Search Results

Search found 11365 results on 455 pages for 'authorization basic'.

Page 196/455 | < Previous Page | 192 193 194 195 196 197 198 199 200 201 202 203 | Next Page >

Is "Server not found" error related to Activclient?

- by Kent

Users are getting sporadic "Server not found" errors after idling in the browser. We have a HTTPS web application (Apache/Tomcat) using NSS for authentication on the server. The error occurs when a user opens the application and later lets it sit idle/untouched for 15 minutes. When they try to access the application they can get a "Server not found" error. Users use CAC cards with ActivClient software and our web application uses the certificates for authentication and authorization. We have been able to recreate the problem but have been unable to diagnose it. In recreating the problem the server is getting a series of "Unable to find the certificate or key necessary for authentication" errors in the NSS log associated with the browser error. These erros don't occur until the user tries to access the idle application. When the application is idle for 15 minutes the PIN is not requested yet the PIN Cache timeout in ActivClient is set at 15 minutes. All our server side timeout parameters are set to hours not minutes. IE 6 is our browser and NSS is using TLS. We have tried modifying "SetEnvIf User-Agent ".MSIE." ssl-unclean-shutdown" with no improvement. I understand that the PIN cache timeout and SSL session don't have a 1:1 relationship but the timing is suspicious. Can't find anything in the windows error logs that indicates a problem (security logs are not accessible to us). Any suggestions as to how to identify the cause of the problem would be appreciated.

Read the article
Rails - handling global site settings

- by egarcia

I'm developing a new rails application which is supposed to be installed several times in order to implement several sites. There are some things, like the "Site Title" or the "Default Number of Items per Page" that clearly belong to a "global settings" table / config file. I've made a list of the things I think I'll need: ActiveRecord model that is capable of: Storing different kinds of data. I suppose this would be accomplished encoding the values on a string on the db, probably with a "type" field. Indexing settings by name Validations based on a "type" attribute (i.e. don't accept invalid dates on "date" settings) Validations based on a allows_nil property. A controller that allows me to change settings via views. I'm pretty sure I could implement this myself, but I'm not willing to reinvent the wheel. I've done some searching, but I could only find rails-settings, which doesn't really serve me: I need a proper model & controller so I can use declarative-authorization, and it does not provide any controller or view facilities. Is there a gem or plugin out there that implements what I want, or any library I should look at? Thanks a lot.

Read the article
Running a GWT application (including Applets) inside an IFRAME from an ASP.NET 3.5 app?

- by Jay Stevens

We are looking at integrating a full-blown GWT (Google Web Toolkit 2.0) application with an existing ASP.NET 3.5 application. My first gut reaction is that this is a horrible frankenstein idea. However, the customer has insisted that we use this application developed by a third-party. I have almost NO CONTROL over the development of the GWT app. My first thought is to actually attempt to embed this in an iFrame. Because GWT is running under Tomcat/Jakarta, it is hosted on a different server from the .NET app so the iFrame src will be to a URL on the other machine. I need to utilize our own ASP.NET authorization scheme to restrict access to the embedded GWT application. The GWT app also uses embedded java applets, which don't seem to be working right now inside the iframe. The GWT app makes calls to a backend server (using GWT-RPC?). Any major problems with this approach that anyone can see? Will GWT work on an iframe while hosted on a different machine? NOTE: SIMPLY ADDING A DIV WITH THE SAME NAME DOES NOT WORK FOR THIS!

Read the article
php user authentication libraries / frameworks ... what are the options?

- by es11

I am using PHP and the codeigniter framework for a project I am working on, and require a user login/authentication system. For now I'd rather not use SSL (might be overkill and the fact that I am using shared hosting discourages this). I have considered using openID but decided that since my target audience is generally not technical, it might scare users away (not to mention that it requires mirroring of login information etc.). I know that I could write a hash based authentication (such as sha1) since there is no sensitive data being passed (I'd compare the level of sensitivity to that of stackoverflow). That being said, before making a custom solution, it would be nice to know if there are any good libraries or packages out there that you have used to provide semi-secure authentication? I am new to codeigniter, but something that integrates well with it would be preferable. Any ideas? (i'm open to criticism on my approach and open to suggestions as to why I might be crazy not to just use ssl). Thanks in advance. Update: I've looked into some of the suggestions. I am curious to try out zend-auth since it seems well supported and well built. Does anyone have experience with using zend-auth in codeigniter (is it too bulky?) and do you have a good reference on integrating it with CI? I do not need any complex authentication schemes..just a simple login/logout/password-management authorization system. Also, dx_auth seems interesting as well, however I am worried that it is too buggy. Has anybody else had success with this? I realized that I would also like to manage guest users (i.e. users that do not login/register) in a similar way to stackoverflow..so any suggestions that have this functionality would be great

Read the article
.NET 4.0 Forms Authentication change?

- by James Koch

I'm seeing some new behavior in Forms Authentication after upgrading to .NET 4.0. This occurs only on IIS 6, not on 7. Background - In web.config, we configure Forms Authentication, and then use <authorization tags to globally deny anonymous/unauthenticated users access. Then we explicitly allow access to a login.aspx page using a <location tag. Generally, this works fine, as it did when we were on .NET 2.0 (3.5). The issue only occurs when we visit the root path of the site, ie "http://myserver/". Our default document is configured in IIS to be login.aspx. Under .NET 4.0, upon visiting that URL, we're redirected to "http://myserver/login.aspx?ReturnUrl=/". If you log in from here, you're logged in and returned back at the log in page (yuck). Just wanted to post this here to see if anyone else is experiencing this. It's not listed on any "breaking changes" documentation I've been able to find. Either I'm missing something, or the UrlAuthorization module has changed and is no longer "smart" about IIS default documents.

Read the article
[iphone,twitter] Accessing the Twitter API through a proxy using NSURLConnectionsm, OAuth problem

- by akaii

I'm having no problems with sending an update directly via hxxps://api.twitter.com/, but the app (for the Iphone, I'm using NSURLConnections) I'm working is supposed to allow the user to select a preferred proxy (e.g. hxxps://twitter-proxy.appspot.com/api/ or hxxps://nest.onedd.net/api/), and I keep getting a 401 error (Failed to validate oauth signature and token) whenever I try to get an access token via these proxies. Even though I send my POST request to the proxy, I am still using the direct url for the api (https:// api.twitter.com/[rest api path]) in the base string. Despite the 401 error message above, the status code I'm actually getting from connection:didReceiveResponse: is 200, probably because it was able to successfully contact the proxy... Is there anything else that I need to consider when using a proxy to access the API? Should anything in the authorization header change, for example? Or the base string? I can manage to connect via Basic Auth without issue, but support for that will be dropped in a month. On a somewhat unrelated note... What are the possible causes of Twitter's error 403, and how do you distinguish between them? Is the only way to differentiate an error due to exceeding the status update limit for an hour (150 per hour) vs for a day (1000 per day) by checking the string reply returned in the response? Is there any way for me to simulate a status update limit error without going through the motions of actually sending 150/1000 tweets?

Read the article
cookie name is truncated in Servlet 3.0 HttpServletRequest (Glassfish V3)

- by idplmal

I'm porting our Web authentication/authorization middleware for use in containers implementing the new servlet 3.0 API (Glassfish V3 in this case). The middleware pulls cookies from the HttpServletRequest filtering on cookies with names of the form "DACS:FEDERATION::JURISDICTION:username". This works fine in the version 2.5 servlet API but is broken in 3.0. The cookie names in 3.0 are being truncated at the first ":" in the name. I understand that the servlet 3.0 implementation defaults to RFC 2109 cookies which are more restrictive about cookie names than the old Netscape spec (":" is among the characters not allowed in RFC 2109 cookie names). Digging into the servlet 3.0 source code, it appears that the use of RFC2109 names can be disabled by setting a System property "org.glassfish.web.rfc2109.cookie_names_enforced" to false. I've tried this to no avail. But besides that, the code that uses checks cookie names is in the constructor for Cookie, and it would appear that the truncation is occurring elsewhere. So - finally - the question. Have others bumped into such issues in the servlet 3.0 API and have you found a work around?

Read the article
Retrieving Json via HTML request from Jboss server

- by Seth Solomon

I am running into a java.net.SocketException: Unexpected end of file from server when I am trying to query some JSON from my JBoss server. I am hoping someone can spot where I am going wrong. Or does anyone have any suggestions of a better way to pull this JSON from my Jboss server? try{ URL u = new URL("http://localhost:9990/management/subsystem/datasources/data-source/MySQLDS/statistics?read-resource&include-runtime=true&recursive=true"); HttpURLConnection c = (HttpURLConnection) u.openConnection(); String encoded = Base64.encode(("username"+":"+"password").getBytes()); c.setRequestMethod("POST"); c.setRequestProperty("Authorization", "Basic "+encoded); c.setRequestProperty("Content-Type","application/json"); c.setUseCaches(false); c.setAllowUserInteraction(false); c.setConnectTimeout(5000); c.setReadTimeout(5000); c.connect(); int status = c.getResponseCode(); // throws the exception here switch (status) { case 200: case 201: BufferedReader br = new BufferedReader(new InputStreamReader(c.getInputStream())); StringBuilder sb = new StringBuilder(); String line; while ((line = br.readLine()) != null) { sb.append(line+"\n"); } br.close(); System.out.println(sb.toString()); break; default: System.out.println(status); break; } } catch (Exception e) { e.printStackTrace(); }

Read the article
Code Organization Connundrum: Web Project With Multiple Supporting DLLs?

- by Code Sherpa

Hi. I am trying to get a handle on the best practice for code organization within my project. I have looked around on the internet for good examples and, so far, I have seen examples of a web project with one or multiple supporting class libraries that it references or a web project with sub-folders that follow its namespace conventions. Assuming there is no right answer, this is what I currently have for code organization: MyProjectWeb This is my web site. I am referencing my class libraries here. MyProject.DLL As the base namespace, I am using this DLL for files that need to be generally consumable. For example, my class "Enums" that has all the enumerations in my project lives there. As does class MyProjectException for all exception handling. MyProject.IO.DLL This is a grouping of maybe 20 files that handle file upload and download (so far). MyProject.Utilities.DLL ALl my common classes and methods bunched up together in one generally consumable DLL. Each class follows a "XHelper" convention such as "SqlHelper, AuthHelper, SerializationHelper, and so on... MyProject.Web.DLL I am using this DLL as the main client interface. Right now, the majority of class files here are: 1) properties (such as School, Location, Account, Posts) 2) authorization stuff ( such as custom membership, custom role, & custom profile providers) My question is simply - does this seem logical? Also, how do I avoid having to cross reference DLLs from one project library to the next? For example, MyProject.Web.DLL uses code from MyProject.Utilities.DLL and MyProject.Utilities.DLL uses code from MyProject.DLL. Is this solved by clicking on properties and selecting "Dependencies"? I tried that but still don't seem to be accessing the namespaces of the assembly I have selected. Do I have to reference every assembly I need for each class library? Responses appreciated and thanks for your patience.

Read the article
Authentication using cookie key with asynchronous callback

- by greg

I need to write authentication function with asynchronous callback from remote Auth API. Simple authentication with login is working well, but authorization with cookie key, does not work. It should checks if in cookies present key "lp_login", fetch API url like async and execute on_response function. The code almost works, but I see two problems. First, in on_response function I need to setup secure cookie for authorized user on every page. In code user_id returns correct ID, but line: self.set_secure_cookie("user", user_id) does't work. Why it can be? And second problem. During async fetch API url, user's page has loaded before on_response setup cookie with key "user" and the page will has an unauthorized section with link to login or sign on. It will be confusing for users. To solve it, I can stop loading page for user who trying to load first page of site. Is it possible to do and how? Maybe the problem has more correct way to solve it? class BaseHandler(tornado.web.RequestHandler): @tornado.web.asynchronous def get_current_user(self): user_id = self.get_secure_cookie("user") user_cookie = self.get_cookie("lp_login") if user_id: self.set_secure_cookie("user", user_id) return Author.objects.get(id=int(user_id)) elif user_cookie: url = urlparse("http://%s" % self.request.host) domain = url.netloc.split(":")[0] try: username, hashed_password = urllib.unquote(user_cookie).rsplit(',',1) except ValueError: # check against malicious clients return None else: url = "http://%s%s%s/%s/" % (domain, "/api/user/username/", username, hashed_password) http = tornado.httpclient.AsyncHTTPClient() http.fetch(url, callback=self.async_callback(self.on_response)) else: return None def on_response(self, response): answer = tornado.escape.json_decode(response.body) username = answer['username'] if answer["has_valid_credentials"]: author = Author.objects.get(email=answer["email"]) user_id = str(author.id) print user_id # It returns needed id self.set_secure_cookie("user", user_id) # but session can's setup

Read the article
How do I sign requests reliably for the Last.fm api in C#?

- by Arda Xi

I'm trying to implement authorization through Last.fm. I'm submitting my arguments as a Dictionary to make the signing easier. This is the code I'm using to sign my calls: public static string SignCall(Dictionary<string, string> args) { IOrderedEnumerable<KeyValuePair<string, string>> sortedArgs = args.OrderBy(arg => arg.Key); string signature = sortedArgs.Select(pair => pair.Key + pair.Value). Aggregate((first, second) => first + second); return MD5(signature + SecretKey); } I've checked the output in the debugger, it's exactly how it should be, however, I'm still getting WebExceptions every time I try. Here's my code I use to generate the URL in case it'll help: public static string GetSignedURI(Dictionary<string, string> args, bool get) { var stringBuilder = new StringBuilder(); if (get) stringBuilder.Append("http://ws.audioscrobbler.com/2.0/?"); foreach (var kvp in args) stringBuilder.AppendFormat("{0}={1}&", kvp.Key, kvp.Value); stringBuilder.Append("api_sig="+SignCall(args)); return stringBuilder.ToString(); } And sample usage to get a SessionKey: var args = new Dictionary<string, string> { {"method", "auth.getSession"}, {"api_key", ApiKey}, {"token", token} }; string url = GetSignedURI(args, true); EDIT: Oh, and the code references an MD5 function implemented like this: public static string MD5(string toHash) { byte[] textBytes = Encoding.UTF8.GetBytes(toHash); var cryptHandler = new System.Security.Cryptography.MD5CryptoServiceProvider(); byte[] hash = cryptHandler.ComputeHash(textBytes); return hash.Aggregate("", (current, a) => current + a.ToString("x2")); }

Read the article
Java Client .class File Protection

- by Zac

I am in the requirements phase of building a JEE application that will most likely run on a GlassFish/JBoss backend (doesn't matter for now). I know I shouldn't be thinking about architecture at requirements time, but one can't help but start to imagine how the components would all snap together :-) Here are some hard, non-flexible requirements on the client-side: (1) The client application will be a Swing box (2) The client is free to download, but will use a subscription model (thus requiring a login mechanism with server-side authentication/authorization, etc.) (3) Yes, Java is the best platform solution for the problem at hand for reasons outside the scope of this post (4) The client-side .class files need safeguarding against decompiling That last (4th) requirement is the basis of this post. I'm not really worried about someone actually decompiling and getting at my source code: in the end, it's just Swing controls driven by some lightweight business logic. I'm worried about a scenario where someone decompiles my code, modifies it to exploit/attack the server, re-compiles, and fires it up. I've envisioned all sorts of nasty solutions, but didn't know if this was a common problem with a common solution for JEE developers. Any thoughts? Not interested in "code obfuscation" techniques! Thanks for any input!

Read the article
WCF Fails when using impersonation over 2 machine boundaries (3 machines)

- by MrTortoise

These scenarios work in their pieces. Its when i put it all together that it breaks. I have a WCF service using netTCP that uses impersonation to get the callers ID (role based security will be used at this level) on top of this is a WCF service using basicHTTP with TransportCredientialOnly which also uses impersonation I then have a client front end that connects to the basicHttp. the aim of the game is to return the clients username from the netTCP service at the bottom - so ultimatley i can use role based security here. each service is on a different machine - and each service works when you remove any calls they make to other services when you run a client for them both locally and remotley. IE the problem only manifests when you jump accross more than one machine boundary. IE the setup breaks when i connect each part together - but they work fine on their own. I also specify [OperationBehavior(Impersonation = ImpersonationOption.Required)] in the method and have IIS setup to only allow windows authentication (actually i have ananymous enabled still, but disabling makes no difference) This impersonation works fine in the scenario where i have a netTCP Service on Machine A with a client with a basicHttp service on machine B with a clinet for the basicHttp service also on machine B ... however if i move that client to any machine C i get the following error: The exception is 'The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:10:00'' the inner message is 'An existing connection was forcibly closed by the remote host' Am beginning to think this is more a network issue than config ... but then im grasping at straws ... the config files are as follows (heading from the client down to the netTCP layer) <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="basicHttpBindingEndpoint" closeTimeout="00:02:00" openTimeout="00:02:00" receiveTimeout="00:10:00" sendTimeout="00:02:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://panrelease01/WCFTopWindowsTest/Service1.svc" binding="basicHttpBinding" bindingConfiguration="basicHttpBindingEndpoint" contract="ServiceReference1.IService1" name="basicHttpBindingEndpoint" behaviorConfiguration="ImpersonationBehaviour" /> </client> <behaviors> <endpointBehaviors> <behavior name="ImpersonationBehaviour"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation"/> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> </system.serviceModel> </configuration> the service for the client (basicHttp service and the client for the netTCP service) <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> <system.serviceModel> <bindings> <netTcpBinding> <binding name="netTcpBindingEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" /> <message clientCredentialType="Windows" /> </security> </binding> </netTcpBinding> <basicHttpBinding> <binding name="basicHttpWindows"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows"></transport> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="net.tcp://5d2x23j.panint.com/netTCPwindows/Service1.svc" binding="netTcpBinding" bindingConfiguration="netTcpBindingEndpoint" contract="ServiceReference1.IService1" name="netTcpBindingEndpoint" behaviorConfiguration="ImpersonationBehaviour"> <identity> <dns value="localhost" /> </identity> </endpoint> </client> <behaviors> <endpointBehaviors> <behavior name="ImpersonationBehaviour"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation" allowNtlm="true"/> </clientCredentials> </behavior> </endpointBehaviors> <serviceBehaviors> <behavior name="WCFTopWindowsTest.basicHttpWindowsBehaviour">  <serviceMetadata httpGetEnabled="true" />  <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <services> <service name="WCFTopWindowsTest.Service1" behaviorConfiguration="WCFTopWindowsTest.basicHttpWindowsBehaviour"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpWindows" name ="basicHttpBindingEndpoint" contract ="WCFTopWindowsTest.IService1"> </endpoint> </service> </services> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true" /> <directoryBrowse enabled="true" /> </system.webServer> </configuration> then finally the service for the netTCP layer <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <authentication mode="Windows"></authentication> <authorization> <allow roles="*"/> </authorization> <compilation debug="true" targetFramework="4.0" /> <identity impersonate="true" /> </system.web> <system.serviceModel> <bindings> <netTcpBinding> <binding name="netTCPwindows"> <security mode="Transport"> <transport clientCredentialType="Windows"></transport> </security> </binding> </netTcpBinding> </bindings> <services> <service behaviorConfiguration="netTCPwindows.netTCPwindowsBehaviour" name="netTCPwindows.Service1"> <endpoint address="" bindingConfiguration="netTCPwindows" binding="netTcpBinding" name="netTcpBindingEndpoint" contract="netTCPwindows.IService1"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mextcp" binding="mexTcpBinding" contract="IMetadataExchange"/> <host> <baseAddresses> <add baseAddress="net.tcp://localhost:8721/test2" /> </baseAddresses> </host> </service> </services> <behaviors> <serviceBehaviors> <behavior name="netTCPwindows.netTCPwindowsBehaviour">  <serviceMetadata httpGetEnabled="false" />  <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true" /> <directoryBrowse enabled="true" /> </system.webServer> </configuration>

Read the article
How to process AJAX requests more securely in PHP?

- by animuson

Ok, so I want to send AJAX requests to my website from my Flash games to process data, but I don't want people downloading them, decompiling them, then sending fake requests to be processed, so I'm trying to figure out the most secure way to process in the PHP files. My first idea was to use Apache's built in Authorization module to require a username and password to access the pages on a separate subdomain of my website, but then you'd have to include that username and password in the AJAX request anyway so that seems kind of pointless to even try. My current option looks pretty promising but I want to make sure it will work. Basically it just checks the IP address being sent using REMOTE_ADDR to make sure it's the IP address that my server runs on. <? $allowed = new Array("64.120.211.89", "64.120.211.90"); if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) header("HTTP/1.1 403 Forbidden"); ?> Both of those IP addresses point to my server. Things I'm worried about: 1) If I send a request from Flash/ActionScript, will that affect the IP address in any way? 2) Is it possible for malicious users to change the IP address that is being sent with REMOTE_ADDR to one of my IP addresses? Any other ways you would suggest that might be more secure?

Read the article
401 Unauthorized returned on GET request (https) with correct credentials

- by Johnny Grass

I am trying to login to my web app using HttpWebRequest but I keep getting the following error: System.Net.WebException: The remote server returned an error: (401) Unauthorized. Fiddler has the following output: Result Protocol Host URL 200 HTTP CONNECT mysite.com:443 302 HTTPS mysite.com /auth 401 HTTP mysite.com /auth This is what I'm doing: // to ignore SSL certificate errors public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; } try { // request Uri uri = new Uri("https://mysite.com/auth"); HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri) as HttpWebRequest; request.Accept = "application/xml"; // authentication string user = "user"; string pwd = "secret"; string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd)); request.Headers.Add("Authorization", auth); ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications); // response. HttpWebResponse response = (HttpWebResponse)request.GetResponse(); // Display Stream dataStream = response.GetResponseStream(); StreamReader reader = new StreamReader(dataStream); string responseFromServer = reader.ReadToEnd(); Console.WriteLine(responseFromServer); // Cleanup reader.Close(); dataStream.Close(); response.Close(); } catch (WebException webEx) { Console.Write(webEx.ToString()); } I am able to log in to the same site with no problem using ASIHTTPRequest in a Mac app like this: NSURL *login_url = [NSURL URLWithString:@"https://mysite.com/auth"]; ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:login_url]; [request setDelegate:self]; [request setUsername:name]; [request setPassword:pwd]; [request setRequestMethod:@"GET"]; [request addRequestHeader:@"Accept" value:@"application/xml"]; [request startAsynchronous];

Read the article
Where did Pylons beautiful error handling go? Using Nginx + Paster + Flup#fcgi_thread

- by Tony

I need to run my development through nginx due to some complicated subdomain routing rules in my pylons app that wouldn't be handled otherwise. I had been using lighttpd + paster + Flup#scgi_thread and the nice error reporting by Pylons had been working fine in that environment. Yesterday I recompiled Python and MySQL for 64bit, and also switched to Ngix + paster + Flup#fcgi_thread for my development environment. Everything is working great, but I miss the fancy error reports. This is what I get now, and it is a mess compared to what I got used to: http://drp.ly/Iygeg . And here are the pylons/nginx configs. Pylons: [server:main] use = egg:Flup#fcgi_thread host = 0.0.0.0 port = 6500 Nginx: location / { #include /usr/local/nginx/conf/fastcgi.conf; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param QUERY_STRING $query_string; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_pass_header Authorization; fastcgi_intercept_errors off; fastcgi_pass 127.0.0.1:6500; }

Read the article
Getting a list of Tasks that belong to a Role from Azman

- by Steven

I'm using the AZROLESLib which is from the COM references "azroles 1.0 Type Library" and I am trying to create a list of the designated tasks for each role that I have currently set in my authorization manager but when I loop through the tasks for the role, I get the role name. I've looked all around but couldn't find anything that would help. Here's what I got currently (It's not super pretty but i'm just trying to get it working at the moment). AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass(); AzManStore.Initialize(0, ConfigurationManager.ConnectionStrings["AzManStore"].ConnectionString, null); IAzApplication azApp = AzManStore.OpenApplication("StoreName", null); StringBuilder output = new StringBuilder(); Array tasks = null; foreach (IAzRole currentRole in azApp.Roles) { output.Append(currentRole.Name + "<br />"); tasks = (Array)currentRole.Tasks; foreach (object ob in tasks) { output.Append("   -" + ob.ToString() + "<br />"); } } return output.ToString(); What comes out is: Administrator -Administrator Account Manager -Account Manager Corporate Marketing Specialist -Corporate Marketing Specialist General Employee -General Employee Marketing Manager -Marketing Manager Regional Marketing Specialist -Regional Marketing Specialist Sales Manager -Sales Manager Webmaster -Webmaster but what should come out is something like: Webmaster Websites Maintain News Maintain Events Maintain Reports Read Thanks in advance.

Read the article
Getting broken link error whle Using App Engine service accounts

- by jade

I'm following this tutorial https://developers.google.com/bigquery/docs/authorization#service-accounts-appengine Here is my main.py code import httplib2 from apiclient.discovery import build from google.appengine.ext import webapp from google.appengine.ext.webapp.util import run_wsgi_app from oauth2client.appengine import AppAssertionCredentials # BigQuery API Settings SCOPE = 'https://www.googleapis.com/auth/bigquery' PROJECT_NUMBER = 'XXXXXXXXXX' # REPLACE WITH YOUR Project ID # Create a new API service for interacting with BigQuery credentials = AppAssertionCredentials(scope=SCOPE) http = credentials.authorize(httplib2.Http()) bigquery_service = build('bigquery', 'v2', http=http) class ListDatasets(webapp.RequestHandler): def get(self): datasets = bigquery_service.datasets() listReply = datasets.list(projectId=PROJECT_NUMBER).execute() self.response.out.write('Dataset list:') self.response.out.write(listReply) application = webapp.WSGIApplication( [('/listdatasets(.*)', ListDatasets)], debug=True) def main(): run_wsgi_app(application) if __name__ == "__main__": main() Here is my app.yaml file code application: bigquerymashup version: 1 runtime: python api_version: 1 handlers: - url: /favicon\.ico static_files: favicon.ico upload: favicon\.ico - url: .* script: main.py And yes i have added app engine service account name in google api console Team tab with can edit permissions. When upload the app and try to access the link it says Oops! This link appears to be broken. Ealier i ran this locally and tried to access it using link localhost:8080.Then i thought may be running locally might be giving the error so i uploaded my code to http://bigquerymashup.appspot.com/ but still its giving error.

Read the article
django-social-auth for Facebook is redirecting home and not logging in

- by Scott Rogowski

I have had django-social-auth working for Google for quite some time now but am having problems with Facebook. I am at the point where clicking on the /login/facebook/ link will take me to the Facebook authorization page. I then click "go to app" and it redirects me to my home page but does not log in or create a user but does put some strange "#=" onto the back of my URL. Reading up on that, here https://developers.facebook.com/blog/post/552/, and here https://github.com/omab/django-social-auth/issues/199, it seems that would be happening if the redirect uri was not defined. However, on my facebook app settings, I have the following (replacing my site with example.com): + App Namespace: "example" + Site URL: "http://example.com/complete/facebook/" + Site Domain: "example.com" + Sandbox Mode: "On" + Post-Authorize Redirect URL: "http://apps.facebook.com/example/" + Deauthorize URL: "http://www.example.com/" + Post-Authorize URL: "http://example.com/complete/facebook/" The request that django-social-auth is sending to facebook is (replacing my info again): "https://www.facebook.com/dialog/oauth?scope=email&state=*&redirect_uri=http%3A%2F%2Fexample.com%2Fcomplete%2Ffacebook%2F%3Fredirect_state%3D***&client_id=*" The /complete/facebook/ is what is in the documentation and google works as /complete/google/ What am I missing here?

Read the article
Yii user rights extension

- by jailed abroad

i have installed the yii rights extension and here is my code after installation, database tables are created after installation. 'modules'=>array( // uncomment the following to enable the Gii tool 'rights'=>array( 'superuserName'=>'Admin', // Name of the role with super user privileges. 'authenticatedName'=>'Authenticated', //// Name of the authenticated user role. 'userIdColumn'=>'id',// Name of the user id column in the database. 'userNameColumn'=>'username', // Name of the user name column in the database. 'enableBizRule'=>true, // Whether to enable authorization item business rules. 'enableBizRuleData'=>false, //Whether to enable data for business rules. 'displayDescription'=>true, // Whether to use item description instead of name. ' // Key to use for setting success flash messages. 'flashErrorKey'=>'RightsError', / Key to use for setting error flash messages. // 'install'=>true, // Whether to install rights. 'baseUrl'=>'/rights', // Base URL for Rights. Change if module is nested. 'layout'=>'rights.views.layouts.main', // Layout to use for displaying Rights. 'appLayout'=>'application.views.layouts.main', //Application layout. 'cssFile'=>'rights.css', // Style sheet file to use for Rights. ' 'install'=>false, // Whether to enable installer. 'debug'=>false, ), 'gii'=>array( 'class'=>'system.gii.GiiModule', 'password'=>'1234', // If removed, Gii defaults to localhost only. Edit carefully to taste. 'ipFilters'=>array('127.0.0.1','::1'), ), ), But when i type url http://localhost/rightsTest/index.php/rights then it says There must be at least one superuser! I have tried many things but unable to find answer. Thanks for your help.

Read the article
Turning PHP page calling Zend functions procedurally into Zend Framework MVC-help!

- by Joel

Hi guys, I posted much of this question, but if didn't include all the Zend stuff because I thought it'd be overkill, but now I'm thinking it's not easy to figure out an OO way of doing this without that code... So with that said, please forgive the verbose code. I'm learning how to use MVC and OO in general, and I have a website that is all in PHP but most of the pages are basic static pages. I have already converted them all to views in Zend Framework, and have the Controller and layout set. All is good there. The one remaining page I have is the main reason I did this...it in fact uses Zend library (for gData connection and pulling info from a Google Calendar and displaying it on the page. I don't know enough about this to know where to begin to refactor the code to fit in the Zend Framework MVC model. Any help would be greatly appreciated!! .phtml view page: <div id="dhtmltooltip" align="left"></div> <script src="../js/tooltip.js" type="text/javascript"> </script> <div id="container"> <div id="conten"> <a name="C4"></a> <?php function get_desc_second_part(&$value) { list(,$val_b) = explode('==',$value); $value = trim($val_b); } function filterEventDetails($contentText) { $data = array(); foreach($contentText as $row) { if(strstr($row, 'When: ')) { ##cleaning "when" string to get date in the format "May 28, 2009"## $data['duration'] = str_replace('When: ','',$row); list($when, ) = explode(' to ',$data['duration']); $data['when'] = substr($when,4); if(strlen($data['when'])>13) $data['when'] = trim(str_replace(strrchr($data['when'], ' '),'',$data['when'])); $data['duration'] = substr($data['duration'], 0, strlen($data['duration'])-4); //trimming time zone identifier (UTC etc.) } if(strstr($row, 'Where: ')) { $data['where'] = str_replace('Where: ','',$row); //pr($row); //$where = strstr($row, 'Where: '); //pr($where); } if(strstr($row, 'Event Description: ')) { $event_desc = str_replace('Event Description: ','',$row); //$event_desc = strstr($row, 'Event Description: '); ## Filtering event description and extracting venue, ticket urls etc from it. //$event_desc = str_replace('Event Description: ','',$contentText[3]); $event_desc_array = explode('|',$event_desc); array_walk($event_desc_array,'get_desc_second_part'); //pr($event_desc_array); $data['venue_url'] = $event_desc_array[0]; $data['details'] = $event_desc_array[1]; $data['tickets_url'] = $event_desc_array[2]; $data['tickets_button'] = $event_desc_array[3]; $data['facebook_url'] = $event_desc_array[4]; $data['facebook_icon'] = $event_desc_array[5]; } } return $data; } // load library require_once 'Zend/Loader.php'; Zend_Loader::loadClass('Zend_Gdata'); Zend_Loader::loadClass('Zend_Gdata_ClientLogin'); Zend_Loader::loadClass('Zend_Gdata_Calendar'); Zend_Loader::loadClass('Zend_Http_Client'); // create authenticated HTTP client for Calendar service $gcal = Zend_Gdata_Calendar::AUTH_SERVICE_NAME; $user = "[email protected]"; $pass = "xxxxxxxx"; $client = Zend_Gdata_ClientLogin::getHttpClient($user, $pass, $gcal); $gcal = new Zend_Gdata_Calendar($client); $query = $gcal->newEventQuery(); $query->setUser('[email protected]'); $secondary=true; $query->setVisibility('private'); $query->setProjection('basic'); $query->setOrderby('starttime'); $query->setSortOrder('ascending'); //$query->setFutureevents('true'); $startDate=date('Y-m-d h:i:s'); $endDate="2015-12-31"; $query->setStartMin($startDate); $query->setStartMax($endDate); $query->setMaxResults(30); try { $feed = $gcal->getCalendarEventFeed($query); } catch (Zend_Gdata_App_Exception $e) { echo "Error: " . $e->getResponse(); } ?> <h1><?php echo $feed->title; ?></h1> <?php echo $feed->totalResults; ?> event(s) found. <table width="90%" border="3" align="center"> <tr> <td width="20%" align="center" valign="middle"><b>;DATE</b></td> <td width="25%" align="center" valign="middle"><b>VENUE</b></td> <td width="20%" align="center" valign="middle"><b>CITY</b></td> <td width="20%" align="center" valign="middle"><b>DETAILS</b></td> <td width="15%" align="center" valign="middle"><b>LINKS</b></td> </tr> <?php if((int)$feed->totalResults>0) { //checking if at least one event is there in this date range foreach ($feed as $event) { //iterating through all events //pr($event);die; $contentText = stripslashes($event->content->text); //striping any escape character $contentText = preg_replace('/\<br \/\>[\n\t\s]{1,}\<br \/\>/','<br />',stripslashes($event->content->text)); //replacing multiple breaks with a single break //die(); $contentText = explode('<br />',$contentText); //splitting data by break tag $eventData = filterEventDetails($contentText); $when = $eventData['when']; $where = $eventData['where']; $duration = $eventData['duration']; $venue_url = $eventData['venue_url']; $details = $eventData['details']; $tickets_url = $eventData['tickets_url']; $tickets_button = $eventData['tickets_button']; $facebook_url = $eventData['facebook_url']; $facebook_icon = $eventData['facebook_icon']; $title = stripslashes($event->title); echo '<tr>'; echo '<td width="20%" align="center" valign="middle" nowrap="nowrap">'; echo $when; echo '</td>'; echo '<td width="20%" align="center" valign="middle">'; if($venue_url!='') { echo '<a href="'.$venue_url.'" target="_blank">'.$title.'</a>'; } else { echo $title; } echo '</td>'; echo '<td width="20%" align="center" valign="middle">'; echo $where; echo '</td>'; echo '<td width="20%" align="center" valign="middle">'; $details = str_replace("\n","<br>",htmlentities($details)); $duration = str_replace("\n","<br>",$duration); $detailed_description = "<b>When</b>: <br>".$duration."<br><br>"; $detailed_description .= "<b>Description</b>: <br>".$details; echo '<a href="javascript:void(0);" onmouseover="ddrivetip(\''.$detailed_description.'\')" onmouseout="hideddrivetip()" onclick="return false">View Details</a>'; echo '</td>'; echo '<td width="20%" valign="middle">'; if(trim($tickets_url) !='' && trim($tickets_button)!='') { echo '<a href="'.$tickets_url.'" target="_blank"><img src="'.$tickets_button.'" border="0" ></a>'; } if(trim($facebook_url) !='' && trim($facebook_icon)!='') { echo '<a href="'.$facebook_url.'" target="_blank"><img src="'.$facebook_icon.'" border="0" ></a>'; } else { echo '......'; } echo '</td>'; echo '</tr>'; } } else { //else show 'no event found' message echo '<tr>'; echo '<td width="100%" align="center" valign="middle" colspan="5">'; echo "No event found"; echo '</td>'; } ?> </table> <h3><a href="#pastevents">Scroll down for a list of past shows.</a></h3> <br /> <a name="pastevents"></a> <ul class="pastShows"> <?php $startDate='2005-01-01'; $endDate=date('Y-m-d'); /*$gcal = Zend_Gdata_Calendar::AUTH_SERVICE_NAME; $user = "[email protected]"; $pass = "silverroof10"; $client = Zend_Gdata_ClientLogin::getHttpClient($user, $pass, $gcal); $gcal = new Zend_Gdata_Calendar($client); $query = $gcal->newEventQuery(); $query->setUser('[email protected]'); $query->setVisibility('private'); $query->setProjection('basic');*/ $query->setOrderby('starttime'); $query->setSortOrder('descending'); $query->setFutureevents('false'); $query->setStartMin($startDate); $query->setStartMax($endDate); $query->setMaxResults(1000); try { $feed = $gcal->getCalendarEventFeed($query); } catch (Zend_Gdata_App_Exception $e) { echo "Error: " . $e->getResponse(); } if((int)$feed->totalResults>0) { //checking if at least one event is there in this date range foreach ($feed as $event) { //iterating through all events $contentText = stripslashes($event->content->text); //striping any escape character $contentText = preg_replace('/\<br \/\>[\n\t\s]{1,}\<br \/\>/','<br />',stripslashes($event->content->text)); //replacing multiple breaks with a single break $contentText = explode('<br />',$contentText); //splitting data by break tag $eventData = filterEventDetails($contentText); $when = $eventData['when']; $where = $eventData['where']; $duration = $eventData['duration']; $title = stripslashes($event->title); echo '<li class="pastShows">' . $when . " - " . $title . ", " . $where . '</li>'; } } ?> </div> </div>

Read the article
hiding buttons in master page

- by pankaj

Hi, I am working on an app where i am having some linkbuttons in master page. I want to display them depending upon the authorization given to them once they logs in. I have initially made all of them visible false and then i am checking the authorisation in the aspx.cs class of master page. I make the link button visible depending upon the right granted to the user. But it is making all the link buttons visible. Instead it should only make two of them visible and rest should be hidden. Following is my code from MasterPage.aspx.cs: ArrayList arrlstUserRoles = new ArrayList(); arrlstUserRoles = (ArrayList)Session["Roles"]; for (int j = 0; j < arrlstUserRoles.Count; j++) { if (int.Parse(arrlstUserRoles[j].ToString()) == 1) { lbtnRetailer.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 2) { lbtnCategory.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 3) { lbtnCouponTemplate.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 4) { //lbtnStoreManagement.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 5) { lbtnStoreManagement.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 6) { lbtnContentManagement.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 7) { //lbtnStoreManagement.Visible = true; } }

Read the article
Twitter API Rate Limit - Overcoming on an unauthenticated JSON Get with Objective C?

- by Cian

I see the rate limit is 150/hr per IP. This'd be fine, but my application is on a mobile phone network (with shared IP addresses). I'd like to query twitter trends, e.g. GET /trends/1/json. This doesn't require authorization, however what if the user first authorized with my application using OAuth, then hit the JSON API? The request is built as follows: - (void) queryTrends:(NSString *) WOEID { NSString *urlString = [NSString stringWithFormat:@"http://api.twitter.com/1/trends/%@.json", WOEID]; NSURL *url = [NSURL URLWithString:urlString]; NSURLRequest *theRequest=[NSURLRequest requestWithURL:url cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0]; NSURLConnection *theConnection=[[NSURLConnection alloc] initWithRequest:theRequest delegate:self startImmediately:YES]; if (theConnection) { // Create the NSMutableData to hold the received data. theData = [[NSMutableData data] retain]; } else { NSLog(@"Connection failed in Query Trends"); } //NSData *data = [NSData dataWithContentsOfURL:[NSURL URLWithString:urlString]]; } I have no idea how I'd build this request as an authenticated one however, and haven't seen any examples to this effect online. I've read through the twitter OAuth documentation, but I'm still puzzled as to how it should work. I've experimented with OAuth using Ben Gottlieb's prebuild library, and calling this in my first viewDidLoad: OAuthViewController *oAuthVC = [[OAuthViewController alloc] initWithNibName:@"OAuthTwitterDemoViewController" bundle:[NSBundle mainBundle]]; // [self setViewController:aViewController]; [[self navigationController] pushViewController:oAuthVC animated:YES]; This should store all the keys required in the app's preferences, I just need to know how to build the GET request after authorizing! Maybe this just isn't possible? Maybe I'll have to proxy the requests through a server side application? Any insight would be appreciated!

Read the article
Third party multipart request in playframework

- by Brian

I'm making an application to post photos to yfrog and twitpic and I am having a little trouble figuring out how to set the parameters. Here is my code: public static Result index() { HttpClient httpclient = new DefaultHttpClient(); WSRequestHolder holder = WS.url("http://api.twitpic.com/2/upload.json"); holder.setHeader("Authorization", ""); return async(holder.post("").map(new Function<WS.Response, Result>() { public Result apply(WS.Response response) { return ok(response.getBody()); } })); } Now, I don't expect this to actually get an ok response from the server, as I am just testing the responses that I get back from the server, and that is one that says I need to provide the api key. I figured as much, but I'm not sure of the syntax for providing that parameter, as I need to also give the name of the file and the file. I tried setting holder.post("key=somekey"), with the hope that I would get a different error message (like the key you provided is invalid) but I just get the same error. I'm assuming that I probably need to send it in the for of a multipart request, but I am not very experienced with this kind of request and can't find any play documentation on how to create a multipart request, other than in an html form. Any suggestions and help will be much appreciated. And fyi, I do know that there are yfrog and twitpic java classes to handle this kind of stuff, but I want to do it myself, more so for learning how to do this kind of stuff. Thanks in advance!

Read the article
How to authenticate multiple entry points in a facebook app?

- by Simon_Weaver

I am using an IFrame application with XFBML and the new Javascript API. I'd like to have a facebook application with multiple entry points. These will most likely represent different links coming from a fan page tab. I can do this quite easily if the pages don't require authentication - for instance I can create several pages under the app and if a new user comes I can send them to any page: http://apps.facebook.com/myapp/offers http://apps.facebook.com/myapp/game http://apps.facebook.com/myapp/products The problem is that if I need to have authentication then once the user is authenticated they get redirected to my default post-authorization url. Is there a way for a user that comes to /game to stay on /game after they are authenticated without redirecting. I thought I could do it with the AJAX login form - but I cannot find out how to do that in a Facebook IFrame application. I think the example using requirelogin only works for FBML. <a href="http://apps.facebook.com/mysmiley" requirelogin=1> Welcome to my app</a>. Is there a way to accomplish this with Facebook APIs - or will I have to do some kind of clever cookie handling?

Read the article

< Previous Page | 192 193 194 195 196 197 198 199 200 201 202 203 | Next Page >