Search Results

Search found 1208 results on 49 pages for 'proxied authorization'.

Page 32/49 | < Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39 | Next Page >

WCF Security Transport Security Questions

- by shyneman

I'm writing a set of WCF services that rely on transport security with Windows Authentication using the trusted subsystem model. However, I want to perform authorization based on the original client user that initiated the request (e.g. a user from a website with a username/password). I'm planning to achieve this by adding the original user's credentials in the header before the client sends the message and then the service will use the supplied credentials to authorize the user. So I have a few questions about this implementation: 1) using transport security with windows auth, I do NOT need to worry about again encrypting the passed credentials to ensure the validity... WCF automatically takes care of this - is this correct? 2) how does this implementation prevent a malicious service, running under some windows account within the domain, to send a message tagged with spoofed credentials. for e.g. a malicious service replaces the credentials with an Admin user to do something bad? Thanks for any help.

Read the article
Facebook Graph Api doesn't redirect to my callback

- by Pentium10

I am following the steps to do the authorization as described here, but I am not redirected to my callback url. I get the following five steps after calling the first one: https://graph.facebook.com/oauth/authorize?display=touch&client_id=...&redirect_uri=... https://www.facebook.com/connect/uiserver.php?display=touch&client_id=...&redirect_uri=...&next=https://graph.facebook.com/oauth/authorize_success?display=touch&client_id=...&redirect_uri=...&type=web_server&cancel_url=https://graph.facebook.com/oauth/authorize_cancel?display=touch&client_id=...&redirect_uri=...&method=permissions.request&return_session=1 http://www.facebook.com/ http://touch.facebook.com/?w2m http://touch.facebook.com/login.php?next=http://touch.facebook.com/?w2m&cancel=http://touch.facebook.com/?w2m&fbconnect=0&r39c26cf0&refid=108 As you see the 5th steps just displays the login screen. If I log in, or I am already logged in I am presented with the home page. I use my application key, and the connect url of the app I've setup in FB Developers page. What I am doing wrong, why I am not redirected to my url?

Read the article
Deleting blog post using Blogger API, Javascript and Prototype

- by Mikhail

Hello, everyone! I'm trying to delete a blog post on blogger.com using Blogger API via Prototype Javascript library. Here's my code: var request = new Ajax.Request( 'http://www.blogger.com/feeds/'+remoteBlogId+'/posts/default/'+postId { method:'DELETE', requestHeaders:['Authorization', 'GoogleLogin auth='+authKey], on200:function(){/*onSuccess*/}, onFailure:function(){/*onFailure*/} } ); As far as I can see from API description, everything's alright, but when I run this, it fires onSuccess function, but doesn't delete the entry on the server. I guess that Prototype doesn't work well with HTTP methods other than GET and POST (here's the ticket describing similar problem though proposed patch didn't work for me) Any help is appreciated! Thanks in advance, Mikhail.

Read the article
wcf data service security configuration

- by Daniel Pratt

I'm in the process of setting up a WCF Data Services web service and I'm trying to sort out the security configuration. Although there's quite a lot of documentation out there for configuring WCF security, a lot of it seems to be outmoded or does not apply to my scenario. Ultimately, I am planning on managing authorization of operations via change interceptors. Thus, all I really need is the simplest way to permit a client to pass credentials along with a request and to be able to authenticate those credentials against either AD or an ASP.NET membership provider (I'd much prefer the latter unless it makes things much more complicated). I'm intending to manage encryption at the transport level (i.e. HTTPS). I'm hoping that the eventual solution does not involve a huge web.config. Likewise, I'd much prefer to avoid writing custom code for the purpose of authentication.

Read the article
C#/.Net Download file from premium rapidshare account

- by Simon

Hello, how can I log to premium rapidshare account from my source? I tryed this but it is not working: string authInfo = "name" + ":" + "pass"; authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo)); client.Headers["Authorization"] = "Basic " + authInfo; client.DownloadFile("url", "C:\\Temp\\aaaa.file"); OR WebClient client = new WebClient(); client.Credentials = new NetworkCredential("name", "pass"); client.DownloadFile("url", "C:\\Temp\\aaaa.file"); Is there any simple way how download the file directly from rapidshare premium? Thank you a lot! Regards, simon

Read the article
OAuth gives me 401 error

- by Radek

I am trying to get the access key but I cannot make it work. `request_token.get_access_token is giving me 401 Unauthorized (OAuth::Unauthorized) error. I copy the authorize_url into my browser, allow the application, I receive some kind of PIN from twitter but after hitting enter in my script I always get 401 error. I did some search and I found this helped access_token = request_token.get_access_token(:oauth_verifier => params[:oauth_verifier]) but it is giving me undefined local variable or methodparams' for main:Object (NameError)` the ruby script is like ( I was following this tutorial ) gem 'oauth' require 'oauth/consumer' consumer_key = 'your key' consumer_secret ='your secret' consumer=OAuth::Consumer.new "consumer_key", "consumer_secret", {:site=>"http://twitter.com"} #{:site=>"https://agree2.com"} request_token = consumer.get_request_token puts request_token.token puts request_token.secret puts request_token.authorize_url puts "Hit enter when you have completed authorization." STDIN.gets access_token = request_token.get_access_token #access_token = request_token.get_access_token(:oauth_verifier => params[:oauth_verifier]) puts access_token.token puts access_token.secret puts puts access_token.inspect

Read the article
ASP.NET MVC and ASP.NET membership template provider

- by rem

In a standard ASP.NET MVC template application that is created by default in Visual Studio when starting a new ASP.NET MVC application there is already a built-in membership / authentication / authorization system. Using web search one can find lots of info about how to work with a built-in ASP.NET membership system, but very often this material is a bit of an old and refer to ASP.NET only, not mentioning ASP.NET MVC framework. Just for example: http://msdn.microsoft.com/en-us/library/ms998347.aspx#paght000022%5Fmembershipapis or http://www.4guysfromrolla.com/articles/091207-1.aspx To what extent all that applies to ASP.NET built-in membership system applies also to ASP.NET MVC ready template membership system?

Read the article
NSURLConnection and Basic HTTP Authentication

- by Justin Galzic

I need to invoke an initial GET HTTP request with Basic Authentication. This would be the first time the request is sent to the server and I already have the username & password so there's no need for a challenge from the server for authorization. First question: 1) Does NSUrlConnection have to be set as synchronous to do Basic Auth? According to the answer on this post, it seems that you can't do Basic Auth if you opt for the async route. 2) Anyone know of any some sample code that illustrates Basic Auth on a GET request without the need for a challenge response? Apple's documentation shows an example but only after the server has issued the challenge request to the client. I'm kind of new the networking portion of the SDK and I'm not sure which of the other classes I should use to get this working. (I see the NSURLCredential class but it seems that it is used only with NSURLAuthenticationChallenge after the client has requested for an authorized resource from the server).

Read the article
Extending Code Igniter Model functions to external PHP Scripts

- by Fábio Antunes

Hello everybody. I'm doing a small web app, which uses CKeditor for user input, and CKfinder for file management (images/flash). Those who know CKFinder, also know that the config file for CKFinder as a function named CheckAuthentication() that returns false or true, giving or not permissions to use CKFinder. This is were a Custom PHP Code checks if the user as authorization to access CKFinder or not. Well for my app I'm using Code Igniter, and of course I've created a model were i handle everything about User Permissions, Loggin, Session Cookies, etc. And i also have a function witch its propose is just to check if the user is Logged in. So I would like to know if someone knows a way that i can call the function isLoggedIn() inside the model security from inside the function CheckAuthentication() in CKFinder config file. Thanks in advance.

Read the article
java enterprise project

- by darko petreski

Hi All, All the time we are hearing that java is enterprise. We have read many books about jpa, entity beans and other stuff. All this books explain this technology with some dummy examples. I have not seen a book that explains real problems with enterprise beans, java clients and security! I mean real book not some imaginated stupid examples . Is there any book that describes completely some enterprise system, Its architecture, communication, security, of course the client that uses the distributed components ? I need a book that will cover the flowing: server side components (ejb, jpa) client side java desktop application security (authentication and authorization) web services with complete authentication clustering (we can find for all of this a book, but there is no book that covers all this things in one piece. Also all the books are with dummy samples.) Or may be some project that is documented. Regards, Darko

Read the article
Jersey, Spring, Tomcat and Security Annotations

- by jr

I need to secure a simple jersey RESTful API in a Tomcat 6.0.24 container. I'd like to keep the authentication with Basic Authentication using the tomcat-users.xml file to define the users and roles (this is for now, like I said its small). Now, for authorization I'd like to be able to use the JSR 250 annotations like @RolesAllowed, @PermitAll, @DenyAll, etc. I cannot for the life of me figure out how to wire this all up together. I really don't want to go spring-security route, since I need something very simple at the current time. Can someone point me in the right direction.

Read the article
Google Gears - Database - VACUUM

- by Sirber

With this code: var db = google.gears.factory.create('beta.database'); db.open('cominar'); db.execute('CREATE TABLE IF NOT EXISTS Ajax (AJAX_ID INTEGER PRIMARY KEY AUTOINCREMENT , MODULE TEXT, FUNCTION TEXT, CONTENT_JSON TEXT);'); db.execute('VACUUM;'); // nettoye la DB I'm trying to clean the database (VACUUM) the database at each initialisation but I get this error: Uncaught Error: Database operation failed. ERROR: authorization denied DETAILS: not authorized The database was created by me (the same page). Thank you!

Read the article
Using rest-client to upload a paperclip attachment but getting no file found error

- by Angela

Hello, I have a paperclip attachment that I wan to upload to a web-service using rest-client. However, when I try to run it, I get an error: No such file or directory - /system/postalimages/1/original/postcard-1.png?1274635084 But the file exists for sure: I see it in my directory. How do I debug this? Here is the code in my controller which makes the upload: def upload @postalcard = Postalcard.find(:last) response = RestClient.post('http://www.postful.com/service/upload', { :upload => { :file => File.new(@postalcard.postalimage.url,'rb') #paperclip file path } }, #end payload {"Content-Type" => @postalcard.postalimage.content_type, "Content-Length" => @postalcard.postalimage.size, "Authorization" => 'Basic dGltZm9uZzg4OEBnbWFpbC5jb206ZDlQcTVKUU4='} # end headers ) #close arguments to Restclient.post return response.body end

Read the article
Legacy application with JDBC and JNDI REALM authentication

- by KB

Hello All, My application currently relies on JDBC realm authentication. Recent needs have forced us to think about having LDAP authentication as well. We are thinking about using Active Directory for both authentication as well as authorization (roles). As a standalone test, I was able to authenticate my application with AD. But here is the confusion I have going forward. If the user chooses LDAP authentication when he logs in, I authenticate the user with AD, get the user's roles and do I replicate(create a new) windows user in my database?. I have to have the user in the database, because many parts of the application is designed to retrieve the user from database If the users chooses local login, I still should have JDBCRealm somewhere that I should use to authenticate the user. Is it possible to have multiple realms in tomcat? (I sort of know it is possible, but havent seen much documentation around it) Any thoughts, comments, suggestions would immensely help me Thanks K

Read the article
ASP.NET authentication login and logout with browser back button

- by Eatdoku

Hi, I am looking for a solution for user use the browser's back button to navigate to previous page once logged out. I have a web application build in asp.net and using a custom membership provider for authentication and authorization. Everything works fine except when the user click on the logout link to log out of the application and being redirect to a default cover page, if the use click on the BACK BUTTON on their browser, it will actually go back to where they were before and the data will still show up. Of course they can't do anything on that page, click on anything link they will be redirect to a login page again. But having those information display is making a lot users confused. i am just wondering if there is any way i can either clear the browser's history so use can't go BACK, or when they click on the back button and have them redirect to the login page. thanks

Read the article
Did we really always need to use Ruby/ rails plugin?

- by Devlim

I been intersted in ruby and rails lately but what I always encounter in blog/ podcast / book is they will always teach how to use ruby or rails plugin/ ruby instead of writing one. Did we really always need to use plugin, even thing like authorization? Authenticate? Is it really waste time Or hard to write from start? Then if it hard and waste time why rails say make web development less painful? Or I was wrong in term of concept? Goal ? Or anything else? Of rails? Anyone can guide me ?

Read the article
ASP.Net MVC 2 Forms Authentication cookieless = "UseUri" while submit autherization fails

- by rintoantony

hi, I just started working with ASP.Net MVC 2. I created a new ASP.Net MVC application and created one vehicle controler with a database table connected with LINQ. Then created forms authentication mechanism for the application and tried to use the uri instead of cookies it was working smoothly but when i submit the form by creating a "Create" view from the controler using the utility it just dont work. The autherization got failed and asking to enter the user name and password again.I had created the authorization mechanism by adding Authorise attribute to the Controller so as to get authorized for all the actions. namespace MVCNEW.Controllers { [Authorize] public class VehicleController : Controller { But if i use the cookies instead of uri it works fine. Thanks in advance...

Read the article
How to secure access to SWF file using ASP.NET?

- by elsharpo

hi guys, We have a swf file that we want to secure and make available only to authorized users. I embedded the file in an aspx page and that works fine, since ASP.NET handles the aspx page, I can use ASP.NET authorization features and in the web.config restrict the access to roles="AllowedUsers" for example. However smart users could still get to the file by accessing directly for example www.mysite/flash.swf. We want to make that kind of access secure. Any help would be greatly appreciated! Thanks!

Read the article
htaccess not called when the url point to an existing folder

- by Eldad

Hi, I'm running zend server on windows 7. I'm using the htaccess from jooml: Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index.php [F,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/index.php RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC] RewriteRule (.*) index.php RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] when I'm calling this url: http://localhost/ABC/ the data is been redirect to index.php but if I'm creating the folder ABC the server is showing the ABC folder content and not redirecting the data back to index.php. how can I prevent that, I want all the calls data to be directed into index.php? Thanks

Read the article
Retrieving WSDL file from secure service

- by Anonimo

I have a Web Service developed with JAX-WS. I have secured the web service with BASIC authentication configured in Tomcat. When I try to access the web service using a Java client, I first need to create the port, and then specify the credentials, as follows: CustomerServiceClient customerServiceClient = new CustomerServiceBottomUpService(); //1 CustomerService customer = customerServiceClient.getCustomerServicePort(); //2 Map<String, Object> context = ((BindingProvider) customer).getRequestContext(); //3 context.put(BindingProvider.USERNAME_PROPERTY, "kermit"); //4 context.put(BindingProvider.PASSWORD_PROPERTY, "thefrog"); //5 The problem I have is that, after line 1, I get an Authorization error (HTTP 401) as I obviously haven't provided the server with the credentials yet. I am creating the client artifacts from a server WSDL, hence the authentication problem when creating the service, and don't want my clients to store the WSDL locally as it's just annoying for them. How can I get around this problem?

Read the article
How can I pre-authorize authopen?

- by Georg

I'm using authopen inside one of my programs to modify files owned by root. As can be seen in the screenshot below authopen asks for a admin password. What I'd like to achieve is that the dialog shows my app's name and then passes the authorization to authopen. Code Launching authopen which returns an authorized file descriptor. int pipe[2]; socketpair(AF_UNIX, SOCK_STREAM, 0, pipe); if (fork() == 0) { // child // close parent's pipe close(pipe[0]); dup2(pipe[1], STDOUT_FILENO); const char *authopenPath = "/usr/libexec/authopen"; execl(authopenPath, authopenPath, "-stdoutpipe", [self.device.devicePath fileSystemRepresentation], NULL); NSLog(@"Fatal error, quitting."); exit(-1); } // parent // close childs's pipe close(pipe[1]); // get file descriptor through sockets I'd really like not to use AuthorizationExecuteWithPrivileges because then I'd have to get more rights than I want to.

Read the article
Using ClaimsPrincipalPermissionAttribute, how do I catch the SecurityException?

- by Ryan Roark

In my MVC application I have a Controller Action that Deletes a customer, which I'm applying Claims Based Authorization to using WIF. Problem: if someone doesn't have access they see an exception in the browser (complete with stacktrace), but I'd rather just redirect them. This works and allows me to redirect: public ActionResult Delete(int id) { try { ClaimsPrincipalPermission.CheckAccess("Customer", "Delete"); _supplier.Delete(id); return RedirectToAction("List"); } catch (SecurityException ex) { return RedirectToAction("NotAuthorized", "Account"); } } This works but throws a SecurityException I don't know how to catch (when the user is not authorized): [ClaimsPrincipalPermission(SecurityAction.Demand, Operation = "Delete", Resource = "Customer")] public ActionResult Delete(int id) { _supplier.Delete(id); return RedirectToAction("List"); } I'd like to use the declarative approach, but not sure how to handle unauthorized requests. Any suggestions?

Read the article
Can't access web service when connected to the network :: HTTP 407

- by Ian

Hi All, I have a console application that communicates with a web service. Both of them are on the same machine. When I am accessing the web service with the LAN disabled, it connects without a problem. But if the LAN is enabled and connected to our office network, I receive this error: "HTTP 407 Proxy Authentication required - The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied." We've been hunting the source of the problem for three days now. We have tried everything that we can think of. Any ideas what's causing the problem? Additional notes: - The machine is in a Workgroup setup but with DNS suffix (computer.local). When accessing the web service, we type the address as "http://machine.computer.local/service.asmx" I talked to the IT guys and they said that we don't have an ISA server installed There is no "proxy" set in IE. The machine is in mint condition.

Read the article
MDE Access decrypt JDBC

- by michelemarcon

I want to perform JDBC SQL queries on a MDE Access file. I've set up the data source ODBC and everything worked well for a MDE file. Now, I'm working with a newer version of the MDE file, and here is the result: java.sql.SQLException: [Microsoft][Driver ODBC Microsoft Access] Cannont read record. Read authorization unavailable for "tbl_mytable". If I open the MDE with Access Runtime I am asked for a password, and after leaving a blank password I can see all the data. Of course, "tbl_mytable" does exist inside the database.

Read the article
Running a GWT application inside an IFRAME from an ASP.NET 3.5 app?

- by Jay Stevens

We are looking at integrating a full-blown GWT (Google Web Toolkit 2.0) application with an existing ASP.NET 3.5 application. My first gut reaction is that this is a horrible frankenstein idea. However, the customer has insisted that we use this application developed by a third-party. I have almost NO CONTROL over the development of the GWT app. My first thought is to actually attempt to embed this in an iFrame. Because GWT is running under Tomcat/Jakarta, it is hosted on a different server from the .NET app so the iFrame src will be to a URL on the other machine. I need to utilize our own ASP.NET authorization scheme to restrict access to the embedded GWT application. The GWT app also uses embedded java applets, which don't seem to be working right now inside the iframe. Any major problems with this approach that anyone can see? Will GWT work on an iframe while hosted on a different machine?

Read the article

< Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39 | Next Page >