Search Results

Search found 6525 results on 261 pages for 'restful authentication'.

Page 16/261 | < Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >

  • Review my ASP.NET Authentication code.

    - by Niels Bosma
    I have had some problems with authentication in ASP.NET. I'm not used most of the built in authentication in .NET. I gotten some complaints from users using Internet Explorer (any version - may affect other browsers as well) that the login process proceeds but when redirected they aren't authenticated and are bounced back to loginpage (pages that require authentication check if logged in and if not redirect back to loginpage). Can this be a cookie problem? Do I need to check if cookies are enabled by the user? What's the best way to build authentication if you have a custom member table and don't want to use ASP.NET login controls? Here my current code: using System; using System.Linq; using MyCompany; using System.Web; using System.Web.Security; using MyCompany.DAL; using MyCompany.Globalization; using MyCompany.DAL.Logs; using MyCompany.Logging; namespace MyCompany { public class Auth { public class AuthException : Exception { public int StatusCode = 0; public AuthException(string message, int statusCode) : base(message) { StatusCode = statusCode; } } public class EmptyEmailException : AuthException { public EmptyEmailException() : base(Language.RES_ERROR_LOGIN_CLIENT_EMPTY_EMAIL, 6) { } } public class EmptyPasswordException : AuthException { public EmptyPasswordException() : base(Language.RES_ERROR_LOGIN_CLIENT_EMPTY_PASSWORD, 7) { } } public class WrongEmailException : AuthException { public WrongEmailException() : base(Language.RES_ERROR_LOGIN_CLIENT_WRONG_EMAIL, 2) { } } public class WrongPasswordException : AuthException { public WrongPasswordException() : base(Language.RES_ERROR_LOGIN_CLIENT_WRONG_PASSWORD, 3) { } } public class InactiveAccountException : AuthException { public InactiveAccountException() : base(Language.RES_ERROR_LOGIN_CLIENT_INACTIVE_ACCOUNT, 5) { } } public class EmailNotValidatedException : AuthException { public EmailNotValidatedException() : base(Language.RES_ERROR_LOGIN_CLIENT_EMAIL_NOT_VALIDATED, 4) { } } private readonly string CLIENT_KEY = "9A751E0D-816F-4A92-9185-559D38661F77"; private readonly string CLIENT_USER_KEY = "0CE2F700-1375-4B0F-8400-06A01CED2658"; public Client Client { get { if(!IsAuthenticated) return null; if(HttpContext.Current.Items[CLIENT_KEY]==null) { HttpContext.Current.Items[CLIENT_KEY] = ClientMethods.Get<Client>((Guid)ClientId); } return (Client)HttpContext.Current.Items[CLIENT_KEY]; } } public ClientUser ClientUser { get { if (!IsAuthenticated) return null; if (HttpContext.Current.Items[CLIENT_USER_KEY] == null) { HttpContext.Current.Items[CLIENT_USER_KEY] = ClientUserMethods.GetByClientId((Guid)ClientId); } return (ClientUser)HttpContext.Current.Items[CLIENT_USER_KEY]; } } public Boolean IsAuthenticated { get; set; } public Guid? ClientId { get { if (!IsAuthenticated) return null; return (Guid)HttpContext.Current.Session["ClientId"]; } } public Guid? ClientUserId { get { if (!IsAuthenticated) return null; return ClientUser.Id; } } public int ClientTypeId { get { if (!IsAuthenticated) return 0; return Client.ClientTypeId; } } public Auth() { if (HttpContext.Current.User.Identity.IsAuthenticated) { IsAuthenticated = true; } } public void RequireClientOfType(params int[] types) { if (!(IsAuthenticated && types.Contains(ClientTypeId))) { HttpContext.Current.Response.Redirect((new UrlFactory(false)).GetHomeUrl(), true); } } public void Logout() { Logout(true); } public void Logout(Boolean redirect) { FormsAuthentication.SignOut(); IsAuthenticated = false; HttpContext.Current.Session["ClientId"] = null; HttpContext.Current.Items[CLIENT_KEY] = null; HttpContext.Current.Items[CLIENT_USER_KEY] = null; if(redirect) HttpContext.Current.Response.Redirect((new UrlFactory(false)).GetHomeUrl(), true); } public void Login(string email, string password, bool autoLogin) { Logout(false); email = email.Trim().ToLower(); password = password.Trim(); int status = 1; LoginAttemptLog log = new LoginAttemptLog { AutoLogin = autoLogin, Email = email, Password = password }; try { if (string.IsNullOrEmpty(email)) throw new EmptyEmailException(); if (string.IsNullOrEmpty(password)) throw new EmptyPasswordException(); ClientUser clientUser = ClientUserMethods.GetByEmailExcludingProspects(email); if (clientUser == null) throw new WrongEmailException(); if (!clientUser.Password.Equals(password)) throw new WrongPasswordException(); Client client = clientUser.Client; if (!(bool)client.PreRegCheck) throw new EmailNotValidatedException(); if (!(bool)client.Active || client.DeleteFlag.Equals("y")) throw new InactiveAccountException(); FormsAuthentication.SetAuthCookie(client.Id.ToString(), true); HttpContext.Current.Session["ClientId"] = client.Id; log.KeyId = client.Id; log.KeyEntityId = ClientMethods.GetEntityId(client.ClientTypeId); } catch (AuthException ax) { status = ax.StatusCode; log.Success = status == 1; log.Status = status; } finally { LogRecorder.Record(log); } } } }

    Read the article

  • Rails 2.x http basic authentication

    - by randombits
    I'm trying to get basic http authentication working on my Rails app. I'm offering a simple REST interface served by a Rails server, only xml/json output. Every method needs authentication, so I put the authenticate filter in ApplicationController: class ApplicationController < ActionController::Base helper :all # include all helpers, all the time before_filter :authenticate protected def authenticate authenticate_or_request_with_http_basic do |u, p| true end end end Even with having the method return true, I'm receiving a 401 from the server: $ curl http://127.0.0.1:3000/myresource/1.xml -i HTTP/1.1 401 Unauthorized Cache-Control: no-cache WWW-Authenticate: Basic realm="Application" X-Runtime: 1 Content-Type: text/html; charset=utf-8 Content-Length: 27 Server: WEBrick/1.3.1 (Ruby/1.9.1/2010-01-10) Date: Thu, 03 Jun 2010 02:43:55 GMT Connection: Keep-Alive HTTP Basic: Access denied. If I'm explicitly returning true, yet getting served a 401.

    Read the article

  • ASP.NET Windows Authentication

    - by Jason M
    Hi All I have an ASP.NET website set up using Windows authentication. Each time I open IE and try to access the webpage I get a windows authentication screen. Once I have logged in I can see the website fine. My problem is that every time I open a new IE browser I have to re-enter my username and password. I have heard about thew double hop issue, is this what it could be. If so how many ip fix this. Any ideas how i can stop this box showing up each time? I have ticked the "remember my username/password" tick box but still no joy. I am using Windows Server 2003, IIS 6.0 and .NET 4.0. Thanks JM

    Read the article

  • Interfacing my application with existing authentication systems

    - by Karan Bhangui
    I'm writing a web based application that will have its own authorization/authentication mechanism (traditional cookie/session based user/pass). However, depending on the organization that licenses the software, I want them to be able to plug in their own existing internal authentication system as a way to replace mine. Ideally, they'd have to run as little code as possible on their end; I'm trying to make this a mostly hosted service. I'm aware of the existence of OAuth, but don't entirely understand how I would go about implementing the system at a higher level. Any tips would be appreciated.

    Read the article

  • Consuming web service from BizTalk with authentication credentials

    - by lox
    I am trying to consume a web service from BizTalk by supplying credentials in the SOAP adapter port. I type in the Web Service URL and then I have the choice of Anonymous, Basic, Digest and NTLM authentication types. How do I supply my username, password and domain?.. when testing with soapUI it works perfectly. The only way I get to supply credentials is Basic or Digest but no matter what I fill in I get a "not authroized" error. The strange thing is that it actually works when I choose the NTLM authentication type but how does it get acces when I have not supplied the credentials. And there is no way that my server has direct access to the service?

    Read the article

  • Public-facing SharePoint 2007 portal - authentication question

    - by jdcorr
    I am involved in developing a portal with a public-facing side. For this i created a web application with windows authentication for intranet zone and after that, I created an extension for an internet zone with fba. In the internet extension we have the following requirement: - able to acess to sharepoint backoffice using fba. - have a authentication mecanism for portal visitors, where they can authenticate and acess to a page where they can subscribe the newsletter and define some site appearance (this users can't acess to sharepoint backoffice). My idea is use the aspnet membership provider to authenticate both users and create diferente roles for them. Anyone suggests another approach? Is there any way to ensure that visitors (2 case) do not enter the backoffice portal? Thanks

    Read the article

  • How to check if FORM Realm authentication failed?

    - by Sergio del Amo
    I use FORM Authentication. <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/loginPage.jsp</form-login-page> <form-error-page>/loginPage.jsp</form-error-page> </form-login-config> </login-config> I would like to use the same JSP for my form-login-page and form-error-page, for sake of code reuse. I use a Realm ( org.apache.catalina.realm.JDBCRealm ). In my JSP, I would like to display error messages if the authentication failed. Does Realm store anything in the request, which I could check?

    Read the article

  • Help choosing authentication method

    - by Dima
    I need to choose an authentication method for an application installed and integrated in customers environment. There are two types of environments - windows and linux/unix. Application is user based, no web stuff, pure Java. The requirement is to authenticate users which will use my application against customer provided user base. Meaning, customer installs my app, but uses his own users to grant or deny access to my app. Typical, right? I have three options to consider and I need to pick up the one which would be a) the most flexible to cover most common modern environments and b) would take least effort while stay robust and standard. Option (1) - Authenticate locally managing user credentials in some local storage, e.g. file. Customer would then add his users to my application and it will then check the passwords. Simple, clumsy but would work. Customers would have to punch every user they want to grant access to my app using some UI we will have to provide. Lots of work for me, headache to the customer. Option (2) - Use LDAP authentication. Customers would tell my app where to look for users and I will walk their directory resolving names into user names and trying to bind with found password. This is better approach IMO, but more fragile because I will have to walk an unknown directory structure and who knows if this will be permitted everywhere. Would be harder to test since there are many LDAP implementation out there, last thing I want is drowning in this voodoo. Option(3) - Use plain Kerberos authentication. Customers would tell my app what realm (domain) and which KDC (key distribution center) to use. In ideal world these two parameters would be all I need to set while customers could use their own administration tools to configure domain and kdc. My application would simply delegate user credentials to this third party (using JAAS or Spring security) and consider success when third party is happy with them. I personally prefer #3, but not sure what surprises I might face. Would this cover windows and *nix systems entirely? Is there another option to consider?

    Read the article

  • WCF client using basic HTTP authentication

    - by AZ
    I'm trying to connect to a service that uses basic HTTP authentication. I've configured my binding like this <bindings> <basicHttpBinding> <binding name ="binding"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> and i'm setting the credentials like this: client.ClientCredentials.UserName.UserName = Settings.UserName; client.ClientCredentials.UserName.Password = Settings.Password; Sill when i make a request i get a "The HTTP request is unauthorized with client authentication scheme 'Basic'" fault back. What am i doing wrong? (i don't have control over the service so all solutions must relate to the client configuration)

    Read the article

  • asp.net forms authentication timing out after 1 minute

    - by user548929
    I'm using ASP.NET MVC 3 with the Authorize attribute, but it keeps kicking me to the logon page after 1 minute, but even though my expiration is set to a very high value, it times out quickly. I check the cookie in my browser and its still there and not set to expire until about a month later, and it's set to be persistent, so I'm not sure why it keeps booting me. It only happens on my published location, locally it works just fine. var ticket = new FormsAuthenticationTicket(username, true, 500000); var encryptedTicket = FormsAuthentication.Encrypt(ticket); var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); cookie.Expires = ticket.Expiration; Response.Cookies.Add(cookie); web.config: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="7200" slidingExpiration="false"/> </authentication>

    Read the article

  • SharePoint form-based authentication with custom database

    - by Clodin
    Hi, I have SharePoint site and I want to use form-based authentication, not Windows how it is by default. For this I read that I have to modify the web.config from Central Administration and web.config from my site with the membership and roleManager tags configured properly. But if I use this: <membership> <providers> <add name="MyProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" .../> </providers> </membership> System.Web.Security.SqlMembershipProvider requires a database generated with ASP.NET SQL Server Setup Wizard (aspnet_regsql.exe), and this is my problem! I want to use another database with cunstom table 'Users' from where to take the username and password for authentication. How can I do this? Thank you in advance

    Read the article

  • Attaching catalog with SQL Authentication credentials attaches it as Read-Only

    - by Nissim
    Hello, As part of our product's installation process, a database is attached to the server. We use EXEC sp_attach_db in order to attach it to MSSQL. The problem occures when we try to attach it with "SQL Authentication" connection string - the database is attached to the server as read-only, thus preventing any write access from being performed This is driving us nuts... it's working just fine with Windows Authentication, and the only difference is the connection string... I tried googling for it but no mention for such a scenario is found. Any ideas anyone? It's important to mention that the MDF/LDF physical files are not set with "ReadOnly" attribute, so this is not the problem.

    Read the article

  • ASP.NET Windows authentication with wrong identity over VPN

    - by Dilyan Dimitrov
    I have ASP.NET application with windows authentication. When I browse it from home over VPN (Cisco VPN Client) as a username in the windows identity I get "\" not the credentials from the AD of the server (the same that I am using to connect to the VPN) even though I fill them in the prompt for localhost authentication from the browser. This only happens with Firefox. In the IE and Chrome after the prompt I get 401.1 Unauthorized page from IIS. How to make IIS to use the right credentials or the problem is somewhere else? Any ideas?

    Read the article

  • Prompts for windows authentication when viewing a page in Web site

    - by Sri Kumar
    Hello All, When i try to view a PARTICULAR page in my web site, it prompts for user name and password. Irrespective of providing proper user name/password and clicking OK or directly clicking Cancel button, the page is getting loaded properly. I am not sure why the authentication screen appears!!! It happens only for that particular page. Initially I thought it could be with file permission but copy pasted another page (which works fine) and renaming it doesn't solve the problem. Thoughts pl. EDIT I copied the source from the browser for that particular page and saved it as HTML. When i try to open the HTML file, it prompts for authentication.

    Read the article

  • How to eliminate authentication on my MVC app that is called from asp.net forms app

    - by Mark Kadlec
    Curious what recommendations anyone has. I have an existing asp.net forms application that does a Forms Authentication and has identity impersonate turned on. The application has a link to a questionnaire that I would like to develop separately in an asp.net MVC application, but I don't want the users to click on the link and be prompted for a username and password, I would like them to be able seamless start filling out the questionnaire. Is there a way to somehow transfer authentication from one .net app to another? I would like to be able to pass stuff like UserRole. What's the best way to do this?

    Read the article

  • How to remove thie ".svc" extension in RESTful WCF service?

    - by Morgan Cheng
    In my knowledge, the RESTful WCF still has ".svc" in its URL. For example, if the service interface is like [OperationContract] [WebGet(UriTemplate = "/Value/{value}")] string GetDataStr(string value); The access URI is like "http://machinename/Service.svc/Value/2". In my understanding, part of REST advantage is that it can hide the implementation details. A RESTful URI like "http://machinename/Service/value/2" can be implemented by any RESTful framework, but a "http://machinename/Service.svc/value/2" exposes its implementation is WCF. How can I remove this ".svc" host in the access URI?

    Read the article

  • Forms Authentication Across Applications Stopped Working

    - by colleski
    Hi, I have a .net 1.1 ASP application (domain.com) which has a .net 2 virtual directory (domain.com/v2) beneath it, both applications run within their own app pool on the same machine running IIS 6. The web.config files for both apps are setup for Forms Authentication as described here - http://msdn.microsoft.com/en-us/library/eb0zx8fc(v=VS.80).aspx. Users would be directed to the domain.com/v2/login.aspx page which would authenticate for both applications, this configuration has been working fine for the last few years until installing one of the recent Windows 2003 security updates today. Now after authenticating under /v2 users keep getting redirected back to domain.com/v2/Login.aspx as domain.com doesnt see them as authenticated anymore. Any ideas as to which security update would have caused this and if its possible to rollback? I've looked at a few suggestions on this (e.g. Cross app on subdomain form authentication not working) and other sites but no luck so far Any help would be appreciated. Thanks

    Read the article

  • Set Context User Principal for Customized Authentication in SignalR

    - by Shaun
    Originally posted on: http://geekswithblogs.net/shaunxu/archive/2014/05/27/set-context-user-principal-for-customized-authentication-in-signalr.aspxCurrently I'm working on a single page application project which is built on AngularJS and ASP.NET WebAPI. When I need to implement some features that needs real-time communication and push notifications from server side I decided to use SignalR. SignalR is a project currently developed by Microsoft to build web-based, read-time communication application. You can find it here. With a lot of introductions and guides it's not a difficult task to use SignalR with ASP.NET WebAPI and AngularJS. I followed this and this even though it's based on SignalR 1. But when I tried to implement the authentication for my SignalR I was struggled 2 days and finally I got a solution by myself. This might not be the best one but it actually solved all my problem.   In many articles it's said that you don't need to worry about the authentication of SignalR since it uses the web application authentication. For example if your web application utilizes form authentication, SignalR will use the user principal your web application authentication module resolved, check if the principal exist and authenticated. But in my solution my ASP.NET WebAPI, which is hosting SignalR as well, utilizes OAuth Bearer authentication. So when the SignalR connection was established the context user principal was empty. So I need to authentication and pass the principal by myself.   Firstly I need to create a class which delivered from "AuthorizeAttribute", that will takes the responsible for authenticate when SignalR connection established and any method was invoked. 1: public class QueryStringBearerAuthorizeAttribute : AuthorizeAttribute 2: { 3: public override bool AuthorizeHubConnection(HubDescriptor hubDescriptor, IRequest request) 4: { 5: } 6:  7: public override bool AuthorizeHubMethodInvocation(IHubIncomingInvokerContext hubIncomingInvokerContext, bool appliesToMethod) 8: { 9: } 10: } The method "AuthorizeHubConnection" will be invoked when any SignalR connection was established. And here I'm going to retrieve the Bearer token from query string, try to decrypt and recover the login user's claims. 1: public override bool AuthorizeHubConnection(HubDescriptor hubDescriptor, IRequest request) 2: { 3: var dataProtectionProvider = new DpapiDataProtectionProvider(); 4: var secureDataFormat = new TicketDataFormat(dataProtectionProvider.Create()); 5: // authenticate by using bearer token in query string 6: var token = request.QueryString.Get(WebApiConfig.AuthenticationType); 7: var ticket = secureDataFormat.Unprotect(token); 8: if (ticket != null && ticket.Identity != null && ticket.Identity.IsAuthenticated) 9: { 10: // set the authenticated user principal into environment so that it can be used in the future 11: request.Environment["server.User"] = new ClaimsPrincipal(ticket.Identity); 12: return true; 13: } 14: else 15: { 16: return false; 17: } 18: } In the code above I created "TicketDataFormat" instance, which must be same as the one I used to generate the Bearer token when user logged in. Then I retrieve the token from request query string and unprotect it. If I got a valid ticket with identity and it's authenticated this means it's a valid token. Then I pass the user principal into request's environment property which can be used in nearly future. Since my website was built in AngularJS so the SignalR client was in pure JavaScript, and it's not support to set customized HTTP headers in SignalR JavaScript client, I have to pass the Bearer token through request query string. This is not a restriction of SignalR, but a restriction of WebSocket. For security reason WebSocket doesn't allow client to set customized HTTP headers from browser. Next, I need to implement the authentication logic in method "AuthorizeHubMethodInvocation" which will be invoked when any SignalR method was invoked. 1: public override bool AuthorizeHubMethodInvocation(IHubIncomingInvokerContext hubIncomingInvokerContext, bool appliesToMethod) 2: { 3: var connectionId = hubIncomingInvokerContext.Hub.Context.ConnectionId; 4: // check the authenticated user principal from environment 5: var environment = hubIncomingInvokerContext.Hub.Context.Request.Environment; 6: var principal = environment["server.User"] as ClaimsPrincipal; 7: if (principal != null && principal.Identity != null && principal.Identity.IsAuthenticated) 8: { 9: // create a new HubCallerContext instance with the principal generated from token 10: // and replace the current context so that in hubs we can retrieve current user identity 11: hubIncomingInvokerContext.Hub.Context = new HubCallerContext(new ServerRequest(environment), connectionId); 12: return true; 13: } 14: else 15: { 16: return false; 17: } 18: } Since I had passed the user principal into request environment in previous method, I can simply check if it exists and valid. If so, what I need is to pass the principal into context so that SignalR hub can use. Since the "User" property is all read-only in "hubIncomingInvokerContext", I have to create a new "ServerRequest" instance with principal assigned, and set to "hubIncomingInvokerContext.Hub.Context". After that, we can retrieve the principal in my Hubs through "Context.User" as below. 1: public class DefaultHub : Hub 2: { 3: public object Initialize(string host, string service, JObject payload) 4: { 5: var connectionId = Context.ConnectionId; 6: ... ... 7: var domain = string.Empty; 8: var identity = Context.User.Identity as ClaimsIdentity; 9: if (identity != null) 10: { 11: var claim = identity.FindFirst("Domain"); 12: if (claim != null) 13: { 14: domain = claim.Value; 15: } 16: } 17: ... ... 18: } 19: } Finally I just need to add my "QueryStringBearerAuthorizeAttribute" into the SignalR pipeline. 1: app.Map("/signalr", map => 2: { 3: // Setup the CORS middleware to run before SignalR. 4: // By default this will allow all origins. You can 5: // configure the set of origins and/or http verbs by 6: // providing a cors options with a different policy. 7: map.UseCors(CorsOptions.AllowAll); 8: var hubConfiguration = new HubConfiguration 9: { 10: // You can enable JSONP by uncommenting line below. 11: // JSONP requests are insecure but some older browsers (and some 12: // versions of IE) require JSONP to work cross domain 13: // EnableJSONP = true 14: EnableJavaScriptProxies = false 15: }; 16: // Require authentication for all hubs 17: var authorizer = new QueryStringBearerAuthorizeAttribute(); 18: var module = new AuthorizeModule(authorizer, authorizer); 19: GlobalHost.HubPipeline.AddModule(module); 20: // Run the SignalR pipeline. We're not using MapSignalR 21: // since this branch already runs under the "/signalr" path. 22: map.RunSignalR(hubConfiguration); 23: }); On the client side should pass the Bearer token through query string before I started the connection as below. 1: self.connection = $.hubConnection(signalrEndpoint); 2: self.proxy = self.connection.createHubProxy(hubName); 3: self.proxy.on(notifyEventName, function (event, payload) { 4: options.handler(event, payload); 5: }); 6: // add the authentication token to query string 7: // we cannot use http headers since web socket protocol doesn't support 8: self.connection.qs = { Bearer: AuthService.getToken() }; 9: // connection to hub 10: self.connection.start(); Hope this helps, Shaun All documents and related graphics, codes are provided "AS IS" without warranty of any kind. Copyright © Shaun Ziyan Xu. This work is licensed under the Creative Commons License.

    Read the article

  • "Unknown user name or bad password" when I launch ADUC

    - by Chris
    When I open up Active Directory Users and Computers from my workstation, I receive an error: Naming information cannot be located because: Logon failure: unknown user name or bad password. Contact your system administrator to verify that your domain is properly configured and is currently online. If I log in to my workstation as somebody else, it works. If I log into a different workstation using my account, it works. All the workstations in question are running Windows Vista (32 and 64 bit) or Windows Server 2008. The domain controller in question is running Windows Small Business Server 2008. Everything else (that I tried) in the Remote Server Administration Tools runs just fine. Any thoughts? Edit: I just tried reinstalling RSAT. No such luck.

    Read the article

  • Proper use of HttpRequestInterceptor and CredentialsProvider in doing preemptive authentication with

    - by Preston
    I'm writing an application in Android that consumes some REST services I've created. These web services aren't issuing a standard Apache Basic challenge / response. Instead in the server-side code I'm wanting to interrogate the username and password from the HTTP(S) request and compare it against a database user to make sure they can run that service. I'm using HttpClient to do this and I have the credentials stored on the client after the initial login (at least that's how I see this working). So here is where I'm stuck. Preemptive authenticate under HttpClient requires you to setup an interceptor as a static member. This is the example Apache Components uses. HttpRequestInterceptor preemptiveAuth = new HttpRequestInterceptor() { @Override public void process( final HttpRequest request, final HttpContext context) throws HttpException, IOException { AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE); CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute( ClientContext.CREDS_PROVIDER); HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST); if (authState.getAuthScheme() == null) { AuthScope authScope = new AuthScope(targetHost.getHostName(), targetHost.getPort()); Credentials creds = credsProvider.getCredentials(authScope); if (creds != null) { authState.setAuthScheme(new BasicScheme()); authState.setCredentials(creds); } } } }; So the question would be this. What would the proper use of this be? Would I spin this up as part of the application when the application starts? Pulling the username and password out of memory and then using them to create this CredentialsProvider which is then utilized by the HttpRequestInterceptor? Or is there a way to do this more dynamically?

    Read the article

  • Unwanted redirection after authentication

    - by jodaha
    Hello world! We have a form to submit ratings for a certain restaurant in a in our views/restaurants/show.html.erb. We only want logged in users to create new ratings. We put before_filter :login_required, :only = [ :new, :create ] (but we also tried only ":create") on top of our RatingsController. If we click the submit button after typing in the rating details we are prompted to log in (which is what we want). After filling in username and password and submitting the login form we get redirected back to e. g. /restaurants/36/ratings, but we want to be redirected back to where we came from - e. g. /restaurants/36/. We tried redirect_to(:back), but this redirects us back to the login form. Also the new rating does not get saved to the database. Any idea how we can change the redirection and how to make sure the rating gets saved? Thanks!

    Read the article

< Previous Page | 12 13 14 15 16 17 18 19 20 21 22 23  | Next Page >