Search Results

Search found 6525 results on 261 pages for 'restful authentication'.

Page 202/261 | < Previous Page | 198 199 200 201 202 203 204 205 206 207 208 209 | Next Page >

Cloud e-mail and portal integration: experiences?

- by Mark McLaren

I am evaluating cloud e-mail solutions based upon: Google Apps for Education Microsoft Live@edu I work for a University and we currently have an institutional portal (based on uPortal). We currently have our local IMAP server and webmail client fully integrated with the portal. We would like to replicate the current portal e-mail experience with the new e-mail services. At present users can see a snapshot of their inbox in the portal and click through into the appropriate place in the webmail client. We expect that we need to solve similar problems when integrating with the cloud based e-mail solutions. We need to solve the single sign-on (SSO) problem. We need to be able to access the inbox messages on the users behalf. (e.g. proxy authentication) Does anybody have an experience or advice on this? Many thanks, Mark

Read the article
Requires a valid Date or x-amz-date header?

- by Jordan Messina

I'm getting the following error when attempting to upload a file to S3: S3StorageError: <?xml version="1.0" encoding="UTF-8"?> <Error><Code>AccessDenied</Code><Message>AWS authentication requires a valid Date or x-amz-date header</Message><RequestId>7910FF83F3FE17E2</RequestId><HostId>EjycXTgSwUkx19YNkpAoY2UDDur/0d5SMvGJUicpN6qCZFa2OuqcpibIR3NJ2WKB</HostId></Error> I'm using Django with Django-Storages and Imagekit My S3 settings in my settings.py looks as follows: locale.setlocale(locale.LC_TIME, 'en_US') DEFAULT_FILE_STORAGE = 'backends.s3.S3Storage' AWS_ACCESS_KEY_ID = '************************' AWS_SECRET_ACCESS_KEY = '*****************************' AWS_STORAGE_BUCKET_NAME = 'static.blabla.com' AWS_HEADERS = { 'x-amz-date': datetime.datetime.utcnow().strftime('%a, %d %b %Y %H:%M:%S GMT'), 'Expires': 'Thu, 15 Apr 2200 20:00:00 GMT', } from S3 import CallingFormat AWS_CALLING_FORMAT = CallingFormat.SUBDOMAIN Thanks for any help you can give!

Read the article
.net open auth?

- by chobo2

Hi I know stackoverflow uses open authentication. I want to try and use this as well. I am using asp.net mvc 2.0 with C#. I found this http://www.dotnetopenauth.net/ and I am wondering if this is what was used for stackoverflow. Also any tutorials would be nice as well. Edit I am trying to load up some sample projects but when I build it in VS2010 I get Error 6 'System.Diagnostics.Contracts.ContractInvariantMethodAttribute' is inaccessible due to its protection level C:\Users\chobo2\Downloads\DotNetOpenAuth-3.4.6.10357\DotNetOpenAuth-3.4.6.10357\Samples\OpenIdOfflineProvider\TextBoxTextWriter.cs 73 4 OpenIdOfflineProvider Error 7 The type or namespace name 'ContractInvariantMethod' could not be found (are you missing a using directive or an assembly reference?) C:\Users\chobo2\Downloads\DotNetOpenAuth-3.4.6.10357\DotNetOpenAuth-3.4.6.10357\Samples\OpenIdOfflineProvider\TextBoxTextWriter.cs 73 4 OpenIdOfflineProvider

Read the article
User account design and security...

- by espinet

Before I begin, I am using Ruby on Rails and the Devise gem for user authentication. Hi, I was doing some research about account security and I found a blog post about the topic awhile ago but I can no longer find it again. I read something about when making a login system you should have 1 model for User, this contains a user's username, encrypted password, and email. You should also have a model for a user's Account. This contains everything else. A User has an Account. I don't know if I'm explaining this correctly since I haven't seen the blog post for several months and I lost my bookmark. Could someone explain how and why I should or shouldn't do this. My application deals with money so I need to cover my bases with security. Thanks.

Read the article
Client Web Service call over SSL using Apache Axis

- by java_pill

I'm using Apache Axis 1.5.1 to code a web service client connecting to a service over SSL. My application is running in Tomcat with SSL configuration setup in JKS. However, when I connect to the server, the connection is failing because the cert from our client is not being sent to the server. Is this something that has to be set in the client through code? Also note that the server does not need any user name or password authentication. With SSL turned off, everything works fine. Thanks,

Read the article
How can I throttle user login attempts in PHP

- by jasondavis

I was just reading this post http://stackoverflow.com/questions/549/the-definitive-guide-to-website-authentication-beta#477585 on Preventing Rapid-Fire Login Attempts. Best practice #1: A short time delay that increases with the number of failed attempts, like: 1 failed attempt = no delay 2 failed attempts = 2 sec delay 3 failed attempts = 4 sec delay 4 failed attempts = 8 sec delay 5 failed attempts = 16 sec delay etc. DoS attacking this scheme would be very impractical, but on the other hand, potentially devastating, since the delay increases exponentially. I am curious how I could implement something like this for my login system in PHP?

Read the article
creating my own context processor in django

- by dotty

Hay, I have come to a point where i need to pass certain variables to all my views (mostly custom authentication type variables). I was told writing my own context processor was the best way to do this, but i am having some issues. My settings file looks like this TEMPLATE_CONTEXT_PROCESSORS = ( "django.contrib.auth.context_processors.auth", "django.core.context_processors.debug", "django.core.context_processors.i18n", "django.core.context_processors.media", "django.contrib.messages.context_processors.messages", "sandbox.context_processors.say_hello", ) As you can see i have a module called 'context_processors' and a function within that called 'say_hello'. This looks like def say_hello(request): return { 'say_hello':"Hello", } Am i right to assume i can now do this within my views {{ say_hello }} because it doesn't return anything.

Read the article
Key stroke time in Openmoko or any smart phones

- by Adi

Dear all, I am doing a project in which I am working on security issues related to smart phones. I want to develop an authentication scheme which is based on biometrics, Every human being have a unique key-hold time,digraph time error rate. Key-Hold Time : Time difference between pressing and releasing a key . Digraph Time : Time difference between releasing one and pressing next one. Error Rate : No of times backspace is pressed. I got these metrics from a paper "Keystroke-based User Identification on Smart Phones" by Saira Zahid1, Muhammad Shahzad1, Syed Ali Khayam1,2, Muddassar Farooq1. I was planning to get the datasets to test my algorithm from openmoko phone, but the phone is mis-behaving and I am finding trouble in generating these time data-sets. If anyone can help me or tell me a good source of data sets for the 3 metrics I defined, it will be a great help. Thanks Aditya

Read the article
Impersonation in asp.net, confused about implmentation when used with Active Directory & Sql Server

- by AWC

I have an internal website that is using integrated windows authentication and this website uses sql server & active directory queries via the System.Directory.Services namespace. To use the System.Directory.Services namespace in ASP.NET I have to run IIS under an account that has the correct privileges and importantly have impersonation set to true in the web config. If this is done then when I make a query against AD then the credentials of the wroker process (IIS) are used instead of the ASPNET account and therefore the queries will now succeed. Now if I am also using Sql Server with a connection string configured for integrated security ('Integrated Security=SSPI') then this interprets the ASP.NET impersonation to mean that I want to access the database as the windows credentials of the request no the worker process. I hope I'm wrong and that I've got the config wrong, but I don't think I have and this seems not to be inconsistent? It should be noted I'm using IIS 5.1 for development and obivously this doesn't have the concept of app-pools which I believe would resolve the problem.

Read the article
PDF permissions management with ASP.NET - Timeout Issue

- by Ryan Smith

I have a website that has several PDF files. I need to have quite a few of them locked down with the standard ASP.NET authentication (in a folder with web.config that denies anonymous users). I set PDF files to get handled by the ASP.NET worker process and added: <add type="System.Web.StaticFileHandler" path="*.pdf" verb="*" /> to my web.config, but for some reason they hang when downloading. I've seen this issue before on an old server, and for the live of me I can't remember what I did to solve it. Does anyone have any idea? Thanks.

Read the article
Is there a service for monitoring secured WCF endpoints in the same way that HTTP monitoring service

- by Ryan ONeill

Hi all, A service I have in WCF occasionally goes down due a problem with a COM component. While I am troubleshooting I would like to setup another host to make regular calls to this service to monitor availability. It is slightly more complicated that a simple HTTP call though as the service is secured by SSL and WCF authentication (username / password). I'd also like to be able to parse successful calls to see if they return warning / fail states from my code. Would you recommend any monitoring providers for this or is it beyond the simple monitoring they normally provide? Regards Ryan

Read the article
WCF: parameters handled in custom channel not present in generated WSDL.

- by vfilby

I have some special parameters to all my wcf service methods that are handled inside a custom channel and are not exposed in the service method parameter list. This works fine for json/xml endpoints, but the I don't know how to use a SOAP endpoint with this setup because the generated WSDL doesn't include fields that are not in the service call parameter list. Is there a way I can centralize the handling of the special parameters that apply to all service methods (authentication, locale and other contextual information) and provide a SOAP endpoint that Just Works (tm)? Hand editing wsdl files is not an option.

Read the article
Twitter oauth_callback parameter being ignored!

- by Astrofaes

Hi guys, I'm trying to get Twitter authentication working on my ASP.NET site. When you create the app on the Twitter website, you have to specify a callback URL, which for sake of argument, I have set to http://mydomain.com I've read the oAuth 1.0a spec, and to override this callback URL with your own custom one you have to send the oauth_callback parameter in the request_token phase (url-encoded of course). So my request URL looks like this: http://twitter.com/oauth/request_token?oauth_callback_url=http%3A%2F%2Fmydomain.com%2Ftwittercallback Supposedly, if all goes to plan, in your response data, you are supposed to receive a new parameter of oauth_callback_confirmed=true in addition to your token and token secret parameters. However, my response comes through as: oauth_token=MYTOKEN&oauth_token_secret=MYTOKENSECRET I know I haven't given you guys the greatest amount to go on, but I'm at my wits end as to why I am not receiving the oauth_callback_confirmed parameter. Without this, my application keeps defaulting back to the callback URL hard-coded on the Twitter website. Please if anyone could help me out, I will be eternally grateful! Thanks, A.

Read the article
Webdav -- GET on a directory

- by Joe Cannatti

I am beginning to build a tool that uses WebDAV. I am having trouble wrapping my head around something here. I think I am missing something conceptual. I can use PUT's to add files to the server. I can use GET's to read files from the server, but when I try to use GET on a directory I get a 403:Forbidden. I am using basic authentication. My code in MacRuby is as follows Net::HTTP.start('localhost') do |http| res = Net::HTTP::Get.new('http://localhost/webdav/') res.basic_auth 'jcannatti', 'webdav' http.request res end this returns <Net::HTTPForbidden 403 Forbidden readbody=true> however this Net::HTTP.start('localhost') do |http| res = Net::HTTP::Put.new('http://localhost/webdav/gorilla.txt') res.body = "testetsetest" res.basic_auth 'jcannatti', 'webdav' http.request res end returns <Net::HTTPCreated 201 Created readbody=true> What should happen when calling a GET on a WebDAV directory when everything is working correctly? thanks

Read the article
Haskell as REST server

- by Dev er dev

I would like to try Haskell on a smallish project which should be well suited to it. I would like to use it as a backend to a small ajax application. Haskell backend should be able to do authentication (basic, form, whatever, ...), keep track of user session (not much data there except for username) and to dispatch request to handlers based on uri and request type. It should also be able to serialize response to both xml and json format, depending on request parameter. I suppose the handlers are ideally suited for Haskell, since the service is basically stateless, but I don't know where to start for the rest of the story. Searching hackage didn't give me much hints.

Read the article
OAuth on iPhone: using Safari or UIWebView?

- by athanhcong

Hi all, When I implement OAuth in iPhone, I have a dilemma to choose Safari or UIWebView to open the Twitter pages for user authentication? I write some advantage and disadvantage of both case: Using UIWebWeb. The disadvantage is users have to enter their credentials in our application. It's maybe risky phishing. The advantage is this approach will not quit our app. Using Safari for user to authenticate (this approach automatically callbacks to our application) Addvantage: less risky. Disadvantage: have to quit our app A good reference link about this: http://fireeagle.yahoo.net/developer/documentation/oauth_best_practice Which approach do you prefer? Any response is appreciate. Thanks.

Read the article
Difference between URLLIB2 call in IDLE and from Django?

- by danspants

The following piece of code works as expected when running in a local install of django apache 2.2 fx = urllib2.Request(f); fx.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19'); url_opened = urllib2.urlopen(fx); However when I enter that code into IDLE on the same machine I get the following error: url_opened = urllib2.urlopen(fx); File "C:\Python25\lib\urllib2.py", line 124, in urlopen return _opener.open(url, data) File "C:\Python25\lib\urllib2.py", line 387, in open response = meth(req, response) File "C:\Python25\lib\urllib2.py", line 498, in http_response 'http', request, response, code, msg, hdrs) File "C:\Python25\lib\urllib2.py", line 425, in error return self._call_chain(*args) File "C:\Python25\lib\urllib2.py", line 360, in _call_chain result = func(*args) File "C:\Python25\lib\urllib2.py", line 506, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) HTTPError: HTTP Error 407: Proxy Authentication Required Any ideas?

Read the article
Why am I getting this WSDL SOAP error with authorize.net?

- by Chad Johnson

I have my script email me when there is a problem creating a recurring transaction with authorize.net. I received the following at 5:23AM Pacific time: SOAP-ERROR: Parsing WSDL: Couldn't load from 'https://api.authorize.net/soap/v1/service.asmx?wsdl' : failed to load external entity "https://api.authorize.net/soap/v1/service.asmx?wsdl" And of course, when I did exactly the same thing that the user did, it worked fine for me. Does this mean authorize.net's API is down? Their knowledge base simply sucks and provides no information whatsoever about this problem. I've contacted the company, but I'm not holding my breath for a response. Google reveals nothing. Looking through their code, nothing stands out. Maybe an authentication error? Has anyone seen an error like this before? What causes this?

Read the article
Should I distinguish OpenIDs based on protocol prefix or not? http vs https

- by Joannes Vermorel

I have implemented a straightforward OpenID support for my ASP.NET app with DotNetOpenAuth. Yet I recently realized that the implementation was treating http://johndoe.example.com/ as a distinct user compared to https://johndoe.example.com. This lead to quite a few confused users. I am unsure what to do at this point. Is this a bug or a feature? Indeed, I can consider this behavior as a feature: if the user specifies the HTTPS, the user might not want the system to accept HTTP auth in the first place. On the other hand: if the user specifies HTTPS out of sheer cluelessness (the casual web visitor is clueless concerning the purpose of the "S" part), then rejecting it's authentication attempt is confusing. What is considered as the best practice?

Read the article
ASP.NET SetAuthCookie Impersonation Help

- by rlb.usa

Hello SO, I'm trying to do user impersonation for a web application we have. The user selects the user they'd like to emulate/impersonate and then clicks the button which fires this: protected void uxImpersonate_Click(object sender, EventArgs e) { ... FormsAuthentication.SetAuthCookie(uxUserToEmulate.SelectedValue, false); Response.Redirect("Impersonation.aspx"); //reload page manually } We have a dev - test - production server environment and on two servers this works just fine, but on another one, in all browsers, it kicks me to the login screen. What's going on and how can I fix it? We're on ASP.NET 2.0, and I'm using http://stackoverflow.com/questions/549016/user-impersonation-with-asp-net-forms-authentication as a guide. UPDATE: It appears that the user actually is impersonated successfully but is loosing their Role as admin (only Admin Role's can access this impersonation page).

Read the article
Oauth callback problem

- by yogsma

I am using OAuth with google data api. We have a portal only for authorized users. So when users are logged in and if they are accessing calendar page, they will be asked if they want to sync their calendars with google calendar. If yes, they will be redirected for authentication. Once user has granted access, google appends OAuth_Token to the callback URL. the callback URL was that of the page of calendar in portal. This url has its query string options encrypted. But when the redirection happens , it takes back to login page of url. url is like http://aaa.xyz.com/(encrypted part of query string) and after oauth_token is authorized, this url becomes http://aaa.xyz.com/(encrypted part of query string)&oauth_token. So the user sees the login page after redirection instead of original page. How should I handle this in code.

Read the article
How can I perform action from ASP.NET MVC with different user credentials?

- by Rob

Hopefully this explanation will make sense, but what is the best way (if it is even possible) to pass along user credentials to preform a specific application from an ASP.NET MVC application. Currently I am working on trying to create directories on another server, we can't do this using the generic credentials that the application is running with; however, we have been told that we can if we pass the credentials of the user currently using the application along. Currently we are running on IIS 6.0 but will be moving to IIS 7.0 in the near future and likewise we are using Integrated Windows authentication for the web applications.

Read the article
set current user in asp.net mvc

- by Tomh

Hey guys, I'm not sure if this is the best way to do it, but I want to keep a user object alive during all requests of the current user. From reading several resources I learned that you should create your own IPrinciple which holds this. But I don't want to trigger the database every authentication request. Any recommendations on how to handle this? Is caching the db request a good idea? protected void Application_AuthenticateRequest(Object sender, EventArgs e) { HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); User user; using (HgDataContext hg = new HgDataContext()) { if (Session["user"] != null) { user = (from u in hg.Users where u.EmailAddress == authTicket.Name select u).Single(); } else { user = Session["user"] as User; } } var principal = new HgPrincipal(user); Context.User = principal; } }

Read the article
Load vs Get in Nhibernate

- by Quintin Par

The master page in my web application does authentication and loads up the user entity using a Get. After this whenever the user object is needed by the usercontrols or any other class I do a Load. Normally nhibernate is supposed to load the object from cache or return the persistent loaded object whenever Load of called. But this is not the behavior shown by my web application. NHprof always shows the sql whenever Load is called. How do I verify the correct behavior of Load? I use the S#arp architecture framework.

Read the article
Encrypt php code

- by riad

Hi all, I create a software using php. Now need to sale this software .So, I need to encrypt my code that nobody can view my source code. can anybody help me to do: 1. Encrypt my PHP code but software functioning will remaining same. 2. Also I need to bind the software for a particular authorized pc & it will not run any other pc except my authentication. How can I do that? encrypt using LAN MAC address? or any other idea? pls help!

Read the article

< Previous Page | 198 199 200 201 202 203 204 205 206 207 208 209 | Next Page >