Search Results

Search found 1104 results on 45 pages for 'authorization'.

Page 31/45 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38 | Next Page >

OAuth 2.0: Can a user-agent client avoid forwarding fragments?

- by Bosh

In the OAuth 2.0 draft specification, user-agent clients receive authorization in the form of a bearer token via redirection (from an authentication server) to a URL such as HTTP/1.1 302 Found Location: http://example.com/rd#access_token=FJQbwq9&expires_in=3600 According to Section 3.5.2 it is then the user-agent's job to GET the URL in question, but "The user-agent SHALL NOT include the fragment component with the request." In other words, as a result of the example redirection above, the user-agent should GET /rd HTTP/1.1 Host: example.com without passing #access_token to the server. My question: what user agents behave this way? I thought redirection in Firefox, for example, would (logically) include the fragment in the GET request. Am I just wrong about this, or does the OAuth 2.0 specification rely on non-standard user-agent behavior?

Read the article
Is it possible to run javascript with other target?

- by Kristoffer Nolgren

I have a facebook app that I authenticate using a general-purpose authentification. Like this: // Fixar oAuth jso_configure({ "facebook": { client_id: "393963983989013", redirect_uri: "http://resihop.herokuapp.com/", authorization: "https://www.facebook.com/dialog/oauth", presenttoken: "qs" } }); // Make sure that you have jso_ensureTokens({ "facebook": [""] }); // This dumps all cached tokens to console, for easyer debugging. //jso_dump(); jso_ensureTokens({ "facebook": [""] }); It's tirggered on document.ready. Because it's a facebook app I can't run the authentification in the iFrame. Facebook denies this using X-Frame-Options. The solution, if you authenticate with a link is to use target="_top". How do i Achieve the same effect in javascript? Maybe I need to edit one of the funcitons (though ideally not, as they are part of a library) in that case please point me in the right direction.

Read the article
Powershell Replace Regex

- by Brad

I have a select-string which is seaching an IIS log for a particular string and returning the 2 lines above and one line below. So results look like this: 2012-06-15 18:26:09 98.138.206.39 OutboundConnectionResponse SMTPSVC1 WEB10 - 25 - - 220+mta1083.sbc.mail.ne1.yahoo.com+ESMTP+YSmtp+service+ready 0 0 60 0 218 SMTP - - - - 2012-06-15 18:26:09 98.138.206.39 OutboundConnectionCommand SMTPSVC1 WEB10 - 25 EHLO - WEB10.DOMAINCOM 0 0 4 0 218 SMTP - - - - 2012-06-15 18:26:09 74.125.244.10 OutboundConnectionResponse SMTPSVC1 WEB10 - 25 - - 550+IP+Authorization+check+failed+-+psmtp 0 0 41 0 218 SMTP - - - - 2012-06-15 18:26:09 74.125.244.10 OutboundConnectionCommand SMTPSVC1 WEB10 - 25 RSET - - 0 0 4 0 218 SMTP - - - - Note the third line begins with denoting thats the line that select-string matched upon. I am trying to do a -replace on the to replace it with < font color="red"$1< /font but my replace doesn't seem to work. Here's my code: $results = $results -replace "(^ )(.*)$", "< font color='red'$1< font" Can any powershell regex guru's out there tell me why my regular expression isn't matching? Thanks Brad

Read the article
Prevent unauthorised write access to a part of filesystem or partition

- by gaurav

Hello all I have some very important system files which I want to protect from accidental deletion even by root user. I can create a new partition for that and mount it with readonly access but the problem is that I want my application which handles those system files to have write access to that part and be able to modify them. Is that possible using VFS? As VFS handles access to the files I could have a module inserted in the VFS layer which can see if there is a write access to that part then see the authorization and allow it or otherwise reject it. If not please provide me suggestions regarding how can such a system be implemented what would I need in that case. If there exists a system like this please suggest about them also. I am using linux and want to implement this in C, I think it would be possible in C only. Edit: There are such kind of programs implemented in windows which can restrict access to administrator even, to some important folders, would that be possible in linux?

Read the article
Custom XAML property

- by Scott Silvi

Hey all - I've seen a library that allows me to do this inside my XAML, which sets the visibility of the control based on whether or not the user is in a role: s:Authorization.RequiresRole="Admin" Using that library with my database requires a bunch of coding that I can't really do right now. Ultimately here's what I want to know... I have received the authenticated users role from my SPROC, and its currently stored in my App.xaml.cs as a property (not necessary for the final solution, just FYI for now). I want to create a property (dependency property? attached property?) that allows me to say something very similar to what the other library has: RequiresRole="Admin", which would collapse the visibility if the user is not in the Admin role. Can anyone point me in the right direction on this? Thanks, Scott

Read the article
Tomcat 6 Realm Config with Windows AD

- by mat

We have Tomcat 6 connecting to a Win2k3 Server running AD. The realm is configured as such <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" referrals="follow" connectionURL="<url>" connectionName="CN=Query Account,OU=Service Accounts,DC=company,DC=com" connectionPassword="<pwd>" userBase="OU=Users,DC=company,DC=com" userSubtree="true" userSearch="(sAMAccountName={0})" userRoleName="member" roleBase="OU=Security Groups,DC=company,DC=com" roleName="cn" roleSearch="(member={0})" roleSubtree="true"/> Our groups in AD are such Security Groups (OU) IT (OU) IT Support (OU) Support Staff (CN) The LDAP security works if in the web.xml, I speficy Support Staff. i.e works for Common names. We want ANY user under Security Groups OU to have access to the application and not just the CN. Tomcat does not search OU's and it just searches CN's in our case. How do we configure our settings so we can do OU level authorization and not just CN level ? thanks Mat

Read the article
iOS app rejected by itunes team for copyright when embedding video from youtube

- by Thiru Subramaniam

I have created a simple app for my client with his selection of youtube videos embedded via iframe player and html5. The app got approved in android store whereas itunes rejected it claiming below, "Apps may not use protected third party material such as trademarks, copyrights, patents or violate 3rd party terms of use. Authorization to use such material must be provided upon request" Below is the link for the app in android. https://play.google.com/store/apps/details?id=com.jayam.shortfilms While I share videos using the html code obtained from youtube share button, still apple is claiming that I should provide evidence of copyright from each video owner. Any experiences of this kind will be very helpful for me.

Read the article
Creating folders using PHP in google docs

- by Isaac

Hi, Currently I am working on a project integrating google docs to my application using php. However, there is only version1 for the php and I am not well-versed with REST web service. And I am required to create folder using the api. I wonder any people manage/know how to do it? Below is the protocol for the creation of the folder. If anyone know how to do it, I would be glad if you can assist me. Thank you in advance. POST /feeds/default/private/full HTTP/1.1 Host: docs.google.com GData-Version: 3.0 Authorization: Content-Length: 245 Content-Type: application/atom+xml Example Folder

Read the article
Pre-packaged Rails applications

- by Craig

Seems like most Rails applications have similar 'base' functionality. As such, it seems that there would be value in having pre-build Rails applications at various functionality points such as: basic User model with authentication using Authlogic #1 + openid integration #2 + authorization using declarative_authorization #3 + Administration module #4 + a Profile model Themes (useful stylesheets and such) Friendship model Geocoding ... In addition to the basic MVC stuff, these applications would include: testing harnesses seed data git support One could choose start from any of these functionality points. Other than the sample application that are available with the various gems/plugins, are there projects such as these? If not, I would certainly be willing to contribute what I have.

Read the article
HttpsURLConnection failing intermittently to the same URL

- by Arkaitz Jimenez

I think I'm experiencing the same as http://groups.google.com/group/android-developers/msg/9d37d64aad0ee357 This is Android 1.5 SDK. I happen to call several times below code(which is in a method) with the same url and it fails intermittently. When it fails, there is no exception, the stream is empty so the readConnection fails, and getResponseCode returns -1. Global caching is disabled, setDefaultUseCaches(false); I suppose there must be some kind of url connection object pool somewhere. Any idea on how can I workaround this? HttpURLConnection connection = null; try { URL url = new URL(this.url); connection = (HttpURLConnection) url.openConnection(); connection.setRequestProperty("Authorization", "basic " + Base64Coder.encodeString(user + ":" + password)); connection.setRequestProperty("User-Agent", userAgent); connection.connect(); readConnection(connection.getInputStream()); connection.disconnect(); } catch (IOException ex) { reportException(ex, connection.getResponseCode()) } catch (ParserException ex) { reportException(ex, connection.getResponseCode()) }

Read the article
asp.net mvc who is online

- by niao

Greetings, can someone give me some advices or links that will help me to implement to following scenario. Page will be written in asp.net mvc. Authorization is going to be implemented by Memberships. The scenario is as follows: User1 has just logged in. After a while, User2 attempts to login with success. Then user1 should be notified that User2 has just logged in. Additionally User2 should be notified that User1 is online. How can I achieve something like that? It should also be possible for these users to write messages to each other. (chat like).

Read the article
REST authentication S3 like hmac sha1 signature vs symetric data encryption.

- by coulix

Hello stackers, I was arguing about an S3 like aproach using authorization hash with a secret key as the seed and some data on the request as the message signed with hmac sha1 (Amazon S3 way) vs an other developer supporting symetric encryption of the data with a secret key known by the emiter and the server. What are the advantage of using signed data with hmac sha1 vs symetric key other than the fact that with the former, we do not need to encrypt the username or password. What would be the hardest to break ? symetric encryption or sha1 hashing at la S3 ? If all big players are using oauth and similar without symetric key it is sure that there are obvious advantages, what are those ?

Read the article
PAC with kerberoes

- by Varun

I am currently working on kerberoes, and for now have this doubt on PAC in MS-KILE kerberoes extension. Can pac included in pactype strcuture withtin authorization data, is meant for client to decrypt and decode. It seems (if my understanding is correct), that PAC is encrypted with target server's encryption key, which is known only to kdc and target server, and therefore, client just needs to forward that to server when requesting a service, and isn't suppose to decrypt and extract details about its credentails. Is there a way to try to decrypt this on the fly? ( is there sufficient information available in AS-REP for me extract and decrypt this?

Read the article
Paypal credit card validation

- by Naresh

Hi all, I want to check that the credit card number provided by customer to my site is valid or not for further transaction. for that i wand to only verify taht the CC no is valid or not by Paypal. A method for that can be with paypal api step 1: DoDirectPayment with PAYMENTACTION=Authorization for amt of $1, then step 2: DoVoid that request Does any one can tell me is any amount is charged by paypal for doing tis stuff? or any other better way you know? My site is in PHP..

Read the article
How do I create Ntlm Type 1 and Type 3 messages in .Net

- by brj011

I need to create Type 1 message and Type 3 message for NTLM handshaking. Is there any .Net API for this? Essentially, the application is WPF based, but Socket is used in order to stream data from the server. Use of socket is a technical requirement, but the problem is when user needs to connect to the server using a proxy server. Further, if the proxy authorization is based on Ntlm, the client application needs to create Type 1 and Type 3 messages in order to handshake with the proxy server. My question is: Is there any API already available in .NET libraries that can be consumed in order to create these different types of NTLM messages? Any help or alternatives will be greatly appreciated. Thanks in advance.

Read the article
Use of WebDAV to access OWA (exchange 2003) mails with Basic authentication and SSL

- by Mayuresh

I have got a working C# code for accessing OWA mails using WebDAV against a FBA enabled exchange 2003 (http://support.microsoft.com/kb/891748/en-us/) But my client's OWA (exchange 2003) has Basic authentication and SSL (i-e when I try to access the web mail link through browser I get a grey login box instead of a web page I can log into the mail box once I enter the correct details) But my same fails with a 401 error against this mailbox. I got the simple request working for the Basic authentication using – String usernamePassword = strUserName + ":" + strPassword; WebReq.Headers.Add("Authorization", "Basic " + Convert.ToBase64String(new ASCIIEncoding().GetBytes(usernamePassword))); But the subsequent WebDAV SEARCH request fails with 404 (resource not found) error. Can we use WebDAV against an exchange 2k3 with SSL and Basic authentication?

Read the article
Java technologies for web-development.

- by Alex

Hello. I'm PHP-programmer, but I'm extremely interested in learning Java. So I decided to change speciality from PHP to Java. At the moment I have an opportunity to try to make quite simple web-application (it should contain 2-3 forms, several pages with information from the database and authorization module) and also I have a chance to choose any technology I want. Besides I have about 3 months for this task. I've decided to develop site with Java technologies for the purpose of studying. I've already read a book about Java ("Java2 Complete Reference" by P.Naughton) and currently I'm reading "Thinking in Java" by B.Eckel. I clearly understand it's not enough for efficient development, but I want, at least, to try. I would be very appreciated for the advises, which framework (for example) or technology to choose (Spring, Grails etc.) and what primary aspects and technologies of Java should I pay attention to? Thank you in advance.

Read the article
How do you manage web navigation info in your application?

- by Dave

I’m building an application where different users will have different menu items available to them depending on what they’ve paid for. There will also be multiple levels to the menu hierarchy. What’s the best approach to this problem? I’m assuming I need a database table that represents the menu hierarchy, including the parent-child relationships of the nodes in the navigation as well as the sorting of the items. Then another table which I use to manage whether a user is authorized to access a particular item in that table. When I render the view, I’d reference the menus, and the access rights of the user to output the menu, and I’d also need a function to check that same authorization from each controller in case a user manually types in a URL of a controller they’re not supposed to have access to. Is this the right approach? Any suggestions for caching this to prevent the constant look-ups of this type of info? I’m open to any suggestions on how you may have approached this type of requirement.

Read the article
Filemaker XSL 20sec Query Latency

- by Ian Wetherbee

I have an ASP frontend that loads data from a Filemaker database using XSL to perform simple queries. The problem is that the first page load takes 20 seconds +/- 200ms, then the next few page refreshes within a minute of the first request take <200ms, then the cycle starts over again. Each page load makes only 2 XSL queries, and they execute fast after the first page load, so what is causing the delay on the first page load? I have caching turned up with a 100% hit rate, and number of connections at 100. I've tried with XSL database sessions on and off, and session time anywhere from 1 to 60 minutes without any changes. The XSL loads from ASP use a GET request and add a Basic Authorization header to authenticate each time. During fast page requests, the fmserver.exe and fmswpc.exe processes don't even flinch, but during a 20 second holdup I see fmserver jump to 30% CPU and a 3mb I/O read a few seconds into the request, and occasionally fmswpc jump to 60% CPU.

Read the article
Single Sign On with 3 applications

- by John H.

I'm building three web applications in .NET that will all share a users database and login information. Lets pretend that application 1 is the "parent" application and applications "A" and "B" are the "child" applications. All users have to be logged into application 1 to have access to applications A and B. Authorization, Authentication, and MachineKey sections of all web configs are present and work correctly. I have the correct web.config settings in all applications to achieve Single Sign On except one problem remains: what do I put in the "loginUrl" attribute of the forms tag in Applications A and B. Assume that the url for the login to application 1 is "www.johnsapp.com/login.aspx" How can I get applications A and B to send the user back to application 1 for authentication using only settings in web.config?

Read the article
@Secured not working

- by user3640507

I am new to spring and trying to implement Role based authorization with the help of @Secured annotation. I have a method which is specifically for ADMIN and I have written @Secured ("ROLE_ADMIN") to secure it. @Secured ("ROLE_ADMIN") public void HelloUser(String name) { System.out.println("Hello ADMIN"); } Now when I call this method by creating a class object it gets called eventhough user dont have ADMIN authority But when I dont create an object and use @autowired annotation instead then it works i.e User is not allowed to access this method. In my security.xml as well as servlet.xml I have added <global-method-security secured-annotations="enabled" /> Can some one please tell me where I am going wrong or is this the natural behaviour in spring ?

Read the article
deploying a war to tomcat using python

- by Decado

Hi, I'm trying to deploy a war to a Apache Tomcat server (Build 6.0.24) using python (2.4.2) as part of a build process. I'm using the following code import urllib2 import base64 war_file_contents = open('war_file.war','rb').read() username='some_user' password='some_pwd' base64string = base64.encodestring('%s:%s' % (username, password))[:-1] authheader = "Basic %s" % base64string opener = urllib2.build_opener(urllib2.HTTPHandler) request = urllib2.Request('http://158.155.40.110:8080/manager/deploy?path=war_file', data=war_file_contents) request.add_header('Content-Type', 'application/octet-stream') request.add_header("Authorization", authheader) request.get_method = lambda: 'PUT' url = opener.open(request) the url.code is 200, and the url.msg is "OK". However the web archive doesn't appear on the manager list applications page. Thanks.

Read the article
How to override [Authorize] attribute in the MVC Web API?

- by NullReference

I have a MVC Web Api Controller that uses the [Authorize] attribute at the class level. This makes all of the api methods require authorization but I'd like to create an attribute called [ApiPublic] that overrides the [Authorize] attribute. There is a similar technique described here for normal MVC controllers. I tried creating an AuthorizeAttribute based of the System.Web.Http.AuthorizeAttribute but none of the overridden events are called if I put it on a api method that has the [Authorize] at the class level. Anyone have an idea how to override the authorize for the web api? [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)] public class ApiPublicAttribute : AuthorizeAttribute { protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { base.HandleUnauthorizedRequest(actionContext); } public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { base.OnAuthorization(actionContext); } protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext) { return true; } }

Read the article
How to get the if the Page is Liked in my Facebook Application page

- by Axe

I'm using the Facebook sdk from codeplex I've tried the suggestion at How to get the Page Id in my Facebook Application page which is this: if (FacebookWebContext.Current.SignedRequest != null) { dynamic data = FacebookWebContext.Current.SignedRequest.Data; if (data.page != null) { var pageId = (String)data.page.id; var isUserAdmin = (Boolean)data.page.admin; var userLikesPage = (Boolean)data.page.liked; } else { // not on a page } } But my data.page is null. Do I need to ask for some extra permissions on the authorization or something? Also tried this the FQL suggested at http://blog.woodylabs.com/2010/09/facebook-graph-api-is-user-a-fan-of-page-id-using-fql-and-opengraph-to-mimic-pages-isfan/ But I only have an appId not a page ID. Any ideas?

Read the article
What is a valid and reasonable alternative to a massive storage approach?

- by Backo

I am using Ruby on Rails 3.2.2 and MySQL. After my previous question on "how to handle massive storage of records in database for user authorization purposes", since related answers (on how to solve the issue or how to accomplish to that I am looking for) aren't sufficiently detailed or require to much resources (at least for me), I would like to know what are valid and reasonable alternatives to that approach. In few words, this question could be phrase as: how to handle "complex" (at level of SQL querying) user authorizations when you have to fetch "authorized" records? That is, for example, how to retrieve records when you would use code like the following (the following code would be used mostly in index controller actions): Article.readable_by_user(@current_user) # => Returns all articles readable by the current user.

Read the article

< Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38 | Next Page >