Search Results

Search found 6525 results on 261 pages for 'restful authentication'.

Page 45/261 | < Previous Page | 41 42 43 44 45 46 47 48 49 50 51 52  | Next Page >

  • Replacing mysql user authentication with openid

    - by David
    So, I'm working with a really old system which uses a person's mysql database credentials to authenticate to a web site (the database was originally only accessed from the command line, but is now accessed from a php frontend). Because of some internal reasons (and to preserve the user's history), I have to leave the old authentication intact. I've been charged with adding openid authentication to this system. Somehow I need to be able to retrieve a users mysql username and password upon logging into the site through openid (using the Zend framework, by the way). I've thought of simply requiring registration at the first login, where the user must provide their mysql credentials, but I'd rather not store the password plain text. I've also considered blanking everyone's mysql passwords, and just setting the user's mysql username manually (rather than having the user provide this, since they could provide any username). This is turning into a security nightmare. Does anyone have any suggestions for alternatives? This is running on a Linux server, by the way. Also, I can't use mysql pluggable authentication because the mysql version is 5.0 (pluggable authentication requires mysql 5.5), and no, I can't update it.

    Read the article

  • How do I grant anonymous access to a url using FormsAuthentication?

    - by Brian Bolton
    For the most part, my webapp requires authentication to do anything. There are a few pages, namely the homepage, that I'd like people to be able to access without authenticating. Specifically, I'd like to allow anonymous access to these urls: /home /default.aspx I'm using asp.net MVC and FormsAuthentication. Both urls point to the same view: /home/index.aspx Here is my current configuration in web.config. <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> <authorization> <deny users="?" /> </authorization> Reading the documentation for the authorization tag, it says "Configures the authorization for a Web application, controlling client access to URL resources." It seems like I should be able to use the authorization tag to specify a url and allow access. Something like: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> <authorization> <deny users="?" /> </authorization> <authorization url="/default.aspx"> <allow users="?" /> </authorization> <authorization url="/home"> <allow users="?" /> </authorization>

    Read the article

  • Consuming SharePoint Web Services fails when behind Proxy server

    - by Jan Petersen
    Hi All, I've seen a number of post about consuming Web Services from behind a proxy server, but none that seams to address this problem. I'm building a desktop application, using Java, JAX-WS in NetBeans. I have a working prototype, that can query the server for authentication mode, successfully authenticate and retrieve a list of web site. However, if I run the same app from a network that is behind a proxy server (the proxy does not require authentication), then I'm running into trouble. The normal -dhttp.proxyHost ... settings does not seam to help any. But I have found that by creating a ProxySelector class and setting it as default, I can regain access to the authentication web service, but I still can't retrieve the list of web sites from the SharePoint server. Anyone have any experience on how to make this work? I have put the source text java class files of a demo app up, showing the issue at the following urls (it's a bit to long even in the short demo form to post here). link text When running the code from a network behind a proxy server, I successfully retrieve the Authentication mode from the server, but the request for the Web Site list generates an exception originating at: com.sun.xml.internal.ws.transport.http.client .HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:201) The output from the source when no proxy is on the network is listed below: Successfully retrieved the SharePoint WebService response for Authentication SharePoint authentication method is: WINDOWS Calling Web Service to retrieve list of web site. Web Service call response: -------------- XML START -------------- <Webs xmlns="http://schemas.microsoft.com/sharepoint/soap/"> <Web Title="Collaboration Lab" Url="http://host.domain.com/collaboration"/> <Web Title="Global Data Lists" Url="http://host.domain.com/global_data_lists"/> <Web Title="Landing" Url="http://host.domain.com/Landing"/> <Web Title="SharePoint HelpDesk" Url="http://host.domain.com/helpdesk"/> <Web Title="Program Management" Url="http://host.domain.com/programmanagement"/> <Web Title="Project Site" Url="http://host.domain.com/Project Site"/> <Web Title="SharePoint Administration Tools" Url="http://host.domain.com/admin"/> <Web Title="Space Management Project" Url="http://host.domain.com/spacemgmt"/> </Webs> -------------- XML END -------------- Br Jan

    Read the article

  • Authenticate sites with different domain names using the Facebook API

    - by Onema
    We have a CMS that supports multiple sites, one of our features allows our users (The site admin) to connect to the site facebook account to allow status updates, create events and upload pictures to FB from with in the CMS. The authentication needs to occur once since each site may have multiple site admins that do not have access to the site FB user name and password. We use iframe and authenticate using $facebook-require_login() which redirects the user to the FB login and authentication pages. All this works just fine but when the user hits "Allow" the authentication will break as it will only redirect to whatever is in the "Post-Authorize Redirect URL" field making the app obsolete for any other domain except the one in the "Post-Authorize Redirect URL" I know other API's authentication methods like in Vimeo and YouTube will allow you to specify a NEXT parameter which is the equivalent of the "Post-Authorize Redirect URL" and it can be set at run time. How can I make this work for multiple domain names? Any hints on this issue will be of great help

    Read the article

  • ReturnUrl = Default.aspx for MVC?

    - by Cynthia
    I'm trying to secure my entire MVC site, so before the Home controller, I added an [Authorize] attribute. Now if you run it from Visual Studio or navigate using the root URL (e.g. http://localhost:2897) it does redirect to the login page, as expected. However the URL in the address bar after redirection looks like this: http://localhost:2897/Account/LogOn?ReturnUrl=%2fdefault.aspx%3f I haven't tested this out, seeing as I have not implemented my authentication code. However, this looks like a big problem to me, since I do not have a default.aspx in my project! My authentication tag in the web.config looks like this: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" defaultUrl="~/Home/Index" timeout="2880"/> </authentication> Why doesn't it pick up this route as the default ReturnUrl instead of default.aspx?

    Read the article

  • REST API unauthenticated requests exception based on the User-Agent

    - by Shay Tsadok
    Hi All, I am developing a REST API that supports two kinds of authentication protocols: login form authentication - for browser based clients. Simple Basic authentication - for non-browser clients. I developed a flow in which unauthenticated requests redirected to the "login form", the problem is that this is an undesired behavior for non-borwser clients! I thought to solve it by decide according to the "User-Agent" what to do: browsers will be redirected to the "login form" and non-browser clients will get the standard 401:Basic Authentication. A. What do you think about this solution? B. Is there a standard way in Java to check if the request came from browser, or do i need to develop this kind of mechanism by my own? Thanks in advance!

    Read the article

  • CSRF protection and cross site form access

    - by fl00r
    Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

    Read the article

  • How do I ensure my C# software can access the internet in a Citrix + ISA environment?

    - by TomFromThePool
    Hi everyone, A client recently informed us that deployment of our software in their environment has failed due to a proxy error when the software attempts to access the internet. The client has a combination of Citrix and Microsoft's ISA server. The software allows the use of a proxy and the ability to manually enter authentication information, or automatically retrieve the current system proxy settings. The error returned is the standard 407 authentication error, but the client assures us that they have entered the authentication information required. They have also shown us the snippet of the ISA error logs which identify the client as Anonymous and the authentication protocol as Basic. I have a few questions I suppose: How should I go about dealing with the ISA server in my code? I have no real experience with this environment and am assuming that the ISA server is treated like any other proxy. If I am mistaken, what should I be doing? Does ISA allow the administrator to disallow specific authentication protocols - and if this is the case and 'Basic' auth is disallowed, would it still return a 407 error? Could the Citrix environment have caused this issue? Is there any particular way to ensure that my software will work in such an environment? Code-samples would be much appreciated. I have neither a Citrix test server or an ISA server at my disposal to carry out testing on this so I am currently trying to identify possible causes before I make the case for investment in a more robust testing environment. Thanks for any help!

    Read the article

  • CSRF protecting and cross site form access

    - by fl00r
    Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

    Read the article

  • Understanding REST: is GET fundamentally incompatible with any "number of views" counter?

    - by cocotwo
    I'm trying to understand REST. Under REST a GET must not trigger something transactional on the server (this is a definition everybody agrees upon, it is fundamental to REST). So imagine you've got a website like stackoverflow.com (I say like so if I got the underlying details of SO wrong it doesn't change anything to my question), where everytime someone reads a question, using a GET, there's also some display showing "This question has been read 256 times". Now someone else reads that question. The counter now is at 257. The GET is transactional because the number of views got incremented and is now incremented again. The "number of views" is incremented in the DB, there's no arguing about that (for example on SO the number of time any question has been viewed is always displayed). So, is a REST GET fundamentally incompatible with any kind of "number of views" like functionality in a website? So should it want to be "RESTFUL", should the SO main page either stop display plain HTML links that are accessed using GETs or stop displaying the "this question has been viewed x times"? Because incrementing a counter in a DB is transactional and hence "unrestful"? EDIT just so that people Googling this can get some pointers: From http://www.xfront.com/REST-Web-Services.html : 4. All resources accessible via HTTP GET should be side-effect free. That is, the request should just return a representation of the resource. Invoking the resource should not result in modifying the resource. Now to me if the representation contains the "number of views", it is part of the resource [and in SO the "number of views" a question has is a very important information] and accessing it definitely modifies the resource. This is in sharp contrast with, say, a true RESTFUL HTTP GET like the one you can make on an Amazon S3 resource, where your GET is guaranteed not to modify the resource you get back. But then I'm still very confused.

    Read the article

  • Spring 3 Security Authentication Success Handler

    - by Eqbal
    I am using form-login for security and I am trying to implement an authentication success handler, but I am not sure how to go back to the resource that was initially requested before the login process. By default I think it implements a SimpleUrlAuthenticationSuccessHandler and I tried to mirror that class implementation. But it sets a setDefaultTargetUrl(defaultTargetUrl) and perhaps thats where the magic happens that it remembers the resource to go back to after the login process. Any help is greatly appreciated. Below is my spring security <form-login/> element <form-login login-page="/login.jsp" login-processing-url="/b2broe_login" authentication-success-handler-ref="passwordExpiredHandler" authentication-failure-url="/login.jsp?loginfailed=true" />

    Read the article

  • How to call windows authentication programmatically in sharepoint?

    - by HamdiKavak
    Hi guys, Here is my scenario. When anonymous user visits site collection's default site, custom login form panel is shown. This form is a webUserControl(.ascx file) that is embeded into page as webpart. Then user enters username and password. When submit button has been clicked, authentication will be handled by code behind of custom login form panel. Here is my question. How can I call SharePoint's authentication method with the username and password that is entered by user. Simply, I want users to login through my custom login form panel because default windows authentication window is looking really bad.

    Read the article

  • Hostgator SSH returns Too many authentication failures for username

    - by Tri Nguyen
    I was trying to ssh into my Hostgator shared hosting account following this guide: http://support.hostgator.com/articles/getting-started/how-do-i-get-and-use-ssh-access However, it returns this error: Received disconnect from 96.125.167.124: 2: Too many authentication failures for tridn I tried to search around for a solution, and found this: http://www.ipreferjim.com/2011/07/hostgator-ssh-warns-too-many-authentication-failures/ I tried doing what he suggested, but encountered another error: jailshell: .ssh/authorized_keys: No such file or directory So I ssh into my server using the PubkeyAuthentication=n flag, and create a directory called .ssh and a file called authorized_keys. I then redid what was suggested in the article, which is this: cat ~/.ssh/hostgator.pub | ssh -p 2222 -o PubkeyAuthentication=no [email protected] 'cat >> .ssh/authorized_keys' (note: my ssh key is called hostgator.pub. it's dsa I verified that the authorized_keys now has the content of this key. However, it still get the same error as before: eceived disconnect from 96.125.167.124: 2: Too many authentication failures for tridn Anybody knows how I should proceed next?

    Read the article

  • Use gmail domain account with IMAP authentication with SAML authentication not working...

    - by mscd000
    I have a python script that interfaces gmail accounts and allows searches, etc. This works on normal emails (ending on @gmail.com) but not on domain accounts. In this case authentication is done via SAML, and IMAP is enabled on the gmail domain account... The instructions from google on how to configure IMAP only seem to work for @gmail.com accounts... I've tried authentication to IMAP using user, user@admin and using host: imap.gmail.com as well as my domain's email and authentication is not working.... is there a specific 'host' from gmail for domain accounts? other way to get imap on gmail domain accounts? Thanks, Rodolfo

    Read the article

  • VisualSVN Server + Trac Authentication Problems

    - by danscott
    I have Trac set up on my VisualSVN server (using Subversion authentication), however every time I navigate to the Trac home page after opening the browser, I get the basic authentication dialog asking me for my username/password. What I would like to do is have a login form in Trac, which would allow me to log in forever using cookies. I have tried installing the AccountManagerPlugin, but I am completely unsure of how to correctly set it up. (I am used to working with IIS on corporate intranets, so this is kind of alien to me) I have managed to bypass the basic authentication dialog by setting this in my httpd-custom.conf: AuthName "Trac" AuthType Basic AuthBasicProvider file AuthUserFile "E:/Repositories/htpasswd" #Require valid-user I have tried using SvnServePasswordStore as my password store but I do not know which of the files in the repository directory to point it at. Help would be appreciated!

    Read the article

  • Unrecognized authentication type when doing an Auth to Exchange from Rails

    - by blakeage
    I'm getting this error when trying to authenticate with Exchange Server from Ruby on Rails: 504 5.7.4 Unrecognized authentication type config.action_mailer.raise_delivery_errors = true config.action_mailer.perform_deliveries = true config.action_mailer.delivery_method = :smtp config.action_mailer.smtp_settings = { :address => "x.x.x.x", :port => 25, :user_name => "xxdomain\xxuser", :password => "xxxxxx", :authentication => :login, :enable_starttls_auto => true } I've tried all sorts of combinations of configuration settings, including changing the settings to use "plain" authentication, adding the domain, setting enable_starttls_auto to true, false, and removing it entirely, removing the port. Nothing has worked. Any ideas?

    Read the article

  • Windows Vista and 7 crossrealm authentication MIT Kerberos

    - by fox8
    I'm using Windows Server 2008 and Windows Vista and 7 for cross realm authentication using MIT Kerberos 1.6 but when i try to login with a user the KDC answers: (wireshark output) error_code: KRB5KDC_ERR_ETYPE_NOSUPP (14) ... e-text: BAD_ENCRYPTION_TYPE I want to know how can I change the encryption type method to be compatible with the KDC (i tried a XP client and it worked fine). Many thanks!

    Read the article

  • FreeNAS and AD authentication on Windows 2008 R2

    - by FrancisV
    Has anyone successfully used AD authentication using the latest version of FreeNAS with Windows 2008 R2 domain controllers? I wanted to use FreeNAS to host files and share them via CIFS but I couldn't make FreeNAS authenticate with a Windows 2008 R2 domain controller. Ultimately, the new CIFS shares will be referenced in the DFS namespace that we already have running on Windows 2008 R2 servers. Any tip you can share with me?

    Read the article

  • Solaris ldap Authentication

    - by Tman
    Hi everyone Iv been having a trouble trying to get my Solaris 10 server to authenticate against an eDir server.im managed to Set up my linux(RHeL,SLES) servers to authenticate against the ldap Server.which works fine. Here is my configuration Files. ldapclient list: NS_LDAP_FILE_VERSION= 2.0 NS_LDAP_BINDDN= cn=proxyuser,o=AEDev NS_LDAP_BINDPASSWD= {NS1}ecfa88f3a945c22222233 NS_LDAP_SERVERS= 192.168.0.19 NS_LDAP_SEARCH_BASEDN= ou=auth,o=AEDev NS_LDAP_AUTH= simple NS_LDAP_SEARCH_SCOPE= sub NS_LDAP_CACHETTL= 0 NS_LDAP_CREDENTIAL_LEVEL= anonymous NS_LDAP_SERVICE_SEARCH_DESC= group:ou=Groups,ou=auth,o=AEDev NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=users,ou=auth,o=AEDev?sub?objectClass=shadowAccount NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=auth,o=AEDev?sub?objectClass=posixAccount NS_LDAP_BIND_TIME= 10 NS_LDAP_SERVICE_AUTH_METHOD= pam_ldap:simple getent passwd works fine: root:x:0:0:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: lp:x:71:8:Line Printer Admin:/usr/spool/lp: uucp:x:5:5:uucp Admin:/usr/lib/uucp: nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico smmsp:x:25:25:SendMail Message Submission Program:/: listen:x:37:4:Network Admin:/usr/net/nls: gdm:x:50:50:GDM Reserved UID:/: webservd:x:80:80:WebServer Reserved UID:/: postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh svctag:x:95:12:Service Tag UID:/: nobody:x:60001:60001:NFS Anonymous Access User:/: noaccess:x:60002:60002:No Access User:/: nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/: tlla:x:2012:100::/home/tlla: test:x:2011:100::/home/test: thato:x:2010:100::/home/thato: pam.conf login auth sufficient pam_unix_auth.so.1 #server_policy login auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass login auth required pam_dial_auth.so.1 rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth sufficient pam_unix_auth.so.1 rlogin auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 rsh auth sufficient pam_unix_auth.so.1 #server_policy rsh auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_cred.so.1 other auth sufficient pam_unix_auth.so.1 other auth sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass passwd auth required pam_passwd_auth.so.1 passwd auth sufficient pam_unix_auth.so.1 ssh account sufficient pam_unix.so.1 ssh account sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass other account requisite pam_roles.so.1 other account sufficient pam_unix_account.so.1 other account sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 other password sufficient pam_unix.so.1 other password sufficient /usr/lib/security/pam_ldap.so.1 try_first_pass Local Authentication Works But LDAP Authentication Doesn't Work.

    Read the article

  • Windows Vista and 7 crossrealm authentication MIT Kerberos

    - by fox8
    I'm using Windows Server 2008 and Windows Vista and 7 for cross realm authentication using MIT Kerberos 1.6 but when i try to login with a user the KDC answers: (wireshark output) error_code: KRB5KDC_ERR_ETYPE_NOSUPP (14) ... e-text: BAD_ENCRYPTION_TYPE I want to know how can I change the encryption type method to be compatible with the KDC (i tried a XP client and it worked fine). (posted this yesterday on superuser, but I guess this is more a serverfault question) Can anyone help me on this ? Many thanks!

    Read the article

  • Can radius interact with pptp beyond authentication?

    - by Joe
    I've managed to setup pptp to use Radius authentication - making it much easier to manage users in an sql database than the default password file. However, ideally I'd like to be able to get the status of these users and disconnect/manage them as Radius allows - is this possible? If so, could you elaborate and point me in the right direction? All help is much appreciated! Edit I am personally using Debian and the standard aptitude packages for pptp and FreeRADIUS.

    Read the article

  • Email: X-Authentication-Warning

    - by stef
    We're sending out 1000's of mails per day from our site (mainly "click here to verify your subscription") and too many are getting flagged by spam (mainly hotmail). One of the things I noticed in the headers is X-Authentication-Warning: srv01.site.com: www-data set sender to [email protected] using -f Is this something I should be worried about, that may cause spam flags to raise? (I'm already checking various issues that have been mentioned regarding spam flagging over at stackoverflow, I know there are many factors in play)

    Read the article

< Previous Page | 41 42 43 44 45 46 47 48 49 50 51 52  | Next Page >