Search Results

Search found 34094 results on 1364 pages for 'open authentication'.

Page 29/1364 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >

  • Restfull authentication between two GAE apps.

    - by user259349
    Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials on the request that my consuming app will send. I dont like it cause SSL will slow things down. Security by obsecurity. Pass a long number by my consuming app that is in Xmod0, where X is a secret number that both applications know. I just,,,, dont like this. Check the HTTP header to see where is the request coming from. This option is the one that i hate the least, not alot of processing, and spoofing an HTTP request is not really worth it, for my application's data. Is there any other clean solution for this?

    Read the article

  • Proper use of HttpRequestInterceptor and CredentialsProvider in doing preemptive authentication with

    - by Preston
    I'm writing an application in Android that consumes some REST services I've created. These web services aren't issuing a standard Apache Basic challenge / response. Instead in the server-side code I'm wanting to interrogate the username and password from the HTTP(S) request and compare it against a database user to make sure they can run that service. I'm using HttpClient to do this and I have the credentials stored on the client after the initial login (at least that's how I see this working). So here is where I'm stuck. Preemptive authenticate under HttpClient requires you to setup an interceptor as a static member. This is the example Apache Components uses. HttpRequestInterceptor preemptiveAuth = new HttpRequestInterceptor() { @Override public void process( final HttpRequest request, final HttpContext context) throws HttpException, IOException { AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE); CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute( ClientContext.CREDS_PROVIDER); HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST); if (authState.getAuthScheme() == null) { AuthScope authScope = new AuthScope(targetHost.getHostName(), targetHost.getPort()); Credentials creds = credsProvider.getCredentials(authScope); if (creds != null) { authState.setAuthScheme(new BasicScheme()); authState.setCredentials(creds); } } } }; So the question would be this. What would the proper use of this be? Would I spin this up as part of the application when the application starts? Pulling the username and password out of memory and then using them to create this CredentialsProvider which is then utilized by the HttpRequestInterceptor? Or is there a way to do this more dynamically?

    Read the article

  • Cakephp 1.3, router and authentication problem

    - by Zhlobopotam
    Trying to implements simple privileges for admin user. Don't need huge acl rules and groups system. There are admin users, overs - just registered users. They can't access actions with admin prefix. So It was implemented in cakephp1.2 version with following code in app_controller: function isAuthorized() { if (isset($this->params[Configure::read('Routing.admin')])) { if ($this->Auth->user('admin') != 1) { return false; } } return true; } But in 1.3 Routing.admin had been deprecated. How to rewrite it for use with 1.3 framework? Need some help.

    Read the article

  • Good way to make Authentication and Authorization information available between application layers

    - by DutrowLLC
    I have a web application running on Google App Engine (GAE) for JAVA. I'm authenticating the client at the Servlet layer but would like to make the client information available to my business and data layers without having to pass the client object through the arguments of every single function. I'm considering setting up a "session" type object using ThreadLocal. That way any function can just say something like: CurrentUser.getRoles(); Is this a good way to do this or is there something else that is a more accepted solution? Thanks!

    Read the article

  • Application Buddy Lists and Authentication - How does it all go together

    - by Krevin
    This is a broad but specific question. The idea is that we want to tie in a 'buddy' functionality to a communications app. Very broadly, I believe that the application clients would connect to a central database/auth service which would provide the buddy data and then allow client apps to connect directly to eachother, without passing communications through the server. Specifically, however, what solutions, software, products, servers, technologies, etc would be best to implement to handle such a task? Thanks for reading and responses are much appreciated. //edit: the com app may run on a linux distro, may be web based, or both

    Read the article

  • Security in API authentication

    - by Carlos
    We are in the process of revamping our server side API, and we need to manage security. Our current model requires that a credentials object (containing user, password, and pin) be included in each method invocation. Our development team, however, has decided that we should have session objects instead (which is fine by me), but the new credentials are just a GUID. This is very different from what I've seen in other APIs in our industry, so I'm a bit concerned about how secure the new model will be. I asked them if they had analyzed both alternatives, and they said they haven't. Does anyone know if there're any clear advantages, disadvantages, risks, etc. of using a set of credentials versus just one element (complex as it may be)? PS: the communication channel would be secure in either case, and it's separate from this particular topic

    Read the article

  • Sharepoint wss 3.0 authentication

    - by Kushal
    Hello all, I have developed one site in sharepoint wss3.0 when i type in the url i.e. http://testserver/default.aspx i am first asked username and password On successful login(I have created user from sharepoint central admin site) i am redirected to my site's login page. then i have do login to access my site. Now what i want to do is combine both logins i.e. when i login to my server using sharepoint user's username and password i want to be redirected to my site's home page. I should not be redirected to my site's login page What should i do? Do i need to code in sharepoint's default login page present in _layouts directory? If yes how can i access login.aspx.cs ?? Plz help

    Read the article

  • Twitter authentication without authorization

    - by user325377
    I wish to get the tweeter usename of a visitor to my site. I do not wish to post statuses or access any other information. I'd be happy to use OAuth, possibly with a 'Sign in with Twitter' button, but this then takes the user to a page which requests authorization for the application, that I wish to avoid. Is there a way to get the username without authorization? Thanks, Daniel

    Read the article

  • Cakephp with OpenID and User Authentication

    - by nolandark
    I have a table "users" and I want to enable my visitors to login with their openID Account. For this I use the OpenId Component for Cakephp and it works fine (When I login with the Google URL I receive the "successfully authenticated!" notification). But now I'm kind of stuck because I don't know how to go on from there. Do I have to create a User-Entry for every user which has a new entry in the "oid_associations" table (I save all OpenId interaction in the mysql database)? Do I have to authenticate the User after the login (or is the OpenID-component doing that automatically?). Am I completely misunderstanding the concept?

    Read the article

  • Roles authentication with Rails 3 and Devise.

    - by Oluf Nielsen
    Hi, first happy new year, may you make the best applications in 2011! So to my question, i have used devise ever since i got over to Rails 3, that was around the first or second beta, and now i also needs some Roles. So i searched the net, and i searched! And what i found was that CanCan should be the best solution. But i'm unsure if CanCan can manage my needs, like i want a forum moderator who can edit/destroy the topic, but the user who created the topic should also be able to edit, so how can i do that? Cheers, Oluf.

    Read the article

  • Problem with Authentication in sharepoint using active directory

    - by user549708
    I am currently using windows server 2008 machine. I have active directory and sharepoint setup on the machine. I have a user 'A' in the active directory and i have given the user read permissions to my site. The problem i now face is that, if i log in as user 'A' the site simply shows "error:access denied". This problem goes away if i put 'A' as a site collection administrator, however that is not what i want. I just want 'A' to be a visitor that can browse the site. I also tried granting 'read' permission to my site for 'A' but that still gives me the access denied message. Thank you for your time.

    Read the article

  • User authentication in Django. Problems with is_authenticated

    - by tim
    I have one problem with users menu. So, I want, that authenticated user can see his/her profile page and logout (links) in menu. It works (when I logging in) on index page: index, page1, profile, logout ,but, if I go to the, for example, page1 I can see in menu: index, page1, login, not profile and logout. How to fix it? in urls: url(r'^accounts/login/$', 'django.contrib.auth.views.login' ), url(r'^accounts/logout/$', 'django.contrib.auth.views.logout_then_login' ), url(r'^accounts/profile/$', 'my_app.views.profile' ), in views: def profile(request): if not request.user.is_authenticated(): return HttpResponseRedirect("/accounts/login/") else: user = request.user.is_authenticated() return render_to_response('profile.html',locals()) Part of index.html: {% if user.is_authenticated or request.user.is_authenticated %} <li><a href="/accounts/profile/">Profile</a></li> <li><a href="/accounts/logout/">logout</a></li> {% else %} <li><a href="/accounts/login/">login</a></li> {% endif %} login.html: {% extends "index.html" %} {% load url from future %} {% block application %} {% if form.errors %} <p>Try one more time</p> {% endif %} <form method="post" action="{% url 'django.contrib.auth.views.login' %}"> {% csrf_token %} <table> <tr> <td>{{ form.username.label_tag }}</td> <td>{{ form.username }}</td> </tr> <tr> <td>{{ form.password.label_tag }}</td> <td>{{ form.password }}</td> </tr> </table> <input type="submit" value="Login" /> <input type="hidden" name="next" value="{{ next }}" /> </form> {% endblock %} profile.html: {% extends "index.html" %} {% block application %} {% if request.user.is_authenticated %} <p>Welcome, {{ request.user.username }}. Thanks for logging in.</p> {% else %} <p>Welcome, new user. Please log in.</p> {% endif %} {% endblock %}

    Read the article

  • Domain Authentication from .NET Client over VPN

    - by Holy Christ
    I am writing a ClickOnce WPF app that will sometimes be used over VPN. The app uses resources available only to domain authenticated users. Some of the things include accessing SSRS Reports, accessing LDAP to lookup user information, hitting web services, etc. When a user logs in from a machine that is not authenticated on the domain, I need to somehow get his credentials, authenticate him on the domain, and store his credentials. What is the recommended approach for authenticating domain users over VPN? How can I securely store the credentials? I've found several articles but, not much posted recently and a lot of the solutions seem kinda hacky, or aren't very secure (ie - storing strings clear text in memory). It would be cool if I could use the ActiveDicrtoryMembershipProvider, but that seems to be geared for use in web apps. EDIT: The above is kind of a workaround. The user must enter their domain credentials to authenticate on the VPN. It would be ideal to access the credentials the user has already entered to login to the VPN instead of the WindowsIdentity.GetCurrent() (which returns the user logged into the computer). Any ideas on how that could work? We use Juniper Networks to connect to the VPN. Thanks!

    Read the article

  • Refactoring multiple if statements for user authentication with subdomains

    - by go minimal
    I'm building a typical web app where once a user signs up they access the app through their own subdomain (company.myapp.com). The "checking what kind of user if any is logged in" piece is starting to get very hairy and it obviously needs to be well-written because its run so often so I was wondering how you guys would re-factor this stuff. Here are the different states: A user must be logged in, the user must not have a company name, and the sub-domain must be blank A user must be logged in, the user must have a company name, that company name must match the current sub-domain A user must be logged in, the user must have a company name, that company name must match the current sub-domain, and the user's is_admin boolean is true if !session[:user_id].nil? @user = User.find(session[:user_id]) if @user.company.nil? && request.subdomains.first.nil? return "state1" elsif [email protected]? if @user.company.downcase == request.subdomains.first.downcase && [email protected]_admin return "state2" elsif @user.company.downcase == request.subdomains.first.downcase && @user.is_admin return "state3" end end end

    Read the article

  • What are the alternatives for Java authentication?

    - by Crusader
    Preferably something that integrates well with a Flex front end. Yes the Spring Security guys say this is possible, but all examples seem to use legacy jsp tag libraries making them half useless as examples. I don't want to spend a month setting up and learning how to use a security tool. I would like a tool which supports using annotations (@RolesAllowed etc), MINIMAL XML, and 'remember-me' features (not cookie based). Apache Shiro seems to support Flex/Silverlight/Swing as well but I'd like to know if there are any other alternatives that are NOT container specific.

    Read the article

  • Check user authentication at page load

    - by Shrewd Demon
    ok i have another question ! (god! i have so many questions) i have an application and a user must log-in before he/she can access pages. now once the user logs in i keep the user details in a session variable (say Session["CurrentUser"]). now if a user tries to jump to a page directly i will check if the Session["CurrentUser"] has a value or not...if not then the user will be directed to the login page... my problem is that i have done this or rather say written this "Checking Code" on almost all the pages. what i want is this code to stay on a particular location and i will just access that method all the time on all the pages...now where should i write this method ?? thank you.

    Read the article

  • OpenId authentication and automatic registration with Spring Security 3.0.2

    - by xlluch
    I'm implementing an app using spring security 3.0.2 with OpenId login and registration. I can login succesfully, but if the user isn't registered i want to do: 1) Get some OpenId attributes like email and name. 2) Show to the user a registration form with just these two fields and the OpenId URI filled. I've been searching a lot but i didn't find an "ellegant" way of doing this. I wonder if some of u can come out with a solution to implement this strategy in my app. Thanks in advance.

    Read the article

  • Pass authentication between php and Ruby On Rails application

    - by Li
    Hi, I have a simple Ruby on rails application that I want to integrate with an existing php website. I only want that users who's been authenticated by the php application would have access to my Ruby on Rails application (it should appear to the user as the same website, in the same domain, though it can be a different sub-domain if I chose to) What's the best way to do that? Thanks for the help, Li

    Read the article

  • .htaccess authentication from a php script to prevent a browser dialog box

    - by digitalbart
    Using php I authenticate a user, then behind the scenes,they are then again authenticated a second time with a single .htaccess username & password. This would be the same for all users, but I would not want them to have to enter a username and password again and they would now be allowed to enter the password protected directory. I prefer not to use http://username@password:somedomain.com. Any thoughts?

    Read the article

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >