Search Results

Search found 799 results on 32 pages for 'authlogic oauth'.

Page 22/32 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • How To: Using SimpleMembserhipProvider with MySql Connector/Net.

    - by Francisco Tirado
    Now on Connector/Net 6.9 the users will have the ability to use SimpleMembership Provider on MVC4 templates. The configuration is very simple and also have compatibility with OAuth, in this post we'll explain step by step how to configure it in a MVC 4 Web Application. Requirements  The requirements to use SimpleMembership with Connector/Net are: Install Connector/Net 6.9, or download the No Install version. Net Framework 4.0 or greater. MVC 4  Visual Studio 2012 or newer version Creating and configuring a new project In this example we'll use VS2012 to create the project basis on the Internet Aplication template and using Entity Framework to manage the User model. Open VS 2012 and create a new project, we'll create a new MVC 4 Web Application and configure the project to use Net Framework 4.5. Type a name for the project and then click “Ok”. In the next dialog we'll choose the “Internet Application” template and use Razor as engine without creating a test project. Click “Ok” to continue. Now we have a new project with the templates necessaries to run a Web Application with the default values. We'll use the current files to continue working. If you have installed Connector/Net you can skip this step, if you don't have installed but you're planning to do it, please install it and continue with the next step. If you're using the No Install version of Connector/Net we'll need to add the references to our project, the assemblies needed are: MySql.Data, MySql.Data.Entities and MySql.Web. Be sure that the assemblies chosen match the Net Framework version used in our project and the MySql.Data.Entities is compatible with EF5 (EF5 is the default added by the project). Now open the “web.config” file, and under the <connectionStrings> node add a connection string that points to a MySql instance. We'll use the following connection configuration: <add name="MyConnection" connectionString="server=localhost;UserId=root;password=pass;database=MySqlSimpleMembership;" providerName="MySql.Data.MySqlClient"/> Under the node <system.web> we'll add the following configuration: <membership defaultProvider="MySqlSimpleMembershipProvider"><providers><clear/><add name="MySqlSimpleMembershipProvider" type="MySql.Web.Security.MySqlSimpleMembershipProvider,MySql.Web,Version=6.9.3.0,Culture=neutral,PublicKeyToken=c5687fc88969c44d" applicationName="MySqlSimpleMembershipTest" description="MySQLdefaultapplication" connectionStringName="MyConnection"  userTableName="UserProfile" userIdColumn="UserId" userNameColumn="UserName" autoGenerateTables="True"/></providers></membership> In the previous configuration the mandatory properties are: connectionStringName, userTableName, userIdColumn, userNameColumn and autoGenerateTables. If the other properties are not provided a default value is set to it but if the mandatory properties are not set a ProviderException will be thrown. The valid properties for the MySqlSimpleMembership are the same used for MySqlMembership plus the mandatory fields. UserTableName: Name of the table where will be stored the user, this table is independent from the schema generated by the provider and can be edited later by the user. UserId: name of the column that will store the id for the records in the userTableName. UserName : name of the column that will store the name/user for the records in the userTableName. The connectionStringName property must match a connection string defined in web.config file. Once the configuration is done in web.config, we need to be sure that our database context for the Users Table point to the right connection string. In our case we just need to update the class UsersContext in the file AcountModel.cs in the Models folder. The file also contains the UserProfile class which match the configuration for our UserTable. Other class that needs to be updated is the SimpleMembershipInitializer in the file InitializeSimpleMembershipAttribute.cs in the Filters folder. In that class we'll see a call to the method “WebSecurity.InitializeDatabaseConnection”, in that call is where we need to update the parameters to match our configuration. If the database that you configure in your connection string doesn't exists, you need to create it empty. Now we're ready to run our web application, press F5 or the Run button in the tool bar. You'll see the following screen: If you go to your database used by the application you'll see some tables created, now we are using SimpleMembership. Now create a user, click on “Register” at the top-right in the web page. Type your user name and password, then click on “Register”. You'll be redirected to the home page and you'll see the name of your user at the top-right page. If you take a look on the tables just created in your database you will find the data about the user you just register. In our case the tables that contains the information are UserProfile and Webpages_Membership.  Configuring OAuth Other option to access your website will be using OAuth, so you can validate an user using an external account like Facebook, Twitter, Google, etc. In this post we'll enable the authentication for Google account in our application. Go to the class AuthConfig.cs in the folder App_Start. In the method “RegisterAuth” uncomment the last line where is the call to the method “OauthWebSecurity.RegisterGoogleClient”. Run the application. Once the application is running click on “Login”. You will see at the right side the option to login using a Google account, click on “Google”.  You will be asked for Google credentials. If your login is successful you'll see a message asking for your approval to give permission to your site to access your information. Click on “Accept”. Now a page to register your user will be shown, click on “Register”. Now your new user is logged in in your application. You can take a look of the user information created in the tables  UserProfile and Webpages_OauthMembership. If you want to use another external option to authenticate users you must enable the client in the same class where we enable the Google authentication, but for others providers is mandatory to register your Application in their site. Once you have register your application they will give you a token/key and the id for your application, that information you're going to use it to register the client. Thanks for reading.

    Read the article

  • Juju bootstrap gives me a "409 CONFLICT" error

    - by czajkowski
    am defining a Juju environment on Ubuntu 12.04LTS but when i give command "juju bootstrap", it generates error i.e Unexpected Error interacting with provider: 409 CONFLICT 2012-04-13 02:25:01,025 ERROR Unexpected Error interacting with provider: 409 CONFLICT My environments.yaml file is like: environments: maas: type: maas maas-server: 'http://127.0.0.1:80/MAAS' maas-oauth: 'YQB6PzembfZtLzgy9q:9tzQyQpCbAG38Vf5Ph:EuNhAmH4LXrLJ6wtBUrYqe9wrwCyJrHf' admin-secret: 'nothing' default-series: precise

    Read the article

  • Hangouts API v1.1 Walkthrough

    Hangouts API v1.1 Walkthrough Introduction to 3 new features in v1.1 of the Hangouts API. This release introduces the ability for your app to respond to face movements in real time. It also provides a new overlay positioned relative to the video feed, new low-latency messages, Hangouts on Air support, the ability to enter any OAuth scope, and a few other miscellaneous features. From: GoogleDevelopers Views: 4425 0 ratings Time: 01:14 More in Science & Technology

    Read the article

  • Apps Script Office Hours - November 14, 2012

    Apps Script Office Hours - November 14, 2012 In this episode Eric ... - Covers the release notes from November 13, 2012 - Talks about a new feature that allows you to set a custom verified URL for your Apps Script web apps in the Chrome Web Store. - Answers a question about OAuth 2. The schedule of future episodes can be found at: developers.google.com From: GoogleDevelopers Views: 208 10 ratings Time: 11:38 More in Science & Technology

    Read the article

  • juju bootstrap error no default environment found

    - by Khun Aung
    Everytime i type juju bootstrap .Error no default environment found keeps showing up. i was trying to configure maas. Please help me. I'm new! this is my envronments.yaml juju: environments environments: maas: type: maas maas-server: 'http://{my ip address}:80/MAAS' maas-oauth: 'c2cg7hTpzFuRmJjrBC:YH2ZEXVRKL46ttaDmq:beKeBjhYgWyxKk2gqqwaCx97xnmp4LJu' admin-secret: 'nothing' default-series: 'precise'

    Read the article

  • Using GitOAuthPlugin for Jenkins - not working as expected

    - by Blundell
    I need some clarity and maybe a fix. I'm using this plugin to authorise who views our Jenkins ci server: https://wiki.jenkins-ci.org/display/JENKINS/Github+OAuth+Plugin As I understand it anyone who is auth'd to view one of our github project's can also login to our Jenkins box. This works I thought it would also allow the person logging in to only view the Project that they have GitHub permission on. For instance. Three projects on GitHub (A,B,C). Three builds on Jenkins. User 1 has Git access to all 3 projects (A B C). User 2 has Git access to only 1 project (A). When logging into Jenkins: User 1 can see all 3 projects ( this works ) User 2 can only see project A The problem is User 2 can also see all 3 projects when they should only see 1! Have I got this correct, and if so is this a bug? I have the settings set in Jenkins configuration Github Authorization Settings. Here we have some admin users. One organization. And none out of the 4 checkboxes ticked. (User 2, is not an admin, is not part of the org). The plugin is open sourced here: https://github.com/mocleiri/github-oauth-plugin I was trying to get Jenkins to print me the Logs from the plugin but I also failed at viewing these (to see if there was an issue). I followed these instructions: https://wiki.jenkins-ci.org/display/JENKINS/Logging It's the same concept as outlined below but using GitHub rather than manually selecting users: https://wiki.jenkins-ci.org/display/JENKINS/2012/01/03/Allow+access+to+specific+projects+for+Users%28Assigning+security+for+projects+in+Jenkins%29 Have I got this right or wrong? Is it possible to auth a Jenkins user to only see one project?

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • CodePlex Daily Summary for Sunday, June 10, 2012

    CodePlex Daily Summary for Sunday, June 10, 2012Popular ReleasesRCon Development Server: BF3DevServer-Console v0.3: Solved issues9 10 11 13 14 15 16 17SVNUG.CodePlex: Cloud Development with Windows Azure: This release contains the slides for the Cloud Development with Windows Azure presentation.Image Cropper for Umbraco 5: Image Cropper for Umbraco 5.1: for Umbraco version 5.1SHA-1 Hash Checker: SHA-1 Hash Checker (for Windows): Fixed major bugs. Removed false negatives.Grid.Mvc: Grid.Mvc 1.3: Added Html helper extension methods (see: Documentation) Fixed minor bugs Changed Namespace to 'GridMvc'AutoUpdaterdotNET: AutoUpdater.NET 1.0: Everything seems perfect if you find any problem you can report to http://www.rbsoft.org/contact.htmlMedia Companion: Media Companion 3.503b: It has been a while, so it's about time we release another build! Major effort has been for fixing trailer downloads, plus a little bit of work for episode guide tag in TV show NFOs.Microsoft SQL Server Product Samples: Database: AdventureWorks Sample Reports 2008 R2: AdventureWorks Sample Reports 2008 R2.zip contains several reports include Sales Reason Comparisons SQL2008R2.rdl which uses Adventure Works DW 2008R2 as a data source reference. For more information, go to Sales Reason Comparisons report.Json.NET: Json.NET 4.5 Release 7: Fix - Fixed Metro build to pass Windows Application Certification Kit on Windows 8 Release Preview Fix - Fixed Metro build error caused by an anonymous type Fix - Fixed ItemConverter not being used when serializing dictionaries Fix - Fixed an incorrect object being passed to the Error event when serializing dictionaries Fix - Fixed decimal properties not being correctly ignored with DefaultValueHandlingLINQ Extensions Library: 1.0.3.0: New to release 1.0.3.0:Combinatronics: Combinations (unique) Combinations (with repetition) Permutations (unique) Permutations (with repetition) Convert jagged arrays to fixed multidimensional arrays Convert fixed multidimensional arrays to jagged arrays ElementAtMax ElementAtMin ElementAtAverage New set of array extension (1.0.2.8):Rotate Flip Resize (maintaing data) Split Fuse Replace Append and Prepend extensions (1.0.2.7) IndexOf extensions (1.0.2.7) Ne...????????API for .Net SDK: SDK for .Net ??? Release 1: ??? - ??.Net 2.0/3.5/4.0????。??????VS2010??????????。VS2008????????,??????????。 ??? - ??.Net 4.0???SDK??????Dynamic????????。 ??? - OAuth??????AccessToken?VerifierAccessToken??。??Token?????????Client?。 ?? - OAuth???2?????。 ?????AccessToken?????????。???AppKey,AppSecret?CallbackUrl ???AccessToken????????API???Client?????。???AppKey,AppSecret?AccessToken ?? - ??OAuth??????????????????????????CallbackUrl??,??GetAuthorizeURL, GetAccessTokenByAuthorizationCode, ClientLogin?????????CallbackUr...Audio Pitch & Shift: Audio Pitch And Shift 4.5.0: Added Instruments tab for modules Open folder content feature Some bug fixesPython Tools for Visual Studio: 1.5 Beta 1: We’re pleased to announce the release of Python Tools for Visual Studio 1.5 Beta. Python Tools for Visual Studio (PTVS) is an open-source plug-in for Visual Studio which supports programming with the Python language. PTVS supports a broad range of features including: • Supports CPython, IronPython, Jython and PyPy • Python editor with advanced member, signature intellisense and refactoring • Code navigation: “Find all refs”, goto definition, and object browser • Local and remote debugging •...Circuit Diagram: Circuit Diagram 2.0 Beta 1: New in this release: Automatically flip components when placing Delete components using keyboard delete key Resize document Document properties window Print document Recent files list Confirm when exiting with unsaved changes Thumbnail previews in Windows Explorer for CDDX files Show shortcut keys in toolbox Highlight selected item in toolbox Zoom using mouse scroll wheel while holding down ctrl key Plugin support for: Custom export formats Custom import formats Open...Umbraco CMS: Umbraco CMS 5.2 Beta: The future of Umbracov5 represents the future architecture of Umbraco, so please be aware that while it's technically superior to v4 it's not yet on a par feature or performance-wise. What's new? For full details see our http://progress.umbraco.org task tracking page showing all items complete for 5.2. In a nutshellPackage Builder Starter Kits Dynamic Extension Methods Querying / IsHelpers Friendly alt template URLs Localization Various bug fixes / performance enhancements Gett...JayData - The cross-platform HTML5 data-management library for JavaScript: JayData 1.0.5: JayData is a unified data access library for JavaScript developers to query and update data from different sources like WebSQL, IndexedDB, OData, Facebook or YQL. See it in action in this 6 minutes video New features in JayData 1.0.5http://jaydata.org/blog/jaydata-1.0.5-is-here-with-authentication-support-and-more http://jaydata.org/blog/release-notes Sencha Touch 2 module (read-only)This module can be used to bind data retrieved by JayData to Sencha Touch 2 generated user interface. (exam...Application Architecture Guidelines: Application Architecture Guidelines 3.0.7: 3.0.7Jolt Environment: Jolt v2 Stable: Many new features. Follow development here for more information: http://www.rune-server.org/runescape-development/rs-503-client-server/projects/298763-jolt-environment-v2.html Setup instructions in downloadSharePoint Euro 2012 - UEFA European Football Predictor: havivi.euro2012.wsp (1.5): New fetures:Multilingual Support Max users property in Standings Web Part Games time zone change (UTC +1) bug fix - Version 1.4 locking problem http://euro2012.codeplex.com/discussions/358262 bug fix - Field Title not found (v.1.3) German SP http://euro2012.codeplex.com/discussions/358189#post844228 Bug fix - Access is denied.for users with contribute rights Bug fix - Installing on non-English version of SharePoint Bug fix - Title Rules Installing SharePoint Euro 2012 PredictorSharePoint E...myManga: myManga v1.0.0.4: ChangeLogUpdating from Previous Version: Extract contents of Release - myManga v1.0.0.4.zip to previous version's folder. Replaces: myManga.exe BakaBox.dll CoreMangaClasses.dll Manga.dll Plugins/MangaReader.manga.dll Plugins/MangaFox.manga.dll Plugins/MangaHere.manga.dll Plugins/MangaPanda.manga.dllNew ProjectsDatabase Based Config Management: This project helps you to consolidate all your app configs into DB and access it from single location. eLogistics: My logistics systemFacebook Web Parts for SharePoint 2010: Going beyond authentication with Facebook and SharePoint 2010.FsJson: A JSON Parser in F#Google Web Service API for Windows Phone: Google Web Service API ported to .NET for Windows Phone.Hedge when you can, not when you have to.: Classic Black-Scholes/Merton option hedging assumes options are continuously hedged. This project is for exploring what happens in the real world of option hedging.Infragistics via PRISM: Using Infragistics RibbonBar and DockManager with PRISMLightBus???????: LightBus???????????????;????,????,????,????,????,????;????,????;??????,??????,????,????;????????。 ????????: 1. Silverlight Out-of-Browser?? 2. Windows 8 Metro??metaPost: metaPost provides a MetaWeblog interface for managing content in DotNetNuke modules using MetaWeblog enabled editors such as Windows Live Writer. The metaPost module defines a framework that can be used to easily add MetaWeblog publishing support to existing DotNetNuke modules.MPerfs Tool: MPerfs is a tool of MSSQL Performance Tool Web site, developped in php/javascript with graphicals and tables, using a MSSQL database contained DMVs data aggregations and historicals. Supported Versions : Microsoft SQLServer 2005 and 2008 R1 (2008 R2 soon). Important : The tool doesn't monitor SSAS, SSIS or SSRSNanoMVVM: a lightweight wpf MVVM framework: This is a lightweight C# 4.0 ViewModel-first MVVM framework designed to aid in the creation of desktop wpf applications.Open Personal Response System: OpenPRS is designed to be an audience-feedback tool for presenters to keep audiences engaged in a presentation as well as facilitating information gathering from the audience and presentation to the presenter and other interested parties. Panda TimeManager: Panda TimeManager is a software for management of timesheets.Progetto Sicurezza: A *VERY* basic implementation of a Certification Authority and a Client to use it, made with vb.net, BouncyCastle and iTextSharp.Proyectos de Pruebas de UTB Minor Sql 2012: Proyectos de Pruebas de UTB Minor Sql 2012Really fast Javascript Base64 encoder/decoder with utf-8 suppot: If you wonder why another one, then focus on the title. I’ve seen a lot of implementations (custom ones and in libraries/frameworks) that are fast, but not as this one. What you get is significant performance in encoding and light speed in decoding.Rezerwior - JSF: Projekt aplikacji webowej w technologi Java Server Faces 2.0Rules of Acquisition: Ferengi rules of acquistion for Windows Phone.SCOMA - FIM Connector for System Center Orchestrator: SCOMA is the acronym for the Web Service-based FIM connector (aka Management Agent) for System Center Orchestrator, short SCO. SCOMA is written in C# and based on the new ECMA2 (Extensible Connectivity 2.0 Management Agents) interface that is part of FIM 2010 R2 and FIM 2010 Update 2.SHA-1 Hash Checker: Offline command line tool that generates a SHA-1 hash for a text string or pass-phrase. Additionally, you may check your hash against published lists of compromised hashes, to check whether your password has been compromised or not.Testprojekt: Dies ist nur ein TestTmib Video Downloader: A small youtube video downloader. Created in C#TVGrid: watch several web streams simultaneously??: ????、???????ARPG

    Read the article

  • Using NSpec at various architectural layers

    - by nono
    Having read the quick start at nspec.org, I realized that NSpec might be a useful tool in a scenario which was becoming a bit cumbersome with NUnit alone. I'm adding an OAuth (or, DotNetOpenAuth) to a website and quickly made a mess of writing test methods such as [Test] public void UserIsLoggedInLocallyPriorToInvokingExternalLoginAndExternalLoginSucceedsAndExternalProviderIdIsNotAlreadyAssociatedWithUserAccount() { ... } ... and I wound up with maybe a dozen permutations of this theme, for the user already being logged in locally and not locally, the external login succeeding or failing, etc. Not only were the method names unwieldy, but every test needed a setup that contained parts in common with a different set of other tests. I realized that NSpec's incremental setup capabilities would work great for this, and for a while I was trucking a long wonderfully, with code like act = () => { actionResult = controller.ExternalLoginCallback(returnUrl); }; context["The user is already logged in"] = () => { before = () => identity.Setup(x => x.IsAuthenticated).Returns(true); context["The external login succeeds"] = () => { before = () => oauth.Setup(x => x.VerifyAuthentication(It.IsAny<string>())).Returns(new AuthenticationResult(true, providerName, "provideruserid", "username", new Dictionary<string, string>())); context["External login already exists for current user"] = () => { before = () => authService.Setup(x => x.ExternalLoginExistsForUser(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>())).Returns(true); it["Should add 'login sucessful' alert"] = () => { var alerts = (IList<Alert>)controller.TempData[TempDataKeys.AlertCollection]; alerts[0].Message.should_be_same("Login successful"); alerts[0].AlertType.should_be(AlertType.Success); }; it["Should return a redirect result"] = () => actionResult.should_cast_to<RedirectToRouteResult>(); }; context["External login already exists for another user"] = () => { before = () => authService.Setup(x => x.ExternalLoginExistsForAnyOtherUser(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>())).Returns(true); it["Adds an error alert"] = () => { var alerts = (IList<Alert>)controller.TempData[TempDataKeys.AlertCollection]; alerts[0].Message.should_be_same("The external login you requested is already associated with a different user account"); alerts[0].AlertType.should_be(AlertType.Error); }; it["Should return a redirect result"] = () => actionResult.should_cast_to<RedirectToRouteResult>(); }; This approach seemed to work magnificently until I prepared to write test code for my ApplicationServices layer, to which I delegate viewmodel manipulation from my MVC controllers, and which coordinates the operations of the lower data repository layer: public void CreateUserAccountFromExternalLogin(RegisterExternalLoginModel model) { throw new NotImplementedException(); } public void AssociateExternalLoginWithUser(string userName, string provider, string providerUserId) { throw new NotImplementedException(); } public string GetLocalUserName(string provider, string providerUserId) { throw new NotImplementedException(); } I have no idea what in the world to name the test class, the test methods, or even if I should perhaps include the testing for this layer into the test class from my large code snippet above, so that a single feature or user action could be tested without regard to architectural layering. I can't find any tutorials or blog posts which cover more than simple examples, so I would appreciate any recommendations or pointing in the right direction. I would even welcome "your question is invalid"-type answers as long as some explanation is provided.

    Read the article

  • ASP.NET MVC tries to load older version of Owin assembly

    - by d_mcg
    As a bit of context, I'm developing an ASP.NET MVC 5 application that uses OAuth-based authentication via Microsoft's OWIN implementation, for Facebook and Google only at this stage. Currently (as of v3.0.0, git-commit 4932c2f), the FacebookAuthenticationOptions and GoogleOAuth2AuthenticationOptions don't provide any property to force Facebook nor Google respectively to reauthenticate users (via appending the appropriate query string parameters) when signing in. Initially, I set out to override the following classes: FacebookAuthenticationOptions GoogleOAuth2AuthenticationOptions FacebookAuthenticationHandler (specifically AuthenticateCoreAsync()) GoogleOAuth2AuthenticationHandler (specifically AuthenticateCoreAsync()) yet discovered that the ~AuthenticationHandler classes are marked as internal. So I pulled a copy of the source for the Katana project (http://katanaproject.codeplex.com/) and modified the source accordingly. After compiling, I found that there are several dependencies that needed updating in order to use these updated assemblies (Microsoft.Owin.Security.Facebook and Microsoft.Owin.Security.Google) in the MVC project: Microsoft.Owin Microsoft.Owin.Security Microsoft.Owin.Security.Cookies Microsoft.Owin.Security.OAuth Microsoft.Owin.Host.SystemWeb This was done by replacing the existing project references to the 3.0.0 versions and updating those in web.config. Good news: the project compiles successfully. In debugging, I received an exception on startup: An exception of type 'System.IO.FileLoadException' occurred in [MVC web assembly].dll but was not handled in user code Additional information: Could not load file or assembly 'Microsoft.Owin.Security, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040) The underlying exception indicated that Microsoft.AspNet.Identity.Owin was trying to load v2.1.0 of Microsoft.Owin.Security when calling app.UseExternalSignInCookie() from Startup.ConfigureAuth(IAppBuilder app) in Startup.Auth.cs. Unfortunately that assembly (and its other dependency, Microsoft.AspNet.Identity.Owin) aren't part of the Project Katana solution, and I can't find any accessible repository for these assemblies online. Are the Microsoft.AspNet.Identity assemblies open source, like the Katana project? Is there a way to fool those assemblies to use the referenced v3.0.0 assemblies instead of v2.1.0? The /bin folder contains the 3.0.0 versions of the Owin assemblies. I've upgraded the NuGet packages for Microsoft.AspNet.Identity.Owin, and this is still an issue. Any ideas on how to resolve this issue?

    Read the article

  • Cross-compiling with OpenSSL for Windows

    - by singpolyma
    I'm trying to compile the oauth-utils http://mir.dnsalias.com/oss/oauth/start for Windows from Ubuntu. I have compiled it on Windows before (a few months back), but wanted to try cross-compiling. I got openssl build using mingw32 ok, and put libssl.a and libcrypto.a in the right place. The linker is now finding the libraries (yay!) but I get the following error: /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xaac): undefined reference to `_CreateDCA@16' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xab9): undefined reference to `_CreateCompatibleDC@4' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xacc): undefined reference to `_GetDeviceCaps@8' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xadc): undefined reference to `_GetDeviceCaps@8' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xaf4): undefined reference to `_CreateCompatibleBitmap@12' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xb04): undefined reference to `_SelectObject@8' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xb18): undefined reference to `_GetObjectA@12' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xb81): undefined reference to `_BitBlt@36' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xb8c): undefined reference to `_GetBitmapBits@12' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xbe5): undefined reference to `_SelectObject@8' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xbec): undefined reference to `_DeleteObject@4' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xbf6): undefined reference to `_DeleteDC@4' /usr/lib/gcc/i586-mingw32msvc/4.2.1-sjlj/../../../../i586-mingw32msvc/lib/libcrypto.a(rand_win.o):rand_win.c:(.text+0xc00): undefined reference to `_DeleteDC@4' Any ideas what could be causing this? Thanks.

    Read the article

  • Universal Authentication to Google Data API?

    - by viatropos
    Hey, I want to be able to have say 10 admin users store all their documents on google docs for a domain ('http://docs.google.com/a/domain.com'), and have everyone else be able to view them through 'domain.com/documents'. I'm just not certain how the whole authentication thing works in that case. Should I use OAuth? Or could I just use ClientLogin for say the root/global admin, and anytime someone goes to the site, they login as that? That works for personal docs, but it doesn't seem to be working for Google Apps. I would like it so the user has no idea they're accessing google docs, so I don't want them to have to say "Yes, Authenticate this App with Google", as seen in this Doclist Manager App. The app is basically: Admin stores a bunch of forms and documents User uses form and views documents the admin has posted ... so there's no need to access the user's Google Docs. But it seems like AuthSub and OAuth are addressing that instead... Thanks for the tips.

    Read the article

  • Http Requests POST vs GET

    - by behrk2
    Hi everyone, I am using a lot of HTTP Requests in an application that I am writing which uses OAuth. Currently, I am sending my GET and POST requests the same way: HttpConnection connection = (HttpConnection) Connector.open(url + connectionParameters); connection.setRequestMethod(method); connection.setRequestProperty("WWW-Authenticate", "OAuth realm=api.netflix.com"); int responseCode = connection.getResponseCode(); And this is working fine. I am successfully POSTing and GETing. However, I am worried that I am not doing POST the right way. Do I need to include in the above code the following if-statement? if (method.equals("POST") && postData != null) { connection.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); connection.setRequestProperty("Content-Length", Integer .toString(postData.length)); OutputStream requestOutput = connection.openOutputStream(); requestOutput.write(postData); requestOutput.close(); } If so, why? What's the difference? I would appreciate any feedback. Thanks!

    Read the article

  • Rails Controller Tests for Captcha using Shoulda, Factory Girl, Mocha

    - by Siva
    Can someone provide a strategy/code samples/pointers to test Captcha validations + Authlogic using Shoulda, Factory Girl and Mocha? For instance, my UsersController is something like: class UsersController < ApplicationController validates_captcha ... def create ... if captcha_validated? # code to deal with user attributes end ... end In this case, how do you mock/stub using Shoulda / Factory Girl / Mocha to test valid and invalid responses to the Captcha image? Appreciate your help, Siva

    Read the article

  • Rails authentication plugin recommendation

    - by Tam
    Hello, I would like to add authentication to my Rails app. I came across few plugins that do this: acts_as_authenticated, restful_authentication, Authlogic...etc I haven't seen an article that describes differences, advantages and disadvantages of using each. Can you help with that? which one do you use and why? Thanks, Tam

    Read the article

  • cURL requests changed

    - by Andriy Mytroshyn
    I've start work with cURL library, before work i compile library. i Send request and have some problem. Code in c++ that i used for work with cURL: CURL *curl=NULL; CURLcode res; struct curl_slist *headers=NULL; // init to NULL is important curl_slist_append(headers, "POST /oauth/authorize HTTP/1.1"); curl_slist_append(headers, "Host: sp-money.yandex.ru"); curl_slist_append(headers, "Content-Type: application/x-www-form-urlencoded"); curl_slist_append(headers, "charset: UTF-8"); curl_slist_append(headers, "Content-Length: 12345"); curl = curl_easy_init(); if(!curl) return 0; curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(curl, CURLOPT_URL, "sp-money.yandex.ru"); curl_easy_setopt(curl, CURLOPT_PROXY, "127.0.0.1:8888"); if( curl_easy_perform(curl)!=CURLE_OK) return 1; I've used proxy, fiddler2, for check what data sent to server. When i check sent data i get result: POST HTTP://sp-money.yandex.ru/ HTTP/1.1 Host: sp-money.yandex.ru Accept: */* Connection: Keep-Alive Content-Length: 151 Content-Type: application/x-www-form-urlencoded also i check this data using Wiresharck, result the same. Do you know why in first line cURL wrote: POST HTTP://sp-money.yandex.ru/ HTTP/1.1 I send POST /oauth/authorize HTTP/1.1 I've used VS 2010 for work, and also i don't used framework

    Read the article

  • Don't Allow link generates a 500 Internal Error

    - by jstawski
    I'm developing an application for Facebook using the iframe mode and ASP.NET. I'm able to use the new OAuth method that combines the allow and the extended permissions. When I click on the Allow everything works as expected, but when I click on the "Don't Allow" I get a 500 internal error. The Request For Permission url is: http://www.facebook.com/connect/uiserver.php?client_id=389845102120&scope=publish_stream%2Cuser_birthday%2Cemail&redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fplumreward%2FDefault.aspx%3Fpid%3D124733857540930&display=page&next=http%3A%2F%2Fgraph.facebook.com%2Foauth%2Fauthorize_success%3Fclient_id%3D389845102120%26scope%3Dpublish_stream%252Cuser_birthday%252Cemail%26redirect_uri%3Dhttp%253A%252F%252Fapps.facebook.com%252Fplumreward%252FDefault.aspx%253Fpid%253D124733857540930%26type%3Dweb_server&cancel_url=http%3A%2F%2Fgraph.facebook.com%2Foauth%2Fauthorize_cancel%3Fclient_id%3D389845102120%26scope%3Dpublish_stream%252Cuser_birthday%252Cemail%26redirect_uri%3Dhttp%253A%252F%252Fapps.facebook.com%252Fplumreward%252FDefault.aspx%253Fpid%253D124733857540930%26type%3Dweb_server&app_id=389845102120&method=permissions.request&return_session=1&perms=publish_stream%2Cuser_birthday%2Cemail When I click don't allow it goes to http://www.facebook.com/connect/uiserver.php and then to http://graph.facebook.com/oauth/authorize_success?client_id=389845102120&scope=publish_stream%2Cuser_birthday%2Cemail&redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fplumreward%2FDefault.aspx%3Fpid%3D124733857540930&type=web_server&perms&selected_profiles=567961887 with a HTTP 500 Internal Server Error. What am I doing wrong? Am I missing a setting, parameter? Is this a FB bug?

    Read the article

  • updating rails to 2.3.6

    - by Nik
    can you update your 2.3.5 app with just "gem update rails" and change the version # in environment.rb? I did that and lots of errors came out like in console just typing Post.all would show "undefined method `retrieve_connection' for nil:NilClass". Any ideas? By the way, I have these gems in my environment.rb config.gem "aws-s3", :version = "= 0.6.2", :lib = "aws/s3" config.gem "less" config.gem "authlogic" config.gem "be9-acl9", :source = "http://gems.github.com", :lib = "acl9" config.gem "hash_extension" config.gem "prawn"

    Read the article

  • I am Unable to Post Xml to Linkedin Share API

    - by Vijesh V.Nair
    I am using Delphi 2010, with Indy 10.5.8(svn version) and oAuth.pas from chuckbeasley. I am able to collect token with app key and App secret, authorize token with a web page and Access the final token. Now I have to post a status with Linkedin’s Share API. I am getting a unauthorized response. My request and responses are giving bellow. Request, POST /v1/people/~/shares HTTP/1.0 Content-Encoding: utf-8 Content-Type: text/xml; charset=us-ascii Content-Length: 999 Authorization: OAuth oauth_consumer_key="xxx",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1340438599",oauth_nonce="BB4C78E0A6EB452BEE0FAA2C3F921FC4",oauth_version="1.0",oauth_token="xxx",oauth_signature="Pz8%2FPz8%2FPz9ePzkxPyc%2FDD82Pz8%3D" Host: api.linkedin.com Accept: text/html, */* Accept-Encoding: identity User-Agent: Mozilla/3.0 (compatible; Indy Library) %3C%3Fxml+version=%25221.0%2522%2520encoding%253D%2522UTF-8%2522%253F%253E%253Cshare%253E%253Ccomment%253E83%2525%2520of%2520employers%2520will%2520use%2520social%2520media%2520to%2520hire%253A%252078%2525%2520LinkedIn%252C%252055%2525%2520Facebook%252C%252045%2525%2520Twitter%2520%255BSF%2520Biz%2520Times%255D%2520http%253A%252F%252Fbit.ly%252FcCpeOD%253C%252Fcomment%253E%253Ccontent%253E%253Ctitle%253ESurvey%253A%2520Social%2520networks%2520top%2520hiring%2520tool%2520-%2520San%2520Francisco%2520Business%2520Times%253C%252Ftitle%253E%253Csubmitted-url%253Ehttp%253A%252F%252Fsanfrancisco.bizjournals.com%252Fsanfrancisco%252Fstories%252F2010%252F06%252F28%252Fdaily34.html%253C%252Fsubmitted-url%253E%253Csubmitted-image-url%253Ehttp%253A%252F%252Fimages.bizjournals.com%252Ftravel%252Fcityscapes%252Fthumbs%252Fsm_sanfrancisco.jpg%253C%252Fsubmitted-image-url%253E%253C%252Fcontent%253E%253Cvisibility%253E%253Ccode%253Eanyone%253C%252Fcode%253E%253C%252Fvisibility%253E%253C%252Fshare%253E Response, HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 x-li-request-id: K14SWRPEPL Date: Sat, 23 Jun 2012 08:07:17 GMT Vary: * x-li-format: xml Content-Type: text/xml;charset=UTF-8 Content-Length: 341 Connection: keep-alive <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <error> <status>401</status> <timestamp>1340438838344</timestamp> <request-id>K14SWRPEPL</request-id> <error-code>0</error-code> <message>[unauthorized]. OAU:xxx|nnnnn|*01|*01:1340438599:Pz8/Pz8/Pz9ePzkxPyc/DD82Pz8=</message> </error> Please help. Regards, Vijesh Nair

    Read the article

  • Unable to display wap version during "Extended permission"

    - by Mickey Cheong
    Hi, Im trying to redirect to facebook to request permission to publish stream. However, it only works when i did not specify any display parameters, it shows me a web version of it. I wanted a wap version instead. What should I do? Here's the code: <form method="post" action="https://graph.facebook.com/oauth/authorize"> <input type="hidden" name="client_id" value="1XXXXXXXXXXXXXX" /> <input type="hidden" name="scope" value="publish_stream" /> <input type="hidden" name="redirect_uri" value="http://www.redirect.com/" /> <input class="button" type="submit" value="Request..." /> </form> When i submit this form, it will redirect to http://www.facebook.com/connect/prompt_ … y=page.... If I were to change the "redirected url"'s display param to "wap" it will works. However, if I were to submit to https://graph.facebook.com/oauth/authorize?display=wap. Nothing will happen and it will redirect back to the source url. Any help/hint will be grateful. Thanks a mil, Mickey

    Read the article

  • Rails: vendor/gems or vendor/plugins?

    - by TheDeeno
    I'm attempting to track my dependencies with git-submodules in my rails app. So far I've added submodules for things like, haml, shoulda, authlogic, etc to 'vendor/plugins'. I've seen indications that I should be using 'vendor/gems' instead though. Question, which directory is the appropriate place to put dependencies being tracked as submodules? Is the choice arbitrary? Thanks

    Read the article

  • Getting the Access Token from a Facebook Open Graph response in Ruby

    - by Gearóid
    Hi, I'm trying to implement single sign-on using facebook in my ruby sinatra app. So far, I've been following this tutorial: http://jaywiggins.com/2010/05/facebook-oauth-with-sinatra/ I am able to send a request for a user to connect to my application but I'm having trouble actually "getting" the access token. The user can connect without trouble and I receive a response with the "code" parameter, which I'm supposed to use to exchange an Access Token - but its here where I get stuck. So I submit a url with the following parameters: https://graph.facebook.com/oauth/access_token/{client_id}&{client_secret}&{code}&{redirect_uri} The words in the curly brackets above are obviously replaced by the values. I submit this using the following code: response = open(url) This doesn't seem to return anything of use in the way of an access token (it has a @base_uri which is the url I submitted above and few other parameters, though nothing useful looking). However, if I take that url I submitted and paste it into a browser, I receive back an access token. Can anyone tell me how I can get the request back from facebook and pull out the access token? Thanks.

    Read the article

  • 2 roles, admin and user. Is using anything other than basic http auth overkill?

    - by juststarting
    I'm building my first website with rails,it consists of a blog, a few static pages and a photo gallery. The admin section has namespaced controllers. I also want to create a mailing list, collecting contact info, (maybe a spree store in the future too.) Should I just use basic http authentication and check if the user is admin? Or is a plugin like authlogic better, then define user roles even though there would only be two; admin and user?

    Read the article

  • One Account with many users authentication in rails

    - by Cristian
    Which approach would you recommend to the following issue: My app needs to have an account with several users inputting tasks on the same account. Only one of the users (the one that opened the account) will have admin privileges. Im thinking on using Authlogic for authentication and CanCan for determining user privileges. The point is that I'd like the User that opened the Account to be admin by default being him the only one to be able to generate other Users for his account with a different privileges. Thanks, CD

    Read the article

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >