Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

Page 18/244 | < Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25 | Next Page >

Authentication for SaaS

- by josh

What would be recommended as an authentication solution for a Software-as-a-service product? Specifically, my product would have clients that would typically have low information technology skills, potentially not even having an IT department within their organization. I would still like to have my application authenticate against their internal directory service (eDirectory, Active Directory, etc.). I don't want them, however, to have to open/forward ports (for instance, opening up port 636 so I can do LDAPS binds directly to their directory service). One idea I had was to have an application installed on a server within their organization's network that would backconnect to my service. This would be a persistant socket. When I need to authenticate a user, I send the credentials via the socket (encrypted) - the application then performs a bind/whatever to authenticate against the directory service and replies with OK/FAIL. What would you suggest? My goal here is to essentially have the client install an application within their network, with very little configuration or intervention.

Read the article
IIS 7.0 - Every site suddenly redirecting root request to forms authentication

- by Pittsburgh DBA

Suddenly, IIS 7.0 is redirecting every request for the root of any domain hosted on the box to ~/Account/Logon, which is our Forms Authentication redirect. Additionally, some JavaScript and image requests are being similarly redirected, but not other aspx pages. This is not desirable. Nobody will admit to changing anything. Any ideas? EDIT: It turns out that something has gone wrong with the disk permissions. Can anyone point me to the way things are supposed to be in Windows Server 2008 for a standard ASP.Net installation? The disk permissions are out of whack now.

Read the article
Sign in as different user when using Integrated Windows Authentication

- by Sam

I have restricted access to a site by using Integrated Windows Authentication and turning off anonymous access. This way I can then show them their real name (from looking up on Active Directory and using the server variable LOGON_USER) and do other related Active Directory tasks. How can I then prompt again for their user credentials, through a 'sign in as other user' link , showing the browser prompt (like you would get on a browser like Chrome or Firefox, or if the site was not in the 'Intranet' zone in IE) rather than a Web Form? Since SharePoint offers this functionality, I assume there is a way to do this through code, but I don't know what code can do this (using C#). I can send a 401 header which makes the prompt appear, but how do you then confirm if they are logged in?

Read the article
IIS Virtual Directory/Application & Forms authentication

- by user216194

I've setup and deployed a simple forms authentication website with membership using .NET 4. I've created a virtual directory (now converted to "Application") in IIS7 and setup the web.config file in the virtual directory as follows: <system.webServer> <directoryBrowse enabled="true" /> </system.webServer> Great! I browse to the virtual directory: ../mydomain/books/ and I'm automatically redirected to the login page specified by web.config in my root directory and the url path is placed as follows: ../Account/Login.aspx?ReturnUrl=%2fbooks At this point, I login succesfully, but I am not redirected anywhere, and when I manually return to the directory, ../books, I'm sent back to the login page, where I'm already logged in? So I'm confused about what my problem is! I should be successfully authenticated, and than redirected back to the directory, or at the very least be able to view it manually after I log in right?

Read the article
Application loses authentication when performing redirect to a virtual directory

- by nuhusky2003

I have the following setup: http://www.example.com/dir1/ and http://www.example.com/dir2/ Each virtual directory is configured on IIS6.0 as an application with own AppPool. When redirecting authenticated user from dir1 to dir2 using response.redirect I lose authentication information for the user and the user is being redirected to the login page. This issue was not coming up with each app (dir1 and dir2) were configured under subdomain, ex: http://dir1.example.com and http://dir2.example.com. I have resolved the issue by adding a machine key to the machine.config file. Can someone explain to me why it's not working on a http://www.example.com/dir1 configuration?

Read the article
Web services Authentication Jungle

- by redben

I have been doing some research lately about best approaches to authenticating web services calls (REST SOAP or whatever). But none of the Approaches convinced me... But i still can't a make a choise... Some talk about SSL and http basic authentication -login/password- which just seems weird for a machine (i mean having to assign a login/password to a machine, or is it not ?). Some others say API keys (seems like these scheme is more used for tracking and not realy for securing). Some say tokens (like session IDs) but shouldn't we stay stateless (especially if in REST style) ? In my use case, when a remote app is calling one of our web services, i have to authenticate the calling application obviously, and the call must - if applicable - tell me which user it impersonates so i can deal with authorization later. Any thoughts ?

Read the article
apache: basic authentication before rewrite

- by pyro

I have an apache in frontend that redirect a request via a rewrite rule. I have to put a basic authentication before redirect a request, so I put this in the config file: <VirtualHost *:443> ServerAdmin xxxxxx DocumentRoot /var/www/html/ ServerName xxxxxxx RewriteEngine on ErrorLog logs/error.log CustomLog logs/access_log common <Directory /var/www/html/> AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/httpd/conf/tag.pwd Require valid-user RewriteRule ^/(.*) http://xxxxxx:xxx/$1 [P,L] </Directory> </VirtualHost> But doesn't work. Any suggestions?

Read the article
Code igniter authentication code in controller security question

- by Prime Studios

I have a main controller to handle the very front-end of my authentication system, it handles login, logout, update user info, etc. functions that I anticipate calling by POST'ing from views/forms. What about something like a "delete_user" function though? My thoughts are a button in someones admin panel would say "Delete Account" and it would post to "/auth/delete", and the function would delete the user based on their session username or id. This seems a bit open ended, you could send out a link to someone and when they opened it while in that application it would delete their account.. Whats the best way to handle this?

Read the article
Using couchdb authentication by xmpp users

- by flossy

Hi, I'd like use couchdb for a web application with external user authentication by a XMPP-Server (Openfire). How can I achieve that? Let's say we have thre users: [email protected] [email protected] [email protected] Now [email protected] should be able to read all documents that are suited for basic users. [email protected] should be able to read AND write all documents that are suited for basic users. [email protected] should be able to read all documents that are suited for basic and advanced users. Is that possible?

Read the article
authentication of webapps when passwords are hashed with bcrypt

- by dubreakkk

I created a GWT project which requires authentication. Initially, the users' passwords were in plain text, but now I would like to hash them with BCrypt. I searched but I cannot find a place describing how to make Jetty authenticate against a BCrypt hashed password. I'm sending the password to the server using a FORM in plain text and over SSL. What do I need to do to make Jetty hash this password and compare it to the one in the database? Thank you;

Read the article
Service-Based Authentication Using Tokens

- by jerhinesmith

I'm having a tough time trying to find clear and concise examples of how one would implement a service-based authentication scheme using tokens. As far as I can tell, the basic steps are as follows: Client requests username/password from user Client passes username/password to identity provider Provider checks username/password and sends back a token if the user is valid Client does something with the token? The third and fourth step are where I'm getting stuck. I assume the "token" in this case just has to be either an encrypted string that the client can decrypt or some random string that gets stored somewhere (i.e. a database) that the client can then verify against, but I'm not really sure what the client is then supposed to do with the token or why you even need a token at all -- couldn't a simple user ID also suffice?

Read the article
Form authentication works on dev server but not on IIS

- by Ilknur

Hi, We have a similar problem. We have a web application running under default appdomain. It was working fine until a week before...Suddenly it has encountered a problem. Below message is taken from event logs. Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired. Application uses FormsAuthentication and gets the roles from aspnetdb.. After the error, when user logins to the page, it does not redirects to the default.aspx. Again login.aspx comes up. On the other hand application works fine on development server(localhost), but not on www(IIS 6.0). Does any one has an idea? Thanks, Ilknur

Read the article
Windows Phone 7 Application + WCF + SSL + Username Authentication

- by s7orm

Hello, I have developed a test service with WCF, which I try to consume from a Windows Phone 7 Application, however when calling a method from the service I get a weird exception: There was no endpoint listening at https://server/Service.svc that could accept the message. This is often caused by an incorrect address or SOAP action. The WCF service uses a custom binding with UserNameOverTransport authentication and SSL. For the authorization I am using an implementation of the UserNamePasswordValidator. If I try to consume the service from a console or silverlight application (cross domain policy is enabled) - it works fine (authorization as well). And the most weird thing is that the ServiceReferences.ClientConfig file generated for the WP7 App is exactly the same as the config file generated for the silverlight application. I have no idea what is wrong with my service...

Read the article
Web Application - Authentication / Login Framework

- by user456563

This is a very simple, probably a most asked question and frequently developed as part of any web application. Say I'm planning to build a web application and some of the functional requirements include (apart from the usual hard hitting security reqs), - Need to have users sign up for a new account profile - Authenticate user using the native app authentication / Facebook or Google or Yahoo or OpenId login - Allow lost password retrieval - Session handling needs Is there an out of the box frameworks (Drupal, Liferay??) that I can use to wrap my application which can be a bunch of JSP's or HTML's with JS? I know I'm asking a very simple and maybe a naive question. But this is a topic every web developer guru will go thru. Any help, advise and pointers much appreciated.

Read the article
Cannot connect to MySQL 4.1+ using old authentication

- by B T

I'm trying to connect to a mySQL database at http://bluesql.net, but when I try to connect, it gives this error: Connect Error (2000) mysqlnd cannot connect to MySQL 4.1+ using old authentication I've looked into this, and it has to do with some old password scheme used before MySQL 4.1. Newer versions have the option to use old passwords, which I've read may cause this problem. I'm running php 5.3, and connecting with mySQLi (new mysqli(...)). I'm hoping I can do something in the code to connect to the DB at bluesql.net - clearly I don't control how their database is set up. Downgrading php versions isn't an option. Anyone have any ideas?

Read the article
Established javascript solution for secure registration & authentication without SSL

- by Tomas

Is there any solution for secure user registration and authentication without SSL? With "secure" I mean safe from passive eavesdropping, not from man-in-the-middle (I'm aware that only SSL with signed certificate will reach this degree of security). The registration (password setup, i.e. exchanging of pre-shared keys) must be also secured without SSL (this will be the hardest part I guess). I prefer established and well tested solution. If possible, I don't want to reinvent the wheel and make up my own cryptographic protocols. Thanks in advance.

Read the article
User forms authentication in JSF

- by Proton

I'm a novice at JSF and I got a couple of questions concerning organizing user authentication there. 1) How can i redirect the registered user to a welcome page (for example welcome.xhtml)? I heard about using Filter or navigation-rule tag, but i didn't found a full-blown tutorial of how it works. 2) How can i tell the server that unauthorized users can access not only the login page but also the registration page? Is there an analog for ASP.NET web.config tag or something like this?

Read the article
Best Solution For Authentication in Ruby on Rails

- by Dan Wolchonok

I'm looking for a pre-built solution I can use in my RoR application. I'm ideally looking for something similar to the ASP.NET Forms authentication that provides email validation, sign-up controls, and allows users to reset their passwords. Oh yeah, and easily allows me to pull the user that is currently logged into the application. I've started to look into the already written pieces, but I've found it to be really confusing. I've looked at LoginGenerator, RestfulAuthentication, SaltedLoginGenerator, but there doesn't seem to be one place that has great tutorials or provide a comparison of them. If there's a site I just haven't discovered yet, or if there is a de-facto standard that most people use, I'd appreciate the helping hand.

Read the article
download authentication?

- by Sahat

Hi I am sorry if this question has been asked before but I am looking for some sort of download authentication. In other words if I am going to give the user a link to a file, I want to make sure only that person will get it, and get it only once! Is there a simple solution without setting up the whole database. Even better if it's possible to have an ecrypted web link that will let you download a file from my FTP server just once, after that the link becomes invalid. Thanks.

Read the article
Restricting URL w.r.t HTTP method and setting different authentication mechanism for each

- by user31745

I shall start with an example. I want to restrict to POST requests only for http://path/to/logical/abc.xml and restrict to GET only for http://path/to/logical/def.xml. How do I put constraints like this as the paths are logical and location directive is not supported in .htaccess? The actual problem is to set different authentication type(basic, digest) on diff logical file.for eg. for abc.xml I want to authenticate for Basic type of authentication and def.xml with digest.

Read the article
Forms authentication in Silverlight

- by Matt

I have a website using forms authentication. Everything runs sweet their. I've got a Silverlight app that uses Duplex messaging to talk to a WCF service. I'd like to be able to authenticate users in my service. I realize that by doing this <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> that my service would then have access to the HttpContext.Current context and I could easily authenticate a user. But herein lies the problem. aspNetCompatibilityEnabled="true" combined with Duplex messaging results in very, very, very slow communication between silverlight and the website (10 seconds or more). Unless I have a configuration wrong, I'm going to assume that this is a bug in WCF / Silverlight. So basically I'm looking for a workaround. One idea I wanted to try was to read the ASPSESSID cookie from the browser and send that value over the wire. But I don't know what to do with the cookie on the service side. Is there some way to authenticate a user by sending their cookie data over duplex messaging?

Read the article
Universal Authentication to Google Data API?

- by viatropos

Hey, I want to be able to have say 10 admin users store all their documents on google docs for a domain ('http://docs.google.com/a/domain.com'), and have everyone else be able to view them through 'domain.com/documents'. I'm just not certain how the whole authentication thing works in that case. Should I use OAuth? Or could I just use ClientLogin for say the root/global admin, and anytime someone goes to the site, they login as that? That works for personal docs, but it doesn't seem to be working for Google Apps. I would like it so the user has no idea they're accessing google docs, so I don't want them to have to say "Yes, Authenticate this App with Google", as seen in this Doclist Manager App. The app is basically: Admin stores a bunch of forms and documents User uses form and views documents the admin has posted ... so there's no need to access the user's Google Docs. But it seems like AuthSub and OAuth are addressing that instead... Thanks for the tips.

Read the article
CAS authentication and redirects with jQuery Ajax

- by Steve Nay

I've got an HTML page that needs to make requests to a CAS-protected (Central Authentication Service) web service using the jQuery AJAX functions. I've got the following code: $.ajax({ type: "GET", url: request, dataType: "json", complete: function(xmlHttp) { console.log(xmlHttp); alert(xmlHttp.status); }, success: handleRedirects }); The request variable can be either to the CAS server (https://cas.mydomain.com/login?service=myServiceURL) or directly to the service (which should then redirect back to CAS to get a service ticket). Firebug shows that the request is being made and that it comes back as a 302 redirect. However, the $.ajax() function isn't handling the redirect. I wrote this function to work around this: var handleRedirects = function(data, textStatus) { console.log(data, textStatus); if (data.redirect) { console.log("Calling a redirect: " + data.redirect); $.get(data.redirect, handleRedirects); } else { //function that handles the actual data processing gotResponse(data); } }; However, even with this, the handleRedirects function never gets called, and the xmlHttp.status always returns 0. It also doesn't look like the cookies are getting sent with the cas.mydomain.com call. (See this question for a similar problem.) Is this a problem with the AJAX calls not handling redirects, or is there more going on here than meets the eye?

Read the article
Forms/AD Authentication with Sharepoint

- by David Lively

All, I'm configuring Sharepoint to use forms authentication with LDAP/Active Directory. I'm new to Sharepoint, so if this is obvious, please point me in the right direction. Whenever I attempt to log in with a bad account or password, I get the very friendly (and correct) error message, The server could not sign you in. Make sure your user name and password are correct, and then try again. ... which implies that Sharepoint is able to communicate with AD. If I log in with a valid account, I get a page that says: (I added the grey bar to cover up the login name) Any suggestions? The account I'm logging in with is an administrator and has been granted full control in central administration. Also, interesting note: If I click the "sign in as a different user" link, and attempt to sign in using with the same credentials I just used, the site just redirects back to the login page, with no error or status message. If I then manually enter the site url, it again shows the "Error: Access Denied" page. Argh.

Read the article
BITS, TakeOwnership, and Kerberos / Windows Integrated Authentication

- by Charlie Flowers

We're using BITS to upload files from machines in our retail locations to our servers. BITS will stop transferring a file if the user who owns the BITS job logs off. Therefore, we're using a Windows Service running as LocalSystem to submit the jobs to BITS and be the job owner. This allows transfers to continue 24/7. However, it raises a question about authentication. We want the BITS server extensions in IIS to use Kerberos to authenticate the client machine. As far as I can tell, that leaves us with only 2 options, both of which are not ideal: Either we create an "ImageUploader" account and store its username/password in a config file that the Windows Service uses as credentials for the BITS job, or we ask the logged on user who creates the BITS job for his password, and then use his credentials for the BITS job. I guess the third option is not to use Kerberos, and maybe go with Basic Auth plus SSL. I'm sure I'm wrong and there's a better option. Is there? Thanks in advance.

Read the article

< Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25 | Next Page >