Search Results

Search found 62215 results on 2489 pages for 'http basic authentication'.

Page 215/2489 | < Previous Page | 211 212 213 214 215 216 217 218 219 220 221 222  | Next Page >

  • How do I deal with different requests that map to the same response?

    - by daxim
    I'm designing a Web service. The request is idempotent, so I chose the GET method. The response is relatively expensive to calculate and not small, so I want to get caching (on the protocol level) right. (Don't worry about memoisation at my part, I have that already covered; my question here is actually also paying attention to the Web as a whole.) There's only one mandatory parameter and a number of optional parameter with default values if missing. For example, the following two map to the same representation of the response. (If this is a dumb way to go about it the interface, propose something better.) GET /service?mandatory_parameter=some_data HTTP/1.1 GET /service?mandatory_parameter=some_data;optional_parameter=default1;another_optional_parameter=default2;yet_another_optional_parameter=default3 HTTP/1.1 However, I imagine clients do not know this and would treat them separate and therefore waste cache storage. What should I do to avoid violating the golden rule of caching? Make up a canonical form, document it (e.g. all parameters are required after all and need to be sorted in a specific order) and return a client error unless the required form is met? Instead of an error, redirect permanently to the canonical form of a request? Or is it enough to not mind how the request looks like, and just respond with the same ETag for same responses?

    Read the article

  • How can I call multiple nutrient information from ESHA Research API? (apid.esha.com)

    - by user1833044
    I want to call ESHA Research nutrient REST API. I cannot seem to figure out how to call multiple nutrients using ESHA REST API. So far I am calling the following and only able to retrieve the calories, or protein, or another type of nutrient information. So I was hoping someone had experience in retrieving all the nutrient information with one call. Is this possible? This is how I call to retrieve the TWIX nutrient http://api.esha.com/analysis?apikey=xxxx&fo=urn:uuid:81d268ac-f1dc-4991-98c1-1b4d3a5006da (returns calories, please note the api key is not xxxx but instead a key generated from Esha once you sign up as developer) The return is JSON format. If I want to call fat it would be the following http://api.esha.com/analysis?apikey=xxxx&fo=urn:uuid:81d268ac-f1dc-4991-98c1-1b4d3a5006da&n=urn:uuid:589294dc-3dcc-4b64-be06-c07e7f65c4bd How can I make a call once and get a return of all the nutrients (so Fat, Calories, Carbs, Vitamins, etc..) for a particular food ID? I have researched and looked at this for a while and cannot seem to find the answer. Thanks in advance for your help.

    Read the article

  • Will new Twitter API 1.1 allow hashtag/tweet/trend queries without any authentication, i.e. for a client that does not use an user's account at all?

    - by P5music
    I see that, even not being logged in Twitter with an account, if I google hashtags or twitter accounts, twitter show them. I think it should be also possible to get those tweets programmatically but I do not know it for sure, so I ask for confirmation here, especially for the future with the new Twitter API resctrictions. I mean, will it be possible to get tweets from hashtags or accounts without logging in an user account, and so not wanting to access the user settings, subscriptions, etc (because I do not need it), thus not having to respect any token limit? I found these API 1.1 faqs, have I to be concerned? Will an application have to request user authorization just to make public API calls? When API v1.1 is released, user authorization (and access tokens) are required for all API 1.1 requests. In the weeks following release, some methods will require only application-based authentication for certain "userless" contexts. Will an application have to request user authorization just to make public API calls? When API v1.1 is released, user authorization (and access tokens) are required for all API 1.1 requests. In the weeks following release, some methods will require only application-based authentication for certain "userless" contexts. Will the Search API require authentication? The Search API is now part of the official REST API in version 1.1. In addition to serving results in a format consistent with other Tweet resources, usage will also require authentication.

    Read the article

  • How to Authenticate to Active Directory Services (ADs) using .NET 3.5 / C#

    - by Ranger Pretzel
    After much struggling, I've figured out how to authenticate to my company's Active Directory using just 2 lines of code with the Domain, Username, and Password in .NET 2.0 (in C#): // set domain, username, password, and security parameters DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, username, password, AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer); // force Bind to AD server to authenticate object obj = entry.NativeObject; If the 2nd line throws an exception, then the credentials and/or parameters were bad. (Specific reason can be found in the exception.) If no exception, then the credentials are good. Trying to do this in .NET 3.5 looks like it should be easy, but has me at a roadblock instead. Specifically, I've been working with this example: PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, domain); using (domainContext) { return domainContext.ValidateCredentials(UserName, Password); } Unfortunately, this doesn't work for me as I don't have both ContextOptions set to Sealed/Secure and SSL (like I did above in the .NET 2.0 code.) There is an alternate constructor for PrincipalContext that allows setting the ContextOptions, but this also requires supplying a Distinguished Name (DN) of a Container Object and I don't know exactly what mine is or how I would find out. public PrincipalContext(ContextType contextType, string name, string container, ContextOptions options); // container: // The container on the store to use as the root of the context. All queries // are performed under this root, and all inserts are performed into this container. // For System.DirectoryServices.AccountManagement.ContextType.Domain and System.DirectoryServices.AccountManagement.ContextType.ApplicationDirectory // context types, this parameter is the distinguished name of a container object. Any suggestions?

    Read the article

  • Create non-persistent cookie with FormsAuthenticationTicket

    - by Marcus
    Hello! I'm having trouble creating a non-persistent cookie using the FormsAuthenticationTicket. I want to store userdata in the ticket, so i can't use FormsAuthentication.SetAuthCookie() or FormsAuthentication.GetAuthCookie() methods. Because of this I need to create the FormsAuthenticationTicket and store it in a HttpCookie. My code looks like this: DateTime expiration = DateTime.Now.AddDays(7); // Create ticket FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(2, user.Email, DateTime.Now, expiration, isPersistent, userData, FormsAuthentication.FormsCookiePath); // Create cookie HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(ticket)); cookie.Path = FormsAuthentication.FormsCookiePath; if (isPersistent) cookie.Expires = expiration; // Add cookie to response HttpContext.Current.Response.Cookies.Add(cookie); When the variable isPersistent is true everything works fine and the cookie is persisted. But when isPersistent is false the cookie seems to be persisted anyway. I sign on in a browser window, closes it and opens the browser again and I am still logged in. How do i set the cookie to be non-persistent? Is a non-persistent cookie the same as a session cookie? Is the cookie information stored in the sessiondata on the server or are the cookie transferred in every request/response to the server? Thanks in advance! /Marcus

    Read the article

  • Issues POSTing XML to OAuth and Signature Invalid with Ruby OAuth Gem

    - by thynctank
    [Cross-posted from the OAuth Ruby Google Group. If you couldn't help me there, don't worry bout it] I'm working on integrating a project with TripIt's OAuth API and am running into a weird issue. I authenticate fine, I store and retrieve the token/secret for a given user with no problem, I can even make GET requests to a number of services using the gem. But when I try using the one service I need POST for, I'm getting a 401 "invalid signature" response. Perhaps I'm not understanding how to pass in data to the AccessToken's post method, so here's a sample of my code: xml = <<-XML <Request> <Trip> <start_date>2008-12-09</start_date> <end_date>2008-12-27</end_date> <primary_location>New York, NY</primary_location> </Trip> </Request> XML` response = access_token.post('/v1/create', {:xml => xml}, {'Content-Type' => 'application/x-www-form-urlencoded'}) I've tried this with and without escaping the xml string before hand. The guys at TripIt seemed to think that perhaps the xml param wasn't getting included in the signature_base_string, but when I output that (from lib/signature/base.rb) I see: POST&https%3A%2F%2Fapi.tripit.com%2Fv1%2Fcreate&oauth_consumer_key %3D%26oauth_nonce %3Djs73Y9caeuffpmPVc6lqxhlFN3Qpj7OhLcfBTYv8Ww%26oauth_signature_method %3DHMAC-SHA1%26oauth_timestamp%3D1252011612%26oauth_token %3D%26oauth_version%3D1.0%26xml%3D%25253CRequest%25253E %25250A%252520%252520%25253CTrip%25253E%25250A %252520%252520%252520%252520%25253Cstart_date%25253E2008-12-09%25253C %252Fstart_date%25253E%25250A %252520%252520%252520%252520%25253Cend_date%25253E2008-12-27%25253C %252Fend_date%25253E%25250A %252520%252520%252520%252520%25253Cprimary_location%25253ENew %252520York%252C%252520NY%25253C%252Fprimary_location%25253E%25250A %252520%252520%25253C%252FTrip%25253E%25250A%25253C%252FRequest%25253E %25250A This seems to be correct to me. I output signature (from the same file) and the output doesn't match the oauth_signature param of the Auth header in lib/client/ net_http.rb. It's been URL-encoded in the auth header. Is this correct? Anyone know if the gem is broken/if there's a fix somewhere? I'm finding it hard to trace through some of the code.

    Read the article

  • How to update data in the user information list when using FBA

    - by Flo
    I've got to support a SharePoint web application which uses FBA with a custom membership and a custom role provider to authenticate the user against two different LDAPs. The user data are only stored in the user information lists. The SSP user profiles are not used. Now one of the users got married and therefore her surname got changed in the LDAP (the one where her information are stored). But this change doesn't get provisioned into the user information list. I wondering what option I have to provision changes of user data to the user information list. I've already tried to update the last name of the user manually, but it seems as if certain information like surname, first name are not editable in the user information list. I tried to edit them as a site administrator. So what option do I have to solve this problem? Being able to edit the information per hand would also be a solution but of course not the most preferred one.

    Read the article

  • Symfony2: automatically logging in users from their Windows session

    - by Paul Maclean
    In Symfony2 I have built an intranet. It currently uses the FOSUserBundle and an LDAP bundle to log users in, and I would like to add the functionality to log in user from their session in Windows. I found an NTLM script for PHP and an updated version of it, but I haven't been able to incorporate them into Symfony2. I also found an NTLM bundle for Symfony2, but it was written for an older version of Symfony and it is not maintained anymore. I was unable to rewrite it and get it to work. My question is; how could I automatically log in users from their Windows session in my Symfony2-app, in addition to the already present LDAP functionality? What would be the best and easiest way?

    Read the article

  • FormsAuthentication.SignOut() does not log the user out.

    - by Jason
    Smashed my head against this a bit too long. How do I prevent a user from browsing a site's pages after they have been logged out using FormsAuthentication.SignOut? I would expect this to do it: FormsAuthentication.SignOut(); Session.Abandon(); FormsAuthentication.RedirectToLoginPage(); But it doesn't. If I type in a URL directly, I can still browse to the page. I haven't used roll-your-own security in a while so I forget why this doesn't work.

    Read the article

  • Advice? SSO in N-tiered SOA with mixture of REST and SOAP services

    - by Tyler
    Hi gang, We are moving to SSO in our N-tiered SOA applications. If all the services were SOAP, I'd be ok with just the WS-Security, WS-Trust, WS-Federation set of protocols. My problem is that many of the services are RESTful (ironic) and those protocols do not address REST services. What is your advice for SSO protecting the REST services in an N-tiered SOA architecture with the following requirements: ideally claims-based identity information available to the REST services original user (eg. bootstrap) information must flow through the tiers so that each service can "ActAs" or "OnBehalfOf" the user support sequences like: WebApp -- REST Svc -- SOAP Svc WebApp -- REST Svc1 -- REST Svc2 WebApp -- SOAP Svc -- REST Svc WebApp -- SOAP Svc1 -- SOAP Svc2 support SSO (and SSOff) service/web app platforms: ASP.Net and WCF Java end-user client platforms: .Net (WSE 3.0 and WCF) flash 10 java javascript and AJAX Normally I'm good at climbing / bashing my way through walls, but this one's knocked me flat. Hopefully with your help, we can get over this one. Thanks, Tyler

    Read the article

  • ASP.NET MVC2 and MemberShipProvider: How well do they go together?

    - by Sparhawk
    I have an existing ASP.NET application with lots of users and a large database. Now I want to have it in MVC 2. I do not want to migrate, I do it more or less from scratch. The database I want to keep and not touch too much. I already have my database tables and I also want to keep my LINQ to SQL-Layer. I didn't use a MembershipProvider in my current implementation (in ASP.NET 1.0 that wasn't strongly supported). So, either I write my own Membershipprovider to meet the needs of my database and app or I don't use the membershipprovider at all. I'd like to understand the consequences if I don't use the membership provider. What is linked to that? I understand that in ASP.NET the Login-Controls are linked to the provider. The AccountModel which is automatically generated with MVC2 could easily be changed to support my existing logic. What happens when a user is identified by a an AuthCookie? Does MVC use the MembershipProvider then? Am I overlooking something? I have the same questions regarding RoleProvider. Input is greatly appreciated.

    Read the article

  • Django auth without "auth_*" tables

    - by Travis Jensen
    We would like to use our own tables for user management instead of the Django "auth" tables. We already have database tables that include all of the relevant information our application needs but it isn't in the Django format. We would prefer not to have the information duplicated in two tables. We would like to utilize the auth package, though, as there is some very nice functionality that we don't want to replicate. I realize we could build our own auth backend, but that doesn't, as far as I can tell, remove the need for two sets of tables in this case. Am I correct in assuming that we cannot do this? I have found no docs that discuss how to modify the underlying model that the auth package is using. The backend simply pre-populates the user object that would eventually be saved in the auth tables. Thanks!

    Read the article

  • Winforms checkbox Databinding problem

    - by Savvas Sopiadis
    Hello everybody! In a winforms application (VB, VS2008 SP1) i bound a checkbox field to a SQL Server 2005 BIT field. The databinding itself seems to work, there is this litte problem: user creates a new record and checks the checkbox, then the user decides to create a new record (without having saved the previous, so there are 2 new records to be submitted) and checks also the second. Now the user decides to save these records: the result is that only the second record keeps the checked value, the first one is unchecked! (i tried the same with 5 records: the result is the same, the first 4 records are unchecked and only the last one keeps the checked state). What do i miss?? Thanks in advance

    Read the article

  • silverlight login refresh client cookie

    - by user74825
    I have a silverlight user control login page and want to implant a cookie with sliding expiration so that it can be picked on the aspx page during refresh. Samples over the web shows fixed expiration, is there a way we can put a sliding expiration. Or, How do you handle login refresh in silverlight client.

    Read the article

  • Login From Multiple Services, Keeping Profiles in Sync

    - by viatropos
    Given the following: I have an application that allows people to login through twitter, myspace, yahoo, and google User creates initial account by logging in through Google User logs out User logs back in using Yahoo. ...is there a recommended way for the application to associate those two accounts together? Stack Overflow has this functionality but it seems like they need the user to manually say "this account google account is associated with that yahoo one". Is there no way to do this automatically?

    Read the article

  • JBOSS Security: web.xml vs. jboss-web.xml

    - by sixtyfootersdude
    What is the relation between web.xml and jboss-web.xml? Seems like: Jboss-web.xml specifies the security domain (which can be found in login-config.xml) web.xml specifies what the security level is I don't understand what happens when jboss-web.xml specifies a weak security domain. Ie: one that cannot do what web.xml specifies. What happens then?

    Read the article

  • Capturing IR Data using VB.NET

    - by E-Q
    Just found an old IR reciever (Microsoft eHome Infared Transceiver) and i'm trying to write an application that can use data it captures... Any examples or jumping off points for this are appreciated. Thanks!

    Read the article

  • ASPXAUTH cookie is not being saved.

    - by kripto_ash
    Hi, Im working on a web project in ASP .NET MVC 2. In this project we store some info inside an ecripted cookie (the ASPXAUTH cookie) to avoid the need to query the db for every request. The thing is the code for this part has suddenly stopped working. I reviewed the changes made to the code on the source control server for anything that could be causing it, I found nothing. I even reverted to a known working copy (working on some other persons PC, same code, etc) but after debugging, it seems the .ASPXAUTH cookie is not getting saved anymore. Instead the ASP.NET_SessionId cookie is being set... (wich before wasn't) I changed the web.config file to turn off the sessionState. This eliminated the ASP.NET_SessionId cookie from being set, but it is still not saving the auth cookie. Ive recently installed some Microsoft Windows XP Updates, but the other person (whos PC runs the application just fine) also did. After googling, some info i found pointed out to a problem with the expiration date of the cookie. Ether cus the pc didnt have the right time/date (this was not the case) and others cus of the cookie expiration date being wrongly set. (I checked and it is being set correctly)... The problem persists with other browsers besides the one im using (Chrome) i tried it with IE6. Any ideas on why this is happening? Ill continue to post any helpful information i can find. Thanks in advance.

    Read the article

  • Error using httlib's HTTPSConnection with PKCS#12 certificate

    - by Remi Despres-Smyth
    Hello. I'm trying to use httplib's HTTPSConnection for client validation, using a PKCS #12 certificate. I know the certificate is good, as I can connect to the server using it in MSIE and Firefox. Here's my connect function (the certificate includes the private key). I've pared it down to just the basics: def connect(self, cert_file, host, usrname, passwd): self.cert_file = cert_file self.host = host self.conn = httplib.HTTPSConnection(host=self.host, port=self.port, key_file=cert_file, cert_file=cert_file) self.conn.putrequest('GET', 'pathnet/,DanaInfo=200.222.1.1+') self.conn.endheaders() retCreateCon = self.conn.getresponse() if is_verbose: print "Create HTTPS connection, " + retCreateCon.read() (Note: No comments on the hard-coded path, please - I'm trying to get this to work first; I'll make it pretty afterwards. The hard-coded path is correct, as I connect to it in MSIE and Firefox. I changed the IP address for the post.) When I try to run this using a PKCS#12 certificate (a .pfx file), I get back what appears to be an openSSL error. Here is the entire error traceback: File "Usinghttplib_Test.py", line 175, in t.connect(cert_file=opts["-keys"], host=host_name, usrname=opts["-username"], passwd=opts["-password"]) File "Usinghttplib_Test.py", line 40, in connect self.conn.endheaders() File "c:\python26\lib\httplib.py", line 904, in endheaders self._send_output() File "c:\python26\lib\httplib.py", line 776, in _send_output self.send(msg) File "c:\python26\lib\httplib.py", line 735, in send self.connect() File "c:\python26\lib\httplib.py", line 1112, in connect self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file) File "c:\python26\lib\ssl.py", line 350, in wrap_socket suppress_ragged_eofs=suppress_ragged_eofs) File "c:\python26\lib\ssl.py", line 113, in __init__ cert_reqs, ssl_version, ca_certs) ssl.SSLError: [Errno 336265225] _ssl.c:337: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib Notice, the openSSL error (the last entry in the list) notes "PEM lib", which I found odd, since I'm not trying to use a PEM certificate. For kicks, I converted the PKCS#12 cert to a PEM cert, and ran the same code using that. In that case, I received no error, I was prompted to enter the PEM pass phrase, and the code did attempt to reach the server. (I received the response "The service is not available. Please try again later.", but I believe that would be because the server does not accept the PEM cert. I can't connect in Firefox to the server using the PEM cert either.) Is httplib's HTTPSConnection supposed to support PCKS#12 certificates? (That is, pfx files.) If so, why does it look like openSSL is trying to load it inside the PEM lib? Am I doing this all wrong? Any advice is welcome. EDIT: The certificate file contains both the certificate and the private key, which is why I'm providing the same file name for both the HTTPSConnection's key_file and cert_file parameters.

    Read the article

  • Best way for a remote web app to authenticate users in my current web app?

    - by jklp
    So a bit of background, I'm working on an existing web application which has a set of users, who are able to log in via a traditional login screen with a user name and password, etc. Recently we've managed to score a client (who have their own Intranet site), who are wanting to be able to have their users log into their Intranet site, and then have their users click a link on their Intranet which redirects to our application and logs them into it automatically. I've had two suggestions on how to implement this so far: Create a URL which takes 2 parameters (which are "username" and "password") and have the Intranet site pass those parameters to us (our connection is via TLS so it's all encrypted). This would work fine, but it seems a little "hacky", and also means that the logins and passwords have to be the same on both systems (and having to write some kind of web service which can update the passwords for users - which also seems a bit insecure) Provide a token to the Intranet, so when the client clicks on a link on the Intranet, it sends the token to us, along with the user name (and no password) which means they're authenticated. Again, this sounds a bit hacky as isn't that essentially the same as providing everyone with the same password to log in? So to summarise, I'm after the following things: A way for the users who are already authenticated on the Intranet to log into our system without too much messing around, and without using an external system to authenticate, i.e. LDAP / Kerberos Something which isn't too specific to this client, and can easily be implemented by other Intranets to log in

    Read the article

  • Cannot assign - must be a "UserProfile" instance

    - by webvulture
    I have a class UserProfile defined which takes the default user as a foreign key. Now another class A has a foreign key to UserProfile. So for saving any instance in class A, how do i give it the userprofile object. Also, does making a class UserProfile mean that class user is still used and class UserProfile is just some other table? I need to know this as I have to take care of the user profile creation, so I should know what gets stored where? -- Confused

    Read the article

  • Adding confirmable module to an existing site using Devise

    - by slythic
    Hi all, I'm using devise for a web app and wanted to add the confirmable module to the site. However, since a confirmation_token isn't generated users can't sign in. When clicking the 'Didn't receive confirmation instructions?' link the token still isn't generated. What is the best way to get this to work? Many thanks, Tony

    Read the article

  • RPXNow user mapping

    - by chelfers
    I am looking into solutions for providing multiple login methods to my site. I found rpxnow.com and they map user accounts from all the different networks. My question is how do they know that I am user1 on twitter and bigdude2 on facebook? I'm hoping it goes beyond email lookups. The end result I want is a unique user in my database no matter what account they sign in with, dupes are a no-no, but most likely inevitable I am guessing.

    Read the article

< Previous Page | 211 212 213 214 215 216 217 218 219 220 221 222  | Next Page >