Search Results

Search found 10670 results on 427 pages for 'session cookie'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 246/427 | < Previous Page | 242 243 244 245 246 247 248 249 250 251 252 253  | Next Page >

  • Blackberry support for Forms Authentication - ASP.NET MVC app

    - by Derek Mitchell
    I'm writing an ASP.NET MVC application that uses Forms Authentication. The target clients are a variety of mobile web browsers. When I use the BlackBerry 8530 simulator my MVC app authenticates as expected. I can visit pages whose controller methods are decorated with the [Authorize] attribute - no problem - they display and therefore I assume my Forms Authentication is working correctly. Using a physical Windows Mobile device to browse my site, I have the same experience as the BB simulator, the forms authentication works as I would expect. BUT when I try to visit the site using a Blackberry 8900 physical device the Login page keeps on looping back when I click the Login page. The device is not retaining it's "authenticated" status. I added code to verify this and I can see that: Request.IsAuthenticated: False User.Identity.IsAuthenticated: False So my question is what next steps can I take to try and find out why the Blackberry 8900 is losing it's authentication status. Is this cookie related? Anyone have any ideas? Cheers Derek

    Read the article

  • In apache cxf, How do i know the soap request message is gzip compressed?

    - by aspirant75
    I'm using Apache CXF to send soap message. in specific case, i have to send a soap message gzip compressed. Using log4j, i printed detailed info. would you let me know how i can know the message is gzip compressed and transfered to server. thanks in advance. Below is my java code for gzip and log info. java code Client cxfClient = ClientProxy.getClient(port); /** Logging Interceptor */ cxfClient.getInInterceptors().add(new GZIPInInterceptor()); cxfClient.getOutInterceptors().add(new GZIPOutInterceptor()); log info 20120814 18:56:15,351 DEBUG Interceptors contributed by bus: [] 20120814 18:56:15,351 DEBUG Interceptors contributed by client: [org.apache.cxf.transport.http.gzip.GZIPOutInterceptor@1682a53] 20120814 18:56:15,351 DEBUG Interceptors contributed by endpoint: [org.apache.cxf.interceptor.MessageSenderInterceptor@1b2d7df, org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@7a9224, org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@110b640, org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@2d59a3] 20120814 18:56:15,351 DEBUG Interceptors contributed by binding: [org.apache.cxf.interceptor.AttachmentOutInterceptor@158015a, org.apache.cxf.interceptor.StaxOutInterceptor@c0c8b5, org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@b914b3, org.apache.cxf.interceptor.BareOutInterceptor@fdfc58, org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@c22a3b, org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@1629e71] 20120814 18:56:15,351 DEBUG Interceptors contributed by databinding: [] 20120814 18:56:15,357 DEBUG Adding interceptor org.apache.cxf.transport.http.gzip.GZIPOutInterceptor@1682a53 to phase prepare-send 20120814 18:56:15,358 DEBUG Adding interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@1b2d7df to phase prepare-send 20120814 18:56:15,358 DEBUG Adding interceptor org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@7a9224 to phase pre-logical 20120814 18:56:15,358 DEBUG Adding interceptor org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@110b640 to phase pre-logical 20120814 18:56:15,358 DEBUG Adding interceptor org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@2d59a3 to phase pre-logical 20120814 18:56:15,358 DEBUG Adding interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor@158015a to phase pre-stream 20120814 18:56:15,358 DEBUG Adding interceptor org.apache.cxf.interceptor.StaxOutInterceptor@c0c8b5 to phase pre-stream 20120814 18:56:15,358 DEBUG Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@b914b3 to phase pre-logical 20120814 18:56:15,358 DEBUG Adding interceptor org.apache.cxf.interceptor.BareOutInterceptor@fdfc58 to phase marshal 20120814 18:56:15,358 DEBUG Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@c22a3b to phase post-logical 20120814 18:56:15,359 DEBUG Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@1629e71 to phase write 20120814 18:56:15,360 DEBUG Chain org.apache.cxf.phase.PhaseInterceptorChain@31688f was created. Current flow: pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] post-logical [SoapPreProtocolOutInterceptor] prepare-send [MessageSenderInterceptor, GZIPOutInterceptor] pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] write [SoapOutInterceptor] marshal [BareOutInterceptor] 20120814 18:56:15,361 DEBUG Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.HolderOutInterceptor@2d59a3 20120814 18:56:15,361 DEBUG op: [OperationInfo: {https://asp.cyberbooking.co.kr/TopasApiSvc/services}getAirAvail] 20120814 18:56:15,361 DEBUG op.hasOutput(): true 20120814 18:56:15,361 DEBUG op.getOutput().size(): 2 20120814 18:56:15,361 DEBUG Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.SwAOutInterceptor@7a9224 20120814 18:56:15,364 DEBUG Invoking handleMessage on interceptor org.apache.cxf.jaxws.interceptors.WrapperClassOutInterceptor@110b640 20120814 18:56:15,364 DEBUG Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapHeaderOutFilterInterceptor@b914b3 20120814 18:56:15,365 DEBUG Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapPreProtocolOutInterceptor@c22a3b 20120814 18:56:15,365 DEBUG Invoking handleMessage on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@1b2d7df 20120814 18:56:15,365 DEBUG Adding interceptor org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@dc9065 to phase prepare-send-ending 20120814 18:56:15,366 DEBUG Chain org.apache.cxf.phase.PhaseInterceptorChain@31688f was modified. Current flow: pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] post-logical [SoapPreProtocolOutInterceptor] prepare-send [MessageSenderInterceptor, GZIPOutInterceptor] pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] write [SoapOutInterceptor] marshal [BareOutInterceptor] prepare-send-ending [MessageSenderEndingInterceptor] 20120814 18:56:15,366 DEBUG Invoking handleMessage on interceptor org.apache.cxf.transport.http.gzip.GZIPOutInterceptor@1682a53 20120814 18:56:15,366 DEBUG Requestor role, so gzip enabled 20120814 18:56:15,366 DEBUG gzip permitted: YES 20120814 18:56:15,367 DEBUG Invoking handleMessage on interceptor org.apache.cxf.interceptor.AttachmentOutInterceptor@158015a 20120814 18:56:15,367 DEBUG Invoking handleMessage on interceptor org.apache.cxf.interceptor.StaxOutInterceptor@c0c8b5 20120814 18:56:15,370 DEBUG Adding interceptor org.apache.cxf.interceptor.StaxOutInterceptor$StaxOutEndingInterceptor@1f488f1 to phase pre-stream-ending 20120814 18:56:15,370 DEBUG Chain org.apache.cxf.phase.PhaseInterceptorChain@31688f was modified. Current flow: pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] post-logical [SoapPreProtocolOutInterceptor] prepare-send [MessageSenderInterceptor, GZIPOutInterceptor] pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] write [SoapOutInterceptor] marshal [BareOutInterceptor] pre-stream-ending [StaxOutEndingInterceptor] prepare-send-ending [MessageSenderEndingInterceptor] 20120814 18:56:15,370 DEBUG Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor@1629e71 20120814 18:56:15,383 DEBUG Adding interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor@1ce663c to phase write-ending 20120814 18:56:15,384 DEBUG Chain org.apache.cxf.phase.PhaseInterceptorChain@31688f was modified. Current flow: pre-logical [HolderOutInterceptor, SwAOutInterceptor, WrapperClassOutInterceptor, SoapHeaderOutFilterInterceptor] post-logical [SoapPreProtocolOutInterceptor] prepare-send [MessageSenderInterceptor, GZIPOutInterceptor] pre-stream [AttachmentOutInterceptor, StaxOutInterceptor] write [SoapOutInterceptor] marshal [BareOutInterceptor] write-ending [SoapOutEndingInterceptor] pre-stream-ending [StaxOutEndingInterceptor] prepare-send-ending [MessageSenderEndingInterceptor] 20120814 18:56:15,384 DEBUG Invoking handleMessage on interceptor org.apache.cxf.interceptor.BareOutInterceptor@fdfc58 20120814 18:56:15,387 DEBUG Compressing message. 20120814 18:56:15,388 DEBUG Sending POST Message with Headers to http://test.co.kr:80/###/###/###Conduit :{https://test.co.kr/###/####}###.http-conduit Content-Type: text/xml; charset=UTF-8 20120814 18:56:15,388 DEBUG SOAPAction: "getAirAvail" 20120814 18:56:15,388 DEBUG Accept: */* 20120814 18:56:15,388 DEBUG Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0 20120814 18:56:15,388 DEBUG Content-Encoding: gzip 20120814 18:56:15,388 DEBUG No Trust Decider for Conduit '{https://test.co.kr/###/###}###.http-conduit'. An afirmative Trust Decision is assumed. 20120814 18:56:15,394 DEBUG Invoking handleMessage on interceptor org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor@1ce663c 20120814 18:56:15,394 DEBUG Invoking handleMessage on interceptor org.apache.cxf.interceptor.StaxOutInterceptor$StaxOutEndingInterceptor@1f488f1 20120814 18:56:15,394 DEBUG Invoking handleMessage on interceptor org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@dc9065 20120814 18:56:15,459 DEBUG Response Code: 200 Conduit: {https://test.co.kr/###/###}###.http-conduit 20120814 18:56:15,459 DEBUG Content length: 11034 20120814 18:56:15,459 DEBUG Header fields: null: [HTTP/1.1 200 OK] Content-Language: [ko-KR] Date: [Tue, 14 Aug 2012 09:56:15 GMT] Content-Length: [11034] P3P: [CP='CAO PSA CONi OTR OUR DEM ONL'] Expires: [Thu, 01 Dec 1994 16:00:00 GMT] Keep-Alive: [timeout=10, max=100] Set-Cookie: [WMONID=mL6rq_Irpa_; Expires=Wed, 14 Aug 2013 09:56:15 GMT; Path=/] Connection: [Keep-Alive] Content-Type: [text/xml; charset=utf-8] Server: [IBM_HTTP_Server] Cache-Control: [no-cache="set-cookie, set-cookie2"]

    Read the article

  • Single Sign On with Forms Authentication

    - by Christo Fur
    I am trying to set up Single sign on for 2 websites that reside on the same domain e.g. http://mydomain (top level site that contains a forms-auth login page) http://mydomain/admin (seperately developed website residing in a Virtual Application within the parent website) Have read a few articles on Single Sign on e.g. http://www.codeproject.com/KB/aspnet/SingleSignon.aspx And they seem to suggest it is just a case of having the same machinekey section in each web.config so that the cookie encryprion and decryption is the same for each application I have set this up and I never get prompted for credentials in the sub-website (the virtual application) I always get prompted in the parent site. In addition to having the same machinekey I've also tried adding the same <authentication> and <authorisation> elements Any idea what I could be missing?

    Read the article

  • Facebook and dotnetopenauth issue

    - by Adiel
    Hi We established an OpenID provider at BioSignID.com base on DotNetOpenAuth. (the authentication is base on signaturs with silverlight client...) As we tried to login to facebook we encounter a problem with IE (6,7,8). In FF and Chrome the loggin process was fine. On the server logs I can see the FB reqeust but the user somehow is NOT authenticated. In fiddler I can see that the authentication cookie not sent. I've tried to transfer the server.aspx calls to https but then I cannot make the connection between my FB account and my BioSignId account. Any ideas? Thanks

    Read the article

  • .NET Build Process

    - by Nix
    All I am looking for the best free set of tools to be used in a MS Based build process. Checkout, Build, Package, Test, Deploy, etc. I know this question has been asked before but it was over 2 years ago, and in our world that is an eternity. I am looking to develop a pattern that is easily adapted to similar projects. Almost like a template/cookie cutter system. I am currently looking into using CruiseControl, Powershell, MSBuild suite of tools. If we choose to move to 4.0 will we have issues? Are there better alternatives? Limitations ? Or will these pretty much meet my needs. One piece that i am never happy with is the process of packaging. We actually have opted in the past to just use Visual Studio Deployment Projects but those are very* ancient and my fear is WIX will be too complicated for the people implementing it.

    Read the article

  • Using NHibernate Criteria API to select sepcific set of data together with a count

    - by mfloryan
    I have the following domain set up for persistence with NHibernate: I am using the PaperConfiguration as the root aggregate. I want to select all PaperConfiguration objects for a given Tier and AcademicYearConfiguration. This works really well as per the following example: ICriteria criteria = session.CreateCriteria<PaperConfiguration>() .Add(Restrictions.Eq("AcademicYearConfiguration", configuration)) .CreateCriteria("Paper") .CreateCriteria("Unit") .CreateCriteria("Tier") .Add(Restrictions.Eq("Id", tier.Id)) return criteria.List<PaperConfiguration>(); (Perhaps there is a better way of doing this though). Yet also need to know how many ReferenceMaterials there are for each PaperConfiguration and I would like to get it in the same call. Avoid HQL - I already have an HQL solution for it. I know this is what projections are for and this question suggests an idea but I can't get it to work. I have a PaperConfigurationView that has, instead of IList<ReferenceMaterial> ReferenceMaterials the ReferenceMaterialCount and was thinking along the lines of ICriteria criteria = session.CreateCriteria<PaperConfiguration>() .Add(Restrictions.Eq("AcademicYearConfiguration", configuration)) .CreateCriteria("Paper") .CreateCriteria("Unit") .CreateCriteria("Tier") .Add(Restrictions.Eq("Id", tier.Id)) .SetProjection( Projections.ProjectionList() .Add(Projections.Property("IsSelected"), "IsSelected") .Add(Projections.Property("Paper"), "Paper") // and so on for all relevant properties .Add(Projections.Count("ReferenceMaterials"), "ReferenceMaterialCount") .SetResultTransformer(Transformers.AliasToBean<PaperConfigurationView>()); return criteria.List< PaperConfigurationView >(); unfortunately this does not work. What am I doing wrong? The following simplified query: ICriteria criteria = session.CreateCriteria<PaperConfiguration>() .CreateCriteria("ReferenceMaterials") .SetProjection( Projections.ProjectionList() .Add(Projections.Property("Id"), "Id") .Add(Projections.Count("ReferenceMaterials"), "ReferenceMaterialCount") ).SetResultTransformer(Transformers.AliasToBean<PaperConfigurationView>()); return criteria.List< PaperConfigurationView >(); creates this rather unexpected SQL: SELECT this_.Id as y0_, count(this_.Id) as y1_ FROM Domain.PaperConfiguration this_ inner join Domain.ReferenceMaterial referencem1_ on this_.Id=referencem1_.PaperConfigurationId The above query fails with ADO.NET error as it obviously is not a correct SQL since it is missing a group by or the count being count(referencem1_.Id) rather than (this_.Id). NHibernate mappings: <class name="PaperConfiguration" table="PaperConfiguration"> <id name="Id" type="Int32"> <column name="Id" sql-type="int" not-null="true" unique="true" index="PK_PaperConfiguration"/> <generator class="native" /> </id> <!-- IPersistent --> <version name="VersionLock" /> <!-- IAuditable --> <property name="WhenCreated" type="DateTime" /> <property name="CreatedBy" type="String" length="50" /> <property name="WhenChanged" type="DateTime" /> <property name="ChangedBy" type="String" length="50" /> <property name="IsEmeEnabled" type="boolean" not-null="true" /> <property name="IsSelected" type="boolean" not-null="true" /> <many-to-one name="Paper" column="PaperId" class="Paper" not-null="true" access="field.camelcase"/> <many-to-one name="AcademicYearConfiguration" column="AcademicYearConfigurationId" class="AcademicYearConfiguration" not-null="true" access="field.camelcase"/> <bag name="ReferenceMaterials" generic="true" cascade="delete" lazy="true" inverse="true"> <key column="PaperConfigurationId" not-null="true" /> <one-to-many class="ReferenceMaterial" /> </bag> </class> <class name="ReferenceMaterial" table="ReferenceMaterial"> <id name="Id" type="Int32"> <column name="Id" sql-type="int" not-null="true" unique="true" index="PK_ReferenceMaterial"/> <generator class="native" /> </id> <!-- IPersistent --> <version name="VersionLock" /> <!-- IAuditable --> <property name="WhenCreated" type="DateTime" /> <property name="CreatedBy" type="String" length="50" /> <property name="WhenChanged" type="DateTime" /> <property name="ChangedBy" type="String" length="50" /> <property name="Name" type="String" not-null="true" /> <property name="ContentFile" type="String" not-null="false" /> <property name="Position" type="int" not-null="false" /> <property name="CommentaryName" type="String" not-null="false" /> <property name="CommentarySubjectTask" type="String" not-null="false" /> <property name="CommentaryPointScore" type="String" not-null="false" /> <property name="CommentaryContentFile" type="String" not-null="false" /> <many-to-one name="PaperConfiguration" column="PaperConfigurationId" class="PaperConfiguration" not-null="true"/> </class>

    Read the article

  • Facebook canvas Iframe App authentication problem.

    - by itsoft3g
    hi, I am in the conversion process of facebook app from fbml to iframe. Now i am testing using few iframe pages. $user = $facebook->require_login(); It gives the current user logged in. Once it get the variable from the facebook.com it saves in cookie by the PHP API provided by facebook). I logged out using another tab of facebook and i tryed using my app without refreshing the whole site (by just using the links inside my app). It still gives the $user variable. It indicates that user has logged in instead of user logged out. Please help me out. I want my app secured. It looks my iframe app accessible when we select "open this frame in new window". I need a solution for this too. Thanks in advance.

    Read the article

  • RedirectFromLogin in Silverlight Login Page

    - by Oliver
    I am busy writing a login page in Silverlight. I am using an Authentication Service that processes the logins and I am also creating a custom Membership and Roles providers. Everything is working but I need some assistance. I would like some advice on how to redirect the user to page they came from before they were pushed to the Login page. Basically I want the same behavior as the standard ASP.Net login. I am fully aware of the differences between ASP and Silverlight regarding Client and Server side models. I can do the navigation but I always lose the session and cookie when I perform HtmlPage.Window.Navigate() to the ReturnUrl...

    Read the article

  • get site source code as register user(c#)

    - by nir143
    hi. i downloaded a sourcecode of a site,but i downloaded it i saw it identify my program as a guest,i search at google and figure out that i can send a cookie when i "ask" the source code. that what i have managed to do and it still dont identify me as register user: CookieContainer cj = new; CookieContainer(); string all = ""; HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Url); req.CookieContainer = cj; HttpWebResponse res = (HttpWebResponse)req.GetResponse(); CookieCollection cs=cj.GetCookies(req.RequestUri); CookieContainer cc = new CookieContainer(); cc.Add(cs); req.CookieContainer = cc; StreamReader read = new StreamReader(res.GetResponseStream()); all = read.ReadToEnd(); read.Close(); return all; what is wrong here? tyvm for help:)

    Read the article

  • Tomcat cookies not working via my ProxyPass VirtualHost

    - by John
    Hi there. I'm having some issues with getting cookies to work when using a ProxyPass to redirect traffic on port 80 to a web-application hosted via Tomcat. My motivation for enabling cookies is to get rid of the "jsessionid=" parameter that is appended to the URLs. I've enabled cookies in my context.xml in META-INF/ for my web application. When I access the webapplication via http://url:8080/webapp it works as expected, the jsessionid parameter is not visible in the URL, instead it's stored in a cookie. When accessing my website via an apache2 virtualhost the cookies doesn't seem to work because now "jsessionid" is being appended to the URLs. How can I solve this issue? Here's my VHost configuration: <VirtualHost *:80 ServerName somedomain.no ServerAlias www.somedomain.no <Proxy * Order deny,allow Allow from all </Proxy ProxyPreserveHost Off ProxyPass / http://localhost:8080/webapp/ ProxyPassReverse / http://localhost:8080/webapp/ ErrorLog /var/log/apache2/somedomain.no.error.log CustomLog /var/log/apache2/somedomain.no.access.log combined </VirtualHost

    Read the article

  • iPhone - Web Access Authentication

    - by Terry
    I am building a secure app for our exec's... here is my setup. It's a somewhat Macgyver approach, but bear with me :) There are only 10 users, I have a record of each uniqueIdentifier on my backend in a database table. (This is internal only for our users, so I don't believe I am breaking the public user registration rule mentioned in the API docs) Through adhoc distribution I install my app on all 10 devices My app is simply composed of a UIWebView. When the app starts it does a POST to our https site sending the uniqueIdentifier. (Thanks to this answer) The server page that recieves the POST, checks the uniqueIdentifier and if found sets a session cookie that automatically logs them into the site. This way the user doesn't have to enter in their credentials every time. So what do you think, is there a security hole with this? Thanks

    Read the article

  • Testing across multiple sessions in merb using webrat

    - by m7d
    I want to test across multiple sessions using webrat in merb. Apparently, this is fairly easy to accomodate in Rails via: http://erikonrails.snowedin.net/?p=159. Following the same logic, I am trying to do something that follows that pattern for merb and webrat. Here is an attempt (which does not work because MerbAdapter does not respond to visit and other webrat session methods; I don't want to take too much more time with this so I have stopped here for now): # defined in test.rb environment file module Merb #:nodoc: module Test #:nodoc: module RequestHelper #:nodoc: def in_a_separate_session old = @_webrat_session.response.clone @_webrat_session = Webrat::MerbAdapter.new yield @_webrat_session.response = old end end end end I tried a few other ideas, but obviously I am missing something. Anyone else know how this would be done in merb? I think I could specify a cookie jar using the request mock, but I prefer to do this with webrat.

    Read the article

  • Drupal Migration Problem

    - by Gok Demir
    After migrating my Drupal (6.16) installation from shared hosting to Linode VPS (Ubunto 10.04 32 bit). Whenever I click a URL it shows only the homepage. I put ?q=user at the end of the URL to login as an admin. When I logged in it is the same. I couldn't navigate to any URL. It shows only homepage. I forgot to clean Drupal cache before migration. Is it because of this? I couldn't navigate to Administer Site configuration Performance to clean cache, nothing works. By the way .htaccess Rewrite on enabled as shown below. apache2 apache2-doc apache2-utils libapache2-mod-php5 php5 php-pear php5-xcache php5-suhosin php5-mysql packages are installed. What can I do? # # Apache/PHP/Drupal settings: # # Protect files and directories from prying eyes. <FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$"> Order allow,deny </FilesMatch> # Don't show directory listings for URLs which map to a directory. Options -Indexes # Follow symbolic links in this directory. Options +FollowSymLinks # Make Drupal handle any 404 errors. ErrorDocument 404 /index.php # Force simple error message for requests for non-existent favicon.ico. <Files favicon.ico> # There is no end quote below, for compatibility with Apache 1.3. ErrorDocument 404 "The requested file favicon.ico was not found. </Files> # Set the default handler. DirectoryIndex index.php # Override PHP settings. More in sites/default/settings.php # but the following cannot be changed at runtime. # PHP 4, Apache 1. <IfModule mod_php4.c> php_value magic_quotes_gpc 0 php_value register_globals 0 php_value session.auto_start 0 php_value mbstring.http_input pass php_value mbstring.http_output pass php_value mbstring.encoding_translation 0 </IfModule> # PHP 4, Apache 2. <IfModule sapi_apache2.c> php_value magic_quotes_gpc 0 php_value register_globals 0 php_value session.auto_start 0 php_value mbstring.http_input pass php_value mbstring.http_output pass php_value mbstring.encoding_translation 0 </IfModule> # PHP 5, Apache 1 and 2. <IfModule mod_php5.c> php_value magic_quotes_gpc 0 php_value register_globals 0 php_value session.auto_start 0 php_value mbstring.http_input pass php_value mbstring.http_output pass php_value mbstring.encoding_translation 0 </IfModule> # Requires mod_expires to be enabled. <IfModule mod_expires.c> # Enable expirations. ExpiresActive On # Cache all files for 2 weeks after access (A). ExpiresDefault A1209600 <FilesMatch \.php$> # Do not allow PHP scripts to be cached unless they explicitly send cache # headers themselves. Otherwise all scripts would have to overwrite the # headers set by mod_expires if they want another caching behavior. This may # fail if an error occurs early in the bootstrap process, and it may cause # problems if a non-Drupal PHP file is installed in a subdirectory. ExpiresActive Off </FilesMatch> </IfModule> # Various rewrite rules. <IfModule mod_rewrite.c> RewriteEngine on # If your site can be accessed both with and without the 'www.' prefix, you # can use one of the following settings to redirect users to your preferred # URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option: # # To redirect all users to access the site WITH the 'www.' prefix, # (http://example.com/... will be redirected to http://www.example.com/...) # adapt and uncomment the following: # RewriteCond %{HTTP_HOST} ^example\.com$ [NC] # RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301] # # To redirect all users to access the site WITHOUT the 'www.' prefix, # (http://www.example.com/... will be redirected to http://example.com/...) # uncomment and adapt the following: # RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC] # RewriteRule ^(.*)$ http://example.com/$1 [L,R=301] # Modify the RewriteBase if you are using Drupal in a subdirectory or in a # VirtualDocumentRoot and the rewrite rules are not working properly. # For example if your site is at http://example.com/drupal uncomment and # modify the following line: # RewriteBase /drupal # # If your site is running in a VirtualDocumentRoot at http://example.com/, # uncomment the following line: # RewriteBase / # Rewrite URLs of the form 'x' to the form 'index.php?q=x'. RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !=/favicon.ico RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] </IfModule>

    Read the article

  • Example website login/registration code?

    - by Phil Wright
    I am looking at building the login/registration part of a website (ASP.NET) and would like to see some example code or instructions on how to do this properly. For example, how to correctly use cookies and how to encrypt what is stored in the cookie to ensure the session persists until they logout/timeout. I do not want to use the builtin ASP.NET Membership/Provider stuff as it looks painful to use and not very flexible. Please do not answer with 'This is how easy the ASP.NET Membership/Providre stuff is to use, just check this out and you will use it!' as I don't want to use it!

    Read the article

  • Understanding NSHTTPCookieStorage for the iPhone

    - by psychotik
    Maybe I'm missing something, but from Apple's documentation for NSHTTPCookieStorage, I can't help but wonder how this is safe to use. Does this mean that cookie storage is shared across all apps on the iPhone? If my app makes an Http call that results in some cookies being saved, do all apps now have access to these cookies? Methods like: cookiesForURL: Returns all the receiver's cookies that will be sent to a specified URL. make it look even more suspicious. Can someone explain how this is OK, and what the class does? Also, assuming my understanding is flawed and this is indeed sandboxed per-app, do calls made using NSURLRequest automatically save/retrieve cookies from this store or is it the developers responsibility to set request headers before dispatching the request?

    Read the article

  • How does Windows LIve ID work?

    - by Morgan Cheng
    I happens to find this nice article explaining how OpenID works. Clearly, OpenID consumer and OpenID server transfer information through URL query string. I'm wondering how Live ID accomplish similar functionality. It seems the info is not exchanged through query string in URL. And, since Live ID login server have different domain name from consumer domain, it is not applicable to transfer info through cookie. I tried to google tutorial of Live ID, but the result is full of jargon and hard to understand. Is there any easy-to-understand tutorial about How Live ID works?

    Read the article

  • Getting the username in Twitter using OAuth 0.1.1 Grails plugin

    - by firnnauriel
    anyone had tried using http://www.grails.org/plugin/oauth? i'm trying it in twitter.com and i'm having an issue on getting the username or accessing this API: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0verify_credentials here's the code in my callback URL: def twitterCallback = { def response = oauthService.accessResource('http://api.twitter.com/1/account/verify_credentials.json','twitter', session.oauthToken) log.debug "response: ${response}" } i keep getting this error: 2010-04-22 14:32:56,842 [http-8081-1] WARN httpclient.HttpMethodBase - Cookie rejected: "$Version=0; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMQcOCQoAToHaWQiJThiYWY4MGI1YTY1M2U0%250AYTRhNjAzYTA2NTBmNjkzZTYwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--31d191141bf32e0489967492692f1e77fc9e1845; $Path=/; $Domain=.twitter.com". Illegal domain attribute ".twitter.com". Domain of origin: "twitter.com" 2010-04-22 14:32:56,854 [http-8081-1] INFO auth.AuthChallengeProcessor - basic authentication scheme selected 2010-04-22 14:32:56,856 [http-8081-1] INFO httpclient.HttpMethodDirector - No credentials available for BASIC 'Twitter API'@twitter.com:80 2010-04-22 14:32:56,865 [http-8081-1] ERROR errors.GrailsExceptionResolver - null it seems that it uses BASIC authentication instead of OAuth. any ideas? or is there an issue in the OAuth Grails plugin? thanks.

    Read the article

  • Retry web service call if authentication failure requires re-login

    - by Pete
    I'm consuming a web service from C#, and the web service requires a login call and then uses cookie sessions. The web service will time out sessions after a certain timeframe, after which the client will have to re-login. I'd like to find a way to automatically catch the soap fault the service sends back in this scenario, and handle it by re-logging in and then retrying the previously attempted call. I would prefer to do this somehow automatically for all the web service methods in question, rather than having to manually wrap the calls with the retry logic. Suggestions?

    Read the article

  • Review my ASP.NET Authentication code.

    - by Niels Bosma
    I have had some problems with authentication in ASP.NET. I'm not used most of the built in authentication in .NET. I gotten some complaints from users using Internet Explorer (any version - may affect other browsers as well) that the login process proceeds but when redirected they aren't authenticated and are bounced back to loginpage (pages that require authentication check if logged in and if not redirect back to loginpage). Can this be a cookie problem? Do I need to check if cookies are enabled by the user? What's the best way to build authentication if you have a custom member table and don't want to use ASP.NET login controls? Here my current code: using System; using System.Linq; using MyCompany; using System.Web; using System.Web.Security; using MyCompany.DAL; using MyCompany.Globalization; using MyCompany.DAL.Logs; using MyCompany.Logging; namespace MyCompany { public class Auth { public class AuthException : Exception { public int StatusCode = 0; public AuthException(string message, int statusCode) : base(message) { StatusCode = statusCode; } } public class EmptyEmailException : AuthException { public EmptyEmailException() : base(Language.RES_ERROR_LOGIN_CLIENT_EMPTY_EMAIL, 6) { } } public class EmptyPasswordException : AuthException { public EmptyPasswordException() : base(Language.RES_ERROR_LOGIN_CLIENT_EMPTY_PASSWORD, 7) { } } public class WrongEmailException : AuthException { public WrongEmailException() : base(Language.RES_ERROR_LOGIN_CLIENT_WRONG_EMAIL, 2) { } } public class WrongPasswordException : AuthException { public WrongPasswordException() : base(Language.RES_ERROR_LOGIN_CLIENT_WRONG_PASSWORD, 3) { } } public class InactiveAccountException : AuthException { public InactiveAccountException() : base(Language.RES_ERROR_LOGIN_CLIENT_INACTIVE_ACCOUNT, 5) { } } public class EmailNotValidatedException : AuthException { public EmailNotValidatedException() : base(Language.RES_ERROR_LOGIN_CLIENT_EMAIL_NOT_VALIDATED, 4) { } } private readonly string CLIENT_KEY = "9A751E0D-816F-4A92-9185-559D38661F77"; private readonly string CLIENT_USER_KEY = "0CE2F700-1375-4B0F-8400-06A01CED2658"; public Client Client { get { if(!IsAuthenticated) return null; if(HttpContext.Current.Items[CLIENT_KEY]==null) { HttpContext.Current.Items[CLIENT_KEY] = ClientMethods.Get<Client>((Guid)ClientId); } return (Client)HttpContext.Current.Items[CLIENT_KEY]; } } public ClientUser ClientUser { get { if (!IsAuthenticated) return null; if (HttpContext.Current.Items[CLIENT_USER_KEY] == null) { HttpContext.Current.Items[CLIENT_USER_KEY] = ClientUserMethods.GetByClientId((Guid)ClientId); } return (ClientUser)HttpContext.Current.Items[CLIENT_USER_KEY]; } } public Boolean IsAuthenticated { get; set; } public Guid? ClientId { get { if (!IsAuthenticated) return null; return (Guid)HttpContext.Current.Session["ClientId"]; } } public Guid? ClientUserId { get { if (!IsAuthenticated) return null; return ClientUser.Id; } } public int ClientTypeId { get { if (!IsAuthenticated) return 0; return Client.ClientTypeId; } } public Auth() { if (HttpContext.Current.User.Identity.IsAuthenticated) { IsAuthenticated = true; } } public void RequireClientOfType(params int[] types) { if (!(IsAuthenticated && types.Contains(ClientTypeId))) { HttpContext.Current.Response.Redirect((new UrlFactory(false)).GetHomeUrl(), true); } } public void Logout() { Logout(true); } public void Logout(Boolean redirect) { FormsAuthentication.SignOut(); IsAuthenticated = false; HttpContext.Current.Session["ClientId"] = null; HttpContext.Current.Items[CLIENT_KEY] = null; HttpContext.Current.Items[CLIENT_USER_KEY] = null; if(redirect) HttpContext.Current.Response.Redirect((new UrlFactory(false)).GetHomeUrl(), true); } public void Login(string email, string password, bool autoLogin) { Logout(false); email = email.Trim().ToLower(); password = password.Trim(); int status = 1; LoginAttemptLog log = new LoginAttemptLog { AutoLogin = autoLogin, Email = email, Password = password }; try { if (string.IsNullOrEmpty(email)) throw new EmptyEmailException(); if (string.IsNullOrEmpty(password)) throw new EmptyPasswordException(); ClientUser clientUser = ClientUserMethods.GetByEmailExcludingProspects(email); if (clientUser == null) throw new WrongEmailException(); if (!clientUser.Password.Equals(password)) throw new WrongPasswordException(); Client client = clientUser.Client; if (!(bool)client.PreRegCheck) throw new EmailNotValidatedException(); if (!(bool)client.Active || client.DeleteFlag.Equals("y")) throw new InactiveAccountException(); FormsAuthentication.SetAuthCookie(client.Id.ToString(), true); HttpContext.Current.Session["ClientId"] = client.Id; log.KeyId = client.Id; log.KeyEntityId = ClientMethods.GetEntityId(client.ClientTypeId); } catch (AuthException ax) { status = ax.StatusCode; log.Success = status == 1; log.Status = status; } finally { LogRecorder.Record(log); } } } }

    Read the article

  • Django BigInteger auto-increment field as primary key?

    - by Alex Letoosh
    Hi all, I'm currently building a project which involves a lot of collective intelligence. Every user visiting the web site gets created a unique profile and their data is later used to calculate best matches for themselves and other users. By default, Django creates an INT(11) id field to handle models primary keys. I'm concerned with this being overflown very quickly (i.e. ~2.4b devices visiting the page without prior cookie set up). How can I change it to be represented as BIGINT in MySQL and long() inside Django itself? I've found I could do the following (http://docs.djangoproject.com/en/dev/ref/models/fields/#bigintegerfield): class MyProfile(models.Model): id = BigIntegerField(primary_key=True) But is there a way to make it autoincrement, like usual id fields? Additionally, can I make it unsigned so that I get more space to fill in? Thanks!

    Read the article

  • Invalidating ASP.NET FormsAuthentication server side

    - by Rob Walker
    I am experimenting with FormsAuthentication (using ASP.NET MVC2) and it is working fairly well. However, one case I can't work out how to deal with is validating the user identity on the server to ensure it is still valid from the server's perspective. eg. User logs in ... gets a cookie/ticket Out of band the user is deleted on the server side User makes a new request to the server. HttpContext.User.Identity.Name is set to the deleted user. I can detect this fine, but what is the correct way to handle it? Calling FormsAuthentication.SignOut in the OnAuthorization on OnActionExecuting events is too late to affect the current request. Alternatively I would like to be able to calls FormsAuthentication.InvalidateUser(...) when the user is deleted (or database recreated) to invalidate all tickets for a given (or all) users. But I can't find an API to do this.

    Read the article

  • Ruby on Rails protect_from_forgery best practice

    - by randombits
    I'm currently working on building a RESTful web api with ruby on rails. I haven't bothered putting a proper authentication scheme into the API yet as I'm ensuring that tests and the basic behavior of the API is working all locally first. Upon testing non-HTTP GET type requests such as HTTP POST/DELETE/PUT, stuff chokes because protect_from_forgery is on by default. How does this work when I'm working in practice since essentially the idea is in a RESTful API that there is no state. The client does not have a session or a cookie associated with the server. Each request is an atomic, self-executed request. The user will supply some credentials to ensure they are who they say they are, but other than that, does protect_from_forgery make sense at this point? Should it remain enabled?

    Read the article

  • How can I connect to a mail server using SMTP over SSL using Python?

    - by jakecar
    Hello, So I have been having a hard time sending email from my school's email address. It is SSL and I could only find this code online by Matt Butcher that works with SSL: import smtplib, socket version = "1.00" all = ['SMTPSSLException', 'SMTP_SSL'] SSMTP_PORT = 465 class SMTPSSLException(smtplib.SMTPException): """Base class for exceptions resulting from SSL negotiation.""" class SMTP_SSL (smtplib.SMTP): """This class provides SSL access to an SMTP server. SMTP over SSL typical listens on port 465. Unlike StartTLS, SMTP over SSL makes an SSL connection before doing a helo/ehlo. All transactions, then, are done over an encrypted channel. This class is a simple subclass of the smtplib.SMTP class that comes with Python. It overrides the connect() method to use an SSL socket, and it overrides the starttles() function to throw an error (you can't do starttls within an SSL session). """ certfile = None keyfile = None def __init__(self, host='', port=0, local_hostname=None, keyfile=None, certfile=None): """Initialize a new SSL SMTP object. If specified, `host' is the name of the remote host to which this object will connect. If specified, `port' specifies the port (on `host') to which this object will connect. `local_hostname' is the name of the localhost. By default, the value of socket.getfqdn() is used. An SMTPConnectError is raised if the SMTP host does not respond correctly. An SMTPSSLError is raised if SSL negotiation fails. Warning: This object uses socket.ssl(), which does not do client-side verification of the server's cert. """ self.certfile = certfile self.keyfile = keyfile smtplib.SMTP.__init__(self, host, port, local_hostname) def connect(self, host='localhost', port=0): """Connect to an SMTP server using SSL. `host' is localhost by default. Port will be set to 465 (the default SSL SMTP port) if no port is specified. If the host name ends with a colon (`:') followed by a number, that suffix will be stripped off and the number interpreted as the port number to use. This will override the `port' parameter. Note: This method is automatically invoked by __init__, if a host is specified during instantiation. """ # MB: Most of this (Except for the socket connection code) is from # the SMTP.connect() method. I changed only the bare minimum for the # sake of compatibility. if not port and (host.find(':') == host.rfind(':')): i = host.rfind(':') if i >= 0: host, port = host[:i], host[i+1:] try: port = int(port) except ValueError: raise socket.error, "nonnumeric port" if not port: port = SSMTP_PORT if self.debuglevel > 0: print>>stderr, 'connect:', (host, port) msg = "getaddrinfo returns an empty list" self.sock = None for res in socket.getaddrinfo(host, port, 0, socket.SOCK_STREAM): af, socktype, proto, canonname, sa = res try: self.sock = socket.socket(af, socktype, proto) if self.debuglevel > 0: print>>stderr, 'connect:', (host, port) self.sock.connect(sa) # MB: Make the SSL connection. sslobj = socket.ssl(self.sock, self.keyfile, self.certfile) except socket.error, msg: if self.debuglevel > 0: print>>stderr, 'connect fail:', (host, port) if self.sock: self.sock.close() self.sock = None continue break if not self.sock: raise socket.error, msg # MB: Now set up fake socket and fake file classes. # Thanks to the design of smtplib, this is all we need to do # to get SSL working with all other methods. self.sock = smtplib.SSLFakeSocket(self.sock, sslobj) self.file = smtplib.SSLFakeFile(sslobj); (code, msg) = self.getreply() if self.debuglevel > 0: print>>stderr, "connect:", msg return (code, msg) def setkeyfile(self, keyfile): """Set the absolute path to a file containing a private key. This method will only be effective if it is called before connect(). This key will be used to make the SSL connection.""" self.keyfile = keyfile def setcertfile(self, certfile): """Set the absolute path to a file containing a x.509 certificate. This method will only be effective if it is called before connect(). This certificate will be used to make the SSL connection.""" self.certfile = certfile def starttls(): """Raises an exception. You cannot do StartTLS inside of an ssl session. Calling starttls() will return an SMTPSSLException""" raise SMTPSSLException, "Cannot perform StartTLS within SSL session." And then my code: import ssmtplib conn = ssmtplib.SMTP_SSL('HOST') conn.login('USERNAME','PW') conn.ehlo() conn.sendmail('FROM_EMAIL', 'TO_EMAIL', "MESSAGE") conn.close() And got this error: /Users/Jake/Desktop/Beth's Program/ssmtplib.py:116: DeprecationWarning: socket.ssl() is deprecated. Use ssl.wrap_socket() instead. sslobj = socket.ssl(self.sock, self.keyfile, self.certfile) Traceback (most recent call last): File "emailer.py", line 5, in conn = ssmtplib.SMTP_SSL('HOST') File "/Users/Jake/Desktop/Beth's Program/ssmtplib.py", line 79, in init smtplib.SMTP.init(self, host, port, local_hostname) File "/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/smtplib.py", line 239, in init (code, msg) = self.connect(host, port) File "/Users/Jake/Desktop/Beth's Program/ssmtplib.py", line 131, in connect self.sock = smtplib.SSLFakeSocket(self.sock, sslobj) AttributeError: 'module' object has no attribute 'SSLFakeSocket' Thank you!

    Read the article

  • On iPhone, how do I show a login screen to get username and password before giving access to iPhone

    - by MikeN
    On iPhone, how do I show a login screen to get username and password before giving access to iPhone app? Also, does the iPhone store a cookie to the secure website like a web browser? I was thinking of giving users to my website a long API key to store in the settings of their iPhone instead of asking them to login with a username/password (seems to be the Slicehost iPhone app approach.) Which is the best way to get a user to login securely? I have full control over the design of the iPhone app and website so have a lot of flexibility.

    Read the article

  • Facebook Connect and Hash Password Encryption

    - by JamesStrocel
    I'm trying to integrate a Zen Cart site with Facebook Connect. So far, I've been able to get Zen Cart to recognize that the user has a facebook account and is logged in, but that's it. True authentication into Zen Cart eludes me because I can't figure out where a password could be stored and how to get it to Zen Cart to be compared with the password hash. I know Facebook Connect has been implemented with webapps that have such passwords like wordpress, so I know there must be a way to do it. Is the password stored in a cookie? In the Facebook application itself? Any help would be appreciated, even if it's just a place to start searching.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 242 243 244 245 246 247 248 249 250 251 252 253  | Next Page >