Search Results

Search found 54190 results on 2168 pages for 'http authentication'.

Page 44/2168 | < Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51  | Next Page >

• Handling HTTP 404 Error in ASP.NET Web API

  - by imran_ku07

          Introduction:                     Building modern HTTP/RESTful/RPC services has become very easy with the new ASP.NET Web API framework. Using ASP.NET Web API framework, you can create HTTP services which can be accessed from browsers, machines, mobile devices and other clients. Developing HTTP services is now become more easy for ASP.NET MVC developer becasue ASP.NET Web API is now included in ASP.NET MVC. In addition to developing HTTP services, it is also important to return meaningful response to client if a resource(uri) not found(HTTP 404) for a reason(for example, mistyped resource uri). It is also important to make this response centralized so you can configure all of 'HTTP 404 Not Found' resource at one place. In this article, I will show you how to handle 'HTTP 404 Not Found' at one place.         Description:                     Let's say that you are developing a HTTP RESTful application using ASP.NET Web API framework. In this application you need to handle HTTP 404 errors in a centralized location. From ASP.NET Web API point of you, you need to handle these situations, No route matched. Route is matched but no {controller} has been found on route. No type with {controller} name has been found. No matching action method found in the selected controller due to no action method start with the request HTTP method verb or no action method with IActionHttpMethodProviderRoute implemented attribute found or no method with {action} name found or no method with the matching {action} name found.                                          Now, let create a ErrorController with Handle404 action method. This action method will be used in all of the above cases for sending HTTP 404 response message to the client.  public class ErrorController : ApiController { [HttpGet, HttpPost, HttpPut, HttpDelete, HttpHead, HttpOptions, AcceptVerbs("PATCH")] public HttpResponseMessage Handle404() { var responseMessage = new HttpResponseMessage(HttpStatusCode.NotFound); responseMessage.ReasonPhrase = "The requested resource is not found"; return responseMessage; } }                     You can easily change the above action method to send some other specific HTTP 404 error response. If a client of your HTTP service send a request to a resource(uri) and no route matched with this uri on server then you can route the request to the above Handle404 method using a custom route. Put this route at the very bottom of route configuration,  routes.MapHttpRoute( name: "Error404", routeTemplate: "{*url}", defaults: new { controller = "Error", action = "Handle404" } );                     Now you need handle the case when there is no {controller} in the matching route or when there is no type with {controller} name found. You can easily handle this case and route the request to the above Handle404 method using a custom IHttpControllerSelector. Here is the definition of a custom IHttpControllerSelector, public class HttpNotFoundAwareDefaultHttpControllerSelector : DefaultHttpControllerSelector { public HttpNotFoundAwareDefaultHttpControllerSelector(HttpConfiguration configuration) : base(configuration) { } public override HttpControllerDescriptor SelectController(HttpRequestMessage request) { HttpControllerDescriptor decriptor = null; try { decriptor = base.SelectController(request); } catch (HttpResponseException ex) { var code = ex.Response.StatusCode; if (code != HttpStatusCode.NotFound) throw; var routeValues = request.GetRouteData().Values; routeValues["controller"] = "Error"; routeValues["action"] = "Handle404"; decriptor = base.SelectController(request); } return decriptor; } }                     Next, it is also required to pass the request to the above Handle404 method if no matching action method found in the selected controller due to the reason discussed above. This situation can also be easily handled through a custom IHttpActionSelector. Here is the source of custom IHttpActionSelector,  public class HttpNotFoundAwareControllerActionSelector : ApiControllerActionSelector { public HttpNotFoundAwareControllerActionSelector() { } public override HttpActionDescriptor SelectAction(HttpControllerContext controllerContext) { HttpActionDescriptor decriptor = null; try { decriptor = base.SelectAction(controllerContext); } catch (HttpResponseException ex) { var code = ex.Response.StatusCode; if (code != HttpStatusCode.NotFound && code != HttpStatusCode.MethodNotAllowed) throw; var routeData = controllerContext.RouteData; routeData.Values["action"] = "Handle404"; IHttpController httpController = new ErrorController(); controllerContext.Controller = httpController; controllerContext.ControllerDescriptor = new HttpControllerDescriptor(controllerContext.Configuration, "Error", httpController.GetType()); decriptor = base.SelectAction(controllerContext); } return decriptor; } }                     Finally, we need to register the custom IHttpControllerSelector and IHttpActionSelector. Open global.asax.cs file and add these lines,  configuration.Services.Replace(typeof(IHttpControllerSelector), new HttpNotFoundAwareDefaultHttpControllerSelector(configuration)); configuration.Services.Replace(typeof(IHttpActionSelector), new HttpNotFoundAwareControllerActionSelector());         Summary:                       In addition to building an application for HTTP services, it is also important to send meaningful centralized information in response when something goes wrong, for example 'HTTP 404 Not Found' error.  In this article, I showed you how to handle 'HTTP 404 Not Found' error in a centralized location. Hopefully you will enjoy this article too.

  Read the article

• XNA Notes 007

  - by George Clingerman

  Every week I keep wondering if there’s going to be enough activity in the community to keep doing these notes on a weekly basis and every week I’m reminded of just how awesome and active the XNA community is. There’s engines being made, tutorials being created, games being crafted. There’s information being shared, questions being answered and then there’s another whole community around the Xbox LIVE Indie Games themselves. It’s really incredibly to just watch all that’s going on and I’m glad I’m playing a small part in all of this. So here’s what I noticed happening in the XNA community last week. If there’s things I’m missing, always feel free to let me know. I love learning about new corners of the XNA community that I wasn’t aware of or just have been missing! XNA Developers: Uditha Bandara held an XNA Game Development Workshops at Singapore Universities http://uditha.wordpress.com/2011/02/18/xna-game-development-workshops-at-singapore-universities-event-update/ Binary Tweed gives his talks about Indie City and gives his opinion on the false promise of digital distribution http://www.develop-online.net/news/37053/OPINION-The-false-promise-of-digital-distribution Kris Steele posts his Trivia or Die postmortem http://www.krissteele.net/blogdetails.aspx?id=246 @MadNinjaSkills (James Johnston) posts his feelings on testing for XBLIG http://www.ezmuze.co.uk/101 Simon (@DDReaper) posts hints and tips for XNA developers to help get the size of their projects down http://twitter.com/#!/DDReaper/status/38279440924545024 http://xna-uk.net/blogs/darkgenesis/archive/2011/02/17/look-at-the-size-of-that-thing.aspx Michael B. McLaughlin proving why he should be an XNA MVP posts the list of commonly used value types in XNA games http://geekswithblogs.net/mikebmcl/archive/2011/02/17/list-of-commonly-used-value-types-in-xna-games.aspx http://twitter.com/#!/mikebmcl/status/38166541354811392 Paul Powell (@ITSligoPaul) posts about a common sprite batch as a game service http://itspaulsblog.blogspot.com/2011/02/xna-common-sprite-batch-as-game-service.html @SigilXNA (John Defenbaugh) posts his new level editor video for the sequel to Opac’s Journey http://twitter.com/SigilXNA/statuses/36548174373982209 http://twitter.com/#!/SigilXNA/status/36548174373982209 http://youtu.be/QHbmxB_2AW8 @jwatte updates kW Animation for XNA 4.0 http://www.enchantedage.com/xna-animation @DSebJ posts Blender to SunBurn http://twitter.com/#!/DSebJ/status/36564920224976896 http://dsebj.evolvingsoftware.com/?p=187 Ads and WP7 Games - @mechaghost shares his revenue data for his ad based games http://www.occasionalgamer.com/2011/02/09/ads-and-wp7-games/ Xbox LIVE Indie Games (XBLIG): Steven Hurdle posts day 100 of his quest to find a fantastic XBLIG purchase every day http://writingsofmassdeduction.com/2011/02/17/day-100-radiangames-ballistic/ Xbox 360 Indie Game Buying Guide - 12 games for $60 including several Xbox LIVE Indie games! (although if the XNA community was asked we could have recommended 60 games for $60...) http://www.indiegamemag.com/xbox360-indie-games-buying-guide/ The best selling Xbox LIVE Indie games of 2010 http://www.1up.com/news/xbox-live-most-popular-games I’d buy that for a dollar! - the California Literary Review points out a few gems on the XBLIG marketplace (and other places) where you can game on the cheap. http://calitreview.com/14125 Armless Octopus Episode 39 - The Indie Gem Octocast http://www.armlessoctopus.com/2011/02/17/armless-octocast-episode-39-the-indie-gem-octocast/ Ska Studios posts a plethora of updates http://www.ska-studios.com/2011/02/11/good-morning-gato-49/ http://www.ska-studios.com/2011/02/14/vampire-smile-valentines/ http://www.ska-studios.com/2011/02/16/the-dishwasher-vs-finds-a-home/ Kotaku posts about the Xbox LIVE Indie Game that makes you go Pew Pew Pew Pew Pew Pew http://kotaku.com/#!5760632/the-game-that-makes-you-go-pew-pew-pew-pew-pew-pew-pew GameMarx continues to be active and doing a ton for the XBLIG community reviews and Top 5 indie games of the week 2/4-2/10 http://www.gamemarx.com/video/the-show/22/ep-9-february-11-2010.aspx a new podcast Xbox Indie New Releases http://twitter.com/#!/gamemarx/status/36888849107910656 http://www.gamemarx.com/news/2011/02/13/a-new-podcast-xbox-indie-new-releases.aspx @MasterBlud uploads Indocalypse XBLIG Collections #2 http://www.youtube.com/watch?v=uzCZSv075mc&feature=youtu.be&a http://twitter.com/#!/MasterBlud/status/37100029697064960 Just Press Start interviews Michael Hicks from MichaelArts, 18 year old creator of Honor in Vengeance http://justpressstart.net/?p=465 Achievement Locked interviews Kris Steele of FunInfused Games http://xboxindies.wordpress.com/2011/02/11/interview-fun-infused-games/ XNA Game Development: XNA -UK launches their XAP test service to help the XNA community http://xna-uk.net/blogs/news/archive/2011/02/18/xna-uk-xap-test-service-now-live.aspx Transmute shows off a video of the standard character editor http://www.youtube.com/watch?v=qqH6gErG948&feature=youtu.be Microsoft Tech Student introduces their first tech student of the month.  Meet Daniel Van Tassel from the University of Utah and learn how he created an Xbox LIVE Indie Game using XNA Studio http://blogs.msdn.com/b/techstudent/archive/2010/12/22/introducing-our-first-tech-student-of-the-month-daniel-van-tassel.aspx XNA for Silverlight Developers Part 3 - Animation (transforms) http://www.silverlightshow.net/items/XNA-for-Silverlight-developers-Part-3-Animation-transforms.aspx XNA for Silverlight Developers Part 4 - Animation (frame based) http://www.silverlightshow.net/items/XNA-for-Silverlight-developers-Part-4-Animation-frame-based.aspx @suhinini tweets about an XNA Sprite Font generation tool http://twitter.com/#!/suhinini/status/36841370131890176 http://www.nubik.com/SpriteFont/ XNATouch 1.5 is out and in it’s words is faster, simpler, more reliable and has the XNA 4.0 API http://monogame.codeplex.com/releases/view/60815 IndieCity is hosting marketing workshops for Indie Developers (UK and US) http://forums.create.msdn.com/forums/p/75197/457654.aspx#457654 New York Students - Learn XNA and Silverlight for Xbox 360 and Windows Phone 7 http://forums.create.msdn.com/forums/p/72753/456964.aspx#456964 http://blogs.msdn.com/b/andrewparsons/archive/2011/01/13/learn-to-build-your-own-games-for-xbox-360-and-windows-phone-7.aspx http://blogs.msdn.com/b/andrewparsons/archive/2011/01/13/build-a-game-in-48-hours-win-a-kinect-or-windows-phone-7.aspx Extra Credits: Videogame Music http://www.escapistmagazine.com/videos/view/extra-credits/2019-Videogame-Music Steve Pavlina posts an article with useful information for all XNA/XBLIG developers http://www.stevepavlina.com/blog/2011/02/completion-vs-perfection/

  Read the article

• Using the Katana Authentication handlers with NancyFx

  - by cibrax

  Once you write an OWIN Middleware service, it can be reused everywhere as long as OWIN is supported. In my last post, I discussed how you could write an Authentication Handler in Katana for Hawk (HMAC Authentication). Good news is NancyFx can be run as an OWIN handler, so you can use many of existing middleware services, including the ones that are ship with Katana. Running NancyFx as a OWIN handler is pretty straightforward, and discussed in detail as part of the NancyFx documentation here. After run the steps described there and you have the application working, only a few more steps are required to register the additional middleware services. The example bellow shows how the Startup class is modified to include Hawk authentication. public class Startup { public void Configuration(IAppBuilder app) { app.UseHawkAuthentication(new HawkAuthenticationOptions { Credentials = (id) => { return new HawkCredential { Id = "dh37fgj492je", Key = "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn", Algorithm = "hmacsha256", User = "steve" }; } }); app.UseNancy(); } } .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; } This code registers the Hawk Authentication Handler on top of the OWIN pipeline, so it will try to authenticate the calls before the request messages are passed over to NancyFx. The authentication handlers in Katana set the user principal in the OWIN environment using the key “server.User”. The following code shows how you can get that principal in a NancyFx module, public class HomeModule : NancyModule { public HomeModule() { Get["/"] = x => { var env = (IDictionary<string, object>)Context.Items[NancyOwinHost.RequestEnvironmentKey]; if (!env.ContainsKey("server.User") || env["server.User"] == null) { return HttpStatusCode.Unauthorized; } var identity = (ClaimsPrincipal)env["server.User"]; return "Hello " + identity.Identity.Name; }; } } .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; } Thanks to OWIN, you don’t know any details of how these cross cutting concerns can be implemented in every possible web application framework.

  Read the article

• Google page rank not showing after redirecting www to non www?

  - by muhammad usman

  i have a fashion website. i had redirected my domain htttp:// (non www) to http:// www domain and my preferred domain in Google webmaster tools was http:// www. Now i have redirected http:// www to http:// domain and have changed my prefered domain as well. Now Google PageRank is not showing for even a single page. Would any body please help me and let me know if i have done something wrong? below is my htaccess redirect code RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] RewriteCond %{HTTP_HOST} ^www\.deemasfashion\.com$ RewriteRule ^deemasfashion\.com/?(.*)$ http://deemasfashion.com/$1 [R=301,L] RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.html\ HTTP/ RewriteRule ^index\.html$ http://deemasfashion.com/ [R=301,L] RewriteRule ^index\.htm$ http://deemasfashion.com/ [R=301,L]

  Read the article

• Redirecting a HTTP rqueust and response code/headers

  - by Bill Zimmerman

  Hi, I have a loosely coupled web app (one part uses PHP, the other uses WGSI). The WSGI/python framework shares the authentication with the PHP app, meaning that generally, the user should Log in via the PHP interface Now the user can access any of the WSGI pages [this part works if the user has logged in] What I want to do though, is if a user tries to access a WSGI page while not logged in (maybe from a previous bookmark), I would like to redirect him to the login page, and after logging in redirect him back to the orignal URL. I'm not very experienced with server-side programming, so here are my questions. How should I redirect the user back to the PHP login page? What should the HTTP status code be? Do I need to set any extra header information? What is a good way/best practice method to pass the original URL to the login page, and then after logging have it redirect the user back. Thank you!

  Read the article

• How to remove date header from apache ?

  - by Dario

  hi everyone, I need to minimize Apache HTTP response headers, by now i reduced them as following HTTP/1.1 200 OK Date: Thu, 25 Mar 2010 21:57:41 GMT Server: Apache Content-Type: text/html I'd like to know if there is a way to disable Date and Server header, only for a certain virtual host. Thank you!

  Read the article

• Using Default Document with Forms Authentication

  - by John Rabotnik

  I have a site hosted on IIS7 with a default document specified as default.aspx. This works fine but my app uses Forms Authentication and I want to disable Anonymous Authentication completely. When I do disable anonymous authentication for everything except the login page, everything works fine but the default document setting stops working. With Anonymous authentication switched on if I visit http://mysite I get passed to http://mysite/default.aspx (which then redirects to the login page if the user hasn't already logged in) If I disable anonymous authentication (leaving only forms based auth enabled) and I visit http://mysite I get a permission denied page from IIS. Yet, if I visit http://mysite/default.aspx directly then the site works fine. I just want to disable anonymous authentication and have http://mysite go to http://mysite/default.aspx. Any ideas would be greatly appreciated.

  Read the article

• How do I turn on basic HTTP-auth for a page in jboss?

  - by Electrons_Ahoy

  I'm setting up a jboss server for testing some java code that talks to http servers. That's pretty easy. However one of the things I'm testing is interfacing with classic "old-school" HTTP-Auth protected pages, and for the life of me I can't figure out how to turn that on in jboss (and my google-fu seems to have let me down.) So, how do I add a basic username and password to a single html (or jsp) file in jboss using http Basic Access Authentication?

  Read the article

• HTTP 500 ERROR on CAS Server while setting SSLVerifyClent as "required"

  - by Huiyu.Bird

  I have 3 servers, a Apache Server, a JBOSS Server and a CAS Server for SSO. The Apache Server resolve all request with a domain such as www.request.com, and the path of CAS Server is www.request.com/cas, and JBOSS Server is www.request.com/jboss (This app got a CAS client). My problem is if I set SSLVerifyClient require for the NameVirtualHost of www.request.com in my Apache Server, I got a HTTP 500 error during the redirecting to the JBOSS Server(http://www.request.com/jboss), after logined in the CAS login page successfully. But everything goes successfully if there is no SSLVerifyClient require . Error logs of my Apache Server : [Mon Apr 19 17:07:25 2010] [error] Re-negotiation handshake failed: Not accepted by client!? Error logs of my JBOSS Server : 2010-04-19 17:29:57,263 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/jboss].[jsp]] (ajp-0.0.0.0-8009-1) Servlet.service() for servlet jsp threw exception org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response. at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:78) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.in Any tips will be highly appreciated. Thanks in advance.

  Read the article

• Asynchronous HTTP Client for Java

  - by helifreak

  As a relative newbie in the Java world, I am finding many things frustratingly obtuse to accomplish that are relatively trivial in many other frameworks. A primary example is a simple solution for asynchronous http requests. Seeing as one doesn't seem to already exist, what is the best approach? Creating my own threads using a blocking type lib like httpclient or the built-in java http stuff, or should I use the newer non-blocking io java stuff - it seems particularly complex for something which should be simple. What I am looking for is something easy to use from a developer point of view - something similar to URLLoader in AS3 - where you simply create a URLRequest - attach a bunch of event handlers to handle the completion, errors, progress, etc, and call a method to fire it off. If you are not familiar with URLLoader in AS3, its so super easy and looks something like this: private void getURL(String url) { URLLoader loader = new URLLoader(); loader.addEventListener(Event.Complete, completeHandler); loader.addEventListener(HTTPStatusEvent.HTTP_STATUS, httpStatusHandler); loader.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler); URLRequest request = new URLRequest(url); // fire it off - this is asynchronous so we handle // completion with event handlers loader.load(request); } private void completeHandler(Event event) { URLLoader loader = (URLLoader)event.target; Object results = loader.data; // process results } private void httpStatusHandler(Event event) { // check status code } private void ioErrorHandler(Event event) { // handle errors }

  Read the article

• Convert an exception into HTTP 404 response in the Application_Error

  - by Dmitriy Nagirnyak

  Hi, First of all, quickly what exactly I want to achieve: translate particular exception into the HTTP 404 so the ASP.NET can handle it further. I am handling exceptions in the ASP.NET (MVC2) this way: protected void Application_Error(object sender, EventArgs e) { var err = Server.GetLastError(); if (err == null) return; err = err.GetBaseException(); var noObject = err as ObjectNotFoundException; if (noObject != null) HandleObjectNotFound(); var handled = noObject != null; if (!handled) Logger.Fatal("Unhandled exception has occured in application.", err); } private void HandleObjectNotFound() { Server.ClearError(); Response.Clear(); // new HttpExcepton(404, "Not Found"); // Throw or not to throw? Response.StatusCode = 404; Response.StatusDescription = "Not Found"; Response.StatusDescription = "Not Found"; Response.Write("The whole HTML body explaining whata 404 is??"); } The problem is that I cannot configure default customErrors to work with it. When it is on then it never redirects to the page specified in customErrors: <error statusCode="404" redirect="404.html"/>. I also tried to raise new HttpExcepton(404, "Not Found") from the handler but then the response code is 200 which I don't understand why. So the questions are: What is the proper way of translating AnException into HTTP 404 response? How does customErrors section work when handling exceptions in Application_Error? Why throwing HttpException(404) renders (blank) page with success (200) status? Thanks, Dmitriy.

  Read the article

• HTTP requests and Apache modules: Creative attack vectors

  - by pinkgothic

  Slightly unorthodox question here: I'm currently trying to break an Apache with a handful of custom modules. What spawned the testing is that Apache internally forwards requests that it considers too large (e.g. 1 MB trash) to modules hooked in appropriately, forcing them to deal with the garbage data - and lack of handling in the custom modules caused Apache in its entirety to go up in flames. Ouch, ouch, ouch. That particular issue was fortunately fixed, but the question's arisen whether or not there may be other similar vulnerabilities. Right now I have a tool at my disposal that lets me send a raw HTTP request to the server (or rather, raw data through an established TCP connection that could be interpreted as an HTTP request if it followed the form of one, e.g. "GET ...") and I'm trying to come up with other ideas. (TCP-level attacks like Slowloris and Nkiller2 are not my focus at the moment.) Does anyone have a few nice ideas how to confuse the server and/or its modules to the point of self-immolation? Broken UTF-8? (Though I doubt Apache cares about encoding - I imagine it just juggles raw bytes.) Stuff that is only barely too long, followed by a 0-byte, followed by junk? et cetera I don't consider myself a very good tester (I'm doing this by necessity and lack of manpower; I unfortunately don't even have a more than basic grasp of Apache internals that would help me along), which is why I'm hoping for an insightful response or two or three. Maybe some of you have done some similar testing for your own projects? (If stackoverflow is not the right place for this question, I apologise. Not sure where else to put it.)

  Read the article

• Send HTTP 404 from Application_Error

  - by Dmitriy Nagirnyak

  Hi, First of all, quickly what exactly I want to achieve: translate particular exception into the HTTP 404 so the ASP.NET can handle it further. I am handling exceptions in the ASP.NET (MVC2) this way: protected void Application_Error(object sender, EventArgs e) { var err = Server.GetLastError(); if (err == null) return; err = err.GetBaseException(); var noObject = err as ObjectNotFoundException; if (noObject != null) HandleObjectNotFound(); var handled = noObject != null; if (!handled) Logger.Fatal("Unhandled exception has occured in application.", err); } private void HandleObjectNotFound() { Server.ClearError(); Response.Clear(); // new HttpExcepton(404, "Not Found"); // Throw or not to throw? Response.StatusCode = 404; Response.StatusDescription = "Not Found"; Response.StatusDescription = "Not Found"; Response.Write("The whole HTML body explaining whata 404 is??"); } The problem is that I cannot configure default customErrors to work with it. When it is on then it never redirects to the page specified in customErrors: <error statusCode="404" redirect="404.html"/>. I also tried to raise new HttpExcepton(404, "Not Found") from the handler but then the response code is 200 which I don't understand why. So the questions are: What is the proper way of translating AnException into HTTP 404 response? How does customErrors section work when handling exceptions in Application_Error? Why throwing HttpException(404) renders (blank) page with success (200) status? Thanks, Dmitriy.

  Read the article

• video streaming over http in blackberry

  - by ysnky

  hi all, while i was searching video player over http, i found the article which is located at this url; http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800332/1089414/Stream ing_media_-_Start_to_finish.html?nodeid=2456737&ve rnum=0 i can run by adding ";deviceside=true" at the end of url. it works fine in the jde4.5 simulator. it gets 3gp videos from my local server. i tested with 580kb files and works fine. but when i get the same file from my server (not local, real server) i have problems with big files (e.g 580 kb). it plays 180kb files (but sometimes it does not play this file either) but not plays 580kb file. and also i deployed my application to my 9000 device it sometimes plays small file (180kb) but never plays big file (580kb). why it plays if it is on my local file, not play in real world? i ve stucked for days. hope you help me. and also the code at the url given below is not work, the only code i ve found is the above. blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800332/1089414/How_To _-_Play_video_within_a_BlackBerry_smartphone_appli cation.html?nodeid=1383173&vernum=0 btw, there is no method such as resize(long param) of CircularByteBuffer class. so i comment relavent line (buffer.resize(buffer.getSize() + (buffer.getSize() * percent / 100)); as shown below. public void increaseBufferCapacity(int percent) { if(percent < 0){ log(0, "FAILED! SP.setBufferCapacity() - " + percent); throw new IllegalArgumentException("Increase factor must be positive.."); } synchronized(readLock){ synchronized(connectionLock){ synchronized(userSeekLock){ synchronized(mediaIStream){ log(0, "SP.setBufferCapacity() - " + percent); //buffer.resize(buffer.getSize() + (buffer.getSize() * percent / 100)); this.bufferCapacity = buffer.getSize(); } } } } } thanks in advance.

  Read the article

• Why Won't this http post request work?

  - by dubbeat

  Hi, I'm wondering why this http post request won't work for my iphone app. I know for a fact that the url is correct and that the variables I'm sending are correct but for some reason the request is not being recieved by the aspx page. NSMutableString *httpBodyString; NSURL *url; NSMutableString *urlString; httpBodyString=[NSMutableString stringWithFormat:@"%@%@%@%@%@",@"?g=",promoValueObject.country,@"&c=",promoData.artistid,@"&d=iphone"]; urlString=[[NSMutableString alloc] initWithString:@"http://www.mysite.com/stats_promo.aspx"]; url=[[NSURL alloc] initWithString:urlString]; [urlString release]; NSMutableURLRequest *urlRequest=[NSMutableURLRequest requestWithURL:url]; [url release]; [urlRequest setHTTPMethod:@"POST"]; [urlRequest setHTTPBody:[httpBodyString dataUsingEncoding:NSISOLatin1StringEncoding]]; //[httpBodyString release]; NSURLConnection *connectionResponse = [[NSURLConnection alloc] initWithRequest:urlRequest delegate:self]; if (!connectionResponse) { NSLog(@"Failed to submit request"); } else { NSLog(@"--------- Request submitted ---------"); NSLog(@"connection: %@ method: %@, encoded body: %@, body: %a", connectionResponse, [urlRequest HTTPMethod], [urlRequest HTTPBody], httpBodyString); }

  Read the article

• HTTP 500 a problem on CAS Server while setting SSLVerifyClent as "required"

  - by Huiyu.Bird

  I have 3 server, a Apache Server, a JBOSS Server and a CAS Server for SSO. The Apache Server resolve all request with a domain such as www.request.com, and the path of CAS Server is www.request.com/cas, and JBOSS Server is www.request.com/jboss (This app got a CAS client). My problem is if I set SSLVerifyClient require for the NameVirtualHost of www.request.com in my Apache Server, I got a HTTP 500 error during the redirecting to the JBOSS Server(http://www.request.com/jboss), after logined in the CAS login page successfully. But everything goes successfully if there is no SSLVerifyClient require . Error logs of my Apache Server : [Mon Apr 19 17:07:25 2010] [error] Re-negotiation handshake failed: Not accepted by client!? Error logs of my JBOSS Server : 2010-04-19 17:29:57,263 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/jboss].[jsp]] (ajp-0.0.0.0-8009-1) Servlet.service() for servlet jsp threw exception org.jasig.cas.client.validation.TicketValidationException: The CAS server returned no response. at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162) at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:78) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:96) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:75) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.in Any tips will be highly appreciated. Thanks in advance.

  Read the article

• HTTP POST prarameters order / REST urls

  - by pq

  Let's say that I'm uploading a large file via a POST HTTP request. Let's also say that I have another parameter (other than the file) that names the resource which the file is updating. The resource cannot be not part of the URL the way you can do it with REST (e.g. foo.com/bar/123). Let's say this is due to a combination of technical and political reasons. The server needs to ignore the file if the resource name is invalid or, say, the IP address and/or the logged in user are not authorized to update the resource. Looks like, if this POST came from an HTML form that contains the resource name first and file field second, for most (all?) browsers, this order is preserved in the POST request. But it would be naive to fully rely on that, no? In other words the order of HTTP parameters is insignificant and a client is free to construct the POST in any order. Isn't that true? Which means that, at least in theory, the server may end up storing the whole large file before it can deny the request. It seems to me that this is a clear case where RESTful urls have an advantage, since you don't have to look at the POST content to perform certain authorization/error checking on the request. Do you agree? What are your thoughts, experiences?

  Read the article

• Apache HTTP and WEblogic Plug-in Location Directive question

  - by user275633

  All, We are using Weblogic Portal and Apache 2.x http server with the weblogic plug-in for apache for load-balancing. We have an application that right now can only be accessed from one of our managed servers. What I would like to do is us the Location directive to direct all requests for that page to the one managed server and I can't get it to work. The context that the portal tries to forward to is something like /MyWebApp?portalusername= (where equals a legitimate user. For example /MyWebApp?portalusername=joesmith All other applications and the plug-in is load balancing as expected because every now and then you'll get sent to teh second managed server for this particular application and its not deployed. I tried various things in the apache http.conf like the following but can't seem to get it work? Any suggestions? The followign is a snippet of the httpd.conf: (Note formatting did not come thru properly but it is formatted correctly in my httpd.conf) Blockquote Location /MyWebApp SetHandler weblogic-handler WebLogicCluster myserver:7011 Location Blockquote Location / SetHandler weblogic-handler WebLogicCluster myserver:7011, myserver2:7012 Location Thanks in advance.

  Read the article

• HTTP Compression problems on IIS7

  - by Jonathan Wood

  I've spent quite a bit of time on this but seem to be going nowhere. I have a large page that I really want to speed up. The obvious place to start seems to be HTTP compression, but I just can't seem to get it to work for me. After considerable searching, I've tried several variations of the code below. It kind of works, but after refreshing the browser, the results seem to fall apart. They were turning to garbage when the page used caching. If I turn off caching, then the page seems right but I lose my CSS formatting (stored in a separate file) and get an error that an included JS file contains invalid characters. Most of the resources I've found on the Web were either very old or focused on accessing IIS directly. My page is running on a shared hosting account and I do not have direct access to IIS7, which it's running on. protected void Application_BeginRequest(object sender, EventArgs e) { // Implement HTTP compression if (Request["HTTP_X_MICROSOFTAJAX"] == null) // Avoid compressing AJAX calls { // Retrieve accepted encodings string encodings = Request.Headers.Get("Accept-Encoding"); if (encodings != null) { // Verify support for or gzip (deflate takes preference) encodings = encodings.ToLower(); if (encodings.Contains("gzip") || encodings == "*") { Response.Filter = new GZipStream(Response.Filter, CompressionMode.Compress); Response.AppendHeader("Content-Encoding", "gzip"); Response.Cache.VaryByHeaders["Accept-encoding"] = true; } else if (encodings.Contains("deflate")) { Response.Filter = new DeflateStream(Response.Filter, CompressionMode.Compress); Response.AppendHeader("Content-Encoding", "deflate"); Response.Cache.VaryByHeaders["Accept-encoding"] = true; } } } } Is anyone having better success with this?

  Read the article

• Recreating http request with cURL incl. files

  - by Toby

  I consistently get the error 'failed creating formpost data' from the below code, the same thing works perfectly on my local testing server, but on my shared host it throws the error. The sample part is just to simulate building the array with both files and non-file data. Essentially all I'm trying to do here is redirect the same http request to another server, but I'm running into so many troubles. $count=count($_FILES['photographs']['tmp_name']); $file_posts=array('samplesample' => 'ladeda'); for($i=0;$i<$count;$i++) { if(!empty($_FILES['photographs']['name'][$i])) { $fn = genRandomString(); $file_posts[$fn] = "@".$_FILES['photographs']['tmp_name'][$i]; } } $ch = curl_init(); curl_setopt($ch,CURLOPT_URL,"http://myurl/wp-content/plugins/autol/rec.php"); curl_setopt($ch,CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"); curl_setopt($ch,CURLOPT_HEADER,TRUE); curl_setopt($ch,CURLOPT_POST,TRUE); curl_setopt($ch,CURLOPT_POSTFIELDS,$file_posts); curl_exec($ch); print curl_error($ch); curl_close($ch);

  Read the article

• codeigniter cron job with http access

  - by user1313850

  Sorry if this is a duplicate question...I've searched around and found similar advice but nothing that helps my exact problem. And please excuse the noob questions, CRON is a new thing for me. I have a codeigniter script that scrapes the html DOM of another site and stores some of that in a database. I'd like to run this script at a regular interval. This has lead me to looking into cron jobs. The page I have is at myserver.com/index.php/update I realize I can run a cron job with curl and run this page. If I want to be a bit more secure I can put a string at the end like: myserver.com/index.php/update/asdfh2784fufds And check for that in my CI controller. This seems like it would be mostly secure, but doesn't seem like the "right" way to do things. I've looked into running CI from the command line, and can execute basic pages like: php index.php mycontroller But when I try to do: php index.php update It doesn't work. I suspect this is because it needs to use HTTP to scrape the DOM of the outside page. So, my question: How do I securely run a codeigniter script with a cron job that needs HTTP access?

  Read the article

• i not find how in powershell pass through http autentification then use a webservices (lotus/domino)

  - by user1716616

  We have here a domino/lotus webservices i want use with powershell. probleme is in front of webservices lotus admin ask a http autentification. how i can use this webservice?? here what i tryed first scrap the first page and get cookie. $url = "http://xxxxxxx/names.nsf?Login" $CookieContainer = New-Object System.Net.CookieContainer $postData = "Username=web.services&Password=jesuisunestar" $buffer = [text.encoding]::ascii.getbytes($postData) [net.httpWebRequest] $req = [net.webRequest]::create($url) $req.method = "POST" $req.Accept = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" $req.Headers.Add("Accept-Language: en-US") $req.Headers.Add("Accept-Encoding: gzip,deflate") $req.Headers.Add("Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7") $req.AllowAutoRedirect = $false $req.ContentType = "application/x-www-form-urlencoded" $req.ContentLength = $buffer.length $req.TimeOut = 50000 $req.KeepAlive = $true $req.Headers.Add("Keep-Alive: 300"); $req.CookieContainer = $CookieContainer $reqst = $req.getRequestStream() $reqst.write($buffer, 0, $buffer.length) $reqst.flush() $reqst.close() [net.httpWebResponse] $res = $req.getResponse() $resst = $res.getResponseStream() $sr = new-object IO.StreamReader($resst) $result = $sr.ReadToEnd() this seem work but now no idea how i can use cookie with a webservicesproxy??? ps: i success have this to work with c# + visualstudio (just the class reference is autobuilt and i don't understand half of this but it allow me to use .CookieContenaire on the generated webservice )

  Read the article

• ASP.NET: disabling authentication for a single aspx page (custom error page)?

  - by Richard Collette

  I am using a custom error page: <customErrors redirectMode="ResponseRedirect" mode="On" defaultRedirect="Error2.aspx"/> I want to disable authentication for the custom error page because the error being raised is related to an authentication module and I don't want to get into an infinite loop and I want to display a clean error page to the user. I have been trying the following configuration to do that. <location path="Error2.aspx"> <system.web> <authentication mode="None"/> <authorization> <allow users="?"/> <allow users="*"/> </authorization> </system.web> </location> I am getting a System.Configuration.ConfigurationErrorsException for the line that sets the authentication mode. It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. I have verified that there are no other web.config files in subdirectories under the application's folder. The applications folder is configured as an application in IIS and the error page is at the application's root. File permissions set for the error page in IIS include anonymous and windows authentication (I have tried just anonymous as well).

  Read the article

• Why public key authentication is preferred for automated scripts?

  - by codeholic

  I found the following claim in the documentation for Net::OpenSSH: Note that using password authentication in automated scripts is a very bad idea. When possible, you should use public key authentication instead. What's flawed in using password authentication in automated scripts?

  Read the article

• Does WCF require configuration to handle different methods of authentication?

  - by Alex Angas

  A WCF service has been written and can be hosted in any web site. These web sites could use Windows, Kerberos, or Forms authentication. Is any particular configuration or development required within the service to handle these different authentication types? Or is authentication independent and the service doesn't need to worry about it?

  Read the article

< Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51  | Next Page >