Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 145/388 | < Previous Page | 141 142 143 144 145 146 147 148 149 150 151 152  | Next Page >

  • Calling https process from ASP Net

    - by David M
    I have an ASP NET web server application that calls another process running on the same box that creates a pdf file and returns it. The second process requires a secure connection via SSL. The second process has issued my ASP NET application with a digital certificate but I still cannot authenticate, getting a 403 error. The code is a little hard to show but here's a simplified method ... X509Certificate cert = X509Certificate.CreateFromCertFile("path\to\cert.cer"); string URL = "https://urltoservice?params=value"; HttpWebRequest req = HttpWebRequest.Create(URL) as HttpWebRequest; req.ClientCertificates.Add(cert); req.Credentials = CredentialCache.DefaultCredentials; req.PreAuthenticate = true; /// error happens here WebResponse resp = req.GetResponse(); Stream input = resp.GetResponseStream(); The error text is "The remote server returned an error: (403) Forbidden." Any pointers are welcome.

    Read the article

  • Django Comments and Users integration

    - by Patrick
    Hi folks, I am new to django. I am trying to use django.contrib.comments, I saw the table in the database like this, but how can I integrate it with user_id, user_photos, user_name, user_email....and those things with the django commenting system? I also tried to use thread-comments, but I can't configure it properly, is the django threadedcomments table similar to following ? Please let me know if any of you have done this before....all I need is a user login, and post comments, and then show list of comments with users' profile photos and username, as well as there comments. I think shouldn't be that hard. Thank you very much again. +-----------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------------+--------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | content_type_id | int(11) | NO | MUL | NULL | | | object_pk | longtext | NO | | NULL | | | site_id | int(11) | NO | MUL | NULL | | | user_id | int(11) | YES | MUL | NULL | | | user_name | varchar(50) | NO | | NULL | | | user_email | varchar(75) | NO | | NULL | | | user_url | varchar(200) | NO | | NULL | | | comment | longtext | NO | | NULL | | | submit_date | datetime | NO | | NULL | | | ip_address | char(15) | YES | | NULL | | | is_public | tinyint(1) | NO | | NULL | | | is_removed | tinyint(1) | NO | | NULL | | +-----------------+--------------+------+-----+---------+----------------+

    Read the article

  • When to Store Temporary Values in Hidden Field vs. Session vs. Database?

    - by viatropos
    I am trying to build a simple OpenID login panel similar to how Stack Overflow's works. The goal is: User clicks OpenID/Oauth provider OpenID/Oauth stuff happens, we end up with the result (already made that) Then we want to confirm that the user wants to actually create a new account (vs. associating account with another OpenID account). In StackOverflow, they keep a hidden field on a form that looks like this: <form action="/users/openidconfirm" method="post"> <p>This is an OpenID we haven't seen on Stack Overflow before:</p> <p class="openid-identifier">https://me.yahoo.com/a/some-hash</p> <p>Do you want to associate this OpenID with your Stack Overflow account?</p> <div> <input type="hidden" name="fkey" value="9792ab2zza1q2a4ac414casdfa137eafba7"> <input type="hidden" name="s" value="c1a3q133-11fa-49r0-a7bz-da19849383218"> <input type="submit" value="Associate OpenID"> <input type="button" value="Cancel" onclick="window.location.href = 'http://stackoverflow.com/users/169992/viatropos?s=c1a3q133-11fa-49r0-a7bz-da19849383218'"> </div> </form> Initial question is, what are those hashes fkey and s? Not that I really care what these specific hashes are, but what it seems like is happening is they have processed the openid response and saved it to the DB in a temporary object or something, and from there they generate these keys, because they don't look like Oauth keys to me. Main situation is: after I have processed OpenID/Oauth responses, I don't yet want to create a new user/account until the user submits the "confirm" form. Should I store the keys and tokens temporarily in a "Confirm" form like this? Or is there a better way? It seems that using a temp database object would be a lot of work to manage properly. Thanks for the help. Lance

    Read the article

  • Update User Info with restful_authentication plugin in Rails?

    - by benoror
    Hi people, I want to give the users the ability to change their account info with restful_authentication plugin in rails. I added this two methods to my users controller: def edit @user = User.find(params[:id]) end def update @user = User.find(params[:id]) # Only update password when necessary params[:user].delete(:password) if pàrams[:user][:password].blank? respond_to do |format| if @user.update_attributes(params[:user]) flash[:notice] = 'User was successfully updated.' format.html { redirect_to(@user) } format.xml { head :ok } else format.html { render :action => "edit" } format.xml { render :xml => @user.errors, :status => :unprocessable_entity } end end end Also, I copied new.html.erb to edit.html.erb. Considering that resources are already defined in routes.rb I was expecting it to work easily, bute somehow when I click the save button it calls the create method, instead of update, using a POST http request. Inmediatly after that it autocatically log out form the session. Any ideas?

    Read the article

  • How to handle security constraints using GWT 2.1's RequestFactory?

    - by Marc
    I am currently developing a GWT 2.1 application that is to be deployed on Google App Engine. I would like to realise the server communication using the new RequestFactory. Now my question is how to handle fine-grained security issues in this context? Some server actions (of those declared in the RequestContext stubs) shall be restricted to certain users (possibly depending on the parameters of the remote call). If a call is unauthorised, I would like the client to show a login page (so that one may log in as a different user, for example). From the Expenses example, I know how to implement an automatic redirection to a login page, but in this example, the security model is quite simple: A client is allowed to access the servlet if and only if a user is logged in. Shall I raise a custom UnAuthorizedException in my server-side service? Where should I intercept this exception? (Can I do this in a servlet filter like the GaeAuthFilter of the Expenses example?)

    Read the article

  • Is it inmoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The inmediate reaction of other coworkers was a request to remove it, saying that it was innapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see innapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • Automatically authenticating windows users on an apache/Linux server

    - by Peter Carrero
    If I wanna authenticate windows accounts to AD when a user browses to an apache-running site on a Linux server, here are the usual suspects:   * mod_ntlm (which I used in a distant past) - last update on 2003 * mod_auth_ntlm_winbind - last update on 04/2007 * mod_auth_kerb - last update on 12/2008 No luck getting any of those to work with a recent, fully patched, windows 2000 AD server. Do you have any clues as to a recipe that does work?  -Peter -- UPDATE my current build environment is this: OS: Ubuntu Lucid Apache 2.2.14 (from repos) the auth modules I recompiled from source.

    Read the article

  • How to use a different path name in ProxyPass than the Tomcat context name

    - by Diptendu Dutta
    Hello, I am using Tomcat 5.5.9 and Apache 2.x We are trying to use a path name in ProxyPass that is different than the Tomcat context name. ProxyPass /path http://localhost:8080/contextname However, this does not work. When these two are the same then everything works fine. Most examples I see on the net also have the path equal to the Tomcat context name. I am using "context.xml" within the Tomcat context and do NOT have "server.xml" entries. Also, I am using plain httd.conf and NOT using any VirtualHost entries. Any help is appreciated. Regards, Diptenu

    Read the article

  • Tomcat Clustering and HTTPS Issue

    - by Angelo
    Hi I have two instances of Tomcat 6 with content accessible via HTTP and HTTPS for other pages. I have configured the instances this way: 1) Instance one to listen on port 8080(Http) and 8443(Https) 2) Instance two to listen on port 7080(Http) and 7443(Https) I have mod_proxy configured with Apache 2.2 to do clustering. The requests are coming in properly and all works well for HTTP traffic but when you are in the app and it becomes HTTPS then i get the page cannot be found when tomcat tries to serve the page. Now if I access the two tomcat instances directly bypassing the load balancer then everything is fine. So http/https is configured properly on tomcat but not on Apache. I have a feeling i must configure Apache to handle this(or mod_proxy). Thanks,

    Read the article

  • acl9 and devise don't seem to work well together

    - by Nik
    I have a user model which is access controlled by ACL9 in userscontroller: ACL9 related stuff before_filter :load_user, :only = [:show] access_control do allow :owner, :of = :user, :to = [:show] end def load_user user = User.find(params[:id]) end in ApplicaitonController I have a rescue_from 'Acl9::AccessDenied', :with = :access_denied def access_denied authenticate_user! # a method from Devise end it is no problem to type in url for sign in page http://localhost:3000/users/sign_in but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically thru the logic above http://localhost:3000/users/1 #= infinite redirect hell. it tries to redirect back to users/1 again(!?) instead of directing to users/sign_in Does anyone have an opinion as to what might be going wrong? Thanks!

    Read the article

  • Did anyone have this issue with a simple Facebook app or know how to solve it?

    - by Jian Lin
    I have a really simple few lines of Facebook app, using the new Facebook API: <pre> <?php require 'facebook.php'; // Create our Application instance. $facebook = new Facebook(array( 'appId' => '117676584930569', 'secret' => '**********', // hidden here on the post... 'cookie' => true, )); var_dump($facebook); ?> but it is giving me the following output: http://apps.facebook.com/woolaladev/i2.php would give out object(Facebook)#1 (6) { ["appId:protected"]=> string(15) "117676584930569" ["apiSecret:protected"]=> string(32) "**********" <--- just hidden on this post ["session:protected"]=> NULL ["sessionLoaded:protected"]=> bool(false) ["cookieSupport:protected"]=> bool(true) ["baseDomain:protected"]=> string(0) "" } Session is NULL for some reason, but I am logged in and can access my home and profile and run other apps on Facebook (to see that I am logged on). I am following the sample on: http://github.com/facebook/php-sdk/blob/master/examples/example.php http://github.com/facebook/php-sdk/blob/master/src/facebook.php (download using raw URL: wget http://github.com/facebook/php-sdk/raw/master/src/facebook.php ) Trying on both hosting companies at dreamhost.com and netfirms.com, and the results are the same.

    Read the article

  • mod_rewrite with location-based ACL in apache?

    - by Alexey
    Hi. There is a CGI-script that provides some API for our customers. Call syntax is: script.cgi?module=<str>&func=<str>[&other-options] The task is to make different authentiction rules for different modules. Optionally, it will be great to have nice URLs. My config: <VirtualHost *:80> DocumentRoot /var/www/example ServerName example.com # Global policy is to deny all <Location /> Order deny,allow Deny from all </Location> # doesn't work :( <Location /api/foo> Order deny,allow Deny from all Allow from 127.0.0.1 </Location> RewriteEngine On # The only allowed type of requests: RewriteRule /api/(.+?)/(.+) /cgi-bin/api.cgi?module=$1&func=$2 [PT] # All others are forbidden: RewriteRule /(.*) - [F] RewriteLog /var/log/apache2/rewrite.log RewriteLogLevel 5 ScriptAlias /cgi-bin /var/www/example <Directory /var/www/example> Options -Indexes AddHandler cgi-script .cgi </Directory> </VirtualHost> Well, I know that problem is order of processing that directives. <Location>s will be processed after mod_rewrite has done its work. But I believe there is a way to change it. :) Using of standard Order deny,allow + Allow from <something> directives is preferable because it's commonly used in other places like this. Thank you for your attention. :)

    Read the article

  • Active Directory: User UPN or DN for NTLM name, using pure LDAP?

    - by Bernd Haug
    I have a Java app that can authenticate to LDAP by logging users into the AD LDAP server with the NTLM name (which they are used to - this is a requirement). I now also need to do authorization, and hence need to find a forest-unique identifier for the user (DN or UPN should work), from which I can further query the directory. The method needs to be absolutely portable, even if the AD is structured in an unusual fashion, otherwise I could just do a string replacement and search for a UPN of "${ntlm-user}@${ntlm-domain}.${configured-trailing-domain}" How can I do this, using pure LDAP? Currently, I'm using the java.naming.directory package, which I'd like to keep using, since it doesn't throw up problems when not binding with a DN but logging in with an NTLM name?

    Read the article

  • What is the best way to get support from microsoft developers [closed]

    - by Malcolm Frexner
    I have a problem at my production web, that I am not able to solve. I am not able to reproduce the problem in stage or development. It only appears when the website is under heavy load. I think it is solvable if somebody who has a very good understanding of the internals of FormsAuthentication would have a look at it by logging into our system. It should be at least Scottgu! Somebody told me that Microsoft Premier Support is a good choice for this kind of problems. We have no MSDN subscription or other connection to microsoft that enables us to use MPS. Is there a way to get support on a incident base? Are there other ways to get this kind of support? EDIT Here is the problem itself: http://stackoverflow.com/questions/2448720/different-users-get-the-same-cookie-value-in-aspxanonymous

    Read the article

  • How to share the credentials between Webform and Winform?

    - by Daniel
    Hi! Question: I want to make a login form at the Clickonce deployment webpage, and only allow the authenticated users to download the application. and I want the downloaded application to use the same credentials entered at the webpage, without prompting the users to enter the credentials again. Details: I have an application(Windows Client) which needs customized settings for different users. the application is deployed through ClickOnce. Currently, the users are given the ClickOnce webpage URL, then download the application from there. after download and running the application, the application prompts users with a login form. If their credentials are authenticated, the application loads the customized settings from the server's database according to the credentials given. The problem is, any unauthenticated users can download the application if they just know the ClickOnce deployement webpage's URL. Unauthenticated users won't be able to run the application anyways, because the application asks for credentials when started, but I want to prevent the unauthenticated users from downloading the application at all. Am I asking the wrong question maybe? Your help is much appreciated!

    Read the article

  • FormsAuthentication.RedirectFromLoginPage reload page

    - by Dofs
    Hi, I am using the .Net memebership system, and uptil now I haven't had any real troubles with it. I now have a overlay where a user can create a profile. When the profile is created I just want to redirect to the same page, and not to the default page or the return url - which doesn't exists. I have tried to stop the FormsAuthentication.RedirectFromLoginPage response, but with no effect: FormsAuthentication.RedirectFromLoginPage(username, false); // End the redirect so it doesnt redirect to default url (front-page) Response.End(); Response.Redirect(Request.RawUrl); Does anyone have an idea to how this can be solved?

    Read the article

  • Android: prevent user from coming back to login page after logging in

    - by user522559
    Hi all, I have a login page in my android app. I want to prevent the user after logging in to come back to the login page. Also, when the user reopens the app, if he has logged in before, I want to go directly to the main page without having to go to the login page. What the best way of doing that? One idea I thought of is to save the login parameters in a cookie, and then, when the app is reopens, if the cookie contains some login information, I inflate the main page, otherwise, I inflate the login page. Is this the best way of doing it? Thanks,

    Read the article

  • simple authorisation in web api

    - by monthon1
    I want to make nice and clean api; I'm making site and I want to offer the ability to mobile apps use web API of my site. I don't want to use oAuth, becouse the mobile and embedded applications that are facing the biggest hurdle, as they may not be able to bring up and/or control the web browser. Also its a little complicate. I know, that HTTP basic authorisation is not safe, but it's so simple... I want to use it in my api. I have somee users logins and their passwords (md5-encoded) in mysql base, but how to use those data in this HTTP basic authorisation?

    Read the article

  • Best place to check user authenticity in a back end module where all pages are only available to mem

    - by understack
    I've a backend module which could only be accessed by only authorized members. So I need to check authenticity for all actions and for all controllers. Currently I'm doing it inside preDispatch() functions inside controller classes. So it takes care of all the actions inside that controller. But still I've to do it for all controllers. Is there a place I could check it for all the controllers as well. So basically I want one place authenticity check for whole backend module. Can I do it in bootstrap?

    Read the article

  • Is it possible to use Integrated Windows Auth when Server isn't on the domain?

    - by jskentzos
    Our production web servers ARE NOT part of the domain, but we'd like people to be able to log in automatically since they are logged into the domain on their PC. Is there anyway to get the browser (IE7+) to send the appropriate information to the server (IIS6) so I can retrieve the ServerVariables["AUTH_USER"] or ServerVariables["LOGON_USER"]? I presume the answer is no since if I set the security for windows auth to "on" and anonymous access to "off", then the server wouldn't know what do do with any user information for a domain which it has no knowledge of. I just want to know for sure before I give the SSO team a "not possible" answer.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 141 142 143 144 145 146 147 148 149 150 151 152  | Next Page >