Search Results

Search found 11365 results on 455 pages for 'authorization basic'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 195/455 | < Previous Page | 191 192 193 194 195 196 197 198 199 200 201 202  | Next Page >

  • why does Integrated Windows Authentication fail when clients access off the network

    - by Bryan
    My background is not with web applications so this problem is hard for me to explain easily. First I'll try to describe the setup. Client setup:-Only browser that is effected is IE 6-8 (Firefox, chrome, opera, and safari all work fine) -A user will try to access our web application from a company laptop that is not connected to our network. -This machine will be a member of our workgroup and have the company DNS listed as a trusted intranet site. (to which the application in question would be a member) -The security logon mode is set to Automatic Logon only in intranet zone only, and IWA authentication is enabled on the clients browser.Server setup:-Windows server 2003 fp2-The application will first redirect to an Authorization asp page which has anonymous access disabled and IWA enabled in IIS.what should happen is that, since the client is not currently on the network, when this page is called it should prompt the user for network credentials. But with IE, instead of prompting, the user gets a page cannot be displayed error because the IIS manager is denying access to the asp page. If the company DNS is removed from the trusted intranet site list then it prompts correctly but disables single sign on the next time that computer is connected to the network or vpn. My assumption is that since IE uses IWA and the site is listed as an internal site, when no network is found IE just sends nulls to the server attempting to authenticate which is swiftly punted back. Other browsers do not have security zones so when network credentials are not present the server prompts for them. Is there a way to get around this so that our clients can keep the company DNS in the intranet zone but still have the server prompt for credentials when not on the network? Any attempt to allow for anonymous access on the asp page, as far as I know, will cause AUTH_USER to return null and again break SSO. I realize this is slightly rambling so I will do my best to clarify and questions you guys might have. Thanks in advance.

    Read the article

  • using wget against protected site with NTLM

    - by Joey V.
    Trying to mirror a local intranet site and have found previous questions using 'wget'. It works great with sites that are anonymous, but I have not been able to use it against a site that is expecting username\password (IIS with Integrated Windows Authentication). Here is what I pass in: wget -c --http-user='domain\user' --http-password=pwd http://local/site -dv Here is the debug output (note I replaced some with dummy values obviously): Setting --verbose (verbose) to 1 DEBUG output created by Wget 1.11.4 on Windows-MSVC. --2009-07-14 09:39:04-- http://local/site Host `local' has not issued a general basic challenge. Resolving local... seconds 0.00, x.x.x.x Caching local = x.x.x.x Connecting to local|x.x.x.x|:80... seconds 0.00, connected. Created socket 1896. Releasing 0x003e32b0 (new refcount 1). ---request begin--- GET /site/ HTTP/1.0 User-Agent: Wget/1.11.4 Accept: */* Host: local Connection: Keep-Alive ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 401 Access Denied Server: Microsoft-IIS/5.1 Date: Tue, 14 Jul 2009 13:39:04 GMT WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Content-Length: 4431 Content-Type: text/html ---response end--- 401 Access Denied Closed fd 1896 Unknown authentication scheme. Authorization failed.

    Read the article

  • spring security login pages?

    - by es11
    I have some confusion with how spring security works: In my application, I need to have a login page for users after which they are redirected back the page from where they came. I went through a few spring security tutorials and read some articles, and the examples work by securing a certain page on a site (managed by the <intercept url ..> tag). Then Spring security will generate a login page (or you can specify your own) in order to access the secured page. I am confused because I don't want to necessary secure a given page on my site: I want a login page for users to log into after which they have access to elevated features of the site (through spring security's authorization features). My question is: given what I described, what would be the strategy to create this login page which, after login, would grant the logged in user the appropriate authorities? The hack I thought of would be to create a simple JSP page who's only function is to redirect back to the previous page. Then I would use Spring Security to secure that JSP page. But it seems like there should be a better way of doing this... Thanks

    Read the article

  • WebDav And Exchange2007 HTTP1.1 404 Ressource not Found!

    - by adrien
    i have Exchange2007. and i am using the url: "https://exchange2007.exchange.server.com/Exchange/username/calendar"; 'calendar', or 'mailbox'( in your language! example, "boite de reception" in french or "calendário" in portuguese) with that url that i'm using i can list my ressources, but can't send a mail or write an appointement! why?!? See that i get a response of the server 207multistatus and ok, but the return a HTTP/1.1 404 Resource Not Found i wish a 201 created!!! (for my appointement) someone have better ideia ? thx. Console: >>>>>>> to server --------------------------------------------------- PROPPATCH /Exchange/marcelo/calend%C3%A1rio HTTP/1.1 Authorization: Basic bWFyY2Vsb0BleGNoYW5nZTptdXN0YWZhMSQ= Content-Type: text/xml; charset=utf-8 User-Agent: Jakarta Commons-HttpClient/2.0final Host: exchange2007.exchange.snap.com.br Content-Length: 1407 <D:propertyupdate xmlns:D="DAV:"> <D:set> <D:prop> <mapi xmlns="xmlns"> http://schemas.microsoft.com/mapi/ </mapi> <Cmd xmlns="urn:"> saveappt </Cmd> <dtEnd xmlns="urn:schemas:calendar"> 2009-06-30T10:30:00.000Z </dtEnd> <contentclass xmlns="DAV"> urn:content-classes:Appointment </contentclass> <Subject xmlns="urn:schemas:httpmail"> Changed Test Appointment Subject </Subject> <Location xmlns="urn:schemas:calendar"> do </Location> <responserequested xmlns="urn:schemas:calendar"> 0 </responserequested> <saveappt xmlns="urn:schemas:calendar:cmd"> 1 </saveappt> <ressource xmlns="DAV"> https://exchange2007.exchange.snap.com.br/Exchange/marcelo/calendárioassuntoteste.EML </ressource> <alldayevent xmlns="urn:schemas:calendar"> 0 </alldayevent> <to xmlns="urn:schemas:header"> adrien </to> <dtStart xmlns="urn:schemas:calendar"> 2009-06-30T10:00:00.000Z </dtStart> <isfolder xmlns="DAV"> 0 </isfolder> <cmd xmlns="Cmd"> saveappt </cmd> <HtmlDescription xmlns="urn:schemas:httpmail"> Let's meet here </HtmlDescription> <outlookmessageclass xmlns="http://schemas.microsoft.com/exchange/subject-utf8=Appointment"> IPM.Appointement </outlookmessageclass> <instancetype xmlns="urn:schemas:calendar"> 0 </instancetype> <meetingstatus xmlns="urn:schemas:calendar"> CONFIRMED </meetingstatus> <finvited xmlns="urn:schemas:mapi"> 0 </finvited> <BusyType xmlns="urn:schemas:calendar"> BUSY </BusyType> </D:prop> </D:set> </D:propertyupdate> ------------------------------------------------------------------------ <<<<<<< from server --------------------------------------------------- HTTP/1.1 207 Multi-Status Date: Thu, 16 Jul 2009 20:29:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET MS-Exchange-Permanent-URL: https://exchange2007.exchange.snap.com.br/Exchange/marcelo/-FlatUrlSpace-/b3ee92320938254c828a96e2e269a417-a6271d Repl-UID: <rid:b3ee92320938254c828a96e2e269a417000000a6282e> Content-Type: text/xml Content-Length: 825 ResourceTag: <rt:b3ee92320938254c828a96e2e269a417000000a6282eb3ee92320938254c828a96e2e269a41700545bb4844c> MS-WebStorage: 08.01.10240 <a:multistatus xmlns:a="DAV:" xmlns:b="xmlns" xmlns:c="urn:" xmlns:d="urn:schemas:calendar" xmlns:e="DAV" xmlns:f="urn:schemas:httpmail" xmlns:g="urn:schemas:calendar:cmd" xmlns:h="urn:schemas:header" xmlns:i="Cmd" xmlns:j="http://schemas.microsoft.com/exchange/subject-utf8=Appointment" xmlns:k="urn:schemas:mapi"> <a:response> <a:href> https://exchange2007.exchange.snap.com.br/Exchange/marcelo/Calend%C3%A1rio </a:href> <a:propstat> <a:status> HTTP/1.1 200 OK </a:status> <a:prop> <b:mapi> </b:mapi> <c:Cmd> </c:Cmd> <d:dtEnd> </d:dtEnd> <e:contentclass> </e:contentclass> <f:Subject> </f:Subject> <d:Location> </d:Location> <d:responserequested> </d:responserequested> <g:saveappt> </g:saveappt> <e:ressource> </e:ressource> <d:alldayevent> </d:alldayevent> <h:to> </h:to> <d:dtStart> </d:dtStart> <e:isfolder> </e:isfolder> <i:cmd> </i:cmd> <f:HtmlDescription> </f:HtmlDescription> <j:outlookmessageclass> </j:outlookmessageclass> <d:instancetype> </d:instancetype> <d:meetingstatus> </d:meetingstatus> <k:finvited> </k:finvited> <d:BusyType> </d:BusyType> </a:prop> </a:propstat> </a:response> </a:multistatus> ------------------------------------------------------------------------ >>>>>>> to server --------------------------------------------------- PROPFIND /Exchange/marcelo/calend%C3%A1rio HTTP/1.1 Authorization: Basic bWFyY2Vsb0BleGNoYW5nZTptdXN0YWZhMSQ= Content-Type: text/xml; charset=utf-8 User-Agent: Jakarta Commons-HttpClient/2.0final Host: exchange2007.exchange.snap.com.br Content-Length: 207 Depth: 0 <D:propfind xmlns:D="DAV:"> <D:prop> <D:displayname> </D:displayname> <D:getcontentlength> </D:getcontentlength> <D:getcontenttype> </D:getcontenttype> <D:resourcetype> </D:resourcetype> <D:getlastmodified> </D:getlastmodified> <D:lockdiscovery> </D:lockdiscovery> </D:prop> </D:propfind> ------------------------------------------------------------------------ <<<<<<< from server --------------------------------------------------- HTTP/1.1 207 Multi-Status Date: Thu, 16 Jul 2009 20:29:40 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Content-Type: text/xml Accept-Ranges: rows MS-WebStorage: 08.01.10240 Transfer-Encoding: chunked <a:multistatus xmlns:a="DAV:" xmlns:b="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" xmlns:c="xml:"> <a:response> <a:href> https://exchange2007.exchange.snap.com.br/Exchange/marcelo/Calend%C3%A1rio/ </a:href> <a:propstat> <a:status> HTTP/1.1 200 OK </a:status> <a:prop> <a:displayname> Calendário </a:displayname> <a:getcontentlength b:dt="int"> 0 </a:getcontentlength> <a:resourcetype> <a:collection> </a:collection> </a:resourcetype> <a:getlastmodified b:dt="dateTime.tz"> 2009-07-16T20:29:40.098Z </a:getlastmodified> <lockdiscovery xmlns="DAV:"> </lockdiscovery> </a:prop> </a:propstat> <a:propstat> <a:status> HTTP/1.1 404 Resource Not Found </a:status> <a:prop> <a:getcontenttype> </a:getcontenttype> </a:prop> </a:propstat> </a:response> </a:multistatus>

    Read the article

  • A question about paypal IPN

    - by user304828
    i download sample code from https://cms.paypal.com/cms_content/US/en_US/files/developer/nvp_DoDirectPayment_php.txt run and get TIMESTAMP=2010%2d05%2d11T04%3a42%3a06Z&CORRELATIONID=ac15852d1e958&ACK=Failure&VERSION=51%2e0&BUILD=1268624&L_ERRORCODE0=10002&L_SHORTMESSAGE0=Security%20error&L_LONGMESSAGE0=Security%20header%20is%20not%20valid&L_SEVERITYCODE0=Error' (length=233) what is problem ? api username ? api pass ? signature or anything else ? this infor i fill in source code: // Set request-specific fields. $paymentType = urlencode('Authorization'); // or 'Sale' $firstName = urlencode('Nguyen'); $lastName = urlencode('Quang Trung'); $creditCardType = urlencode('Visa'); $creditCardNumber = urlencode(' 4111111111111111'); $expDateMonth = '04'; // Month must be padded with leading zero $padDateMonth = urlencode(str_pad($expDateMonth, 2, '0', STR_PAD_LEFT)); $expDateYear = urlencode('2015'); $cvv2Number = urlencode('5360 '); $address1 = urlencode('ha noi'); $address2 = urlencode('hcm'); $city = urlencode('ha noi'); $state = urlencode('ha noi state'); $zip = urlencode('84'); $country = urlencode('viet nam'); // US or other valid country code $amount = urlencode('900'); $currencyID = urlencode('USD'); // or other currency ('GBP', 'EUR', 'JPY', 'CAD', 'AUD')

    Read the article

  • ASP.NET MVC - Entending the Authorize Attribute

    - by Mad Halfling
    Hi folks, currently I use [Authorize(Roles = ".....")] to secure my controller actions on my ASP.NET MVC 1 app, and this works fine. However, certain search views need to have buttons that route to these actions that need to be enabled/disabled based on the record selected on the search list, and also the security privs of the user logged in. Therefore I think I need to have a class accessing a DB table which cross-references these target controller/actions with application roles to determine the state of these buttons. This will, obviously, make things messy as privs will need to be maintained in 2 places - in that class/DB table and also on the controller actions (plus, if I want to change the access to the action I will have to change the code and compile rather than just change a DB table entry). Ideally I would like to extend the [Authorize] functionality so that instead of having to specify the roles in the [Authorize] code, it will query the security class based on the user, controller and action and that will then return a boolean allowing or denying access. Are there any good articles on this - I can't imagine it's an unusual thing to want to do, but I seem to be struggling to find anything on how to do it (could be Monday-morning brain). I've started some code doing this, looking at article http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/ , and it seems to be starting off ok but I can't find the "correct" way to get the calling controller and action values from the httpContext - I could possibly fudge a bit of code to extract them from the request url, but that doesn't seem right to me and I'd rather do it properly. Cheers MH

    Read the article

  • ASP.NET MVC and WCF

    - by Michael Stum
    I'm working my way into MVC at the moment, but on my "To learn at some point" list, I also have WCF. I just wonder if WCF is something that should/could be used in an MVC Application or not? The Background is that I want a Desktop Application (.NET 3.5, WPF) interact with my MVC Web Site, and I wonder what the best way to transfer data between the two is. Should I just use special Views/have the controllers return JSON or XML (using the ContentResult)? And maybe even more important, for the other way round, could I just call special controllers? Not sure how Authorization would work in such a context. I can either use Windows Authentication or (if the Site is running forms authentication) have the user store his/her credentials in the application, but I would then essentially create a HTTP Client in my Application. So while MVC = Application seems really easy, Application = MVC does seem to be somewhat tricky and a possible use for WCF? I'm not trying to brute-force WCF in this, but I just wonder if there is indeed a good use case for WCF in an MVC application.

    Read the article

  • How do you Access an Authenticated Google App Engine Service with Ruby?

    - by viatropos
    I am trying to do this same thing here but with Ruby: Access Authenticated GAE Client with Python. Any ideas how to retrieve authenticated content from GAE with Ruby? I am using the Ruby GData Gem to access everything in Google Docs and such and it's making life very easy, but now I'd like to access things on GAE that require admin access, programmatically, and it doesn't support that. Here's what I'm getting (using DocList, not sure what to use yet): c = GData::Client::DocList.new c.clientlogin(username, password, nil, nil, nil, "HOSTED") c => #<GData::Client::DocList:0x201bad8 @clientlogin_service="writely", @version="2", @auth_handler=#<GData::Auth::ClientLogin:0x200803c @account_type="HOSTED", @token="long-hash", @auth_url="https://www.google.com/accounts/ClientLogin", @service="writely">, @source="AnonymousApp", @headers={"Authorization"=>"GoogleLogin auth=long-hash", "User-Agent"=>"GoogleDataRubyUtil-AnonymousApp", "GData-Version"=>"2", "Content-Type"=>"application/atom+xml"}, @authsub_scope="http://docs.google.com/feeds/", @http_service=GData::HTTP::DefaultService> url = "http://my-cdn.appspot.com/files/restricted-file.html" c.get(url) => #<GData::HTTP::Response:0x20004b8 @status_code=302, @body="", @headers={"connection"=>"close", "date"=>"Sun, 11 Apr 2010 00:30:20 GMT", "content-type"=>"text/html", "server"=>"Google Frontend", "content-length"=>"0", "location"=>"https://www.google.com/accounts/ServiceLogin service=ah&continue=http://my-cdn.appspot.com/_ah/login%3Fcontinue%3D http://my-cdn.appspot.com/files/restricted-file.html& ltmpl=gm&ahname=My+CDN&sig=a-signature"}> Any tips? That other SO question pointed to doing something with the redirect... Not sure how to handle that. Just looking for a point in the right direction from the ruby experts. Thanks.

    Read the article

  • Bitbucket API authentication with Python's HTTPBasicAuthHandler

    - by jbochi
    I'm trying to get the list of issues on a private repository using bitbucket's API. I have confirmed that HTTP Basic authentication works with hurl, but I am unable to authenticate in Python. Adapting the code from this tutorial, I have written the following script. import cookielib import urllib2 class API(): api_url = 'http://api.bitbucket.org/1.0/' def __init__(self, username, password): self._opener = self._create_opener(username, password) def _create_opener(self, username, password): cj = cookielib.LWPCookieJar() cookie_handler = urllib2.HTTPCookieProcessor(cj) password_manager = urllib2.HTTPPasswordMgrWithDefaultRealm() password_manager.add_password(None, self.api_url, username, password) auth_handler = urllib2.HTTPBasicAuthHandler(password_manager) opener = urllib2.build_opener(cookie_handler, auth_handler) return opener def get_issues(self, username, repository): query_url = self.api_url + 'repositories/%s/%s/issues/' % (username, repository) try: handler = self._opener.open(query_url) except urllib2.HTTPError, e: print e.headers raise e return handler.read() api = API(username='my_username', password='XXXXXXXX') api.get_issues('my_username', 'my_repository') results in: >>> Server: nginx/0.7.62 Date: Mon, 19 Apr 2010 16:15:06 GMT Content-Type: text/plain Connection: close Vary: Authorization,Cookie Content-Length: 9 Traceback (most recent call last): File "C:/USERS/personal/bitbucket-burndown/bitbucket-api.py", line 29, in <module> print api.get_issues('my_username', 'my_repository') File "C:/USERS/personal/bitbucket-burndown/bitbucket-api.py", line 25, in get_issues raise e HTTPError: HTTP Error 401: UNAUTHORIZED api.get_issues('jespern', 'bitbucket') works like a charm. What's wrong with my code?

    Read the article

  • How to handle custom Java exception in Flex app.

    - by mico
    Hello, we are using BlazeDS as a proxy between Flex and Java. The approach is the same as in (http://www.flexpasta.com/index.php/2008/05/16/exception-handling-with-blazeds-and-flex/) Java exception declaration: public class FlexException extends RuntimeException { private String name = 'John'; public FlexException(String message) { super(message); } public String getName() { return name; } } Then, we are throwing it: public void testMethod(String str) throws Exception { throw new FlexException("Custom exception"); } Flex part: private function faultHandler(event:FaultEvent):void { var errorMessage:ErrorMessage = event.message as ErrorMessage; trace("error++"); } and remote object is instantiated here: <mx:RemoteObject id="mySample" destination="mySample" channelSet="{cs1}" fault="faultHandler(event)" /> But in event.fault I get "Server.Processing" and event.faultString equals "There was an unhandled failure on the server. Custom exception" How can I receive the data is specified in exception props ? BlazeDS log is similar to the log that was mentioned in the comment [BlazeDS] 11:28:13.906 [DEBUG] Serializing AMF/HTTP response Version: 3 (Message #0 targetURI=/2/onStatus, responseUR|-) (Typed Object #0 ‘flex.messaging.messages.ErrorMessage’) headers = (Object #1) rootCause = null body = null correlationId = “2F1126D7-5658-BE40-E27C-7B43F3C5DCDD” faultDetail = null faultString = “Login required before authorization can proceed.” clientId = “C4F0E77C-3208-ECDD-1497-B8D070884830? timeToLive = 0.0 destination = “books” timestamp = 1.204658893906E12 extendedData = null faultCode = “Client.Authentication” messageId = “C4F0E77C-321E-6FCE-E17D-D9F1C16600A8? So the quesion is why rootClause is null? How can I get that Exception object not just a string 'Custom exception'?

    Read the article

  • Changing URI suffix in Joomla when adding child php pages

    - by Sleem
    I have added a new directory in my joomla website: http://sitedomain.tld/xxx/ then I have added index.php in that directory here is the code define( '_JEXEC', 1 ); define('JPATH_BASE', '..' ); define( 'DS', DIRECTORY_SEPARATOR ); require_once ( '../includes/defines.php' ); require_once ( '../includes/framework.php' ); //JDEBUG ? $_PROFILER->mark( 'afterLoad' ) : null; /** * CREATE THE APPLICATION * * NOTE : */ $mainframe =& JFactory::getApplication('site'); $template_name = $mainframe->getTemplate();; $mainframe->initialise(); JPluginHelper::importPlugin('system'); /** * ROUTE THE APPLICATION * * NOTE : */ $mainframe->route(); // authorization $Itemid = JRequest::getInt( 'Itemid'); $mainframe->authorize($Itemid); // trigger the onAfterRoute events //JDEBUG ? $_PROFILER->mark('afterRoute') : null; //$mainframe->triggerEvent('onAfterRoute'); /** * DISPATCH THE APPLICATION * * NOTE : */ $option = JRequest::getCmd('option'); //$mainframe->dispatch($option); // trigger the onAfterDispatch events //JDEBUG ? $_PROFILER->mark('afterDispatch') : null; //$mainframe->triggerEvent('onAfterDispatch'); /** * RENDER THE APPLICATION * * NOTE : */ $mainframe->render(); /** * RETURN THE RESPONSE */ var_dump($document->getHeadData()); echo JResponse::toString($mainframe->getCfg('gzip')); sdwdwd wdwd When I view this page in the browser, all the dynamic links like CSS, JS and images were suffixed by the /xxx/ path which make them broken ! How can I drop this suffix or how do I change this suffix from /xxx to / to it points to the original files location? I have tried setting the JDocument::setBase and also tried to play with the JURI object and changed its _path and _uri without any change Thanks

    Read the article

  • Magento - Authorize.net - Get Payment Update for expired transactions

    - by pspahn
    Magento 1.6.1 I have set up Authorize.net (AIM) for the client's store. Previously they were using saved CC method and entering information manually in Authorize.net's merchant terminal. Most of it is working as expected, however for transactions that are flagged as 'Suspected Fraud' by Authorize.net, if the client does not update the transaction manually before the authorization expires, using 'Get Payment Update' in Magento fails because the transaction is expired (I believe it's five days for an authorize only transaction). For the client, it seems the only way to update this order in Magento is to simply delete the order, as it doesn't appear the Paygate model knows about expired transactions. Performing 'Get Payment Update' simply returns 'There is no update for this payment'. I have already modified the file: /app/code/core/Mage/Paygate/Model/Authorize.net to have the correct API URL as described in issue #27117 ( http://www.magentocommerce.com/bug-tracking/issue?issue=12991 - must be logged in to view ). This resolved the button not working for all other orders; however this does not fix the issue I am describing. Is anyone familiar with Authorize.net's AIM API so that we can update these orders in Magento to something that makes sense (canceled, etc.) without having to delete the order? I am thinking it should be a case of adding a new order status to Magento, checking the update for an 'Expired' status, and setting the order to the newly created order status. -- edit -- I just ran a diff for the file mentioned above and noticed that Magento 1.7.0.2 includes the _isTransactionExpired() method which seems like it would be the fix. Can it be as simple as updating this model with the newer version?

    Read the article

  • httprequest handle time delays till having response

    - by bourax webmaster
    I have an application that calls a function to send JSON object to a REST API, my problem is how can I handle time delays and repeat this function till i have a response from the server in case of interrupted network connexion ?? I try to use the Handler but i don't know how to stop it when i get a response !!! here's my function that is called when button clicked : protected void sendJson(final String name, final String email, final String homepage,final Long unixTime,final String bundleId) { Thread t = new Thread() { public void run() { Looper.prepare(); //For Preparing Message Pool for the child Thread HttpClient client = new DefaultHttpClient(); HttpConnectionParams.setConnectionTimeout(client.getParams(), 10000); //Timeout Limit HttpResponse response; JSONObject json = new JSONObject(); //creating meta object JSONObject metaJson = new JSONObject(); try { HttpPost post = new HttpPost("http://util.trademob.com:5000/cards"); metaJson.put("time", unixTime); metaJson.put("bundleId", bundleId); json.put("name", name); json.put("email", email); json.put("homepage", homepage); //add the meta in the root object json.put("meta", metaJson); StringEntity se = new StringEntity( json.toString()); se.setContentType(new BasicHeader(HTTP.CONTENT_TYPE, "application/json")); post.setEntity(se); String authorizationString = "Basic " + Base64.encodeToString( ("tester" + ":" + "tm-sdktest").getBytes(), Base64.NO_WRAP); //Base64.NO_WRAP flag post.setHeader("Authorization", authorizationString); response = client.execute(post); String temp = EntityUtils.toString(response.getEntity()); Toast.makeText(getApplicationContext(), temp, Toast.LENGTH_LONG).show(); } catch(Exception e) { e.printStackTrace(); } Looper.loop(); //Loop in the message queue } }; t.start(); }

    Read the article

  • Google Reader API with Objective-C - Problem getting token

    - by JustinXXVII
    I am able to successfully get the SID (SessionID) for my Google Reader account. In order to obtain the feed and do other operations inside Google Reader, you have to obtain an authorization token. I'm having trouble doing this. Can someone shed some light? //Create a cookie to append to the GET request NSDictionary *cookieDictionary = [NSDictionary dictionaryWithObjectsAndKeys:@"SID",@"NSHTTPCookieName",self.sessionID,@"NSHTTPCookieValue",@".google.com",@"NSHTTPCookieDomain",@"/",@"NSHTTPCookiePath",@"NSHTTPCookieExpires",@"160000000000",nil]; NSHTTPCookie *authCookie = [NSHTTPCookie cookieWithProperties:cookieDictionary]; //The URL to obtain the Token from NSURL *tokenURL = [NSURL URLWithString:@"http://www.google.com/reader/api/0/token"]; NSMutableURLRequest *tokenRequest = [NSMutableURLRequest requestWithURL:tokenURL]; //Not sure if this is right: add cookie to array, extract the headers from the cookie inside the array...? [tokenRequest setAllHTTPHeaderFields:[NSHTTPCookie requestHeaderFieldsWithCookies:[NSArray arrayWithObjects:authCookie,nil]]]; //This gives me an Error 403 Forbidden in the didReceiveResponse of the delegate [NSURLConnection connectionWithRequest:tokenRequest delegate:self]; I get a 403 Forbidden error as the response from Google. I'm probably not doing it right. I set the dictionary values according to the documentation for NSHTTPCookie.

    Read the article

  • MultipartFormDataContent Access to patch xx is denied

    - by Florian Schaal
    So I'm trying to upload a pdf file to a restapi. For some reason I the application cant get access to the files on my pc. The code im using to upload: public void Upload(string token, string FileName, string FileLocation, string Name, int TypeId, int AddressId, string CompanyName, string StreetNr, string Zip, string City, string CountryCode, string CustomFieldName, string CustomFieldValue) { var client = new HttpClient(); client.BaseAddress = _API.baseAddress; //upload a new form client.DefaultRequestHeaders.Date = DateTime.Now; client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(token); using (var multiPartContent = new MultipartFormDataContent()) { //get te bytes from a file byte[] pdfData; using (var pdf = new FileStream(@FileLocation, FileMode.Open))//Here i get the error. { pdfData = new byte[pdf.Length]; pdf.Read(pdfData, 0, (int)pdf.Length); } var fileContent = new ByteArrayContent(pdfData); fileContent.Headers.ContentDisposition = new ContentDispositionHeaderValue("attachment") { FileName = FileName + ".pdf" }; //add the bytes to the multipart message multiPartContent.Add(fileContent); //make a json message var json = new FormRest { Name = Name, TypeId = TypeId, AddressId = AddressId, CompanyName = CompanyName, StreetNr = StreetNr, Zip = Zip, City = City, CountryCode = CountryCode, CustomFields = new List<CustomFieldRest> { new CustomFieldRest {Name = CustomFieldName, Value = CustomFieldValue} } }; var Content = new JsonContent(json); //add the json message to the multipart message multiPartContent.Add(Content); var result = client.PostAsync("forms", multiPartContent).Result; } } }

    Read the article

  • Full text index requires dropping and recreating - why?

    - by Amjid Qureshi
    Hi all, So I've got a web app running on .net 3.5 connected to a SQL 2005 box. We do scheduled releases every 2 weeks. About 14 tables out of 250 are full text indexed. After not every release, but a few too many, the indexes crap out. They seem to have data in there, but when we try to search them from the front end or SQL enterprise we get timeouts/hangs. We have a script that disables the indexes, drops them, deletes the catalog and then re creates the indexes. This fixes the problem 99 times out of 100. and the one other time, we run the script again and it all works We have tried just rebuilding the fulltext index but that doesn't fix the issue. My question is why do we have to do this ? what can we do to sort the index out? Here is a bit of the script, IF EXISTS (SELECT * FROM sys.fulltext_indexes fti WHERE fti.object_id = OBJECT_ID(N'[dbo].[Address]')) ALTER FULLTEXT INDEX ON [dbo].[Address] DISABLE GO IF EXISTS (SELECT * FROM sys.fulltext_indexes fti WHERE fti.object_id = OBJECT_ID(N'[dbo].[Address]')) DROP FULLTEXT INDEX ON [dbo].[Address] GO IF EXISTS (SELECT * FROM sysfulltextcatalogs ftc WHERE ftc.name = N'DbName.FullTextCatalog') DROP FULLTEXT CATALOG [DbName.FullTextCatalog] GO -- may need this line if we get an error BACKUP LOG SMS2 WITH TRUNCATE_ONLY CREATE FULLTEXT CATALOG [DbName.FullTextCatalog] ON FILEGROUP [FullTextCatalogs] IN PATH N'F:\Data' AS DEFAULT AUTHORIZATION [dbo] CREATE FULLTEXT INDEX ON [Address](CommonPlace LANGUAGE 'ENGLISH') KEY INDEX PK_Address ON [DbName.FullTextCatalog] WITH CHANGE_TRACKING AUTO go

    Read the article

  • How to get "AuthSub " token in C#? For google APPS Contacts ?

    - by Pari
    Hi, I fount this code on net : HttpWebRequest update = (HttpWebRequest)WebRequest.Create(**editUrl** ); // editUrl is a string containing the contact's edit URL update.Method = "PUT"; update.ContentType = "application/atom+xml"; update.Headers.Add(HttpRequestHeader.Authorization, "GoogleLogin auth=" + **AuthToken**); update.Headers.Add(HttpRequestHeader.IfMatch, **etag**); // etag is a string containing the <entry> element's gd:etag attribute value update.Headers.Add("GData-Version", "3.0"); Stream streamRequest = update.GetRequestStream(); StreamWriter streamWriter = new StreamWriter(streamRequest, Encoding.UTF8); streamWriter.Write(entry); // entry is the string representation of the atom entry to update streamWriter.Close(); WebResponse response = update.GetResponse(); But here i am not getting what to put in " editurl" , "AuthToken" and "Etag". a) I studied abt "AuthToken" from this Link .But not getting how to create it? Can anyone help me out here? b) Also not getting " editurl" and "Etag". I am trying to use this method to Migrate my contacts to Google Apps. Thanx

    Read the article

  • I am Unable to Post Xml to Linkedin Share API

    - by Vijesh V.Nair
    I am using Delphi 2010, with Indy 10.5.8(svn version) and oAuth.pas from chuckbeasley. I am able to collect token with app key and App secret, authorize token with a web page and Access the final token. Now I have to post a status with Linkedin’s Share API. I am getting a unauthorized response. My request and responses are giving bellow. Request, POST /v1/people/~/shares HTTP/1.0 Content-Encoding: utf-8 Content-Type: text/xml; charset=us-ascii Content-Length: 999 Authorization: OAuth oauth_consumer_key="xxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1340438599",oauth_nonce="BB4C78E0A6EB452BEE0FAA2C3F921FC4",oauth_version="1.0",oauth_token="xxx",oauth_signature="Pz8%2FPz8%2FPz9ePzkxPyc%2FDD82Pz8%3D" Host: api.linkedin.com Accept: text/html, */* Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library) %3C%3Fxml+version=%25221.0%2522%2520encoding%253D%2522UTF-8%2522%253F%253E%253Cshare%253E%253Ccomment%253E83%2525%2520of%2520employers%2520will%2520use%2520social%2520media%2520to%2520hire%253A%252078%2525%2520LinkedIn%252C%252055%2525%2520Facebook%252C%252045%2525%2520Twitter%2520%255BSF%2520Biz%2520Times%255D%2520http%253A%252F%252Fbit.ly%252FcCpeOD%253C%252Fcomment%253E%253Ccontent%253E%253Ctitle%253ESurvey%253A%2520Social%2520networks%2520top%2520hiring%2520tool%2520-%2520San%2520Francisco%2520Business%2520Times%253C%252Ftitle%253E%253Csubmitted-url%253Ehttp%253A%252F%252Fsanfrancisco.bizjournals.com%252Fsanfrancisco%252Fstories%252F2010%252F06%252F28%252Fdaily34.html%253C%252Fsubmitted-url%253E%253Csubmitted-image-url%253Ehttp%253A%252F%252Fimages.bizjournals.com%252Ftravel%252Fcityscapes%252Fthumbs%252Fsm_sanfrancisco.jpg%253C%252Fsubmitted-image-url%253E%253C%252Fcontent%253E%253Cvisibility%253E%253Ccode%253Eanyone%253C%252Fcode%253E%253C%252Fvisibility%253E%253C%252Fshare%253E Response, HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 x-li-request-id: K14SWRPEPL Date: Sat, 23 Jun 2012 08:07:17 GMT Vary: * x-li-format: xml Content-Type: text/xml;charset=UTF-8 Content-Length: 341 Connection: keep-alive <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <error> <status>401</status> <timestamp>1340438838344</timestamp> <request-id>K14SWRPEPL</request-id> <error-code>0</error-code> <message>[unauthorized]. OAU:xxx|nnnnn|*01|*01:1340438599:Pz8/Pz8/Pz9ePzkxPyc/DD82Pz8=</message> </error> Please help. Regards, Vijesh Nair

    Read the article

  • How much business logic belongs in RIA services layer?

    - by jkohlhepp
    I have been experimenting recently with Silverlight, RIA Services, and Entity Framework using .NET 4.0. I'm trying to figure out if that stack makes sense for use in any of my upcoming projects. It certainly seems like these technologies can be very productive for developing applications, but I'm struggling to decide how an application on top of this stack should be architected. The main issue I have is that in most of the demos I've seen most of the business logic ends up as DataAnnotations and custom validations in the RIA Services domain service class. This seems inappropriate to me. I view the domain service as basically a glorified web service that happens to make it easy to push information to the client. But most of what I've seen seems to orient the domain service as the main source of business logic in the application. So, my questions: What is the best location for business logic (rules, validations, behaviors, authorization) in an application using this stack? Are there any guidelines published at an architectural level for using this stack? My questions pertain to large, complex, and long-lived applications. Obviously for an application of only a few screens this is less of a concern. Edit: Another thing I meant to mention is that obviously you can make the domain service class stupid, but then you lose a lot of the automagic entity information (e.g. validations) being pushed to the client. And then if you lose that is there any point to using RIA services?

    Read the article

  • Kerberos and/or other authentication systems - One time logon for all PHP scripts

    - by devviedev
    I'm managing a set of web apps, almost exclusively written in PHP, and would like to find an authentication platform to build a role-based authorization system on top of. Also, I'd like the authentication system to be extensible to use for, for example, system services (SSH, etc.) Here are some of the main characteristics I'm looking for, in order of importance: Easy PHP implementation (storing/reading easily roles, etc.). Redundant, if possible. If an auth system goes down everyone is not locked out. Has clients for Windows and Mac. Easy web-based administration (adding/removing users/roles, changing passwords). If not, I can build an administration system without too much effort. One-time log on. I'd also like, when an auth token is issued, to store the user's IP address and use that to authorize the user for some non web-based applications. For that reason, I'd like a desktop client to issue the token and revoke tokens when, for example, the user becomes idle at their workstation. I'm thinking Kerberos might be a solution, but what are other options?

    Read the article

  • Twitter OAuth, Error when trying to POST direct message.

    - by Darxval
    So I am building a java script that is used in conjunction of my C++ application for sending direct messages to users. the script does the work of building the request that i send. When i send a request i receive "Incorrect signature" or "can not authenticate you" Does anyone see something i am missing or am doing wrong? I am continuing to investigate. Thank you in advance Javascript: var nDate = new Date(); var epoch = nDate.getTime(); var nounce = ""; nounce = Base64.encode(epoch+randomString()); var Parameters = [ "oauth_consumerkey="+sConsumerKey, "oauth_nonce="+nounce, "oauth_signature_method=HMAC-SHA1", "oauth_timestamp="+epoch, "oauth_token="+sAccessToken, "oauth_version=1.0", "text="+sText, "user="+sUser]; var SortedParameters = Parameters.sort(); var joinParameters = SortedParameters.join("&"); var encodeParameters = escape(joinParameters); signature_base_string = escape("POST&"+NormalizedURL+"&"+encodeParameters); signature_key = sConsumerSecret+"&"+sAccessSecret; signature = Base64.encode(hmacsha1(signature_base_string,signature_key)); sAuthHeader = " OAuth realm=, oauth_nonce="+nounce+", oauth_timestamp="+epoch+", oauth_consumer_key="+sConsumerKey+", oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_signature="+signature+", oauth_token="+sAccessToken+", text="+sText; goNVOut.Set("Header.Authorization: ", sAuthHeader);

    Read the article

  • Issue with Facebook JS API, revokeAuthorization

    - by BBonifield
    I am trying to integrate FB connect into our user profile screen. Although, I'm having an issue with FB.ApiClient.revokeAuthorization. http://pastie.org/921942 The basic problem is that I revoke the auth at line 44 after the user clicks the disconnect button. After that, all subsequent API calls don't have a valid session to even check user status. I've tried wrapping blocks in a FB.Connect.forceSessionRefresh block, but then the code will never be called at all. I'm not sure what the proper workflow should be for this purpose. Right now it's basically... User arrives at profile NOT connected to the application. User clicks on the connect button. Once connected, DOM manipulation occurs to hide the connect button and add in a disconnect button. User clicks on the disconnect button. User's authorization to the application is revoked and (it seems) the API session to the FB server is invalidated. DOM manipulation occurs to hide the disconnect button and readd the connect button. User clicks on the connect button. Once connected, the FB.Connect.get_loggedInUser() don't return the actual user.

    Read the article

  • REST API error return good practices

    - by Remus Rusanu
    I'm looking for guidance on good practices when it comes to return errors from a REST API. I'm working on a new API so I can take it any direction right now. My content type is XML at the moment, but I plan to support JSON in future. I am now adding some error cases, like for instance a client attempts to add a new resource but has exceeded his storage quota. I am already handling certain error cases with HTTP status codes (401 for authentication, 403 for authorization and 404 for plain bad request URIs). I looked over the blessed HTTP error codes but none of the 400-417 range seems right to report application specific errors. So at first I was tempted to return my application error with 200 OK and a specific XML payload (ie. Pay us more and you'll get the storage you need!) but I stopped to think about it and it seems to soapy (/shrug in horror). Besides it feels like I'm splitting the error responses into distinct cases, as some are http status code driven and other are content driven. So what is the SO crowd recommendation? Good practices (please explain why!) and also, from a client pov, what kind of error handling in the REST API makes life easier for the client code?

    Read the article

  • Provisioning Api using java

    - by user268515
    Hi i'm working in java and tried to retrieve all the user in the domain for that i used Provisionin api............ Its working good But my idea is to Use 2-legged OAuth to retrieve the users from the domain Is it Possible? I dont how to specify the URL please Help me And i triede the following the program final String CONSUMER_KEY = "xxxxxxxxxx.com"; final String CONSUMER_SECRET = "12345678122154154df9"; final String DOMAIN = "xxxxxxxxxx.com"; GoogleOAuthParameters oauthParameters = new GoogleOAuthParameters(); oauthParameters.setOAuthConsumerKey(CONSUMER_KEY); oauthParameters.setOAuthConsumerSecret(CONSUMER_SECRET); oauthParameters.setOAuthType(OAuthType.TWO_LEGGED_OAUTH); OAuthHmacSha1Signer signer = new OAuthHmacSha1Signer(); URL feedUrl = new URL("https://apps-apis.google.com/a/feeds/" + DOMAIN + "/user/2.0/[email protected]"); userService = new UserService("Myapplication"); userService.setOAuthCredentials(oauthParameters, signer); userService.useSsl(); UserFeed allUsers = new UserFeed(); UserFeed allpage; Link nextLink; do { allpage = userService.getFeed(feedUrl, UserFeed.class); allUsers.getEntries().addAll(allpage.getEntries()); nextLink = allpage.getLink(Link.Rel.NEXT, Link.Type.ATOM); if (nextLink != null) { feedUrl = new URL(nextLink.getHref()); } }while (nextLink != null); return allUsers; } Its returing the error as com.google.gdata.util.AuthenticationException: Unknown authorization header

    Read the article

  • HTTP POST prarameters order / REST urls

    - by pq
    Let's say that I'm uploading a large file via a POST HTTP request. Let's also say that I have another parameter (other than the file) that names the resource which the file is updating. The resource cannot be not part of the URL the way you can do it with REST (e.g. foo.com/bar/123). Let's say this is due to a combination of technical and political reasons. The server needs to ignore the file if the resource name is invalid or, say, the IP address and/or the logged in user are not authorized to update the resource. Looks like, if this POST came from an HTML form that contains the resource name first and file field second, for most (all?) browsers, this order is preserved in the POST request. But it would be naive to fully rely on that, no? In other words the order of HTTP parameters is insignificant and a client is free to construct the POST in any order. Isn't that true? Which means that, at least in theory, the server may end up storing the whole large file before it can deny the request. It seems to me that this is a clear case where RESTful urls have an advantage, since you don't have to look at the POST content to perform certain authorization/error checking on the request. Do you agree? What are your thoughts, experiences?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 191 192 193 194 195 196 197 198 199 200 201 202  | Next Page >