Search Results

Search found 54190 results on 2168 pages for 'http authentication'.

Page 37/2168 | < Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >

  • Automatic authentication in PHPMyAdmin

    - by Konstantin
    Hello! I have a local phpMyAdmin (installed via apt-get) adn I'm tired of entering login and password every time I try to open it. Database contains no sensitive info, just test tables, and is visible only from 127.0.0.1 I want phpMyAdmin already be logged in as root user with password 1234 (for example) when I open it. How do I do that? P.S. Saving password in a browser is not what I want.

    Read the article

  • Security in API authentication

    - by Carlos
    We are in the process of revamping our server side API, and we need to manage security. Our current model requires that a credentials object (containing user, password, and pin) be included in each method invocation. Our development team, however, has decided that we should have session objects instead (which is fine by me), but the new credentials are just a GUID. This is very different from what I've seen in other APIs in our industry, so I'm a bit concerned about how secure the new model will be. I asked them if they had analyzed both alternatives, and they said they haven't. Does anyone know if there're any clear advantages, disadvantages, risks, etc. of using a set of credentials versus just one element (complex as it may be)? PS: the communication channel would be secure in either case, and it's separate from this particular topic

    Read the article

  • Cakephp with OpenID and User Authentication

    - by nolandark
    I have a table "users" and I want to enable my visitors to login with their openID Account. For this I use the OpenId Component for Cakephp and it works fine (When I login with the Google URL I receive the "successfully authenticated!" notification). But now I'm kind of stuck because I don't know how to go on from there. Do I have to create a User-Entry for every user which has a new entry in the "oid_associations" table (I save all OpenId interaction in the mysql database)? Do I have to authenticate the User after the login (or is the OpenID-component doing that automatically?). Am I completely misunderstanding the concept?

    Read the article

  • Twitter authentication without authorization

    - by user325377
    I wish to get the tweeter usename of a visitor to my site. I do not wish to post statuses or access any other information. I'd be happy to use OAuth, possibly with a 'Sign in with Twitter' button, but this then takes the user to a page which requests authorization for the application, that I wish to avoid. Is there a way to get the username without authorization? Thanks, Daniel

    Read the article

  • Roles authentication with Rails 3 and Devise.

    - by Oluf Nielsen
    Hi, first happy new year, may you make the best applications in 2011! So to my question, i have used devise ever since i got over to Rails 3, that was around the first or second beta, and now i also needs some Roles. So i searched the net, and i searched! And what i found was that CanCan should be the best solution. But i'm unsure if CanCan can manage my needs, like i want a forum moderator who can edit/destroy the topic, but the user who created the topic should also be able to edit, so how can i do that? Cheers, Oluf.

    Read the article

  • WPF integrate Windows live authentication for Microsoft health vault

    - by AnD
    Hi all, I'm just wondering if there's any way for WPF application integrated with windows live ID? and it's actually for windows health vault [www.healthvault.com] so health vault is using windows live id or open id to login into their system. and what i gonna do is, creating wpf application (instead of web application) for health vault, so all of the login form username pass and everything is handled inside the wpf application without showing/using any internet browser. so since this's quite new for me, i hope if there's somebody ever did this before especially for health vault system that run on standalone wpf app. alright, so that's it, thank you in advance!

    Read the article

  • Problem with Authentication in sharepoint using active directory

    - by user549708
    I am currently using windows server 2008 machine. I have active directory and sharepoint setup on the machine. I have a user 'A' in the active directory and i have given the user read permissions to my site. The problem i now face is that, if i log in as user 'A' the site simply shows "error:access denied". This problem goes away if i put 'A' as a site collection administrator, however that is not what i want. I just want 'A' to be a visitor that can browse the site. I also tried granting 'read' permission to my site for 'A' but that still gives me the access denied message. Thank you for your time.

    Read the article

  • What is the current standard for authenticating Http requests (REST, Xml over Http)?

    - by CodeToGlory
    The standard should solve the following Authentication challenges like- Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches: Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request Use Http AuthenticationHeader and use a similar signature like AWS. Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader. I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

    Read the article

  • Domain Authentication from .NET Client over VPN

    - by Holy Christ
    I am writing a ClickOnce WPF app that will sometimes be used over VPN. The app uses resources available only to domain authenticated users. Some of the things include accessing SSRS Reports, accessing LDAP to lookup user information, hitting web services, etc. When a user logs in from a machine that is not authenticated on the domain, I need to somehow get his credentials, authenticate him on the domain, and store his credentials. What is the recommended approach for authenticating domain users over VPN? How can I securely store the credentials? I've found several articles but, not much posted recently and a lot of the solutions seem kinda hacky, or aren't very secure (ie - storing strings clear text in memory). It would be cool if I could use the ActiveDicrtoryMembershipProvider, but that seems to be geared for use in web apps. EDIT: The above is kind of a workaround. The user must enter their domain credentials to authenticate on the VPN. It would be ideal to access the credentials the user has already entered to login to the VPN instead of the WindowsIdentity.GetCurrent() (which returns the user logged into the computer). Any ideas on how that could work? We use Juniper Networks to connect to the VPN. Thanks!

    Read the article

  • User authentication in Django. Problems with is_authenticated

    - by tim
    I have one problem with users menu. So, I want, that authenticated user can see his/her profile page and logout (links) in menu. It works (when I logging in) on index page: index, page1, profile, logout ,but, if I go to the, for example, page1 I can see in menu: index, page1, login, not profile and logout. How to fix it? in urls: url(r'^accounts/login/$', 'django.contrib.auth.views.login' ), url(r'^accounts/logout/$', 'django.contrib.auth.views.logout_then_login' ), url(r'^accounts/profile/$', 'my_app.views.profile' ), in views: def profile(request): if not request.user.is_authenticated(): return HttpResponseRedirect("/accounts/login/") else: user = request.user.is_authenticated() return render_to_response('profile.html',locals()) Part of index.html: {% if user.is_authenticated or request.user.is_authenticated %} <li><a href="/accounts/profile/">Profile</a></li> <li><a href="/accounts/logout/">logout</a></li> {% else %} <li><a href="/accounts/login/">login</a></li> {% endif %} login.html: {% extends "index.html" %} {% load url from future %} {% block application %} {% if form.errors %} <p>Try one more time</p> {% endif %} <form method="post" action="{% url 'django.contrib.auth.views.login' %}"> {% csrf_token %} <table> <tr> <td>{{ form.username.label_tag }}</td> <td>{{ form.username }}</td> </tr> <tr> <td>{{ form.password.label_tag }}</td> <td>{{ form.password }}</td> </tr> </table> <input type="submit" value="Login" /> <input type="hidden" name="next" value="{{ next }}" /> </form> {% endblock %} profile.html: {% extends "index.html" %} {% block application %} {% if request.user.is_authenticated %} <p>Welcome, {{ request.user.username }}. Thanks for logging in.</p> {% else %} <p>Welcome, new user. Please log in.</p> {% endif %} {% endblock %}

    Read the article

  • Refactoring multiple if statements for user authentication with subdomains

    - by go minimal
    I'm building a typical web app where once a user signs up they access the app through their own subdomain (company.myapp.com). The "checking what kind of user if any is logged in" piece is starting to get very hairy and it obviously needs to be well-written because its run so often so I was wondering how you guys would re-factor this stuff. Here are the different states: A user must be logged in, the user must not have a company name, and the sub-domain must be blank A user must be logged in, the user must have a company name, that company name must match the current sub-domain A user must be logged in, the user must have a company name, that company name must match the current sub-domain, and the user's is_admin boolean is true if !session[:user_id].nil? @user = User.find(session[:user_id]) if @user.company.nil? && request.subdomains.first.nil? return "state1" elsif [email protected]? if @user.company.downcase == request.subdomains.first.downcase && [email protected]_admin return "state2" elsif @user.company.downcase == request.subdomains.first.downcase && @user.is_admin return "state3" end end end

    Read the article

  • Check user authentication at page load

    - by Shrewd Demon
    ok i have another question ! (god! i have so many questions) i have an application and a user must log-in before he/she can access pages. now once the user logs in i keep the user details in a session variable (say Session["CurrentUser"]). now if a user tries to jump to a page directly i will check if the Session["CurrentUser"] has a value or not...if not then the user will be directed to the login page... my problem is that i have done this or rather say written this "Checking Code" on almost all the pages. what i want is this code to stay on a particular location and i will just access that method all the time on all the pages...now where should i write this method ?? thank you.

    Read the article

  • What are the alternatives for Java authentication?

    - by Crusader
    Preferably something that integrates well with a Flex front end. Yes the Spring Security guys say this is possible, but all examples seem to use legacy jsp tag libraries making them half useless as examples. I don't want to spend a month setting up and learning how to use a security tool. I would like a tool which supports using annotations (@RolesAllowed etc), MINIMAL XML, and 'remember-me' features (not cookie based). Apache Shiro seems to support Flex/Silverlight/Swing as well but I'd like to know if there are any other alternatives that are NOT container specific.

    Read the article

  • OpenId authentication and automatic registration with Spring Security 3.0.2

    - by xlluch
    I'm implementing an app using spring security 3.0.2 with OpenId login and registration. I can login succesfully, but if the user isn't registered i want to do: 1) Get some OpenId attributes like email and name. 2) Show to the user a registration form with just these two fields and the OpenId URI filled. I've been searching a lot but i didn't find an "ellegant" way of doing this. I wonder if some of u can come out with a solution to implement this strategy in my app. Thanks in advance.

    Read the article

  • Pass authentication between php and Ruby On Rails application

    - by Li
    Hi, I have a simple Ruby on rails application that I want to integrate with an existing php website. I only want that users who's been authenticated by the php application would have access to my Ruby on Rails application (it should appear to the user as the same website, in the same domain, though it can be a different sub-domain if I chose to) What's the best way to do that? Thanks for the help, Li

    Read the article

  • How Google is managing authentication between multiple domains?

    - by vaibhav
    I think everyone here would be knowing that, if I am logged in any of the google's website(i.e www.orkut.com), I don't need to authenticate again for www.gmail.com. How google is managing this. I think, it would be a cookie stored on user's browser. But, if it is a cookie, how different domains are able to read this cookie. What do you say.

    Read the article

  • servlet authentication and further reference to the credentials

    - by user553592
    What I got so far: It all begins with an HTML form which prompts the user for a username and password. From there it post the acquired user/pass to a servlet, GateKeeper. GateKeeper determines if the user/pass combination match any records in the MySQL database. Here is the sql I use: SELECT id FROM Users WHERE username='?' AND password=MD5('?') where the ? indicate information provided the previous HTML form. What I need now: I need some way to store the username and id of the record in the database. GateKeeper redirects the user to a control panel upon success. Therefore, I need a method to reference the username to display simple greetings, etc and also the id so it eliminates unnecessary calls to the database. The control panel may make AJAX calls to Servlets that preform some sort of task to the MySQL database.

    Read the article

  • Unwanted redirection after authentication

    - by jodaha
    Hello world! We have a form to submit ratings for a certain restaurant in a in our views/restaurants/show.html.erb. We only want logged in users to create new ratings. We put before_filter :login_required, :only = [ :new, :create ] (but we also tried only ":create") on top of our RatingsController. If we click the submit button after typing in the rating details we are prompted to log in (which is what we want). After filling in username and password and submitting the login form we get redirected back to e. g. /restaurants/36/ratings, but we want to be redirected back to where we came from - e. g. /restaurants/36/. We tried redirect_to(:back), but this redirects us back to the login form. Also the new rating does not get saved to the database. Any idea how we can change the redirection and how to make sure the rating gets saved? Thanks!

    Read the article

  • ASP.NET WebAPI Security 4: Examples for various Authentication Scenarios

    - by Your DisplayName here!
    The Thinktecture.IdentityModel.Http repository includes a number of samples for the various authentication scenarios. All the clients follow a basic pattern: Acquire client credential (a single token, multiple tokens, username/password). Call Service. The service simply enumerates the claims it finds on the request and returns them to the client. I won’t show that part of the code, but rather focus on the step 1 and 2. Basic Authentication This is the most basic (pun inteneded) scenario. My library contains a class that can create the Basic Authentication header value. Simply set username and password and you are good to go. var client = new HttpClient { BaseAddress = _baseAddress }; client.DefaultRequestHeaders.Authorization = new BasicAuthenticationHeaderValue("alice", "alice"); var response = client.GetAsync("identity").Result; response.EnsureSuccessStatusCode();   SAML Authentication To integrate a Web API with an existing enterprise identity provider like ADFS, you can use SAML tokens. This is certainly not the most efficient way of calling a “lightweight service” ;) But very useful if that’s what it takes to get the job done. private static string GetIdentityToken() {     var factory = new WSTrustChannelFactory(         new WindowsWSTrustBinding(SecurityMode.Transport),         _idpEndpoint);     factory.TrustVersion = TrustVersion.WSTrust13;     var rst = new RequestSecurityToken     {         RequestType = RequestTypes.Issue,         KeyType = KeyTypes.Bearer,         AppliesTo = new EndpointAddress(Constants.Realm)     };     var token = factory.CreateChannel().Issue(rst) as GenericXmlSecurityToken;     return token.TokenXml.OuterXml; } private static Identity CallService(string saml) {     var client = new HttpClient { BaseAddress = _baseAddress };     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("SAML", saml);     var response = client.GetAsync("identity").Result;     response.EnsureSuccessStatusCode();     return response.Content.ReadAsAsync<Identity>().Result; }   SAML to SWT conversion using the Azure Access Control Service Another possible options for integrating SAML based identity providers is to use an intermediary service that allows converting the SAML token to the more compact SWT (Simple Web Token) format. This way you only need to roundtrip the SAML once and can use the SWT afterwards. The code for the conversion uses the ACS OAuth2 endpoint. The OAuth2Client class is part of my library. private static string GetServiceTokenOAuth2(string samlToken) {     var client = new OAuth2Client(_acsOAuth2Endpoint);     return client.RequestAccessTokenAssertion(         samlToken,         SecurityTokenTypes.Saml2TokenProfile11,         Constants.Realm).AccessToken; }   SWT Authentication When you have an identity provider that directly supports a (simple) web token, you can acquire the token directly without the conversion step. Thinktecture.IdentityServer e.g. supports the OAuth2 resource owner credential profile to issue SWT tokens. private static string GetIdentityToken() {     var client = new OAuth2Client(_oauth2Address);     var response = client.RequestAccessTokenUserName("bob", "abc!123", Constants.Realm);     return response.AccessToken; } private static Identity CallService(string swt) {     var client = new HttpClient { BaseAddress = _baseAddress };     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", swt);     var response = client.GetAsync("identity").Result;     response.EnsureSuccessStatusCode();     return response.Content.ReadAsAsync<Identity>().Result; }   So you can see that it’s pretty straightforward to implement various authentication scenarios using WebAPI and my authentication library. Stay tuned for more client samples!

    Read the article

< Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >