Search Results

Search found 169 results on 7 pages for 'pedro mata mouros'.

Page 3/7 | < Previous Page | 1 2 3 4 5 6 7  | Next Page >

  • ASP.NET WebAPI Security 2: Identity Architecture

    - by Your DisplayName here!
    Pedro has beaten me to the punch with a detailed post (and diagram) about the WebAPI hosting architecture. So go read his post first, then come back so we can have a closer look at what that means for security. The first important takeaway is that WebAPI is hosting independent-  currently it ships with two host integration implementations – one for ASP.NET (aka web host) and WCF (aka self host). Pedro nicely shows the integration into the web host. Self hosting is not done yet so we will mainly focus on the web hosting case and I will point out security related differences when they exist. The interesting part for security (amongst other things of course) is the HttpControllerHandler (see Pedro’s diagram) – this is where the host specific representation of an HTTP request gets converted to the WebAPI abstraction (called HttpRequestMessage). The ConvertRequest method does the following: Create a new HttpRequestMessage. Copy URI, method and headers from the HttpContext. Copies HttpContext.User to the Properties<string, object> dictionary on the HttpRequestMessage. The key used for that can be found on HttpPropertyKeys.UserPrincipalKey (which resolves to “MS_UserPrincipal”). So the consequence is that WebAPI receives whatever IPrincipal has been set by the ASP.NET pipeline (in the web hosting case). Common questions are: Are there situations where is property does not get set? Not in ASP.NET – the DefaultAuthenticationModule in the HTTP pipeline makes sure HttpContext.User (and Thread.CurrentPrincipal – more on that later) are always set. Either to some authenticated user – or to an anonymous principal. This may be different in other hosting environments (again more on that later). Why so generic? Keep in mind that WebAPI is hosting independent and may run on a host that materializes identity completely different compared to ASP.NET (or .NET in general). This gives them a way to evolve the system in the future. How does WebAPI code retrieve the current client identity? HttpRequestMessage has an extension method called GetUserPrincipal() which returns the property as an IPrincipal. A quick look at self hosting shows that the moral equivalent of HttpControllerHandler.ConvertRequest() is HttpSelfHostServer.ProcessRequestContext(). Here the principal property gets only set when the host is configured for Windows authentication (inconsisteny). Do I like that? Well – yes and no. Here are my thoughts: I like that it is very straightforward to let WebAPI inherit the client identity context of the host. This might not always be what you want – think of an ASP.NET app that consists of UI and APIs – the UI might use Forms authentication, the APIs token based authentication. So it would be good if the two parts would live in a separate security world. It makes total sense to have this generic hand off point for identity between the host and WebAPI. It also makes total sense for WebAPI plumbing code (especially handlers) to use the WebAPI specific identity abstraction. But – c’mon we are running on .NET. And the way .NET represents identity is via IPrincipal/IIdentity. That’s what every .NET developer on this planet is used to. So I would like to see a User property of type IPrincipal on ApiController. I don’t like the fact that Thread.CurrentPrincipal is not populated. T.CP is a well established pattern as a one stop shop to retrieve client identity on .NET.  That makes a lot of sense – even if the name is misleading at best. There might be existing library code you want to call from WebAPI that makes use of T.CP (e.g. PrincipalPermission, or a simple .Name or .IsInRole()). Having the client identity as an ambient property is useful for code that does not have access to the current HTTP request (for calling GetUserPrincipal()). I don’t like the fact that that the client identity conversion from host to WebAPI is inconsistent. This makes writing security plumbing code harder. I think the logic should always be: If the host has a client identity representation, copy it. If not, set an anonymous principal on the request message. Btw – please don’t annoy me with the “but T.CP is static, and static is bad for testing” chant. T.CP is a getter/setter and, in fact I find it beneficial to be able to set different security contexts in unit tests before calling in some logic. And, in case you have wondered – T.CP is indeed thread static (and the name comes from a time where a logical operation was bound to a thread – which is not true anymore). But all thread creation APIs in .NET actually copy T.CP to the new thread they create. This is the case since .NET 2.0 and is certainly an improvement compared to how Win32 does things. So to sum it up: The host plumbing copies the host client identity to WebAPI (this is not perfect yet, but will surely be improved). or in other words: The current WebAPI bits don’t ship with any authentication plumbing, but solely use whatever authentication (and thus client identity) is set up by the host. WebAPI developers can retrieve the client identity from the HttpRequestMessage. Hopefully my proposed changes around T.CP and the User property on ApiController will be added. In the next post, I will detail how to add WebAPI specific authentication support, e.g. for Basic Authentication and tokens. This includes integrating the notion of claims based identity. After that we will look at the built-in authorization bits and how to improve them as well. Stay tuned.

    Read the article

  • How do I create a customized keyboard layout for Windows?

    - by Pedro Palhoto
    On Linux you can create any layout you wish by editing the appropriate ASCII configuration files. On Windows the keyboard layout definitions are binary. Is there any tool that can create these binary keyboard layout configuration files? I grew up on the Macintosh international keyboard layout, which used the option key extensively, and now I would like to use the same layout on Windows. On Linux this Mac international keyboard layout exists for both the console as well as for X.Org. On Windows, the most similar layout is US International, which is not the same.

    Read the article

  • 1Tb disk formatted on Linux won't mount on windows nor mac

    - by Pedro MC
    I have an external HD (western digital) with 1Tb. I use Linux but I wanted to reserve a cross platform partition on the disk. I decided to create two partitions and used the "disks" application to do it. I created one partition with the LUKS (version 1) encryption and the other one, cross platform, in NTFS filesystem. Things work fine on my OS but when I try to use the disk (the cross platform partition) on both windows and mac the device is not recognized. What could it be? Next, output of "sfdisk -l /dev/sdb": Disk /dev/sdb: 121600 cylinders, 255 heads, 63 sectors/track Units = cylinders of 8225280 bytes, blocks of 1024 bytes, counting from 0 Device Boot Start End #cyls #blocks Id System /dev/sdb1 0+ 36473- 36473- 292968750 83 Linux /dev/sdb2 36473+ 121600- 85128- 683789062+ 83 Linux /dev/sdb3 0 - 0 0 0 Empty /dev/sdb4 0 - 0 0 0 Empty

    Read the article

  • Ubuntu bash command

    - by pedro
    List in long form files in the directory "/ etc" for the file "ETCDIR" and view them, while the monitor sequential manner. how i can do it? with commands tee and more

    Read the article

  • Security in shared hosting vs VPS 'virtual appliances'

    - by Pedro Loureiro
    I have to change my hosting provider. Right now I have a shared hosting account but I'm considering trying the LAMP stack appliance from turnkeylinux.org. I'm very comfortable with using linux, I've been using it for a long time. I have no problem ssh'ing into remote machines and do whatever I have to do (coding, reading logs, moving files, deploying, etc). The problem is that none of those tasks have involved securing the server/firewall. My experience has been as a desktop user or developer deploying apps/files in remote servers. Ignoring the security in the application logic (read: any scripts, frameworks, websites I might have created or installed) - I'm worried about things like base configuration of deamons, firewall, ports, executable scripts being readable from the outside and whatnot. My question is: how do you compare the (expected) out of the box security of the LAMP stack from turnkey and the (expected) security of a "regular" shared hosting provider? I was hoping to find some guides with a list of steps to do to protect my server but the only documentation I found was simply referring to ubuntu's documentation.

    Read the article

  • split command on Ubuntu command-line

    - by pedro
    I want to split a file into multiple files with at most 25 lines each. I'm using this: split -l 25 /etc/adduser.conf > /home/ubuntu/PL/trab3/rc_ But I do not get the files I expect. How can I get files with filenames like rc_01, rc_02, etc.?

    Read the article

  • Redirect local service to custom proxy

    - by Pedro Laguna
    Hello, I'm trying to create a custom proxy program but I have a problem. My program connects to a fixed port from a random port and I need to tunnel all this traffic by my local proxy. I think the solution is using iptables, but all the topics I found are related to redirect incoming connections, not outbounds. How can I redirect all the traffic from a local port to another local port and later to the internet? Thanks,

    Read the article

  • split shell command ubuntu

    - by pedro
    Hi...i wanna split the file adduser.conf with 25 line to a file that start with rc_01, rc_02, etc I'm using this: split -l 25 /etc/adduser.conf /home/ubuntu/PL/trab3/rc_ but don't work what is wrong?

    Read the article

  • Ubuntu bash command

    - by pedro
    Hello i want to show the number of lines, words and characters of all configuration files "/ Etc / * conf" (command "wc"). How can i modify the command to not view the messages error.

    Read the article

  • split shell command

    - by pedro
    I want split a file into multiple files with at most 25 lines each. I'm using this: split -l 25 /etc/adduser.conf /home/ubuntu/PL/trab3/rc_ But I do not get the files I expect. How can files with the filenames like rc_01, rc_02, etc.?

    Read the article

  • Running two Magentos installations, one of which has 3 stores set up as multi-store. Which server?

    - by Pedro Peixoto
    I want to run 4 Magento stores in 2 different installations. 1 is a standalonne installation with 3 languages. The other is a multi-store with 3 different online stores in different domains. At the moment we have a VPS with 1GB memory, would that be enough? I ask because I've finished the standalone store and already put it online, and the server is already running on 62% memory. The ideal would be that this is enough as my company wouldn't like to move to a Dedicated Server (as it involves costs). I'm sure I can try to optimize Magento to run on lower memory (I'm expecting visits averaging 2000/day on all sites), if I could have some tips on the best way to do that Id appreciate it too.

    Read the article

  • Symfony2 - PdfBundle not working

    - by ElPiter
    Using Symfony2 and PdfBundle to generate dynamically PDF files, I don't get to generate the files indeed. Following documentation instructions, I have set up all the bundle thing: autoload.php: 'Ps' => __DIR__.'/../vendor/bundles', 'PHPPdf' => __DIR__.'/../vendor/PHPPdf/lib', 'Imagine' => array(__DIR__.'/../vendor/PHPPdf/lib', __DIR__.'/../vendor/PHPPdf/lib/vendor/Imagine/lib'), 'Zend' => __DIR__.'/../vendor/PHPPdf/lib/vendor/Zend/library', 'ZendPdf' => __DIR__.'/../vendor/PHPPdf/lib/vendor/ZendPdf/library', AppKernel.php: ... new Ps\PdfBundle\PsPdfBundle(), ... I guess all the setting up is correctly configured, as I am not getting any "library not found" nor anything on that way... So, after all that, I am doing this in the controller: ... use Ps\PdfBundle\Annotation\Pdf; ... /** * @Pdf() * @Route ("/pdf", name="_pdf") * @Template() */ public function generateInvoicePDFAction($name = 'Pedro') { return $this->render('AcmeStoreBundle:Shop:generateInvoice.pdf.twig', array( 'name' => $name, )); } And having this twig file: <pdf> <dynamic-page> Hello {{ name }}! </dynamic-page> </pdf> Well. Somehow, what I just get in my page is just the normal html generated as if it was a normal Response rendering. The Pdf() annotation is supposed to give the "special" behavior of creating the PDF file instead of rendering normal HTML. So, having the above code, when I request the route http://www.mysite.com/*...*/pdf, all what I get is the following HTML rendered: <pdf> <dynamic-page> Hello Pedro! </dynamic-page> </pdf> (so a blank HTML page with just the words Hello Pedro! on it. Any clue? Am I doing anything wrong? Is it mandatory to have the alternative *.html.twig apart from the *.pdf.twig version? I don't think so... :(

    Read the article

  • Commit in sharpSVN

    - by Pedro
    Hello! I have a problem doing commit with sharpsvn. Now i´m adding all the files of my working copy (if the file is added throws an exception), and after it i do commit. It works but it trows exceptions. There is some way to get the status of the repository before do add() and only add the new files or the files who are changed? And if i delete one file or folder on my working copy , How can i delete these files or folder on the repository? Code: String[] folders; folders = Directory.GetDirectories(direccionLocal,"*.*", SearchOption.AllDirectories); foreach (String folder in folders) { String[] files; files = Directory.GetFiles(folder); foreach (String file in files) { if (file.IndexOf("\\.svn") == -1) { Add(file, workingcopy); } } } Commit(workingcopy, "change"); Add: public bool Add(string path, string direccionlocal) { using (SvnClient client = new SvnClient()) { SvnAddArgs args = new SvnAddArgs(); args.Depth = SvnDepth.Empty; Console.Out.WriteLine(path); args.AddParents = true; try { return client.Add(path, args); } catch (Exception ex) { return false; } } } Commit: public bool Commit(string path, string message) { using (SvnClient client = new SvnClient()) { SvnCommitArgs args = new SvnCommitArgs(); args.LogMessage = message; args.ThrowOnError = true; args.ThrowOnCancel = true; try { return client.Commit(path, args); } catch (Exception e) { if (e.InnerException != null) { throw new Exception(e.InnerException.Message, e); } throw e; } } }

    Read the article

  • Using oauth2_access_token to get connections in linkedIn

    - by Pedro
    I'm trying to get the connections in linkedIn using their API, but when I try to retrieve the connections I get a 401 unauthorized error. in the official documentation says You must use an access token to make an authenticated call on behalf of a user Make the API calls You can now use this access_token to make API calls on behalf of this user by appending "oauth2_access_token=access_token" at the end of the API call that you wish to make. The API call that I'm trying to do is the following Error -- http://api.linkedin.com/v1/people/~/connections:(id,headline,first-name,last-name)?format=json&oauth2_access_token=access_token I have tried to do it with the following endpoint without any problems. OK -- https://api.linkedin.com/v1/people/~:(id,first-name,last-name,formatted-name,date-of-birth,industry,email-address,location,headline,picture-urls::(original))?format=json&oauth2_access_token=access_token this list of endpoints for the connections API are described here http://developer.linkedin.com/documents/connections-api I just copied and pasted one endpoint from there, so the question is what's the problem with the endpoint for getting the connections? what am I missing? EDIT: for the preAuth Url I'm using https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=ConsumerKey&scope=r_fullprofile%20r_emailaddress%20r_network&state&state=NewGuid&redirect_uri=Encoded_Url https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=QueryString_Code&redirect_uri=EncodedCallback&client_id=ConsummerKey&client_secret=ConsumerSecret please find attached the login screen requesting the permissions EDIT2: Switched to https and worked like a charm!

    Read the article

  • Using client.status in c# with sharpsvn

    - by Pedro
    I want to use the status method but i dont understand how it works. Could someone show me an example of use please? EventHandler < SvnStatusEventArgs > statusHandler = new EventHandler<SvnStatusEventArgs>(void(object, SvnStatusEventArgs) target); client.Status(path, statusHandler);

    Read the article

  • Logback DBAppender url

    - by pedro mendes
    I'm trying to use Logback's DBAppender. My logback.xml has the following appender: </appender> <appender name="DatabaseAppender" class="ch.qos.logback.classic.db.DBAppender"> <connectionSource class="ch.qos.logback.core.db.DriverManagerConnectionSource"> <driverClass>oracle.jdbc.OracleDriver</driverClass> <url>jdbc:oracle:thin:@URL:PORT:SERVICEID</url> <user>USER</user> <password>PASS</password> </connectionSource> </appender> the url given works with other java classes in the same project but it fails with logback giving the following error ORA-00904: "ARG3": invalid identifier at java.sql.SQLException: ORA-00904: "ARG3": invalid identifier where ARG3 is the <url>jdbc:oracle:thin:@URL:PORT:SERVICEID</url>

    Read the article

  • Print the first line of a file

    - by Pedro
    void cabclh(){ FILE *fp; char *val, aux; int i=0; char *result, cabeca[60]; fp=fopen("trabalho.txt","r"); if(fp==NULL){ printf("Erro ao abrir o ficheiro\n"); return ; } val=(char*)calloc(aux, sizeof(char)); while(fgetc(fp)=='\n'){ fgets(cabeca,60,fp); printf("%s\n",cabeca); } fclose(fp); free(fp); } void infos(){ FILE *fp; char info[100]; fp=fopen("trabalho.txt","r"); if(fp==NULL){ printf("Erro ao abrir o ficheiro\n"); } while(fgetc(fp)=='-'){ fgets(info,100,fp); printf("%s\n",info); } fclose(fp); } At cabclh i want that the program recognize that the first line is header..but this code doesn't print nothing At infos i want that he recognize that every lines that begin with '-' are info...

    Read the article

  • How to detect running on WebSphere

    - by Pedro Guedes
    Hi, I'm building a webapp that should run on both Tomcat and WebSphere and I've managed to make almost all the differences into properties with default values that I can override for deployment on the Tomcat server. I need to do yet another override for the authentication provider bean... public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException { if(isWebSphere()){ LOG.warn("Running on WebSphere... not overriding default authentication mechanism."); return; } LOG.info("Running on Tomcat... overriding authentication provider bean ("+AUTHENTICATION_PROVIDER_BEAN+")"); if (beanFactory.containsBean(AUTHENTICATOR_BEAN) && beanFactory.containsBean(POPULATOR_BEAN) && beanFactory.containsBean(USERDETAIL_PROVIDER_BEAN)){ LdapAuthenticator authenticator = (LdapAuthenticator) beanFactory.getBean(AUTHENTICATOR_BEAN); LdapAuthoritiesPopulator populator = (LdapAuthoritiesPopulator) beanFactory.getBean(POPULATOR_BEAN); UserDetailProvider userDetailProvider = (UserDetailProvider) beanFactory.getBean(USERDETAIL_PROVIDER_BEAN); ExtendedLdapAuthenticationProvider override = new ExtendedLdapAuthenticationProvider(authenticator, populator); override.setUserDetailProvider(userDetailProvider); beanFactory.registerSingleton(AUTHENTICATION_PROVIDER_BEAN, override); } else { throw new BeanCreationException("Could not find required beans to assemble overriding object for authentication..."); } } Now my problem is how to implement the isWebSphere() method. I was thinking Class.forName("someWebSphereSpecific"), but is there a better way?

    Read the article

  • Denormalization database

    - by Pedro Magalhaes
    I was taking a look at SSB (Star Schema Benchmark -http://www.percona.com/docs/wiki/_media/benchmark:ssb:starschemab.pdf) and then i was thinking if is possible to denormalize all tables from the SSB? So database size will increase a lot but potencially the performance will grow up. Is that right? Is It possible? Thanks and sorry for my poor english

    Read the article

< Previous Page | 1 2 3 4 5 6 7  | Next Page >