Search Results

Search found 5866 results on 235 pages for 'authentication'.

Page 206/235 | < Previous Page | 202 203 204 205 206 207 208 209 210 211 212 213 | Next Page >

Prerequisites for Account management via an IPhone App?

- by Icky

Hello. I have been reading a couple of threads for this topic on this site. I want to create an App, which communicates with a server and has the following features: the User can create/manage an account on the server the App communicates with the server via a secure connection the User is updated about important news through messages From what I understood so far, I need to take care of the following: establish a secure connection with the server send account information(user data, password) to the server and authenticate the client side management and encryption of account data/information is handled by the server, so the App only sends data, the server stores/encrypts (no need for me to take care of anything) So far, I think, I have covered the most important features. I have read, that NSURLConnection can be used, to send the authentication data. But how is further communication ensured? And how is the encryption managed? Are there any useful tutorials on this, because this is the first time I delve into this topic, and any guidance is greatly appreciated! Also, if I have missed anything important (e.g. with managing accounts) please tell me.

Read the article
perl issuing os command with defined variables

- by Vinnie Biros

I am adding functionality into my scripts so that they can use kerberos authentication to run automatically and use secure protocols when executing. I have my functionality working for shell scripts that do exactly what i want, however i am having issues porting it to perl to work within my perl scripts as i am new to perl. Here is my working shell code and trying to get the same functionality in perl: #!/bin/sh ticketFileName=`basename $0-$$` #set filename variable to name of script plus the PID krb5CacheLocation=/tmp/$ticketFileName #set ticket cache location to /tmp + script name /usr/share/centrifydc/kerberos/bin/kinit -c $krb5CacheLocation -kt /root/.ssh/someaccount.keytab someaccount #get TGT and specifiy ticket cache location on kinit export KRB5CCNAME=$krb5CacheLocation #set the KRB5CCNAME variable to tell ssh where to look What i have attempted in perl: #!/usr/bin/perl my $ticketFileName = `basename $0-$$`; my $krb5CacheLocation = '/tmp/'.$ticketFileName; `export KRB5CCNAME=$krb5CacheLocation`; `/usr/share/centrifydc/kerberos/bin/kinit -c $krb5CacheLocation -kt /root/.ssh/unixmap0000.keytab unixmap0000`; Seems it is not liking the passed variable that i am referencing in the OS command. Anyone have any ideas or suggestions?

Read the article
WCF Certificates without Certificate Store

- by Kane

My team is developing a number of WPF plug-ins for a 3rd party thick client application. The WPF plug-ins use WCF to consume web services published by a number of TIBCO services. The thick client application maintains a separate central data store and uses a proprietary API to access the data store. The thick client and WPF plug-ins are due to be deployed onto 10,000 workstations. Our customer wants to keep the certificate used by the thick client in the central data store so that they don't need to worry about re-issuing the certificate (current re-issue cycle takes about 3 months) and also have the opportunity to authorise the use of the certificate. The proposed architecture offers a form of shared secret / authentication between the central data store and the TIBCO services. Whilst I don’t necessarily agree with the proposed architecture our team is not able to change it and must work with what’s been provided. Basically our client wants us to build into our WPF plug-ins a mechanism which retrieves the certificate from the central data store (which will be allowed or denied based on roles in that data store) into memory then use the certificate for creating the SSL connection to the TIBCO services. No use of the local machine's certificate store is allowed and the in memory version is to be discarded at the end of each session. So the question is does anyone know if it is possible to pass an in-memory certificate to a WCF (.NET 3.5) service for SSL transport level encryption? Note: I had asked a similar question (here) but have since deleted it and re-asked it with more information.

Read the article
Access SSAS cube from across domains without direct database connection

- by SuperKing

Hello, I'm working with SQL Server Analysis Services for the first time and have the dilemma of working on a project in which users must be able to access SSAS Cubes (via a custom web dashboard) that live across different servers and domains, but without having access to the other server's SSAS database connection strings. So Organization A and Organization B will have their own cubes on their own servers, but Organization A users must be able to view Organization B's cubes, and Organization B users must be able to view Organization A's cubes, but neither organization should have access to the connection string. I've read about allowing HTTP access to the SSAS server and cube from the link below, but that requires setting up users for authentication or allowing anonymous access to one organization's server for users of another organization, and I'm not sure this would be acceptable for this situation, or if this is the preferred way to do this. Is performance acceptable here? http://technet.microsoft.com/en-us/library/cc917711.aspx I also wonder if perhaps it makes sense to run a nightly/weekly process that accesses the other organization's SSAS database via a web service or something, and pull that data into a database on the organization's server, and then rebuild the cube. Then that cube would be queried without having to go and connect to the other organization server when viewing the cube. Has anyone else attempted to accomplish something similar? Is HTTP access the standard way to go for this? Or any other possible options? Thanks, and please let me know if you need more info, still unclear on how some of this works.

Read the article
What am I missing in IIS7?

- by faded19

Hello All, Ok here is my dilemma, I have been developing on a shared host at discountasp.net (IIS 6)for some time now. All was going well, however now that app is complete we are moving it to its own dedicated server which is now server 2008 and IIS 7. I am currently using asp forms authentication (which again seems to work just fine on IIS6) The issue seems to occur after I click login, it pops the "Signing In" box..an error then arises in the JavaScript of Membership.js "Object Does not Support Membership.js" I verified that the code was making it to: membership.BeginLogin(uid, pwd, rememberme); and was in fact passing the correct variables. Another odd thing I noticed when setting the forms permissions is that when I went to select Users or Roles within the IIS 7 management console it would take forever, and then time out with the following error: A Network related or instance specific error occurred while establishing a connection to SQL Server. The server was not or was not accessible, verify that the instance name is correct and that SQL Server is configured to allow remote connections (provider - named pipes provider: error 40 - could not open a connection to SQL Server.) I am rather weak on the hardware/configure side of the house so I am not really sure what the issue is, it’s almost as if IIS7 cannot see the DB. They both reside on the same server however. If anyone could help point me in the right direction as to how to resolve this I would be eternally grateful! Thanks in advance Bryan

Read the article
ASP.NET: Custom MembershipProvider with a custom user table

- by blahblah

I've recently started tinkering with ASP.NET MVC, but this question should apply to classic ASP.NET as well. For what it's worth, I don't know very much about forms authentication and membership providers either. I'm trying to write my own MembershipProvider which will be connected to my own custom user table in my database. My user table contains all of the basic user information such as usernames, passwords, password salts, e-mail addresses and so on, but also information such as first name, last name and country of residence. As far as I understand, the standard way of doing this in ASP.NET is to create a user table without the extra information and then a "profile" table with the extra information. However, this doesn't sound very good to me, because whenever I need to access that extra information I would have to make one extra database query to get it. I read in the book "Pro ASP.NET 3.5 in C# 2008" that having a separate table for the profiles is not a very good idea if you need to access the profile table a lot and have many different pages in your website. Now for the problem at hand... As I said, I'm writing my own custom MembershipProvider subclass and it's going pretty well so far, but now I've come to realize that the CreateUser doesn't allow me to create users in the way I'd like. The method only takes a fixed number of arguments and first name, last name and country of residence are not part of them. So how would I create an entry for the new user in my custom table without this information at hand in CreateUser of my MembershipProvider?

Read the article
Athentication Problem - not recognizing 'else' - Ruby on rails...

- by bgadoci

I can't seem to figure out what I am doing wrong here. I have implemented the Super Simple Authentication from Ryan Bates tutorial and while the login portion is functioning correctly, I can't get an error message and redirect to happen correctly for a bad login. Ryan Bates admits in his comments he left this out but can't seem to implement his recommendation. Basically what is happening is that when someone logs in correctly it works. When a bad password is entered it does the same redirect and flashes 'successfully logged in' thought they are not. The admin links do not show (which is correct and are the links protected by the <% if admin? %) but I need it to say 'failed login' and redirect to login path. Here is my code: SessionsController class SessionsController < ApplicationController def create if session[:password] = params[:password] flash[:notice] = 'Successfully logged in' redirect_to posts_path else flash[:notice] = "whoops" redirect_to login_path end end def destroy reset_session flash[:notice] = 'Successfully logged out' redirect_to posts_path end end ApplicationController class ApplicationController < ActionController::Base helper_method :admin? protected def authorize unless admin? flash[:error] = "unauthorized request" redirect_to posts_path false end end def admin? session[:password] == "string0826" end helper :all # include all helpers, all the time protect_from_forgery # See ActionController::RequestForgeryProtection for details # end

Read the article
Cannot connect to database,.Login failed for user

- by kishorejangid

Yesterday my database was connected perfectly.. We have installed Windows Server 2008 R2 on our server and the i have added the user to the client PC name SMTECH5 with user jangid Now my database is not connecting using windows authentication. only the master database is connecting.. here are somw of the error throwned TITLE: Connect to Database Engine Cannot connect to SMTECH5\COLLEGEERP. ADDITIONAL INFORMATION: Cannot open user default database. Login failed. Login failed for user 'SMTECH\jangid'. (Microsoft SQL Server, Error: 4064) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=4064&LinkId=20476 BUTTONS: OK TITLE: Connect to Database Engine Cannot connect to SMTECH5\COLLEGEERP. ADDITIONAL INFORMATION: Cannot open user default database. Login failed. Login failed for user 'SMTECH\jangid'. (Microsoft SQL Server, Error: 4064) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=4064&LinkId=20476 BUTTONS: OK this happens on all the pcs in our lab

Read the article
Minimizing SpringLdap dependencies.

- by mP

I would like to use SpringLDAP to do some simple username/password verification for authentication purposes. WHile the actual jar file is quite small (less than 1 meg) it seems to have a lot of dependencies as listed by link text. By alot i mean it seems to suck in over 50 things many which dont seem right such as spring-jdbc as I dont want any jdbc and only the ldap template class and its bare dependencies. Without wasting too much time is it possible to the spring-ldap with only a bare minimum number of dependencies which amount to something like: spring core spring ldap whatever logging deps they require. spring tx I dont see or appreciate why the rest of thes tuff is reuqired and was wondering can anyone verify they arent really needed in the end if one sticks to the basics. The other stuff i am referring too include: spring-orm // no jdbc beans // i dont want ioc. spring-aop // no need for aop. I intend to wire up the beans i will be using manually. I dont want more crap in there for what ammounts to setting a few properties, and want confirmation that I dont need what is probably there just to do the ioc stuff when all i want is the ldap stuff.

Read the article
I get an Exception when trying to implement reset password with Authlogic

- by Tam

Hi, I'm using Ruby on Rails 2.3.5 and Ruby 1.9 and implmeneted Authlogic as my authentication engine. Authlogic works fine. But now I have been trying to implement password reset using the following tutorial: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/ But I'm getting the following exception when I type mysite.com/password_resets/new Processing PasswordResetsController#new (for 127.0.0.1 at 2010-03-13 01:09:45) [GET] Completed in 9ms (DB: 0) | 200 [http://localhost/password_resets/new] [2010-03-13 01:09:45] ERROR TypeError: can't convert Array into String /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/activesupport-2.3.5/lib/active_support/core_ext/string/output_safety.rb:34:in `concat' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/activesupport-2.3.5/lib/active_support/core_ext/string/output_safety.rb:34:in `concat_with_safety' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/rack-1.0.1/lib/rack/handler/webrick.rb:63:in `block in service' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/response.rb:158:in `each' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/response.rb:158:in `each' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/string_coercion.rb:16:in `send' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/string_coercion.rb:16:in `method_missing' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/actionpack-2.3.5/lib/action_controller/reloader.rb:22:in `method_missing' /Users/tammam56/.rvm/gems/ruby-1.9.1-p378/gems/rack-1.0.1/lib/rack/handler/webrick.rb:62:in `service' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/httpserver.rb:111:in `service' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/httpserver.rb:70:in `run' /Users/tammam56/.rvm/rubies/ruby-1.9.1-p378/lib/ruby/1.9.1/webrick/server.rb:183:in `block in start_thread' Honestly I'm not sure where to start debugging for this. Is it because I'm using Ruby 1.9? some people seem to be having trouble with Authlogic and Ruby 1.9: http://isitruby19.com/authlogic Please advise me how to go about solving/debugging this issues? Thanks, Tam

Read the article
Internet Explorer Warning when embedding Youtube on HTTPS site?

- by pellepim

Our application is run over HTTPS which rarely presents any problems for us. When it comes to youtube however, the fact that they do not present any content over SSL connections is giving us some head ache when trying to embed clips. Mostly because of Internet Explorers famous little warning message: "Do you want to view only the webpage content that was delivered securely? This page contains content that will not be delivered using a secure HTTPS ... etc" I've tried to solve this in several ways. The most promising one was to use the ProxyPass functionality in Apache to map to YouTube. Like this: ProxyPass: /youtube/ http://www.youtube.com ProxyPassReverse: /youtube/ http://www.youtube.com This gets rid of the annoying warning. However, the youtube SWF fails to start streaming The SWF i manage to load into the browser simply states : "An error occurred, please try again later". Potential solutions are perhaps: Download youtube FLV:s and serve them out of own domain (gah) Use custom FLV-player and stream only FLV:s from youtube over a https proxy? Update 10 March: I've tried to use Googles Youtube API for ActionScript to load a player. It looked promising at first and I was able to load a player through my https:// proxy. However, the SWF that is loaded contains loads of explicit calls to different non-ssl urls to create authentication links for the FLV-stream and for loading different crossdomain policies. It really seems like we're not supposed to access flv-streams directly. This makes it very hard to bypass the Internet Explorer warning, short of ripping out the FLV:s from youtube and serving them out of your own domain. There are solutions out there for downloading youtubes FLV:s. But that is not compliant with the Youtube terms of use and is really not an option for us.

Read the article
Listener error not connecting

- by Sham

I have two database running on Port No : 1521. When i m connecting to ORCL db it get's connected, but when i try to connect to another DB it gives me following error. ORA-12514: TNS:listener does not currently know of service requested in connect descriptor. My Listener: # listener.ora Network Configuration File: C:\app\Administrator\product\11.2.0 \dbhome_1\network\admin\listener.ora # Generated by Oracle configuration tools. ADMIN_RESTRICTIONS_LISTENER = ON LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 127.1.1.1)(PORT = 1521)) ) ) ADR_BASE_LISTENER = C:\app\Administrator TNSNAMES.ora ORCL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 127.1.1.1)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl) ) ) PARIVARTAN = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 127.1.1.1)(PORT = 1521)) ) (CONNECT_DATA = (SERVICE_NAME = Parivartan) ) ) Lsnrctl Result STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for 64-bit Windows: Version 11.2.0.1.0 - Production Start Date 14-DEC-2012 14:22:51 Uptime 0 days 0 hr. 19 min. 31 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File C:\app\Administrator\product\11.2.0\dbhome_1\network\a dmin\listener.ora Listener Log File c:\app\administrator\diag\tnslsnr\127.1.1.1\listener\al ert\log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.1.1.1)(PORT=1521))) Services Summary... Service "orcl" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... Service "orclXDB" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... The command completed successfully Reply me soon....

Read the article
Ldap query returns null result when deployed.

- by Trey Carroll

I'm using a very simple Ldap query in my asp.net mvc 2.0 site: String ldapPath = ConfigReader.LdapPath; String emailAddress = null; try { DirectorySearcher search = new DirectorySearcher(ConfigReader.LdapPath); search.Filter = String.Format("(&(objectClass=user)(objectCategory=person)(objectSid={0})) ", securityIdentifierValue); // add the mail property to the list of props to retrieve search.PropertiesToLoad.Add("mail"); var result = search.FindOne(); if (result == null) { throw new Exception("Ldap Query with filter:" + search.Filter.ToString() + " returned a null value (no match found)"); } else { emailAddress = result.Properties["mail"][0].ToString(); } } catch (ArgumentOutOfRangeException aoorEx) { throw new Exception( "The query could not find an email for this user."); } catch (Exception ex) { //_log.Error(string.Format("======!!!!!! ERROR ERROR ERROR !!!!! in LdapLookupUtil.cs getEmailFromLdap Exception: {0}", ex)); throw ex; } return emailAddress; It works fine on my localhost machine. It works fine when I run it in VS2010 on the server. It always returns a null result when deployed. Here is my web.config: Asp.Net Configuration option in Visual Studio. A full list of settings and comments can be found in machine.config.comments usually located in \Windows\Microsoft.Net\Framework\v2.x\Config -- section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. -- <!-- -- section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace. -- I'm running it under the default app pool. Does anybody see the problem? This is driving me crazy!

Read the article
How do I create Twitter style URL's for my app - Using existing application or app redesign - Ruby o

- by bgadoci

I have developed a blog application of sorts that I am trying to allow other users to take advantage of (for free and mostly for family). I wondering if the authentication I have set up will allow for such a thing. Here is the scenario. Currently the application allows for users to sign up for an account and when they do so they can create blog posts and organize those posts via tags. The application displays no data publicly (another words, you have to login to see anything). To gain access you have to create an account and even after you do, you cannot see anyone else's information as the applications filters using the current_user method and displays in the /posts/index.html.erb page. This would be great if a user only wanted to blog and share it with themselves, not really what I am looking for. My question has two parts (hopefully I won't make anyone mad by not putting these into two questions) Is it possible for a particular users data to live at www.myapplication.com/user without moving everything to the /user/show.html.erb file? Is it possible to make some of that information (living at the URL) public but still require login for create and destroy actions. Essentially, exactly like twitter. I am just curious if I can get from where I am (using the current_user methods across controllers to display in /posts/index.html.erb) to where I want to be. My fear is that I have to redesign the app such that the user data lives in the /user/show.html.erb page. Thoughts?

Read the article
Sharepoint BDC Error: The title property of entity tblStaff is set to an invalid value

- by Christopher Rathermel

I am just starting to create our Business Data Catalog(s) for our practice management system and I am running into an issue w/ our staff table. Background: I am using Business Data Catalog Definition Editor to create my ADF. I am using the RevertToSelf Authentication Mode. I have tried a few other tables and they seem to work just fine thus far.. only issue is w/ the staff table. If I removed all the columns for the staff entity except the ID and a few columns for the name it actually works. So it has a problem w/ one of my columns in tblStaff. I receive this error even when I set up an ADF w/ just this one entity. So w/ no associations.. When attempting to view the record: http://servername/ssp/admin/Content/tblstaff.aspx?StaffID={0} w/ {0} replaced w/ an actual staff ID I get the following error: The title property of entity tblStaff is set to an invalid value. Things I have tried: I noticed that I do have a column in my staff table called "Title" and removed it from ADF w/ no luck... Same error.. I tried to use bdc meta man to create my ADF and I got the same error... Any ideas? Chris

Read the article
Unknown error when submit a REST request to Liferay json API

- by r.rodriguez

I'm writing an script in Python to automatically update the structures in my Liferay portal and I want to do it via the json REST API. I make a request to get an structure (method getStructure), and it worked. But when I try to do an structure update in the portal it shows me the following error: ValueError: Content-Length should be specified for iterable data of type class 'dict' {'serviceContext': "{'prueba'}", 'serviceClassName': 'com.liferay.portlet.journal.service.JournalStructureServiceUtil', 'name': 'FOO', 'xsd': '... THE XSD OBTAINED VIA JSON ...', 'serviceParameters': '[groupId,structureId,parentStructureId,name,description,xsd,serviceContext]', 'description': 'FOO Structure', 'serviceMethodName': 'updateStructure', 'groupId': '10133'} What I'm doing is the next: urllib.request.Request(url = URL, data = data_update, headers = headers) URL is http://localhost:8080/tunnel-web/secure/json The headers are configured with basic authentication (it works, it is tested with the getStructure method). Data is: data_update = { "serviceClassName" : "com.liferay.portlet.journal.service.JournalStructureServiceUtil", "serviceMethodName" : "updateStructure", "serviceParameters" : "[groupId,structureId,parentStructureId,name,description,xsd,serviceContext]", "groupId" : 10133, "name" : FOO, "description" : FOO Structure, "xsd" : ... THE XSD OBTAINED VIA JSON ..., "serviceContext" : "{}" } Does anybody know the solution? Have I to specify the length for the dictionary and how? Or this is a bug?

Read the article
Gravatar XML-RPC request problem in Objective-C

- by Erik

Hi all, I'm trying to incorporate some Gravatar functionality using its XML-RPC API in an iPhone app I'm writing. I grabbed the Cocoa XML-RPC Framework by Eric Czarny (http://github.com/eczarny/xmlrpc) and it works well when I tested it with some of the Wordpress methods. However, when I try to use the Gravatar API, I always receive a response of "Error code: -9 Authentication error". I think I'm constructing the request correctly, but I've been wracking my brain and can't seem to figure it out. Maybe someone has some experience with this API or can see what I'm doing wrong. Here's the call: <?xml version="1.0"> <methodCall> <methodName>grav.addresses</methodName> <params> <param><value><string>PASSWORD_HERE</string></value></param> </params> </methodCall> Again, the Cocoa XML-RPC Framework worked like a dream with Wordpress, but it's choking on the Gravatar API for some reason. Thanks for your help.

Read the article
Getting svn: E170000: Unrecognized URL scheme for my custom Svn Gradle plugin

- by Ip Doh

I wrote a custom gradle plugin using groovy to do basic svn tasks like, Checkout, Clean, Tag etc. The groovy class calls the svn command line client to do these operations, It works fine when i run it on my windows system but the same plugin gives the following error when i run it on a linux system (Centos). svn: E170000: Unrecognized URL scheme for '%22https://source.mycompany.net/svn/MyProject/trunk%22' Am able to make the same calls to the command line client through the command prompt or shell script without any issues. So what is the difference with Here is my code sample String command =String.format("svn co -r %d --non-interactive --trust-server-cert -- username %s --password %s --depth infinity \"%s\" \"%s\"", getRevision(), getUserName(), getUserPassword(), getSrcUrl(), getDir()); Process svnProcess = Runtime.getRuntime().exec(command); BufferedReader stdInput = new BufferedReader(new InputStreamReader(svnProcess.getInputStream())); BufferedReader stdError = new BufferedReader(new InputStreamReader(svnProcess.getErrorStream())); String statusOutputLine ="" while ((statusOutputLine = stdInput.readLine()) != null) { logger.quiet(" " + statusOutputLine); } while (( statusOutputLine = stdError.readLine()) != null) { logger.error(statusOutputLine) throw new Exception(statusOutputLine) } logger.quiet("Successfully Checked out the work space") i do have neon installed on the system -bash-4.1$ svn --version svn, version 1.6.11 (r934486) compiled Jun 25 2011, 11:30:15 Copyright (C) 2000-2009 CollabNet. Subversion is open source software, see http://subversion.tigris.org/ This product includes software developed by CollabNet (http://www.Collab.Net/). The following repository access (RA) modules are available: ra_neon : Module for accessing a repository via WebDAV protocol using Neon. handles 'http' scheme handles 'https' scheme ra_svn : Module for accessing a repository using the svn network protocol. with Cyrus SASL authentication handles 'svn' scheme ra_local : Module for accessing a repository on local disk. handles 'file' scheme

Read the article
Distributed development systems

- by Nathan Adams

I am interested in a system that allows for distributed development with an authentication piece. What do I mean by that? Ok so lets take SVN, SVN keeps track of revisions and doesn't care who submits, as long as you have the right to submit you can submit, really, to any part in the repository. Where does my system come into play? Being able to granulate access control and give a stackoverflow like feel to the environment. In the system I am describing we have 4 users Bob, Alice, Dan, Joe. Bob is a project managed, Alice and Dan are programmers under Bob and Joe is a random programmer on the internet who wants to help. Ideally in this system, Bob can commit any changes and won't require approval. Alice and Dan can commit to their branches, or a branch, but a commit to the trunk would need approval by Bob. This is where Joe comes in, wants to help, however, you just don't want to give him the keys to the kingdom just yet so to speak, so in my system you would setup a "low user" account. Any commits that Joe makes would need to be approved by Dan, Alice or both. However, in the system, Joe can build up "Karma" where after so many approved commits it would only need approval by one of the programmers, and then eventually no approval would be necessary. Does that make sense and do you know if a system like that exists? Or am I just crazy to even think such a system/environment would be possible?

Read the article
Unable to initialize provider. Missing or incorrect schema. for MySql.Web connector

- by Jreeter

Hey guys and gals running into a little issue here.. I'm trying to use MySql Connector 6.2.2.0 for membership and role providers.. The issue I'm having is: Unable to initialize provider. Missing or incorrect schema. <authentication mode="Forms"/> <roleManager defaultProvider="MySqlRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName=".ASPROLES" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="All" > <providers> <clear /> <add name="MySqlRoleProvider" type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.2.2.0,Culture=neutral, PublicKeyToken=c5687fc88969c44d" connectionStringName="mySQL" applicationName="capcafe" writeExceptionsToEventLog="true" /> </providers> </roleManager> <membership defaultProvider="MySqlMembershipProvider"> <providers> <add connectionStringName="mySQL" applicationName="capcafe" minRequiredPasswordLength="5" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" minRequiredNonalphanumericCharacters="0" name="MySqlMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" /> </providers> </membership> Here is the line it doesn't seem to like: Line 57: type="MySql.Web.Security.MySQLRoleProvider, MySql.Web, Version=6.2.2.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" I have both MySql.Web and MySql.Data referenced and in my bin! Any help resolving this issue will be very much appreciated

Read the article
T4MVC not generating an action

- by Maslow

I suspected there was some hidden magic somewhere that stopped what looks like actual method calls all over the place in T4MVC. Then I had a view fail to compile, and the stackTrace went into my actual method. [Authorize] public string Apply(string shortName) { if (shortName.IsNullOrEmpty()) return "Failed alliance name was not transmitted"; if (Request.IsAuthenticated == false || User == null || User.Identity == null) return "Apply authentication failed"; Models.Persistence.AlliancePersistance.Apply(User.Identity.Name, shortName); return "Applied"; } So this method isn't generating in the template after all. <%=Ajax.ActionLink("Apply", "Apply", new RouteValueDictionary() { { "shortName", item.Shortname } }, new AjaxOptions() { UpdateTargetId = "masterstatus" })%> <%=Html.ActionLink("Apply",MVC.Alliance.Apply(item.Shortname),new AjaxOptions() { UpdateTargetId = "masterstatus" }) %> The second method threw an exception on compile because the method Apply in my controller has an [Authorize] attribute so that if someone that isn't logged on clicks this, they get redirected to login, then right back to this page. There they can click on apply again, this time being logged in. And yes I realize one is Ajax.ActionLink while the other is Html.ActionLink I did try them both with the T4MVC version.

Read the article
Where are the real risks in network security?

- by Barry Brown

Anytime a username/password authentication is used, the common wisdom is to protect the transport of that data using encryption (SSL, HTTPS, etc). But that leaves the end points potentially vulnerable. Realistically, which is at greater risk of intrusion? Transport layer: Compromised via wireless packet sniffing, malicious wiretapping, etc. Transport devices: Risks include ISPs and Internet backbone operators sniffing data. End-user device: Vulnerable to spyware, key loggers, shoulder surfing, and so forth. Remote server: Many uncontrollable vulnerabilities including malicious operators, break-ins resulting in stolen data, physically heisting servers, backups kept in insecure places, and much more. My gut reaction is that although the transport layer is relatively easy to protect via SSL, the risks in the other areas are much, much greater, especially at the end points. For example, at home my computer connects directly to my router; from there it goes straight to my ISPs routers and onto the Internet. I would estimate the risks at the transport level (both software and hardware) at low to non-existant. But what security does the server I'm connected to have? Have they been hacked into? Is the operator collecting usernames and passwords, knowing that most people use the same information at other websites? Likewise, has my computer been compromised by malware? Those seem like much greater risks. What do you think?

Read the article
Using Active Directory to authenticate users in a WWW facing website

- by Basiclife

Hi, I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database. This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions) So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it. Any input appreciated Regards Basiclife

Read the article
Global.asax Event: Application_OnPostAuthenticateRequest

- by Hemant Kothiyal

Hi, I am using Application_OnPostAuthenticateRequest event in global.asax to get roles and permissions of authenticated user also i have made my custom principal class to get user detail and roles and permission. To get some information which remain same for that user. following are the code void Application_OnPostAuthenticateRequest(object sender, EventArgs e) { // Get a reference to the current User IPrincipal objIPrincipal = HttpContext.Current.User; // If we are dealing with an authenticated forms authentication request if ((objIPrincipal.Identity.IsAuthenticated) && (objIPrincipal.Identity.AuthenticationType == "Forms")) { CustomPrincipal objCustomPrincipal = new CustomPrincipal(); objCustomPrincipal = objCustomPrincipal.GetCustomPrincipalObject(objIPrincipal.Identity.Name); HttpContext.Current.User = objCustomPrincipal; CustomIdentity ci = (CustomIdentity)objCustomPrincipal.Identity; HttpContext.Current.Cache["CountryID"] = FatchMasterInfo.GetCountryID(ci.CultureId); HttpContext.Current.Cache["WeatherLocationID"] = FatchMasterInfo.GetWeatherLocationId(ci.UserId); Thread.CurrentPrincipal = objCustomPrincipal; } } My question is as following This event fires every time for every request. Hence for each request the code execute? My approach is right or not? Is it right to add HttpContext.Current.Cache in this event or we should move it on session start

Read the article
Asp.net MVC error with custom HttpModule

- by Robert Koritnik

I have a custom authentication HttpModule that is pretty strait forward. But I want it to run only for managed requests (and not for static ones). Asp.net MVC automatically adds configuration section for IIS7 web server: <system.webServer> <validation validateIntegratedModeConfiguration="false" /> <modules runAllManagedModulesForAllRequests="true"> <remove name="ScriptModule" /> <remove name="UrlRoutingModule" /> <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule,..." /> <add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule,..." /> </modules> <handlers> ... </handlers> </system.webServer> When I add my own module I also set its preCondition="managedHandler", but since there's runAllManagedModulesForAllRequests="true" on parent <module> element my preCondition is ignored by design (as I read on MSDN). When I try to set though: <modules runAllManagedModulesForAllRequests="false"> I get this error: [image no longer valid] What else (which other module) do I have to set in web.config to make it work with this setting: <modules runAllManagedModulesForAllRequests="false">

Read the article

< Previous Page | 202 203 204 205 206 207 208 209 210 211 212 213 | Next Page >