Search Results

Search found 11421 results on 457 pages for 'forms authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 26/457 | < Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >

  • iPhone - Web Access Authentication

    - by Terry
    I am building a secure app for our exec's... here is my setup. It's a somewhat Macgyver approach, but bear with me :) There are only 10 users, I have a record of each uniqueIdentifier on my backend in a database table. (This is internal only for our users, so I don't believe I am breaking the public user registration rule mentioned in the API docs) Through adhoc distribution I install my app on all 10 devices My app is simply composed of a UIWebView. When the app starts it does a POST to our https site sending the uniqueIdentifier. (Thanks to this answer) The server page that recieves the POST, checks the uniqueIdentifier and if found sets a session cookie that automatically logs them into the site. This way the user doesn't have to enter in their credentials every time. So what do you think, is there a security hole with this? Thanks

    Read the article

  • setting a timeout using a manually created forms authentication ticket

    - by Nicklamort
    The constructors for manually creating FormsAuthenticationTicket objects force us to set an "expiration" value, and this value overrides the "timeout" setting in web.config in my tags, which is not what I want, because now the user doesn't timeout. The "session" just expires at the given time. I need to manually create my ticket for UserData reasons, and it is just the way I decided to build my app. I guess I could spend a whole lot of time and redo the way my app. authorizes, and store the "userdata" elsewhere... but this seems extremely tedious for something so small.. Is there anyway to manually create an Auth Ticket and still maintain timeout settings?! And by timeout, I mean resetting the timer on user activity. Not a fixed timeout! Please help!

    Read the article

  • How to do HTTP authentication with Goliath/Heroku?

    - by David
    I'm using Goliath as my app server, and I am trying to convert "Ruby – Secure staging environment of your public app from users and bots" so it applies to my Goliath application. I am trying to use Rack::Static but I'm not sure how to write the code. I was trying something like: class Application < Goliath::API use(Rack::Lock) But I am not really sure how to translate the link I posted. I'm open to other alternatives, I just need my whole site password protected.

    Read the article

  • Retry web service call if authentication failure requires re-login

    - by Pete
    I'm consuming a web service from C#, and the web service requires a login call and then uses cookie sessions. The web service will time out sessions after a certain timeframe, after which the client will have to re-login. I'd like to find a way to automatically catch the soap fault the service sends back in this scenario, and handle it by re-logging in and then retrying the previously attempted call. I would prefer to do this somehow automatically for all the web service methods in question, rather than having to manually wrap the calls with the retry logic. Suggestions?

    Read the article

  • silverlight authentication

    - by user291400
    Good day! I have an silverlight site (silverlight navigation application) and I want clients to log in on my site. I want to give them different rights of viewing pages. A WCF service gives me true or false when I enter a login and a password. Then, if it returns true, I want to remember the logged user. How can I do it? Using cookies or global variable or something else?

    Read the article

  • WCF Custom Delegation/Authentication without Kerberos

    - by MichaelGG
    I'm building a simple WCF service, probably exposed via HTTPS, using NTLM security. Since not all users are going to be capable of using the service directly, we're writing a simple web front-end for the service. Users will auth with HTML to the web front-end. What we want is a way to delegate the user of the web site all the way to the WCF service. I understand Kerberos delegation can do this, but that's not available to us. What I want to do is make the web front-end account a specially trusted account, so that if a request hits the WCF service authenticated as "DOMAIN\WebApp", we read a WCF message header containing the real identity, then switch the principal to that and continue as normal. Is there any "simple" way of achieving this? Should I give up entirely on this idea, and instead make users "sign-in" to the WCF app and then do complete custom auth? The WCF extensibility and security options seem so vast, I'd like to get a heads up on which path to start heading down.

    Read the article

  • Restful authentication between two GAE apps.

    - by user259349
    Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials on the request that my consuming app will send. I dont like it cause SSL will slow things down. Security by obsecurity. Add a random number in my request that is in Xmod0, where X is a secret number that both applications know. I just,,,, dont like this. Check the HTTP header to see where is the request coming from. This option is the one that i hate the least, not alot of processing, and spoofing an HTTP request is not really worth it, for my application's data. Is there any other clean solution for this?

    Read the article

  • XmlDataProvider authentication Http issue

    - by Allen Ho
    Hi, I have an XMLDataProvider IsAsynchronous="True" x:Key="xmlData" Source="http://192.168.15.90/text.xml"/ The only problem is the Source requires authtication. I can get around this but using a HttpWebRequest in which I can pass in NetworkCredentials, but I was just wondering if there was a simpler way of passing in credentials to the XMLDataProvider

    Read the article

  • Game login authentication and security.

    - by Charles
    First off I will say I am completely new to security in coding. I am currently helping a friend develop a small game (in Python) which will have a login server. I don't have much knowledge regarding security, but I know many games do have issues with this. Everything from 3rd party applications (bots) to WPE packet manipulation. Considering how small this game will be and the limited user base, I doubt we will have serious issues, but would like to try our best to limit problems. I am not sure where to start or what methods I should use, or what's worth it. For example, sending data to the server such as login name and password. I was told his information should be encrypted when sending, so in-case someone was viewing it (with whatever means), that they couldn't get into the account. However, if someone is able to capture the encrypted string, wouldn't this string always work since it's decrypted server side? In other words, someone could just capture the packet, reuse it, and still gain access to the account? The main goal I am really looking for is to make sure the players are logging into the game with the client we provide, and to make sure it's 'secure' (broad, I know). I have looked around at different methods such as Public and Private Key encryption, which I am sure any hex editor could eventually find. There are many other methods that seem way over my head at the moment and leave the impression of overkill. I realize nothing is 100% secure. I am just looking for any input or reading material (links) to accomplish the main goal stated above. Would appreciate any help, thanks.

    Read the article

  • Rails Authentication

    - by Oluf Nielsen
    Hey, i need some help with rails, again! Last it was about Authlogic.. Well I'm gone a bit backward since.. I mean, Authlogic isn't a Authentcate system i like.. So now i wan't you guys to tell me what you think is the best! I going to use it to a project of mine. Where there has to be a few roles like Admin, User and Guest.. So might you guys can tell me what is good and what is bad..?

    Read the article

  • Authentication using exchange.

    - by user300435
    Hello, my client has an exchange server and offers free email accounts to his clients and partners. His clients need access to some web applications through login and password and need to be authenticated . i thought about creating a custom asp.net membership provider that hits exchange instead of the regular aspnetdb store. Is there a way to authenticate these users against exhange with their exchange provided email/username and password ? thank you.

    Read the article

  • Cakephp ACL authentication issue - I'm locked out

    - by Baseer
    I've followed the CakePHP Cookbook ACL tutorial And as of right now I'm just trying to add users using the scaffolding method. I'm trying to go to /users/add but it always redirects me to the login screen even though I have added $this->Auth->allow('*'); in beforeFilter() temporarily to allow access to all pages. I've done this in both the UsersController and GroupsController as the tutorial asked. Below is my code for UsersController which I think will be the most relevant of all the files. Let me know if any other piece of code is required. <?php class UsersController extends AppController { var $name = 'Users'; var $scaffold; function beforeFilter() { parent::beforeFilter(); $this->Auth->allow('*'); } function login() { //Auth Magic } function logout() { //Leave empty for now. } } ?> I think I've pretty much followed the tutorial, any ideas as to what I may be missing? Thanks. I've been stuck on this for a while. =(

    Read the article

  • Custom RIA Authentication

    - by cmaduro
    Following the steps in this post: http://forums.silverlight.net/forums/t/177042.aspx Where/How do I add the [Key] attribute on the Name property of the IAuthentication where User is one of my ADO.Net Entity objects? My options so far seem to be: In the designer codebehind of me ADO.Net Entity Model. Create a partial User class and add it there In the AuthenticationService.metadata.cs partial User class. It just does not seem to work no matter where I place the [Key] attribute.

    Read the article

  • Checking Drupal authentication from external PHP

    - by peppergrower
    This may well be simple, but I'm new to Drupal. The organization I work for switched to Drupal a little while ago, but there's still some legacy code in various external PHP files that would be cumbersome to convert over to work within Drupal. However, it would be very nice to be able to restrict access to some of these pages based on a person being authenticated against Drupal. (Some pages are administrative and are currently visible to anyone who knows the URL, for instance. Yes, poor design, but that's what I inherited...) How can I check with Drupal, from an external PHP file, to see if the person visiting a given page has authenticated?

    Read the article

  • SVN authz, path-based authentication woes

    - by Ronny
    [groups] developer = a,b,c doc = r,x [/doc] @doc = rw @developer = rw [/] @developer = rw * = If now a member of the group doc tries to check out the documentation, it does not work. I want members of doc just to be able to check out the sub-dir doc, anything else is forbidden. Any ideas howto achieve this? kind regards ronny [update] client: svn, version 1.5.4 (r33841) server: svn, Version 1.4.6 (r28521) access via svn+ssh:/user@host/fullpath-to-repos 1 perfectly works for two years 2 might be - see version numbers above (I'll contant our admin, immediatelly) 3 no? just ssh 4 nope 5 nope [update] using client version svn 1.4.6 (r28521) does not work either - same errors I use plain command line access. svn co svn+ssh://.... [update] server:Linux 2.6.16.60-0.39.3-default9 i686 athlon i386 GNU/Linux - suse 10? or something like that I think client: Kubuntu 9.04 connection via OpenSSH SSH client the server rejects svn:// connections from localhost - any connection --- gotta try it with a copy at home time soon [update 4] * this is not my own server, I cannot do what I want with it. It is a very old server 10 years at least running, with hundreds of users. Standard things should work. correct me if I am missing something. [update 5] believe it or not. I was using the wrong path and now everything works perfectly well, I am sorry to have wasted your time. I'll give the bounty to FoxyBOA for his efford.

    Read the article

  • Facebook Connect for simple authentication?

    - by Starnzy
    Hi I have an ASP.net website which I want to introduce 'Facebook Connect' functionality into, purely for account login/creation purposes. I want a user to be able to click the 'Login using Facebook' type button, and to then log that user into my website based on a userid lookup from the Facebook response. I have a couple of questions surrounding this: Presumeably I can do all of this using the Facebook API - without the need for an actual pretty public facing 'application' on Facebook? I simply want to utilise the Facebook API for authenticating an account. I'm not interested in creating some app for doing something 'within' facebook itself. I have located some code snippets online and tried using the Facebook Developer Toolkit, calling the getInfo method, and whilst it does come back to my website with a uid, none of the other user information is present within the response, like Email, Name etc. The uid is the only populated field in the response. Here is the code I use: if (ConnectAuthentication.isConnected()) { API api = new API(); api.ApplicationKey = ConnectAuthentication.ApiKey; api.SessionKey = ConnectAuthentication.SessionKey; api.Secret = ConnectAuthentication.SecretKey; api.uid = ConnectAuthentication.UserID; //Display user data captured from the Facebook API. facebook.Schema.user facebookUser = null; try { facebookUser = api.users.getInfo(); User user = new User(); user.FacebookUser = facebookUser; user.IsFacebookUser = true; return user; } catch { return null; } } else { return null; } Can anyone please help with either/both of these queries? Thanks in advance...

    Read the article

  • WPF integrate Windows live authentication for windows health vault

    - by AnD
    Hi all, I'm just wondering if there's any way for WPF application integrated with windows live ID? and it's actually for windows health vault [www.healthvault.com] so health vault is using windows live id or open id to login into their system. and what i gonna do is, creating wpf application (instead of web application) for health vault, so all of the login form username pass and everything is handled inside the wpf application without showing/using any internet browser. so since this's quite new for me, i hope if there's somebody ever did this before especially for health vault system that run on standalone wpf app. alright, so that's it, thank you in advance!

    Read the article

  • joomla : authentication

    - by tom
    hi i am new to joomla . i have made a folder in joomla directory and in this folder i have a some file . i want to authenticate these files from direct access using in url by name? how it is possible? help

    Read the article

  • Restfull authentication between two GAE apps.

    - by user259349
    Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials on the request that my consuming app will send. I dont like it cause SSL will slow things down. Security by obsecurity. Pass a long number by my consuming app that is in Xmod0, where X is a secret number that both applications know. I just,,,, dont like this. Check the HTTP header to see where is the request coming from. This option is the one that i hate the least, not alot of processing, and spoofing an HTTP request is not really worth it, for my application's data. Is there any other clean solution for this?

    Read the article

  • Proper use of HttpRequestInterceptor and CredentialsProvider in doing preemptive authentication with

    - by Preston
    I'm writing an application in Android that consumes some REST services I've created. These web services aren't issuing a standard Apache Basic challenge / response. Instead in the server-side code I'm wanting to interrogate the username and password from the HTTP(S) request and compare it against a database user to make sure they can run that service. I'm using HttpClient to do this and I have the credentials stored on the client after the initial login (at least that's how I see this working). So here is where I'm stuck. Preemptive authenticate under HttpClient requires you to setup an interceptor as a static member. This is the example Apache Components uses. HttpRequestInterceptor preemptiveAuth = new HttpRequestInterceptor() { @Override public void process( final HttpRequest request, final HttpContext context) throws HttpException, IOException { AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE); CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute( ClientContext.CREDS_PROVIDER); HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST); if (authState.getAuthScheme() == null) { AuthScope authScope = new AuthScope(targetHost.getHostName(), targetHost.getPort()); Credentials creds = credsProvider.getCredentials(authScope); if (creds != null) { authState.setAuthScheme(new BasicScheme()); authState.setCredentials(creds); } } } }; So the question would be this. What would the proper use of this be? Would I spin this up as part of the application when the application starts? Pulling the username and password out of memory and then using them to create this CredentialsProvider which is then utilized by the HttpRequestInterceptor? Or is there a way to do this more dynamically?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 22 23 24 25 26 27 28 29 30 31 32 33  | Next Page >