Search Results

Search found 1208 results on 49 pages for 'proxied authorization'.

Page 16/49 | < Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >

  • How to use Twitter4j With JSF2 for Login? [on hold]

    - by subodh
    I am trying to do login with Twitter and using Twitter4j for that and wrote this code In JSF <h:commandButton id="twitterbutton" value="Sign up with Twitter" action="#{twitterLoginBean.redirectTwitterLogin}" immediate="true" styleClass="twitterbutton"/> In ManagedBean public String redirectTwitterLogin() throws ServletException, IOException, TwitterException { HttpServletRequest request = (HttpServletRequest) FacesContext .getCurrentInstance().getExternalContext().getRequest(); HttpServletResponse response = (HttpServletResponse) FacesContext .getCurrentInstance().getExternalContext().getResponse(); Twitter twitter = TwitterFactory.getSingleton(); twitter.setOAuthConsumer(apiKey, apiSecret); RequestToken requestToken = twitter.getOAuthRequestToken(); if (requestToken != null) { AccessToken accessToken = null; BufferedReader br = new BufferedReader(new InputStreamReader( System.in)); while (null == accessToken) { try { String pin = br.readLine(); accessToken = twitter .getOAuthAccessToken(requestToken, pin); } catch (TwitterException te) { System.out .println("Failed to get access token, caused by: " + te.getMessage()); System.out.println("Retry input PIN"); } } request.setAttribute(IS_AUTHENTICATED, true); if (accessToken != null) { LOGGER.debug("We have a valid oauth token! Make the facebook request"); doApiCall(twitter, request, response); return null; } } else { LOGGER.debug("We don't have auth code yet, fetching the Authorization URL..."); String authorizationUrl = requestToken.getAuthorizationURL(); LOGGER.debug("Redirecting to the Authorization URL: {}", authorizationUrl); request.setAttribute(IS_AUTHENTICATED, false); redirect(authorizationUrl, response); return null; } return null; } In above code i want first Login window of twitter will show and then again same method will call and after user will login i can show user information userId,Handel,location etc. Redirect private void redirect(String url, HttpServletResponse response) throws IOException { String urlWithSessionID = response.encodeRedirectURL(url); response.sendRedirect(urlWithSessionID); } But this code is not working Can anyone tell better Solution for this ?

    Read the article

  • nginx proxypass content 404s when adding caching location block

    - by Thermionix
    Below is my nginx conf - the location block for adding expires max to content is causing issues with content from the /internal proxied sites. nginx error log; 2011/11/22 15:51:23 [error] 22124#0: *2 open() "/var/www/internal/static/javascripts/lib.js" failed (2: No such file or directory), client: 127.0.0.1, server: example.com, request: "GET /internal/static/javascripts/lib.js?0.6.11RC1 HTTP/1.1", host: "example.com", referrer: "https://example.com/internal/" browser error; lib.js Failed to load resource: the server responded with a status of 404 (Not Found) commenting out the expires max location block allows the proxied sites to work as intended. Config files; proxy.conf location /internal { proxy_pass http://localhost:10001/internal/; include proxy.inc; } .... more entries .... sites-enabled/main server { listen 80; include www.conf; } server { listen 443; include proxy.conf; include www.conf; ssl on; } www.conf root /var/www; server_name example.com; location / { autoindex off; allow all; rewrite ^/$ /mainsite last; } location ~* \.(jpg|jpeg|gif|css|png|js|ico)$ { expires max; } # hide protected files location ~* \.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template)$ { deny all; } location ~ \.php$ { fastcgi_index index.php; include fastcgi_params; if (-f $request_filename) { fastcgi_pass 127.0.0.1:9000; } } proxy.inc proxy_connect_timeout 59s; proxy_send_timeout 600; proxy_read_timeout 600; proxy_buffer_size 64k; proxy_buffers 16 32k; proxy_pass_header Set-Cookie; proxy_redirect off; proxy_hide_header Vary; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_set_header Accept-Encoding ''; proxy_ignore_headers Cache-Control Expires; proxy_set_header Referer $http_referer; proxy_set_header Host $host; proxy_set_header Cookie $http_cookie; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    Read the article

  • Tracd + varnish ( + nginx) setup on ubuntu 10.10

    - by user66831
    I have a currently setup trac server in domain.tld/subdir which is being proxied via nginx, I setup varnish and passed trac directly and the difference was visible to the naked eye, so I was wondering if anyone has setup tracd + varnish or tracd + nginx + varnish and would share the configs or pointers on the setup. would appreciate it :) thank you. my varnish config : http://kingpin.pastebin.com/fRLmckTk

    Read the article

  • Reverse Proxy that does not buffer uploads

    - by tsuraan
    From what I've seen of various reverse proxies (nginx, apache, varnish), they seem to buffer file uploads to disk before handing them off to the service they're proxying for. I need a reverse proxy that doesn't do this; I have a system that handles uploads itself, and buffering uploaded files to disk is not something that works for me. Does anybody know of a proxy server that can be configured to just pass traffic through to the proxied services without doing any buffering to disk?

    Read the article

  • Problems with Apache Mod_Proxy and Microsoft's ReportViewer's Reserved.ReportViewerWebControl.axd

    - by ActionJack
    I've configured an Apache httpd server (v2.2) as a reverse proxy (with SSL) to a Microsoft IIS website running an ASP.NET application with SQL Server Report Services. The proxy mostly works but Report Viewer reports aren't being proxied, all I get is a square window in Chrome and in IE I get the following error: This page contains both secure and nonsecure items. Do you want to display the non secure items? I click yes then I get the following: Unable to locate control: ReportFrame_ctl0_plchldrMainContent_1_ReportViewer1.

    Read the article

  • Nginx proxy with SSL Authentication

    - by Dustin Oprea
    I need to proxy an SSL-authenticated connection to another server that requires an SSL authenticated connection. I realize that the incoming and outgoing connections of the proxy may have different certificates, but is it possible to call proxy_pass and tell it to use a certificate/private key for connection to the proxied system? Based on the documentation, it doesn't seem possible. Maybe with another module?

    Read the article

  • ASP.NET Web API - Screencast series Part 3: Delete and Update

    - by Jon Galloway
    We're continuing a six part series on ASP.NET Web API that accompanies the getting started screencast series. This is an introductory screencast series that walks through from File / New Project to some more advanced scenarios like Custom Validation and Authorization. The screencast videos are all short (3-5 minutes) and the sample code for the series is both available for download and browsable online. I did the screencasts, but the samples were written by the ASP.NET Web API team. In Part 1 we looked at what ASP.NET Web API is, why you'd care, did the File / New Project thing, and did some basic HTTP testing using browser F12 developer tools. In Part 2 we started to build up a sample that returns data from a repository in JSON format via GET methods. In Part 3, we'll start to modify data on the server using DELETE and POST methods. So far we've been looking at GET requests, and the difference between standard browsing in a web browser and navigating an HTTP API isn't quite as clear. Delete is where the difference becomes more obvious. With a "traditional" web page, to delete something'd probably have a form that POSTs a request back to a controller that needs to know that it's really supposed to be deleting something even though POST was really designed to create things, so it does the work and then returns some HTML back to the client that says whether or not the delete succeeded. There's a good amount of plumbing involved in communicating between client and server. That gets a lot easier when we just work with the standard HTTP DELETE verb. Here's how the server side code works: public Comment DeleteComment(int id) { Comment comment; if (!repository.TryGet(id, out comment)) throw new HttpResponseException(HttpStatusCode.NotFound); repository.Delete(id); return comment; } If you look back at the GET /api/comments code in Part 2, you'll see that they start the exact same because the use cases are kind of similar - we're looking up an item by id and either displaying it or deleting it. So the only difference is that this method deletes the comment once it finds it. We don't need to do anything special to handle cases where the id isn't found, as the same HTTP 404 handling works fine here, too. Pretty much all "traditional" browsing uses just two HTTP verbs: GET and POST, so you might not be all that used to DELETE requests and think they're hard. Not so! Here's the jQuery method that calls the /api/comments with the DELETE verb: $(function() { $("a.delete").live('click', function () { var id = $(this).data('comment-id'); $.ajax({ url: "/api/comments/" + id, type: 'DELETE', cache: false, statusCode: { 200: function(data) { viewModel.comments.remove( function(comment) { return comment.ID == data.ID; } ); } } }); return false; }); }); So in order to use the DELETE verb instead of GET, we're just using $.ajax() and setting the type to DELETE. Not hard. But what's that statusCode business? Well, an HTTP status code of 200 is an OK response. Unless our Web API method sets another status (such as by throwing the Not Found exception we saw earlier), the default response status code is HTTP 200 - OK. That makes the jQuery code pretty simple - it calls the Delete action, and if it gets back an HTTP 200, the server-side delete was successful so the comment can be deleted. Adding a new comment uses the POST verb. It starts out looking like an MVC controller action, using model binding to get the new comment from JSON data into a c# model object to add to repository, but there are some interesting differences. public HttpResponseMessage<Comment> PostComment(Comment comment) { comment = repository.Add(comment); var response = new HttpResponseMessage<Comment>(comment, HttpStatusCode.Created); response.Headers.Location = new Uri(Request.RequestUri, "/api/comments/" + comment.ID.ToString()); return response; } First off, the POST method is returning an HttpResponseMessage<Comment>. In the GET methods earlier, we were just returning a JSON payload with an HTTP 200 OK, so we could just return the  model object and Web API would wrap it up in an HttpResponseMessage with that HTTP 200 for us (much as ASP.NET MVC controller actions can return strings, and they'll be automatically wrapped in a ContentResult). When we're creating a new comment, though, we want to follow standard REST practices and return the URL that points to the newly created comment in the Location header, and we can do that by explicitly creating that HttpResposeMessage and then setting the header information. And here's a key point - by using HTTP standard status codes and headers, our response payload doesn't need to explain any context - the client can see from the status code that the POST succeeded, the location header tells it where to get it, and all it needs in the JSON payload is the actual content. Note: This is a simplified sample. Among other things, you'll need to consider security and authorization in your Web API's, and especially in methods that allow creating or deleting data. We'll look at authorization in Part 6. As for security, you'll want to consider things like mass assignment if binding directly to model objects, etc. In Part 4, we'll extend on our simple querying methods form Part 2, adding in support for paging and querying.

    Read the article

  • Wednesday at OpenWorld: Identity Management

    - by Tanu Sood
    Divide and conquer! Yes, divide and conquer today at Oracle OpenWorld with your colleagues to make the most of all things Identity Management since there’s a lot going on. Here’ the line-up for today: Wednesday, October 3, 2012 CON9458: End End-User-Managed Passwords and Increase Security with Oracle Enterprise Single Sign-On Plus 10:15 a.m. – 11:15 a.m., Moscone West 3008 Most customers have a broad variety of applications (internal, external, web, client server, host etc) and single sign-on systems that extend to some, but not all systems. This session will focus on how customers are using enterprise single sign-on can help extend single sign-on to virtually any application, without costly application modification while laying a foundation that will enable integration with a broader identity management platform. CON9494: Sun2Oracle: Identity Management Platform Transformation 11:45 a.m. – 12:45 p.m., Moscone West 3008 Sun customers are actively defining strategies for how they will modernize their identity deployments. Learn how customers like Avea and SuperValu are leveraging their Sun investment, evaluating areas of expansion/improvement and building momentum. CON9631: Entitlement-centric Access to SOA and Cloud Services 11:45 a.m. – 12:45 p.m., Marriott Marquis, Salon 7 How do you enforce that a junior trader can submit 10 trades/day, with a total value of $5M, if market volatility is low? How can hide sensitive patient information from clerical workers but make it visible to specialists as long as consent has been given or there is an emergency? In this session, Uberether and HerbaLife take the stage with Oracle to demonstrate how you can enforce such entitlements on a service not just within your intranet but also right at the perimeter. CON3957 - Delivering Secure Wi-Fi on the Tube as an Olympics Legacy from London 2012 11:45 a.m. – 12:45 p.m., Moscone West 3003 In this session, Virgin Media, the U.K.’s first combined provider of broadband, TV, mobile, and home phone services, shares how it is providing free secure Wi-Fi services to the London Underground, using Oracle Virtual Directory and Oracle Entitlements Server, leveraging back-end legacy systems that were never designed to be externalized. As an Olympics 2012 legacy, the Oracle architecture will form a platform to be consumed by other Virgin Media services such as video on demand. CON9493: Identity Management and the Cloud 1:15 p.m. – 2:15 p.m., Moscone West 3008 Security is the number one barrier to cloud service adoption.  Not so for industry leading companies like SaskTel, ConAgra foods and UPMC. This session will explore how these organizations are using Oracle Identity with cloud services and how some are offering identity management as a cloud service. CON9624: Real-Time External Authorization for Middleware, Applications, and Databases 3:30 p.m. – 4:30 p.m., Moscone West 3008 As organizations seek to grant access to broader and more diverse user populations, the importance of centrally defined and applied authorization policies become critical; both to identify who has access to what and to improve the end user experience.  This session will explore how customers are using attribute and role-based access to achieve these goals. CON9625: Taking Control of WebCenter Security 5:00 p.m. – 6:00 p.m., Moscone West 3008 Many organizations are extending WebCenter in a business to business scenario requiring secure identification and authorization of business partners and their users. Leveraging LADWP’s use case, this session will focus on how customers are leveraging, securing and providing access control to Oracle WebCenter portal and mobile solutions. EVENTS: Identity Management Customer Advisory Board 2:30 p.m. – 3:30 p.m., Four Seasons – Yerba Buena Room This invitation-only event is designed exclusively for Customer Advisory Board (CAB) members to provide product strategy and roadmap updates. Identity Management Meet & Greet Networking Event 3:30 p.m. – 4:30 p.m., Meeting Session 4:30 p.m. – 5:30 p.m., Cocktail Reception Yerba Buena Room, Four Seasons Hotel, 757 Market Street, San Francisco The CAB meeting will be immediately followed by an open Meet & Greet event hosted by Oracle Identity Management executives and product management team. Do take this opportunity to network with your peers and connect with the Identity Management customers. For a complete listing, refer to the Focus on Identity Management document. And as always, you can find us on @oracleidm on twitter and FaceBook. Use #oow and #idm to join in the conversation.

    Read the article

  • ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios

    - by Your DisplayName here!
    The Thinktecture.IdentityModel.Http repository includes a number of samples for the various authentication scenarios. All the clients follow a basic pattern: Acquire client credential (a single token, multiple tokens, username/password). Call Service. The service simply enumerates the claims it finds on the request and returns them to the client. I won’t show that part of the code, but rather focus on the step 1 and 2. Basic Authentication This is the most basic (pun inteneded) scenario. My library contains a class that can create the Basic Authentication header value. Simply set username and password and you are good to go. var client = new HttpClient { BaseAddress = _baseAddress }; client.DefaultRequestHeaders.Authorization = new BasicAuthenticationHeaderValue("alice", "alice"); var response = client.GetAsync("identity").Result; response.EnsureSuccessStatusCode();   SAML Authentication To integrate a Web API with an existing enterprise identity provider like ADFS, you can use SAML tokens. This is certainly not the most efficient way of calling a “lightweight service” ;) But very useful if that’s what it takes to get the job done. private static string GetIdentityToken() {     var factory = new WSTrustChannelFactory(         new WindowsWSTrustBinding(SecurityMode.Transport),         _idpEndpoint);     factory.TrustVersion = TrustVersion.WSTrust13;     var rst = new RequestSecurityToken     {         RequestType = RequestTypes.Issue,         KeyType = KeyTypes.Bearer,         AppliesTo = new EndpointAddress(Constants.Realm)     };     var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;     return token.TokenXml.OuterXml; } private static Identity CallService(string saml) {     var client = new HttpClient { BaseAddress = _baseAddress };     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("SAML", saml);     var response = client.GetAsync("identity").Result;     response.EnsureSuccessStatusCode();     return response.Content.ReadAsAsync<Identity>().Result; }   SAML to SWT conversion using the Azure Access Control Service Another possible options for integrating SAML based identity providers is to use an intermediary service that allows converting the SAML token to the more compact SWT (Simple Web Token) format. This way you only need to roundtrip the SAML once and can use the SWT afterwards. The code for the conversion uses the ACS OAuth2 endpoint. The OAuth2Client class is part of my library. private static string GetServiceTokenOAuth2(string samlToken) {     var client = new OAuth2Client(_acsOAuth2Endpoint);     return client.RequestAccessTokenAssertion(         samlToken,         SecurityTokenTypes.Saml2TokenProfile11,         Constants.Realm).AccessToken; }   SWT Authentication When you have an identity provider that directly supports a (simple) web token, you can acquire the token directly without the conversion step. Thinktecture.IdentityServer e.g. supports the OAuth2 resource owner credential profile to issue SWT tokens. private static string GetIdentityToken() {     var client = new OAuth2Client(_oauth2Address);     var response = client.RequestAccessTokenUserName("bob", "abc!123", Constants.Realm);     return response.AccessToken; } private static Identity CallService(string swt) {     var client = new HttpClient { BaseAddress = _baseAddress };     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", swt);     var response = client.GetAsync("identity").Result;     response.EnsureSuccessStatusCode();     return response.Content.ReadAsAsync<Identity>().Result; }   So you can see that it’s pretty straightforward to implement various authentication scenarios using WebAPI and my authentication library. Stay tuned for more client samples!

    Read the article

  • Database Owner Conundrum

    - by Johnm
    Have you ever restored a database from a production environment on Server A into a development environment on Server B and had some items, such as Service Broker, mysteriously cease functioning? You might want to consider reviewing the database owner property of the database. The Scenario Recently, I was developing some messaging functionality that utilized the Service Broker feature of SQL Server in a development environment. Within the instance of the development environment resided two databases: One was a restored version of a production database that we will call "RestoreDB". The second database was a brand new database that has yet to exist in the production environment that we will call "DevDB". The goal is to setup a communication path between RestoreDB and DevDB that will later be implemented into the production database. After implementing all of the Service Broker objects that are required to communicate within a database as well as between two databases on the same instance I found myself a bit confounded. My testing was showing that the communication was successful when it was occurring internally within DevDB; but the communication between RestoreDB and DevDB did not appear to be working. Profiler to the rescue After carefully reviewing my code for any misspellings, missing commas or any other minor items that might be a syntactical cause of failure, I decided to launch Profiler to aid in the troubleshooting. After simulating the cross database messaging, I noticed the following error appearing in Profiler: An exception occurred while enqueueing a message in the target queue. Error: 33009, State: 2. The database owner SID recorded in the master database differs from the database owner SID recorded in database '[Database Name Here]'. You should correct this situation by resetting the owner of database '[Database Name Here]' using the ALTER AUTHORIZATION statement. Now, this error message is a helpful one. Not only does it identify the issue in plain language, it also provides a potential solution. An execution of the following query that utilizes the catalog view sys.transmission_queue revealed the same error message for each communication attempt: SELECT     * FROM        sys.transmission_queue; Seeing the situation as a learning opportunity I dove a bit deeper. Reviewing the database properties  The owner of a specific database can be easily viewed by right-clicking the database in SQL Server Management Studio and selecting the "properties" option. The owner is listed on the "General" page of the properties screen. In my scenario, the database in the production server was created by Frank the DBA; therefore his server login appeared as the owner: "ServerName\Frank". While this is interesting information, it certainly doesn't tell me much in regard to the SID (security identifier) and its existence, or lack thereof, in the master database as the error suggested. I pulled together the following query to gather more interesting information: SELECT     a.name     , a.owner_sid     , b.sid     , b.name     , b.type_desc FROM        master.sys.databases a     LEFT OUTER JOIN master.sys.server_principals b         ON a.owner_sid = b.sid WHERE     a.name not in ('master','tempdb','model','msdb'); This query also helped identify how many other user databases in the instance were experiencing the same issue. In this scenario, I saw that there were no matching SIDs in server_principals to the owner SID for my database. What login should be used as the database owner instead of Frank's? The system stored procedure sp_helplogins will provide a list of the valid logins that can be used. Here is an example of its use, revealing all available logins: EXEC sp_helplogins;  Fixing a hole The error message stated that the recommended solution was to execute the ALTER AUTHORIZATION statement. The full statement for this scenario would appear as follows: ALTER AUTHORIZATION ON DATABASE:: [Database Name Here] TO [Login Name]; Another option is to execute the following statement using the sp_changedbowner system stored procedure; but please keep in mind that this stored procedure has been deprecated and will likely disappear in future versions of SQL Server: EXEC dbo.sp_changedbowner @loginname = [Login Name]; .And They Lived Happily Ever After Upon changing the database owner to an existing login and simulating the inner and cross database messaging the errors have ceased. More importantly, all messages sent through this feature now successfully complete their journey. I have added the ownership change to my restoration script for the development environment.

    Read the article

  • Upgraded to Ubuntu 13.10 - Apache not able to start

    - by 0R10N
    I updated to Ubuntu 13.10 (from Ubuntu 13.04) last weekend, and now Apache is not being able to start. It was working perfectly well until the upgraded, and I haven't changed anything myself. When I ran a restart this is what I get apache2: Syntax error on line 260 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/conf.d/: No such file or directory So, I created the directory, and then I get this: * Starting web server apache2 * * The apache2 configtest failed. Output of config test was: [Wed Oct 30 11:17:42.921934 2013] [proxy_html:notice] [pid 2496] AH01425: I18n support in mod_proxy_html requires mod_xml2enc. Without it, non-ASCII characters in proxied pages are likely to display incorrectly. AH00526: Syntax error on line 84 of /etc/apache2/apache2.conf: Invalid command 'LockFile', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. The Apache error log may have more information. Thanks!

    Read the article

  • OAuth in C# as a client

    - by Redth
    Hi, I've been given 6 bits of information to access some data from a website: Website Json Url (eg: http://somesite.com/items/list.json) OAuth Authorization Url (eg: http://somesite.com/oauth/authorization) OAuth Request Url (eg: http://somesite.com/oauth/request) OAuth Access Url (eg: http://somesite.com/oauth/access) Client Key (eg: 12345678) Client Secret (eg: abcdefghijklmnop) Now, I've looked at DotNetOpenAuth and OAuth.NET libraries, and while I'm sure they are very capable of doing what I need, I just can't figure out how to use either in this way. Could someone post some sample code of how to consume the Url (Point 1.) in either library (or any other way that may work just as well)? Thanks!

    Read the article

  • MVC Authorize Attribute + HttpUnauthorizedResult + FormsAuthentication

    - by Anthony
    After browsing the MVC section on CodePlex I noticed that the [Authorize] attribute in MVC returns a HttpUnauthorizedResult() when authorization fails (codeplex AuthorizeAttribute class). In the source of HttpUnauthorizedResult() from CodePlex is the code (I'm not allowed to enter another URL as my rep isn't high enough, but replace the numbers on the URL above with 22929#266476): // 401 is the HTTP status code for unauthorized access - setting this // will cause the active authentication module to execute its default // unauthorized handler context.HttpContext.Response.StatusCode = 401; In particular, the comment describes the authentication module's default unauthorized handler. I can't seem to find any information on this default unauthorized handler. In particular, I'm not using FormsAuthentication and when authorization fails I get an ugly IIS 401 error page. Does anyone know about this default unauthorized handler, and in particular how FormsAuthentication hooks itself in to override it? I'm writing a really simple app for my football team who confirm or deny whether they can play a particular match. If I enable FormsAuthentication in the web.config the redirect works, but I'm not using FormsAuthentication and I'd like to know if there's a workaround.

    Read the article

  • What's the mobileish connect url of Facebook connect?

    - by Pentium10
    I use the following URL setting to authorize Facebook login. But the page for Application Authorization is webish, and not mobileish. webview .loadUrl("http://www.connect.facebook.com/login.php?return_session=1&nochrome=1&fbconnect=1&extern=2&connect_display=popup&api_key=" + FConnect.API_KEY + "&v=1.0&next=" + FConnect.SUCCESS_URL + "%3Ffb_login%26fname%3D_opener&cancel_url=" + FConnect.CANCEL_URL + "%23fname%3D_opener%26%257B%2522t%2522%253A3%252C%2522h%2522%253A%2522fbCancelLogin%2522%252C%2522sid%2522%253A%25220.741%2522%257D&channel_url=" + FConnect.XD_RECEIVER); As you see this is webish, as I had to scroll to the middle, Do you know the address to get a mobileish App authorization page?

    Read the article

  • Where to mention Accessdenied page in form Authentication

    - by Muhammad Akhtar
    I have implement Form Authentication <location path="Admin"> <system.web> <authorization> <deny users="?"/> <allow roles="Admin" /> <deny roles="systemAdmin"/> </authorization> </system.web> </location> Since in above mentioned rights, Admin can have access to Admin folder and systemAdmin can't have. I have make custom Accessdenied page where I am showing message to user he has not permission to access this page Now the issue is, If systemAdmin try to hit Admin folder page, he will be redirected to AccessDenied.apsx page. (please Note: both user are authenticated, 1 user have permission to some folder and other user have permission to other folder. I don't want to put check in each page) where to specify accessdenied page redirection ? Thanks

    Read the article

  • How to make ASP.NET authentication persist the Url Fragment when redirecting to the login page?

    - by estourodepilha.com
    After I inserted the configuration below in my Web.Config <authentication mode="Forms"> <forms name="appNameAuth" path="/" loginUrl="login.aspx" protection="All" timeout="30"> <credentials passwordFormat="Clear"> <user name="user" password="password" /> </credentials> </forms> </authentication> <authorization> <deny users="?" /> </authorization> All requests to Menu.aspx#fragment are redirected to login.aspx?ReturnUrl=/Menu.aspx and I expected it to be redirected to login.aspx?ReturnUrl=/Menu.aspx#fragment How to achieve the desired behavior?

    Read the article

  • Python urllib2 Basic Auth Problem

    - by Simon
    I'm having a problem sending basic AUTH over urllib2. I took a look at this article, and followed the example. My code: passman = urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None, "api.foursquare.com", username, password) urllib2.install_opener(urllib2.build_opener(urllib2.HTTPBasicAuthHandler(passman))) req = urllib2.Request("http://api.foursquare.com/v1/user") f = urllib2.urlopen(req) data = f.read() I'm seeing the following on the Wire via wireshark: GET /v1/user HTTP/1.1 Host: api.foursquare.com Connection: close Accept-Encoding: gzip User-Agent: Python-urllib/2.5 You can see the Authorization is not sent, vs. when I send a request via curl: curl -u user:password http://api.foursquare.com/v1/user GET /v1/user HTTP/1.1 Authorization: Basic =SNIP= User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 OpenSSL/0.9.8k zlib/1.2.3 Host: api.foursquare.com Accept: */* For some reason my code seems to not send the authentication - anyone see what I'm missing? thanks -simon

    Read the article

  • DotNetOpenAuth DesktopConsumer with GData help needed

    - by DBa
    Hi folks, I am trying to get DotNetOpenAuth's DesktopConsumer to work with Google, with not much success actually... Here is what I am doing (reduced to essential code parts): myApp = new DesktopConsumer(google, tm); var extraParameters = new Dictionary<string, string> { { "scope", GetScopeUri(Applications.Calendar) }, }; AuthorizeForm af = new AuthorizeForm(); af.setAuthUrl(myApp.RequestUserAuthorization(extraParameters, null, out requestToken)); // This makes a webbrowser control in the AuthorizeForm navigate to the google page //which asks for login and authorization af.ShowDialog(); // Open the form, as modal var accessTokenResponse = myApp.ProcessUserAuthorization(requestToken, af.getVerifier()); // af.getVerifier gets the verificatino code which the user has to copy from the // webbrowser control to a textbox (if he grants the authorization, of course :D) HttpWebRequest req = myApp.PrepareAuthorizedRequest( new MessageReceivingEndpoint( "http://www.google.com/calendar/feeds/default/owncalendars/full", HttpDeliveryMethods.GetRequest ), accessTokenResponse.AccessToken); WebResponse rsp = req.GetResponse(); // Here I get the "401 Unauthorized" exception Any idea what I am doing wrong? Thanks in advance, Dmitri

    Read the article

  • C# WCF/WebService: Interoperable exception handling.

    - by michael paul
    I understand that WCF will convert an exception into a fault and send it back as a SOAP message, but I was wondering if this is truly interoperable. I guess I'm having a tough time trying to figure out this possible scenario: Client (Java) calls a WCF Service (LoginService). Server checks for proper authorization, user authorization fails. Server throws an UnauthorizedAccessException. WCF converts this into a Fault somehow. (* - See Below As Well) Client has to be able to know how to read this Fault. I guess I'm just having a tough time understanding how this could still be interoperable because it is expecting Java to know how to translate a SOAP Fault that .NET encodes from an UnauthorizedAccessException. Also, how does .NET actually convert the exception to a fault, what goes in as the fault code, name, etc. Some of the things seem to be "duh"s like perhaps the Fault Name is "UnauthorizedAccessException", but I'd rather know for sure than guess.

    Read the article

  • Authlogic Facebook Connect and cucumber

    - by jspooner
    I added the authlogic_facebook_connect plugin to my project and I'm now having problem running my cucumber test because of a NoMethodError. undefined method `set_facebook_session' for nil:NilClass (NoMethodError) In authlogic_facebook_connect/Session.rb the method "authenticating_with_facebook_connect?" is called as some sort of callback and the controller is defined but is missing the 'set_facebook_session' method. def authenticating_with_facebook_connect? controller.set_facebook_session attempted_record.nil? && errors.empty? && controller.facebook_session end I don't understand why the cucumber test is not loading the controller with this method. I also test the app in development and cucumber environments and everything works perfect. Here is the full cucumber output. Feature: Authentication In order to keep security a user should only be able to edit their own profile Background: # features/authorization.feature:4 Given a valid user record for joe_runner # features/step_definitions/user_steps.rb:4 undefined method `set_facebook_session' for nil:NilClass (NoMethodError) ./vendor/plugins/authlogic/lib/authlogic/controller_adapters/abstract_adapter.rb:63:in `send' ./vendor/plugins/authlogic/lib/authlogic/controller_adapters/abstract_adapter.rb:63:in `method_missing' ./vendor/plugins/authlogic_facebook_connect/lib/authlogic_facebook_connect/session.rb:132:in `authenticating_with_facebook_connect?' ./vendor/plugins/authlogic/lib/authlogic/session/callbacks.rb:83:in `validate' ./vendor/plugins/authlogic/lib/authlogic/session/validation.rb:64:in `valid?' ./vendor/plugins/authlogic/lib/authlogic/session/existence.rb:65:in `save' ./vendor/plugins/authlogic/lib/authlogic/session/existence.rb:30:in `create' ./vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/session_maintenance.rb:113:in `create_session' ./vendor/plugins/authlogic/lib/authlogic/acts_as_authentic/session_maintenance.rb:103:in `maintain_sessions' ./features/step_definitions/user_steps.rb:5:in `/^a valid user record for ([\w]*)$/' features/authorization.feature:5:in `Given a valid user record for joe_runner' Scenario: Jonathan can edit his profile but not other users profiles # features/authorization.feature:7 Given jonathan is logged in as an user # features/step_definitions/user_steps.rb:13 When I go to my user edit page # features/step_definitions/web_steps.rb:18 And I press "Update" # features/step_definitions/web_steps.rb:22 Then I should see "Account updated!" # features/step_definitions/web_steps.rb:142 When I go to joe_runner's user edit page # features/step_definitions/web_steps.rb:18 Then I should see "You do not allowed to access to view that page" # features/step_definitions/web_steps.rb:142 Failing Scenarios: cucumber features/authentication.feature:9 # Scenario: Signup cucumber features/authorization.feature:7 # Scenario: Jonathan can edit his profile but not other users profiles 2 scenarios (2 failed) 15 steps (2 failed, 13 skipped) 0m0.173s rake aborted! Command failed with status (1): [/System/Library/Frameworks/Ruby.framework/...] /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:995:in `sh' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:1010:in `call' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:1010:in `sh' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:1094:in `sh' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:1029:in `ruby' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:1094:in `ruby' /Library/Ruby/Gems/1.8/gems/cucumber-0.6.4/lib/cucumber/rake/task.rb:68:in `run' /Library/Ruby/Gems/1.8/gems/cucumber-0.6.4/lib/cucumber/rake/task.rb:138:in `define_task' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:636:in `call' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:636:in `execute' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:631:in `each' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:631:in `execute' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:597:in `invoke_with_call_chain' /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/monitor.rb:242:in `synchronize' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:590:in `invoke_with_call_chain' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:607:in `invoke_prerequisites' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:604:in `each' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:604:in `invoke_prerequisites' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:596:in `invoke_with_call_chain' /System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/monitor.rb:242:in `synchronize' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:590:in `invoke_with_call_chain' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:583:in `invoke' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:2051:in `invoke_task' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:2029:in `top_level' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:2029:in `each' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:2029:in `top_level' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:2068:in `standard_exception_handling' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:2023:in `top_level' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:2001:in `run' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:2068:in `standard_exception_handling' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/lib/rake.rb:1998:in `run' /Library/Ruby/Gems/1.8/gems/rake-0.8.7/bin/rake:31 /usr/bin/rake:19:in `load' /usr/bin/rake:19 activespoon:base_project jspooner$ There are a couple of blogs that give examples on how to test facebook apps with cucumber but they didn't help because my error comes before these. http://opensoul.org/2009/3/6/testing-facebook-with-cucumber http://ryanbigg.com/2010/03/testing-facebook/

    Read the article

  • Authkit - deferring action for HTTP '401' response to client application

    - by jon
    Form, Redirect and Forward all send an unauthenticated user to a Form on a login page specified within an Authkit middleware application. I'd like to allow a client application to request a service via XHR and then present a custom 'client side' form if a HTTP status code of 401 is returned, which would then post to Authkit for authentication until valid authentication/authorization occured. Specifically, 1) a jquery $.get request might request a resource. 2) if an Authkit cookie check confirmed previous authorization the content would be returned. 3) if not I would like Authkit to simply return the '401 response' (and not redirect to another page, or return a form template) where a client side exception handler would notify the user and present an authentication form. Can Authkit work like this?

    Read the article

  • Is it possible to configure a location in Web.config to only allow local connections

    - by gatapia
    Hi All, I've got a page in an ASP.Net app (its Mvc actually but not important) and I would like to only allow connections to this page from the local machine. I would love to do something like this in Web.config: <location path="resources"><system.web><authorization><allow ips="local"/></authorization></system.web></location> I know this is possible with a simple check in the page code behind (or controller) and its even possible just with IIS configuration but I would love a Web.config config as this would be the most elegant solution in my opinion. Anyone know if this is possible? Thanks Guido

    Read the article

  • How to clone a mercurial repository over an ssh connection initiated by fabric when http authorizati

    - by Monika Sulik
    I'm attempting to use fabric for the first time and I really like it so far, but at a certain point in my deployment script I want to clone a mercurial repository. When I get to that point I get an error: err: abort: http authorization required My repository requires http authorization and fabric doesn't prompt me for the user and password. I can get around this by changing my repository address from: https://hostname/repository to: https://user:password@hostname/repository But for various reasons I would prefer not to go this route. Are there any other ways in which I could bypass this problem?

    Read the article

  • HttpContext User value changing on its own?

    - by larryq
    Hi everyone, I'm working on an ASP.Net 2.0 application and am having a strange issue involving the HttpContext User. It appears to be changing on its own when I go to a particular page/directory. All of our pages inherit from a base page. In that base page's Page_Load() method we run an authorization check to see if the user can see the page they're going to. We retrieve the user to check against with this code: GenericPrincipal objPrincipal = (GenericPrincipal)Context.User; When I go to this unusual directory the User value isn't me, it's some other username I've never heard of. This username isn't authorized to see these pages, so authorization fails. This mysterious directory isn't a virtual web, just a regular directory in our website, however I've noticed it has its own Web.Config file. I'm guessing that's a cause of the trouble here. My question is, how can I investigate this further, in determining what's changing the User value when I go to this directory?

    Read the article

  • NHibernate and SetSessionAuth audit columns

    - by user86431
    We have audit columns set by triggers. For obscure security reasons predating my tenure and out of my control, we log in with a generic user, and do a 'set session authorization' to change the user to the db user of the user who is logged in. When we converted to NHibernate, it creates a whole new session and jacks everything up when we try to do a set session auth, so we turned the set session auth off... Now we are trying to find out a way to get NHibernate to let us do 'set session authorization' without recycling the session on us, so we can use our existing trigger based audit column stuff with both legacy apps, and our new NHibernate apps. It's not a ideal soloution, or the best way to do it even, but is it possible? I was hoping there was a alternate interface that allowed this kind of access. Does anyone know how to do it, or can you point me towards and good hints? Thanks, Eric-

    Read the article

< Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >