Search Results

Search found 54190 results on 2168 pages for 'http authentication'.

Page 150/2168 | < Previous Page | 146 147 148 149 150 151 152 153 154 155 156 157  | Next Page >

• Unable to read data from the transport connection: the connection was closed

  - by webdreamer

  The exception is Remoting Exception - Authentication Failure. The detailed message says "Unable to read data from the transport connection: the connection was closed." I'm having trouble with creating two simple servers that can comunicate as remote objects in C#. ServerInfo is just a class I created that holds the IP and Port and can give back the address. It works fine, as I used it before, and I've debugged it. Also the server is starting just fine, no exception is thrown, and the channel is registered without problems. I'm using Forms to do the interfaces, and call some of the methods on the server, but didn't find any problems in passing the parameters from the FormsApplication to the server when debugging. All seems fine in that chapter. public ChordServerProgram() { RemotingServices.Marshal(this, "PADIBook"); nodeInt = 0; } public void startServer() { try { serverChannel = new TcpChannel(serverInfo.Port); ChannelServices.RegisterChannel(serverChannel, true); } catch (Exception e) { Console.WriteLine(e.ToString()); } } I run two instances of this program. Then startNode is called on one of the instances of the application. The port is fine, the address generated is fine as well. As you can see, I'm using the IP for localhost, since this server is just for testing purposes. public void startNode(String portStr) { IPAddress address = IPAddress.Parse("127.0.0.1"); Int32 port = Int32.Parse(portStr); serverInfo = new ServerInfo(address, port); startServer(); //node = new ChordNode(serverInfo,this); } Then, in the other istance, through the interface again, I call another startNode method, giving it a seed server to get information from. This is where it goes wrong. When it calls the method on the seedServer proxy it just got, a RemotingException is thrown, due to an authentication failure. (The parameter I'll want to get is the node, I'm just using the int to make sure the ChordNode class has nothing to do with this error.) public void startNode(String portStr, String seedStr) { IPAddress address = IPAddress.Parse("127.0.0.1"); Int32 port = Int32.Parse(portStr); serverInfo = new ServerInfo(address, port); IPAddress addressSeed = IPAddress.Parse("127.0.0.1"); Int32 portSeed = Int32.Parse(seedStr); ServerInfo seedInfo = new ServerInfo(addressSeed, portSeed); startServer(); ChordServerProgram seedServer = (ChordServerProgram)Activator.GetObject(typeof(ChordServerProgram), seedInfo.GetFullAddress()); // node = new ChordNode(serverInfo,this); int seedNode = seedServer.nodeInt; // node.chordJoin(seedNode.self); }

  Read the article

• Using forms auth, can I return a 404 from a inaccessible page, rather than redirecting to the login

  - by Deane

  Using forms authentication, is it possible to return a 404 if a user doesn't have access to content, rather than redirecting them somewhere? I realize I could send them to a 404-ish page, or redirect to a login page that doesn't exist, but I really want to return a 404 from the page they were attempting to access. Possible?

  Read the article

• Using forms auth, can I return a 404 from an inaccessible page, rather than redirecting to the login

  - by Deane

  Using forms authentication, is it possible to return a 404 if a user doesn't have access to content, rather than redirecting them somewhere? I realize I could send them to a 404-ish page, or redirect to a login page that doesn't exist, but I really want to return a 404 from the page they were attempting to access. Possible?

  Read the article

• Security review of an authenticated Diffie Hellman variant

  - by mtraut

  EDIT I'm still hoping for some advice on this, i tried to clarify my intentions... When i came upon device pairing in my mobile communication framework i studied a lot of papers on this topic and and also got some input from previous questions here. But, i didn't find a ready to implement protocol solution - so i invented a derivate and as i'm no crypto geek i'm not sure about the security caveats of the final solution: The main questions are Is SHA256 sufficient as a commit function? Is the addition of the shared secret as an authentication info in the commit string safe? What is the overall security of the 1024 bit group DH I assume at most 2^-24 bit probability of succesful MITM attack (because of 24 bit challenge). Is this plausible? What may be the most promising attack (besides ripping the device out off my numb, cold hands) This is the algorithm sketch For first time pairing, a solution proposed in "Key agreement in peer-to-peer wireless networks" (DH-SC) is implemented. I based it on a commitment derived from: A fix "UUID" for the communicating entity/role (128 bit, sent at protocol start, before commitment) The public DH key (192 bit private key, based on the 1024 bit Oakley group) A 24 bit random challenge Commit is computed using SHA256 c = sha256( UUID || DH pub || Chall) Both parties exchange this commitment, open and transfer the plain content of the above values. The 24 bit random is displayed to the user for manual authentication DH session key (128 bytes, see above) is computed When the user opts for persistent pairing, the session key is stored with the remote UUID as a shared secret Next time devices connect, commit is computed by additionally hashing the previous DH session key before the random challenge. For sure it is not transfered when opening. c = sha256( UUID || DH pub || DH sess || Chall) Now the user is not bothered authenticating when the local party can derive the same commitment using his own, stored previous DH session key. After succesful connection the new DH session key becomes the new shared secret. As this does not exactly fit the protocols i found so far (and as such their security proofs), i'd be very interested to get an opinion from some more crypto enabled guys here. BTW. i did read about the "EKE" protocol, but i'm not sure what the extra security level is.

  Read the article

• rpxnow - How to promote users to sign in

  - by Harry

  Since adding rpxnow to our website, less users are signing in. Are these readers worried about giving their (eg hotmail) password to a third party site? Has anyone found a good way to promote use of rpxnow (or other openid managers) as a secure method of authentication to non tech savvy readers?

  Read the article

• OpenID Attribute Exchange - should I use it?

  - by Josh

  My website will be using only OpenID for authentication. I'd like to pull user details down via attribute exchange, but attribute exchange seems to have caused a lot of grief for StackOverflow. What is the current state of play in the industry? Does any OpenID provider do a decent job of attribute exchange? Should I just steer away from OpenID attribute exchange altogether? How can I deal with inconsistent support for functionality?

  Read the article

• Selectively turning off Devise's flash notices in Rails 3

  - by Sim

  The Devise authentication framework uses flash notices everywhere. This makes it easy to integrate with apps but it leads to poor user experience sometimes. I am wondering what's an easy way to selectively turn off some of the Devise flash notices in my Rails 3 app. In particular, I'd like to get rid of the blatantly obvious signed_in and signed_out flashes. Some searching suggested subclassing the session controller or use something like this but I haven't been able to find any simple solutions to this problem.

  Read the article

• Getting user list in Silverlight?

  - by Manoj

  Hi, I have a Silverlight web app which uses ASP.net Website administration tool for user authentication. Now is there any way by which I can get the list of all registered users in Silverlight?

  Read the article

• Session handling in python / django

  - by Gaurav

  I am creating an application that lets users login using Google, Facebook and the website's native login. The site is being built in Python / Django. What would be the best way to handle login, session management and user authentication? I do not want to use the in-built Django user management. I am using Django very sparingly(URLs, templates)

  Read the article

• keeping OpenLDAP and Active Directory in sync (windows server 08R2)

  - by Brian

  I've got a Windows Server box running AD, and a CentOS box running OpenLDAP in a mixed windows Linux network and I want to keep the two in sync. Preferably using free software/just some configuration changes. anyone know how to make these 2 authentication systems play nice? any syncing would have to be done over SSL for security reasons.

  Read the article

• Authenticating users in iPhone app

  - by Myron

  I'm developing an HTTP api for our web application. Initially, the primary consumer of the API will be an iPhone app we're developing, but I'm designing this with future uses in mind (such as mobile apps for other platforms). I'm trying to decide on the best way to authenticate users so they can access their accounts from the iPhone. I've got a design that I think works well, but I'm no security expert, so I figured it would be good to ask for feedback here. The design of the user authentication has 3 primary goals: Good user experience: We want to allow users to enter their credentials once, and remain logged in indefinitely, until they explicitly log out. I would have considered OAuth if not for the fact that the experience from an iPhone app is pretty awful, from what I've heard (i.e. it launches the login form in Safari, then tells the user to return to the app when authentication succeeds). No need to store the user creds with the app: I always hate the idea of having the user's password stored in either plain text or symmetrically encrypted anywhere, so I don't want the app to have to store the password to pass it to the API for future API requests. Security: We definitely don't need the intense security of a banking app, but I'd obviously like this to be secure. Overall, the API is REST-inspired (i.e. treating URLs as resources, and using the HTTP methods and status codes semantically). Each request to the API must include two custom HTTP headers: an API Key (unique to each client app) and a unique device ID. The API requires all requests to be made using HTTPS, so that the headers and body are encrypted. My plan is to have an api_sessions table in my database. It has a unique constraint on the API key and unique device ID (so that a device may only be logged into a single user account through a given app) as well as a foreign key to the users table. The API will have a login endpoint, which receives the username/password and, if they match an account, logs the user in, creating an api_sessions record for the given API key and device id. Future API requests will look up the api_session using the API key and device id, and, if a record is found, treat the request as being logged in under the user account referenced by the api_session record. There will also be a logout API endpoint, which deletes the record from the api_sessions table. Does anyone see any obvious security holes in this?

  Read the article

• LDAP user data caching on local database

  - by Eduardo

  I am integrating LDAP authentication in my web enterprise application. I would like to show listing of people name and email. Instead of querying the LDAP server for the name and email each time a listing containing several users I thought about caching the data locally in the database. Do you guys know about caching LDAP data best practices? Should I cache LDAP user data? When should I insert and refresh the data?

  Read the article

• Is there a way to authenticating without web browser on Facebook API on iPhone(or similar native cli

  - by Eonil

  Facebook offers an Objective-C library, but it uses web browser session too. Is there any browser-less way to do authentication?

  Read the article

• Knowing the user name in a Page

  - by ctacke

  Let's assume the following: I have an IIS web site set up IIS is configured to use Digest authentication I'm running an ASP.NET page The page has a code-behing assembly that overrides Page_Load When a user navigates to that page, I get a security prompt for the username and password. If the username and password are invalid (i.e. incorrect password) is there a way for the called page, in Page_Load to know, or does IIS handle this and return the 401 before the ASP.NET engine ever gets around to resolving the actual Page class that will get executed?

  Read the article

• How can I configure Devise for Ruby on Rails to store the emails and passwords somewhere other than in the user model?

  - by TLK

  I'd like to store emails in a separate table and allow users to save multiple emails and log in with any of them. I'd also like to store passwords in a different table. How can I configure Devise to store authentication info elsewhere? Worst case scenario, if I just have to hack into it, is there a generator to just port everything over to the app? I noticed there was a generator for the views. Thanks.

  Read the article

• Pros & Cons of separating the controllers using subfolders on an ruby on rails app based?

  - by user293179

  Hi, Need some help gathering thoughts on this issue. Our team is moving ahead with the idea that separating the authenticated and public sections of our app in two separate folders will allow us to be more organized and secured. I have seen this approach for Admin apps within the site but never for authentication. We are currently using Authlogic. What would be the disadvantage of this? Thanks for your help.

  Read the article

• Credentials - Can I do this?

  - by zburns

  I've got an ASP.NET website that I use forms authentication using the default provider you can setup. This works just fine for the site. The question is can I pass the credentials from the web site to a web app on the same server?

  Read the article

• Can't add repos after upgrading to 12.04 LTS

  - by joao

  I'm a complete Linux newbie. I've just upgraded from 10.04 to 12.04 LTS and all sorts of things have started to go wrong. One main problem is the fact that I can't add repos. Example: sudo add-apt-repository ppa:team-xbmc outputs: Traceback (most recent call last): File "/usr/bin/add-apt-repository", line 8, in <module> from softwareproperties.SoftwareProperties import SoftwareProperties File "/usr/lib/python2.7/dist-packages/softwareproperties/SoftwareProperties.py", line 53, in <module> from ppa import AddPPASigningKeyThread, expand_ppa_line File "/usr/lib/python2.7/dist-packages/softwareproperties/ppa.py", line 27, in <module> import pycurl ImportError: librtmp.so.0: cannot open shared object file: No such file or directory /etc/apt/sources.list # deb cdrom:[Ubuntu 10.04.1 LTS _Lucid Lynx_ - Release i386 (20100816.1)]/ lucid main restricted # deb cdrom:[Ubuntu 10.04.1 LTS _Lucid Lynx_ - Release i386 (20100816.1)]/ maverick main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://archive.ubuntu.com/ubuntu precise main restricted deb-src http://archive.ubuntu.com/ubuntu precise main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://archive.ubuntu.com/ubuntu precise-updates main restricted deb-src http://archive.ubuntu.com/ubuntu precise-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://archive.ubuntu.com/ubuntu precise universe deb-src http://archive.ubuntu.com/ubuntu precise universe deb http://archive.ubuntu.com/ubuntu precise-updates universe deb-src http://archive.ubuntu.com/ubuntu precise-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://archive.ubuntu.com/ubuntu precise multiverse deb-src http://archive.ubuntu.com/ubuntu precise multiverse deb http://archive.ubuntu.com/ubuntu precise-updates multiverse deb-src http://archive.ubuntu.com/ubuntu precise-updates multiverse ## Uncomment the following two lines to add software from the 'backports' ## repository. ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. # deb-src http://pt.archive.ubuntu.com/ubuntu/ lucid-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu lucid partner # deb-src http://archive.canonical.com/ubuntu lucid partner deb http://archive.ubuntu.com/ubuntu precise-security main restricted deb-src http://archive.ubuntu.com/ubuntu precise-security main restricted deb http://archive.ubuntu.com/ubuntu precise-security universe deb-src http://archive.ubuntu.com/ubuntu precise-security universe deb http://archive.ubuntu.com/ubuntu precise-security multiverse deb-src http://archive.ubuntu.com/ubuntu precise-security multiverse # deb http://ppa.launchpad.net/stebbins/handbrake-snapshots/ubuntu precise main # disabled on upgrade to precise I have no clue what do do next. Should I just scrap this installation and start from scratch or is this fixable? librtmp.so.0 also shows up in error logs I've started to get from XBMC (I'm not sure if this is relevant info). Thanks in advance for any help you can give me!

  Read the article

• Google Analytics API Authentication Speedup

  - by Paulo

  I'm using a Google Analytics API Class in PHP made by Doug Tan to retrieve Analytics data from a specific profile. Check the url here: http://code.google.com/intl/nl/apis/analytics/docs/gdata/gdataArticlesCode.html When you create a new instance of the class you can add the profile id, your google account + password, a daterange and whatever dimensions and metrics you want to pick up from analytics. For example i want to see how many people visited my website from different country's in 2009. //make a new instance from the class $ga = new GoogleAnalytics($email,$password); //website profile example id $ga->setProfile('ga:4329539'); //date range $ga->setDateRange('2010-02-01','2010-03-08'); //array to receive data from metrics and dimensions $array = $ga->getReport( array('dimensions'=>('ga:country'), 'metrics'=>('ga:visits'), 'sort'=>'-ga:visits' ) ); Now you know how this API class works, i'd like to adress my problem. Speed. It takes alot of time to retrieve multiple types of data from the analytics database, especially if you're building different arrays with different metrics/dimensions. How can i speed up this process? Is it possible to store all the possible data in a cache so i am able to retrieve the data without loading it over and over again?

  Read the article

• SWFUpload Authentication

  - by durilai

  I am using SWFUpload to do file uploading in a ASP.NET MVC 1.0 website. It is working fine, but I am not able to authenticate the upload method. The HttpContext.User.Identity.Name returns an empty string. I am assuming this is because the Flash movie is making the post. I am also using the wrapper provided here: http://blog.codeville.net/2008/11/24/jquery-ajax-uploader-plugin-with-progress-bar/. The controller action below gets fired, but as mentiond above the user object is not passed. Any help is appreciated! View HTML <form enctype="multipart/form-data" method="post" action="/Media/Upload/Photo"> <input type="file" id="userPhoto_Photo" name="userPhoto_Photo" /> </form> Javascript $(function() { $("#userPhoto").makeAsyncUploader({ upload_url: '/Media/Upload', flash_url: '<%= Url.Content("~/Content/Flash/swfUpload-2.2.0.1.swf") %>', file_size_limit: '1 MB', file_types: '*.jpg; *.png; *.gif', button_action: SWFUpload.BUTTON_ACTION.SELECT_FILE, button_width: 210, button_height: 35, button_image_url: '<%= Url.Content("~/Content/Images/UploadPhoto.png") %>', button_text: '', button_cursor: SWFUpload.CURSOR.HAND, button_window_mode: SWFUpload.WINDOW_MODE.TRANSPARENT }); }); Controller Action [AcceptVerbs(HttpVerbs.Post)] public ActionResult Upload() { if (Request.Files.Count == 1) { //Upload work } return RedirectToAction("Index", "Profile"); }

  Read the article

• Generating authentication header from azure table through objective-c

  - by user923370

  I'm fetching data from iCloud and for that I need to generate a header (azure table storage). I used the code below for that and it is generating the headers. But when I use these headers in my project it is showing "make sure that the value of authorization header is formed correctly including the signature." I googled a lot and tried many codes but in vain. Can anyone kindly please help me with where I'm going wrong in this code. -(id)generat{ NSString *messageToSign = [NSString stringWithFormat:@"%@/%@/%@", dateString,AZURE_ACCOUNT_NAME, tableName]; NSString *key = @"asasasasasasasasasasasasasasasasasasasasas=="; const char *cKey = [key cStringUsingEncoding:NSUTF8StringEncoding]; const char *cData = [messageToSign cStringUsingEncoding:NSUTF8StringEncoding]; unsigned char cHMAC[CC_SHA256_DIGEST_LENGTH]; CCHmac(kCCHmacAlgSHA256, cKey, strlen(cKey), cData, strlen(cData), cHMAC); NSData *HMAC = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)]; NSString *hash = [Base64 encode:HMAC]; NSLog(@"Encoded hash: %@", hash); NSURL *url=[NSURL URLWithString: @"http://my url"]; NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:url]; [request addValue:[NSString stringWithFormat:@"SharedKeyLite %@:%@",AZURE_ACCOUNT_NAME, hash] forHTTPHeaderField:@"Authorization"]; [request addValue:dateString forHTTPHeaderField:@"x-ms-date"]; [request addValue:@"application/atom+xml, application/xml"forHTTPHeaderField:@"Accept"]; [request addValue:@"UTF-8" forHTTPHeaderField:@"Accept-Charset"]; NSLog(@"Headers: %@", [request allHTTPHeaderFields]); NSLog(@"URL: %@", [[request URL] absoluteString]); return request; } -(NSString*)rfc1123String:(NSDate *)date { static NSDateFormatter *df = nil; if(df == nil) { df = [[NSDateFormatter alloc] init]; df.locale = [[[NSLocale alloc] initWithLocaleIdentifier:@"en_US"] autorelease]; df.timeZone = [NSTimeZone timeZoneWithAbbreviation:@"GMT"]; df.dateFormat = @"EEE',' dd MMM yyyy HH':'mm':'ss 'GMT'"; } return [df stringFromDate:date]; }

  Read the article

• Custom authentication module inheriting IHttpModule issue.

  - by Chandan Khatwani

  LoginPage.aspx:- protected void Button1_Click(object sender, EventArgs e) { Context.Items["Username"] = txtUserId.Text; Context.Items["Password"] = txtPassword.Text; // FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, Context.Items["Username"].ToString(), DateTime.Now, DateTime.Now.AddMinutes(10), true, "users", FormsAuthentication.FormsCookiePath); // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie( FormsAuthentication.FormsCookieName, // Name of auth cookie hash); // Hashed ticket // Set the cookie's expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; Response.Cookies.Add(cookie); Response.Redirect("Default.aspx"); } Global.asax file:- void Application_AuthenticateRequest(object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity is FormsIdentity) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; // Get the stored user-data, in this case, our roles string userData = ticket.UserData; string[] roles = userData.Split(','); HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles); Response.Write(HttpContext.Current.User.Identity.Name); Response.Redirect("Default.aspx"); } } } } I get the following error after signing in This webpage has a redirect loop. The webpage at http://localhost:1067/Default.aspx has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

  Read the article

• Getting JSON object from php authentication objective c

  - by iError

  I am trying to authenticate using the below code NSString *urlAsString =[NSString stringWithFormat:@"http://www.myurl.com/abc/authenticate.php"]; NSURL *url = [NSURL URLWithString:urlAsString]; NSMutableURLRequest *urlRequest = [NSMutableURLRequest requestWithURL:url]; [urlRequest setTimeoutInterval:30.0f]; [urlRequest setHTTPMethod:@"POST"]; [urlRequest addValue:@"test" forHTTPHeaderField:@"m_username" ]; [urlRequest addValue:@"123" forHTTPHeaderField:@"m_password" ]; [[NSURLConnection alloc] initWithRequest:urlRequest delegate:self]; NSOperationQueue *queue = [[NSOperationQueue alloc] init]; [NSURLConnection sendAsynchronousRequest:urlRequest queue:queue completionHandler:^(NSURLResponse *response,NSData *data, NSError *error) { if ([data length] >0 && error == nil){ html = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; NSLog(@"HTML = %@", html); receivedData = [NSMutableData data]; } else if ([data length] == 0 && error == nil){ NSLog(@"Nothing was downloaded."); } else if (error != nil){ NSLog(@"Error happened = %@", error); } }]; // Start loading data NSURLConnection *theConnection = [[NSURLConnection alloc] initWithRequest:urlRequest delegate:self]; if (theConnection) { // Create the NSMutableData to hold the received data receivedData = [NSMutableData data]; } else { // Inform the user the connection failed. } My username password is correct, I think I am not making the proper call thats why I dont get the desired results and the web service is receiving the null parameters. What can be the issue? Any help appreciated.

  Read the article

• IIS7.5 and MVC 2 : Implementing HTTP(S) security

  - by Program.X

  This is my first ASP.NET MVC application, and my first on an IIS 7.x installation whereby I have to do anything over and above the standard. I need to enforce Windows authentication on the /Index and /feeds/xxx.svc pages/services. In ASP.NET Web Forms, I would apply the Windows permissions on the files and remove Anonymous authentication in IIS 6. This needs to work over HTTP/S, but don't worry about that, that's in hand. What happens in MVC/IIS 7? I have tried modifying the permissions on the /Index.aspx view, which seems to block access. It asks me for a username/password, but does not grant access when I enter a valid username/password. Pressing Escape gives me an exception "*Access to the path 'E:\dev\xxx\xxx.ConsultantRegistration.Web.Admin\Views\ConsultantRegistration\index.aspx' is denied. *", which does get sent as a 401. So although the username/password does exist on the Index.aspx view, I can't use those credentials to access said view. I have in my web.config: What am I missing?

  Read the article

• Nginx wont send POST to fastcgi backend, but GET works fine?

  - by xyld

  Not sure why, but it is happy sending a GET to the fastcgi backend (Mercurial hgwebdir in this case), but simply resorts to the filesystem if the request is a POST. Relevant parts of nginx.conf: location / { root /var/www/htdocs/; index index.html; autoindex on; } location /hg { fastcgi_pass unix:/var/run/hg-fastcgi.socket; include fastcgi_params; if ($request_uri ~ ^/hg([^?#]*)) { set $rewritten_uri $1; } limit_except GET { allow all; deny all; auth_basic "hg secured repos"; auth_basic_user_file /var/trac.htpasswd; } fastcgi_param SCRIPT_NAME "/hg"; fastcgi_param PATH_INFO $rewritten_uri; # for authentication fastcgi_param AUTH_USER $remote_user; fastcgi_param REMOTE_USER $remote_user; #fastcgi_pass_header Authorization; #fastcgi_intercept_errors on; } GET's work fine, but POST delivers this error to the error_log: 2010/05/17 14:12:27 [error] 18736#0: *1601 open() "/usr/html/hg/test" failed (2: No such file or directory), client: XX.XX.XX.XX, server: domain.com, request: "POST /hg/test HTTP/1.1", host: "domain.com" What could possibly be the issue? I'm trying to allow read-only access via GET's to the page, but require authorization when using hg push to the same url which sends a POST request.

  Read the article

< Previous Page | 146 147 148 149 150 151 152 153 154 155 156 157  | Next Page >