Search Results

Search found 1208 results on 49 pages for 'proxied authorization'.

Page 41/49 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • WCF Fails when using impersonation over 2 machine boundaries (3 machines)

    - by MrTortoise
    These scenarios work in their pieces. Its when i put it all together that it breaks. I have a WCF service using netTCP that uses impersonation to get the callers ID (role based security will be used at this level) on top of this is a WCF service using basicHTTP with TransportCredientialOnly which also uses impersonation I then have a client front end that connects to the basicHttp. the aim of the game is to return the clients username from the netTCP service at the bottom - so ultimatley i can use role based security here. each service is on a different machine - and each service works when you remove any calls they make to other services when you run a client for them both locally and remotley. IE the problem only manifests when you jump accross more than one machine boundary. IE the setup breaks when i connect each part together - but they work fine on their own. I also specify [OperationBehavior(Impersonation = ImpersonationOption.Required)] in the method and have IIS setup to only allow windows authentication (actually i have ananymous enabled still, but disabling makes no difference) This impersonation works fine in the scenario where i have a netTCP Service on Machine A with a client with a basicHttp service on machine B with a clinet for the basicHttp service also on machine B ... however if i move that client to any machine C i get the following error: The exception is 'The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:10:00'' the inner message is 'An existing connection was forcibly closed by the remote host' Am beginning to think this is more a network issue than config ... but then im grasping at straws ... the config files are as follows (heading from the client down to the netTCP layer) <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="basicHttpBindingEndpoint" closeTimeout="00:02:00" openTimeout="00:02:00" receiveTimeout="00:10:00" sendTimeout="00:02:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /> <message clientCredentialType="UserName" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://panrelease01/WCFTopWindowsTest/Service1.svc" binding="basicHttpBinding" bindingConfiguration="basicHttpBindingEndpoint" contract="ServiceReference1.IService1" name="basicHttpBindingEndpoint" behaviorConfiguration="ImpersonationBehaviour" /> </client> <behaviors> <endpointBehaviors> <behavior name="ImpersonationBehaviour"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation"/> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> </system.serviceModel> </configuration> the service for the client (basicHttp service and the client for the netTCP service) <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> <system.serviceModel> <bindings> <netTcpBinding> <binding name="netTcpBindingEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" /> <message clientCredentialType="Windows" /> </security> </binding> </netTcpBinding> <basicHttpBinding> <binding name="basicHttpWindows"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows"></transport> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="net.tcp://5d2x23j.panint.com/netTCPwindows/Service1.svc" binding="netTcpBinding" bindingConfiguration="netTcpBindingEndpoint" contract="ServiceReference1.IService1" name="netTcpBindingEndpoint" behaviorConfiguration="ImpersonationBehaviour"> <identity> <dns value="localhost" /> </identity> </endpoint> </client> <behaviors> <endpointBehaviors> <behavior name="ImpersonationBehaviour"> <clientCredentials> <windows allowedImpersonationLevel="Impersonation" allowNtlm="true"/> </clientCredentials> </behavior> </endpointBehaviors> <serviceBehaviors> <behavior name="WCFTopWindowsTest.basicHttpWindowsBehaviour"> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="true" /> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <services> <service name="WCFTopWindowsTest.Service1" behaviorConfiguration="WCFTopWindowsTest.basicHttpWindowsBehaviour"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpWindows" name ="basicHttpBindingEndpoint" contract ="WCFTopWindowsTest.IService1"> </endpoint> </service> </services> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true" /> <directoryBrowse enabled="true" /> </system.webServer> </configuration> then finally the service for the netTCP layer <?xml version="1.0" encoding="UTF-8"?> <configuration> <system.web> <authentication mode="Windows"></authentication> <authorization> <allow roles="*"/> </authorization> <compilation debug="true" targetFramework="4.0" /> <identity impersonate="true" /> </system.web> <system.serviceModel> <bindings> <netTcpBinding> <binding name="netTCPwindows"> <security mode="Transport"> <transport clientCredentialType="Windows"></transport> </security> </binding> </netTcpBinding> </bindings> <services> <service behaviorConfiguration="netTCPwindows.netTCPwindowsBehaviour" name="netTCPwindows.Service1"> <endpoint address="" bindingConfiguration="netTCPwindows" binding="netTcpBinding" name="netTcpBindingEndpoint" contract="netTCPwindows.IService1"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mextcp" binding="mexTcpBinding" contract="IMetadataExchange"/> <host> <baseAddresses> <add baseAddress="net.tcp://localhost:8721/test2" /> </baseAddresses> </host> </service> </services> <behaviors> <serviceBehaviors> <behavior name="netTCPwindows.netTCPwindowsBehaviour"> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="false" /> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" /> </system.serviceModel> <system.webServer> <modules runAllManagedModulesForAllRequests="true" /> <directoryBrowse enabled="true" /> </system.webServer> </configuration>

    Read the article

  • How to process AJAX requests more securely in PHP?

    - by animuson
    Ok, so I want to send AJAX requests to my website from my Flash games to process data, but I don't want people downloading them, decompiling them, then sending fake requests to be processed, so I'm trying to figure out the most secure way to process in the PHP files. My first idea was to use Apache's built in Authorization module to require a username and password to access the pages on a separate subdomain of my website, but then you'd have to include that username and password in the AJAX request anyway so that seems kind of pointless to even try. My current option looks pretty promising but I want to make sure it will work. Basically it just checks the IP address being sent using REMOTE_ADDR to make sure it's the IP address that my server runs on. <? $allowed = new Array("64.120.211.89", "64.120.211.90"); if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) header("HTTP/1.1 403 Forbidden"); ?> Both of those IP addresses point to my server. Things I'm worried about: 1) If I send a request from Flash/ActionScript, will that affect the IP address in any way? 2) Is it possible for malicious users to change the IP address that is being sent with REMOTE_ADDR to one of my IP addresses? Any other ways you would suggest that might be more secure?

    Read the article

  • Getting a list of Tasks that belong to a Role from Azman

    - by Steven
    I'm using the AZROLESLib which is from the COM references "azroles 1.0 Type Library" and I am trying to create a list of the designated tasks for each role that I have currently set in my authorization manager but when I loop through the tasks for the role, I get the role name. I've looked all around but couldn't find anything that would help. Here's what I got currently (It's not super pretty but i'm just trying to get it working at the moment). AzAuthorizationStoreClass AzManStore = new AzAuthorizationStoreClass(); AzManStore.Initialize(0, ConfigurationManager.ConnectionStrings["AzManStore"].ConnectionString, null); IAzApplication azApp = AzManStore.OpenApplication("StoreName", null); StringBuilder output = new StringBuilder(); Array tasks = null; foreach (IAzRole currentRole in azApp.Roles) { output.Append(currentRole.Name + "<br />"); tasks = (Array)currentRole.Tasks; foreach (object ob in tasks) { output.Append("&nbsp;&nbsp; -" + ob.ToString() + "<br />"); } } return output.ToString(); What comes out is: Administrator -Administrator Account Manager -Account Manager Corporate Marketing Specialist -Corporate Marketing Specialist General Employee -General Employee Marketing Manager -Marketing Manager Regional Marketing Specialist -Regional Marketing Specialist Sales Manager -Sales Manager Webmaster -Webmaster but what should come out is something like: Webmaster Websites Maintain News Maintain Events Maintain Reports Read Thanks in advance.

    Read the article

  • 401 Unauthorized returned on GET request (https) with correct credentials

    - by Johnny Grass
    I am trying to login to my web app using HttpWebRequest but I keep getting the following error: System.Net.WebException: The remote server returned an error: (401) Unauthorized. Fiddler has the following output: Result Protocol Host URL 200 HTTP CONNECT mysite.com:443 302 HTTPS mysite.com /auth 401 HTTP mysite.com /auth This is what I'm doing: // to ignore SSL certificate errors public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; } try { // request Uri uri = new Uri("https://mysite.com/auth"); HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri) as HttpWebRequest; request.Accept = "application/xml"; // authentication string user = "user"; string pwd = "secret"; string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd)); request.Headers.Add("Authorization", auth); ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications); // response. HttpWebResponse response = (HttpWebResponse)request.GetResponse(); // Display Stream dataStream = response.GetResponseStream(); StreamReader reader = new StreamReader(dataStream); string responseFromServer = reader.ReadToEnd(); Console.WriteLine(responseFromServer); // Cleanup reader.Close(); dataStream.Close(); response.Close(); } catch (WebException webEx) { Console.Write(webEx.ToString()); } I am able to log in to the same site with no problem using ASIHTTPRequest in a Mac app like this: NSURL *login_url = [NSURL URLWithString:@"https://mysite.com/auth"]; ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:login_url]; [request setDelegate:self]; [request setUsername:name]; [request setPassword:pwd]; [request setRequestMethod:@"GET"]; [request addRequestHeader:@"Accept" value:@"application/xml"]; [request startAsynchronous];

    Read the article

  • Where did Pylons beautiful error handling go? Using Nginx + Paster + Flup#fcgi_thread

    - by Tony
    I need to run my development through nginx due to some complicated subdomain routing rules in my pylons app that wouldn't be handled otherwise. I had been using lighttpd + paster + Flup#scgi_thread and the nice error reporting by Pylons had been working fine in that environment. Yesterday I recompiled Python and MySQL for 64bit, and also switched to Ngix + paster + Flup#fcgi_thread for my development environment. Everything is working great, but I miss the fancy error reports. This is what I get now, and it is a mess compared to what I got used to: http://drp.ly/Iygeg . And here are the pylons/nginx configs. Pylons: [server:main] use = egg:Flup#fcgi_thread host = 0.0.0.0 port = 6500 Nginx: location / { #include /usr/local/nginx/conf/fastcgi.conf; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param QUERY_STRING $query_string; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_pass_header Authorization; fastcgi_intercept_errors off; fastcgi_pass 127.0.0.1:6500; }

    Read the article

  • Getting broken link error whle Using App Engine service accounts

    - by jade
    I'm following this tutorial https://developers.google.com/bigquery/docs/authorization#service-accounts-appengine Here is my main.py code import httplib2 from apiclient.discovery import build from google.appengine.ext import webapp from google.appengine.ext.webapp.util import run_wsgi_app from oauth2client.appengine import AppAssertionCredentials # BigQuery API Settings SCOPE = 'https://www.googleapis.com/auth/bigquery' PROJECT_NUMBER = 'XXXXXXXXXX' # REPLACE WITH YOUR Project ID # Create a new API service for interacting with BigQuery credentials = AppAssertionCredentials(scope=SCOPE) http = credentials.authorize(httplib2.Http()) bigquery_service = build('bigquery', 'v2', http=http) class ListDatasets(webapp.RequestHandler): def get(self): datasets = bigquery_service.datasets() listReply = datasets.list(projectId=PROJECT_NUMBER).execute() self.response.out.write('Dataset list:') self.response.out.write(listReply) application = webapp.WSGIApplication( [('/listdatasets(.*)', ListDatasets)], debug=True) def main(): run_wsgi_app(application) if __name__ == "__main__": main() Here is my app.yaml file code application: bigquerymashup version: 1 runtime: python api_version: 1 handlers: - url: /favicon\.ico static_files: favicon.ico upload: favicon\.ico - url: .* script: main.py And yes i have added app engine service account name in google api console Team tab with can edit permissions. When upload the app and try to access the link it says Oops! This link appears to be broken. Ealier i ran this locally and tried to access it using link localhost:8080.Then i thought may be running locally might be giving the error so i uploaded my code to http://bigquerymashup.appspot.com/ but still its giving error.

    Read the article

  • Yii user rights extension

    - by jailed abroad
    i have installed the yii rights extension and here is my code after installation, database tables are created after installation. 'modules'=>array( // uncomment the following to enable the Gii tool 'rights'=>array( 'superuserName'=>'Admin', // Name of the role with super user privileges. 'authenticatedName'=>'Authenticated', //// Name of the authenticated user role. 'userIdColumn'=>'id',// Name of the user id column in the database. 'userNameColumn'=>'username', // Name of the user name column in the database. 'enableBizRule'=>true, // Whether to enable authorization item business rules. 'enableBizRuleData'=>false, //Whether to enable data for business rules. 'displayDescription'=>true, // Whether to use item description instead of name. ' // Key to use for setting success flash messages. 'flashErrorKey'=>'RightsError', / Key to use for setting error flash messages. // 'install'=>true, // Whether to install rights. 'baseUrl'=>'/rights', // Base URL for Rights. Change if module is nested. 'layout'=>'rights.views.layouts.main', // Layout to use for displaying Rights. 'appLayout'=>'application.views.layouts.main', //Application layout. 'cssFile'=>'rights.css', // Style sheet file to use for Rights. ' 'install'=>false, // Whether to enable installer. 'debug'=>false, ), 'gii'=>array( 'class'=>'system.gii.GiiModule', 'password'=>'1234', // If removed, Gii defaults to localhost only. Edit carefully to taste. 'ipFilters'=>array('127.0.0.1','::1'), ), ), But when i type url http://localhost/rightsTest/index.php/rights then it says There must be at least one superuser! I have tried many things but unable to find answer. Thanks for your help.

    Read the article

  • django-social-auth for Facebook is redirecting home and not logging in

    - by Scott Rogowski
    I have had django-social-auth working for Google for quite some time now but am having problems with Facebook. I am at the point where clicking on the /login/facebook/ link will take me to the Facebook authorization page. I then click "go to app" and it redirects me to my home page but does not log in or create a user but does put some strange "#=" onto the back of my URL. Reading up on that, here https://developers.facebook.com/blog/post/552/, and here https://github.com/omab/django-social-auth/issues/199, it seems that would be happening if the redirect uri was not defined. However, on my facebook app settings, I have the following (replacing my site with example.com): + App Namespace: "example" + Site URL: "http://example.com/complete/facebook/" + Site Domain: "example.com" + Sandbox Mode: "On" + Post-Authorize Redirect URL: "http://apps.facebook.com/example/" + Deauthorize URL: "http://www.example.com/" + Post-Authorize URL: "http://example.com/complete/facebook/" The request that django-social-auth is sending to facebook is (replacing my info again): "https://www.facebook.com/dialog/oauth?scope=email&state=*&redirect_uri=http%3A%2F%2Fexample.com%2Fcomplete%2Ffacebook%2F%3Fredirect_state%3D***&client_id=*" The /complete/facebook/ is what is in the documentation and google works as /complete/google/ What am I missing here?

    Read the article

  • hiding buttons in master page

    - by pankaj
    Hi, I am working on an app where i am having some linkbuttons in master page. I want to display them depending upon the authorization given to them once they logs in. I have initially made all of them visible false and then i am checking the authorisation in the aspx.cs class of master page. I make the link button visible depending upon the right granted to the user. But it is making all the link buttons visible. Instead it should only make two of them visible and rest should be hidden. Following is my code from MasterPage.aspx.cs: ArrayList arrlstUserRoles = new ArrayList(); arrlstUserRoles = (ArrayList)Session["Roles"]; for (int j = 0; j < arrlstUserRoles.Count; j++) { if (int.Parse(arrlstUserRoles[j].ToString()) == 1) { lbtnRetailer.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 2) { lbtnCategory.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 3) { lbtnCouponTemplate.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 4) { //lbtnStoreManagement.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 5) { lbtnStoreManagement.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 6) { lbtnContentManagement.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 7) { //lbtnStoreManagement.Visible = true; } }

    Read the article

  • Third party multipart request in playframework

    - by Brian
    I'm making an application to post photos to yfrog and twitpic and I am having a little trouble figuring out how to set the parameters. Here is my code: public static Result index() { HttpClient httpclient = new DefaultHttpClient(); WSRequestHolder holder = WS.url("http://api.twitpic.com/2/upload.json"); holder.setHeader("Authorization", ""); return async(holder.post("").map(new Function<WS.Response, Result>() { public Result apply(WS.Response response) { return ok(response.getBody()); } })); } Now, I don't expect this to actually get an ok response from the server, as I am just testing the responses that I get back from the server, and that is one that says I need to provide the api key. I figured as much, but I'm not sure of the syntax for providing that parameter, as I need to also give the name of the file and the file. I tried setting holder.post("key=somekey"), with the hope that I would get a different error message (like the key you provided is invalid) but I just get the same error. I'm assuming that I probably need to send it in the for of a multipart request, but I am not very experienced with this kind of request and can't find any play documentation on how to create a multipart request, other than in an html form. Any suggestions and help will be much appreciated. And fyi, I do know that there are yfrog and twitpic java classes to handle this kind of stuff, but I want to do it myself, more so for learning how to do this kind of stuff. Thanks in advance!

    Read the article

  • Twitter API Rate Limit - Overcoming on an unauthenticated JSON Get with Objective C?

    - by Cian
    I see the rate limit is 150/hr per IP. This'd be fine, but my application is on a mobile phone network (with shared IP addresses). I'd like to query twitter trends, e.g. GET /trends/1/json. This doesn't require authorization, however what if the user first authorized with my application using OAuth, then hit the JSON API? The request is built as follows: - (void) queryTrends:(NSString *) WOEID { NSString *urlString = [NSString stringWithFormat:@"http://api.twitter.com/1/trends/%@.json", WOEID]; NSURL *url = [NSURL URLWithString:urlString]; NSURLRequest *theRequest=[NSURLRequest requestWithURL:url cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0]; NSURLConnection *theConnection=[[NSURLConnection alloc] initWithRequest:theRequest delegate:self startImmediately:YES]; if (theConnection) { // Create the NSMutableData to hold the received data. theData = [[NSMutableData data] retain]; } else { NSLog(@"Connection failed in Query Trends"); } //NSData *data = [NSData dataWithContentsOfURL:[NSURL URLWithString:urlString]]; } I have no idea how I'd build this request as an authenticated one however, and haven't seen any examples to this effect online. I've read through the twitter OAuth documentation, but I'm still puzzled as to how it should work. I've experimented with OAuth using Ben Gottlieb's prebuild library, and calling this in my first viewDidLoad: OAuthViewController *oAuthVC = [[OAuthViewController alloc] initWithNibName:@"OAuthTwitterDemoViewController" bundle:[NSBundle mainBundle]]; // [self setViewController:aViewController]; [[self navigationController] pushViewController:oAuthVC animated:YES]; This should store all the keys required in the app's preferences, I just need to know how to build the GET request after authorizing! Maybe this just isn't possible? Maybe I'll have to proxy the requests through a server side application? Any insight would be appreciated!

    Read the article

  • web service client authentication

    - by Jack
    I want to consume Java based web service with c#.net client. The problem is, I couldnt authenticate to the service. it didnt work with this: mywebservice.Credentials = new System.Net.NetworkCredential(userid, userpass); I tried to write base class for my client method. public class ClientProtocols : SoapHttpClientProtocol { protected override WebRequest GetWebRequest(Uri uri) { System.Net.WebRequest request = base.GetWebRequest(uri); if (null != Credentials) request.Headers.Add("Authorization", GetAuthHeader()); return request; } protected override WebResponse GetWebResponse(WebRequest request) { WebResponse response = base.GetWebResponse(request); return response; } private string GetAuthHeader() { StringBuilder sb = new StringBuilder(); sb.Append("Basic "); NetworkCredential cred = Credentials.GetCredential(new Uri(Url), "Basic"); string s = string.Format("{0}:{1}", cred.UserName, cred.Password); sb.Append(Convert.ToBase64String(Encoding.ASCII.GetBytes(s))); return sb.ToString(); } } How can I use this class and authorize to the web service? Thanks.

    Read the article

  • Using DotNetOpenAuth AccessToken for uploading docx file to google

    - by PrashantC
    Hi , I am using DotNetOpenAuth Package, I am trying to upload a package to google docs, Using client credentials i am able to do it successfully using following code, DocumentEntry objDocumentEntry = new DocumentEntry(); objDocumentsService.setUserCredentials(strUserName,strPassWord); string strAuthenticationToken = objDocumentsService.QueryAuthenticationToken(); objDocumentEntry = objDocumentsService.UploadDocument(Server.MapPath("test.docx"), "New Name"); I want achieve save with plain oAuth, I am having following code written for it, if (this.TokenManager != null) { if (!IsPostBack) { var google = new WebConsumer(GoogleConsumer.ServiceDescription, this.TokenManager); // Is Google calling back with authorization? var accessTokenResponse = google.ProcessUserAuthorization(); if (accessTokenResponse != null) { this.AccessToken = accessTokenResponse.AccessToken; } else if (this.AccessToken == null) { // If we don't yet have access, immediately request it. GoogleConsumer.RequestAuthorization(google, GoogleConsumer.Applications.DocumentsList); } } } I successfully get "AccessToken", But i am not sure how to use it.. Do we need to exchange this token? what excatly to do with this token? Is it a sessionToken? Please provide some inputs, I am badly stuck with this problem from last 3 days, Prashant C

    Read the article

  • How to avoid user keep trying login using Ruby on Rails?

    - by Tattat
    I want to create a login page, it can easy implement using Ruby on Rails. But the login is very simple, but I want more security. I want to stop the user keep trying the password. So, I have some ideas on that. First, stop login feature if the user keep trying the password for 15 mins. After the user login fail 5 times in 15 mins, the system should not allow the user login again in next 15 mins, ever his/her password is correct. Second, I want to add a human verification, after the user tried 5 times. After the user wait for 15 mins to login, I want to add an addition verification to the user. I want the user click the password, and the CAPTCHA image. If one of them is failed, they still can't login the system. He/She have 5 times to try, if he / she failed again, he/she need to want another 15 mins. Third, After the user tried 15 times, and still can't get into the system. I want to lock the user account, the user will receive an email, with a link to assign the password again. So, the question is "Is there any library to implement such authorization easily?" I know it can be implemented using code, but using library is much convenient. Also, I want to ask is there any security suggestion for that? thank u.

    Read the article

  • Problem logging in and changing permissions in Facebook

    - by kujawk
    Hi everybody, I've got a piece of code that logs into Facebook, gets a session, sets status_update and offline_access permission if they are not set, and gets a new session with the newly set permissions. This code used to work fine but now I'm getting error 100 "One of the parameters specified was missing or invalid" as a response to the second call to get session and I can't figure out why. Here's the sequence in detail: CREATE TOKEN restserver.php?method=auth.createToken&api_key=[our key]&v=1.0&format=JSON&sig=[sig created with our secret] response: new token LOGIN m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[token created above] login screen loads and user successfully logs in with their username/password. GET SESSION restserver.php?method=auth.getSession&api_key=[our key]&v=1.0&format=JSON&auth_token=token created above&sig=[sig created with our secret] response: session key with expiration date and a secret CHECK/AUTHORIZE PERMISSIONS restserver.php?method=users.hasAppPermission&api_key=[our key]&v=1.0&format=JSON&ext_perm=status_update&call_id=[proper id]&session_key=[key returned above]&sig=[sig created with secret returned for get session] response: 0 m.facebook.com/authorize.php?api_key=[our key]&v=1.0&ext_perm=status_update authorization screen loads and user authorizes Same steps for status_update CREATE NEW TOKEN Same steps as done to create the first token LOGIN m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[new token] user is already logged in, redirected to their homepage GET NEW SESSION restserver.php?method=auth.getSession&api_key=[our key]&format=JSON&auth_token=[new token]&sig=[sig created with our secret] response: error 100 - missing or invalid parameter. Of course it doesn't tell me which one. Anybody have any ideas what I'm doing wrong here? I tried skipping the second login and going right to creating the new session and that didn't work. The only thing that seems to work is logging out the user after they've authorized the permissions and having them log back in again. I'd like to avoid this if possible. Can you have two outstanding sessions at one time? This code used to work but I'm thinking maybe something changed on Facebook's end that I'm not aware of. Thanks, kris

    Read the article

  • How to authenticate multiple entry points in a facebook app?

    - by Simon_Weaver
    I am using an IFrame application with XFBML and the new Javascript API. I'd like to have a facebook application with multiple entry points. These will most likely represent different links coming from a fan page tab. I can do this quite easily if the pages don't require authentication - for instance I can create several pages under the app and if a new user comes I can send them to any page: http://apps.facebook.com/myapp/offers http://apps.facebook.com/myapp/game http://apps.facebook.com/myapp/products The problem is that if I need to have authentication then once the user is authenticated they get redirected to my default post-authorization url. Is there a way for a user that comes to /game to stay on /game after they are authenticated without redirecting. I thought I could do it with the AJAX login form - but I cannot find out how to do that in a Facebook IFrame application. I think the example using requirelogin only works for FBML. <a href="http://apps.facebook.com/mysmiley" requirelogin=1> Welcome to my app</a>. Is there a way to accomplish this with Facebook APIs - or will I have to do some kind of clever cookie handling?

    Read the article

  • How do you use FastInfoset with JAXWS?

    - by Chris Kessel
    I've got code that looks like it should be correct based on what I can find, but the spewed output doesn't indicate that it's using FastInfoset. My understanding is the Accept should indicate it can accept Fastinfoset and the response would actually use it, meaning it's not text/xml as the response type. Any idea what I'm doing wrong? I've scoured with Google and I'm having a hard time finding much detail on how to use FastInfoset at all. JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean(); factory.getInInterceptors().add(new LoggingInInterceptor()); factory.getOutInterceptors().add(new LoggingOutInterceptor()); factory.setServiceClass( C360Server.class); factory.setAddress("http://localhost:8501/cxfcontroller/cl_v5"); C360Server client = (C360Server)factory.create(); ((BindingProvider)client).getRequestContext().put( "com.sun.xml.ws.client.ContentNegotiation", "optimistic"); C360Request requestTrans = new C360Request(); ... code to fill in the request ... C360Response response = client.findContacts( requestTrans ); The logging doesn't seem to indicate FastInfoset is even attempted though: INFO: Outbound Message --------------------------- ID: 1 Address: http://localhost:8501/cxfcontroller/cl_v5 Encoding: UTF-8 Content-Type: text/xml Headers: {SOAPAction=[""], Authorization=[Basic cWFfc3VwZXI6cWFfc3VwZXI=], Accept=[*/*]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns1:findContacts>...bunch of xml deleted for brevity...</ns1:findContacts></soap:Body></soap:Envelope> -------------------------------------- May 17, 2010 3:23:45 PM org.apache.cxf.interceptor.LoggingInInterceptor logging INFO: Inbound Message ---------------------------- ID: 1 Response-Code: 200 Encoding: UTF-8 Content-Type: text/xml; charset=utf-8 Headers: {content-type=[text/xml; charset=utf-8], Content-Length=[611], Server=[Jetty(6.1.x)]} Payload: <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><ns1:findContactsResponse>...bunch of xml spew deleted for brevity...</ns1:findContactsResponse></soap:Body></soap:Envelope> -------------------------------------- Any ideas what I'm doing wrong? Even if the server wasn't supporting FastInfoset, I still should see the attempted negotiation in the request, right?

    Read the article

  • facebook authentication / login trouble

    - by salmane
    I have setup facebook authentication using php and it goes something like this first getting the authorization here : https://graph.facebook.com/oauth/authorize?client_id=<?= $facebook_app_id ?>&redirect_uri=http://www.example.com/facebook/oauth/&scope=user_about_me,publish_stream then getting the access Token here : $url = "https://graph.facebook.com/oauth/access_token?client_id=".$facebook_app_id."&redirect_uri=http://www.example.com/facebook/oauth/&client_secret=".$facebook_secret."&code=".$code;" function get_string_between($string, $start, $end){ $string = " ".$string; $ini = strpos($string,$start); if ($ini == 0) return ""; $ini += strlen($start); $len = strpos($string,$end,$ini) - $ini; return substr($string,$ini,$len); } $access_token = get_string_between(file_get_contents($url), "access_token=", "&expires="); then getting user info : $facebook_user = file_get_contents('https://graph.facebook.com/me?access_token='.$access_token); $facebook_id = json_decode($facebook_user)->id; $first_name = json_decode($facebook_user)->first_name; $last_name = json_decode($facebook_user)->last_name; this is pretty ugly ( in my opinion ) but it works....how ever....the user is still not logged in...because i did not create or retrieve any session variables to confirm that the user is logged in to facebook... which means that after getting the authentication done the use still has to login .... first: is there a better way using php to do what i did above ? second: how do i set/ get session variable / cookies that ensure that the user doesnt have to click login thanks for your help

    Read the article

  • Trouble creating calendar in Google API via Coldfusion

    - by KingErroneous
    I am trying to create a caledar using the Google API, and it just returns the list of calendars in my account, just like I sent a GET request. Here is my code: <cfxml variable="locals.xml"> <cfoutput> <entry xmlns="http://www.w3.org/2005/Atom" xmlns:gd="http://schemas.google.com/g/2005" xmlns:gCal="http://schemas.google.com/gCal/2005"> <title type="text">#arguments.argTitle#</title> <summary type="text">#arguments.argSummary#</summary> <cfif len(arguments.argTimezone)><gCal:timezone value="#arguments.argTimezone#"></gCal:timezone></cfif> <gCal:hidden value="false"></gCal:hidden> <gCal:accesslevel value="owner" /> <gCal:color value="#arguments.argColor#"></gCal:color> <gd:where rel='' label='' valueString='Oakland'></gd:where> </entry> </cfoutput> </cfxml> <cfhttp url="#variables.baseURL#/default/owncalendars/full" method="post" redirect="false" multiparttype="related" charset="utf-8"> <cfhttpparam type="header" name="Authorization" value="GoogleLogin auth=#getAuth(variables.serviceName)#"> <cfhttpparam type="header" name="Content-Type" value="application/atom+xml"> <cfhttpparam type="header" name="GData-Version" value="2"> <cfhttpparam type="body" value="#trim(locals.xml)#"> </cfhttp> Any help would be appreciated.

    Read the article

  • Inserting default "admin" user into database during Rails App startup

    - by gbc
    I'm building my first real rails application for a little in-house task. Most of the application tasks require authentication/authorization. The first time the app starts up (or starts with a wiped db), I'd like the process to be: User logs into the admin panel using "admin" & "admin" for authentication info. User navigates to admin credentials editing page and changes name and password to something safer so that "admin" & "admin" is no longer a valid login. To achieve this result, I'd like to stuff a default username & password combination into the database on if the application starts up and detects that there are no user credentials in the 'users' table. For example: if User.count == 0 User.create(:name => "admin", :password => "admin") end However, I'm unsure where to place that code. I tried adding an initializer script in the config/initializers, but the error I received appeared to indicate that the model classes weren't yet loaded into the application. So I'm curious to know at what point I can hook into the application startup cycle and insert data into the database through ActiveRecord before requests are dispatched.

    Read the article

  • Web-Application development startup advice

    - by rpr
    Dear programmers of StackOverflow, recently me and two of my friends from college started a software company. We are developing web-applications using GWT-Spring-Hibernate and other helper frameworks. In a couple of months, we managed to set up a stable back-end and produced some demo programs for CRM solutions. Our area of interest is CRM where we can combine the flexibility of our back-end with the slick looking GWT based GUIs. Unfortunately we live in a third world country (well, kind of two and a half :) and no one here gives our work enough credit, or really cares about the advantages of web-apps. We are stuck at the moment because our current clients do not want to pay that much money for just "putting their local app on the web". Since we can not find satisfying work here, we have decided to work online/international. I was wondering if you guys know a good freelance kind of sites where we can throw ourselves into the market.. Also a question from frustration, to those who are in the field or knowledgeable/interested about web based CRM, how much would you ask/pay for lets say a web app which will keep track of all the patients of a multi-branch clinic also allowing the patients to access to view their own records? Including tiered authorization, logging etc.. Many thanks in advance for your responses!

    Read the article

  • parse.json of authenticated play request

    - by niklassaers
    I've set up authentication in my application like this, always allow when a username is supplied and the API-key is 123: object Auth { def IsAuthenticated(block: => String => Request[AnyContent] => Result) = { Security.Authenticated(RetrieveUser, HandleUnauthorized) { user => Action { request => block(user)(request) } } } def RetrieveUser(request: RequestHeader) = { val auth = new String(base64Decode(request.headers.get("AUTHORIZATION").get.replaceFirst("Basic", ""))) val split = auth.split(":") val user = split(0) val pass = split(1) Option(user) } def HandleUnauthorized(request: RequestHeader) = { Results.Forbidden } def APIKey(apiKey: String)(f: => String => Request[AnyContent] => Result) = IsAuthenticated { user => request => if(apiKey == "123") f(user)(request) else Results.Forbidden } } I want then to define a method in my controller (testOut in this case) that uses the request as application/json only. Now, before I added authentication, I'd say "def testOut = Action(parse.json) {...}", but now that I'm using authentication, how can I add parse.json in to the mix and make this work? def testOut = Auth.APIKey("123") { username => implicit request => var props:Map[String, JsValue] = Map[String, JsValue]() request.body match { case JsObject(fields) => { props = fields.toMap } case _ => {} // Ok("received something else: " + request.body + '\n') } if(!props.contains("UUID")) props.+("UUID" -> UniqueIdGenerator.uuid) if (!props.contains("entity")) props.+("entity" -> "unset") props.+("username" -> username) Ok(props.toString) } As a bonus question, why is only UUID added to the props map, not entity and username? Sorry about the noob factor, I'm trying to learn Scala and Play at the same time. :-) Cheers Nik

    Read the article

  • What legal disclaimer do you use?

    - by Egwor
    I'm working on some code at the moment, but I was wondering what legal disclaimers you have? This is for some work that I'm providing to a friend for free. This isn't open source since there's competitive advantage in the internal workings of the program. I was thinking of something like: Copyright 2008 Egwor.com All rights reserved. Except as contained in this notice, the name(s) of the above copyright holders shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. What do you use?

    Read the article

  • java web templates across multiple WAR files

    - by Casey
    I have a multi WAR web application that was designed badly. There is a single WAR that is responsible for handling some authorization against a database and defines a standard web page using a jsp taglib. The main WAR basically checks the privileges of the user and than based on that, displays links to the context path of the other deployed WARS. Each of the other deployed WARs includes this custom tag lib. I am working on redesigning this application, and one of the nice things that I want to retain is that we have other project teams that have developed these WAR modules that "plug into" our current system to take advantage of other things we have to offer. I am not entirely sure how to handle the page templates though. I need a templating system that would be easy enough to use across multiple wars (I was thinking of jsp fragments??). I really only need to define a consistent header and main navigation section. Whatever else is displayed on the page is up to the individual web project. Any suggestions? I hope that this is clear, if not I can elaborate more.

    Read the article

  • Uploading a file to imgur using PHP Imgurv3 API

    - by user434885
    I writing a webapp which uploads images to imgur directly. Since all older version of their APIs have been deprecated i am forced to use v3 of their APIs. Unfortunately I am unable to get the API to work. I am using curl to access the API. $pvars = array('image' => base64_encode($data)); $timeout = 30; $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, 'https://api.imgur.com/3/upload'); curl_setopt($curl, CURLOPT_TIMEOUT, $timeout); curl_setopt($curl, CURLOPT_POST, 1); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_POSTFIELDS, $pvars); curl_setopt($curl, CURLOPT_HTTPHEADER, array('Authorization: Client-ID xxxxxxa61xxxxxx')); $xml = curl_exec($curl); $xmlsimple = new SimpleXMLElement($xml); print gettype($xml)."<hr>"; echo '<img height="180" src="'; echo $xmlsimple->links->original; echo '">'; curl_close ($curl); The "Xml" variable always return as "false", no server error is displayed. Can someone guide me to what I am doing wrong ? Unfortunately I am also unable to find any proper example in the documentation nor around to guide me.

    Read the article

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >