Search Results

Search found 34094 results on 1364 pages for 'open authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 20/1364 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >

  • Django users and authentication from external source

    - by Boldewyn
    I have a Django app that gets it's data completely from an external source (queried via HTTP). That is, I don't have the option for a local database. Session data is stored in the cache (on my development server I use a SQLite database, so that is no error source). I'm using bleeding edge Django 1.1svn. Enter the problem: I want to use Django's own authentication system for the users. It seems quite simple to write my own Authentication Backend, but always just under the condition that you have a local database where to save the users. Without database my main problem is persistence. I tried it with the following (assume that datasource.get() is a function that returns some kind of dict): class ModelBackend (object): """Login backend.""" def authenticate (self, username=None, password=None): """Check, if a given user/password combination is valid""" data = datasource.get ('login', username, password) if data and data['ok']: return MyUser (username=username) else: raise TypeError return None def get_user (self, username): """get data about a specific user""" try: data = datasource.get ('userdata', username) if data and data['ok']: return data.user except: pass return None class MyUser (User): """Django user who isn't saved in DB""" def save (self): return None But the intentionally missing save() method on MyUser seems to break the session storage of a login. How should MyUser look like without a local database?

    Read the article

  • cakephp: Custom Authentication Object authenticate not called

    - by Kristoffer Darj
    The method authenticate in a Custom Authentication Object is never called. Is this a glicth or am I missing something? I don't get anything in the log, I'm just redirected to users/login (or the one I specified) CakeVersion: 2.4.1 <?php //My custom Auth Class //Path: app/Controller/Component/Auth/HashAuthenticate.php App::uses('BaseAuthenticate', 'Controller/Component/Auth'); class HashAuthenticate extends BaseAuthenticate { public function authenticate(CakeRequest $request, CakeResponse $response) { //Seems to not be called CakeLog::write('authenticate'); debug($this); die('gaah'); } } If I add the method getUser() (or unauthenticated() ), those gets called however so at least I know that cake finds the class and so on. It just skips the authenticate-method. The AppController looks like this class AppController extends Controller { public $helpers = array('Html', 'Form', 'Session'); public $components = array('Auth' => array( 'authenticate' => array('Hash'), 'authorize' => array('Controller'), ) ); } I found a similar question here: CakePHP 2.x custom "Authentication adapter &quot;LdapAuthorize&quot; was not found but there the issue was typos.

    Read the article

  • Overriding windows authentication for a .NET application

    - by JoshReedSchramm
    I have a .NET application where the homepage (default.aspx) should be accessible by anyone. There is also a reporting page (reporting.aspx) that I want to secure via windows authentication and only allow access to a particular set of AD groups. Right now the way my web.config is setup it is securing the reporting page but on the home page it prompts the user for login credentials. If they hit esc they can continue to the page though so it isnt actually securing it. I need to prevent it from prompting the user. How do i need to setup my config. Here is what i have now - <system.web> <authentication mode="Windows" /> <identity impersonate="true" /> <authorization> <allow roles="BUILTIN\Administrators, DomainName\Manager" /> <deny users="?" /> </authorization> ...MORE STUFF... </system.web> <location path="default.aspx"> <system.web> <identity impersonate="false" /> <authorization> <allow users="*"/> </authorization> </system.web> </location>

    Read the article

  • SECURITY Flaws in this design for User authentication.

    - by Shao
    SECURITY Flaws in this design for User authentication. From: http://wiki.pylonshq.com/display/pylonscookbook/Simple+Homegrown+Authentication Note: a. Project follows the MVC pattern. b. Only a user with a valid username and password is allowed submit something. Design: a. Have a base controller from which all controllers are derived from. b. Before any of the actions in the derived controllers are called the system calls a before action in the base controller. c. In each controller user hardcodes the actions that need to be verified in an array. d. The before action first looks in the array that has the actions that are protected and sees if a user is logged in or not by peaking into the session. If a user is present then user is allowed to submit otherwise user is redirected to login page. What do you think?

    Read the article

  • ASP.NET Authentication Cookie timout and IIS 7 setting

    - by David Laplante
    Hello, I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in. However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing" Frustrating answer indeed... To be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none. I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting? What should I do... Thanks for you help!

    Read the article

  • Authentication Error when accessing Sharepoint list via web service

    - by Joe
    I wrote a windows service a few months ago that would ping a Sharepoint list using _vti_bin/lists.asmx function GetListItemChanges. It was working fine until a few weeks ago when my company upgraded our Sharepoint instance to SP1. Now whenever my service attempts to access Sharepoint I receive an 401.1 authentication error: Error: You are not authorized to view this page You do not have permission to view this directory or page using the credentials that you supplied. Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page. HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials. Internet Information Services (IIS) I have checked and my privileges on the site have not changed. here is the code In which I call the list: Lists listsService = new Lists(); listsService.Credentials = new NetworkCredential("UserName", "Password", "domain"); Result = listsService.GetListItemChanges("List name", null, dTime.ToString(), null); It has also been brought to my attention that basic authentication may have been disabled on our farm. I don't believe I'm using that but I may be mistaken.

    Read the article

  • Authentication using cookie key with asynchronous callback

    - by greg
    I need to write authentication function with asynchronous callback from remote Auth API. Simple authentication with login is working well, but authorization with cookie key, does not work. It should checks if in cookies present key "lp_login", fetch API url like async and execute on_response function. The code almost works, but I see two problems. First, in on_response function I need to setup secure cookie for authorized user on every page. In code user_id returns correct ID, but line: self.set_secure_cookie("user", user_id) does't work. Why it can be? And second problem. During async fetch API url, user's page has loaded before on_response setup cookie with key "user" and the page will has an unauthorized section with link to login or sign on. It will be confusing for users. To solve it, I can stop loading page for user who trying to load first page of site. Is it possible to do and how? Maybe the problem has more correct way to solve it? class BaseHandler(tornado.web.RequestHandler): @tornado.web.asynchronous def get_current_user(self): user_id = self.get_secure_cookie("user") user_cookie = self.get_cookie("lp_login") if user_id: self.set_secure_cookie("user", user_id) return Author.objects.get(id=int(user_id)) elif user_cookie: url = urlparse("http://%s" % self.request.host) domain = url.netloc.split(":")[0] try: username, hashed_password = urllib.unquote(user_cookie).rsplit(',',1) except ValueError: # check against malicious clients return None else: url = "http://%s%s%s/%s/" % (domain, "/api/user/username/", username, hashed_password) http = tornado.httpclient.AsyncHTTPClient() http.fetch(url, callback=self.async_callback(self.on_response)) else: return None def on_response(self, response): answer = tornado.escape.json_decode(response.body) username = answer['username'] if answer["has_valid_credentials"]: author = Author.objects.get(email=answer["email"]) user_id = str(author.id) print user_id # It returns needed id self.set_secure_cookie("user", user_id) # but session can's setup

    Read the article

  • Forms Authentication & Virtual Directory

    - by benclaytonfranklin
    Hi, We're having trouble getting Forms Authentication to work with a virtual directory in IIS. We have a main site, and then a microsite setup within a virtual directory. This mircosite has its own admin system within an "Admin" folder, which has authentication on it but currently it is not kicking in and the admin section is browsable by anyone. The web.config with the admin folder has the following: <?xml version="1.0"?> <configuration> <appSettings/> <connectionStrings/> <system.web> <authorization> <deny users="?"/> </authorization> <customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Error.aspx"/> </system.web> </configuration> Could anyone give me any clues as to why this might not be working? Cheers!

    Read the article

  • Implement user authentication against remote DB with a Web Service

    - by Juan González
    I'm just starting reasearch about the best way to implement user authentication within my soon-to-be app. This is what I have so far: A desktop (Windows) application on a remote server. That application is accessed locally with a browser (it has a web console and MS SQL Server to store everything). The application is used with local credendials stored in the DB. This is what I'd like to accompllish: Provide access to some information on that SQL Server DB from my app. That access of course must be granted once a user has id himself with valid credentials. This is what I know so far: How to create my PHP web service and query info from a DB using JSON. How to work with AFNetworking libraries to retrieve information. How to display that info on the app. What I don't know is which could be the best method to implement user authentication from iOS. Should I send username and password? Should I send some hash? Is there a way to secure the handshake? I'd for sure appreciate any advise, tip, or recommendation you have from previous experience. I don't want to just implement it but instead I want to do it as good as possible.

    Read the article

  • Http authentication with apache httpcomponents

    - by matdan
    Hi, I am trying to develop a java http client with apache httpcomponents 4.0.1. This client calls the page "https://myHost/myPage". This page is protected on the server by a JNDIRealm with a login form authentication, so when I try to get https://myHost/myPage I get a login page. I tried to bypass it unsuccessfully with the following code : //I set my proxy HttpHost proxy = new HttpHost("myProxyHost", myProxyPort); //I add supported schemes SchemeRegistry supportedSchemes = new SchemeRegistry(); supportedSchemes.register(new Scheme("http", PlainSocketFactory .getSocketFactory(), 80)); supportedSchemes.register(new Scheme("https", SSLSocketFactory .getSocketFactory(), 443)); // prepare parameters HttpParams params = new BasicHttpParams(); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); HttpProtocolParams.setContentCharset(params, "UTF-8"); HttpProtocolParams.setUseExpectContinue(params, true); ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, supportedSchemes); DefaultHttpClient httpclient = new DefaultHttpClient(ccm, params); httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy); //I add my authentication information httpclient.getCredentialsProvider().setCredentials( new AuthScope("myHost/myPage", 443), new UsernamePasswordCredentials("username", "password")); HttpHost host = new HttpHost("myHost", 443, "https"); HttpGet req = new HttpGet("/myPage"); //show the page ResponseHandler<String> responseHandler = new BasicResponseHandler(); String rsp = httpClient.execute(host, req, responseHandler); System.out.println(rsp); When I run this code, I always get the login page, not myPage. How can I apply my credential parameters to avoid this login form? Any help would be fantastic

    Read the article

  • C# & SQL Server Authentication

    - by Peter
    Hello, I'm currently developing a C# app with an SQL Server DB back-end. I'm approaching the point of deployment and hitting a problem. The applicaiton will be deployed within an active directory network. As far as SQL authentication goes, I understand that I have 2 options - Windows Authenticaiton or Server Authenticaiton. If I use Server Authentication, I'm concerned that the username and password for the account will be stored in plain text in the app.config file, and therefore leave the database vulnerable. Using Windows Authenticaiton will avoid this issue, however it would mean giving every member of staff within our organisation read/write access to the database in order to run the app correctly. Whilst this is ok, it also means that they can easily connect to the database themselves via other means and directly alter the data outside of the app. I'm guessing there is someting really obvious I'm missing here, but I've been googling all evening to no avail. Any advice/guidance would be much appreciated! Peter Addition - my project is Windows Form based not ASP.NET - is encrypting the app.config file still the right answer? If it is, does anyone have any examples that are not ASP.NET based?

    Read the article

  • Protecting routes with authentication in an AngularJS app

    - by Chris White
    Some of my AngularJS routes are to pages which require the user to be authenticated with my API. In those cases, I'd like the user to be redirected to the login page so they can authenticate. For example, if a guest accesses /account/settings, they should be redirected to the login form. From brainstorming I came up with listening for the $locationChangeStart event and if it's a location which requires authentication then redirect the user to the login form. I can do that simple enough in my applications run() event: .run(['$rootScope', function($rootScope) { $rootScope.$on('$locationChangeStart', function(event) { // Decide if this location required an authenticated user and redirect appropriately }); }]); The next step is keeping a list of all my applications routes that require authentication, so I tried adding them as parameters to my $routeProvider: $routeProvider.when('/account/settings', {templateUrl: '/partials/account/settings.html', controller: 'AccountSettingCtrl', requiresAuthentication: true}); But I don't see any way to get the requiresAuthentication key from within the $locationChangeStart event. Am I overthinking this? I tried to find a way for Angular to do this natively but couldn't find anything.

    Read the article

  • In IIS6, how to provide authenticated access to static files on remote server

    - by frankadelic
    We have a library of ZIP files that we would like to make available for download at an ASP.NET site. The files are sitting on a NAS device that is accessible from out web farm. Here is our initial strategy: Map an IIS virtual directory to the shared drive at path /zipfiles Users can download the zip files when given the URL However, if users share links to the files, anyone can download them. We would instead like to make use of the ASP.NET forms authentication in our site to validate users' requests before initiating the file transfer. A few problems: A request for a zip file is handled by IIS, not ASP.NET. So it is not subject to forms authentication. In addition, we don't want ASP.NET to handle the request, because it uses up an ASP.NET thread and is not scalable for download of large files. So, configuring the asp.net dll to handle *.zip requests is not an option. Any ideas on this? One idea we've tossed around is this: Initial request for download will be for an ashx handler. This handler will, after authentication, generate a download token which is saved to a database. Then, the user is redirected to the file with token appended in QueryString (e.g. /files/xyz.zip?token=123456789). An ISAPI plugin will be used to check the token. Also, the token will expire after x amount of time. Any thoughts on this? I have not implemented an ISAPI plugin so I'm not sure if this will even work. I would like to avoid custom coding since security is an issue and I'd prefer to use a time-tested solution.

    Read the article

  • Dilemma for growing a project: Open source volunteer developers VS closed source paid / revshare developers? [closed]

    - by giorgio79
    I am trying to grow my project, and I am vaccillating between some examples. Some options seem to be: 1. open sourcing the project to draw volunteer developers. Pros This would mean anyone can try and make some money off the code that would motivate them to contribute back and grow the project. Cons Existing bigger could easily copy and paste my work so far. They can also replicate without having access to the code, but that would take more time. I also thought of using AGPL license, but again, code can still be copied without redistribution. After all, enforcing a license costs a lot of money, and I cannot just say to a possible copycat that it seems you copied my code, show me what you got. 2. Keep the project closed source, but create some kind of a developer program where they get revshare Pros I keep the main rights for the project, but still generate interest by creating a developer program. Noone can copy code easily, just with some considerable effort, but make contributions easy as a breeze. I am also seeing many companies just open source a part of their projects, like Acquia does not open source its multisite setup, or github does not open source some of its core business. Cons Less attention from open source committed devs. Conclusion So option 2 seems the most secure, but would love some feedback.

    Read the article

  • What are some examples of open source software that has turned into closed source software? [on hold]

    - by Verrier
    As the title says... can anyone think of any software that has made the transition from open source to closed source / proprietary? These could include software owned by the same company who decided to take a once open source offering and turn it into closed source... but I'm really looking for some examples of companies who developed a commercial closed source product off of an existing open source one (obviously with a permissive license).

    Read the article

  • How to set which application is launched by xdg-open?

    - by Dima
    I have run update-alternatives as well as gnome preffered apps selection thing. And all point to have chromium browser as default. Yet when I run xdg-open http://askubuntu.com firefox is launched! Similarly emacs and bzr also launch stuff in firefox instead of chromium. Are there any additional settings which affect xdg-open functionality? Something is definatly broken: UPDATE I have purged firefox: update-alternatives - uses chromium browser sensible-browser - opens chromium browser xdg-open & gnome-open - opens using google-chrome which kindly tells me "it's not default browser" !!!!

    Read the article

  • Leaving my wifi open for the world

    - by Thomaschaaf
    For my home I want to be a nice neighbor actually I have let my wifi open for the past maybe 6 or 7 years. I know that WEP, etc can be cracked within a couple of minutes but my neighbors son who works in IT told his mom and she told me that I am doing bad things and you know the story.. Do you think it's okay to leave your wifi open to the public? I live in a suburb with a tiny street and about 8 houses in reach of my wifi. I have a 16k DSL line so if some one joins me for a couple hours I would probably not notice. I would love your thoughts on whether I should encrypt my wifi or not.

    Read the article

  • Open source adventures with... wait for it... Microsoft

    - by Jeff
    Last week, Microsoft announced that it was going to open source the rest of the ASP.NET MVC Web stack. The core MVC framework has been open source for a long time now, but the other pieces around it are also now out in the wild. Not only that, but it's not what I call "big bang" open source, where you release the source with each version. No, they're actually committing in real time to a public repository. They're also taking contributions where it makes sense. If that weren't exciting enough, CodePlex, which used to be a part of the team I was on, has been re-org'd to a different part of the company where it is getting the love and attention (and apparently money) that it deserves. For a period of several months, I lobbied to get a PM gig with that product, but got nowhere. A year and a half later, I'm happy to see it finally treated right. In any case, I found a bug in Razor, the rendering engine, before the beta came out. I informally sent the bug info to some people, but it wasn't fixed for the beta. Now, with the project being developed in the open, I was able to submit the issue, and went back and forth with the developer who wrote the code (I met him once at a meet up in Bellevue, I think), and he committed a fix. I tried it a day later, and the bug was gone. There's a lot to learn from all of this. That open source software is surprisingly efficient and often of high quality is one part of it. For me the win is that it demonstrates how open and collaborative processes, as light as possible, lead to better software. In other words, even if this were a project being developed internally, at a bank or something, getting stakeholders involved early and giving people the ability to respond leads to awesomeness. While there is always a place for big thinking, experience has shown time and time again that trying to figure everything out up front takes too long, and rarely meets expectations. This is a lesson that probably half of Microsoft has yet to learn, including the team I was on before I split. It's the reason that team still hasn't shipped anything to general availability. But I've seen what an open and iterative development style can do for teams, at Microsoft and other places that I've worked. When you can have a conversation with people, and take ideas and turn them into code quickly, you're winning. So why don't people like winning? I think there are a lot of reasons, and they can generally be categorized into fear, skepticism and bad experiences. I can't give the Web stack teams enough credit. Not only did they dream big, but they changed a culture that often seems immovable and hopelessly stuck. This is a very public example of this culture change, but it's starting to happen at every scale in Microsoft. It's really interesting to see in a company that has been written off as dead the last decade.

    Read the article

  • I'm hoping to start an online supermarket and needs advice on open source shopping cart software and applications..

    - by Betterman Simidi
    I have been researching on both open source software and off-the-shelf software for an online supermarket project in Africa. I have now narrowed by search to X-cart and the PHP based PrestaShop shopping carts. My plan is to acquire an open source shopping cart either by purchasing or as a free open source cart and hire a local developer to customize it to our local needs. I have been doing the demo for x-cart for three weeks now and had thought it might work best for us but after going through the 600 page manual and I'm concerned with how far it can be localized. Yesterday i was looking at the possible Prestashop free open source cart and i seem to like the back-end. Didn't like the back-end for Magento much but from reviews conducted by third-parties they seem to recommend it. I'm now wondering whether i should have a developer start the whole project from scratch, or use an open source software such us PrestaShop or get x-cart which can then be customized. Note that my store will have thousands of products and services including groceries and so i want something that can handle upto 500,000 products and over. Kindly advice. 93276

    Read the article

  • What would it take to get developers to pay for something that is already freely available as open source?

    - by plaureano
    For example, I know that open-source versions of IL readers/writers exist such as Cecil, and Microsoft's (closed source) CCI. What would it take to get developers to pay for something that is already freely available? I have always wanted to start my own ISV by writing my own tools and selling them in the open market, but it's hard to gauge the demand, given that free alternatives already exist. Does anyone else have any successful experiences selling a commercial version of an open-source product?

    Read the article

  • What are interesting research questions with regards to open source software development? [closed]

    - by Aron Lindberg
    Imagine you have funding for a team of social scientists to study open source software development for a number of years (long time in software development, I know, but a short time for scientific research). These scientists have competencies to investigate psychological and sociological aspects of open source software development (i.e. how coders think, feel, and behave, along with how communities work or do not work). They are also technically equipped to understand code and coding, have access to all sorts of statistical and machine learning techniques, however their focus is on social aspects of open source software development, not technical. For you, as an open source software developer, what would be the research questions that would be interesting for you to have answered by such a group of scientists?

    Read the article

  • How do you go about checking your open source libraries for keystroke loggers?

    - by asd
    A random person on the internet told me that a technology was secure(1), safe to use and didn't contain keyloggers because it is open source. While I can trivially detect the key stroke logger in this open source application, what can developers(2) do to protect themselves against rouge committers to open source projects? Doing a back of the envelope threat analysis, if I were a rogue developer, I'd fork a branch on git and promote it's download since it would have twitter support (and a secret key stroke logger). If it was an SVN repo, I'd create just create a new project. Even better would be to put the malicious code in the automatic update routines. (1) I won't mention which because I can only deal with one kind of zealot at a time. (2) Ordinary users are at the mercy of their virus and malware detection software-- it's absurd to expect grandma to read the source of code of their open source word processor's source code to find the keystroke logger.

    Read the article

  • What's the easiest way to create an HTTP proxy which adds basic authentication to requests?

    - by joshdoe
    I am trying to use a service provided by a server which requires basic HTTP authentication, however the application I am using does not support authentication. What I'd like to do is create a proxy that will enable my auth-less application to connect via the proxy (which will add the authentication information) to the server requiring authentication. I'm sure this can be done, however I'm overwhelmed with the number of proxies out there and couldn't find an answer how to do this. Basically it seems all I want to do is have a proxy serve this URL: http://username:password@remoteserver/path as this URL: http://proxyserver/path I can run it on Linux, but a plus if I can run it Windows as well. Open source or at least free is a must. A big plus is if it's fairly straightforward to setup.

    Read the article

  • Is there a way to recover a file that I have deleted but is still open somewhere?

    - by George Edison
    This question is related to How to recover deleted files? but it is slightly different in nature. Suppose I have a file named ~/something open in a text editor. Further suppose that I open a terminal and run the following command while the file is still open in the text editor: rm ~/something This will delete the file. Now suppose that I changed my mind and wanted to get the file back. The file is still open in the text editor, so it hasn't been removed from the disk or filesystem yet. Is there any way to recover it?

    Read the article

  • Can I use the test suite from an open source project to verify that my own 'compatible library' is compatible?

    - by Mark Booth
    The question Is it illegal to rewrite every line of an open source project in a slightly different way, and use it in a closed source project? makes me wonder what would be considered a clean-room implementation in the era of open source projects. Hypothetically, if I were to develop a library which duplicates the publicly documented interface of an open-source library, without ever looking at the source code for that library, could that code ever be considered a derivative work? Obviously it would need the same class hierarchy and method signatures, so that it could be a drop-in replacement - could that in itself, be enough to provoke a copyright claim? What about if I used the test suite of the open source project to verify whether my clean implementation behaved in the same way as the original library? Would using the test suite be enough to dirty my clean code? As should be expected from a question like this, I am not looking for specific legal advice, but looking to document experiences people may have had with this sort of issue.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >