to do is access the user/password sent in the request (the foo and bar) but am not sure how to access that info in a Rails controller. Then I'd check those variables via a quick User.find and then set those as the username and password variables for authenticate_or_request_with_http_basic. It's possible I'm looking at this at the completely wrong way, but that's where I'm at right now. :)

Read the article
Why always fires OnFailure when return View() to Ajax Form ?

- by Wahid Bitar

I'm trying to make a log-in log-off with Ajax supported. I made some logic in my controller to sign the user in and then return simple partial containing welcome message and log-Off ActionLink my Action method looks like this : public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { if (MembershipService.ValidateUser(model.UserName, model.Password)) { FormsService.SignIn(model.UserName, model.RememberMe); if (Request.IsAjaxRequest()) { //HERE IS THE PROBLEM :( return View("LogedInForm"); } else { if (!String.IsNullOrEmpty(returnUrl)) return Redirect(returnUrl); else return RedirectToAction("Index", "Home"); } } else { ModelState.AddModelError("", "The user name or password provided is incorrect."); if (Request.IsAjaxRequest()) { return Content("There were an error !"); } } } return View(model); } and I'm trying to return this simple partial : Welcome <b><%= Html.Encode(Model.UserName)%></b>! <%= Html.ActionLink("Log Off", "LogOff", "Account") %> and of-course the two partial are strongly-typed to LogOnModel. But if i returned View("PartialName") i always get OnFailure with status code 500. While if i returned Content("My Message") everything is going right. so please tell me why i always get this "StatusCode = 500" ??. where is the big mistake ??. By the way in my Site MasterPage i rendered partial to show long-on simple form this partial looks like this : <script type="text/javascript"> function ShowErrorMessage(ajaxContext) { var response = ajaxContext.get_response(); var statusCode = response.get_statusCode(); alert("Sorry, the request failed with status code " + statusCode); } function ShowSuccessMessage() { alert("Hey everything is OK!"); } </script> <div id="logedInDiv"> </div> <% using (Ajax.BeginForm("LogOn", "Account", new AjaxOptions { UpdateTargetId = "logedInDiv", InsertionMode = InsertionMode.Replace, OnSuccess = "ShowSuccessMessage", OnFailure = "ShowErrorMessage" })) { %> <%= Html.TextBoxFor(m => m.UserName)%> <%= Html.PasswordFor(m => m.Password)%> <%= Html.CheckBoxFor(m => m.RememberMe)%> <input type="submit" value="Log On" /> < <% } %>

Read the article
Rails creating a new session every page view

- by danhere

Hi everyone, I'm following the Agile RoR book somewhat to apply it to a project for school. It's going good until I get to sessions. I continually get Authenticity Invalid Tokens and when I look at my sessions table in the database, there's a new session being created every time I refresh the page. Is that right or is something messed up? Thanks.

Read the article

< Previous Page | 140 141 142 143 144 145 146 147 148 149 150 151 | Next Page >