Search Results

Search found 9696 results on 388 pages for 'proxy authentication'.

Page 40/388 | < Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >

  • Authentication using cookie key with asynchronous callback

    - by greg
    I need to write authentication function with asynchronous callback from remote Auth API. Simple authentication with login is working well, but authorization with cookie key, does not work. It should checks if in cookies present key "lp_login", fetch API url like async and execute on_response function. The code almost works, but I see two problems. First, in on_response function I need to setup secure cookie for authorized user on every page. In code user_id returns correct ID, but line: self.set_secure_cookie("user", user_id) does't work. Why it can be? And second problem. During async fetch API url, user's page has loaded before on_response setup cookie with key "user" and the page will has an unauthorized section with link to login or sign on. It will be confusing for users. To solve it, I can stop loading page for user who trying to load first page of site. Is it possible to do and how? Maybe the problem has more correct way to solve it? class BaseHandler(tornado.web.RequestHandler): @tornado.web.asynchronous def get_current_user(self): user_id = self.get_secure_cookie("user") user_cookie = self.get_cookie("lp_login") if user_id: self.set_secure_cookie("user", user_id) return Author.objects.get(id=int(user_id)) elif user_cookie: url = urlparse("http://%s" % self.request.host) domain = url.netloc.split(":")[0] try: username, hashed_password = urllib.unquote(user_cookie).rsplit(',',1) except ValueError: # check against malicious clients return None else: url = "http://%s%s%s/%s/" % (domain, "/api/user/username/", username, hashed_password) http = tornado.httpclient.AsyncHTTPClient() http.fetch(url, callback=self.async_callback(self.on_response)) else: return None def on_response(self, response): answer = tornado.escape.json_decode(response.body) username = answer['username'] if answer["has_valid_credentials"]: author = Author.objects.get(email=answer["email"]) user_id = str(author.id) print user_id # It returns needed id self.set_secure_cookie("user", user_id) # but session can's setup

    Read the article

  • Forms Authentication & Virtual Directory

    - by benclaytonfranklin
    Hi, We're having trouble getting Forms Authentication to work with a virtual directory in IIS. We have a main site, and then a microsite setup within a virtual directory. This mircosite has its own admin system within an "Admin" folder, which has authentication on it but currently it is not kicking in and the admin section is browsable by anyone. The web.config with the admin folder has the following: <?xml version="1.0"?> <configuration> <appSettings/> <connectionStrings/> <system.web> <authorization> <deny users="?"/> </authorization> <customErrors mode="RemoteOnly" defaultRedirect="~/Admin/Error.aspx"/> </system.web> </configuration> Could anyone give me any clues as to why this might not be working? Cheers!

    Read the article

  • Need help with a PHP proxy script

    - by blabus
    I’m currently working on a small web app that allows people to search for music album covers. However, I’m having a problem getting my PHP proxy to work. Right now I’m using a simple PHP proxy script to grab the HTML from Google’s image result page, and parse it to find the first image result (I can’t use the image search API because it doesn’t offer the parameters that I need to use). I know that the PHP script works in some way, because I’ve used it to grab XML data across domains, so I also assume that since I’m trying to grab HTML that’s what’s causing the error. So anyway, here is the site where you can see it: http://www.5byfive.net/beta/index.html Just type something into the textbox, and it will come up with the error that’s returned (I’ve placed the HTML into a file so you can see what it actually looks like here: http://www.5byfive.net/beta/error.html ). Now, I’ve tried searching for info on the web, but unfortunately I basically know nothing about PHP, so I really don’t know how to fix it, and was wondering if anyone here could lend any info or help. Thanks!

    Read the article

  • Implement user authentication against remote DB with a Web Service

    - by Juan González
    I'm just starting reasearch about the best way to implement user authentication within my soon-to-be app. This is what I have so far: A desktop (Windows) application on a remote server. That application is accessed locally with a browser (it has a web console and MS SQL Server to store everything). The application is used with local credendials stored in the DB. This is what I'd like to accompllish: Provide access to some information on that SQL Server DB from my app. That access of course must be granted once a user has id himself with valid credentials. This is what I know so far: How to create my PHP web service and query info from a DB using JSON. How to work with AFNetworking libraries to retrieve information. How to display that info on the app. What I don't know is which could be the best method to implement user authentication from iOS. Should I send username and password? Should I send some hash? Is there a way to secure the handshake? I'd for sure appreciate any advise, tip, or recommendation you have from previous experience. I don't want to just implement it but instead I want to do it as good as possible.

    Read the article

  • C# & SQL Server Authentication

    - by Peter
    Hello, I'm currently developing a C# app with an SQL Server DB back-end. I'm approaching the point of deployment and hitting a problem. The applicaiton will be deployed within an active directory network. As far as SQL authentication goes, I understand that I have 2 options - Windows Authenticaiton or Server Authenticaiton. If I use Server Authentication, I'm concerned that the username and password for the account will be stored in plain text in the app.config file, and therefore leave the database vulnerable. Using Windows Authenticaiton will avoid this issue, however it would mean giving every member of staff within our organisation read/write access to the database in order to run the app correctly. Whilst this is ok, it also means that they can easily connect to the database themselves via other means and directly alter the data outside of the app. I'm guessing there is someting really obvious I'm missing here, but I've been googling all evening to no avail. Any advice/guidance would be much appreciated! Peter Addition - my project is Windows Form based not ASP.NET - is encrypting the app.config file still the right answer? If it is, does anyone have any examples that are not ASP.NET based?

    Read the article

  • sending large data .getJSON or proxy ?

    - by numerical25
    Hey guys. I was told that the only trick to sending data to a external server (i.e x-domain) is to use getJSON. Well my problem is that the data I am sending exceeds the getJSON data limit. I am tracking mouse movements on a screen for analytics. Another option is I could also send a little data at a time. probably every time the mouse moves. but that seems as if it would slow things down. I could setup a proxy server. My question is which would be better? Setting up a proxy server ? or Just sending bits of information via javascript or JQUERY. What do the professionals use (Google and other company's that build mash-ups that send a lot of data to x-domain sites.) I need to know the best practices. Thanx!! Also the data is put into JSON.

    Read the article

  • Protecting routes with authentication in an AngularJS app

    - by Chris White
    Some of my AngularJS routes are to pages which require the user to be authenticated with my API. In those cases, I'd like the user to be redirected to the login page so they can authenticate. For example, if a guest accesses /account/settings, they should be redirected to the login form. From brainstorming I came up with listening for the $locationChangeStart event and if it's a location which requires authentication then redirect the user to the login form. I can do that simple enough in my applications run() event: .run(['$rootScope', function($rootScope) { $rootScope.$on('$locationChangeStart', function(event) { // Decide if this location required an authenticated user and redirect appropriately }); }]); The next step is keeping a list of all my applications routes that require authentication, so I tried adding them as parameters to my $routeProvider: $routeProvider.when('/account/settings', {templateUrl: '/partials/account/settings.html', controller: 'AccountSettingCtrl', requiresAuthentication: true}); But I don't see any way to get the requiresAuthentication key from within the $locationChangeStart event. Am I overthinking this? I tried to find a way for Angular to do this natively but couldn't find anything.

    Read the article

  • In IIS6, how to provide authenticated access to static files on remote server

    - by frankadelic
    We have a library of ZIP files that we would like to make available for download at an ASP.NET site. The files are sitting on a NAS device that is accessible from out web farm. Here is our initial strategy: Map an IIS virtual directory to the shared drive at path /zipfiles Users can download the zip files when given the URL However, if users share links to the files, anyone can download them. We would instead like to make use of the ASP.NET forms authentication in our site to validate users' requests before initiating the file transfer. A few problems: A request for a zip file is handled by IIS, not ASP.NET. So it is not subject to forms authentication. In addition, we don't want ASP.NET to handle the request, because it uses up an ASP.NET thread and is not scalable for download of large files. So, configuring the asp.net dll to handle *.zip requests is not an option. Any ideas on this? One idea we've tossed around is this: Initial request for download will be for an ashx handler. This handler will, after authentication, generate a download token which is saved to a database. Then, the user is redirected to the file with token appended in QueryString (e.g. /files/xyz.zip?token=123456789). An ISAPI plugin will be used to check the token. Also, the token will expire after x amount of time. Any thoughts on this? I have not implemented an ISAPI plugin so I'm not sure if this will even work. I would like to avoid custom coding since security is an issue and I'd prefer to use a time-tested solution.

    Read the article

  • Could this server log mean my server is being used as a proxy?

    - by So Over It
    I came across the following entry in my access.log: 58.218.199.147 - - [05/Jun/2012:12:56:04 +1000] "GET http://proxyproxys.com/ HTTP/1.1" 200 183 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" Normally when I see a full URL entry in my access.log I assume it is log spam with people trying to get me to access their site. These entries are normally followed with a 404 response. The above entry is followed with a 200 'success' response! Doing some searching it would seem that this can occur when someone is trying to use your server as a proxy. This disturbed me more - especially because the URL in question has the word proxy in it. Going to the site 'proxyproxys.com' (using hidemyass.com to protect my own identity), the site returns what appears to be some sort of 'proxy judge' ---------------------------------------- HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.8 HTTP_USER_AGENT=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.53 Safari/536.5 HTTP_CONNECTION=close REMOTE_PORT=56355 REMOTE_HOST=74.63.112.142 REMOTE_ADDR=74.63.112.142 ---------------------------------------- CS_ProxyJudge Result=HIGH_ANONYMITY ---------------------------------------- Question: 1) does the 200 success mean that someone has been able to successfully use my server as a proxy? 2) are there other means of confirming if my server is being used as a proxy 3) can you refer me to documentation to help 'close up' my security gap if there is one. Thanks.

    Read the article

  • how can make transparent proxy on more than one port?

    - by ermya
    i want to make transparent proxy with linux ( centos) , i want all incoming connection on port 1000 - 2000 on eth0 forward to eth1 on port 1000 - 2000 in transparent mode i have 2 server 1- linux ( proxy server) 2- windows i want protect my windows server with my linux server firewall also i must make transparent proxy with my linux server linux server have 2 interface one for public network an another for private network connected to windows server so all incoming connection must connect to the linux server (at eth0 public network) first and after checking , must forward to the windows server on private network (with linux interface eth1 ) i can use squid for making transparent proxy but i dont know how i must config the squid for multi port because i want listen in more than 1000 ports for example from port 1000 to 2000 anyone know how can i do ?

    Read the article

  • Apache vs Lighttpd: Weird behavior in reverse proxy mode.

    - by northox
    Context: I have an Apache server running in reverse proxy mode in front of a Tomcat java server. It handle HTTP and HTTPS and send those request back and forth to the Tomcat server on an internal HTTP port. Goal: I'm trying to replace the reverse proxy with Lighttpd. Problem: while asking for the same HTTPS url, while using Apache as the reverse proxy, the Tomcat server redirect (302) to an HTTPS page but with Lighttpd it redirect to the same page in HTTP (not HTTPS). Question: What does Lighttpd could do different in order to have a different result from the backend server? In theory, using Apache or Lighttpd server as a reverse proxy should not change anything... but it does. Any idea? I'll try to find something by sniffing the traffic on the backend tomcat server.

    Read the article

  • How to use IIS as a trusted proxy for ActiveDirectory SSO?

    - by brofield
    I'm trying to add Active Directory single-sign-on support to an existing SOAP server. The server can be configured to accept a trusted reverse-proxy and use the X-Remote-User HTTP header for the authenticated user. I want to configure IIS to be the trusted proxy for this service, so that it handles all of the Active Directory authentication for the SOAP server. Basically IIS would have to accept HTTP connections on port X and URL Y, do all the authentication, and then proxy the connection to a different server (most likely the same X and Y). Unfortunately, I have no knowledge of IIS or AD (so I am trying my best to learn enough to build this solution) so please be gentle. I would assume that this is not an uncommon scenario, so is there some easy way to do this? Is this sort of functionality built into IIS or do I need to build some sort of IIS proxy program myself? Is there a better option for getting the authentication done and the X-Remote-User HTTP header set than requiring IIS?

    Read the article

  • Could I get secure proxy server service free? [closed]

    - by lamwaiman1988
    It comes to my mind that when I use any proxy server, the information will be submit to the proxy server including the username/password of any website I login. This way I risk my identity. I've heard that there are some secure proxy server but can I found any with reasonable price, probably free? ( By the way, VPN is also considered but they are expensive for personal usage ). Even if I can find such service, how can I know that they won't exploit my information?

    Read the article

  • Building a Web proxy to get around same-origin restrictions for collaborative Webapp based on a MEAN stack

    - by Lew Cohen
    Can anyone point to books, articles, blogs, or even applications - open-source or proprietary - that detail building a Web proxy? This specific proxy will exist to get around the same-origin restrictions that prevent, for instance, loading a given Website into an <iframe> in a Webapp. This Webapp is a collaborative application in which a group of users log in to the app's Website and can then load different Websites into this app's <iframe> and do various collaborative things (e.g., several users simultaneously browsing a Website, in synch). The Webapp itself is built on a MEAN stack (MongoDB, Express, AngularJS, and Node.js). The purpose of this proxy is not to do anonymous browsing or to bypass censorship. Information on how to build such a vehicle seems not to be readily available from my research. I've come across Glype but am not sure whether this is a feasible solution. I don't want to reinvent the wheel, so if a product is available for purchase, great. Else, we'd need to build one. The one that seems to be close is http://www.corsproxy.com. In effect, we'd like to re-create this since it evidently does what's needed. I don't care what server-side technology is used. Our app is MEAN-based, if that has any bearing. Also, the proxy has to obviously honor basic security considerations (user cookies, etc.) and eventually be scalable. So, anyone know of any sources that would detail how to build one of these? Is it even worth building if something already exists? If so, what would be a good candidate? Any other issues that should be considered with this proxy/application? Thanks a lot!

    Read the article

  • Can make the proxy settings invisible when I share my internet connection via wifi?

    - by Neil
    This is probably a long shot... I have an HTC Desire and frustratingly found out after I got it that it doesn't support network proxy settings. We have a wireless network at my office that uses a proxy. My desktop at work runs ubuntu. I was wondering if the following set up would work: Plug a USB Wireless adapter into the desktop that has a working internet connection using the proxy. Setup the wireless adapter as an ad-hoc network Share the internet connection over the ad-hoc network. Make it so that the use of the proxy is invisible to users of the shared network connection. Connect the Android phone to the ad-hoc wireless network and utilise the internet connection. My question is this: Is this possible or should I give up now and not even try? I think I can handle steps 1, 2, 3 and 5. I just have no idea if step 4 even makes sense, let alone is possible. Thanks

    Read the article

  • How to SSH an outside server from a computer which is behind a proxy firewall ?

    - by Karan
    I access the Internet through an HTTP proxy firewall at college. And I need to login to a computer, via SSH, which is outside our network. I tried it as Linux command and on Windows using PuTTY. I also configured PuTTY to use our server's address. But still, "Proxy error: 403 forbidden" pops up. They must've blocked SSH access to outside systems. (college systems as accessible). I can SSH a web server (not the proxy server) at the college, which I use to browse proxy-free by tunneling. Now this server allows to browse restricted sites, but still no SSH. Any workaround, please?

    Read the article

  • How can I diagnose cache misses when using Apache as a reverse proxy?

    - by johnstok
    I have set up Apache 2.2 as a reverse proxy with the following configuration: # jBoss proxying ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /foo http://localhost:9080/foo ProxyPassReverse /foo http://localhost:9080/foo ProxyPassReverseCookiePath /foo /foo # Reverse proxy caching CacheEnable disk /foo # Compression SetOutputFilter DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE\s(7|8) !no-gzip !gzip-only-text/html DeflateCompressionLevel 9 Header append Vary User-Agent env=!dont-vary However, in a number of cases where I expect a cached response to be returned the request is sent through to the origin server at localhost:9080. Responses have a HTTP Vary header of 'Accept-Encoding,User-Agent' which is to be expected given the mod_deflate configuration. How can I determine why Apache is unable to serve a response from the cache?

    Read the article

  • OS X: How to force traffic through a specific SOCKS proxy on a per-app basis?

    - by GJ.
    I'm running a certain desktop app (actually via AIR if it makes any difference) which doesn't have any built-in proxy configuration settings. I need to get all traffic just from this app directed through a secure SOCKS proxy. This implies I can't use the global network preferences, as these would affect many other apps. Is there any way to force all network communication through a given SOCKS proxy on a per-app basis?

    Read the article

  • How can I use the proxy settings on Epic privacy browser to log on to Facebook?

    - by EddieN120
    I love the Epic privacy browser because it is built from the ground up to enhance privacy. It's built on Chromium but because it has stripped out all code that tracks users across the Internet, pages load faster and things work snappier. With one click you can enable a proxy to hide your IP address, sort of like Chrome's "Incognito" mode on steroids. But there's a problem: if I load Epic, go to facebook.com, log in, and then click the proxy button, I can use Facebook for a while. But eventually, Facebook would throw up an error screen, saying that it thinks that my account has been hacked, and then it would make me verify my identity, force me to change my password, etc. I've had to change my password four times in as many days, which is very annoying. Now I turn on the proxy for browsing on to every other site but Facebook. Question: how can I use the proxy settings on Epic privacy browser to successfully log onto and use Facebook?

    Read the article

  • When using autoproxy, how can you see the proxy configuration?

    - by zr
    I set the global settings of the machine to use an autoproxy configuration script. e.g. http://autoproxy.mycompanydomain.exe:8080, but still there are some network apps that require an explicit proxy setting. I assume that this is because those apps don't know how to access the global proxy settings. How can i see the global proxy settings that were configured automatically so i can copy them to the settings of these troublesome apps?

    Read the article

  • Good open source proxy server software for windows server? [closed]

    - by JL.
    Looking for good open source proxy server software. Preferably for a Windows server based machine. Need it primarily for testing my applications connectivity in a proxy scenario. So something that is dead easy to setup and configure. The proxy will run locally on my LAN, and I want it to emulate as close as possible the type of proxy you might find in corporate networks, because I'm testing an SOA system. Will not be used for its real intended purposes, so scalability is not a huge concern. Thank you

    Read the article

  • is it possible to use multiple proxies for different target websites?

    - by fduff
    Typically I'd like to know if it's possible to have a setup where it maps some IPs with a particular proxy and other IPs using another proxy? Proxy Chaining isn't really what I'm looking for (well I don't think it is) because each address could be resolved with or without a proxy but their content may not be accessible without the right proxy. This setup could be part of home network, so that the relevant proxy s/w could be installed and setup on a Linux box for ex. Ex: website-A via proxy-1 website-B via proxy-2 all others via no-proxy

    Read the article

  • HowTo: iPhone Web Service call to WCF Service with Certificate Authentication

    - by Maike9
    We are a .Net shop currently developing a iPhone app that requires the app to call a WCF web service. Our WCF Services are secured with a x509 certificate for authentication purposes. I have been searching the internet for an example on how to do the following: Deploy a certificate with an iPhone app. Use that certificate in a web service call to a WCF Service. Any insight on how this might be accomplished would be greatly appreciated.

    Read the article

< Previous Page | 36 37 38 39 40 41 42 43 44 45 46 47  | Next Page >