Search Results

Search found 13810 results on 553 pages for 'security roles'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 44/553 | < Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51  | Next Page >

  • ProtectedData.Unprotect() after Impersonate()

    - by Andrey
    The following code doesn't work: IntPtr token = Win32Dll.LogonUser(“user1”, “mydomain”, “password1”); WindowsIdentity id = new WindowsIdentity(token); WindowsImpersonationContext ic = id.Impersonate(); byte[] unprotectedBytes = ProtectedData.Unprotect(passwordBytes, null, DataProtectionScope.CurrentUser); password = Encoding.Unicode.GetString(unprotectedBytes); ic.Undo(); The password is not decrypted. MSDN said "If you use this method during impersonation, you may receive the following error: "Key not valid for use in specified state." This error can be prevented by loading the profile of the user you want to impersonate, before calling the method." I would be very grateful for the help!

    Read the article

  • Membership Roles.GetUsersInRole not working for me

    - by Nickson
    Dim usersInRole As String() = Roles.GetUsersInRole("HR_Base_Role") Dim Myusers As New MembershipUserCollection For Each UserName As String In usersInRole Myusers.Add(Membership.GetUser(UserName)) Next ComboBox2.DataSource = Myusers The code above throws a "Specified method is not supported." exception on the first line. Any one knows what am doing wrong here?

    Read the article

  • Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data

    - by joebeazelman
    I created an assembly containing WCF service code and dropped into another web project. When I try to invoke a service method, I get the following inner exception: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Why this is happening? My newly created assembly lives inside the ASP.NET /bin folder along with other assemblies. At this level, should the database not know or care whether it is being called from a web service or from a normal call? How would it know that my assembly is foreign? How do I resolve this issue?

    Read the article

  • Best way for a remote web app to authenticate users in my current web app?

    - by jklp
    So a bit of background, I'm working on an existing web application which has a set of users, who are able to log in via a traditional login screen with a user name and password, etc. Recently we've managed to score a client (who have their own Intranet site), who are wanting to be able to have their users log into their Intranet site, and then have their users click a link on their Intranet which redirects to our application and logs them into it automatically. I've had two suggestions on how to implement this so far: Create a URL which takes 2 parameters (which are "username" and "password") and have the Intranet site pass those parameters to us (our connection is via TLS so it's all encrypted). This would work fine, but it seems a little "hacky", and also means that the logins and passwords have to be the same on both systems (and having to write some kind of web service which can update the passwords for users - which also seems a bit insecure) Provide a token to the Intranet, so when the client clicks on a link on the Intranet, it sends the token to us, along with the user name (and no password) which means they're authenticated. Again, this sounds a bit hacky as isn't that essentially the same as providing everyone with the same password to log in? So to summarise, I'm after the following things: A way for the users who are already authenticated on the Intranet to log into our system without too much messing around, and without using an external system to authenticate, i.e. LDAP / Kerberos Something which isn't too specific to this client, and can easily be implemented by other Intranets to log in

    Read the article

  • _mask and Rails

    - by Eric Koslow
    So I am trying to get the cancan gem to work with my rails 3 app and I've hit a problem. I tried to copy the code that Ryan Bates (the creator of the gem) used in his screen cast, but I get an error saying that roles_mask is not a method. I figure that the _mask method was removed from Ruby/Rails at some point, and I'm now wondering what is the replacement. Here's the code in my user.rb model: named_scope :with_role, lambda { |role| {:conditions => "roles_mask & #{2**ROLES.index(role.to_s)} > 0 "} } ROLES = %w[admin student principal admissions] def roles=(roles) self.roles_mask = (roles & ROLES).map { |r| 2**ROLES.index(r) }.sum end def roles ROLES.reject { |r| ((roles_mask || 0) & 2**ROLES.index(r)).zero? } end def role? roles.include? role.to_s end def role_symbols roles.map(&:to_sym) end I'm using Rails 3 and Ruby 1.9.2dev Thank you

    Read the article

  • How do you override the WCF AuthenticationService IsLoggedIn() method?

    - by Ryan Riley
    I have three current thoughts on how to do this: re-implement AuthenticationService, which uses lots of internal constructors and internal helpers, implement custom IIdentity and IPrincipal types and somehow hook these into FormsAuthentication. give up and roll my own. The problem is that we've got web apps and fat client apps using authentication and storing cookies. However, logging out of a web app does not log out of a fat client app, and we have now way of forcing a refreshed cookie, atm.

    Read the article

  • How does IPrincipal gets its roles?

    - by abatishchev
    I need to get know how SiteMapProvider.IsAccessibleToUser() works. Built-in XmlSiteMapProvider calls HttpContext.User.IsInRole() which uses System.Security.Principal.GenericPrincipal in case of forms authentication. Where does the current user gets its roles? Which provider loads this kind of information? I want to overload it and use custom logic.

    Read the article

  • SharePoint Groups\Roles using FBA

    - by Itay
    Hi All, I'm running an FBA web app, having 2 Site collections. Currently I have a SharePoint group in one site collection, and I would like to assign permission to that group in the other site collection. Since SharePoint groups are site scoped, I thought using FBA roles.. Any words on how to do this, or if this it the recommended way? Thanks.

    Read the article

  • How to authenticate WCF calls using forms authentication and secutity

    - by Fixer
    I'm planning a set up for a distributed application that spans serveral machines and will use WCF to send data in between. Machine A Front end website http://www.site.com Password protected site using Forms Authentication Machine B WCF Application Service http://service1.site.com/DoSomething.svc Machine C WCF Application Service http://service2.site.com/DoSomething.svc The WCF services on Machine B and Machine C should check that the request from Machine A has been authenticated. How can i check that the request is authenticated across the different machines? I only care that the request is authenticated and not concerned about securing the message body (because we are not sending any sensitive data across the wire), so SSL is not required. What authentication methods can i use for the above scenario?

    Read the article

  • How can I throttle user login attempts in PHP

    - by jasondavis
    I was just reading this post http://stackoverflow.com/questions/549/the-definitive-guide-to-website-authentication-beta#477585 on Preventing Rapid-Fire Login Attempts. Best practice #1: A short time delay that increases with the number of failed attempts, like: 1 failed attempt = no delay 2 failed attempts = 2 sec delay 3 failed attempts = 4 sec delay 4 failed attempts = 8 sec delay 5 failed attempts = 16 sec delay etc. DoS attacking this scheme would be very impractical, but on the other hand, potentially devastating, since the delay increases exponentially. I am curious how I could implement something like this for my login system in PHP?

    Read the article

  • PrincipalPermission - roles seperate from permissions

    - by Leblanc Meneses
    I've been using PrincipalPermission for a while in wcf services. [PrincipalPermission(SecurityAction.Demand, Role = SecurityRoles.CanManageUsers)] although now i have a requirement to simplify roles by business unit. - currently aspnet_roles has fine grained can* permissions. Here is my approach and wanted to see if anyone can provide feedback, code review before i implement my suggestion. 1) aspnet_roles - business unit role 2) create permission table and Role_Permission table and User_Permission table (many to many) 3) create custom CodeAccessSecurityAttribute + that looks at new tables [CustomPermissionCheck(Security.Demand, HasPermission="can*")] first iteration i'll statically new the dependent repository.. ideally i would like an aop style attribute that has repository injected IPermissionRepository.HasPermission(...); If i approach new aop way i probably will stop inheriting from CodeAccessSecurityAttribute -- what do the security guys have to say about this? has anyone else solved this, is there something in the framework that i've missed?

    Read the article

  • Using JavaScript eval to parse JSON

    - by Quandary
    Question: I'm using eval to parse a JSON return value from one of my WebMethods. I prefer not to add jquery-json because the transfer volume is already quite large. So I parse the JSON return value with eval. Now rumors go that this is insecure. Why ? Nobody can modify the JSOn return value unless they hack my server, in which case I would have a much larger problem anyway. And if they do it locally, JavaScript only executes in their browser. So I fail to see where the problem is. Can anybody shed some light on this, using this concrete example? function OnWebMethodSucceeded(JSONstrWebMethodReturnValue) { var result=eval('(' + JSONstrWebMethodReturnValue + ')') ... // Adding result.xy to a table }

    Read the article

  • What are best practices for securing the admin section of a website?

    - by UpTheCreek
    I'd like to know what people consider best practice for securing the Admin sections of websites, specifically from an authentication/access point of view. Of course there are obvious things, such as using SSL and logging all access, but I'm wondering just where above these basic steps people consider the bar to be set. For example: Are you just relying on the same authentication mechanism that you use for normal users? If not, what? Are you running the Admin section in the same 'application domain'? What steps do you take to make the admin section undiscovered? (or do you reject the while 'obscurity' thing)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 40 41 42 43 44 45 46 47 48 49 50 51  | Next Page >