Search Results

Search found 1208 results on 49 pages for 'proxied authorization'.

Page 34/49 | < Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >

• Calling a WCF from ASP.NET with same the single-signon user LogonUserIdentity

  - by Dennis Cheung

  I have a ASP.NET MVC page, which call WCF logic. The system is single-signon using NTML. Both the ASP page and the WCF will use the UserIdentity to get user login information. Other then NTML, I will also have a Form based authorization (with AD) in same system. The ASP page, is it simple and I can have it from HttpContext.Current.Request.LogonUserIdentity. However, it seem it is missing from the WCF which call by the ASP, not from browser. How to configure to pass the ID pass from the ASP to the WCF?

  Read the article

• How to create an object reference to a xaml page from App.xaml.cs codebehind?

  - by John K.

  Hi all, I have a Silverlight 4 Business Project where I have enabled the ASP.NET Authentication/Authorization role information. I would like to pass the currently authenticated user's account information from the app.xaml.cs codebehind to a different XAML page, but I have no idea how that is done, or if it's even possible. My goal is to databind the IsEnabled property of various buttons of my target XAML page, based on whether the current user is in a particular admin related role or not. The Application_UserLoaded event handler of app.xaml.cs seems to be the safest event handler to initiate this task because it fires only after the user's account information is loaded from the server. I had previously attempted to retrieve the current user information directly from my target XAML page, but I was never getting the current user information because Application_UserLoaded hadn't finished loading the current user info yet. public partial class App : Application { private void Application_UserLoaded(LoadUserOperation operation) { // How do you create an object reference to a XAML page from your project solution // from this event handler? } } Thanks in advance for any assistance, John

  Read the article

• DotNetOpenAuth for previously authorized site

  - by Burke Holland

  I've had great luck with DotNetOpenAuth to do 3 legged authorization. Currently, I am connecting and pulling in some Google data. My question is that apparently, if you have already auth'd my web application to your Google account, when I call var accessTokenResponse = google.ProcessUserAuthorization(); It basically does nothing. How do I get the token for an account that has already auth'd my application? I see no callback of any kind. I'm chocking this up to my ignorance about OAuth in general.

  Read the article

• Web services Authentication Jungle

  - by redben

  I have been doing some research lately about best approaches to authenticating web services calls (REST SOAP or whatever). But none of the Approaches convinced me... But i still can't a make a choise... Some talk about SSL and http basic authentication -login/password- which just seems weird for a machine (i mean having to assign a login/password to a machine, or is it not ?). Some others say API keys (seems like these scheme is more used for tracking and not realy for securing). Some say tokens (like session IDs) but shouldn't we stay stateless (especially if in REST style) ? In my use case, when a remote app is calling one of our web services, i have to authenticate the calling application obviously, and the call must - if applicable - tell me which user it impersonates so i can deal with authorization later. Any thoughts ?

  Read the article

• Add CSS to Form Type is Symfony2

  - by Umair Iqbal

  I have an edit form, The form is made through symfony2 Form types. I checked the documentation but couldn't find any option for adding CSS to the form. The form display the data correctly and everything is fine what I want to do is to add styling to each field. My Edit Type is public function buildForm(FormBuilder $builder, array $options) { $builder ->add('id', 'hidden') ->add('patent_name', 'text', array('label' => 'Patent Name')) ->add('description', 'textarea', array('label' => 'Description', 'required' => false)) ->add('appln_auth','text', array('label' => 'Application Authorization')) ; } Anyone has any idea ho I can add css ? Thanks

  Read the article

• Auto login on website

  - by jacktol

  I'm working on an application which consists of a Web Application and a Standalone Application. Both of the applications use the same database and require authentication and authorization. Within the Standalone Application a web browser needs to be opened, going to a page within the Web Application. This page is for authorized users only. Could anyone tell me if there is an easy way to automatically login within the Web Application via the Standalone Application? Besides using cookies or providing a token in the url. Thank you.

  Read the article

• Possible Performance Considerations using Linq to SQL Repositories

  - by Robert Harvey

  I have an ASP.NET MVC application that uses Linq to SQL repositories for all interactions with the database. To deal with data security, I do trimming to filter data to only those items to which the user has access. This occurs in several places: Data in list views Links in a menu bar A treeview on the left hand side containing links to content Role-based security A special security attribute, inheriting from AuthorizeAttribute, that implements content-based authorization on every controller method. Each of these places instantiates a repository, which opens a Linq to Sql DataContext and accesses the database. So, by my count, each request for a page access opens at least six separate Linq to SQL DataContexts. Should I be concerned about this from a performance perspective, and if so, what can be done to mitigate it?

  Read the article

• simplemodal or my brain bug?

  - by g0sha

  Sorry for my Eng. I`m trying to use simplemodal in my project authorization form, but here is a little trouble: <javascript> function usr_init() { $('div#usrinfo').html("test"); } </javascript> <html> <a href="#" onClick='$("#authdiv").modal();'>TEST!</a> </html> In authdiv I have a form with onSubmit="usr_init()"; But after automatic close #usrinfo changes to previous value. What to do with this problem?

  Read the article

• Bitfield With 3 States...?

  - by TheCloudlessSky

  I'm trying to create an authorization scheme for my ASP.NET MVC application where an Enum is used to set permissions. For example: [Flags] enum Permissions { ReadAppointments = 1, WriteAppointments = 2 | ReadAppointments, ReadPatients = 4, WritePatients = 8 | ReadPatients, ReadInvoices = 16, WriteInvoices = 32 | ReadInvoices ... } But I don't really like that because it really doesn't make it clear that Write always includes Read. I then realized that a requirement would be that a user might have NO access to, for example, Appointments. Essentially, I'd want a "bitfield" with 3 states: none, readonly, full (read/write). I'd like to still use an enum bitfield since it's easy to store in a DB (as an int). Also it's very easy to see if a permission is set. Does anyone have any idea how this could be easily accomplished using an Enum... or am I going in the completely wrong direction?

  Read the article

• twitter basic authorisation not working?

  - by Bunny Rabbit

  URL url = new URL("http://twitter.com/statuses/update.xml"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setDoOutput(true); String cridentials = new sun.misc.BASE64Encoder().encode((username + ":" + password).getBytes()); conn.setRequestProperty ("Authorization", "Basic " + cridentials); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(status); wr.flush(); wr.close(); why the above code for updating twitter status is not working ? i am running it on google app engine.

  Read the article

• Non-string role names in ASP.NET MVC?

  - by MikeWyatt

  ASP.NET MVC has good support for role-based security, but the usage of strings as role names is maddening, simply because they cannot be strongly-typed as enumerations. For example, I have an "Admin" role in my app. The "Admin" string will now exist in the Authorize attribute of my action, in my master page (for hiding a tab), in my database (for defining the roles available to each user), and any other place in my code or view files where I need to perform special logic for admin or non-admin users. Is there a better solution, short of writing my own authorization attribute and filter, that would perhaps deal with a collection of enumeration values?

  Read the article

• download file in iframe in IE

  - by Estelle

  in a webpage I have a link to let the user download file, such as, "showfile.aspx?filename=xxx" in showfile.aspx, I send the file using Response.OutputStream.Write method. now I get some problem when somebody put this webpage in an IFrame and open in IE, as I checked the code, showfile.aspx is requested twice when clicks the link, and in the second time the cookies of authorization and session Id are missing. I tried to add the p3p header but not working. my question is, is this how the IE designed with iframe? is there anyway to work around? thanks.

  Read the article

• Whats the best method for queuing time-sensitive messages with PHP/MySQL?

  - by Mike Diena

  I'm building an SMS call and response system in a new app that receives a message via an aggregator gateway, checks it for functional keywords (run, stop, ask, etc), then processes it appropriately (save to the database, return an answer, or execute a task based on the users authorization). It's running fine at the moment as there are only a few users, but I figure its going to have more issues as we scale it up. We're currently running it on a single DV machine (mediatemple base dv). My question is this: does it make more sense to set something up like Memcached to run a queue, or a simple database with a daemon running to process each message one by one? I don't have much experience with either, so any advice would be helpful. Since the messaging is somewhat time-sensitive, what would be the fastest and most reliable way to handle this? Also, since we're sending responses, I'll probably need to set up and outbound message queue as well. Would it make sense to use the same concept for both?

  Read the article

• Best way to perform authentication on every request

  - by Nik

  Hello. In my asp.net mvc 2 app, I'm wondering about the best way to implement this: For every incoming request I need to perform custom authorization before allowing the file to be served. (This is based on headers and contents of the querystring. If you're familiar with how Amazon S3 does rest authentication - exactly that). I'd like to do this in the most perfomant way possible, which probably means as light a touch as possible, with IIS doing as much of the actual work as possible. The service will need to handle GET requests, as well as writing new files coming in via POST/PUT requests. The requests are for an abitrary file, so it could be: GET http://storage.foo.com/bla/egg/foo18/something.bin POST http://storage.foo.com/else.txt Right now I've half implemented it using an IHttpHandler which handles all routes (with routes.RouteExistingFiles = true), but not sure if that's the best, or if I should be hooking into the lifecycle somewhere else? Many thanks for any pointers. (IIS7)

  Read the article

• How to not have .axd files authenticate in IIS7

  - by AndyV

  We recently moved from IIS6 to IIS7 and we're experiencing some issues. The nastiest seems to be that .axd files being handled differently in IIS7. They're run through the pipeline for the authentication and authorization modules as well as the global.asax events. This causes problems for a variety of reason (specific to our code) that won't go into. How can we just exclude .axd files from all this like they were in IIS6? Thanks. Note: We're still in 32bit Classic pipeline mode.

  Read the article

• [Rails] HTTP Get Request

  - by Karl

  I've been trying to get Rails to play with the new Facebook Graph API. After I get the authorization "code", I need to send another request which returns the access token in JSON form. It seems to work fine, however I want to fetch the access token JSON without redirecting the user. I'm attempting to use Net::HTTP.get, but I'm not sure how to use it to get a request body, or even if it's the right thing to use to begin with. Can anyone give an example of performing an HTTP GET?

  Read the article

• Maven can't recognize the dependencies in both local and server

  - by Gary

  The dependencies already be available in both local and server, but maven build(clean, install) still failed and complain that can't find them. 1 Although the dependency can be found in server, but failed to build online Downloading: http://repo1.maven.org/maven2/org/codehaus/mojo/aspectj-maven-plugin/1.4/aspectj-maven-plugin-1.4.pom [WARNING] Unable to get resource 'org.codehaus.mojo:aspectj-maven-plugin:pom:1.4' from repository central (http://repo1.maven.org/maven2): (http://repo1.maven.org/maven2%29:) Authorization failed: Access denied to: h ttp://repo1.maven.org/maven2/org/codehaus/mojo/aspectj-maven-plugin/1.4/aspectj-maven-plugin-1.4.pom 2 I try to try offline, as the dependency is already in local, but failed [ERROR] BUILD ERROR [INFO] ------------------------------------------------------------------------ [INFO] Failed to resolve artifact. GroupId: org.codehaus.mojo ArtifactId: aspectj-maven-plugin Version: 1.4 Reason: System is offline. org.codehaus.mojo:aspectj-maven-plugin:pom:1.4 3 BTW, i have configured the relevant profile for the server

  Read the article

• OAuth 2.0: Can a user-agent client avoid forwarding fragments?

  - by Bosh

  In the OAuth 2.0 draft specification, user-agent clients receive authorization in the form of a bearer token via redirection (from an authentication server) to a URL such as HTTP/1.1 302 Found Location: http://example.com/rd#access_token=FJQbwq9&expires_in=3600 According to Section 3.5.2 it is then the user-agent's job to GET the URL in question, but "The user-agent SHALL NOT include the fragment component with the request." In other words, as a result of the example redirection above, the user-agent should GET /rd HTTP/1.1 Host: example.com without passing #access_token to the server. My question: what user agents behave this way? I thought redirection in Firefox, for example, would (logically) include the fragment in the GET request. Am I just wrong about this, or does the OAuth 2.0 specification rely on non-standard user-agent behavior?

  Read the article

• Servicestack CorsFeature Global Options Handler Not Firing on Certain Routes;

  - by gizmoboy

  I've got a service setup using the CorsFeature, and am using the approach that mythz suggested in other answers, collected in a function used in the appHost file: private void ConfigureCors(Funq.Container container) { Plugins.Add(new CorsFeature(allowedOrigins: "*", allowedMethods: "GET, POST, PUT, DELETE, OPTIONS", allowedHeaders: "Content-Type, Authorization, Accept", allowCredentials: true)); PreRequestFilters.Add((httpReq, httpRes) => { //Handles Request and closes Responses after emitting global HTTP Headers if (httpReq.HttpMethod == "OPTIONS") { httpRes.EndRequest(); } }); } However, the pre-request filter is only firing on some of the service requests. One of the base entities we have in the service is a question entity, and there are custom routes defined as follows: [Route("/question")] [Route("/question/{ReviewQuestionId}", "GET,DELETE")] [Route("/question/{ReviewQuestionId}/{ReviewSectionId}", "GET")] Using POSTMAN to fire test queries (all using the OPTIONS verb), we can see that this will fire the pre-request filter: http://localhost/myservice/api/question/ But this will not: http://localhost/myservice/api/question/66 Presumably, this is because the second and third routes explicitly defined the verbs they accept, and OPTIONS isn't one of them. Is it really necessary to spell out OPTIONS in every defined route that restricts the verbs supported?

  Read the article

• Powershell Replace Regex

  - by Brad

  I have a select-string which is seaching an IIS log for a particular string and returning the 2 lines above and one line below. So results look like this: 2012-06-15 18:26:09 98.138.206.39 OutboundConnectionResponse SMTPSVC1 WEB10 - 25 - - 220+mta1083.sbc.mail.ne1.yahoo.com+ESMTP+YSmtp+service+ready 0 0 60 0 218 SMTP - - - - 2012-06-15 18:26:09 98.138.206.39 OutboundConnectionCommand SMTPSVC1 WEB10 - 25 EHLO - WEB10.DOMAINCOM 0 0 4 0 218 SMTP - - - - 2012-06-15 18:26:09 74.125.244.10 OutboundConnectionResponse SMTPSVC1 WEB10 - 25 - - 550+IP+Authorization+check+failed+-+psmtp 0 0 41 0 218 SMTP - - - - 2012-06-15 18:26:09 74.125.244.10 OutboundConnectionCommand SMTPSVC1 WEB10 - 25 RSET - - 0 0 4 0 218 SMTP - - - - Note the third line begins with denoting thats the line that select-string matched upon. I am trying to do a -replace on the to replace it with < font color="red"$1< /font but my replace doesn't seem to work. Here's my code: $results = $results -replace "(^ )(.*)$", "< font color='red'$1< font" Can any powershell regex guru's out there tell me why my regular expression isn't matching? Thanks Brad

  Read the article

• Is it possible to run javascript with other target?

  - by Kristoffer Nolgren

  I have a facebook app that I authenticate using a general-purpose authentification. Like this: // Fixar oAuth jso_configure({ "facebook": { client_id: "393963983989013", redirect_uri: "http://resihop.herokuapp.com/", authorization: "https://www.facebook.com/dialog/oauth", presenttoken: "qs" } }); // Make sure that you have jso_ensureTokens({ "facebook": [""] }); // This dumps all cached tokens to console, for easyer debugging. //jso_dump(); jso_ensureTokens({ "facebook": [""] }); It's tirggered on document.ready. Because it's a facebook app I can't run the authentification in the iFrame. Facebook denies this using X-Frame-Options. The solution, if you authenticate with a link is to use target="_top". How do i Achieve the same effect in javascript? Maybe I need to edit one of the funcitons (though ideally not, as they are part of a library) in that case please point me in the right direction.

  Read the article

• Prevent unauthorised write access to a part of filesystem or partition

  - by gaurav

  Hello all I have some very important system files which I want to protect from accidental deletion even by root user. I can create a new partition for that and mount it with readonly access but the problem is that I want my application which handles those system files to have write access to that part and be able to modify them. Is that possible using VFS? As VFS handles access to the files I could have a module inserted in the VFS layer which can see if there is a write access to that part then see the authorization and allow it or otherwise reject it. If not please provide me suggestions regarding how can such a system be implemented what would I need in that case. If there exists a system like this please suggest about them also. I am using linux and want to implement this in C, I think it would be possible in C only. Edit: There are such kind of programs implemented in windows which can restrict access to administrator even, to some important folders, would that be possible in linux?

  Read the article

• Custom XAML property

  - by Scott Silvi

  Hey all - I've seen a library that allows me to do this inside my XAML, which sets the visibility of the control based on whether or not the user is in a role: s:Authorization.RequiresRole="Admin" Using that library with my database requires a bunch of coding that I can't really do right now. Ultimately here's what I want to know... I have received the authenticated users role from my SPROC, and its currently stored in my App.xaml.cs as a property (not necessary for the final solution, just FYI for now). I want to create a property (dependency property? attached property?) that allows me to say something very similar to what the other library has: RequiresRole="Admin", which would collapse the visibility if the user is not in the Admin role. Can anyone point me in the right direction on this? Thanks, Scott

  Read the article

• Tomcat 6 Realm Config with Windows AD

  - by mat

  We have Tomcat 6 connecting to a Win2k3 Server running AD. The realm is configured as such <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" referrals="follow" connectionURL="<url>" connectionName="CN=Query Account,OU=Service Accounts,DC=company,DC=com" connectionPassword="<pwd>" userBase="OU=Users,DC=company,DC=com" userSubtree="true" userSearch="(sAMAccountName={0})" userRoleName="member" roleBase="OU=Security Groups,DC=company,DC=com" roleName="cn" roleSearch="(member={0})" roleSubtree="true"/> Our groups in AD are such Security Groups (OU) IT (OU) IT Support (OU) Support Staff (CN) The LDAP security works if in the web.xml, I speficy Support Staff. i.e works for Common names. We want ANY user under Security Groups OU to have access to the application and not just the CN. Tomcat does not search OU's and it just searches CN's in our case. How do we configure our settings so we can do OU level authorization and not just CN level ? thanks Mat

  Read the article

• iOS app rejected by itunes team for copyright when embedding video from youtube

  - by Thiru Subramaniam

  I have created a simple app for my client with his selection of youtube videos embedded via iframe player and html5. The app got approved in android store whereas itunes rejected it claiming below, "Apps may not use protected third party material such as trademarks, copyrights, patents or violate 3rd party terms of use. Authorization to use such material must be provided upon request" Below is the link for the app in android. https://play.google.com/store/apps/details?id=com.jayam.shortfilms While I share videos using the html code obtained from youtube share button, still apple is claiming that I should provide evidence of copyright from each video owner. Any experiences of this kind will be very helpful for me.

  Read the article

< Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >