Search Results

Search found 62215 results on 2489 pages for 'http basic authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 181/2489 | < Previous Page | 177 178 179 180 181 182 183 184 185 186 187 188  | Next Page >

  • Sending a signup confirmation email with having to confirm using Devise

    - by slythic
    Hi all, I'm using devise to handle user authentication with my rails app. I'd like to allow my users to sign up and be instantly logged in and receive a confirmation email. Devise has the Confirmable module which sends out an email but requires the user to open up their mail application, find the email and click a link which then leads them to the site again. I'd like to just email the user a confirmation that they signed up and that's it. Is there a way for devise to do this or do I need to resolve to handling ActionMailer myself (if so, is there a quick and non-complex example)? Many thanks! -Tony

    Read the article

  • losing session in rails 2.3.2 app using subdomain

    - by mike in africa
    i have a 2.2.3 app which i upgraded to 2.3.2 it's a multi-site (using subdomain) that creates one top level session for all sites. this is how i change the domain in production.rb: ActionController::Base.session_options[:domain] = "xxx.com" # in rails 2.2.2, this is what i used to do: # ActionController::Base.session_options[:session_domain] = "xxx.com" strange things started to happen after i upgraded i can no longer login using restful authentication; it does authenticate me, but as soon as i'm redirected, it would ask me to login again. as i said, i use restful_authentication and i also use passenger 2.1.2. anyone can help?

    Read the article

  • How can I make a security token automatically expire in a passive STS setup?

    - by Rising Star
    I have a passive STS set up for a new application I'm working on. I've noticed that when a user's session expires, the user is still authenticated. I would have thought that when the session expires, the user would no longer be authenticated. My boss discussed this with me as I am currently charged with setting up the authentication. He says that it would be good if we could make the user's log on expire after a certain period of inactivity similar to how the session expires. I am familiar with how to sign a user out with a few lines of code. How can I make it so that the user is automatically signed out after a specified period of inactivity? Currently, I have some code in the global.asax file that programmatically checks when the last request was and compares it to the current time; it then signs the user out if a certain period of time has expired.

    Read the article

  • Why Shouldn't I Programmatically Submit Username/Password to Facebook/Twitter/Amazon/etc?

    - by viatropos
    I wish there was a central, fully customizable, open source, universal login system that allowed you to login and manage all of your online accounts (maybe there is?)... I just found RPXNow today after starting to build a Sinatra app to login to Google, Facebook, Twitter, Amazon, OpenID, and EventBrite, and it looks like it might save some time. But I keep wondering, not being an authentication guru, why couldn't I just have a sleek login page saying "Enter username and password, and check your login service", and then in the background either scrape the login page from say EventBrite and programmatically submit the form with Mechanize, or use an API if there was one? It would be so much cleaner and such a better user experience if they didn't have to go through popups and redirects and they could use any previously existing accounts. My question is: What are the reasons why I shouldn't do something like that? I don't know much about the serious details of cookies/sessions/security, so if you could be descriptive or point me to some helpful links that would be awesome. Thanks!

    Read the article

  • .NET ORM and Security

    - by Sphynx
    We're going to use an ORM tool with a .NET desktop application. The tool allows creation of persistent classes. It generates all database tables automatically. In addition to other data, our system needs to store user credentials, and deliver access control. The question is, is there any possibility of access control by means of ORM, without creating the database authentication mechanisms manually? Is there any product on the market which allows this? We thought of limiting the access in the program itself, but users can easily access the database directly, and bypass the program limitations. Thanks.

    Read the article

  • How can one make a web-site accessible only when someone has a dongle?

    - by Brian M. Hunt
    Suppose you want to add an extra layer of credentials on top of a SSL-encrypted login/password, but you don't want to increase complexity to the user. Is there a way to add the requirement of the possession of a dongle to web-server authentication schemes with existing cross-platform browser capabilities? In other words, to get access to the web-site, you would need a username, password, and a USB dongle that has been plugged into the client computer. The dongle would presumably do some sort of challenge/response. It'd be ideal if this dongle solution worked with Firefox automatically or with the simple addition of a plugin. Thoughts and suggestions are appreciated.

    Read the article

  • In Django, why is user.is_authenticated a method and not a member variable like is_staff

    - by luc
    Hello all, I've lost some time with a bug in my app due to user authentication. I think that it's a bit confusing but maybe someone can explain the reason and it will appear to me very logical. The user.is_staff is a member variable while user.is_authenticated is a method. However is_authenticated only returns True or False depending if the class is User or AnonymousUser (see http://docs.djangoproject.com/en/dev/topics/auth/) Is there a reason for that? Why user.is_authenticated is a method? Thanks in advance

    Read the article

  • How do I protect static files with ASP.NET form auhentication on IIS 7.5?

    - by Egil Hansen
    Hi all I have a website running on a IIS 7.5 server with ASP.NET 4.0 on a shared host, but in full trust. The site is a basic "file browser" that allows the visitors to login and have a list of files available to them displayed, and, obviously, download the files. The static files (mostly pdf files) are located in a sub folder on the site called data, e.g. http://example.com/data/... The site uses ASP.NET form authentication. My question is: How do I get the ASP.NET engine to handle the requests for the static files in the data folder, so that request for files are authenticated by ASP.NET, and users are not able to deep link to a file and grab files they are not allowed to have? Best regards, Egil.

    Read the article

  • Custom User Management for Google App Engine Java

    - by Gopi
    I am using GAE Java for a multi-user application. There are multiple users with different roles. Each user can login, do some operations and logout. The business restricts me from using Google User Service and I need to implement my own for authentication and session management. Can anyone please share with me how should I go about implementing my own user management? I have read its very tricky to implement own user management. Any pointers in terms of best approaches/ design / existing frameworks if any ? I could see some similar posts but they are for python.

    Read the article

  • Client-side session timeout redirect in ASP.Net

    - by Mercury821
    I want to build a way to automatically redirect users to Timeout.aspx when their session expires due to inactivity. My application uses forms authentication and relies heavily on update panels within the same aspx page for user interaction, so I don't want to simply redirect after a page-level timer expires. For the same reason, I can't use '<meta http-equiv="refresh"/>' What I want to do is create a simple ajax web service with a method called IsSessionTimedOut(), that simply returns a boolean. I will use a javascript timer to periodically call the method, and if it returns true, then redirect to Timeout.aspx. However, I don't want calling this method to reset the session timeout timer, or the session would never time out because of the service call. Is there a clean way to avoid this catch-22? Hopefully there is an easy solution that has so far eluded me.

    Read the article

  • Strange Error - "Object moved to here."

    - by Dkong
    I get the strange error "Object moved to here." on a blank white page when I try to login on a site I created. It works fine locally but not when I deploy it to the test or production server. I am not doing anything odd, just using basic authentication code in a helper function as follows... public static bool AuthenticateUser(string Username, string Password, bool PersistLogin, string RedirectionURL) { if (Membership.ValidateUser(Username, Password)) { FormsAuthentication.SetAuthCookie(Username, PersistLogin); HttpContext.Current.Response.Redirect(RedirectionURL,true); return true; } else return false; }

    Read the article

  • Manually logging in a user without password

    - by Agos
    Hi everybody; I hope you can help me figure the best way to implement a manual (server-side initiated) login without using the password. Let me explain the workflow: User registers Thank you! An email with an activation link has been sent blablabla (Account now exists but is marked not enabled) User opens email, clicks link (Account is enabled) Thank you! You can now use the site What I'm trying to do is log in the user after he has clicked the email link so he can start using the website right away. I can't use his password since it's encrypted in the DB, is the only option writing a custom authentication backend?

    Read the article

  • pyramid view redirection

    - by ascobol
    This question title may be slightly incorrect but I could not find a better one (yet). I'm trying to integrate Mozilla Persona (browserid) into a Pyramid application. The login process is: user can login on any page by clicking on the login button a popup then shows a login form when the users enters correct login/password, an ajax call is made by the popup to a pyramid view that checks users credentials, and calls pyramid remember function if the check succeeded the browserid javascript code then reloads the current page Now I want to handle the case of a new user subscribing to the web app and present a new view asking for a few more details (desired username, etc) Since the "remember" function is called by an ajax call from the popup, I cannot redirect the user the the "/newuser" page. So every view needs to redirect new users to the "/newuser" url whenever the remembered browserid has no corresponding user in the database. Is there a way to intercept user requests before calling a view to call the "new_user" view instead ? Or maybe my authentication approach is fundamentally incorrect and I should rely on another approach ?

    Read the article

  • Backup Google Calendar programmatically: https://www.google.com/calendar/exporticalzip

    - by Michael
    I'm struggling with writing a python script that automatically grabs the zip fail containing all my google calendars and stores it (as a backup) on my harddisk. I'm using ClientLogin to get an authentication token (and successfully can obtain the token). Unfortunately, i'm unable to retrieve the file at https://www.google.com/calendar/exporticalzip It always asks me for the login credentials again by returning a login page as html (instead of the zip). Here's the critical code: post_data = post_data = urllib.urlencode({ 'auth': token, 'continue': zip_url}) request = urllib2.Request('https://www.google.com/calendar', post_data, header) try: f = urllib2.urlopen(request) result = f.read() except: print "Error" Anyone any ideas or done that before? Or an alternative idea how to backup all my calendars (automatically!)

    Read the article

  • IIS Active Directory double handshake hickup

    - by AngryHacker
    I have a .net 2.0 click-once application that connects to IIS web services on Windows 2003 R2 64-bits. The IIS is setup with Integrated Windows Authentication. So whenever a web service call is made to IIS web services, there is a double handshake taking place: Client Request #1 GetEmployeeList Server Response #1 <- 401 HTTP/1.1 401 Unauthorized WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Client Request #2 REQUEST Header... Server Response #2 <- 200 Data Received Lately, however, Server Response #1 will sometimes (a good 20 percent of the calls) take a massive amount of time (like 25 to 30 seconds). How do I debug this problem? Is this a Active Directory problem or a Domain Controller problem?

    Read the article

  • last_login_at not working (null) w/ Authlogic Magic Columns...

    - by bgadoci
    I am using the Authlogicgem for authentication and most of it seems to be working great. Authlogic provides several columns that you can add to your Users table (for example) that it knows to fill in if they are present. i.e. login_count, current_login_ip, last_request_at and last_login_at. All seem to be working fine with the exception of the last_login_at field which is null for each user. Is there anything specific that could be causing this perhaps having to do with the user sessions, etc? I can post code if needed but wasn't sure what would relate to this.

    Read the article

  • How to bind to current riacontext user in xaml

    - by Jakob
    Hi. I Have a datacontext that has a "getuserbyguid" method, i want to pass in the current logged in user.userid as a parameter, but I don't know how to bind to the current logged in user through xaml. I've tried {Binding Path=User.UserId} but without any luck. I'm using the built in riaservices authentication methods, so the userinfo should be exposed in the riacontext, or am I wrong about this? I have this for instance <riaControls:DomainDataSource x:Name="FollowingGridData" AutoLoad="True" QueryName="GetUsersFollowedByIDQuery" LoadSize="20"> <riaControls:DomainDataSource.DomainContext> <my:NotesDomainContext /> </riaControls:DomainDataSource.DomainContext> <riaControls:DomainDataSource.QueryParameters> <riaControls:Parameter ParameterName="userguid" Value="{Binding Path=User.UserId}" /> </riaControls:DomainDataSource.QueryParameters> </riaControls:DomainDataSource> But it gives me an error saying that it's not a guid, meaning that it must not be binding correctly

    Read the article

  • OpenID PAM module

    - by Harvey Kwok
    I am looking for a PAM module that can use OpenID to do the authentication. My idea is that I want to logon my Linux box using my gmail account and password. I found there is a open source project in Google Code which seems to be doing the things I want but I don't see any code available for download. I saw there are so many examples or implementations but they are all about web apps. Is there any non-web based OpenID applications in the world? Is it technically possible to make a non-web based OpenID application? I naively think that it should be possible. I can emulate whatever packets the browser send out to the OpenID provider and get back the result. As long as my Linux box is connected to the Internet, I should be able to use my OpenID to login. Appreciate any comments, suggestions or pointers on how to make an OpenID PAM module. Thanks!

    Read the article

  • Why is it a bad idea to use ClientLogin for web apps in the Google API?

    - by Onema
    I just picked up the Google API today to allow some users of our site to upload videos to our own organization YouTube account. I Don't want our users to know our user name and password, but rather give them the option if they want to upload videos to youtube or not. If they choose to do it, they check on a check box and hit the submit button. I keep seeing over, and over in the Developers guide that ClientLogin, which to me looks like the best option to implement what I want to do, is not a good idea for user authentication in web applicaitons. The "AuthSub for web applications" doesn't seem to be the best mechanism for what I want to implement! Any ideas on what to do? Thank you

    Read the article

  • Security for web services only used from a Silverlight application?

    - by Lasse V. Karlsen
    I have googled a bit for how I should handle security in a web service application when the application is basically the data repository for a Silverlight application, but have gotten inconclusive results. The Silverlight application is not supposed to have its own user authentication, since it will be reachable only through a web application that the user have already authenticated to get into. As such, I was thinking I could simply add a parameter to the SL application that is a cookie-type value, with a certain lifetime, linked to the user in the database. The SL application would then have to pass this value alongside other parameters to the web services. Since the web service is hopefully going to be a generic web service endpoint, few methods, adding an extra parameter at this level will not be a problem. But, am I supposed to roll this system on my own? It sounds to me as this isn't exactly new features that nobody has considered before, so what are my options?

    Read the article

  • More than one profile in Django?

    - by JPC
    Is it possible to use Django's user authentication features with more than one profile? Currently I have a settings.py file that has this in it: AUTH_PROFILE_MODULE = 'auth.UserProfileA' and a models.py file that has this in it: from django.db import models from django.contrib.auth.models import User class UserProfileA(models.Model): company = models.CharField(max_length=30) user = models.ForeignKey(User, unique=True) that way, if a user logs in, I can easily get the profile because the User has a get_profile() method. However, I would like to add UserProfileB. From looking around a bit, it seems that the starting point is to create a superclass to use as the AUTH_PROFILE_MODULE and have both UserProfileA and UserProfileB inherit from that superclass. The problem is, I don't think the get_profile() method returns the correct profile. It would return an instance of the superclass. I come from a java background (polymorphism) so I'm not sure exactly what I should be doing. Thanks!

    Read the article

  • Using IPrinciple.Identity.Name as a key in a dataBase to identify user's rows.

    - by bplus
    I'm writing a small intranet app that uses Windows Authentication and Asp.Net MVC. I need to store various bits of data in a db against each user. As far as I can tell the IPrinciple object does not seem to have something like a unique id. So I was thinking I could just use User.Identity.Name as a unique value to identify rows in my db. Is this a bad idea? Is there an alternative to this approach? Thanks for any help.

    Read the article

  • Anonymous users support vs Google bot

    - by Andy
    I have a User class in my web app that represents a user currently logged in. Every time a user vists a page, a User instance is populated based on authentication data supplied in cookies. A User instance is created even if an anonymous user logs in - and a corresponding new record is created in the User table in the database. This approach allows me to save some state info for the current user regardless of its type. The problem however with this approach is the Google bot, and other non-human web organisms crawling my pages. Every time a bot starts to walk around the site, thousands of useless records will be created in the database, each of them only to be used for a single page. Question: what is the best trade off? How to support anonymous users, save their state, and don't get too much overhead because of cookieless bots?

    Read the article

  • REST client website login

    - by Jordan
    I have written a REST service that uses WSSE as an authentication method but i want to be able to use this rest service through a browser by creating a website around the service. I want the user to be able to log in on the website then when they view, for example the "view users" page an ajax request is made to test.com/users and back comes the list. The part i'm trying to get my head around is the logging in/out on the website and keeping the user logged in across pages. Since in a true REST implementation there's no state held on the server, i can't use $_SESSION and now i don't know where to start! What is the best way to go about this? Do i still need to store session information on the server then possibly use cURL to make the request? Thanks Jay

    Read the article

  • Web Form based login in Java

    - by BrunoLM
    How can I block access to the site if a user is not logged in? Under web.xml Security I checked Form authentication then I selected Login and Error page, but I don't know how to block the access and redirect the user to the login page. Do I need a filter? If so, how can I get the login url I specified? And how should I call the validation method? I saw in some examples this code <form method=post action="j_security_check"> <input type="text" name="j_username" /> <input type="password" name="j_password" /> </form> What does it do?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 177 178 179 180 181 182 183 184 185 186 187 188  | Next Page >