Search Results

Search found 15558 results on 623 pages for 'basic authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 473/623 | < Previous Page | 469 470 471 472 473 474 475 476 477 478 479 480  | Next Page >

  • List the root contexts in LDAP

    - by Lennart Schedin
    I would like to list or search the root context(s) in a LDAP tree. I use Apache Directory Server and Java: Hashtable<String, String> contextParams = new Hashtable<String, String>(); contextParams.put("java.naming.provider.url", "ldap://localhost:10389"); contextParams.put("java.naming.security.principal", "uid=admin,ou=system"); contextParams.put("java.naming.security.credentials", "secret"); contextParams.put("java.naming.security.authentication", "simple"); contextParams.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory"); DirContext dirContext = new InitialDirContext(contextParams); NamingEnumeration<NameClassPair> resultList; //Works resultList = dirContext.list("ou=system"); while (resultList.hasMore()) { NameClassPair result = resultList.next(); System.out.println(result.getName()); } //Does not work resultList = dirContext.list(""); while (resultList.hasMore()) { NameClassPair result = resultList.next(); System.out.println(result.getName()); } I can list the sub nodes of ou=system. But I cannot list the sub nodes of the actual root node. I would like to have this list just like Apache Directory Studio can:

    Read the article

  • WCF Service Impersonation

    - by robalot
    Good Day Everyone... Apparently, I'm not setting-up impersonation correctly for my WCF service. I do NOT want to set security on a method-by-method basis (in the actual code-behind). The service (at the moment) is open to be called by everyone on the intranet. So my questions are… Q: What web-config tags am I missing? Q: What do I need to change in the web-config to make impersonation work? The Service Web.config Looks Like... <configuration> <system.web> <authorization> <allow users="?"/> </authorization> <authentication mode="Windows"/> <identity impersonate="true" userName="MyDomain\MyUser" password="MyPassword"/> </system.web> <system.serviceModel> <services> <service behaviorConfiguration="wcfFISH.DataServiceBehavior" name="wcfFISH.DataService"> <endpoint address="" binding="wsHttpBinding" contract="wcfFISH.IFishData"> <identity> <dns value="localhost"/> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="wcfFISH.DataServiceBehavior"> <serviceMetadata httpGetEnabled="false"/> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> </configuration>

    Read the article

  • WSE 3.0 crashes when ClearHeaders is called

    - by Daniel Enetoft
    Hi! I'm developing a client-server application in c# using WSE web-service. One of the things that the user can do is send jpg images to the server for backup via the web-service. Recently strange errors have occurred. This does not happen for all users, just a few. On the client side the exception is a System.Net.WebException Exception message: The operation has timed out and on the server the following warning is found in the event viewer: Exception information: Exception type: HttpException Exception message: Server cannot clear headers after HTTP headers have been sent. Request information Request URL: MyUrl/Service.asmx Request path: /MyWebService/Service.asmx User host address: ------- User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 7 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: False Stack trace: at System.Web.HttpResponse.ClearHeaders() at System.Web.Services.Protocols.SoapServerProtocol.WriteException(Exception e, Stream outputStream) at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing) at System.Web.Services.Protocols.WebServiceHandlerFactory.CoreGetHandler(Type type, HttpContext context, HttpRequest request, HttpResponse response) Does anyone have an idea where this error can come from? I have already tried to raise the "maxRequestLength" in web.config to 16Mb but this doesn't fix it. Regards /Daniel

    Read the article

  • Can't connect to SQL Server 2008 - looks like Shared Memory problem

    - by Proposition Joe
    I am unable to connect to my local instance of SQL Server 2008 Express using SQL Server Management Studio. I believe the problem is related to a change I made to the connection protocols. Before the error occurred, I had Shared Memory enabled and Named Pipes and TCP/IP disabled. I then enabled both Named Pipes and TCP/IP, and this is when I started experiencing the problem. When I try to connect to the server with SSMS (with either my SQL server sysadmin login or with windows authentication), I get the following error message: A connection was successfully established with the server, but then an error occurred during the login process. (provider: Named Pipes Provider, error: 0 - No process is on the other end of the pipe.) (Microsoft SQL Server, Error: 233) Why is it returning a Named Pipes error? Why would it not just use Shared Memory, as this has a higher priority order in the list of connection protocols? It seems like it is not listening on Shared Memory for some reason? When I set Named Pipes to enabled and try to connect, I get the same error message. My windows account is does not have administrator priviliges on my computer - perhaps this is making a difference in some way (as some of the discussions in this post about an "SuperSocketNetLib\Lpc" registry key seems to suggest).

    Read the article

  • How do I create a C# .NET Web Service that Posts items to a users Facebook Wall?

    - by Jourdan
    I'm currently toying around with the Clarity .NET Facebook API but am finding certain situations with authentication to be kind of limiting. I keep going through the tutorials but always end up hitting a brick wall with what I want to do. Perhaps I just cannot do it? I want to make a Web Service that takes in the require credentials (APIKey, SecretKey, UsersId (or Session Key?) and whatever else I would need), and then do various tasks: Post to users wall, add events etc. The problem I am having is this: The current documentation, examples and support provide a way to do this within the context of a Web site. Within this context, the required "connect" popup can be initiated and allow the user to authenticate and and connect the application. From that point on the Web can go on with its business to do what it needs to do. If I close the browser and come back to the page, I have to push the connect button again. Except this time, since I was already logged into facebook, I don't have to go through the whole connection process. But still ... How do applications like Tweetdeck get around this? They seemingly have you connect once, when you install their application, and you don't have to do it again. I would assume that this same idea would have to applied towards making a web service because: You don't know what context the user is in when making the Web service call. The web service methods being called could be coming from a Windows Form app, or code behind in a workflow.

    Read the article

  • Terrible DotNetNuke performance

    - by Peter Bridger
    I'm involved with a project using DotNetNuke version 05.01.04 Community Edition. We are building our new Intranet using it, but performance is terrible. We have five people adding pages and content to it and every 15-30 seconds they experience a pause of 10 seconds or longer before the system continues and the next screens loads. The server is Windows 2003, 3.8GHz with 1GB of RAM. I'm told by our server admin that the CPU and memory performance don't appear to be the bottleneck. We currently have 350 pages in the system, we a plan to add 1000. So we need to resolve this performance problem so that we can enter content and so we can go live. I just can't see where the bottleneck is. Is there a good why to determine the bottleneck when using DotNetNuke? Modules installed Publish:Engage (Not currently in use) Page Blaster (Doesn't appear to providing caching when users logged in using Integrated Authentication) SimpleGallery XMod Content Manager IIS Setup Application recycling completely disabled (Apart from a 2am recycle) New findings: 18th March 2010 The main bottleneck was due to version 5.1.4 having a bug which caused 1300 database roundtrips on an average page, due to broken database in-memory caching. We've upgraded to 5.2.4 which has resolved this bottleneck. Now the next biggest bottleneck is the navigation. We've used both DDR:Menu and DDN:Nav, but both have a major impact on performance. Is there a navigation interface out there that doesn't drain performance so badly?

    Read the article

  • File permissions with FileSystemObject - CScript.exe says one thing, Classic ASP says another...

    - by Dylan Beattie
    I have a classic ASP page - written in JScript - that's using Scripting.FileSystemObject to save files to a network share - and it's not working. ("Permission denied") The ASP page is running under IIS using Windows authentication, with impersonation enabled. If I run the following block of code locally via CScript.exe: var objNet = new ActiveXObject("WScript.Network"); WScript.Echo(objNet.ComputerName); WScript.Echo(objNet.UserName); WScript.Echo(objNet.UserDomain); var fso = new ActiveXObject("Scripting.FileSystemObject"); var path = "\\\\myserver\\my_share\\some_path"; if (fso.FolderExists(path)) { WScript.Echo("Yes"); } else { WScript.Echo("No"); } I get the (expected) output: MY_COMPUTER dylan.beattie MYDOMAIN Yes If I run the same code as part of a .ASP page, substituting Response.Write for WScript.Echo I get this output: MY_COMPUTER dylan.beattie MYDOMAIN No Now - my understanding is that the WScript.Network object will retrieve the current security credentials of the thread that's actually running the code. If this is correct - then why is the same user, on the same domain, getting different results from CScript.exe vs ASP? If my ASP code is running as dylan.beattie, then why can't I see the network share? And if it's not running as dylan.beattie, why does WScript.Network think it is?

    Read the article

  • Sharing session state between 2 ASP.NET applications using SQL Server

    - by Dave
    Hi I'm working on a site that has a requirement to share session between a cms application and an online store application on the same domain eg. mydomain.com and store.mydomain.com I've made some progress with it and it works on my local build between localhost/cms and localhost/store Basically I have done what is suggested in this article http://blogs.msdn.com/toddca/archive/2007/01/25/sharing-asp-net-session-state-across-applications.aspx and hacked the TempGetAppID Stored Procedure to return the same application id (1). This appears to work as it creates sessions with ids like 'abv5d2urx1asscfwuzw3wp4500000001', which is what I'd expect. My issue is that when I deploy it to our testing environment, it creates a new session when I navigate between the 2 sites. So when I start a session on the cms site, if I navigate to the store, it creates a new session. These are set up as 2 different websites in IIS7. In the web.config files for both sites, the and elements are both the same and are as follows (minus sensitive information) Has anyone got an ideas why this might not be working? I am sharing Forms Authentication across the 2 sites and that works fine. Any help or ideas would be greatly appreciated! Many thanks Dave

    Read the article

  • Apache2: mod_wsgi or mod_python, which one is better?

    - by Algorist
    Hi, I am planning to write web service in python. But, I found wsgi also does the similar thing. Which one can be preferred? Thank you Bala Update I am still confused. Please help. Better in my sense means: 1. Bug will be fixed periodically. 2. Chosen by most developers. 3. Additional features like authentication tokens like AWS, can be supported out of the box. 4. No strong dependency on version.( I see that wsgi requires python 2.6) 5. All python libraries will work out of the box. 6. Scalable in the future. 7. Future upgrade don't cause any issues. With my limited experience, I want these features. There might be some I might be missing. Thanks Bala Update I am sorry for all the confusion caused. I just want to expose a restful web services in python language. Is there a good framework?

    Read the article

  • ASP.NET MembershipProvider and StructureMap

    - by Ben
    I was using the default AspNetSqlMembershipProvider in my application. Authentication is performed via an AuthenticationService (since I'm also supporting other forms of membership like OpenID). My AuthenticationService takes a MembershipProvider as a constructor parameter and I am injecting the dependency using StructureMap like so: For<MembershipProvider>().Use(Membership.Provider); This will use the MembershipProvider configured in web.config. All this works great. However, now I have rolled my own MembershipProvider that makes use of a repository class. Since the MembershipProvider isn't exactly IoC friendly, I added the following code to the MembershipProvider.Initialize method: _membershipRepository = ObjectFactory.GetInstance<IMembershipRepository>(); However, this raises an exception, like StructureMap hasn't been initialized (cannot get instance of IMembershipRepository). However, if I remove the code and put breakpoints at my MembershipProvider's initialize method and my StructureMap bootstrapper, it does appear that StructureMap is configured before the MembershipProvider is initialized. My only workaround so far is to add the above code to each method in the MembershipProvider that needs the repository. This works fine, but I am curious as to why I can't get my instance in the Initialize method. Is the MembershipProvider performing some internal initialization that runs before any of my own application code does? Thanks Ben

    Read the article

  • authlogic in Rails

    - by Adnan
    Hello, I am using the authlogic gem for authentication. I have followed the steps at: http://railscasts.com/episodes/160-authlogic I have the following code: # config/environment.rb config.gem "authlogic" # models/user.rb acts_as_authentic # users_controller.rb def create @user = User.new(params[:user]) if @user.save flash[:notice] = "Registration successful." redirect_to root_url else render :action => 'new' end end def edit @user = current_user end def update @user = current_user if @user.update_attributes(params[:user]) flash[:notice] = "Successfully updated profile." redirect_to root_url else render :action => 'edit' end end # user_sessions_controller.rb def create @user_session = UserSession.new(params[:user_session]) if @user_session.save flash[:notice] = "Successfully logged in." redirect_to root_url else render :action => 'new' end end def destroy @user_session = UserSession.find @user_session.destroy flash[:notice] = "Successfully logged out." redirect_to root_url end # application_controller.rb filter_parameter_logging :password helper_method :current_user private def current_user_session return @current_user_session if defined?(@current_user_session) @current_user_session = UserSession.find end def current_user return @current_user if defined?(@current_user) @current_user = current_user_session && current_user_session.record end # config/routes.rb map.login "login", :controller => "user_sessions", :action => "new" map.logout "logout", :controller => "user_sessions", :action => "destroy" I got it all working, except I would like to have a user_id in session so I can track which user posted which post, where should I set it?

    Read the article

  • XML RPC c# Call returns array of strings and int

    - by chillconsulting
    I'm doing an XML RPC call in ASP.net with c# and the call returns an Array called userinfo with strings and integers in it and I can't seem to figure out how to parse the data and put it into string and int objects... The only thing that compiles is if I make it an Object in the struct. The int returns fines and is referenced easily. Any help would be appreciated - this is what I got. public Page_Load(object sender, EventArgs e){ IValidateSSO proxy = XmlRpcProxyGen.Create<IValidateSSO>(); UserInfoSSOValue ret2 = proxy.UserInfoSSO(ssoAuth, ssoValue); int i = ret2.isonid; } public struct UserInfoSSOValue { public Object userinfo; public int isonid; } [XmlRpcUrl("host")] public interface IValidateSSO : IXmlRpcProxy { [XmlRpcMethod("sso.session_userinfo")] UserInfoSSOValue UserInfoSSO(string ssoauth, string sid); } Here is what the xml rpc calls returns (I know it's in php... I'm trying to implement in c#): sso.session_userinfo(string $ssoauth, string $sid) string $ssoauth - authentication string (assigned by ONID support) string $sid - sid to get info on Returns: Array ( [userinfo] => Array ( [lastname] => College [expire_time] => 1118688011 [osuuid] => 12345678901 [sid_length] => 3600 [ip] => 10.0.0.1 [sid] => WiT7ppAEUKS3rJ2lNz3Ue64sGPxnnLL0 [username] => collegej [firstname] => Joe [fullname] => College, Joe Student [email] => [email protected] [create_time] => 1118684410 ) [isonid] => 1 ) array userinfo - array containing basic user information

    Read the article

  • What is a good embeddable Java LDAP server?

    - by LeedsSideStreets
    I'm working on a Java web application that integrates with a few other external applications that are deployed along with it. Authentication information must be synchronized across everything and the other applications want to authenticate against LDAP. The application will be deployed in environments where there will be no other LDAP server for everything to use; I have to provide it. My solution so far has been to use Penrose Server as a standalone app, which I set up to examine tables in the main application's database and publish LDAP based on that. It works well, but it would be nice to have something that can be embedded into the main application itself to simplify deployment. It looks like Penrose can be embedded, but the documentation can be a bit spotty or out-of-date (though it seems to be actively developed). It could be an acceptable solution, but if there is another out there that is known to work well in an embedded configuration I might want to check it out. I'm also concerned about GPL issues with Penrose. I'm not at liberty to GPL the source code for the application. I don't believe it was an issue running it standalone, but embedding it may be no-no... anybody know for sure? A permissive license would be good in order to avoid these issues. Requirements: LDAP v3 Must be able to be have the directory contents updated while running, either programmatically or by another means like syncing with the database as Penrose does Easy to configure (no additional configuration for the app at deployment time would be ideal) So far I've briefly looked at ApacheDS and OpenDS which seem to be embeddable. Does anyone have experience with this kind of thing?

    Read the article

  • Authlogic, logout, credential capture and security

    - by Paddy
    Ok this is something weird. I got authlogic-oid installed in my rails app today. Everything works perfectly fine but for one small nuisance. This is what i did: I first register with my google openid. Successful login, redirection and my email, along with my correct openid is stored in my database. I am happy that everything worked fine! Now when i logout, my rails app as usual destroys the session and redirects me back to my root url where i can login again. Now if i try to login it still remembers my last login id. Not a big issue as i can always "Sign in as a different user" but i am wondering if there is anyway to not only logout from my app but also logout from google. I noticed the same with stack overflow's openid authentication system. Why am i so bothered about this, you may ask. But is it not a bad idea if your web apps end user, who happens to be in a cyber cafe, thinks he has logged out from your app and hence from his google account only to realize later that his google account had got hacked by some unworthy loser who just happened to notice that the one before him had not logged out from google and say.. changed his password!! Should i be paranoid? Isn't this a major security lapse while implementing the openid spec? Probably today someone can give me a workaround for this issue and the question is solved for me. But what about the others who have implemented openid in their apps and not implemented a workaround?

    Read the article

  • Authlogic, logout and credential capture

    - by Paddy
    Ok this is something weird. I got authlogic-oid installed in my rails app today. Everything works perfectly fine but for one small nuisance. This is what i did: I first register with my google openid. Successful login, redirection and my email, along with my correct openid is stored in my database. I am happy that everything worked fine! Now when i logout, my rails app as usual destroys the session and redirects me back to my root url where i can login again. Now if i try to login it still remembers my last login id. Not a big issue as i can always "Sign in as a different user" but i am wondering if there is anyway to not only logout from my app but also logout from google. I noticed the same with stack overflow's openid authentication system. Why am i so bothered about this, you may ask. But is it not a bad idea if your web apps end user, who happens to be in a cyber cafe, thinks he has logged out from your app and hence from his google account only to realize later that his google account had got hacked by some unworthy loser who just happened to notice that the one before had not logged out from google and say.. changed his password!! Should i be paranoid?

    Read the article

  • ASPX FormsAuthentication.RedirectFromLoginPage function is not working anymore

    - by Mike Webb
    Here is my issue. I have an ASPX web site and I have code in there to redirect from the login page with the call to "FormsAuthentication.RedirectFromLoginPage(username, false);" This sends the user from the root website folder to 'website/Admin/'. I have a 'default.aspx' page in 'website/Admin/' and the call to redirect works on a previous version of the website we have running currently, but the one that I am updating on a separate test server is not working. It gives me the error "Directory Listing Denied. This Virtual Directory does not allow contents to be listed." I have this in the config file: <authorization> <allow users="*" /> </authorization> under the "authentication" option and... <location path="Admin"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> for the location of Admin. Also, there is no difference in the code between the web.config, Login.aspx, or the default.aspx files on the current server and the one on the test server, so I am confused as to why the redirect will not work on both. It even works in the Visual Studio server environment, for which the code is also identical. Any suggestions and help is appreciated.

    Read the article

  • Using a profile property of type List in .NET Membership

    - by hancock
    Hi, I'm working on a C# Webservice that needs to provide authentication as well as roles and profile management. I need each profile to have a property of type List. The profile section in the web.config looks like this: <profile defaultProvider="MyProfileProvider" enabled="true"> <providers> <remove name="MyProfileProvider"/> <add connectionStringName="MySqlServer" applicationName="MyApp" name="MyProfileProvider" type="System.Web.Profile.SqlProfileProvider" /> </providers> <properties> <add name="Websites" type="System.Collections.Generic.List&lt;String&gt;" serializeAs="Binary"/> </properties> </profile> However, when I start the webservice and try to access that property it returns the following error: System.Configuration.ConfigurationErrorsException: Attempting to load this property's type resulted in the following error: Could not load type 'System.Collections.Generic.List<String>'. (C:\Projects\MyProject\web.config line 58) --- System.Web.HttpException: Could not load type 'System.Collections.Generic.List<String>'. Is there a way to use a generic collection for this purpose?

    Read the article

  • Losing Session between Classic ASP and ASP.NET

    - by Aaron
    The company that I work for is making a transition between classic ASP programs and ASP.NET programs for our intranet software. Eventually, everything will be written in ASP.NET, but because of time constraints, there are still a number of programs that use classic ASP. To compensate we've written features that allow for redirects and autologins between classic ASP programs and ASP.NET programs. I've been starting to see a problem, though, with holding the session state for our ASP.NET software. If a user uses an ASP.NET program, then does work in a classic ASP program, then goes back to that ASP.NET program, often times, the user's authentication for the ASP.NET program is still in place, yet the user's session is lost, resulting in an error whenever a function is performed within the program. I'm trying to capture the loss of the session state in global.asax's Session_End event, which would redirect the user to the login page, but that hasn't worked. Has anyone else faced a similar issue with users moving back and forth between classic ASP and ASP.NET and losing sessions? Is that even my real issue here? It's the only thing that I can see as being a problem. Thanks for any help.

    Read the article

  • Uploadify and rails 3 authenticity tokens

    - by Ceilingfish
    Hi chaps, I'm trying to get a file upload progress bar working in a rails 3 app using uploadify (http://www.uploadify.com) and I'm stuck at authenticity tokens. My current uploadify config looks like <script type="text/javascript" charset="utf-8"> $(document).ready(function() { $("#zip_input").uploadify({ 'uploader': '/flash/uploadify.swf', 'script': $("#upload").attr('action'), 'scriptData': { 'format': 'json', 'authenticity_token': encodeURIComponent('<%= form_authenticity_token if protect_against_forgery? %>') }, 'fileDataName': "world[zip]", //'scriptAccess': 'always', // Incomment this, if for some reason it doesn't work 'auto': true, 'fileDesc': 'Zip files only', 'fileExt': '*.zip', 'width': 120, 'height': 24, 'cancelImg': '/images/cancel.png', 'onComplete': function(event, data) { $.getScript(location.href) }, // We assume that we can refresh the list by doing a js get on the current page 'displayData': 'speed' }); }); </script> But I am getting this response from rails: Started POST "/worlds" for 127.0.0.1 at 2010-04-22 12:39:44 ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/_trace.erb (1.0ms) Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (6.6ms) Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (12.2ms) This appears to be because I'm not sending the authentication cookie along with the request. Does anyone know how I can get the values I should be sending there, and how I can make rails read it from HTTP POST rather than trying to find it as a cookie?

    Read the article

  • Google Contacts API - No Redirection

    - by mecablaze
    Hello there, I am currently working on Contact Importer web app (in PHP) so I will be able to grab email address from a user's account on Gmail, Yahoo, etc and use them for my own evil purposes. Just kidding, my web app is very friendly. I thought I would start with Google. I found they have a fantastic little API called Google Contacts API which lets a programmer, like myself, to access a user's contacts. After a couple of hours of struggling and throwing shitty code together, I ran into a few road-blocks. My main question is this: Is there any way that I can have a user provide their username and password for Gmail on my website and have my code retrieve the contacts without that nasty redirection to a Google login page? It's kind of ruins the whole flow of my web app. I've looked into AuthSub, and gotten that to work, but of course the catch is that you have to redirect the user to obtain the access token. It looks like OAuth will have this same catch. The one ray of hope I have is the ClientLogin method of authentication. Again, there is a catch, sometimes Google throws you a CAPTCHA instead of the auth token. Again, the user flow is ruined. I've noticed that our good ol' friends over at Twitter have it working just fine. Does anyone know how they do it? Thanks!

    Read the article

  • Unusual request URL in ASP.NET health monitoring event

    - by Troy Hunt
    I’m seeing a rather strange occurrence in the request information section of an ASP.NET health monitoring email I hope someone can shed some light on. This is a publicly facing website which runs on infrastructure at an Indian hosting provider. Health monitoring is notifying us of server errors via automated email but every now and then the requested URL appears as a totally different website. For example: Request information: Request URL: http://www.baidu.com/Default.aspx Request path: /Default.aspx User host address: 221.13.128.175 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Obviously the site in question is not Baidu and obviously this attribute is not the referrer either; the “Request URL” value is the path which has generated the error. The IP address is located in Beijing (coincidental given the Baidu address?) and in this instance it looks like the SQL server backend was not accessible (I haven't included the entire error message for security's sake). What would cause the request URL attribute to be arbitrarily changed to that of another site? I’ve never seen this occur in a health monitoring event before. Thanks!

    Read the article

  • How do I securely authenticate the calling assembly of a WCF service method?

    - by Tim
    The current situation is as follows: We have an production .net 3.5 WCF service, used by several applications throughout the organization, over wsHttpBinding or netTcpBinding. User authentication is being done on the Transport level, using Windows integrated security. This service has a method Foo(string parameter), which can only be called by members of given AD groups. The string parameter is obligatory. A new client application has come into play (.net 3.5, C# console app), which eliminates the necessity of the string parameter. However, only calls from this particular application should be allowed to omit the string parameter. The identity of the caller of the client application should still be known by the server because the AD group limitation still applies (ruling out impersonation on the client side). I found a way to pass on the "evidence" of the calling (strong-named) assembly in the message headers, but this method is clearly not secure because the "evidence" can easily be spoofed. Also, CAS (code access security) seems like a possible solution, but I can't seem to figure out how to make use of CAS in this particular scenario. Does anyone have a suggestion on how to solve this issue? Edit: I found another thread on this subject; apparently the conclusion there is that it is simply impossible to implement in a secure fashion.

    Read the article

  • ASP.NET Chart Control errors in Event Viewer

    - by Richard Reddy
    Hi, I have been using the ASP.NET chart controls for a while on win2k3 (32bit) setups without any issue but have noticed that on our new win2k8 (64bit) box I am getting a warning message showing up in the event viewer from the chart control. In my web.config file I have the following tag telling the Chart Control where I can store the Temp Files: <add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;" /> Below is the warning message produced by the control: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 10/7/2009 2:40:03 PM Event time (UTC): 10/7/2009 2:40:03 PM Event ID: 237c3b208962429e8bbc5a48ffd177f0 Event sequence: 2860 Event occurrence: 26 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT-1-128993655360497729 Trust level: Full Application Virtual Path: / Application Path: C:\data\sites\mydomain.com\ Machine name: 231692-WEB Process information: Process ID: 4068 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: ArgumentException Exception message: The image is not found. Request information: Request URL: http://www.mydomain.com/ChartImg.axd?i=chart%5F0%5F3.png&g=bccc8aa11abb470980c60e8cf1e71e15 Request path: /ChartImg.axd User host address: my domain ip User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 7 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: False Stack trace: at System.Web.UI.DataVisualization.Charting.ChartHttpHandler.ProcessSavedChartImage(HttpContext context) at System.Web.UI.DataVisualization.Charting.ChartHttpHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) It's worth pointing out that ALL of the chart images are displayed correctly on the screen so I'm not sure when/where the image not found error is being caused. Is this a 64bit issue? Thanks, Rich

    Read the article

  • Selecting a Java framework for large application w/ only ONE user

    - by Bijan
    I am building a large application that will be hosted on an AWS server. I'm trying to select a web framework for assisting me with code organization, template design, and generally presentation aspects. Here are some points of consideration: Require security/login/user authentication. I may add the ability in the future to allow more than just an administrator to access the web app, but it is not a public facing website. AJAX support would be helpful. There are a couple widgets that I don't want to recreate. One is a tree object, where the user can expand/contract items in the list, can create new branches, add/edit objects. This would be better off in some dynamic view rather than all done in ugly html. Generally, this is just to provide the application with a face for control, management, and monitoring. Having an easier time adding buttons, CSS, AJAX widgets are great additions though, but not the primary purpose. I'm considering: Wicket Spring Seam GWT Stripe and the list goes on, as I'm sure you all know. I originally planned on using GWT, but then started to feel that GWT didn't cover my primary needs. I could be wrong about this, but there seems to be a lot of support for GWT AND Wicket/Spring. All of this 'getting lost in java frameworks' got me thinking outside the java realm for a framework that would suit my needs that was a clear option, like: JRuby/Rails Jython/Django Groovy/Grails Guice (just throwing this in there... I don't clearly understand the main purposes of all these frameworks. It doesn't seem like DInjection is something I need for a single purpose application) Thanks as always. This community makes Googling for esoteric programming information an order of magnitude better.

    Read the article

  • Can't send client certificate via SslStream

    - by Jonathan
    I am doing an SSL3 handshake using an SslStream, but, in spite of my best efforts, the SslStream never sends a client certificate on my behalf. Here is the code: SSLConnection = new System.Net.Security.SslStream(SSLInOutStream, false, new System.Net.Security.RemoteCertificateValidationCallback(AlwaysValidRemoteCertificate), new System.Net.Security.LocalCertificateSelectionCallback(ChooseLocalCertificate)); X509CertificateCollection CC = new X509CertificateCollection(); CC.Add(Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(MyLocalCertificate)); SSLConnection.AuthenticateAsClient("test", CC, System.Security.Authentication.SslProtocols.Ssl3, false); and then I have AlwaysValidRemoteCertificate just returning true, and ChooseLocalCertificate returning the zeroth element of the array. The code probably looks a little weird because the project is a little weird, but I think that is beside the point here. The SSL handshake completes. The issue is that instead of sending a certificate message on my behalf (in the handshake process), with the ASN.1 encoded certificate (MyLocalCertificate), the SslStream sends an SSL alert number 41 (no certificate) and then carries on. I know this from packet sniffing. After the handshake is completed, the SslStream marks IsAuthenticated as true, IsMutuallyAuthenticated as false, and its LocalCertificate member is null. I feel like I'm probably missing something pretty obvious here, so any ideas would be appreciated. I am a novice with SSL, and this project is off the beaten path, so I am kind of at a loss. P.S. 1: My ChooseLocalCertificate routine is called twice during the handshake, and returns a valid (as far as I can tell), non-null certificate both times. P.S. 2: SSLInOutStream is my own class, not a NetworkStream. Like I said, though, the handshake proceeds mostly normally, so I doubt this is the culprit... but who knows?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 469 470 471 472 473 474 475 476 477 478 479 480  | Next Page >