Search Results

Search found 6525 results on 261 pages for 'restful authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 17/261 | < Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >

  • PYTHON: ntlm authentication

    - by Svetlana
    Hello!! I'm trying to implement NTLM authentication on IIS (Windows Server 2003) from Windows 7 with python. LAN Manager Authentication Level: Send NTLM response only. Client machine and server are in the same domain. Domain controller (AD) is on another server (also running Windows Server 2003). I recieve 401.1 - Unauthorized: Access is denied due to invalid credentials. Could you please help me find out what is wrong with this code and/or show me the other possible directions to solve this problem (using NTLM or Kerberos)? [python] import sys, httplib, base64, string import urllib2 import win32api import sspi import pywintypes import socket class WindoewNtlmMessageGenerator: def __init__(self,user=None): import win32api,sspi if not user: user = win32api.GetUserName() self.sspi_client = sspi.ClientAuth("NTLM",user) def create_auth_req(self): import pywintypes output_buffer = None error_msg = None try: error_msg, output_buffer = self.sspi_client.authorize(None) except pywintypes.error: return None auth_req = output_buffer[0].Buffer auth_req = base64.encodestring(auth_req) auth_req = string.replace(auth_req,'\012','') return auth_req def create_challenge_response(self,challenge): import pywintypes output_buffer = None input_buffer = challenge error_msg = None try: error_msg, output_buffer = self.sspi_client.authorize(input_buffer) except pywintypes.error: return None response_msg = output_buffer[0].Buffer response_msg = base64.encodestring(response_msg) response_msg = string.replace(response_msg,'\012','') return response_msg fname='request.xml' request = file(fname).read() ip_host = '10.0.3.112' ntlm_gen = WindoewNtlmMessageGenerator() auth_req_msg = ntlm_gen.create_auth_req() auth_req_msg_dec = base64.decodestring(auth_req_msg) auth_req_msg = string.replace(auth_req_msg,'\012','') webservice = httplib.HTTPConnection(ip_host) webservice.putrequest("POST", "/idc/idcplg") webservice.putheader("Content-length", "%d" % len(request)) webservice.putheader('Authorization', 'NTLM'+' '+auth_req_msg) webservice.endheaders() resp = webservice.getresponse() resp.read() challenge = resp.msg.get('WWW-Authenticate') challenge_dec = base64.decodestring(challenge.split()[1]) msg3 = ntlm_gen.create_challenge_response(challenge_dec) webservice = httplib.HTTP(ip_host) webservice.putrequest("POST", "/idc/idcplg?IdcService=LOGIN&Auth=Intranet") webservice.putheader("Host", SHOD) webservice.putheader("Content-length", "%d" % len(request)) webservice.putheader('Authorization', 'NTLM'+' '+msg3) webservice.putheader("Content-type", "text/xml; charset=\"UTF-8\"") webservice.putheader("SOAPAction", "\"\"") webservice.endheaders() webservice.send(request) statuscode, statusmessage, header = webservice.getreply() res = webservice.getfile().read() res_file = file('result.txt','wb') res_file.write(res) res_file.close() [/python] sspi.py is available here: http://www.koders.com/python/fidF3B0061A07CD13BA35FF263E3E45252CFABFAA3B.aspx?s=timer Thanks!

    Read the article

  • HTTP Basic Authentication with HTTPService Objects in Adobe Flex/AIR

    - by Bob Somers
    I'm trying to request a HTTP resource that requires basic authorization headers from within an Adobe AIR application. I've tried manually adding the headers to the request, as well as using the setRemoteCredentials() method to set them, to no avail. Here's the code: <mx:Script> <![CDATA[ import mx.rpc.events.ResultEvent; import mx.rpc.events.FaultEvent; private function authAndSend(service:HTTPService):void { service.setRemoteCredentials('someusername', 'somepassword'); service.send(); } private function resultHandler(event:ResultEvent):void { apiResult.text = event.result.toString(); } private function resultFailed(event:FaultEvent):void { apiResult.text = event.fault.toString(); } ]]> </mx:Script> <mx:HTTPService id="apiService" url="https://mywebservice.com/someFileThatRequiresBasicAuth.xml" resultFormat="text" result="resultHandler(event)" fault="resultFailed(event)" /> <mx:Button id="apiButton" label="Test API Command" click="authAndSend(apiService)" /> <mx:TextArea id="apiResult" /> However, a standard basic auth dialog box still pops up prompting the user for their username and password. I have a feeling I'm not doing this the right way, but all the info I could find (Flex docs, blogs, Google, etc.) either hasn't worked or was too vague to help. Any black magic, oh Flex gurus? Thanks. EDIT: Changing setRemoteCredentials() to setCredentials() yields the following ActionScript error: [MessagingError message='Authentication not supported on DirectHTTPChannel (no proxy).'] EDIT: Problem solved, after some attention from Adobe. See the posts below for a full explanation. This code will work for HTTP Authentication headers of arbitrary length. import mx.utils.Base64Encoder; private function authAndSend(service:HTTPService):void { var encoder:Base64Encoder = new Base64Encoder(); encoder.insertNewLines = false; // see below for why you need to do this encoder.encode("someusername:somepassword"); service.headers = {Authorization:"Basic " + encoder.toString()}; service.send(); }

    Read the article

  • Django users and authentication from external source

    - by Boldewyn
    I have a Django app that gets it's data completely from an external source (queried via HTTP). That is, I don't have the option for a local database. Session data is stored in the cache (on my development server I use a SQLite database, so that is no error source). I'm using bleeding edge Django 1.1svn. Enter the problem: I want to use Django's own authentication system for the users. It seems quite simple to write my own Authentication Backend, but always just under the condition that you have a local database where to save the users. Without database my main problem is persistence. I tried it with the following (assume that datasource.get() is a function that returns some kind of dict): class ModelBackend (object): """Login backend.""" def authenticate (self, username=None, password=None): """Check, if a given user/password combination is valid""" data = datasource.get ('login', username, password) if data and data['ok']: return MyUser (username=username) else: raise TypeError return None def get_user (self, username): """get data about a specific user""" try: data = datasource.get ('userdata', username) if data and data['ok']: return data.user except: pass return None class MyUser (User): """Django user who isn't saved in DB""" def save (self): return None But the intentionally missing save() method on MyUser seems to break the session storage of a login. How should MyUser look like without a local database?

    Read the article

  • cakephp: Custom Authentication Object authenticate not called

    - by Kristoffer Darj
    The method authenticate in a Custom Authentication Object is never called. Is this a glicth or am I missing something? I don't get anything in the log, I'm just redirected to users/login (or the one I specified) CakeVersion: 2.4.1 <?php //My custom Auth Class //Path: app/Controller/Component/Auth/HashAuthenticate.php App::uses('BaseAuthenticate', 'Controller/Component/Auth'); class HashAuthenticate extends BaseAuthenticate { public function authenticate(CakeRequest $request, CakeResponse $response) { //Seems to not be called CakeLog::write('authenticate'); debug($this); die('gaah'); } } If I add the method getUser() (or unauthenticated() ), those gets called however so at least I know that cake finds the class and so on. It just skips the authenticate-method. The AppController looks like this class AppController extends Controller { public $helpers = array('Html', 'Form', 'Session'); public $components = array('Auth' => array( 'authenticate' => array('Hash'), 'authorize' => array('Controller'), ) ); } I found a similar question here: CakePHP 2.x custom "Authentication adapter &quot;LdapAuthorize&quot; was not found but there the issue was typos.

    Read the article

  • Overriding windows authentication for a .NET application

    - by JoshReedSchramm
    I have a .NET application where the homepage (default.aspx) should be accessible by anyone. There is also a reporting page (reporting.aspx) that I want to secure via windows authentication and only allow access to a particular set of AD groups. Right now the way my web.config is setup it is securing the reporting page but on the home page it prompts the user for login credentials. If they hit esc they can continue to the page though so it isnt actually securing it. I need to prevent it from prompting the user. How do i need to setup my config. Here is what i have now - <system.web> <authentication mode="Windows" /> <identity impersonate="true" /> <authorization> <allow roles="BUILTIN\Administrators, DomainName\Manager" /> <deny users="?" /> </authorization> ...MORE STUFF... </system.web> <location path="default.aspx"> <system.web> <identity impersonate="false" /> <authorization> <allow users="*"/> </authorization> </system.web> </location>

    Read the article

  • SECURITY Flaws in this design for User authentication.

    - by Shao
    SECURITY Flaws in this design for User authentication. From: http://wiki.pylonshq.com/display/pylonscookbook/Simple+Homegrown+Authentication Note: a. Project follows the MVC pattern. b. Only a user with a valid username and password is allowed submit something. Design: a. Have a base controller from which all controllers are derived from. b. Before any of the actions in the derived controllers are called the system calls a before action in the base controller. c. In each controller user hardcodes the actions that need to be verified in an array. d. The before action first looks in the array that has the actions that are protected and sees if a user is logged in or not by peaking into the session. If a user is present then user is allowed to submit otherwise user is redirected to login page. What do you think?

    Read the article

  • ASP.NET Authentication Cookie timout and IIS 7 setting

    - by David Laplante
    Hello, I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in. However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing" Frustrating answer indeed... To be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none. I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting? What should I do... Thanks for you help!

    Read the article

  • Authentication Error when accessing Sharepoint list via web service

    - by Joe
    I wrote a windows service a few months ago that would ping a Sharepoint list using _vti_bin/lists.asmx function GetListItemChanges. It was working fine until a few weeks ago when my company upgraded our Sharepoint instance to SP1. Now whenever my service attempts to access Sharepoint I receive an 401.1 authentication error: Error: You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied. Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page. HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Internet Information Services (IIS) I have checked and my privileges on the site have not changed. here is the code In which I call the list: Lists listsService = new Lists(); listsService.Credentials = new NetworkCredential("UserName", "Password", "domain"); Result = listsService.GetListItemChanges("List name", null, dTime.ToString(), null); It has also been brought to my attention that basic authentication may have been disabled on our farm. I don't believe I'm using that but I may be mistaken.

    Read the article

  • Authentication using cookie key with asynchronous callback

    - by greg
    I need to write authentication function with asynchronous callback from remote Auth API. Simple authentication with login is working well, but authorization with cookie key, does not work. It should checks if in cookies present key "lp_login", fetch API url like async and execute on_response function. The code almost works, but I see two problems. First, in on_response function I need to setup secure cookie for authorized user on every page. In code user_id returns correct ID, but line: self.set_secure_cookie("user", user_id) does't work. Why it can be? And second problem. During async fetch API url, user's page has loaded before on_response setup cookie with key "user" and the page will has an unauthorized section with link to login or sign on. It will be confusing for users. To solve it, I can stop loading page for user who trying to load first page of site. Is it possible to do and how? Maybe the problem has more correct way to solve it? class BaseHandler(tornado.web.RequestHandler): @tornado.web.asynchronous def get_current_user(self): user_id = self.get_secure_cookie("user") user_cookie = self.get_cookie("lp_login") if user_id: self.set_secure_cookie("user", user_id) return Author.objects.get(id=int(user_id)) elif user_cookie: url = urlparse("http://%s" % self.request.host) domain = url.netloc.split(":")[0] try: username, hashed_password = urllib.unquote(user_cookie).rsplit(',',1) except ValueError: # check against malicious clients return None else: url = "http://%s%s%s/%s/" % (domain, "/api/user/username/", username, hashed_password) http = tornado.httpclient.AsyncHTTPClient() http.fetch(url, callback=self.async_callback(self.on_response)) else: return None def on_response(self, response): answer = tornado.escape.json_decode(response.body) username = answer['username'] if answer["has_valid_credentials"]: author = Author.objects.get(email=answer["email"]) user_id = str(author.id) print user_id # It returns needed id self.set_secure_cookie("user", user_id) # but session can's setup

    Read the article

  • Forms Authentication & Virtual Directory

    - by benclaytonfranklin
    Hi, We're having trouble getting Forms Authentication to work with a virtual directory in IIS. We have a main site, and then a microsite setup within a virtual directory. This mircosite has its own admin system within an "Admin" folder, which has authentication on it but currently it is not kicking in and the admin section is browsable by anyone. The web.config with the admin folder has the following: <?xml version="1.0"?> <configuration> <appSettings/> <connectionStrings/> <system.web> <authorization> <deny users="?"/> </authorization> <customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Error.aspx"/> </system.web> </configuration> Could anyone give me any clues as to why this might not be working? Cheers!

    Read the article

  • Implement user authentication against remote DB with a Web Service

    - by Juan González
    I'm just starting reasearch about the best way to implement user authentication within my soon-to-be app. This is what I have so far: A desktop (Windows) application on a remote server. That application is accessed locally with a browser (it has a web console and MS SQL Server to store everything). The application is used with local credendials stored in the DB. This is what I'd like to accompllish: Provide access to some information on that SQL Server DB from my app. That access of course must be granted once a user has id himself with valid credentials. This is what I know so far: How to create my PHP web service and query info from a DB using JSON. How to work with AFNetworking libraries to retrieve information. How to display that info on the app. What I don't know is which could be the best method to implement user authentication from iOS. Should I send username and password? Should I send some hash? Is there a way to secure the handshake? I'd for sure appreciate any advise, tip, or recommendation you have from previous experience. I don't want to just implement it but instead I want to do it as good as possible.

    Read the article

  • Http authentication with apache httpcomponents

    - by matdan
    Hi, I am trying to develop a java http client with apache httpcomponents 4.0.1. This client calls the page "https://myHost/myPage". This page is protected on the server by a JNDIRealm with a login form authentication, so when I try to get https://myHost/myPage I get a login page. I tried to bypass it unsuccessfully with the following code : //I set my proxy HttpHost proxy = new HttpHost("myProxyHost", myProxyPort); //I add supported schemes SchemeRegistry supportedSchemes = new SchemeRegistry(); supportedSchemes.register(new Scheme("http", PlainSocketFactory .getSocketFactory(), 80)); supportedSchemes.register(new Scheme("https", SSLSocketFactory .getSocketFactory(), 443)); // prepare parameters HttpParams params = new BasicHttpParams(); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); HttpProtocolParams.setContentCharset(params, "UTF-8"); HttpProtocolParams.setUseExpectContinue(params, true); ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, supportedSchemes); DefaultHttpClient httpclient = new DefaultHttpClient(ccm, params); httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy); //I add my authentication information httpclient.getCredentialsProvider().setCredentials( new AuthScope("myHost/myPage", 443), new UsernamePasswordCredentials("username", "password")); HttpHost host = new HttpHost("myHost", 443, "https"); HttpGet req = new HttpGet("/myPage"); //show the page ResponseHandler<String> responseHandler = new BasicResponseHandler(); String rsp = httpClient.execute(host, req, responseHandler); System.out.println(rsp); When I run this code, I always get the login page, not myPage. How can I apply my credential parameters to avoid this login form? Any help would be fantastic

    Read the article

  • C# & SQL Server Authentication

    - by Peter
    Hello, I'm currently developing a C# app with an SQL Server DB back-end. I'm approaching the point of deployment and hitting a problem. The applicaiton will be deployed within an active directory network. As far as SQL authentication goes, I understand that I have 2 options - Windows Authenticaiton or Server Authenticaiton. If I use Server Authentication, I'm concerned that the username and password for the account will be stored in plain text in the app.config file, and therefore leave the database vulnerable. Using Windows Authenticaiton will avoid this issue, however it would mean giving every member of staff within our organisation read/write access to the database in order to run the app correctly. Whilst this is ok, it also means that they can easily connect to the database themselves via other means and directly alter the data outside of the app. I'm guessing there is someting really obvious I'm missing here, but I've been googling all evening to no avail. Any advice/guidance would be much appreciated! Peter Addition - my project is Windows Form based not ASP.NET - is encrypting the app.config file still the right answer? If it is, does anyone have any examples that are not ASP.NET based?

    Read the article

  • Protecting routes with authentication in an AngularJS app

    - by Chris White
    Some of my AngularJS routes are to pages which require the user to be authenticated with my API. In those cases, I'd like the user to be redirected to the login page so they can authenticate. For example, if a guest accesses /account/settings, they should be redirected to the login form. From brainstorming I came up with listening for the $locationChangeStart event and if it's a location which requires authentication then redirect the user to the login form. I can do that simple enough in my applications run() event: .run(['$rootScope', function($rootScope) { $rootScope.$on('$locationChangeStart', function(event) { // Decide if this location required an authenticated user and redirect appropriately }); }]); The next step is keeping a list of all my applications routes that require authentication, so I tried adding them as parameters to my $routeProvider: $routeProvider.when('/account/settings', {templateUrl: '/partials/account/settings.html', controller: 'AccountSettingCtrl', requiresAuthentication: true}); But I don't see any way to get the requiresAuthentication key from within the $locationChangeStart event. Am I overthinking this? I tried to find a way for Angular to do this natively but couldn't find anything.

    Read the article

  • In IIS6, how to provide authenticated access to static files on remote server

    - by frankadelic
    We have a library of ZIP files that we would like to make available for download at an ASP.NET site. The files are sitting on a NAS device that is accessible from out web farm. Here is our initial strategy: Map an IIS virtual directory to the shared drive at path /zipfiles Users can download the zip files when given the URL However, if users share links to the files, anyone can download them. We would instead like to make use of the ASP.NET forms authentication in our site to validate users' requests before initiating the file transfer. A few problems: A request for a zip file is handled by IIS, not ASP.NET. So it is not subject to forms authentication. In addition, we don't want ASP.NET to handle the request, because it uses up an ASP.NET thread and is not scalable for download of large files. So, configuring the asp.net dll to handle *.zip requests is not an option. Any ideas on this? One idea we've tossed around is this: Initial request for download will be for an ashx handler. This handler will, after authentication, generate a download token which is saved to a database. Then, the user is redirected to the file with token appended in QueryString (e.g. /files/xyz.zip?token=123456789). An ISAPI plugin will be used to check the token. Also, the token will expire after x amount of time. Any thoughts on this? I have not implemented an ISAPI plugin so I'm not sure if this will even work. I would like to avoid custom coding since security is an issue and I'd prefer to use a time-tested solution.

    Read the article

  • What's the easiest way to create an HTTP proxy which adds basic authentication to requests?

    - by joshdoe
    I am trying to use a service provided by a server which requires basic HTTP authentication, however the application I am using does not support authentication. What I'd like to do is create a proxy that will enable my auth-less application to connect via the proxy (which will add the authentication information) to the server requiring authentication. I'm sure this can be done, however I'm overwhelmed with the number of proxies out there and couldn't find an answer how to do this. Basically it seems all I want to do is have a proxy serve this URL: http://username:password@remoteserver/path as this URL: http://proxyserver/path I can run it on Linux, but a plus if I can run it Windows as well. Open source or at least free is a must. A big plus is if it's fairly straightforward to setup.

    Read the article

  • RESTful applications logic and cross resource operations

    - by Gaz_Edge
    I have an RESTful api that allows my users to receive enquiries about their business e.g. 'I would like to book service x on date y. Is this available?'. The api saves this information as a resource to the following URI users/{userId}/enquiries/{enquiryId} The information shown when this resource is retrieved are the standard sort of things you'd expect from an enquiry - email, first_name, last_name, address, message The api also allows customers to be created for a user. The customer has a login and password and also a profile. The following URIs expose these two resources PUT users/{userId}/customers/{customerId} PUT users/{userId}/customers/{customerId}/profile The problem I am having is that I would like to have the ability to allow users to create a customer from an enquiry. For example, the user is able to offer their service on the date requested and will then want to setup a customer with login details etc to allow them to manage the rest of the process. The obvious answer would be to use a URI like users/{userId}/enquiries/{enquiryId}/convert-to-client The problem with this is is that it somewhat goes against a lot of what I've been reading about how to implement REST (specifically from the book Restful Web Services which suggests that URIs should point to resources not operations on resources). The other option would be to get the client application (i.e. the code that calls the api) to handle some of this application logic. This doesn't quite feel right to me. I have implemented in my design that the client app is fairly dumb. It knows just enough to display the results from the API, and does not contain any application logic. Would be great to hear what others views are on the best way of setting this up Am I wrong to have no application logic in the client app? How would I perform this operation purely in the REST api?

    Read the article

  • What RESTful API would you use for a turn-based game server?

    - by Ross
    How would you model a turn-based game server as a RESTful API? For example, a chess server, where you could play a game of chess against another client of the same API. You would need some way of requesting and negotiating a game with the other client, and some way of playing the individual moves of the game. Is this a good candidate for a REST (RESTful) API? Or should this be modelled a different way?

    Read the article

  • HowTo: iPhone Web Service call to WCF Service with Certificate Authentication

    - by Maike9
    We are a .Net shop currently developing a iPhone app that requires the app to call a WCF web service. Our WCF Services are secured with a x509 certificate for authentication purposes. I have been searching the internet for an example on how to do the following: Deploy a certificate with an iPhone app. Use that certificate in a web service call to a WCF Service. Any insight on how this might be accomplished would be greatly appreciated.

    Read the article

  • forms authentication

    - by Alexander
    Ok so I am using forms authentication in my web site and I defined this in my config. Therefore I have an ASPNETDB.MDF. So do I need to have a database called ASPNETDB.MDF in my web host? If that is the case then how do I connect this so that my site uses this to verify users? I am sorry this seems to be like a very noob question

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >