Search Results

Search found 1466 results on 59 pages for 'authenticate'.

Page 49/59 | < Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56 | Next Page >

NIS password mapping question

- by papoyan

I have NIS server with user "techsupport", which has uid/gid = 517 I've configured NIS and NFS on that server, as well as NFS/NIS client on the remote web server. Now I need to techsupport user to be able to login to web server using techsupport username, but HAVE root privileges. I need this, so I can easily track, which support agent doing what on the web server. Everything works fine, when from NIS server, I ssh to the web server with tech support user nisserver# ssh [email protected] I can authenticate against the NIS server just fine, and my home directory that is on NIS server, get's mounted on web server just fine. The Only two problems I have are : my GID on web server is webserver# id uid=517(techsupport) gid=517(client_jonny) groups=517(client_jonny) (as you can see, that it picked up gid of a client that exists on the web server, since it's same number) I need to make sure, that my "techsupport" user has ROOT privileges. How can I achieve this? I remember that I've seen identical results elsewhere, but LDAP was used, is there a way to achieve this with NIS/NFS setup? Thank you in advance,

Read the article
How do php apps identify a user after the session has timed out?

- by Bill Zimmerman

I am trying to understand how PHP apps check to see if a user is logged in. I am specifically looking at mediawiki's code to try to help me understand, but these cases should be fairly common in all php apps. From what I gather, the main cases are: A user just logged in or was created, every time they visit the page PHP knows its them by checking data common to the $_SESSION variable and the cookie. A user had the 'remember me' option checked on the login page a long time ago. They have a cookie on there computer with a tokenID, which is checked with a token on the server to authenticate them. In this case, there is no session variable, because the time between accesses could be weeks. My question is, what happens when a user is logged in, but the PHP session times out and he wants to access a page? I would have assumed that there is no easy way for the server to know who the person is - and that they would have to be redirected to the login page. However, mediawiki does just that. I've verified that the session files are deleted after X minutes, but when I hit refresh in mediawiki, it knows which user I am, and the 'token' variable is not included in the cookie.

Read the article
ETL , Esper or Drools?

- by geoaxis

Hello, The question environment relates to JavaEE, Spring I am developing a system which can start and stop arbitrary TCP (or other) listeners for incoming messages. There could be a need to authenticate these messages. These messages need to be parsed and stored in some other entities. These entities model which fields they store. So for example if I have property1 that can have two text fields FillLevel1 and FillLevel2, I could receive messages on TCP which have both fill levels specified in text as F1=100;F2=90 Later I could add another filed say FillLevel3 when I start receiving messages F1=xx;F2=xx;F3=xx. But this is a conscious decision on the part of system modeler. My question is what do you think is better to use for parsing and storing the message. ETL (using Pantaho, which is used in other system) where you store the raw message and use task executor to consume them one by one and store the transformed messages as per your rules. One could use Espr or Drools to do the same thing , storing rules and executing them with timer, but I am not sure how dynamic you could get with making rules (they have to be made by end user in a running system and preferably in most user friendly way, ie no scripts or code, only GUI) The end user should be capable of changing the parse rules. It is also possible that end user might want to change the archived data as well (for example in the above example if a new value of FillLevel is added, one would like to put a FillLevel=-99 in the previous values to make the data consistent). Please ask for explanations, I have the feeling that I need to revise this question a bit. Thanks

Read the article
Twitter OAuth, Error when trying to POST direct message.

- by Darxval

So I am building a java script that is used in conjunction of my C++ application for sending direct messages to users. the script does the work of building the request that i send. When i send a request i receive "Incorrect signature" or "can not authenticate you" Does anyone see something i am missing or am doing wrong? I am continuing to investigate. Thank you in advance Javascript: var nDate = new Date(); var epoch = nDate.getTime(); var nounce = ""; nounce = Base64.encode(epoch+randomString()); var Parameters = [ "oauth_consumerkey="+sConsumerKey, "oauth_nonce="+nounce, "oauth_signature_method=HMAC-SHA1", "oauth_timestamp="+epoch, "oauth_token="+sAccessToken, "oauth_version=1.0", "text="+sText, "user="+sUser]; var SortedParameters = Parameters.sort(); var joinParameters = SortedParameters.join("&"); var encodeParameters = escape(joinParameters); signature_base_string = escape("POST&"+NormalizedURL+"&"+encodeParameters); signature_key = sConsumerSecret+"&"+sAccessSecret; signature = Base64.encode(hmacsha1(signature_base_string,signature_key)); sAuthHeader = " OAuth realm=, oauth_nonce="+nounce+", oauth_timestamp="+epoch+", oauth_consumer_key="+sConsumerKey+", oauth_signature_method=HMAC-SHA1, oauth_version=1.0, oauth_signature="+signature+", oauth_token="+sAccessToken+", text="+sText; goNVOut.Set("Header.Authorization: ", sAuthHeader);

Read the article
Form Based Authentication problem?

- by programmerist

i have 2 pages : Login.aspx and Satis.aspx. i redirected from Login.aspx to Satis.aspx if authentication is correct . if i signout from satis i redirected to Login.aspx. But if i write satis.aspx' url on web scanner i entered satis.aspx. But i am not sign in Satis.aspx. i should't enter Satis.aspx directly. my web config: <authentication mode="Forms"> <forms loginUrl="Login.aspx" name=".ASPXFORMSAUTH" path="/" protection="All"> <credentials> <user name="a" password="a"></user> </credentials> </forms> </authentication> <authorization> <allow users="*"/> </authorization> </system.web> <location path="~/ContentPages/Satis/Satis.aspx"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> Login.aspx.cs: protected void lnkSubmit_Click(object sender, EventArgs e) { if(FormsAuthentication.Authenticate(UserEmail.Value,UserPass.Value)) { FormsAuthentication.RedirectFromLoginPage (UserEmail.Value, PersistForms.Checked); } else Msg.Text = "Invalid Credentials: Please try again"; } Satis.aspx protected void LogoutSystem_Click(object sender, EventArgs e) { FormsAuthentication.SignOut(); Response.Redirect("~/Login/Login.aspx"); }

Read the article
Rails user authorization

- by Zachary

I am currently building a Rails app, and trying to figure out the best way to authenticate that a user owns whatever data object they are trying to edit. I already have an authentication system in place (restful-authentication), and I'm using a simple before_filter to make sure a user is logged in before they can reach certain areas of the website. However, I'm not sure the best way to handle a user trying to edit a specific piece of data - for example lets say users on my site can own Books, and they can edit the properties of the book (title, author, pages, etc), but they should only be able to do this for Books that -they- own. In my 'edit' method on the books controller I would have a find that only retrieved books owned by the current_user. However, if another user knew the id of the book, they could type in http://website.com/book/7/edit , and the controller would verify that they are logged in, then show the edit page for that book (seems to bypass the controller). What is the best way to handle this? Is it more of a Rails convention routing issue that I don't understand (being able to go straight to the edit page), or should I be adding in a before_find, before_save, before_update, etc callbacks to my model?

Read the article
Unit testing and mocking email sender in Python with Google AppEngine

- by CVertex

I'm a newbie to python and the app engine. I have this code that sends an email based on request params after some auth logic. in my Unit tests (i'm using GAEUnit), how do I confirm an email with specific contents were sent? - i.e. how do I mock the emailer with a fake emailer to verify send was called? class EmailHandler(webapp.RequestHandler): def bad_input(self): self.response.set_status(400) self.response.headers['Content-Type'] = 'text/plain' self.response.out.write("<html><body>bad input </body></html>") def get(self): to_addr = self.request.get("to") subj = self.request.get("subject") msg = self.request.get("body") if not mail.is_email_valid(to_addr): # Return an error message... # self.bad_input() pass # authenticate here message = mail.EmailMessage() message.sender = "[email protected]" message.to = to_addr message.subject = subj message.body = msg message.send() self.response.headers['Content-Type'] = 'text/plain' self.response.out.write("<html><body>success!</body></html>") And the unit tests, import unittest from webtest import TestApp from google.appengine.ext import webapp from email import EmailHandler class SendingEmails(unittest.TestCase): def setUp(self): self.application = webapp.WSGIApplication([('/', EmailHandler)], debug=True) def test_success(self): app = TestApp(self.application) response = app.get('http://localhost:8080/[email protected]&body=blah_blah_blah&subject=mySubject') self.assertEqual('200 OK', response.status) self.assertTrue('success' in response) # somehow, assert email was sent

Read the article
NTLM Authentication fails when behind Proxy server

- by Jan Petersen

Hi All, I've seen a number of post about consuming Web Services from behind a proxy server, but none that seams to address this problem. I'm building a desktop application, using Java, JAX-WS in NetBeans. I have a working prototype, that can query the server for authentication mode, successfully authenticate and retrieve a list of web site. However, if I run the same app from a network that is behind a proxy server (the proxy does not require authentication), then I'm running into trouble. I have sniffed the traffic, and noticed the following: Behind Proxy # Result Protocol Host URL 1 200 HTTP host.domain.com /_vti_bin/Authentication.asmx 2 401 HTTP host.domain.com /_vti_bin/Webs.asmx 3 401 HTTP host.domain.com /_vti_bin/Webs.asmx 4 401 HTTP host.domain.com /_vti_bin/Webs.asmx 5 401 HTTP host.domain.com /_vti_bin/Webs.asmx Without Proxy # Result Protocol Host URL 1 200 HTTP host.domain.com /_vti_bin/Authentication.asmx 2 401 HTTP host.domain.com /_vti_bin/Webs.asmx 3 401 HTTP host.domain.com /_vti_bin/Webs.asmx 4 401 HTTP host.domain.com /_vti_bin/Webs.asmx 5 401 HTTP host.domain.com /_vti_bin/Webs.asmx 6 200 HTTP host.domain.com /_vti_bin/Webs.asmx When running the code from a network without a proxy server, I successfully Authentication with the server, but when I'm behind the proxy server, the traffic is cut-off at the 5th message, and thus don't succeed. I know from the Java docs that On Microsoft Windows platforms, NTLM authentication attempts to acquire the user credentials from the system without prompting the user's authenticator object. If these credentials are not accepted by the server then the user's authenticator will be called. Given that my Authentication code is called only ones, and only as the 5th attempt, it appears as if the connection is dropped when behind the proxy server before my Authentication object is used. Is there any way I can control the behavior of Authentication module, to not have it use the system credentials? I have put the source text java class files of a demo app up, showing the issue at the following urls (it's a bit to long even in the short demo form to post here). link text Br Jan

Read the article
BITS, TakeOwnership, and Kerberos / Windows Integrated Authentication

- by Charlie Flowers

We're using BITS to upload files from machines in our retail locations to our servers. BITS will stop transferring a file if the user who owns the BITS job logs off. Therefore, we're using a Windows Service running as LocalSystem to submit the jobs to BITS and be the job owner. This allows transfers to continue 24/7. However, it raises a question about authentication. We want the BITS server extensions in IIS to use Kerberos to authenticate the client machine. As far as I can tell, that leaves us with only 2 options, both of which are not ideal: Either we create an "ImageUploader" account and store its username/password in a config file that the Windows Service uses as credentials for the BITS job, or we ask the logged on user who creates the BITS job for his password, and then use his credentials for the BITS job. I guess the third option is not to use Kerberos, and maybe go with Basic Auth plus SSL. I'm sure I'm wrong and there's a better option. Is there? Thanks in advance.

Read the article
Standardizing a Release/Tools group on a specific language

- by grahzny

I'm part of a six-member build and release team for an embedded software company. We also support a lot of developer tools, such as Atlassian's Fisheye, Jira, etc., Perforce, Bugzilla, AnthillPro, and a couple of homebrew tools (like my Django release notes generator). Most of the time, our team just writes little plugins for larger apps (ex: customize workflows in Anthill), long-term utility scripts (package up a release for QA), or things like Perforce triggers (don't let people check into a specific branch unless their change description includes a bug number; authenticate against Active Directory instead of Perforce's internal passwords). That's about the scale of our problems, although we sometimes tackle something slightly more sizable. My boss, who is reasonably technical, has asked us to standardize on one or two languages so we can more easily substitute for each other. He's advocating bash scripts and Perl, due to their universality and simplicity. I can see his point--we mostly do "glue", so why not use "glue" languages rather than saddle ourselves with something designed for much larger projects? Since some of the tools we work with are Java-based, we do need to use something that speaks JVM sometimes. (The path of least resistance for these projects is BeanShell and Groovy.) I feel a tremendous itch toward language advocacy, but I'm trying to avoid saying "We should use Python 'cause I like it and Perl is gross." Instead, I'm trying to come up with a good approach to defining our problem set: what problems do we solve with scripts? Would we benefit from a library of common functions by our team, or are most of our projects more isolated? What is it reasonable to expect my co-workers to learn? What languages give us the most ease of development and ease of modification? Can you folks suggest some useful ways to approach this problem, both for my own thinking process and to help me facilitate some brainstorming among my coworkers?

Read the article
SWFUpload Authentication

- by durilai

I am using SWFUpload to do file uploading in a ASP.NET MVC 1.0 website. It is working fine, but I am not able to authenticate the upload method. The HttpContext.User.Identity.Name returns an empty string. I am assuming this is because the Flash movie is making the post. I am also using the wrapper provided here: http://blog.codeville.net/2008/11/24/jquery-ajax-uploader-plugin-with-progress-bar/. The controller action below gets fired, but as mentiond above the user object is not passed. Any help is appreciated! View HTML <form enctype="multipart/form-data" method="post" action="/Media/Upload/Photo"> <input type="file" id="userPhoto_Photo" name="userPhoto_Photo" /> </form> Javascript $(function() { $("#userPhoto").makeAsyncUploader({ upload_url: '/Media/Upload', flash_url: '<%= Url.Content("~/Content/Flash/swfUpload-2.2.0.1.swf") %>', file_size_limit: '1 MB', file_types: '*.jpg; *.png; *.gif', button_action: SWFUpload.BUTTON_ACTION.SELECT_FILE, button_width: 210, button_height: 35, button_image_url: '<%= Url.Content("~/Content/Images/UploadPhoto.png") %>', button_text: '', button_cursor: SWFUpload.CURSOR.HAND, button_window_mode: SWFUpload.WINDOW_MODE.TRANSPARENT }); }); Controller Action [AcceptVerbs(HttpVerbs.Post)] public ActionResult Upload() { if (Request.Files.Count == 1) { //Upload work } return RedirectToAction("Index", "Profile"); }

Read the article
Possible to have multiple Profiles in ASP.NET for different users?

- by asple

My application has a few different user types with their own members. For example, I have the student user as well as the teacher user. I authenticate my users through active directory in my custom MembershipProvider's ValidateUser method. While querying AD, I pull out all their relevant information. I'd like to put that information into a Profile, but from what I've read and the examples I've sen, you can only define a single Profile (like so): <profile defaultProvider="CustomProfileProvider" enabled="true"> <properties> <add name="YearLevel" type="String" /> <add name="Name" type="String" /> <add name="Age" type="String" /> </properties> </profile> The above profile would work for a student, but not for a teacher, who does not have a value for "YearLevel" in AD. Is it possible to have multiple profiles to accomplish this? Or is it easier to add all properties from AD spanning all user types, then in my code, just check what user type they are and then access their specific properties?

Read the article
How to handle SalesForce WSDL files for sandbox and production sites in ASP.Net?

- by Traveling Tech Guy

I need to authenticate users and get info about them from an ASP.Net application. Since I have 2 sites (sandbox, production) and 2 org IDs - I needed to generate 2 SalesForce WSDL files. I diffed the 2 files (each about 600kb in size) and while they are 95% the same, there are enough differences strewn all over the place - enough for me to need to use them both. I added both as web references to my solution, and here's where my problem starts.Obviously, I cannot use both references in the same file, as they contain the same classes/functions. I had to write a quick-and-dirty solution over the weekend, so I just created 2 classes - each using a different web reference - but otherwise the exact functionality, and I use the appropriate one, based on the URL the user is coming from. This works well, but strikes me as a bad (read: quick-and-dirty) solution. My question: is there any way to do one or more of the following: change the web reference on the fly? use both web references in the same file, but put one in a different namespace? find a better solution to the whole situation? I nd up with a huge XmlSerializer.dll (3mb!) - probably due to using both huge WSDL files. Thanks for your time.

Read the article
Modify loggingConfiguration Programmatic (enterprise library)

- by alhambraeidos

Hi all, I have app.config in m win application, and loggingConfiguration section (enterprise library 4.1). I need do this programatically, Get a list of all listener in loggingConfiguration Modify property fileName=".\Trazas\Excepciones.log" of several RollingFlatFileTraceListener's Modify several properties of AuthenticatingEmailTraceListener listener, Any help, please, I havent found any reference or samples Thanks in advanced. Greetings <listeners> <add name="Excepciones RollingFile Listener" fileName=".\Trazas\Excepciones.log" formatter="Text Single Formatter" footer="</Excepcion>" header="<Excepcion>" rollFileExistsBehavior="Overwrite" rollInterval="None" rollSizeKB="1500" timeStampPattern="yyyy-MM-dd" listenerDataType="Microsoft.Practices.EnterpriseLibrary.Logging.Configuration.RollingFlatFileTraceListenerData, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" traceOutputOptions="None" filter="All" type="Microsoft.Practices.EnterpriseLibrary.Logging.TraceListeners.RollingFlatFileTraceListener, Microsoft.Practices.EnterpriseLibrary.Logging, Version=4.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <add name="AuthEmailTraceListener" type="zzzz.Frk.Logging.AuthEmailTraceListener.AuthenticatingEmailTraceListener, zzzz.Frk.Logging.AuthEmailTraceListener" listenerDataType="zzzz.Frk.Logging.AuthEmailTraceListener.AuthenticatingEmailTraceListenerData, zzzz.Frk.Logging.AuthEmailTraceListener" formatter="Exception Formatter" traceOutputOptions="None" toAddress="[email protected]" fromAddress="[email protected]" subjectLineStarter=" Excepción detectada - " subjectLineEnder="incidencias" smtpServer="smtp.gmail.com" smtpPort="587" authenticate="true" username="[email protected]" password="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" enableSsl="true" />

Read the article
Google App Engine - Uploading blobs and authentication

- by Keyur

(I tried asking this on the GAE forums but didn't get an answer so am trying it here.) Currently to upload blobs, the app engine's blob store service creates a unique one- time URL that a user can post blobs to. My requirement is that I only want authenticated / authorized users to post blobs in my application. I can achieve this currently if the page that includes the multipart form to upload blobs is in my application. However, I am looking to providing a "REST API" for my users to upload their blobs. While it is true that the one-time nature of the upload URL mitigates the chances of rogue use but it's still possible. I was wondering if there is anyone on the app engine team here that can consider a feature where developers can register an upload listener. (Or if there is already a way, I'll be all ears). A standard servlet filter could also potentially do the job. This will give us an opportunity to authenticate / validate / decorate requests before the request gets forwarded to the blob store service. Thanks, Keyur

Read the article
What is the best way to extend restful_authentication/AuthLogic to support lazy logins by an anonymo

- by Kevin Elliott

I'm building an iPhone application that talks to a Ruby on Rails backend. The Ruby on Rails application will also service web users. The restful_authentication plugin is an excellent way to provide quick and customizable user authentication. However, I would like users of the iPhone application to have an account created automatically by the phone's unique identifier ([[UIDevice device] uniqueIdentifier]) stored in a new column. Later, when users are ready to create a username/password, the account will be updated to contain the username and password, leaving the iPhone unique identifier intact. Users should not be able to access the website until they've setup their username/password. They can however, use the iPhone application, since the application can authenticate itself using it's identifier. What is the best way to modify restful_authentication to do this? Create a plugin? Or modify the generated code? What about alternative frameworks, such as AuthLogic. What is the best way to allow iPhones to get a generated auth token locked to their UUID's, but then let the user create a username/password later?

Read the article
How to do logout functionality in C# smart device application?

- by Shailesh Jaiswal

I am developng Smart device application in C#. It is a window application. In this application I am using Login form to authenticate the users. Only authenticated users can login into the system. In this application I am calling java web services which resides on another machine. I am passing mobile number & password from mu application's login form to the java web services. The java web services returns the userid after successful authentication. I made this userid static so that it can be used frequently with other web services. I using statc variables in this application so that they can be used at application level. After deploying the application I can see that emulator provides the close button with multiplicaton symbol. In this way I can close my form as well as application. But I want to provde one logout link in my application. Can I provide logout functionality in C# window application ? If yes, how to do that ? Please make sure that all the functions of .net framework does not work with .net compact framwork? Can you provide me the code or link through which can resolve the above issue ?

Read the article
Loosing Textbox value on postback

- by Dusty Roberts

Hi Peeps i have an href that once clicking on it, it opens a dialog and sets a textbox value for that dialog. however, once i click on submit in that dialog, the textbox value is null. Link: <a href="#" onclick="javascript:expand('https://me.yahoo.com'); jQuery('#openiddialog').dialog('open'); return false;"><img id="yahoo" class="spacehw" src="/Content/Images/spacer.gif" /></a> Script: <script type="text/javascript"> jQuery(document).ready(function () { jQuery("#openiddialog").dialog({ autoOpen: false, width: 600, modal: true, buttons: { "Cancel": function () { $(this).dialog("close"); } } }); }); function expand(obj) { $("#<%=openIdBox.ClientID %>").val(obj); } </script> Dialog:<div id="openiddialog" title="Log in using OpenID"> <p> <asp:Label ID="Label1" runat="server" Text="OpenID Login" /> <asp:TextBox ID="openIdBox" EnableViewState="true" runat="server" /> <asp:JButton Icon="ui-icon-key" ID="loginButton" runat="server" Text="Authenticate" OnClick="loginButton_Click" /> <asp:CustomValidator runat="server" ID="openidValidator" ErrorMessage="Invalid OpenID Identifier" ControlToValidate="openIdBox" EnableViewState="false" OnServerValidate="openidValidator_ServerValidate" /> <br /> <asp:Label ID="loginFailedLabel" runat="server" EnableViewState="False" Text="Login failed" Visible="False" /> <asp:Label ID="loginCanceledLabel" runat="server" EnableViewState="False" Text="Login canceled" Visible="False" /> </p> </div> ... sorry... can't fix formatting ?!?

Read the article
ldap_bind_s returning LDAP_SUCCESS with wrong credentials

- by rezna

Hi guys, I have this little problem. I want to authenticate user against LDAP (Windows Active Directory), everything works OK, but the combination (good user, good password, wrong domain). LDAP* ldap = ldap_init(L"myserver", 389); ULONG ldap_version = 3; ULONG ret = LDAP_SUCCESS; ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, (void*)&ldap_version); ret = ldap_connect(ldap, NULL); SEC_WINNT_AUTH_IDENTITY ai; ai.Domain = (unsigned short*)BAD_DOMAIN; ai.DomainLength = wcslen(BAD_DOMAIN); ai.User = (unsigned short*)OK_USER; ai.UserLength = wcslen(OK_USER); ai.Password = (unsigned short*)OK_PASS; ai.PasswordLength = wcslen(OK_PASS); ai.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; ret = ldap_bind_s(ldap, NULL, (PWCHAR) &ai, LDAP_AUTH_NTLM); // !!! HERE !!! ret = ldap_unbind_s(ldap); On the line marke '!!! HERE !!!' I'd expect 0x31 or any other error returned. Instead I get LDAP_SUCCESS :( Any suggestions? Thx, Milan

Read the article
[Zend YouTubeAPP] failed to upgrade a token

- by kwokwai

Hi all, I was testing Zend Gdata 1.10.1 in my localhost. I downloaded Zend Gdate from this link: http://framework.zend.com/download/webservices Inside the Zend Gdata zip file, there was a folder called demos. I extracted it and used the YouTudeVideoApp to upload a sample video to Youtube. But every time after I logged into Youtube, before it redirected me to my localhost, I received a warning message like this warning message: localhost: This website is registered with Google to make authorization requests, but has not been configured to send requests securely. We recommend that you continue the process only if you trust the following destination: localhost:8080/youtube/operations.php So I googled on how to resolve the problem of getting this warning message when I saw some people suggesed changing the value of $secure to True in operation.php. Here is the script mentioned: function generateAuthSubRequestLink($nextUrl = null) { $scope = 'http://gdata.youtube.com'; $secure = true; $session = true; if (!$nextUrl) { generateUrlInformation(); $nextUrl = $_SESSION['operationsUrl']; } $url = Zend_Gdata_AuthSub::getAuthSubTokenUri($nextUrl, $scope, $secure, $session); echo '<a href="' . $url . '"><strong>Click here to authenticate with YouTube</strong></a>'; } After I altered the value of $secure to True, I found that the warning message changed to this: localhost: Registered, secure. This website is registered with Google to make authorization requests The new warning message is somehow shorter and looks better than the previous warning message. But once I pressed the Allow Access button, it turned out to be this: ERROR - Token upgrade for CI3M6_Q3EOGkxoL-___wEYjffToQQ failed : Token upgrade failed. Reason: Invalid AuthSub header. Error 401 ERROR - Unknown search type - '' I don't know why this happened. Could you help me solve the problem please?

Read the article
How do I specify Open ID Realm in spring security ?

- by Salvin Francis

We are using Spring security in our application with support for username / password based authentication as well as Open id based authentication. The issue is that google gives a different open id for the return url specified and we have at least 2 different entry points in our application from where open id is configured into our system. Hence we decided to use open id realm. http://blog.stackoverflow.com/2009/0...ue-per-domain/ http://groups.google.com/group/googl...unts-api?pli=1 how is it possible to integrate realm into our spring configuration/code ? This is how we are doing it in traditional openid library code: AuthRequest authReq = consumerManager.authenticate(discovered, someReturnToUrl,"http://www.example.com"); This works and gives same open id for different urls from our site. our configuration: Code: ... <http auto-config="false">  <remember-me user-service-ref="someRememberedService" key="some key" /> <form-login login-page="/Login.html" authentication-failure-url="/Login.html?error=true" always-use-default-target="false" default-target-url="/MainPage.html"/> <openid-login authentication-failure-url="/Login.html?error=true" always-use-default-target="true" default-target-url="/MainPage.html" user-service-ref="someOpenIdUserService"/> </http> ... <beans:bean id="someOpenIdUserService" class="com.something.MyOpenIDUserDetailsService"> </beans:bean> <beans:bean id="openIdAuthenticationProvider" class="com.something.MyOpenIDAuthenticationProvider"> <custom-authentication-provider /> <beans:property name="userDetailsService" ref="someOpenIdUserService"/> </beans:bean> ...

Read the article
Why is it not good to use $_SESSION in Restful Implementations?

- by keisimone

Original Question: i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i properly authenticate users without looking up database all the time to check for the user's roles? I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

Read the article
Django - how to write users and profiles handling in best way?

- by SpankMe

Hey, I am writing simple site that requires users and profiles to be handled. The first initial thought is to use django's build in user handling, but then the user model is too narrow and does not contain fields that I need. The documentation mentions user profiles, but user profiles section has been removed from djangobook covering django 1.0 (ideally, the solution should work with django 1.2), and the Internet is full of different solutions, not making the choice easier (like user model inheritance, user profiles and django signals, and so on). I would like to know, how to write this in good, modern, fast and secure way. Should I try to extend django builtin user model, or maybe should I create my own user model wide enough to keep all the information I need? Below you may find some specifications and expectations from the working solution: users should be able to register and authenticate every user should have profile (or model with all required fields) users dont need django builtin admin panel, but they need to edit their profiles/models via simple web form Please, let me know how do you solve those issues in your applications, and what is the best current way to handle users with django. Any links to articles/blogs or code examples are highly appreciated!

Read the article
PHP Single Sign On (SSO) generating new session id

- by bigstylee

I am trying to create a single sign on process. The method I have implemented makes use of storing session data in a database. When a new user comes to the website (www.example2.com) a table of authentication is checked. As this is their first visit to the website, there will be no match. The browser is redicted to the authentication server www.example1.com/authenticate.php?session_id=ABC123 where ABC123 represents the session id created on www.example2.com. THe session id which is then generated on www.example1.com is stored along side the session id using the parameter set in the URL. The user is then redirected back to the www.example2.com and a match of session ids should be found. This WAS working fine in FireFox but when I tried it in Chrome I noticed that the session id being generated when the browser is redirected back to www.example2.com is a new session id. As a result an infinite loop is created. This behaviour has not manifested itself in FireFox aswell. What is causing the new session id to be generated? More importantly, what can I do to stop it? Thanks in advance! EDIT I had a logically error that was causing an infinite loop. This now works fine again in FireFox but the infinite loop is still occuring in Chrome and Internet Explorer.

Read the article
Associate new Authlogic Model to existing Models

- by BriteLite

Hello, While playing around with Rails (since I am a newbie) while reading Agile Rails book I came across an issue using the Gem Authlogic that I don't know how to address. I have a simple business Model. The tables store the following information: Name, Address, Latitude, and Longitude. The above approach has been working fine, because using the console I can enter the information and it shows up, where I need it to. My issue now is that I want to add authentication to it. As in assign those records in the table, to individual accounts. Since Authlogic is an authentication gem, can this be done? What I am trying to get to here is that, I enter a few records and leave it at that. Few days later, I want to assign those individual rows in the table to an authlogic model so the person to whom the record should belong can authenticate to it and make changes. Any code samples, blog posts to better help me understand would be great! Thank You.

Read the article

< Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56 | Next Page >