Search Results

Search found 5866 results on 235 pages for 'authentication'.

Page 48/235 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

• Sharepoint asks for NTLM credentials for every unique URL. How do I stop it?

  - by CamronBute

  I'm tasked with troubleshooting a problem we're having with a SP2010 site. The app is external, and there are several clients that must connect. Some clients are receiving a crazy amount of credential requests when trying to log on. It appears to ask for every unique URL (eg. every different picture, link, etc) and it won't stop. Other clients are having no problems. I cannot seem to replicate the issue, either. I'm attempting to replicate by restricting all settings (including cookies) on my own browser, but to no avail. I put the HTTP request under a microscope, and it's asking for NTLM credentials. The client is using IE8, and the browser is running in Protected Mode, but the browser settings cannot be determined... I'm guessing this is a webserver thing, simply because it appears to be an authentication thing. What might the problem be?

  Read the article

• Possible? OpenVPN server requiring both certificate- AND password-based login (via Tomato router firmware)

  - by Eric

  I've been using Shibby's build of Tomato (64k NVRAM version) on my Asus N66U router in order to run an OpenVPN server. I'm curious whether it's possible to setup this OpenVPN server to require both a certificate AND a username/password before a user is allowed access. I noticed there's a "challenge password" entry when filling out the certificate details, but everyone says to leave it blank "or else"; I have no idea why, and I can't find an explanation. In addition, I've Google'd this issue a bunch and have noticed people talking about a PAM module for OpenVPN in order to authenticate via username/password, but that appeared to be an either/or option; in other words, I can force authentication via username/password OR certificate. I want to require both. Is this possible? If so, how?

  Read the article

• Single Sign on for RDS

  - by stumct

  I currently have an RDS farm which is used for running remote apps for a large group of users. When logging in these users must authenticate to the RDS web page to view their list of applications. Then they authenticate again upon clicking the application the require. How can I enable this to use the users current windows authentication so they do not have to log in at each step. Ideally since the user is logged in to their local machine with their windows account, they should not need to continuously authenticate.

  Read the article

• How do I make the PolicyKit authentication agent window not dissapear when I enter faulty password in Ubuntu 12.04?

  - by Petar

  As far as I remember in previous versions of Ubuntu, whenever authentication was required and when the PolicyKit authentication agent window was presented, it stayed there even after I would enter a faulty password. But now, whenever I make a mistake, the window is closed immediately. I find this behaviour irritating. For instance I use Synaptic rather frequently, and I prefer to start it using Synapse. I press Ctrl+Space to invoke Synapse, then I enter "syn" (s-shows SMplayer, sy- shows System Monitor) and than I press Enter so that Synaptic is invoked. Then I'm presented with the PolicyKit authentication agent window. As my password is rather complicated - using special characters and big letters, it's easy to make a mistake. If I do make a mistake while typing my password, I'm forced to redo all the previous steps. It's annoying as hell, knowing that this is not the way the PolicyKit authentication agent window behaved before. It used to warn me that the password was not correct and than wait for the correct input. I'm not sure if it allowed trying for the correct password indefinitely, or it was limited to 3 retries which is a much saner behaviour than the current one. I'm using Gnome 3, but the same thing happens in Unity too, although the window looks different.

  Read the article

• 407 Proxy Authentication Required

  - by Hemant Kothiyal

  I am working on a website, in which I am retrieving XML data from an external URL, using the following code WebRequest req = WebRequest.Create("External server url"); req.Proxy = new System.Net.WebProxy("proxyUrl:8080", true); req.Proxy.Credentials = CredentialCache.DefaultCredentials; WebResponse resp = req.GetResponse(); StreamReader textReader = new StreamReader(resp.GetResponseStream()); XmlTextReader xmlReader = new XmlTextReader(textReader); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(xmlReader); This code is working fine on my development PC (Windows XP with .Net 3.5) But when I deploy this code to IIS (Both at Windows XP and at Windows Server 2003) it's giving me following error "The remote server returned an error: (407) Proxy Authentication Required." Sometimes it gives me "The remote server returned an error: (502) Bad Gateway." Following code is from my web.config <system.net> <defaultProxy> <proxy usesystemdefault="False" proxyaddress ="http://172.16.12.12:8080" bypassonlocal ="True" /> </defaultProxy> </system.net> Please help me ? [Edit] Even when i run the website for devlopment PC but through IIS it gives me error "The remote server returned an error: (407) Proxy Authentication Required." But when i run website from Microsoft Devlopment server, it is running fine

  Read the article

• How to handle correctly HTTP Digest Authentication on iPhone

  - by Fabiano Francesconi

  Hello guys. I'm trying to upload a file onto my personal server. I've written a small php page that works flawlessy so far. The little weird thing is the fact that I generate all the body of the HTTP message I'm going to send (let's say that amounts to ~4 mb) and then I send the request to my server. The server, then, asks for an HTTP challenge and my delegate connection:didReceiveAuthenticationChallenge:challenge replies to the server with the proper credentials and the data. But, what's happened? The data has been sent twice! In fact I've noticed that when I added the progressbar.. the apps sends the data (4mb), the server asks for authentication, the apps re-sends the data with the authentication (another 4mb). So, at the end, I've sent 8mb. That's wrong. I started googling and searching for a solution but I can't figure out how to fix this. The case scenarios are two (my guess): Share the realm for the whole session (a minimal HTTP request, then challenge, then data) Use the synchronized way to perform an HTTP connection (things that I do not want to do since it seems an ugly way to handle this kind of stuff to me) Thank you

  Read the article

• How to connect to a queue manager with ssl enabled server connection channel when authentication is

  - by Dr. Xray

  I am trying to write a java application connecting to server connection channel with SSL enabled. So far, I have been successfully connected to the channel by setting authentication to 'optional'. However, when I set it to be 'required', the connection fails. Here is what I did: Create key db for queue manager and keystore for the java client user. Create key/self-signed certificates for the queue manager and the client user, with names prefixed ibmwebspheremq. Export, exchange and import certificates for the queue manager and the client. (I did answered 'yes' when being asked whether I trust the queue manager cert). The location and password to the truststore and keystore are set to point to the same keystore at the client side, where the orgininal created client user key and the imported queue manager key are. With other settings being the same, if I switch back to 'optional' authentication, the connection works. I think there is something I understand incorrectly about this ssl authenticaion but cannot figure out what. Could someone kindly help me?

  Read the article

• Question about MySQLdb, OS X 10.5, and authentication

  - by timpone

  I'm a noob at Python and have been having problems with MySQLdb and OS X Leopard 10.5. I have a php app that is doing db access just fine with pdo but also want to access with Python. When I use the same credentials with MySQLdb as php, I get the following error: File "build/bdist.macosx-10.5-i386/egg/MySQLdb/connections.py", line 188, in __init__ _mysql_exceptions.OperationalError: (1045, "Access denied for user 'arc_db'@'localhost' (using password: YES)") The authentication piece works fine on my ubuntu server (installed via apt-get) implying that it is something specific to my OS X MySQLdb install. Looking at some postings, I thought it would be my local build of MySQLdb which seems to be problematic with OS X. But I am able to import fine: Python 2.5.1 (r251:54863, Feb 6 2009, 19:02:12) [GCC 4.0.1 (Apple Inc. build 5465)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import MySQLdb >>> Also, wanting to create a positive, I am able to access and return results from a database tilted test_something (which presumably bypasses the MySQL's authtentication - not sure exactly how though). Trying to figure out a little more what is going on, I turn on logging for mysql and get the following (added my own comments): 100609 19:09:45 3 Connect Access denied for user 'arc_db'@'localhost' (using password: YES) //not worked 100609 19:10:02 4 Connect arc_db@localhost on arc_development //did work I'm not really sure what the 3 or 4 means but presumably a sucess or failue. So, I guess what would be the next step? Am I doing some obvious stupid python mistake (very likely)? Is there a better way for me to prove that this should / can be working? Is there any way to determine what MySQLdb is sending exactly in its authentication message to MySQL? thanks

  Read the article

• Authentication Error 401.2

  - by priya2010

  I have an application buit partially in classic asp and in c#. The authentication used as per the config file is windows. This is perfectly working. Now I have to authenticate the users against active directory. (ie. if any AD users requesting my application, it should authenticate the user (on login page load) and redirect to the application home page instead of showing login page) The login page is an asp page and I created an aspx page where the login.asp page will be redirected during page load to autheticate with Active Directory. I hav e disabled anonymous access in IIS and currently used only Integrated Windows Authentication. Also given permission to "Authenticated Users" in Permissions. While trying to access the login.asp page I am getting the following error. You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page. Click the Refresh button to try again with different credentials. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. Internet Information Services (IIS) Kindly help me to fix this issue. Thanks, Priya

  Read the article

• CURL - Problem with Authentication

  - by danit

  I need to add authentication to this function: function multiRequest($data, $options = array()) { // array of curl handles $curly = array(); // data to be returned $result = array(); // multi handle $mh = curl_multi_init(); // loop through $data and create curl handles // then add them to the multi-handle foreach ($data as $id => $d) { $curly[$id] = curl_init(); $url = (is_array($d) && !empty($d['url'])) ? $d['url'] : $d; curl_setopt($curly[$id], CURLOPT_URL, $url); curl_setopt($curly[$id], CURLOPT_HEADER, 0); curl_setopt($curly[$id], CURLOPT_RETURNTRANSFER, 1); // post? if (is_array($d)) { if (!empty($d['post'])) { curl_setopt($curly[$id], CURLOPT_POST, 1); curl_setopt($curly[$id], CURLOPT_POSTFIELDS, $d['post']); } } // extra options? if (!empty($options)) { curl_setopt_array($curly[$id], $options); } curl_multi_add_handle($mh, $curly[$id]); } // execute the handles $running = null; do { curl_multi_exec($mh, $running); } while($running > 0); // get content and remove handles foreach($curly as $id => $c) { $result[$id] = curl_multi_getcontent($c); curl_multi_remove_handle($mh, $c); } // all done curl_multi_close($mh); return $result; } I'm looking to add authentication to this function, something along these lines? curl_setopt($curly[$id], CURLOPT_USERPWD, "$username:$password"); Anyone help?

  Read the article

• TFS and Forms Authentication

  - by George

  I don't know squat about TFS, other than as a user who has performed simple check in/outs. I just installed it locally and would like to do joint development with a friend. I was having trouble making my TFS web site on port 8080 visible (the whole scoop is here if your interested) and I wonder if it could be related to the fact that TFS is probably using Windows Authentication to identify the user. Can TFS be set up to use forms authentication? We probably need to set up a VPN, though that's a learning curve too. To use TFS, do our machines have to belong to a domain? We're not admin types, though he is better than me, though I would be interested in any feedback or advice on which path is likely to pan out the best. I already got AxoSoft OneTime working in this type of an environment and it suits us well, but I am tempted at all the bells & whistles with TFS and the ability to tie tracked bug items to code changes. As far as finding a good way to share code, do sites like SourceForge allow one to keep code secure among members only?

  Read the article

• Kerberos and/or other authentication systems - One time logon for all PHP scripts

  - by devviedev

  I'm managing a set of web apps, almost exclusively written in PHP, and would like to find an authentication platform to build a role-based authorization system on top of. Also, I'd like the authentication system to be extensible to use for, for example, system services (SSH, etc.) Here are some of the main characteristics I'm looking for, in order of importance: Easy PHP implementation (storing/reading easily roles, etc.). Redundant, if possible. If an auth system goes down everyone is not locked out. Has clients for Windows and Mac. Easy web-based administration (adding/removing users/roles, changing passwords). If not, I can build an administration system without too much effort. One-time log on. I'd also like, when an auth token is issued, to store the user's IP address and use that to authorize the user for some non web-based applications. For that reason, I'd like a desktop client to issue the token and revoke tokens when, for example, the user becomes idle at their workstation. I'm thinking Kerberos might be a solution, but what are other options?

  Read the article

• How to make Facebook Authentication from Silverlight secure?

  - by SondreB

  I have the following scenario I want to complete: Website running some HTTP(S) services that returns data for a user. Same website is additionally hosting a Silverlight 4 app which calls these services. The Silverlight app is integrating with Facebook using the Facebook Developer Toolkit (http://facebooktoolkit.codeplex.com/). I have not fully decided whether I want Facebook-integration to be a "opt-in" option such as Spotify, or if I want to "lock" down my service with Facebook-only authentication. That's another discussion. How do I protect my API Key and Secret that I receive from Facebook in a Silverlight app? To me it's obvious that this is impossible as the code is running on the client, but is there a way I can make it harder or should I just live with the fact that third parties could potentially "act" as my own app? Using the Facebook Developer Toolkit, there is a following C# method in Silverlight that is executed from the JavaScript when the user has fully authenticated with Facebook using the Facebook Connect APIs. [ScriptableMember] public void LoggedIn(string sessionKey, string secret, int expires, long userId) { this.SessionKey = sessionKey; this.UserId = userId; Obvious the problem here is the fact that JavaScript is injection the userId, which is nothing but a simple number. This means anyone could potentially inject a different userId in JavaScript and have my app think it's someone else. This means someone could hijack the data within the services running on my website. The alternative that comes to mind is authenticating the users on my website, this way I'm never exposing any secrets and I can return an auth-cookie to the users after the initial authentication. Though this scenario doesn't work very well in an out-of-browser scenario where the user is running the Silverlight app locally and not from my website.

  Read the article

• .NET 4.0 Forms Authentication change?

  - by James Koch

  I'm seeing some new behavior in Forms Authentication after upgrading to .NET 4.0. This occurs only on IIS 6, not on 7. Background - In web.config, we configure Forms Authentication, and then use <authorization tags to globally deny anonymous/unauthenticated users access. Then we explicitly allow access to a login.aspx page using a <location tag. Generally, this works fine, as it did when we were on .NET 2.0 (3.5). The issue only occurs when we visit the root path of the site, ie "http://myserver/". Our default document is configured in IIS to be login.aspx. Under .NET 4.0, upon visiting that URL, we're redirected to "http://myserver/login.aspx?ReturnUrl=/". If you log in from here, you're logged in and returned back at the log in page (yuck). Just wanted to post this here to see if anyone else is experiencing this. It's not listed on any "breaking changes" documentation I've been able to find. Either I'm missing something, or the UrlAuthorization module has changed and is no longer "smart" about IIS default documents.

  Read the article

• Caching Authentication Data

  - by PartlyCloudy

  Hi, I'm currently implementing a REST web service using CouchDB and RESTlet. The RESTlet layer is mainly for authentication and some minor filtering of the JSON data served by CouchDB: Clients <= HTTP = [ RESTlet <= HTTP = CouchDB ] I'm using CouchDB also to store user login data, because I don't want to add an additional database server for that purpose. Thus, each request to my service causes two CouchDB requests conducted by RESTlet (auth data + "real" request). In order to keep the service as efficent as possible, I want to reduce the number of requests, in this case redundant requests for login data. My idea now is to provide a cache (i.e.LRU-Cache via LinkedHashMap) within my RESTlet application that caches login data, because HTTP caching will probabily not be enough. But how do I invalidate the cache data, once a user changes the password, for instance. Thanks to REST, the application might run on several servers in parallel, and I don't want to create a central instance just to cache login data. Currently, I save requested auth data in the cache and try to auth new requests by using them. If a authentication fails or there is now entry available, I'll dispatch a GET request to my CouchDB storage in order to obtain the actual auth data. So in a worst case, users that have changed their data will perhaps still be able to login with their old credentials. How can I deal with that? Or what is a good strategy to keep the cache(s) up-to-date in general? Thanks in advance.

  Read the article

• facebook authentication / login trouble

  - by salmane

  I have setup facebook authentication using php and it goes something like this first getting the authorization here : https://graph.facebook.com/oauth/authorize?client_id=<?= $facebook_app_id ?>&redirect_uri=http://www.example.com/facebook/oauth/&scope=user_about_me,publish_stream then getting the access Token here : $url = "https://graph.facebook.com/oauth/access_token?client_id=".$facebook_app_id."&redirect_uri=http://www.example.com/facebook/oauth/&client_secret=".$facebook_secret."&code=".$code;" function get_string_between($string, $start, $end){ $string = " ".$string; $ini = strpos($string,$start); if ($ini == 0) return ""; $ini += strlen($start); $len = strpos($string,$end,$ini) - $ini; return substr($string,$ini,$len); } $access_token = get_string_between(file_get_contents($url), "access_token=", "&expires="); then getting user info : $facebook_user = file_get_contents('https://graph.facebook.com/me?access_token='.$access_token); $facebook_id = json_decode($facebook_user)->id; $first_name = json_decode($facebook_user)->first_name; $last_name = json_decode($facebook_user)->last_name; this is pretty ugly ( in my opinion ) but it works....how ever....the user is still not logged in...because i did not create or retrieve any session variables to confirm that the user is logged in to facebook... which means that after getting the authentication done the use still has to login .... first: is there a better way using php to do what i did above ? second: how do i set/ get session variable / cookies that ensure that the user doesnt have to click login thanks for your help

  Read the article

• http authentication fails in cucumber when adding @javascript tag

  - by JESii

  I have a feature in my Rials app that works just fine with the message "Responds to browser_basic_authorize" from the Background Given step. However, if I add a @javascript tag before the scenario, then my Background Given fails with "I don't know how to login". What's going wrong and how do I go about testing javascrpt interactions on my app? Background: Given I perform HTTP authentication as "<id>/<password>" When I go to the homepage Then I should see "Text-that-you-should-see-on-your-home-page" Scenario: Displaying injury causative factors Given I am on the new_incident_report page When I choose "incident_report_employee_following_procedures_true" Then I should see "Equipment failure?" Then I should not see "Lack of training" When /^I perform HTTP authentication as "([^\"]*)\/([^\"]*)"$/ do |username, password| puts "id/pswd: #{username}/#{password}" ### Following works ONLY if performed first before even going to a page!!! if page.driver.respond_to?(:basic_auth) puts 'Responds to basic_auth' page.driver.basic_auth(username, password) elsif page.driver.respond_to?(:basic_authorize) puts 'Responds to basic_authorize' page.driver.basic_authorize(username, password) elsif page.driver.respond_to?(:browser) && page.driver.browser.respond_to?(:basic_authorize) puts 'Responds to browser_basic_authorize' page.driver.browser.basic_authorize(username, password) else raise "I don't know how to log in!" end end Rails 3.0.9, current gems, other tests passing.

  Read the article

• Login Problem Windows Authentication

  - by user109280

  Duplicate of: http://stackoverflow.com/questions/881928/windows-authentication-trusted-connection-problem I logged in the Windows Server(Machine 1) as "abc\user1 ". Windows Server machine is in abc domain. MSSQL Server is in the "abc" domain on Machine 1 and have mixed mode.authentication. It has account "abc\user1 " and "abc\user2 ". Both has role of sysadmin and serveradmin. I logged in another machine(Machine 2) using "abc\user2 ". Same Domain. Run the ant which connect to MSSQL Server. URL is formed as follows. jdbc:sqlserver://%DB_IP%:%DB_PORT%;SelectMethod=cursor;integratedSecurity=true;DatabaseName=dbname; 1) From Machine 2, If I use "abc\user2" credential for connection, then it works fine. since integratedSecurity=true. 2) From Machine 2, If I use "abc\user1" credential for connection, then it doesn't fine, since integratedSecurity=true and take System Credentials i.e "abc\user2". Even if I make integratedSecurity=false , then also it doesn't connect using "abc\user1" What changes to URL I have make to work for "abc\user1" from Machine2 for connection. what properties to be added in url? OR Driver doesn't support to use another domain\User Credentials? What need to set on MSSQL Server ?? Deepak

  Read the article

• Integrated Windows authentication in IIS causing ADO.NET failure

  - by TrueWill

  We have a .NET 3.5 Web Service running under IIS. It must use identity impersonate="true" and Integrated Windows authentication in order to authenticate to third-party software. In addition, it connects to a SQL Server database using ADO.NET and SQL Server Authentication (specifying a fixed User ID and Password in the connection string). Everything worked fine until the database was moved to another SQL Server. Then the Web Service would throw the following exception: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) This error only occurs if identity impersonate is true in the Web.config. Again, the connection string hasn't changed and it specifies the user. I have tested the connection string and it works, both under the impersonated account and under the service account (and from both the remote machine and the server). What needs to be changed to get this to work with impersonation?

  Read the article

• Cross-Application User Authentication

  - by Chris Lieb

  We have a webapp written in .NET that uses NTLM for SSO. We are writing a new webapp in Java that will tightly integrate with the original application. Unfortunately, Java has no support for performing the server portion of NTLM authentication and the only library that I can find requires too much setup to be allowed by IT. To work around this, I came up with a remote authentication scheme to work across applications and would like your opinions on it. It does not need to be extremely secure, but at the same time not easily be broken. User is authenticated into .NET application using NTLM User clicks link that leaves .NET application .NET application generates random number and stores it in the user table along with the user's full username (domain\username) Insecure token is formed as random number:username Insecure token is run through secure cipher (likely AES-256) using pre-shared key stored within the application to produce a secure token The secure token is passed as part of the query string to the Java application The Java application decrypts the secure key using the same pre-shared key stored within its own code to get the insecure token The random number and username are split apart The username is used to retrieve the user's information from the user table and the stored random number is checked against the one pulled from the insecure token If the numbers match, the username is put into the session for the user and they are now authenticated If the numbers do not match, the user is redirected to the .NET application's home page The random number is removed from the database

  Read the article

• Codeigniter Inputting session data from model for a simple authentication system

  - by user1616244

  Trying to put together a simple login authentication. Been at this for quite sometime, and I can't find where I'm going wrong. Pretty new to Codeigniter and OOP PHP. I know there are authentication libraries out there, but I'm not interested in using those. Model: function login($username, $password){ if ($this->db->table_exists($username)){ $this->db->where('username', $username); $this->db->where('password', $password); $query = $this->db->get($username); if($query->num_rows >= 1) { return true; $data = array( 'username' => $this->input->post('username'), 'login' => true ); $this->session->set_userdata($data); } } } Controller function __construct(){ parent::__construct(); $this->logincheck(); } public function logincheck(){ if ($this->session->userdata('login')){ redirect('/members'); } } If I just echo from the controller: $this-session-all_userdata(); I get an empty array. So the problem seems to be that the $data array in the model isn't being stored in the session.

  Read the article

• ASP.Net FormsAuthentication Redirect Loses the cookie between Redirect and Application_AuthenticateR

  - by Joel Etherton

  I have a FormsAuthentication cookie that is persistent and works independently in a development, test, and production environment. I have a user that can authenticate, the user object is created, the authentication cookie is added to the response: 'Custom object to grab the TLD from the url authCookie.Domain = myTicketModule.GetTopLevelDomain(Request.ServerVariables("HTTP_HOST")) FormsAuthentication.SetAuthCookie(authTicket.Name, False) Response.SetCookie(authCookie) The user gets processed a little bit to check for a first time login, security questions, etc, and is then redirected with the following tidbit: Session.Add("ForceRedirect", "/FirstTimeLogin.aspx") Response.Redirect("~/FirstTimeLogin.aspx", True) With a debug break, I can verify that the cookie collection holds both a cookie not related to authentication that I set for a different purpose and the formsauthentication cookie. Then the next step in the process occurs at the ApplicationAuthenticateRequest in the global.asax: Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs) Dim formsCookieName As String = myConfigurationManager.AppSettings("FormsCookieName") Dim authCookie As HttpCookie = Request.Cookies(formsCookieName) At this point, for this ONE user authCookie is nothing. I have 15,000 other users who are not impacted in this manner. However, for one user the cookie just vanishes without a trace. I've seen this before with w3wp.exe exceptions, state server exceptions and other IIS process related exceptions, but I'm getting no exceptions in the event log. w3wp.exe is not crashing, the state server has some timeouts but they appear unrelated (as verified by timestamps) and it only happens to this one user on this one domain (this code is used across 2 different TLDs with approximately 10 other subdomains). One avenue I'm investigating is that the cookie might just be too large. I would think that there would be a check for the size of the cookie going into the response, and I wouldn't think it would impact it this way. Any ideas why the request might dumping the cookie? NOTE: The secondary cookie I mentioned that I set also gets dumped (and it's very tiny). EDIT-NOTE: The session token is NOT lost when this happens. However, since the authentication cookie is lost, it is ignored and replaced on a subsequent login.

  Read the article

• Why would Basic Auth not work with my WCF client to Java SOAP Web Service?

  - by orj

  I have a Java based web service that requires basic authentication to communicate with it. If I type the WSDL url into my browser I'm prompted for Basic Auth. Which I can get by entering the correct credentials. However using my WCF client doesn't work. I construct my WCF client like this: var binding = new BasicHttpBinding { MaxReceivedMessageSize = 2048 * 10240, Security = { Mode = BasicHttpSecurityMode.TransportCredentialOnly, Transport = { ClientCredentialType = HttpClientCredentialType.Basic, Realm = "MYREALM", ProxyCredentialType = HttpProxyCredentialType.None }, Message = { ClientCredentialType = BasicHttpMessageCredentialType.UserName, AlgorithmSuite = SecurityAlgorithmSuite.Default } } }; var client = new WebServiceClient(binding, endpoint); client.ClientCredentials.UserName.UserName = username; client.ClientCredentials.UserName.Password = password; client.DoWebServiceMethod(); I get the following exception. System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm="MYREALM"'. From what I can tell I'm doing things right. Where am I going wrong?

  Read the article

• Different users get the same value in .ASPXANONYMOUS

  - by Malcolm Frexner

  My site allows anonymous users. I saw that under heavy load user get sometimes profile values from other users. This happens for anonymous users. I logged the access to profile data: /// <summary> /// /// </summary> /// <param name="controller"></param> /// <returns></returns> public static string ProfileID(this Controller controller ) { if (ApplicationConfiguration.LogProfileAccess) { StringBuilder sb = new StringBuilder(); (from header in controller.Request.Headers.ToPairs() select string.Concat(header.Key, ":", header.Value, ";")).ToList().ForEach(x => sb.Append(x)); string log = string.Format("ip:{0} url:{1} IsAuthenticated:{2} Name:{3} AnonId:{4} header:{5}", controller.Request.UserHostAddress, controller.Request.Url.ToString(), controller.Request.IsAuthenticated, controller.User.Identity.Name, controller.Request.AnonymousID, sb); _log.Debug(log); } return controller.Request.IsAuthenticated ? controller.User.Identity.Name : controller.Request.AnonymousID; } I can see in the log that user realy get the same cookievalue for .ASPXANONYMOUS even if they have different IP. Just to be safe I removed dependency injection for the FormsAuthentication. I dont use OutputCaching. My web.config has this setting for authentication: <anonymousIdentification enabled="true" cookieless="UseCookies" cookieName=".ASPXANONYMOUS" cookieTimeout="30" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" /> <authentication mode="Forms"> <forms loginUrl="~/de/Account/Login" /> </authentication> Does anybody have an idea what else I could log or what I should have a look at?

  Read the article

• Error getting twitter request token using OAuth and PEAR Services_Twitter

  - by Onema

  Hello, I am moving from the basic authentication method using username and password to the OAuth based authentication. I was using an old version of the pear package Services_Twitter, that did not support OAuth. The latest version of this package supports OAuth authentications, it has a few dependencies (HTTP_Request2, HTTP_OAuth). It was very simple to install them and upgrade the package. I did all this my local machine and had no trouble getting the authentication up and running. I committed this code to the test site, but every time the code request a "request token" I get the following error message "Unable to connect to ssl://api.twitter.com:443. Error #0" I have spend 6 hours making sure that all the pear packages where up to date, checking the customer token and token secret, making sure port 443 is not closed... in addition to various other test. I have exhausted my resources and I come to you in hope to find some answers. Thank you PD: One of the things I do not understand is why does the message says that the url is ssl://api.twitter.com:443 rather than https://api.twitter.com/request_token? the former one is the one I am using to get the request token.

  Read the article

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >