Search Results

Search found 13454 results on 539 pages for 'ws security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 158/539 | < Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >

  • User.IsInRole returning false

    - by Curtis
    My ASP.NET app is using windows authentication. If I run the following code: WindowsIdentity wi = (WindowsIdentity)User.Identity; foreach (IdentityReference r in wi.Groups) { ListBox1.Items.Add(r.Translate (typeof (NTAccount)).Value); } if (User.IsInRole ("Everyone")) Label1.Text = "Is in role"; The listbox will contain the name of every group the user belongs to. If I then call User.IsInRole, and pass in the name of any of those groups, I always get a false. Can anyone tell me what I am doing wrong? Thanks

    Read the article

  • How to enable HTTP response caching in Spring Boot

    - by Samuli Kärkkäinen
    I have implemented a REST server using Spring Boot 1.0.2. I'm having trouble preventing Spring from setting HTTP headers that disable HTTP caching. My controller is as following: @Controller public class MyRestController { @RequestMapping(value = "/someUrl", method = RequestMethod.GET) public @ResponseBody ResponseEntity<String> myMethod( HttpServletResponse httpResponse) throws SQLException { return new ResponseEntity<String>("{}", HttpStatus.OK); } } All HTTP responses contain the following headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Expires: 0 Pragma: no-cache I've tried the following to remove or change those headers: Call setCacheSeconds(-1) in the controller. Call httpResponse.setHeader("Cache-Control", "max-age=123") in the controller. Define @Bean that returns WebContentInterceptor for which I've called setCacheSeconds(-1). Set property spring.resources.cache-period to -1 or a positive value in application.properties. None of the above have had any effect. How do I disable or change these headers for all or individual requests in Spring Boot?

    Read the article

  • Cookieless Django - Django with no cookies

    - by phoebebright
    As I'm writing a django site from government bodies I'm not going to be able to use cookies. I found this snippet http://djangosnippets.org/snippets/1540/ but it's currently not allowing users to login. Before I start debugging I wondered if anyone else has solved this problem with this snippet or in any other way?

    Read the article

  • Sha or Md5 algorithm i need to encrypt and decrypt in flex

    - by praveen
    Hi I am developing my application in flex and JSP, so when I am passing values through HTTP Service Post method with request object but these values are tracing and modifying by testing team so I am planning to encrypt values in flex and decrypt it in jsp.so is there any algorithms like SHA or MD5 more secure algorithms, so please send any code or related links it is very useful to me. I am using like httpService = new HTTPService; httpService.request = new Object; httpService.request.task = "doInvite"; httpService.request.email = emailInput.text; httpService.request.firstName = firstNameInput.text; httpService.request.lastName = lastNameInput.text; httpService.send(); So is there any other way to give more secure ,please help me in this,Thanks in Advance.

    Read the article

  • faking a filesystem / virtual filesystem

    - by attwad
    I have a web service to which users upload python scripts that are run on a server. Those scripts process files that are on the server and I want them to be able to see only a certain hierarchy of the server's filesystem (best: a temporary folder on which I copy the files I want processed and the scripts). The server will ultimately be a linux based one but if a solution is also possible on Windows it would be nice to know how. What I though of is creating a user with restricted access to folders of the FS - ultimately only the folder containing the scripts and files - and launch the python interpreter using this user. Can someone give me a better alternative? as relying only on this makes me feel insecure, I would like a real sandboxing or virtual FS feature where I could run safely untrusted code.

    Read the article

  • Easiest way to decrypt PGP-encrypted files from VBA (MS Access)

    - by stucampbell
    I need to write code that picks up PGP-encrypted files from an FTP location and processes them. The files will be encrypted with my public key (not that I have one yet). Obviously, I need a PGP library that I can use from within Microsoft Access. Can you recommend one that is easy to use? I'm looking for something that doesn't require a huge amount of PKI knowledge. Ideally, something that will easily generate the one-off private/public key pair, and then have a simple routine for decryption.

    Read the article

  • WCF how to pass token for authentication?

    - by Kevin
    I have a WCF service which would like to support basicHttpBinding and webHttpBinding. When the client successfully login, server will generate a token for client to pass to server on all the request make later. Question is how the client can pass the token to server? I don't want to add an extra parameter on every web method to hold the token.

    Read the article

  • Getting Attributes of Keychain Items

    - by rgov
    I'm trying to get the attributes of a keychain item. This code should look up all the available attributes, then print off their tags and contents. According to the docs I should be seeing tags like 'cdat', but instead they just look like an index (i.e., the first tag is 0, next is 1). This makes it pretty useless since I can't tell which attribute is the one I'm looking for. SecItemClass itemClass; SecKeychainItemCopyAttributesAndData(itemRef, NULL, &itemClass, NULL, NULL, NULL); SecKeychainRef keychainRef; SecKeychainItemCopyKeychain(itemRef, &keychainRef); SecKeychainAttributeInfo *attrInfo; SecKeychainAttributeInfoForItemID(keychainRef, itemClass, &attrInfo); SecKeychainAttributeList *attributes; SecKeychainItemCopyAttributesAndData(itemRef, attrInfo, NULL, &attributes, 0, NULL); for (int i = 0; i < attributes->count; i ++) { SecKeychainAttribute attr = attributes->attr[i]; NSLog(@"%08x %@", attr.tag, [NSData dataWithBytes:attr.data length:attr.length]); } SecKeychainFreeAttributeInfo(attrInfo); SecKeychainItemFreeAttributesAndData(attributes, NULL); CFRelease(itemRef); CFRelease(keychainRef);

    Read the article

  • DCOM: CoCreateInstanceEx returns E_ACCESSDENIED

    - by MOE37x3
    I'm working on a DCOM application with the server and client on two machines, both of which are running WinXP with Service Pack 2. On both machines, I'm logged in with the same username and password. When the client on one machine calls CoCreateInstanceEx, asking the other machine to start up the server application, it returns E_ACCESSDENIED. I tried going into the server app's component properties in dcomcnfg and giving full permisions to everyone for everything, but that didn't help. What do I need to do to allow this call to succeed? Update: When the server app is running on a Windows 2000 box, I do not get this error; CoCreateInstanceEx returns S_OK.

    Read the article

  • How can I reliably check client identity whilst making DCOM calls to a C# .Net 3.5 Server?

    - by pionium
    Hi, I have an old Win32 C++ DCOM Server that I am rewriting to use C# .Net 3.5. The client applications sit on remote XP machines and are also written in C++. These clients must remain unchanged, hence I must implement the interfaces on new .Net objects. This has been done, and is working successfully regarding the implementation of the interfaces, and all of the calls are correctly being made from the old clients to the new .Net objects. However, I'm having problems obtaining the identity of the calling user from the DCOM Client. In order to try to identify the user who instigated the DCOM call, I have the following code on the server... [DllImport("ole32.dll")] static extern int CoImpersonateClient(); [DllImport("ole32.dll")] static extern int CoRevertToSelf(); private string CallingUser { get { string sCallingUser = null; if (CoImpersonateClient() == 0) { WindowsPrincipal wp = System.Threading.Thread.CurrentPrincipal as WindowsPrincipal; if (wp != null) { WindowsIdentity wi = wp.Identity as WindowsIdentity; if (wi != null && !string.IsNullOrEmpty(wi.Name)) sCallingUser = wi.Name; } if (CoRevertToSelf() != 0) ReportWin32Error("CoRevertToSelf"); } else ReportWin32Error("CoImpersonateClient"); return sCallingUser; } } private static void ReportWin32Error(string sFailingCall) { Win32Exception ex = new Win32Exception(); Logger.Write("Call to " + sFailingCall + " FAILED: " + ex.Message); } When I get the CallingUser property, the value returned the first few times is correct and the correct user name is identified, however, after 3 or 4 different users have successfully made calls (and it varies, so I can't be more specific), further users seem to be identified as users who had made earlier calls. What I have noticed is that the first few users have their DCOM calls handled on their own thread (ie all calls from a particular client are handled by a single unique thread), and then subsequent users are being handled by the same threads as the earlier users, and after the call to CoImpersonateClient(), the CurrentPrincipal matches that of the initial user of that thread. To Illustrate: User Tom makes DCOM calls which are handled by thread 1 (CurrentPrincipal correctly identifies Tom) User Dick makes DCOM calls which are handled by thread 2 (CurrentPrincipal correctly identifies Dick) User Harry makes DCOM calls which are handled by thread 3 (CurrentPrincipal correctly identifies Harry) User Bob makes DCOM calls which are handled by thread 3 (CurrentPrincipal incorrectly identifies him as Harry) As you can see in this illustration, calls from clients Harry and Bob are being handled on thread 3, and the server is identifying the calling client as Harry. Is there something that I am doing wrong? Are there any caveats or restrictions on using Impersonations in this way? Is there a better or different way that I can RELIABLY achieve what I am trying to do? All help would be greatly appreciated. Regards Andrew

    Read the article

  • SSL Login in iFrame

    - by Karsten
    My UI prototype requires me to show the sites login info all the time. Either I should show the usual username and password textbox or "you are logged in as". The last bit don't have to be secure, as it's only info to the user, nothing I will use server side. But the first part should send secure to the server. It seems that I would have to use https for all pages on the site then. I would like to only use ssl for the things that are required to be secure. One way is putting the login information into a https://../login.aspx and show it on my mainpage as an IFrame. One disadvantage I can see is that the user won't know that https is being used, unless they read the IFrame src in the source code. What do you think?

    Read the article

  • Access Control Lists basics

    - by vtortola
    Hi, I'm gonna add authorization, user and groups management to my application, basically... you will can define a set of permissions for a concrete user or group. For example, you could specify whom can use a concrete resource. So I want to ensure that my assumptions about ACLs are right: A basic rule could be "Grant", "Deny", "NoSet". User permissions have priority over group permissions. "Deny" statement has priority over "Grant". For example, user "u1" belongs to group "A", the resource "X" has this ACL "u1:grant,A:deny" user "u1" should be able to access the resource, shouldn't it? If a resource has no ACL set... does it means that anyone can access it? should I provide a default ACL? Any document about ACL in a general way? Cheers.

    Read the article

  • ssl multi domain website

    - by NetParis
    We need to secure a multi-langual web application with SSL (registration, login,..). However, this application is accessed by different domain names, exactly a domain name for each language (domainName.co.uk, domainName.fr, domainName.it and so on). We're looking for the simplest and cheapest solution. We don't want to purchase a certificate for each domain name. Some one has an idea ? the web server : IIS 6 Thanks

    Read the article

  • Convert the uploaded files to specific file format which can not download

    - by Avinash
    Hi, I have a problem regarding to prevent download and saving of uploaded files. My users can upload multiple files types like doc, pdf, ppt,etc.... This all file types are easily download if any one have url. So what is the better way to prevent the download of the file. Or i convert the uploaded files to some specific format which can not download easily (e.g flash).. I am running on php and mysql. Thanks Avinash

    Read the article

  • Python Class which checks input before passing to console (C) program

    - by Joseph Melettukunnel
    Hello, We are asked to write a web-frontend (in python) for a very complex (and old) console application, written in C. Since we have no access to the C Source Code, and we assume that there might be some unsafe methods, we'd like to check the input which will the passed to the console application. WebClient - Python Module - Console Application Do you have any suggestions or tips what we should check for? Right now we are only limiting the string length and filtering some (program specific) unallowed keywords. Thanks, Joseph EDIT: Will remove strings like %s because of format string attacks

    Read the article

  • Warning while downloading setup.exe builded by visual setup project

    - by nosbor
    I've built installer for my(c#, wpf) application by visual setup project. I share my project over internet by web site. But when I download the file I receive warning(actually looks like terrible error or virus) that the application(setup.exe) can harm my computer and apocalypse will come in near future if I will run it. Yes my installer is not signed by MS certificate, but I saw that other installers of others application also don't have cert but the warning is not shown(for instance installer of notepad++). Do you have any suggestions or solution of my problem?

    Read the article

  • Set username credential for a new channel without creating a new factory

    - by Ramon
    I have a backend service and front-end services. They communicate via the trusted subsystem pattern. I want to transfer a username from the frontend to the backend and do this via username credentials as found here: http://msdn.microsoft.com/en-us/library/ms730288.aspx This does not work in our scenerio where the front-end builds a backend service channel factory via: channelFactory = new ChannelFactory<IBackEndService>(.....); Creating a new channel is done via die channel factory. I can only set the credentials one time after that I get an exception that the username object is read-only. channelFactory.Credentials.Username.Username = "myCoolFrontendUser"; var channel = channelFactory.CreateChannel(); Is there a way to create the channel factory only one time as this is expensive to create and then specify username credential when creating a channel?

    Read the article

  • Asp.net: Replace GenericPrincipal

    - by Pickels
    Hello, I was wondering what the best way is to replace the genericPrincipal with my own CustomGenericPrincipal. At the moment I have something like this but I aint sure if it's correct. protected void Application_AuthenticateRequest(Object sender, EventArgs e) { HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); var identity = new CustomIdentity(authTicket); var principal = new CustomPrincipal(identity); Context.User = principal; } else { //Todo: check if this is correct var genericIdentity = new CustomGenericIdentity(); Context.User = new CustomPrincipal(genericIdentity); } } I need to replace it because I need a Principal that implements my ICustomPrincipal interface because I am doing the following with Ninject: Bind<ICustomPrincipal>().ToMethod(x => (ICustomPrincipal)HttpContext.Current.User) .InRequestScope(); So what's the best way to replace the GenericPrincipal? Thanks in advance, Pickels

    Read the article

  • RedirectFromLogin in Silverlight Login Page

    - by Oliver
    I am busy writing a login page in Silverlight. I am using an Authentication Service that processes the logins and I am also creating a custom Membership and Roles providers. Everything is working but I need some assistance. I would like some advice on how to redirect the user to page they came from before they were pushed to the Login page. Basically I want the same behavior as the standard ASP.Net login. I am fully aware of the differences between ASP and Silverlight regarding Client and Server side models. I can do the navigation but I always lose the session and cookie when I perform HtmlPage.Window.Navigate() to the ReturnUrl...

    Read the article

  • Calling IPrincipal.IsInRole on Windows 7

    - by adrianbanks
    We use NTLM auth in our application to determine whether a user can perform certain operations. We use the IPrincipal of their current Windows login (in WinForms applications), calling IsInRole to check for specific group memberships. To check that a user is a local administrator on the machine, we use: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); ... bool allowed = Thread.CurrentPrincipal.IsInRole(@"Builtin\Administrators") This works if the current user is the Administrator user, or is another user that is a member of the Builtin\Administrators group. In our testing on Windows 7, we have found that this no longer works as expected. The Administrator user still works fine, but any other user that is a member of the Builtin\Administrators group returns false for the IsInRole call. What could be causing this difference? I have a gut feeling that a default setting has changed somewhere (possible in gpedit), but cannot find anything that looks like the culprit.

    Read the article

  • Getting the CVE ID Property of an update from WSUS API via Powershell

    - by thebitsandthebytes
    I am writing a script in Powershell to get the update information from each computer and correlate the information with another System which identifies updates by CVE ID. I have discovered that there is a "CVEIDs" property for an update in WSUS, which is documented in MSDN, but I have no idea how to access the property. Retrieving the CVE ID from WSUS is the key to this script, so I am hoping someone out there can help! Here is the property that I am having difficulty accessing: IUpdate2::CveIDs Property - http://msdn.microsoft.com/en-us/library/aa386102(VS.85).aspx According to this, the IUnknown::QueryInterface method is needed to interface IUpdate2 -  "http://msdn.microsoft.com/en-us/library/ee917057(PROT.10).aspx" "An IUpdate instance can be retrieved by calling the IUpdateCollection::Item (opnum 8) (section 3.22.4.1) method.  The client can use the IUnknown::QueryInterface method to then obtain an IUpdate2, IUpdate3, IUpdate4, or IUpdate5 interface. Additionally, if the update is a driver, the client can use the IUnknown::QueryInterface method to obtain an IWindowsDriverUpdate, IWindowsDriverUpdate2, IWindowsDriverUpdate3, IWindowsDriverUpdate4, or IWindowsDriverUpdate5 interface. " Here is a skeleton of my code: [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null  if (!$wsus)  {  Returns an object that implements IUpdateServer  $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($server, $false, $port)  }  $computerScope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope  $updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope  $updateScope.UpdateSources = [Microsoft.UpdateServices.Administration.UpdateSources]::MicrosoftUpdate  $wsusMachines = $wsus.GetComputerTargets($computerScope)  foreach machine in QSUS, write the full domain name $wsusMachines | ForEach-Object {  Write-host $.FullDomainName  $updates = $.GetUpdateInstallationInfoPerUpdate($updateScope)  foreach update for each machine, write the update title, installation state and securitybulletin $updates | ForEach-Object {  $update = $wsus.GetUpdate($.UpdateId) # Returns an object that implements Microsoft.UpdateServices.Administration.IUpdate $updateTitle = $update.Title | Write-Host $updateInstallationState = $.UpdateInstallationState | Write-Host $updateSecurityBulletin = $update.SecurityBulletins | Write-Host  $updateCveIds = $update.CveIDs # ERROR: Property 'CveIDs' belongs to IUpdate2, not IUpdate  }  }

    Read the article

  • Deploying software on compromised machines

    - by Martin
    I've been involved in a discussion about how to build internet voting software for a general election. We've reached a general consensus that there exist plenty of secure methods for two way authentication and communication. However, someone came along and pointed out that in a general election some of the machines being used are almost certainly going to be compromised. To quote: Let me be an evil electoral fraudster. I want to sample peoples votes as they vote and hope I get something scandalous. I hire a bot-net from some really shady dudes who control 1000 compromised machines in the UK just for election day. I capture the voting habits of 1000 voters on election day. I notice 5 of them have voted BNP. I look these users up and check out their machines, I look through their documents on their machine and find out their names and addresses. I find out one of them is the wife of a tory MP. I leak 'wife of tory mp is a fascist!' to some blogger I know. It hits the internet and goes viral, swings an election. That's a serious problem! So, what are the best techniques for running software where user interactions with the software must be kept secret, on a machine which is possibly compromised?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >