Search Results

Search found 15798 results on 632 pages for 'authentication required'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 475/632 | < Previous Page | 471 472 473 474 475 476 477 478 479 480 481 482  | Next Page >

  • Authlogic, logout, credential capture and security

    - by Paddy
    Ok this is something weird. I got authlogic-oid installed in my rails app today. Everything works perfectly fine but for one small nuisance. This is what i did: I first register with my google openid. Successful login, redirection and my email, along with my correct openid is stored in my database. I am happy that everything worked fine! Now when i logout, my rails app as usual destroys the session and redirects me back to my root url where i can login again. Now if i try to login it still remembers my last login id. Not a big issue as i can always "Sign in as a different user" but i am wondering if there is anyway to not only logout from my app but also logout from google. I noticed the same with stack overflow's openid authentication system. Why am i so bothered about this, you may ask. But is it not a bad idea if your web apps end user, who happens to be in a cyber cafe, thinks he has logged out from your app and hence from his google account only to realize later that his google account had got hacked by some unworthy loser who just happened to notice that the one before him had not logged out from google and say.. changed his password!! Should i be paranoid? Isn't this a major security lapse while implementing the openid spec? Probably today someone can give me a workaround for this issue and the question is solved for me. But what about the others who have implemented openid in their apps and not implemented a workaround?

    Read the article

  • Authlogic, logout and credential capture

    - by Paddy
    Ok this is something weird. I got authlogic-oid installed in my rails app today. Everything works perfectly fine but for one small nuisance. This is what i did: I first register with my google openid. Successful login, redirection and my email, along with my correct openid is stored in my database. I am happy that everything worked fine! Now when i logout, my rails app as usual destroys the session and redirects me back to my root url where i can login again. Now if i try to login it still remembers my last login id. Not a big issue as i can always "Sign in as a different user" but i am wondering if there is anyway to not only logout from my app but also logout from google. I noticed the same with stack overflow's openid authentication system. Why am i so bothered about this, you may ask. But is it not a bad idea if your web apps end user, who happens to be in a cyber cafe, thinks he has logged out from your app and hence from his google account only to realize later that his google account had got hacked by some unworthy loser who just happened to notice that the one before had not logged out from google and say.. changed his password!! Should i be paranoid?

    Read the article

  • ASPX FormsAuthentication.RedirectFromLoginPage function is not working anymore

    - by Mike Webb
    Here is my issue. I have an ASPX web site and I have code in there to redirect from the login page with the call to "FormsAuthentication.RedirectFromLoginPage(username, false);" This sends the user from the root website folder to 'website/Admin/'. I have a 'default.aspx' page in 'website/Admin/' and the call to redirect works on a previous version of the website we have running currently, but the one that I am updating on a separate test server is not working. It gives me the error "Directory Listing Denied. This Virtual Directory does not allow contents to be listed." I have this in the config file: <authorization> <allow users="*" /> </authorization> under the "authentication" option and... <location path="Admin"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> for the location of Admin. Also, there is no difference in the code between the web.config, Login.aspx, or the default.aspx files on the current server and the one on the test server, so I am confused as to why the redirect will not work on both. It even works in the Visual Studio server environment, for which the code is also identical. Any suggestions and help is appreciated.

    Read the article

  • Losing Session between Classic ASP and ASP.NET

    - by Aaron
    The company that I work for is making a transition between classic ASP programs and ASP.NET programs for our intranet software. Eventually, everything will be written in ASP.NET, but because of time constraints, there are still a number of programs that use classic ASP. To compensate we've written features that allow for redirects and autologins between classic ASP programs and ASP.NET programs. I've been starting to see a problem, though, with holding the session state for our ASP.NET software. If a user uses an ASP.NET program, then does work in a classic ASP program, then goes back to that ASP.NET program, often times, the user's authentication for the ASP.NET program is still in place, yet the user's session is lost, resulting in an error whenever a function is performed within the program. I'm trying to capture the loss of the session state in global.asax's Session_End event, which would redirect the user to the login page, but that hasn't worked. Has anyone else faced a similar issue with users moving back and forth between classic ASP and ASP.NET and losing sessions? Is that even my real issue here? It's the only thing that I can see as being a problem. Thanks for any help.

    Read the article

  • Uploadify and rails 3 authenticity tokens

    - by Ceilingfish
    Hi chaps, I'm trying to get a file upload progress bar working in a rails 3 app using uploadify (http://www.uploadify.com) and I'm stuck at authenticity tokens. My current uploadify config looks like <script type="text/javascript" charset="utf-8"> $(document).ready(function() { $("#zip_input").uploadify({ 'uploader': '/flash/uploadify.swf', 'script': $("#upload").attr('action'), 'scriptData': { 'format': 'json', 'authenticity_token': encodeURIComponent('<%= form_authenticity_token if protect_against_forgery? %>') }, 'fileDataName': "world[zip]", //'scriptAccess': 'always', // Incomment this, if for some reason it doesn't work 'auto': true, 'fileDesc': 'Zip files only', 'fileExt': '*.zip', 'width': 120, 'height': 24, 'cancelImg': '/images/cancel.png', 'onComplete': function(event, data) { $.getScript(location.href) }, // We assume that we can refresh the list by doing a js get on the current page 'displayData': 'speed' }); }); </script> But I am getting this response from rails: Started POST "/worlds" for 127.0.0.1 at 2010-04-22 12:39:44 ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken): Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/_trace.erb (1.0ms) Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/_request_and_response.erb (6.6ms) Rendered /opt/local/lib/ruby/gems/1.8/gems/actionpack-3.0.0.beta3/lib/action_dispatch/middleware/templates/rescues/diagnostics.erb within rescues/layout (12.2ms) This appears to be because I'm not sending the authentication cookie along with the request. Does anyone know how I can get the values I should be sending there, and how I can make rails read it from HTTP POST rather than trying to find it as a cookie?

    Read the article

  • Using a profile property of type List in .NET Membership

    - by hancock
    Hi, I'm working on a C# Webservice that needs to provide authentication as well as roles and profile management. I need each profile to have a property of type List. The profile section in the web.config looks like this: <profile defaultProvider="MyProfileProvider" enabled="true"> <providers> <remove name="MyProfileProvider"/> <add connectionStringName="MySqlServer" applicationName="MyApp" name="MyProfileProvider" type="System.Web.Profile.SqlProfileProvider" /> </providers> <properties> <add name="Websites" type="System.Collections.Generic.List&lt;String&gt;" serializeAs="Binary"/> </properties> </profile> However, when I start the webservice and try to access that property it returns the following error: System.Configuration.ConfigurationErrorsException: Attempting to load this property's type resulted in the following error: Could not load type 'System.Collections.Generic.List<String>'. (C:\Projects\MyProject\web.config line 58) --- System.Web.HttpException: Could not load type 'System.Collections.Generic.List<String>'. Is there a way to use a generic collection for this purpose?

    Read the article

  • Google Contacts API - No Redirection

    - by mecablaze
    Hello there, I am currently working on Contact Importer web app (in PHP) so I will be able to grab email address from a user's account on Gmail, Yahoo, etc and use them for my own evil purposes. Just kidding, my web app is very friendly. I thought I would start with Google. I found they have a fantastic little API called Google Contacts API which lets a programmer, like myself, to access a user's contacts. After a couple of hours of struggling and throwing shitty code together, I ran into a few road-blocks. My main question is this: Is there any way that I can have a user provide their username and password for Gmail on my website and have my code retrieve the contacts without that nasty redirection to a Google login page? It's kind of ruins the whole flow of my web app. I've looked into AuthSub, and gotten that to work, but of course the catch is that you have to redirect the user to obtain the access token. It looks like OAuth will have this same catch. The one ray of hope I have is the ClientLogin method of authentication. Again, there is a catch, sometimes Google throws you a CAPTCHA instead of the auth token. Again, the user flow is ruined. I've noticed that our good ol' friends over at Twitter have it working just fine. Does anyone know how they do it? Thanks!

    Read the article

  • How do I securely authenticate the calling assembly of a WCF service method?

    - by Tim
    The current situation is as follows: We have an production .net 3.5 WCF service, used by several applications throughout the organization, over wsHttpBinding or netTcpBinding. User authentication is being done on the Transport level, using Windows integrated security. This service has a method Foo(string parameter), which can only be called by members of given AD groups. The string parameter is obligatory. A new client application has come into play (.net 3.5, C# console app), which eliminates the necessity of the string parameter. However, only calls from this particular application should be allowed to omit the string parameter. The identity of the caller of the client application should still be known by the server because the AD group limitation still applies (ruling out impersonation on the client side). I found a way to pass on the "evidence" of the calling (strong-named) assembly in the message headers, but this method is clearly not secure because the "evidence" can easily be spoofed. Also, CAS (code access security) seems like a possible solution, but I can't seem to figure out how to make use of CAS in this particular scenario. Does anyone have a suggestion on how to solve this issue? Edit: I found another thread on this subject; apparently the conclusion there is that it is simply impossible to implement in a secure fashion.

    Read the article

  • Unusual request URL in ASP.NET health monitoring event

    - by Troy Hunt
    I’m seeing a rather strange occurrence in the request information section of an ASP.NET health monitoring email I hope someone can shed some light on. This is a publicly facing website which runs on infrastructure at an Indian hosting provider. Health monitoring is notifying us of server errors via automated email but every now and then the requested URL appears as a totally different website. For example: Request information: Request URL: http://www.baidu.com/Default.aspx Request path: /Default.aspx User host address: 221.13.128.175 User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Obviously the site in question is not Baidu and obviously this attribute is not the referrer either; the “Request URL” value is the path which has generated the error. The IP address is located in Beijing (coincidental given the Baidu address?) and in this instance it looks like the SQL server backend was not accessible (I haven't included the entire error message for security's sake). What would cause the request URL attribute to be arbitrarily changed to that of another site? I’ve never seen this occur in a health monitoring event before. Thanks!

    Read the article

  • Can't send client certificate via SslStream

    - by Jonathan
    I am doing an SSL3 handshake using an SslStream, but, in spite of my best efforts, the SslStream never sends a client certificate on my behalf. Here is the code: SSLConnection = new System.Net.Security.SslStream(SSLInOutStream, false, new System.Net.Security.RemoteCertificateValidationCallback(AlwaysValidRemoteCertificate), new System.Net.Security.LocalCertificateSelectionCallback(ChooseLocalCertificate)); X509CertificateCollection CC = new X509CertificateCollection(); CC.Add(Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(MyLocalCertificate)); SSLConnection.AuthenticateAsClient("test", CC, System.Security.Authentication.SslProtocols.Ssl3, false); and then I have AlwaysValidRemoteCertificate just returning true, and ChooseLocalCertificate returning the zeroth element of the array. The code probably looks a little weird because the project is a little weird, but I think that is beside the point here. The SSL handshake completes. The issue is that instead of sending a certificate message on my behalf (in the handshake process), with the ASN.1 encoded certificate (MyLocalCertificate), the SslStream sends an SSL alert number 41 (no certificate) and then carries on. I know this from packet sniffing. After the handshake is completed, the SslStream marks IsAuthenticated as true, IsMutuallyAuthenticated as false, and its LocalCertificate member is null. I feel like I'm probably missing something pretty obvious here, so any ideas would be appreciated. I am a novice with SSL, and this project is off the beaten path, so I am kind of at a loss. P.S. 1: My ChooseLocalCertificate routine is called twice during the handshake, and returns a valid (as far as I can tell), non-null certificate both times. P.S. 2: SSLInOutStream is my own class, not a NetworkStream. Like I said, though, the handshake proceeds mostly normally, so I doubt this is the culprit... but who knows?

    Read the article

  • ASP.NET Chart Control errors in Event Viewer

    - by Richard Reddy
    Hi, I have been using the ASP.NET chart controls for a while on win2k3 (32bit) setups without any issue but have noticed that on our new win2k8 (64bit) box I am getting a warning message showing up in the event viewer from the chart control. In my web.config file I have the following tag telling the Chart Control where I can store the Temp Files: <add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;" /> Below is the warning message produced by the control: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 10/7/2009 2:40:03 PM Event time (UTC): 10/7/2009 2:40:03 PM Event ID: 237c3b208962429e8bbc5a48ffd177f0 Event sequence: 2860 Event occurrence: 26 Event detail code: 0 Application information: Application domain: /LM/W3SVC/2/ROOT-1-128993655360497729 Trust level: Full Application Virtual Path: / Application Path: C:\data\sites\mydomain.com\ Machine name: 231692-WEB Process information: Process ID: 4068 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: ArgumentException Exception message: The image is not found. Request information: Request URL: http://www.mydomain.com/ChartImg.axd?i=chart%5F0%5F3.png&g=bccc8aa11abb470980c60e8cf1e71e15 Request path: /ChartImg.axd User host address: my domain ip User: Is authenticated: False Authentication Type: Thread account name: NT AUTHORITY\NETWORK SERVICE Thread information: Thread ID: 7 Thread account name: NT AUTHORITY\NETWORK SERVICE Is impersonating: False Stack trace: at System.Web.UI.DataVisualization.Charting.ChartHttpHandler.ProcessSavedChartImage(HttpContext context) at System.Web.UI.DataVisualization.Charting.ChartHttpHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext context) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) It's worth pointing out that ALL of the chart images are displayed correctly on the screen so I'm not sure when/where the image not found error is being caused. Is this a 64bit issue? Thanks, Rich

    Read the article

  • Selecting a Java framework for large application w/ only ONE user

    - by Bijan
    I am building a large application that will be hosted on an AWS server. I'm trying to select a web framework for assisting me with code organization, template design, and generally presentation aspects. Here are some points of consideration: Require security/login/user authentication. I may add the ability in the future to allow more than just an administrator to access the web app, but it is not a public facing website. AJAX support would be helpful. There are a couple widgets that I don't want to recreate. One is a tree object, where the user can expand/contract items in the list, can create new branches, add/edit objects. This would be better off in some dynamic view rather than all done in ugly html. Generally, this is just to provide the application with a face for control, management, and monitoring. Having an easier time adding buttons, CSS, AJAX widgets are great additions though, but not the primary purpose. I'm considering: Wicket Spring Seam GWT Stripe and the list goes on, as I'm sure you all know. I originally planned on using GWT, but then started to feel that GWT didn't cover my primary needs. I could be wrong about this, but there seems to be a lot of support for GWT AND Wicket/Spring. All of this 'getting lost in java frameworks' got me thinking outside the java realm for a framework that would suit my needs that was a clear option, like: JRuby/Rails Jython/Django Groovy/Grails Guice (just throwing this in there... I don't clearly understand the main purposes of all these frameworks. It doesn't seem like DInjection is something I need for a single purpose application) Thanks as always. This community makes Googling for esoteric programming information an order of magnitude better.

    Read the article

  • How to resolve user registration and activation email error in Django registration?

    - by user2476295
    So I was just trying to setup a basic user authentication in Django and downloaded a django registration app with templates. Now when I run the server at 127.0.0.1:8000/accounts/register/ I get a basic registration page, I fill in the details and when I click submit I get this error "NoReverseMatch at /accounts/register/" Error during template rendering In template Users/sudhasinha/mysite/mysite/registration/templates/registration/activation_email.txt, error at line 4 'url' requires a non-empty first argument. The syntax changed in Django 1.5, see the docs. 1 {% load i18n %} 2 {% trans "Activate account at" %} {{ site.name }}: 3 4 http://{{ site.domain }}{**% url registration_activate activation_key %**} 5 6 {% blocktrans %}Link is valid for {{ expiration_days }} days.{% endblocktrans %} 7 This is what my activation_email.txt looks like: {% load i18n %} {% trans "Activate account at" %} {{ site.name }}: http://{{ site.domain }}{% url registration_activate activation_key %} {% blocktrans %}Link is valid for {{ expiration_days }} days.{% endblocktrans %} And this is what my registration_form.html looks like: {% extends "base.html" %} {% load i18n %} {% block content %} <form method="post" action="."> {{ form.as_p }} <input type="submit" value="{% trans 'Submit' %}" /> </form> {% endblock %} I have very minimal experience with Django and would appreciate some help to resolve this error. My urls seem to be setup correctly but I will post it if needed. Also pardon my horrible formatting

    Read the article

  • How do I create a .NET Web Service that Posts items to a users Facebook Wall?

    - by Jourdan
    I'm currently toying around with the Clarity .NET Facebook API but am finding certain situations with authentication to be kind of limiting. I keep going through the tutorials but always end up hitting a brick wall with what I want to do. Perhaps I just cannot do it? I want to make a Web Service that takes in the require credentials (APIKey, SecretKey, UsersId (or Session Key?) and whatever else I would need), and then do various tasks: Post to users wall, add events etc. The problem I am having is this: The current documentation, examples and support provide a way to do this within the context of a Web site. Within this context, the required "connect" popup can be initiated and allow the user to authenticate and and connect the application. From that point on the Web can go on with its business to do what it needs to do. If I close the browser and come back to the page, I have to push the connect button again. Except this time, since I was already logged into facebook, I don't have to go through the whole connection process. But still ... How do applications like Tweetdeck get around this? They seemingly have you connect once, when you install their application, and you don't have to do it again. I would assume that this same idea would have to applied towards making a web service because: You don't know what context the user is in when making the Web service call. The web service methods being called could be coming from a Windows Form app, or code behind in a workflow.

    Read the article

  • Performance problem with System.Net.Mail

    - by Saif Khan
    I have this unusual problem with mailing from my app. At first it wasn't working (getting unable to relay error crap) anyways I added the proper authentication and it works. My problem now is, if I try to send around 300 emails (each with a 500k attachment) the app starts hanging around 95% thru the process. Here is some of my code which is called for each mail to be sent Using mail As New MailMessage() With mail .From = New MailAddress(My.Resources.EmailFrom) For Each contact As Contact In Contacts .To.Add(contact.Email) Next .Subject = "Accounting" .Body = My.Resources.EmailBody 'Back the stream up to the beginning orelse the attachment 'will be sent as a zero (0) byte file. attachment.Seek(0, SeekOrigin.Begin) .Attachments.Add(New Attachment(attachment, String.Concat(Item.Year, Item.AttachmentType.Extension))) End With Dim smtp As New SmtpClient("192.168.1.2") With smtp .DeliveryMethod = SmtpDeliveryMethod.Network .UseDefaultCredentials = False .Credentials = New NetworkCredential("username", "password") .Send(mail) End With End Using With item .SentStatus = True .DateSent = DateTime.Now.Date .Save() End With Return I was thinking, can I just prepare all the mails and add them to a collection then open one SMTP conenction and just iterate the collection, calling the send like this Using mail As New MailMessage() ... MailCollection.Add(mail) End Using ... Dim smtp As New SmtpClient("192.168.1.2") With smtp .DeliveryMethod = SmtpDeliveryMethod.Network .UseDefaultCredentials = False .Credentials = New NetworkCredential("username", "password") For Each mail in MainCollection .Send(mail) Next End With

    Read the article

  • JavaMail: Could not connect to SMTP server.

    - by javacode
    Hi The following code causes an error. Please help me understand what's wrong. import javax.mail.*; import javax.mail.internet.*; import java.util.*; public class SendMail { public static void main(String [] args)throws MessagingException { SendMail sm=new SendMail(); sm.postMail(new String[]{"[email protected]"},"hi","hello","[email protected]"); } public void postMail( String recipients[ ], String subject, String message , String from) throws MessagingException { boolean debug = false; //Set the host smtp address Properties props = new Properties(); props.put("mail.smtp.host", "webmail.emailmyname.com"); // create some properties and get the default Session Session session = Session.getDefaultInstance(props, null); session.setDebug(debug); // create a message Message msg = new MimeMessage(session); // set the from and to address InternetAddress addressFrom = new InternetAddress(from); msg.setFrom(addressFrom); InternetAddress[] addressTo = new InternetAddress[recipients.length]; for (int i = 0; i < recipients.length; i++) { addressTo[i] = new InternetAddress(recipients[i]); } msg.setRecipients(Message.RecipientType.TO, addressTo); // Optional : You can also set your custom headers in the Email if you Want msg.addHeader("MyHeaderName", "myHeaderValue"); // Setting the Subject and Content Type msg.setSubject(subject); msg.setContent(message, "text/plain"); Transport.send(msg); } } Exception: <pre> com.sun.mail.smtp.SMTPSendFailedException: 450 smtpout04.dca.untd.com Authentication required at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1829) at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1368) at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:886) at javax.mail.Transport.send0(Transport.java:191) at javax.mail.Transport.send(Transport.java:120) at SendMail.postMail(SendMail.java:52) at SendMail.main(SendMail.java:10)

    Read the article

  • facebook connect button not producing pop-up

    - by bigmac
    This is a really simple question, but I can't seem to find the answer. I am just getting started with Facebook Connect. I would like to use it only for user authentication, so there is no need for my users to create another account. I used a very basic example from wiki.developers.facebook.com : <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml"> <head></head> <body> <fb:login-button></fb:login-button> <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript"></script> <script type="text/javascript"> FB.init("***api-key***", "xd_receiver.htm"); </script> </body> </html> Very straight forward. It seems to work fine. However, if I am currently already logged in to Facebook, the pop-up window doesn't come up when I click the login button. Why is that?

    Read the article

  • XMLRPC java insert issue

    - by Sanjai Palliyil
    I am trying to insert customer details into OpenERP server using XMLPRC and java. I am able to do an authentication. But when i call the execute method to insert the record by passing the parameters, am getting Exception in thread "main" java.lang.NullPointerException on line res_create = client_1.execute("execute", params_create); Please find my code below res = client.execute("login", params); String url_1 = "http://agilewebdevelopment.net:8514/xmlrpc/object"; XmlRpcClientConfigImpl config_1 = new XmlRpcClientConfigImpl(); try { config_1.setServerURL(new URL(url_1)); } catch (MalformedURLException e) { System.out.println("First"); e.printStackTrace(); } System.out.println(res); HashMap<String, Object> vals = new HashMap<String, Object>(); vals.put("name", "Mantavya Gajjar"); vals.put("ref", "MGA"); XmlRpcClient client_1 = new XmlRpcClient(); client.setConfig(config_1); Object[] params_create = new Object[]{"erp_performance", "1", "admin", "res.partner", "create", vals}; Object res_create = null; try { res_create = client_1.execute("execute", params_create); } catch (XmlRpcException e) { e.printStackTrace(); } Any helps is appreciated

    Read the article

  • WCF Service in Azure with ClaimsIdentity over SSL

    - by Sunil Ramu
    Hello , Created a WCF service as a WebRole using Azure and a client windows application which refers to this service. The Cloud Service is refered to a certificate which is created using the "Hands On Lab" given in windows identity foundation. The Web Service is hosted in IIS and it works perfect when executed. I've created a client windows app which refers to this web service. Since WIF Claims identity is used, I have a claimsAuthorizationManager Class, and also a Policy class with set of defilned policies. The Claims is set in the web.config file. When I execute the windows app as the start up project, the app prompts for authentication, and when the account credentials are given as in the config file, it opens a new "Windows Card Space" Window and Says "Incoming Policy Failed". When I close the window the System throws and Exception The incoming policy could not be validated. For more information, please see the event log. Event Log Details Incoming policy failed validation. No valid claim elements were found in the policy XML. Additional Information: at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e) at Microsoft.InfoCards.InfoCardPolicy.Validate() at Microsoft.InfoCards.Request.PreProcessRequest() at Microsoft.InfoCards.ClientUIRequest.PreProcessRequest() at Microsoft.InfoCards.Request.DoProcessRequest(String& extendedMessage) at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs) Details: System Provider [ Name] CardSpace 3.0.0.0 EventID 267 [ Qualifiers] 49157 Level 2 Task 1 Keywords 0x80000000000000 EventRecordID 6996 Channel Application EventData No valid claim elements were found in the policy XML. Additional Information: at System.Environment.get_StackTrace() at Microsoft.InfoCards.Diagnostics.InfoCardTrace.BuildMessage(InfoCardBaseException ie) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.TraceAndLogException(Exception e) at Microsoft.InfoCards.Diagnostics.InfoCardTrace.ThrowHelperError(Exception e) at Microsoft.InfoCards.InfoCardPolicy.Validate() at Microsoft.InfoCards.Request.PreProcessRequest() at Microsoft.InfoCards.ClientUIRequest.PreProcessRequest() at Microsoft.InfoCards.Request.DoProcessRequest(String& extendedMessage) at Microsoft.InfoCards.RequestFactory.ProcessNewRequest(Int32 parentRequestHandle, IntPtr rpcHandle, IntPtr inArgs, IntPtr& outArgs)

    Read the article

  • Using HttpClient with SSL and certificates

    - by ChrisCM
    While I've been familiar with HTTPS and the concept of SSL, I have recently begun some development and found I am a little confused. The requirement was that I write a small Java application that runs on a machine attached to a scanner. When a document is scanned this is picked up and the file (usually PDF) sent over the internet to our application server that will then process it. I've written the application using Apache Commons libraries and HTTPClient. The second requirement was to connect over SSL, requiring a certificate. Following guidance on the HTTPclient page I am using AuthSSLProtocolSocketFactory from the contributions page. The constructor can take a keystore, keystore password, truststore and truststore password. As an initial test our DBA enabled SSL on one of our development webservers and provided me with a .p12 file which when I imported into IE allows me to connect successfully. I am a bit confused between keystores and truststores and what steps I need to take using the keytool. I tried importing the p12 into a keystore file but get the error: keytool error: java.lang.Exception: Input not an X.509 certificate I followed a suggestion of importing the p12 into Internet Explorer and exporting as a .cer which I can then successfully import into a keystore. When I supply this as a keystore argument of the AuthSSLProtocolSocketFactory I get a meaningless errror, but if I try it as a truststore it seems like it reads it fine but ultimately I get Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate I am unsure if I have missed some steps, I am misunderstanding SSL and mutual authentication altogether or this is mis-configuration on the server side. Can anyone provide suggestions or point me towards resources that might help me figure this out please?

    Read the article

  • What does this code from AuthKit do? (where are these functions and methods defined?)

    - by Beau Simensen
    I am trying to implement my own authentication method for AuthKit and am trying to figure out how some of the built-in methods work. In particular, I'm trying to figure out how to update the REMOTE_USER for environ correctly. This is how it is handled inside of authkit.authenticate.basic but it is pretty confusing. I cannot find anyplace where REMOTE_USER and AUTH_TYPE are defined. Is there something strange going on here and if so, what is it? def __call__(self, environ, start_response): environ['authkit.users'] = self.users result = self.authenticate(environ) if isinstance(result, str): AUTH_TYPE.update(environ, 'basic') REMOTE_USER.update(environ, result) return self.application(environ, start_response) There are actually a number of all uppercase things like this that I cannot find a definition for. For example, where does AUTHORIZATION come from below: def authenticate(self, environ): authorization = AUTHORIZATION(environ) if not authorization: return self.build_authentication() (authmeth, auth) = authorization.split(' ',1) if 'basic' != authmeth.lower(): return self.build_authentication() auth = auth.strip().decode('base64') username, password = auth.split(':',1) if self.authfunc(environ, username, password): return username return self.build_authentication() I feel like maybe I am missing some special syntax handling for the environ dict, but it is possible that there is something else really weird going on here that isn't immediately obvious to someone as new to Python as myself.

    Read the article

  • How to handle custom Java exception in Flex app.

    - by mico
    Hello, we are using BlazeDS as a proxy between Flex and Java. The approach is the same as in (http://www.flexpasta.com/index.php/2008/05/16/exception-handling-with-blazeds-and-flex/) Java exception declaration: public class FlexException extends RuntimeException { private String name = 'John'; public FlexException(String message) { super(message); } public String getName() { return name; } } Then, we are throwing it: public void testMethod(String str) throws Exception { throw new FlexException("Custom exception"); } Flex part: private function faultHandler(event:FaultEvent):void { var errorMessage:ErrorMessage = event.message as ErrorMessage; trace("error++"); } and remote object is instantiated here: <mx:RemoteObject id="mySample" destination="mySample" channelSet="{cs1}" fault="faultHandler(event)" /> But in event.fault I get "Server.Processing" and event.faultString equals "There was an unhandled failure on the server. Custom exception" How can I receive the data is specified in exception props ? BlazeDS log is similar to the log that was mentioned in the comment [BlazeDS] 11:28:13.906 [DEBUG] Serializing AMF/HTTP response Version: 3 (Message #0 targetURI=/2/onStatus, responseUR|-) (Typed Object #0 ‘flex.messaging.messages.ErrorMessage’) headers = (Object #1) rootCause = null body = null correlationId = “2F1126D7-5658-BE40-E27C-7B43F3C5DCDD” faultDetail = null faultString = “Login required before authorization can proceed.” clientId = “C4F0E77C-3208-ECDD-1497-B8D070884830? timeToLive = 0.0 destination = “books” timestamp = 1.204658893906E12 extendedData = null faultCode = “Client.Authentication” messageId = “C4F0E77C-321E-6FCE-E17D-D9F1C16600A8? So the quesion is why rootClause is null? How can I get that Exception object not just a string 'Custom exception'?

    Read the article

  • MessageSecurityException: The security header element 'Timestamp' with the '' id must be signed

    - by NiklasN
    I'm asking the same question here that I've already asked on msdn forums http://social.msdn.microsoft.com/Forums/en-US/netfxnetcom/thread/70f40a4c-8399-4629-9bfc-146524334daf I'm consuming a (most likely Java based) Web Service with I have absolutely no access to modify. It won't be modified even though I would ask them (it's a nation wide system). I've written the client with WCF. Here's some code: CustomBinding binding = new CustomBinding(); AsymmetricSecurityBindingElement element = SecurityBindingElement.CreateMutualCertificateDuplexBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10); element.AllowSerializedSigningTokenOnReply = true; element.SetKeyDerivation(false); element.IncludeTimestamp = true; element.KeyEntropyMode = SecurityKeyEntropyMode.ClientEntropy; element.MessageProtectionOrder = System.ServiceModel.Security.MessageProtectionOrder.SignBeforeEncrypt; element.LocalClientSettings.IdentityVerifier = new CustomIdentityVerifier(); element.SecurityHeaderLayout = SecurityHeaderLayout.Lax; element.IncludeTimestamp = false; binding.Elements.Add(element); binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8)); binding.Elements.Add(new HttpsTransportBindingElement()); EndpointAddress address = new EndpointAddress(new Uri("url")); ChannelFactory<MyPortTypeChannel> factory = new ChannelFactory<MyPortTypeChannel>(binding, address); ClientCredentials credentials = factory.Endpoint.Behaviors.Find<ClientCredentials>(); credentials.ClientCertificate.Certificate = myClientCert; credentials.ServiceCertificate.DefaultCertificate = myServiceCert; credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; service = factory.CreateChannel(); After this every request done to the service fails in client side (I can confirm my request is accepted by the service and a sane response is being returned) I always get the following exception MessageSecurityException: The security header element 'Timestamp' with the '' id must be signed. By looking at trace I can see that in the response there really is a timestamp element, but in the security section there is only a signature for body. Can I somehow make WCF to ingore the fact Timestamp isn't signed?

    Read the article

  • Error trying to set svn password on Hudson.

    - by Daniel Moura
    After filling the Repository URL, User name and password I get the following error. Does anyone knows how to fix it? No authentication was attemped. FAILED: svn: Operation cancelled org.tmatesoft.svn.core.SVNCancelException: svn: Operation cancelled at hudson.scm.SubversionSCM$DescriptorImpl.postCredential(SubversionSCM.java:1421) at hudson.scm.SubversionSCM$DescriptorImpl.doPostCredential(SubversionSCM.java:1317) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:160) at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:76) at org.kohsuke.stapler.MetaClass$1.doDispatch(MetaClass.java:73) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:436) at org.kohsuke.stapler.MetaClass$6.doDispatch(MetaClass.java:186) at org.kohsuke.stapler.NameBasedDispatcher.dispatch(NameBasedDispatcher.java:30) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:436) at org.kohsuke.stapler.Stapler.invoke(Stapler.java:354) at org.kohsuke.stapler.Stapler.service(Stapler.java:114) at javax.servlet.http.HttpServlet.service(HttpServlet.java:45) at winstone.ServletConfiguration.execute(ServletConfiguration.java:249) at winstone.RequestDispatcher.forward(RequestDispatcher.java:335) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:378) at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:91) at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:83) at winstone.FilterConfiguration.execute(FilterConfiguration.java:195) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84) at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76) at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:155) at winstone.FilterConfiguration.execute(FilterConfiguration.java:195) at winstone.RequestDispatcher.doFilter(RequestDispatcher.java:368) at winstone.RequestDispatcher.forward(RequestDispatcher.java:333) at winstone.RequestHandlerThread.processRequest(RequestHandlerThread.java:244) at winstone.RequestHandlerThread.run(RequestHandlerThread.java:150) at java.lang.Thread.run(Unknown Source)

    Read the article

  • Linking session state between servlets and EJBs?

    - by wilth
    Hello, I have servlets (in a web module) that access stateless EJB beans (in an EJB module). The EJB module is built using SEAM. Users can have different roles and the EJB services check this using Seam's Identity. I also use a customized Authenticator (although this might not be relevant here). I noticed problems with this approach and I'm suspecting that the session context in the servlets is not "linked" with the session context in the EJB beans. What I think happens is something like: User Joe access servlet A and is assigned Session W1. Servlet A calls a login function on an EJB, using the EJB session E1. Later, user Mary accesses servlet A and is assigned Session W2. When calling the EJBs, however, the EJB session E1 is used and therefore Mary is authenticated as Joe. What also happens is that when Joe is calling the servlet twice in rapid succession, the same session W1 is used, but two different sessions E1 and E2 in the business layer, causing errors. I might be wrong in my suspicion, but maybe I'm actually expecting these "sessions" to be linked together while they in fact are not. If this is true, is there any way of achieving this? I could - of course - use stateful beans and save the authentication information in the beans, but this would break the "Identity" concept of Seam (and in general, it would be preferable to be able to use the Session context in my EJB beans). Any help and pointers are very welcome - thanks! Technology: EJB3, Seam 2.1.2. The servlets are actually the server-side of a GWT app, although I don't think this matters much. I'm using JBoss 5.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 471 472 473 474 475 476 477 478 479 480 481 482  | Next Page >