Search Results

Search found 17257 results on 691 pages for 'mixed mode authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 2/691 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Exchange Cached Mode (Exchange 2010) with Outlook 2003 and Outlook 2010 Causing Sync Issues

    - by Jason N. Gaylord
    We have Exchange 2010 and a mix of Outlook 2003 and Outlook 2010 clients. When Exchange Cached Mode is enabled, clients are receiving sync issues. In Outlook 2010, the sync issues are mainly with the Deleted Items. In Outlook 2003, they are mainly around the Offline Address Book. When Exchange Cached Mode is disabled, the clients notice a 3 second delay in deleting email in list view within the Inbox. Anyway that these two issues can be resolved? It's a big pain especially to the frustrated end users. TIA!!!!

    Read the article

  • ASP.NET - Manual authentication system

    - by Gal V
    Hello all, Wer'e developing an ASP.NET C# application, which will contain an authentication system that authenticates users in multiple levels (user, admin, super-admin, etc.). Our idea is NOT to use the built in ASP.NET forms authentication feature. Our plan is to create a whole 'new' system for it- based on the Session object, and SQL database contains users' info such as username & password. Is there any SERIOUS different between our idea to the Forms authentication feature? What security risks do we take? How do we solve them? Is this a good alternative for the forms authentication feature? Thanks in advance !

    Read the article

  • Token based Authentication for WCF HTTP/REST Services: Authentication

    - by Your DisplayName here!
    This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. For the theoretical background, see my previous post. Disclaimer The framework I am using/building here is not the only possible approach to tackle the problem. Based on customer feedback and requirements the code has gone through several iterations to a point where we think it is ready to handle most of the situations. Goals and requirements The framework should be able to handle typical scenarios like username/password based authentication, as well as token based authentication The framework should allow adding new supported token types Should work with WCF web programming model either self-host or IIS hosted Service code can rely on an IClaimsPrincipal on Thread.CurrentPrincipal that describes the client using claims-based identity Implementation overview In WCF the main extensibility point for this kind of security work is the ServiceAuthorizationManager. It gets invoked early enough in the pipeline, has access to the HTTP protocol details of the incoming request and can set Thread.CurrentPrincipal. The job of the SAM is simple: Check the Authorization header of the incoming HTTP request Check if a “registered” token (more on that later) is present If yes, validate the token using a security token handler, create the claims principal (including claims transformation) and set Thread.CurrentPrincipal If no, set an anonymous principal on Thread.CurrentPrincipal. By default, anonymous principals are denied access – so the request ends here with a 401 (more on that later). To wire up the custom authorization manager you need a custom service host – which in turn needs a custom service host factory. The full object model looks like this: Token handling A nice piece of existing WIF infrastructure are security token handlers. Their job is to serialize a received security token into a CLR representation, validate the token and turn the token into claims. The way this works with WS-Security based services is that WIF passes the name/namespace of the incoming token to WIF’s security token handler collection. This in turn finds out which token handler can deal with the token and returns the right instances. For HTTP based services we can do something very similar. The scheme on the Authorization header gives the service a hint how to deal with an incoming token. So the only missing link is a way to associate a token handler (or multiple token handlers) with a scheme and we are (almost) done. WIF already includes token handler for a variety of tokens like username/password or SAML 1.1/2.0. The accompanying sample has a implementation for a Simple Web Token (SWT) token handler, and as soon as JSON Web Token are ready, simply adding a corresponding token handler will add support for this token type, too. All supported schemes/token types are organized in a WebSecurityTokenHandlerCollectionManager and passed into the host factory/host/authorization manager. Adding support for basic authentication against a membership provider would e.g. look like this (in global.asax): var manager = new WebSecurityTokenHandlerCollectionManager(); manager.AddBasicAuthenticationHandler((username, password) => Membership.ValidateUser(username, password));   Adding support for Simple Web Tokens with a scheme of Bearer (the current OAuth2 scheme) requires passing in a issuer, audience and signature verification key: manager.AddSimpleWebTokenHandler(     "Bearer",     "http://identityserver.thinktecture.com/trust/initial",     "https://roadie/webservicesecurity/rest/",     "WFD7i8XRHsrUPEdwSisdHoHy08W3lM16Bk6SCT8ht6A="); In some situations, SAML token may be used as well. The following configures SAML support for a token coming from ADFS2: var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer( "d1 c5 b1 25 97 d0 36 94 65 1c e2 64 fe 48 06 01 35 f7 bd db", "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add( new Uri("https://roadie/webservicesecurity/rest/")); adfsConfig.IssuerNameRegistry = registry; adfsConfig.CertificateValidator = X509CertificateValidator.None; // token decryption (read from config) adfsConfig.ServiceTokenResolver = IdentityModelConfiguration.ServiceConfiguration.CreateAggregateTokenResolver();             manager.AddSaml11SecurityTokenHandler("SAML", adfsConfig);   Transformation The custom authorization manager will also try to invoke a configured claims authentication manager. This means that the standard WIF claims transformation logic can be used here as well. And even better, can be also shared with e.g. a “surrounding” web application. Error handling A WCF error handler takes care of turning “access denied” faults into 401 status codes and a message inspector adds the registered authentication schemes to the outgoing WWW-Authenticate header when a 401 occurs. The next post will conclude with authorization as well as the source code download.   (Wanna learn more about federation, WIF, claims, tokens etc.? Click here.)

    Read the article

  • Routes for IIS Classic and Integrated Mode

    - by imran_ku07
         Introduction:             ASP.NET MVC Routing feature makes it very easy to provide clean URLs. You just need to configure routes in global.asax file to create an application with clean URLs. In most cases you define routes works in IIS 6, IIS 7 (or IIS 7.5) Classic and Integrated mode. But in some cases your routes may only works in IIS 7 Integrated mode, like in the case of using extension less URLs in IIS 6 without a wildcard extension map. So in this article I will show you how to create different routes which works in IIS 6 and IIS 7 Classic and Integrated mode.       Description:             Let's say that you need to create an application which must work both in Classic and Integrated mode. Also you have no control to setup a wildcard extension map in IIS. So you need to create two routes. One with extension less URL for Integrated mode and one with a URL with an extension for Classic Mode.   routes.MapRoute( "DefaultClassic", // Route name "{controller}.aspx/{action}/{id}", // URL with parameters new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults ); routes.MapRoute( "DefaultIntegrated", // Route name "{controller}/{action}/{id}", // URL with parameters new { controller = "Home", action = "Index", id = UrlParameter.Optional } // Parameter defaults );               Now you have set up two routes, one for Integrated mode and one for Classic mode. Now you only need to ensure that Integrated mode route should only match if the application is running in Integrated mode and Classic mode route should only match if the application is running in Classic mode. For making this work you need to create two custom constraint for Integrated and Classic mode. So replace the above routes with these routes,     routes.MapRoute( "DefaultClassic", // Route name "{controller}.aspx/{action}/{id}", // URL with parameters new { controller = "Home", action = "Index", id = UrlParameter.Optional }, // Parameter defaults new { mode = new ClassicModeConstraint() }// Constraints ); routes.MapRoute( "DefaultIntegrated", // Route name "{controller}/{action}/{id}", // URL with parameters new { controller = "Home", action = "Index", id = UrlParameter.Optional }, // Parameter defaults new { mode = new IntegratedModeConstraint() }// Constraints );            The first route which is for Classic mode adds a ClassicModeConstraint and second route which is for Integrated mode adds a IntegratedModeConstraint. Next you need to add the implementation of these constraint classes.     public class ClassicModeConstraint : IRouteConstraint { public bool Match(HttpContextBase httpContext, Route route, string parameterName, RouteValueDictionary values, RouteDirection routeDirection) { return !HttpRuntime.UsingIntegratedPipeline; } } public class IntegratedModeConstraint : IRouteConstraint { public bool Match(HttpContextBase httpContext, Route route, string parameterName, RouteValueDictionary values, RouteDirection routeDirection) { return HttpRuntime.UsingIntegratedPipeline; } }             HttpRuntime.UsingIntegratedPipeline returns true if the application is running on Integrated mode; otherwise, it returns false. So routes for Integrated mode only matched when the application is running on Integrated mode and routes for Classic mode only matched when the application is not running on Integrated mode.       Summary:             During developing applications, sometimes developers are not sure that whether this application will be host on IIS 6 or IIS 7 (or IIS 7.5) Integrated mode or Classic mode. So it's a good idea to create separate routes for both Classic and Integrated mode so that your application will use extension less URLs where possible and use URLs with an extension where it is not possible to use extension less URLs. In this article I showed you how to create separate routes for IIS Integrated and Classic mode. Hope you will enjoy this article too.   SyntaxHighlighter.all()

    Read the article

  • Install XP Mode with VirtualBox Using the VMLite Plugin

    - by Mysticgeek
    Would you like to run XP Mode, but prefer Sun’s VirtualBox for virtualization?  Thanks to the free VMLite plugin, you can quickly and easily run XP Mode in or alongside VirtualBox. Yesterday we showed you one method to install XP Mode in VirtualBox, unfortunately in that situation you lose XP’s activation, and it isn’t possible to reactivate it. Today we show you a tried and true method for running XP mode in VirtualBox and integrating it seamlessly with Windows 7. Note: You need to have Windows 7 Professional or above to use XP Mode in this manner. Install XP Mode Make sure you’re logged in with Administrator rights for the entire process. The first thing you’ll want to do is install XP Mode on your system (link below). You don’t need to install Windows Virtual PC. Go through and install XP Mode using the defaults. Install VirtualBox Next you’ll need to install VirtualBox 3.1.2 or higher if it isn’t installed already. If you have an older version of VirtualBox installed, make sure to update it. During setup you’re notified that your network connection will be reset. Check the box next to Always trust software from “Sun Microsystems, Inc.” then click Install.   Setup only takes a couple of minutes, and does not require a reboot…which is always nice. Install VMLite XP Mode Plugin The next thing we’ll need to install is the VMLite XP Mode Plugin. Again Installation is simple following the install wizard. During the install like with VirtualBox you’ll be asked to install the device software. After it’s installed go to the Start menu and run VMLite Wizard as Administrator. Select the location of the XP Mode Package which by default should be in C:\Program Files\Windows XP Mode. Accept the EULA…and notice that it’s meant for Windows 7 Professional, Enterprise, and Ultimate editions. Next, name the machine, choose the install folder, and type in a password. Select if you want Automatic Updates turned on or not. Wait while the process completes then click Finish.   The VMLite XP Mode will set up to run the first time. That is all there is to this section. You can run XP Mode from within the VMLite Workstation right away. XP Mode is fully activated already, and the Guest Additions are already installed, so there’s nothing else you need to do!  XP Mode is the whole way ready to use. Integration with VirtualBox Since we installed the VMLite Plugin, when you open VirtualBox you’ll see it listed as one of your machines and you can start it up from here.   Here we see VMLite XP Mode running in Sun VirtualBox. Integrate with Windows 7 To integrate it with Windows 7 click on Machine \ Seamless Mode…   Here you can see the XP menu and Taskbar will be placed on top of Windows 7. From here you can access what you need from XP Mode.   Here we see XP running on Virtual Box in Seamless Mode. We have the old XP WordPad sitting next to the new Windows 7 version of WordPad. This works so seamlessly you forget if your working in XP or Windows 7. In this example we have Windows Home Server Console running in Windows 7, while installing MSE from IE 6 in XP Mode. At the top of the screen you will still have access to the VMs controls.   You can click the button to exit Seamless Mode, or simply hit the right “CTRL+L” Conclusion This is a very slick way to run XP Mode in VirtualBox on any machine that doesn’t have Hardware Virtualization. This method also doesn’t lose the XP Mode activation and is actually extremely easy to set up. If you prefer VMware (like we do), Check out how to run XP Mode on machines without Hardware Virtualization capability, and also how to create an XP Mode for Vista and Windows 7 Home Premium. Links Download XP Mode Download VirtualBox Download VMLite XP Mode Plugin for VirtualBox (Site Registration Required) Similar Articles Productive Geek Tips Search for Install Packages from the Ubuntu Command LineHow To Run XP Mode in VirtualBox on Windows 7 (sort of)Install and Use the VLC Media Player on Ubuntu LinuxInstall Monodevelop on Ubuntu LinuxInstall Flash Plugin Manually in Firefox on Vista TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 PCmover Professional Enable Check Box Selection in Windows 7 OnlineOCR – Free OCR Service Betting on the Blind Side, a Vanity Fair article 30 Minimal Logo Designs that Say More with Less LEGO Digital Designer – Free Create a Personal Website Quickly using Flavors.me

    Read the article

  • Install XP Mode with VirtualBox Using the VMLite Plugin

    - by Mysticgeek
    Would you like to run XP Mode, but prefer Sun’s VirtualBox for virtualization?  Thanks to the free VMLite plugin, you can quickly and easily run XP Mode in or alongside VirtualBox. Yesterday we showed you one method to install XP Mode in VirtualBox, unfortunately in that situation you lose XP’s activation, and it isn’t possible to reactivate it. Today we show you a tried and true method for running XP mode in VirtualBox and integrating it seamlessly with Windows 7. Note: You need to have Windows 7 Professional or above to use XP Mode in this manner. Install XP Mode Make sure you’re logged in with Administrator rights for the entire process. The first thing you’ll want to do is install XP Mode on your system (link below). You don’t need to install Windows Virtual PC. Go through and install XP Mode using the defaults. Install VirtualBox Next you’ll need to install VirtualBox 3.1.2 or higher if it isn’t installed already. If you have an older version of VirtualBox installed, make sure to update it. During setup you’re notified that your network connection will be reset. Check the box next to Always trust software from “Sun Microsystems, Inc.” then click Install.   Setup only takes a couple of minutes, and does not require a reboot…which is always nice. Install VMLite XP Mode Plugin The next thing we’ll need to install is the VMLite XP Mode Plugin. Again Installation is simple following the install wizard. During the install like with VirtualBox you’ll be asked to install the device software. After it’s installed go to the Start menu and run VMLite Wizard as Administrator. Select the location of the XP Mode Package which by default should be in C:\Program Files\Windows XP Mode. Accept the EULA…and notice that it’s meant for Windows 7 Professional, Enterprise, and Ultimate editions. Next, name the machine, choose the install folder, and type in a password. Select if you want Automatic Updates turned on or not. Wait while the process completes then click Finish.   The VMLite XP Mode will set up to run the first time. That is all there is to this section. You can run XP Mode from within the VMLite Workstation right away. XP Mode is fully activated already, and the Guest Additions are already installed, so there’s nothing else you need to do!  XP Mode is the whole way ready to use. Integration with VirtualBox Since we installed the VMLite Plugin, when you open VirtualBox you’ll see it listed as one of your machines and you can start it up from here.   Here we see VMLite XP Mode running in Sun VirtualBox. Integrate with Windows 7 To integrate it with Windows 7 click on Machine \ Seamless Mode…   Here you can see the XP menu and Taskbar will be placed on top of Windows 7. From here you can access what you need from XP Mode.   Here we see XP running on Virtual Box in Seamless Mode. We have the old XP WordPad sitting next to the new Windows 7 version of WordPad. This works so seamlessly you forget if your working in XP or Windows 7. In this example we have Windows Home Server Console running in Windows 7, while installing MSE from IE 6 in XP Mode. At the top of the screen you will still have access to the VMs controls.   You can click the button to exit Seamless Mode, or simply hit the right “CTRL+L” Conclusion This is a very slick way to run XP Mode in VirtualBox on any machine that doesn’t have Hardware Virtualization. This method also doesn’t lose the XP Mode activation and is actually extremely easy to set up. If you prefer VMware (like we do), Check out how to run XP Mode on machines without Hardware Virtualization capability, and also how to create an XP Mode for Vista and Windows 7 Home Premium. Links Download XP Mode Download VirtualBox Download VMLite XP Mode Plugin for VirtualBox (Site Registration Required) Similar Articles Productive Geek Tips Search for Install Packages from the Ubuntu Command LineHow To Run XP Mode in VirtualBox on Windows 7 (sort of)Install and Use the VLC Media Player on Ubuntu LinuxInstall Monodevelop on Ubuntu LinuxInstall Flash Plugin Manually in Firefox on Vista TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 PCmover Professional Enable Check Box Selection in Windows 7 OnlineOCR – Free OCR Service Betting on the Blind Side, a Vanity Fair article 30 Minimal Logo Designs that Say More with Less LEGO Digital Designer – Free Create a Personal Website Quickly using Flavors.me

    Read the article

  • Different behaviour with windows authentication on IIS7 websites

    - by amaters
    I need to run a website with just windows authentication. Given the following situation: The location of the default website is: c:\inetpub\wwwroot The location of my code is: c:\Sites\WebApp my hostfile is edited so any .local i use points to 127.0.0.1 I have created a new application called 'AppX' underneath the default website and point it to c:\Sites\WebApp. It will use the DefaultappPool. When I switch off anonymous and switch on windows authentication all works well when I go to localhost/AppX/. What i really want is a new website (No need to question why I want this). So I created Website2 and did exact the same creation of the application. Everything is the same; destination, app pool and authentication. Now when I browse to this website web2.local/AppX/ I get the 401.2 - Unauthorized error. What am I missing here?

    Read the article

  • Approach for replacing forms authentication in .NET application

    - by Ash Machine
    My question is about an approach, and I am looking for tips or links to help me develop a solution. I have an .NET 4.0 web forms application that works with Forms authentication using the aspnetdb SQL database of users and passwords. A new feature for the application is a new authentication mechanism using single sign on to allow access for thousands of new users. Essentially, when the user logs in through the new single-sign-on method, I will be able to identify them as legitimate users with a role. So I will have something like HttpContext.Current.Session["email_of_authenticated_user"] (their identity) and HttpContext.Current.Session["role_of_authenticated_user"] (their role). Importantly, I don't necessarily want to maintain these users and roles redundantly in the aspnetdb database which will be retired, but I do want to use the session objects above to allow the user to pass through the application as if they were in passing through with forms authentication. I don't think CustomRoleProviders or CustomMemberProviders are helpful since they do not allow for creating session-level users. So my question is how to use the session level user and role that I do have to "mimic" all the forms authentication goodness like enforcing: [System.Security.Permissions.PrincipalPermission(System.Security.Permissions.SecurityAction.Demand, Role = "Student")] or <authorization> <allow users="wilma, barney" /> </authorization> Thanks for any pointers.

    Read the article

  • ASP.NET MVC authentication for iPhone application

    - by manu08
    This is for an ASP.NET MVC application. For browser based access on my normal controllers, I'm using standard forms authentication and auth cookies. My question is how I do the same for an iPhone application. I have a set of RESTful controllers that the iPhone application uses directly, but I'm not sure how to go about authentication... I was thinking of having a special Login method that returns the auth cookie. Then I can use the standard Authentication attribute on the ASP.NET MVC side, but I'm not sure how to handle this on the iPhone side? Can I store this cookie and have it automatically sent with every request? Perhaps there's a better approach altogether?

    Read the article

  • Form based authentication in java

    - by Stardust
    I want to know how can I enable form based authentication in java through database. After connecting to database, how can I verify whether the username and password, which I'm entering through html page is correct or not? Do I have to change action servlets from j_security_check to another my own defined servlets, which will connect to database and do all its verification on its own? Or I've to send authentication information to j_security_check, which will automatically connect to database, verify username and password. I'm successful in connecting to database through context.xml file, which is in META-INF directory of my own web application, but I'm not able to understand what's more I've to do enable form based authentication. I'm using Tomcat 6 as web server.

    Read the article

  • AutoCompleteExtender - authentication failure (forms authentication)

    - by Paddy
    I'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily. If I change my service definition to include a demand for the caller to be authenticated, like so: <OperationContract(), PrincipalPermission(SecurityAction.Demand, Authenticated:=True)> _ Public Function GetLookupValues(ByVal prefixText As String, ByVal count As Integer, ByVal contextKey As String) As String() Then the autocomplete extender stops working, and I get an authentication error in the service. The service is set up to use ASPNetCompatibility mode, and I was hoping that the extender would pass the authentication credentials for my logged in user - does anyone know how to make this work?

    Read the article

  • Apache authentication, security exceptions and safari

    - by Purcell
    I have apache authentication set up on a site, it works fine in firefox and chrome, you type in the username/pass once and then you can happily visit any page on the site. Unfortunately this is not the behavior in safari. Every time you go to another page, you must re-enter your credentials. Is there some way I can look at the security exceptions for safari and set it to always trust the certificate or find some other setting to not ask for authentication on each page?

    Read the article

  • Help me with CDMA usb modem (How to change storage mode to modem mode)

    - by user98698
    My modem isn't in the device list of usb_modeswitch.... so I cannot automatically use the modem on the ubuntu.... I found the way to change the modem from usb storage mode to modem mode and I can use my modem. But I forgot the instructions. I don't know the modem's name. It's chinese modem. But here is vendor/product id ....05 Qualcomm, Inc. Mass Storage Device and I think the target vendor/product id is ..... 05. So help me to change. I don't want to replace modem. pls. Sorry for my english....

    Read the article

  • Rails 3 HTTP digest authentication

    - by Cimm
    Is HTTP digest authentication still supported in Rails 3? I tried the following code in Rails 2.3.5, it works. class Admin::BaseController < ApplicationController before_filter :authenticate USERS = { "lifo" => "world" } def authenticate authenticate_or_request_with_http_digest("Application") do |name| USERS[name] end end end Now, the same thing in Rails 3.0.0.beta) returns an error: can't convert nil into String Am I missing something or is this a bug in Rails 3? HTTP basic authentication works fine.

    Read the article

  • Use Apache authentication in Django without popup

    - by chernevik
    I am using Apache to authenticate users for Django, but I would like to do so without the popup form that Apache uses in its basic configuration. How do I embed the login form within a page while still using Apache for authentication? That is, I'd like a page that says "Please login" and provides a form asking for username and password, and passes this information on to Apache for authentication. (I'd do this over an SSL connection, of course.)

    Read the article

  • My code works in Debug mode, but not in Release mode.

    - by Nima
    Hi, I have a code in Visual Studio 2008 in C++ that works with files just by fopen and fclose. Everything works perfect in Debug mode. and I have tested with several datasets. But it doesn't work in release mode. It crashes all the time. I have turned off all the optimizations, also there is no dependency to anything(in the linker), and also I have set these: Optimization: Disabled(/Od) Keep Unreferenced Data. Do Not Remove Redundant Optimize for Windows98: NO I still keep wondering how it should not work under these circumstances. What else should I turn off to let it works as in debug mode? I think if it works in release mode but not in debug mode, it might be a coding fault but the other way looks weird. isn't it? I appreciate any help. --Nima

    Read the article

  • HTTP PHP Authentication and Android

    - by edc598
    I am working on a website for which I hope to have an application for as well. Because of this, I am creating PHP API's which will go into my Database and serve specific data based on the method/function called. I want to protect these API's from misuse however, and I plan on implementing Authentication Digest to do so. However one of the OS's I want to support is Android. And I know that a malicious user would be able to reverse engineer the Android app and figure out my authentication scheme. I am left wondering: 1. Is there a better way to protect these API's from misuse? 2. Is there a way to prevent a malicious user from reverse engineering the app and potentially seeing the source code for it, enabling them to see my authentication scheme? 3. If none of these are preventable, then is my only option to have a Username/Password cred specifically for the Android app, and when eventually hacked, change the creds and issue an update for the app? I apologize if this is not the place to post such a question. Still pretty new to StackOverflow. Thanks in advance for any insight, it would be quite helpful.

    Read the article

  • Custom basic authentication fails in IIS7

    - by manu08
    I have an ASP.NET MVC application, with some RESTful services that I'm trying to secure using custom basic authentication (they are authenticated against my own database). I have implemented this by writing an HTTPModule. I have one method attached to the HttpApplication.AuthenticateRequest event, which calls this method in the case of authentication failure: private static void RejectWith401(HttpApplication app) { app.Response.StatusCode = 401; app.Response.StatusDescription = "Access Denied"; app.CompleteRequest(); } This method is attached to the HttpApplication.EndRequest event: public void OnEndRequest(object source, EventArgs eventArgs) { var app = (HttpApplication) source; if (app.Response.StatusCode == 401) { string val = String.Format("Basic Realm=\"{0}\"", "MyCustomBasicAuthentication"); app.Response.AppendHeader("WWW-Authenticate", val); } } This code adds the "WWW-Authenticate" header which tells the browser to throw up the login dialog. This works perfectly when I debug locally using Visual Studio's web server. But it fails when I run it in IIS7. For IIS7 I have the built-in authentication modules all turned off, except anonymous. It still returns an HTTP 401 response, but it appears to be removing the WWW-Authenticate header. Any ideas?

    Read the article

  • SharePoint 2010 Custom WCF Service - Windows and FBA Authentication

    - by e-rock
    I have SharePoint 2010 configured for Claims Based Authentication with both Windows and Forms Based Authentication (FBA) for external users. I also need to develop custom WCF Services. The issue is that I want Windows credentials passed into the WCF Service(s); however, I cannot seem to get the Windows credentials passed into the services. My custom WCF service appears to be using Anonymous authentication (which has to be enabled in IIS in order to display the FBA login screen). The example I have tried to follow is found at http://msdn.microsoft.com/en-us/library/ff521581.aspx. The WCF service gets deployed to _vti_bin (ISAPI folder). Here is the code for the .svc file <%@ ServiceHost Language="C#" Debug="true" Service="MyCompany.CustomerPortal.SharePoint.UI.ISAPI.MyCompany.Services.LibraryManagers.LibraryUploader, $SharePoint.Project.AssemblyFullName$" Factory="Microsoft.SharePoint.Client.Services.MultipleBaseAddressBasicHttpBindingServiceHostFactory, Microsoft.SharePoint.Client.ServerRuntime, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" CodeBehind="LibraryUploader.svc.cs" %> Here is the code behind for the .svc file [ServiceContract] public interface ILibraryUploader { [OperationContract] string SiteName(); } [BasicHttpBindingServiceMetadataExchangeEndpoint] [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)] public class LibraryUploader : ILibraryUploader { //just try to return site title right now… public string SiteName() { WindowsIdentity identity = ServiceSecurityContext.Current.WindowsIdentity; ClaimsIdentity claimsIdentity = new ClaimsIdentity(identity); return SPContext.Current.Web.Title; } } The WCF test client I have just to test it out (WPF app) uses the following code to call the WCF service... private void Button1Click(object sender, RoutedEventArgs e) { BasicHttpBinding binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm; EndpointAddress endpoint = new EndpointAddress( "http://dev.portal.data-image.local/_vti_bin/MyCompany.Services/LibraryManagers/LibraryUploader.svc"); LibraryUploaderClient libraryUploader = new LibraryUploaderClient(binding, endpoint); libraryUploader.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; MessageBox.Show(libraryUploader.SiteName()); } I am somewhat inexperienced with IIS security settings/configurations when it comes to Claims and trying to use both Windows and FBA. I am also inexperienced when it comes to WCF configurations for security. I usually develop internal biz apps and let Visual Studio decide what to use because security is rarely a concern.

    Read the article

  • Using Forms authentication with remote auth system?

    - by chobo
    I am working on a website that uses a remote websites database to check for authentication (they are both share some database tables, but are separate website...) Right now I check the username and password against the remote websites account / member table, if there is a match I create a session. Questions: Is this secure? On authenticated pages I just check if a session of a specific type exists.Is it possible for someone to create an empty session or something that could bypass this? Is it possible to use Forms authentication with this setup? Right now if a user is authenticated I just get an object back with the username, email and id.

    Read the article

  • Audiencing with Forms-Based Authentication (FBA)

    - by PeterBrunone
    This really is no different from when you create an audience with regular old NTLM (Windows Authentication).  The difference is that while the AD provider is set up by default in all environments, the extra membership provider (that you use for Forms Authentication) isn't included anywhere except in the web application where you install it.  To be able to find your FBA users in the audience creation tool, you'll need to add the extra membership provider(s) to the web.config for your SSP site in IIS.  At that point, the People Picker should start recognizing your Forms Auth users, and you can create your audience as needed.

    Read the article

  • Sharing Authentication Across Subdomains using cookies

    - by Jordan Reiter
    I know that in general cookies themselves are not considered robust enough to store authentication information. What I am wondering is if there is an existing design pattern or framework for sharing authentication across subdomains without having to use something more complex like OpenID. Ideally, the process would be that the user visits abc.example.org, logs in, and continues on to xyz.example.org where they are automatically recognized (ideally, the reverse should also be possible -- a login via xyz means automatic login at abc). The snag is that abc.example.org and xyz.example.org are both on different servers and different web application frameworks, although they can both use a shared database. The web application platforms include PHP, ColdFusion, and Python (Django), although I'm also interested in this from a more general perspective (i.e. language agnostic).

    Read the article

  • Standard -server to server- and -browser to server- authentication method

    - by jeruki
    I have server with some resources; until now all these resources were requested through a browser by a human user, and the authentication was made with an username/password method, that generates a cookie with a token (to have the session open for some time). Right now the system requires that other servers make GET requests to this resource server but they have to authenticate to get them. We have been using a list of authorized IPs but having two authentication methods makes the code more complex. My questions are: Is there any standard method or pattern to authenticate human users and servers using the same code? If there is not, are the methods I'm using now the right ones or is there a better / more standard way to accomplish what I need? Thanks in advance for any suggestion.

    Read the article

  • Ubuntu Wifi Not Connecting (And keeps asking for authentication every minute or so)

    - by kelvinsong
    This is a problem in 12.10 that has been driving me nuts, and it's a problem with the wifi. Ubuntu will never connect to the network. All of my other devices work fine. What will happen is I will type in the password, the authentication window will go away, and the Wifi icon will pulsate for a while. Then about a minute later, a window will pop up asking for authentication to join the same wifi network. If you type in the password again it will do the same thing, and even if you hit [Cancel], the window will still pop back up in another minute. This is a very irritating thing.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >