Search Results

Search found 33454 results on 1339 pages for 'access token'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 228/1339 | < Previous Page | 224 225 226 227 228 229 230 231 232 233 234 235  | Next Page >

  • How can I access the group of a linq group-by query from a nested repeater control?

    - by Duke
    I'm using a linq group by query (with two grouping parameters) and would like to use the resulting data in a nested repeater. var dateGroups = from row in data.AsEnumerable() group row by new { StartDate = row["StartDate"], EndDate = row["EndDate"] }; "data" is a DataTable from an SqlDataAdapter-filled DataSet. "dateGroups" is used in the parent repeater, and I can access the group keys using Eval("key.StartDate") and Eval("key.EndDate"). Since dateGroups actually contains all the data rows grouped neatly by Start/End date, I'd like to access those rows to display the data in a child repeater. To what would I set the child repeater's DataSource? I have tried every expression in markup I could think of; I think the problem is that I'm trying to access an anonymous member (and I don't know how.) In case it doesn't turn out to be obvious, what would be the expression to access the elements in each iteration of the child repeater? Is there an expression that would let me set the DataSource in the markup, or will it have to be in the codebehind on some event in the parent repeater?

    Read the article

  • How do you Access an Authenticated Google App Engine Service with Ruby?

    - by viatropos
    I am trying to do this same thing here but with Ruby: Access Authenticated GAE Client with Python. Any ideas how to retrieve authenticated content from GAE with Ruby? I am using the Ruby GData Gem to access everything in Google Docs and such and it's making life very easy, but now I'd like to access things on GAE that require admin access, programmatically, and it doesn't support that. Here's what I'm getting (using DocList, not sure what to use yet): c = GData::Client::DocList.new c.clientlogin(username, password, nil, nil, nil, "HOSTED") c => #<GData::Client::DocList:0x201bad8 @clientlogin_service="writely", @version="2", @auth_handler=#<GData::Auth::ClientLogin:0x200803c @account_type="HOSTED", @token="long-hash", @auth_url="https://www.google.com/accounts/ClientLogin", @service="writely">, @source="AnonymousApp", @headers={"Authorization"=>"GoogleLogin auth=long-hash", "User-Agent"=>"GoogleDataRubyUtil-AnonymousApp", "GData-Version"=>"2", "Content-Type"=>"application/atom+xml"}, @authsub_scope="http://docs.google.com/feeds/", @http_service=GData::HTTP::DefaultService> url = "http://my-cdn.appspot.com/files/restricted-file.html" c.get(url) => #<GData::HTTP::Response:0x20004b8 @status_code=302, @body="", @headers={"connection"=>"close", "date"=>"Sun, 11 Apr 2010 00:30:20 GMT", "content-type"=>"text/html", "server"=>"Google Frontend", "content-length"=>"0", "location"=>"https://www.google.com/accounts/ServiceLogin service=ah&continue=http://my-cdn.appspot.com/_ah/login%3Fcontinue%3D http://my-cdn.appspot.com/files/restricted-file.html& ltmpl=gm&ahname=My+CDN&sig=a-signature"}> Any tips? That other SO question pointed to doing something with the redirect... Not sure how to handle that. Just looking for a point in the right direction from the ruby experts. Thanks.

    Read the article

  • How do I grant anonymous access to a url using FormsAuthentication?

    - by Brian Bolton
    For the most part, my webapp requires authentication to do anything. There are a few pages, namely the homepage, that I'd like people to be able to access without authenticating. Specifically, I'd like to allow anonymous access to these urls: /home /default.aspx I'm using asp.net MVC and FormsAuthentication. Both urls point to the same view: /home/index.aspx Here is my current configuration in web.config. <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> <authorization> <deny users="?" /> </authorization> Reading the documentation for the authorization tag, it says "Configures the authorization for a Web application, controlling client access to URL resources." It seems like I should be able to use the authorization tag to specify a url and allow access. Something like: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> <authorization> <deny users="?" /> </authorization> <authorization url="/default.aspx"> <allow users="?" /> </authorization> <authorization url="/home"> <allow users="?" /> </authorization>

    Read the article

  • What's the most concise cross-browser way to access an <iframe> element's window and document?

    - by Bungle
    I'm trying to figure out the best way to access an <iframe> element's window and document properties from a parent page. The <iframe> may be created via JavaScript or accessed via a reference stored in an object property or a variable, so, if I understand correctly, that rules out the use of document.frames. I've seen this done a number of ways, but I'm unsure about the best approach. Given an <iframe> created in this way: var iframe = document.createElement('iframe'); document.getElementsByTagName('body')[0].appendChild(iframe); I'm currently using this to access the document, and it seems to work OK across the major browsers: var doc = iframe.contentWindow || iframe.contentDocument; if (doc.document) { doc = doc.document; } I've also see this approach: var iframe = document.getElementById('my_iframe'); iframe = (iframe.contentWindow) ? iframe.contentWindow : (iframe.contentDocument.document) ? iframe.contentDocument.document : iframe.contentDocument; iframe.document.open(); iframe.document.write('Hello World!'); iframe.document.close(); That confuses me, since it seems that if iframe.contentDocument.document is defined, you're going to end up trying to access iframe.contentDocument.document.document. There's also this: var frame_ref = document.getElementsByTagName('iframe')[0]; var iframe_doc = frame_ref.contentWindow ? frame_ref.contentWindow.document : frame_ref.contentDocument; In the end, I guess I'm confused as to which properties hold which properties, whether contentDocument is equivalent to document or whether there is such a property as contentDocument.document, etc. Can anyone point me to an accurate/timely reference on these properties, or give a quick briefing on how to efficiently access an <iframe>'s window and document properties in a cross-browser way (without the use of jQuery or other libraries)? Thanks for any help!

    Read the article

  • Discussion - Allowing / blocking user access to pages (Client Side Only!) - Javascript / Jquery

    - by Ozaki
    TLDR Using plain HTML / Javascript (Client Side) I want to prevent viewing of certain pages. The user will have to type a username and password and depending on that they get access to different pages. Answers can NOT include server side whatsoever It does not matter if they can break it easily. There is no sensitive information etc. Also the target audience will not have access to internet OR probably know what a cookie is... At some point the user will have to type username / password.(I can define the cookie here) Currently I thought of using cookies to set a cookie for each page to say "true" / "false" but that would get messy with so many cookies. Or setting an array within a cookie for each page? I have div field "#Content" which as it looks encompasses all of my content on the page so blocking out content will be as simple as replacing it with ("sorry you don't have access") etc. For Example: $.cookie("Access","page1, page2, page3"{ expires: 1 }); I am looking for anyway to do this does not have to be with cookies. Would be nice to get a discussion of different ways this can be done. So the question is: What do YOU think would be a good way to go about doing this with client side validation?

    Read the article

  • Finding out the windows group by virtue of which a user is able to access a database in sql server?

    - by Raghu Dodda
    There is a SQL Server 2005 database with mixed-mode authentication. Among others, we have the following logins on the server: our-domain\developers-group-1, and our-domain\developers-group-2 which are AD groups. The our-domain\developer-group-2 is added to the sysadmin role on the server, by virture of which all domain users of that group can access any database as SQL Server implictly maps the sysadmin role to the dbo user in each database. There are two users our-domain\good-user and our-domain\bad-user The issue is the following: Both the good-user and the bad-user have the exact same AD group memberships. They are both members of our-domain\developers-group-1 and our-domain\developers-group-2. The good-user is able to access all the databases, and the bad-user is not. The bad-user is able to login, but he is unable access any databases. By the way, I am the good-user. How do I go about finding out why? Here's what I tried so far: When I do print current_user, I get dbo When I do print system_user, I get my-domain\good-user When I do select * from fn_my_permissions(NULL, 'SERVER'), I see permissions. But if do execute as user='my-domain\good-user'; select * from fn_my_permissions(NULL, 'SERVER'), I dont see any permisisons. And When I do, execute as user='my-domain\bad-user'; select * from fn_my_permissions(NULL, 'SERVER'), I dont see any permisisons. Also, I was wondering if there is a sql command that will tell me, "hey! the current database user is able to access this database because he is a member such-and-such ad-group, which is a login that is mapped to such-and-such user in this database".

    Read the article

  • Discussion - Allowing / blocking user access to pages / Client Side Validation (Client Side Only!) -

    - by Ozaki
    TLDR Using plain HTML / Javascript (Client Side) I want to prevent viewing of certain pages. The user will have to type a username and password and depending on that they get access to different pages. Answers can NOT include server side whatsoever It does not matter if they can break it easily. There is no sensitive information etc. Also the target audience will not have access to internet OR probably know what a cookie is... At some point the user will have to type username / password.(I can define the cookie here) Currently I thought of using cookies to set a cookie for each page to say "true" / "false" but that would get messy with so many cookies. Or setting an array within a cookie for each page? I have div field "#Content" which as it looks encompasses all of my content on the page so blocking out content will be as simple as replacing it with ("sorry you don't have access") etc. For Example: $.cookie("Access","page1, page2, page3"{ expires: 1 }); I am looking for anyway to do this does not have to be with cookies. Would be nice to get a discussion of different ways this can be done. So the question is: What do YOU think would be a good way to go about doing this with client side validation? Also on another note discussion on how to make client side more secure or ways to do so are acceptable.

    Read the article

  • .NET security mechanism to restrict access between two Types in the same project?

    - by jdk
    Question: Is there a mechanism in the .NET Framework to hide one custom Type from another without using separate projects/assemblies? I'm using C# with ASP.NET in a Website project. Note: I'm not talking about access modifiers to hide members of a Type from another type - I mean to hide the Type itself. Background: I'm working in an ASP.NET Website project and the team has decided not to use separate project assemblies for different software layers. Therefore I'm looking for a way to have, for example, a DataAccess/ folder of which I disallow its classes to access other Types in the same ASP.NET Website project. In other words I want to fake the layers and have some kind of security mechanism around each layer to prevent it from accessing another. Obviously there's not a way to enforce this restriction using language-specific OO keywords so I am looking for something else, for example: maybe a permission framework or code access mechanism, maybe something that uses meta data like Attributes. Even something that restricts one namespace from accessing another. I'm unsure the final form it might take. If this were C++ I'd likely be using friend to make as solution, which doesn't translate to C# internal in this case although they're often compared. I don't really care whether the solution actually hides Types from each other or just makes them inaccessible; however I don't want to lock down one Type from all others, another reason access modifiers are not a solution. A runtime or design time answer will suffice. Looking for something easy to implement otherwise it's not worth the effort ...

    Read the article

  • Guarding against CSRF Attacks in ASP.NET MVC2

    - by srkirkland
    Alongside XSS (Cross Site Scripting) and SQL Injection, Cross-site Request Forgery (CSRF) attacks represent the three most common and dangerous vulnerabilities to common web applications today. CSRF attacks are probably the least well known but they are relatively easy to exploit and extremely and increasingly dangerous. For more information on CSRF attacks, see these posts by Phil Haack and Steve Sanderson. The recognized solution for preventing CSRF attacks is to put a user-specific token as a hidden field inside your forms, then check that the right value was submitted. It's best to use a random value which you’ve stored in the visitor’s Session collection or into a Cookie (so an attacker can't guess the value). ASP.NET MVC to the rescue ASP.NET MVC provides an HTMLHelper called AntiForgeryToken(). When you call <%= Html.AntiForgeryToken() %> in a form on your page you will get a hidden input and a Cookie with a random string assigned. Next, on your target Action you need to include [ValidateAntiForgeryToken], which handles the verification that the correct token was supplied. Good, but we can do better Using the AntiForgeryToken is actually quite an elegant solution, but adding [ValidateAntiForgeryToken] on all of your POST methods is not very DRY, and worse can be easily forgotten. Let's see if we can make this easier on the program but moving from an "Opt-In" model of protection to an "Opt-Out" model. Using AntiForgeryToken by default In order to mandate the use of the AntiForgeryToken, we're going to create an ActionFilterAttribute which will do the anti-forgery validation on every POST request. First, we need to create a way to Opt-Out of this behavior, so let's create a quick action filter called BypassAntiForgeryToken: [AttributeUsage(AttributeTargets.Method, AllowMultiple=false)] public class BypassAntiForgeryTokenAttribute : ActionFilterAttribute { } Now we are ready to implement the main action filter which will force anti forgery validation on all post actions within any class it is defined on: [AttributeUsage(AttributeTargets.Class, AllowMultiple = false)] public class UseAntiForgeryTokenOnPostByDefault : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { if (ShouldValidateAntiForgeryTokenManually(filterContext)) { var authorizationContext = new AuthorizationContext(filterContext.Controller.ControllerContext);   //Use the authorization of the anti forgery token, //which can't be inhereted from because it is sealed new ValidateAntiForgeryTokenAttribute().OnAuthorization(authorizationContext); }   base.OnActionExecuting(filterContext); }   /// <summary> /// We should validate the anti forgery token manually if the following criteria are met: /// 1. The http method must be POST /// 2. There is not an existing [ValidateAntiForgeryToken] attribute on the action /// 3. There is no [BypassAntiForgeryToken] attribute on the action /// </summary> private static bool ShouldValidateAntiForgeryTokenManually(ActionExecutingContext filterContext) { var httpMethod = filterContext.HttpContext.Request.HttpMethod;   //1. The http method must be POST if (httpMethod != "POST") return false;   // 2. There is not an existing anti forgery token attribute on the action var antiForgeryAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(ValidateAntiForgeryTokenAttribute), false);   if (antiForgeryAttributes.Length > 0) return false;   // 3. There is no [BypassAntiForgeryToken] attribute on the action var ignoreAntiForgeryAttributes = filterContext.ActionDescriptor.GetCustomAttributes(typeof(BypassAntiForgeryTokenAttribute), false);   if (ignoreAntiForgeryAttributes.Length > 0) return false;   return true; } } The code above is pretty straight forward -- first we check to make sure this is a POST request, then we make sure there aren't any overriding *AntiForgeryTokenAttributes on the action being executed. If we have a candidate then we call the ValidateAntiForgeryTokenAttribute class directly and execute OnAuthorization() on the current authorization context. Now on our base controller, you could use this new attribute to start protecting your site from CSRF vulnerabilities. [UseAntiForgeryTokenOnPostByDefault] public class ApplicationController : System.Web.Mvc.Controller { }   //Then for all of your controllers public class HomeController : ApplicationController {} What we accomplished If your base controller has the new default anti-forgery token attribute on it, when you don't use <%= Html.AntiForgeryToken() %> in a form (or of course when an attacker doesn't supply one), the POST action will throw the descriptive error message "A required anti-forgery token was not supplied or was invalid". Attack foiled! In summary, I think having an anti-CSRF policy by default is an effective way to protect your websites, and it turns out it is pretty easy to accomplish as well. Enjoy!

    Read the article

  • How to use Apple Push Notifications to update a Passbook

    - by keithcelt
    I have created Passbooks and they are loaded onto my customer's iOS devices. I need to update these Passbooks. According to the Passbook docs you need to use the Apple Push Notification Service (APNS) to trigger a pull from the iOS device in order to update the Passbook. This APNS push consists of a "push token" and a "pass type id." However, the APNS body is to be left empty. The APNS docs talk about a "device token" needed to send a push notification but make no mention of a "push token." Is an APNS "device token" the same as a Passbook "push token"? How do I send the Passbook "pass type id" in my APNS push?

    Read the article

  • SQL SERVER – Dedicated Access Control for SQL Server Express Edition – An error occurred while obtaining the dedicated administrator connection (DAC) port.

    - by pinaldave
    Recently I had faced very interesting situation. Due to some reason we were not able to login into the production server for one of client. The reason for the same was that server was very busy, we had to login into the system and bring server to normal situation. When all the attempts failed, I decided to login using Dedicated Administrator Connection (DAC). However when I attempted to connect using DAC it threw following error for me. C:\Users\pinald>sqlcmd -A -d master -S .\SQLEXPRESS Sqlcmd: Error: Microsoft SQL Server Native Client 11.0 : SQL Server Network Interfaces: An error occurred while obtaining the dedicated administrator connection (DAC) port. Make sure that SQL Browser is running, or check the error log for t he port number [xFFFFFFFF]. .Sqlcmd: Error: Microsoft SQL Server Native Client 11.0 : Login timeout expired.Sqlcmd: Error: Microsoft SQL Server Native Client 11.0 : A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online. I was bit taken a back as I knew that my commands are correct to login and if DAC does not work, there should be some serious reason for it. When inquired further about the SQL Server version I learned that it was SQL Server Express version deployed. To conserve resources, SQL Server Express does not listen on the DAC port. There is an additional step to be done if SQL Server Express has to be used with DAC. Enable TRACEFLAG on SQL Server Express will enable the connection by DAC possible. Here is the quick methods how one can enable DAC on SQL Server Express. Go to Start >> All Program >>Microsoft SQL Server (your version) >> Configuration Tools >> SQL Server Configuration Manager. Click on SQL Server Services >> Select your SQL Server Express version >> Right Click Properties >> select Startup Parameters Once on the Startup Parameter add the Startup parameter which is TRACEFLAG -T7806. Click on OK and RESTART SQL Server Express edition. Now once again try to connect to SQL Server Express edition and it will work just fine. This is absolutely documented method on BOL and SQL Server Express needs to be restarted. Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: Pinal Dave, PostADay, SQL, SQL Authority, SQL Error Messages, SQL Interview Questions and Answers, SQL Query, SQL Server, SQL Tips and Tricks, SQLServer, T SQL, Technology Tagged: SQL Server Express

    Read the article

  • Did you miss the OFM Summer Camps III? Get access to the b2b & adapters and SOA Governance training material

    - by JuergenKress
    We posted the SOA Governance and b2b & adapters training material at our SOA Community Workspace (SOA Community membership required). We have no plans to post the ACM and Advanced SOA training material. Special thanks to all the trainers who delivered superb workshops. Thanks to all the partners who invested time and utilization plus travel expenses to attend the camp. Special thanks to all the international partners who traveled a long way to sunny Lisbon – including our Mexican friends! The Summer Camp feedback was excellent, everybody answered the question if he would attend a future OFM Summer Camp with YES and the overall feedback is 4,79 out of 5 (best)! For most of the trainings we had a waiting list with additional partners who want to attend. Make sure you use your middleware skills to deliver successful projects. It would be great if you can support your colegues and the community by sharing the lessons learned and best practice. Thanks for great feedback at twitter please continue to send your pictures to our twitter feed @soacommunity #OFMsummercamps or post them at our Facebook page. Here is a selection of some tweets: Walter Montantes ?México presence en #OFMSummerCamp Lisboa 2013 cc @soacommunity @AdquemTI pic.twitter.com/9NEFwsWCAq SOA Community ?thanks for attending the #OFMSummercamp - save trip home ;-) Want to attend a future training register http://www.oracle.com/goto/emea/soa #soacommunity C2B2 Consulting ?Last day at the #OFMSummercamp Oracle SOA Suite Training in Portugal @soacommunity pic.twitter.com/6LZavVlvHc Patrick Sinke ?a FollowFriday for @Oracle_B2B because 19 followers is not enough #FF #OFMSummercamp Patrick Sinke ?Yogesh Sontakke is talking about #SOA #Governance. #OFMSummercamp Nuno Cancelo ?Oracle SOA Governance - Quick Overview #OFMSummerCamp Nuno Cancelo ?Last coffee break. #OFMSummercamp pic.twitter.com/xZi9M5vAWz Scott Haaland Last day of #OFMSummercamp. It's been a great productive week..great students eager to learn. @Oracle_B2B @soacommunity . Patrick Sinke ?singletons are used to retain specific fetching order of files and records in multithread/multi-instance environment. #OFMSummercamp #SOA Patrick Sinke ?SOA's File Adapter is extremely versatile: It writes, reads and converts almost any type of file. #OFMSummercamp pic.twitter.com/XjtJF9Y5SH Patrick Sinke ?Now deep-diving into Java EE Connector Architecture (JCA). Got to do some catching up at home on this subject. #OFMSummercamp #SOA Patrick Sinke ?Today we start with security and OPSS at #OFMSummercamp Advanced #SOA training. Then some #OSB. #OFM #Oracle #whitehorses Remco Cats ?Starting the last day on #OFMSummercamp building ADF Mobile applications with BPM Nuno Cancelo ?While attending #OFMSummerCamp i notice even more the importance of designing software. Any tips in how to become an software architect? Patrick Sinke ?Extensive information on Faullt handling and policies now in Advanced #SOA track. #OFMSummercamp #oraclesoa #middleware #whitehorses C2B2 Consulting ?Geoffroy de Lamalle speaking at the #OFMSummercamp @soacommunity pic.twitter.com/m4oOyzYB2q Patrick Sinke ?Oracle Document editor is a huge tool (6GB), but contains every version and subset of EDI, HL7, etc definitions. Impressive. #OFMSummercamp Patrick Sinke ?Oracle #B2B 11g presentation on #OFMSummercamp by Scott. Unfortunately only 2 hours in SOA advanced class. Very interesting. SOA Community Bon dia #OFMSummercamp - if you are here in sunny Lisbon ;-) you can checkin at http://foursquare.com/ #soacommunity pic.twitter.com/PnmudJgJTZ Nuno Cancelo ?Beautiful day! #OFMSummercamp pic.twitter.com/nwByRM5YE1 Nuno Cancelo ?Relaxing after lunch :-) #OFMSummercamp pic.twitter.com/hOJzebCM5p SOA Community Posted pictures from OFM Summer Camp III at our facebook page - share yours! https://www.facebook.com/soacommunity #OFMSummerCamp #soacommunity Nuno Cancelo ?Coffee break: day3 #OFMSummercamp pic.twitter.com/97n1sAGhx4 Patrick Sinke #OFMSummercamp day 3; SOA Infrastructure. pic.twitter.com/ziivyw3L6q SOA Community ?@soacommunity 28 Aug Bon dia day 3 at #OFMSummercamp in Lisboa. Nial presenting ACM roadmap pic.twitter.com/iN3gTCHSbA SOA Community ?Hands-on time at the b2b & adapters training part of the #OFMSummercamp #soacommunity pic.twitter.com/9BzI7igrX8 SOA Community ?Laptop replacement at #OFMSummercamp - big thanks to Oracle Portugal for the fast help! 10 seconds to cut the cable pic.twitter.com/nwd2Px73pa SOA Community ?Hard work long training until 18.00 now enjoy the beach #ofmsummercamp #soacommunity pic.twitter.com/StogfxJNFH Walter Montantes? Primer día #OFMSummercamp pic.twitter.com/cTNDpzg5pL Miguel Delgadillo ?@walex86 Advanced SOA training by Geoffroy at #OFMSummercamp - full room hard working class pic.twitter.com/2SDz9FVhkh” si le sabes? SOA Community ?Welcome to the #OFMSummercamp in sunny Lisbon ;-) Send us your pictures of the training and city @soacommunity pic.twitter.com/i2ErZaaFbb SOA Community ?Advanced SOA training by Geoffroy at #OFMSummercamp - full room hard working class pic.twitter.com/uKjv0tV2bO Nuno Cancelo #OFMSummercamp afternoon break:) pic.twitter.com/pUaBvt2NIj Impressions of the event are posted at our facebook page. If you missed Lisbon, make sure you attend one of our Additional Middleware Trainings in Europe: We currently run 3 different training roadshows for Business Process Management & ADF & WebLogic across Europe make sure you sing-up for them: ADF & ADF Mobile or Business Process Management Suite or WebLogic Suite. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Facebook Wiki Mix Forum Technorati Tags: b2b,training,education,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

    Read the article

  • How do I access the popup page DOM from bg page in Chrome extension?

    - by Fletcher Moore
    In Google Chrome's extension developer section, it says The HTML pages inside an extension have complete access to each other's DOMs, and they can invoke functions on each other. ... The popup's contents are a web page defined by an HTML file (popup.html). The popup doesn't need to duplicate code that's in the background page (background.html) because the popup can invoke functions on the background page I've loaded and tested jQuery, and can access DOM elements in background.html with jQuery, but I cannot figure out how to get access to DOM elements in popup.html from background.html.

    Read the article

  • How to access MyProject.MySettings.Default.SomeSetting from xaml?

    - by Shimmy
    I have defined a StringCollection in the Project Settings. I want to use the values in a ComboBox. Is there a way to access it xamly? I tried: <CollectionViewSource Source="{x:Static src:MySettings.Default.MyCollection}" /> <CollectionViewSource x:Key="RoomSections" Source="{x:Static src:MySettings.Default.RoomSections}" /> *src is the xmlns of the project It says: "Type src:MySettings.Default was not found". The thing is that MySettings is a class that offers a Default property which is a thread-safe instance of MySettings, I really want to get the collection from the Default property and not by instantiating a new on. Is there other ways I am not aware of, maybe ObjectDataProvider can access static objects? I thought, maybe I can make in the App.xaml a global resource that return MySettings.Default which is an instance of the MySettings class, and then access all its properties, I will try that out, but I prefer the easy way.

    Read the article

  • How to access the Principal from a Java service object without using FlexContext?

    - by Marplesoft
    We're building some Java objects that are exposed via BlazeDS to our flex client application. So basically the BlazeDS messagebroker servlet instantiates and invokes methods on these objects in response to client requests. Works great. We're using app server-based authentication and have set up a security constraint on the <destination> elements in the remoting-config.xml file element to prevent unauthenticated clients from being able to access these remote java objects. Again, works fine. However, there are several places within the implementation of these java objects where we want to get the currently logged on user's username. Right now we are doing this via FlexContext.getUserPrincipal(), which gives access to this but we have a nagging concern that we don't like the idea that the implementation of these objects (the service layer) has a hard dependency on a BlazeDS class. But we're not sure how else to get access to this. The same applies to accessing the ServletContext and such. Any ideas?

    Read the article

  • Is there any way to disable write-access to source code from within Xcode?

    - by Kapil Kapre
    Is there any easy solution to prevent Xcode from writing to source files in a project? I want to edit source files externally and only use Xcode for debugging and so I want to prevent any accidental modifications getting saved via xcode. (Obviously I want Xcode to pickup external changes to files when I build/debug) One possible solution that I thought of was to enable app sandbox entitlements on xcode and manually maintain a list of directories that it should not write to. Is this feasible? Any other ideas? On the sandboxing thing, I'm not sure if Xcode is disqualified as per Apple's Sandboxing Requirements.

    Read the article

  • RPX API Call auth_info is returning "missing parameter" error

    - by James Lawruk
    I cannot get the RPX auth_info API call to work. It keeps returning the error: "Missing parameter: apiKey" I am using the C# RPX Helper Class provided on their Wiki:RPX Helper Class Below is my code in my Page_Load method. The RPX service works by sending a POST to a Url that I specify. My code gets the token from the post data shown below. Then I call the AuthInfo API method. string token = Request.Params["token"]; string apiKey = "xxxxxxxxxxxxxxx"; //my API key Rpx rpx = new Rpx(apiKey, "http://rpxnow.com"); XmlElement xmlElement = rpx.AuthInfo(token); Everything looks good. The token is populated. Within their code, the "apiKey" value pair is added to the post data written to the Request stream. Has anyone had luck with this? Any ideas why this is not working? Thanks.

    Read the article

  • PHP - CSRF - How to make it works in all tabs?

    - by Erik Persson
    Hi there, I have readed about how to prevent CSRF-attacks in the last days. I am going to update the token in every pageload, save the token in the session and make a check when submitting a form. But what if the user has, lets say 3 tabs open with my website, and I just store the last token in the session? This will overwrite the token with another token, and some post-action is going to fail. Do I need to store all tokens in the session, or is there a better solution to get this working? Best regards, Erik Persson

    Read the article

  • How do you limit root partition disk access to allow drive to go into stanby mode?

    - by Casey
    When there are no users on my system, I would like the hard disk to spindown to low-power state. I realize that this might not be 100% achievable for a straight 24 hours, but it seems reasonable that the system could remain idle for a few hours at a time when it is not in use. My system is headless and running a limited number of services. The primary services are: exim4, mythtv-backend, nfs, samba, cups, apt-cacher-ng Assume that drives are already enabled to go into standby mode. Also, its not acceptable to increase the write-back timeout, since my system is not on a UPS.

    Read the article

  • How to mock/stub calls to message taglib in Grails controller

    - by Dave
    I've got a Grails controller which relies on the message taglib to resolve an i18n message: class TokenController { def passwordReset = { def token = DatedToken.findById(params.id); if (!isValidToken(token, params)) { flash.message = message(code: "forgotPassword.reset.invalidToken") redirect controller: 'forgotPassword', action: 'index' return } render view:'/forgotPassword/reset', model: [token: token.token] } } I've written a unit test for the controller: class TokenControllerTests extends ControllerUnitTestCase { void testPasswordResetInvalidTokenRedirect() { controller.passwordReset() assert... } } Since the message taglib is called in the controller I get a MissingMethodException: groovy.lang.MissingMethodException: No signature of method: TokenController.message() is applicable for argument types: (java.util.LinkedHashMap) values: [[code:forgotPassword.reset.invalidToken]] Does anyone know the best way to get around this issue in a unit test? Ideally I would like to perform assertions on the message but right now I'd be happy if the test just ran! Thanks

    Read the article

  • ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios

    - by Your DisplayName here!
    The Thinktecture.IdentityModel.Http repository includes a number of samples for the various authentication scenarios. All the clients follow a basic pattern: Acquire client credential (a single token, multiple tokens, username/password). Call Service. The service simply enumerates the claims it finds on the request and returns them to the client. I won’t show that part of the code, but rather focus on the step 1 and 2. Basic Authentication This is the most basic (pun inteneded) scenario. My library contains a class that can create the Basic Authentication header value. Simply set username and password and you are good to go. var client = new HttpClient { BaseAddress = _baseAddress }; client.DefaultRequestHeaders.Authorization = new BasicAuthenticationHeaderValue("alice", "alice"); var response = client.GetAsync("identity").Result; response.EnsureSuccessStatusCode();   SAML Authentication To integrate a Web API with an existing enterprise identity provider like ADFS, you can use SAML tokens. This is certainly not the most efficient way of calling a “lightweight service” ;) But very useful if that’s what it takes to get the job done. private static string GetIdentityToken() {     var factory = new WSTrustChannelFactory(         new WindowsWSTrustBinding(SecurityMode.Transport),         _idpEndpoint);     factory.TrustVersion = TrustVersion.WSTrust13;     var rst = new RequestSecurityToken     {         RequestType = RequestTypes.Issue,         KeyType = KeyTypes.Bearer,         AppliesTo = new EndpointAddress(Constants.Realm)     };     var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;     return token.TokenXml.OuterXml; } private static Identity CallService(string saml) {     var client = new HttpClient { BaseAddress = _baseAddress };     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("SAML", saml);     var response = client.GetAsync("identity").Result;     response.EnsureSuccessStatusCode();     return response.Content.ReadAsAsync<Identity>().Result; }   SAML to SWT conversion using the Azure Access Control Service Another possible options for integrating SAML based identity providers is to use an intermediary service that allows converting the SAML token to the more compact SWT (Simple Web Token) format. This way you only need to roundtrip the SAML once and can use the SWT afterwards. The code for the conversion uses the ACS OAuth2 endpoint. The OAuth2Client class is part of my library. private static string GetServiceTokenOAuth2(string samlToken) {     var client = new OAuth2Client(_acsOAuth2Endpoint);     return client.RequestAccessTokenAssertion(         samlToken,         SecurityTokenTypes.Saml2TokenProfile11,         Constants.Realm).AccessToken; }   SWT Authentication When you have an identity provider that directly supports a (simple) web token, you can acquire the token directly without the conversion step. Thinktecture.IdentityServer e.g. supports the OAuth2 resource owner credential profile to issue SWT tokens. private static string GetIdentityToken() {     var client = new OAuth2Client(_oauth2Address);     var response = client.RequestAccessTokenUserName("bob", "abc!123", Constants.Realm);     return response.AccessToken; } private static Identity CallService(string swt) {     var client = new HttpClient { BaseAddress = _baseAddress };     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", swt);     var response = client.GetAsync("identity").Result;     response.EnsureSuccessStatusCode();     return response.Content.ReadAsAsync<Identity>().Result; }   So you can see that it’s pretty straightforward to implement various authentication scenarios using WebAPI and my authentication library. Stay tuned for more client samples!

    Read the article

  • How can I audit users and access attempts to SSH on my server?

    - by RadiantHex
    I've had a few security problems with a server of mine, a few SSH users have been setting up fires aka giving problems. I would like to: Track user logins and logouts Track activity of these SSH, in order to discover any malicious activity Prevent users from deleting logs I am not much of a sys admin and I am quite inexperienced in this matter, so any kind of advice would be very welcome and very helpful. :)

    Read the article

  • How to store Role Based Access rights in web application?

    - by JonH
    Currently working on a web based CRM type system that deals with various Modules such as Companies, Contacts, Projects, Sub Projects, etc. A typical CRM type system (asp.net web form, C#, SQL Server backend). We plan to implement role based security so that basically a user can have one or more roles. Roles would be broken down by first the module type such as: -Company -Contact And then by the actions for that module for instance each module would end up with a table such as this: Role1 Example: Module Create Edit Delete View Company Yes Owner Only No Yes Contact Yes Yes Yes Yes In the above case Role1 has two module types (Company, and Contact). For company, the person assigned to this role can create companies, can view companies, can only edit records he/she created and cannot delete. For this same role for the module contact this user can create contacts, edit contacts, delete contacts, and view contacts (full rights basically). I am wondering is it best upon coming into the system to session the user's role with something like a: List<Role> roles; Where the Role class would have some sort of List<Module> modules; (can contain Company, Contact, etc.).? Something to the effect of: class Role{ string name; string desc; List<Module> modules; } And the module action class would have a set of actions (Create, Edit, Delete, etc.) for each module: class ModuleActions{ List<Action> actions; } And the action has a value of whether the user can perform the right: class Action{ string right; } Just a rough idea, I know the action could be an enum and the ModuleAction can probably be eliminated with a List<x, y>. My main question is what would be the best way to store this information in this type of application: Should I store it in the User Session state (I have a session class where I manage things related to the user). I generally load this during the initial loading of the application (global.asax). I can simply tack onto this session. Or should this be loaded at the page load event of each module (page load of company etc..). I eventually need to be able to hide / unhide various buttons / divs based on the user's role and that is what got me thinking to load this via session. Any examples or points would be great.

    Read the article

  • How do I get secure AuthSub session tokens in PHP ?

    - by robertdd
    I am using the Google/YouTube APIs to develop web application which needs access to a users YouTube account. Normal unsecure requests work fine and I can upgrade one time tokens to session tokens without any hassle. The problem comes when I try and upgrade a secure token to a session token, I get: ERROR - Token upgrade for CIzF3546351vmq_P____834654G failed : Token upgrade failed. Reason: Invalid AuthSub header. Error 401 i use this: function updateAuthSubToken($singleUseToken) { try { $client = new Zend_Gdata_HttpClient(); $client->setAuthSubPrivateKeyFile('/home/www/key.pem', null, true); $sessionToken = Zend_Gdata_AuthSub::AuthSubRevokeToken($sessionToken, $client); $client->setAuthSubToken($sessionToken); } catch (Zend_Gdata_App_Exception $e) { print 'ERROR - Token upgrade for ' . $singleUseToken . ' failed : ' . $e->getMessage(); return; } $_SESSION['sessionToken'] = $sessionToken; generateUrlInformation(); header('Location: ' . $_SESSION['homeUrl']); }

    Read the article

  • Agile Development Requires Agile Support

    - by Matt Watson
    Agile developmentAgile development has become the standard methodology for application development. The days of long term planning with giant Gantt waterfall charts and detailed requirements is fading away. For years the product planning process frustrated product owners and businesses because no matter the plan, nothing ever went to plan. Agile development throws the detailed planning out the window and instead focuses on giving developers some basic requirements and pointing them in the right direction. Constant collaboration via quick iterations with the end users, product owners, and the development team helps ensure the project is done correctly.  The various agile development methodologies have helped greatly with creating products faster, but not without causing new problems. Complicated application deployments now occur weekly or monthly. Most of the products are web-based and deployed as a software service model. System performance and availability of these apps becomes mission critical. This is all much different from the old process of mailing new releases of client-server apps on CD once per quarter or year.The steady stream of new products and product enhancements puts a lot of pressure on IT operations to keep up with the software deployments and adding infrastructure capacity. The problem is most operations teams still move slowly thanks to change orders, documentation, procedures, testing and other processes. Operations can slow the process down and push back on the development team in some organizations. The DevOps movement is trying to solve some of these problems by integrating the development and operations teams more together. Rapid change introduces new problemsThe rapid product change ultimately creates some application problems along the way. Higher rates of change increase the likelihood of new application defects. Delivering applications as a software service also means that scalability of applications is critical. Development teams struggle to keep up with application defects and scalability concerns in their applications. Fixing application problems is a never ending job for agile development teams. Fixing problems before your customers do and fixing them quickly is critical. Most companies really struggle with this due to the divide between the development and operations groups. Fixing application problems typically requires querying databases, looking at log files, reviewing config files, reviewing error logs and other similar tasks. It becomes difficult to work on new features when your lead developers are working on defects from the last product version. Developers need more visibilityThe problem is most developers are not given access to see server and application information in the production environments. The operations team doesn’t trust giving all the developers the keys to the kingdom to log in to production and poke around the servers. The challenge is either give them no access, or potentially too much access. Those with access can still waste time figuring out the location of the application and how to connect to it over VPN. In addition, reproducing problems in test environments takes too much time and isn't always possible. System administrators spend a lot of time helping developers track down server information. Most companies give key developers access to all of the production resources so they can help resolve application defects. The problem is only those key people have access and they become a bottleneck. They end up spending 25-50% of their time on a daily basis trying to solve application issues because they are the only ones with access. These key employees’ time is best spent on strategic new projects, not addressing application defects. This job should fall to entry level developers, provided they have access to all the information they need to troubleshoot the problems.The solution to agile application support is giving all the developers limited access to the production environment and all the server information they need to see. Some companies create their own solutions internally to collect log files, centralize errors or other things to address the problem. Some developers even have access to server monitoring or other tools. But they key is giving them access to everything they need so they can see the full picture and giving access to the whole team. Giving access to everyone scales up the application support team and creates collaboration around providing improved application support.Stackify enables agile application supportStackify has created a solution that can give all developers a secure and read only view of the entire production server environment without console or remote desktop access.They provide a web application that provides real time visibility to the important information that developers need to see. An application centric view enables them to see all of their apps across multiple datacenters and environments. They don’t need to know where the application is deployed, just the name of the application to find it and dig in to see more. All your developers can see server health, application health, log files, config files, windows event viewer, deployment history, application notes, and much more. They can receive email and text alerts when problems arise and even safely query your production databases.Stackify enables companies that do agile development to scale up their application support team by getting more team members involved. The lead developers can spend more time on new projects. Application issues can be fixed quicker than ever. Operations can spend less time helping developers collect server information. Agile application support starts with Stackify. Visit Stackify.com to learn more.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 224 225 226 227 228 229 230 231 232 233 234 235  | Next Page >