Search Results

Search found 32551 results on 1303 pages for 'sql authentication'.

Page 493/1303 | < Previous Page | 489 490 491 492 493 494 495 496 497 498 499 500 | Next Page >

Strange Error - "Object moved to here."

- by Dkong

I get the strange error "Object moved to here." on a blank white page when I try to login on a site I created. It works fine locally but not when I deploy it to the test or production server. I am not doing anything odd, just using basic authentication code in a helper function as follows... public static bool AuthenticateUser(string Username, string Password, bool PersistLogin, string RedirectionURL) { if (Membership.ValidateUser(Username, Password)) { FormsAuthentication.SetAuthCookie(Username, PersistLogin); HttpContext.Current.Response.Redirect(RedirectionURL,true); return true; } else return false; }

Read the article
Replicating Active Directory - testing scenarios

- by Naeem Sarfraz

Replicating a production server's Active Directory is possible through a number of approaches as mentioned here and here. I'm looking for a simpler approach if one exists. I have a mixed-mode authentication site that I need to test. Quite simply AD users (internal) will have more privilege's than someone who logs in via forms (external). We have a web service that cache's an AD structure (users & groups). I'm thinking of building a module (http handler I guess?) that will pick up my specially formed URL (http://impersonateduser@localhost/mywebapp) and use the bit before the @ as the username. That will be the username I use for any subsequent operations. How does that sound? Has anyone got other proposals for testing scenarios like this?

Read the article
pyramid view redirection

- by ascobol

This question title may be slightly incorrect but I could not find a better one (yet). I'm trying to integrate Mozilla Persona (browserid) into a Pyramid application. The login process is: user can login on any page by clicking on the login button a popup then shows a login form when the users enters correct login/password, an ajax call is made by the popup to a pyramid view that checks users credentials, and calls pyramid remember function if the check succeeded the browserid javascript code then reloads the current page Now I want to handle the case of a new user subscribing to the web app and present a new view asking for a few more details (desired username, etc) Since the "remember" function is called by an ajax call from the popup, I cannot redirect the user the the "/newuser" page. So every view needs to redirect new users to the "/newuser" url whenever the remembered browserid has no corresponding user in the database. Is there a way to intercept user requests before calling a view to call the "new_user" view instead ? Or maybe my authentication approach is fundamentally incorrect and I should rely on another approach ?

Read the article
OAuth 2.0: Can a user-agent client avoid forwarding fragments?

- by Bosh

In the OAuth 2.0 draft specification, user-agent clients receive authorization in the form of a bearer token via redirection (from an authentication server) to a URL such as HTTP/1.1 302 Found Location: http://example.com/rd#access_token=FJQbwq9&expires_in=3600 According to Section 3.5.2 it is then the user-agent's job to GET the URL in question, but "The user-agent SHALL NOT include the fragment component with the request." In other words, as a result of the example redirection above, the user-agent should GET /rd HTTP/1.1 Host: example.com without passing #access_token to the server. My question: what user agents behave this way? I thought redirection in Firefox, for example, would (logically) include the fragment in the GET request. Am I just wrong about this, or does the OAuth 2.0 specification rely on non-standard user-agent behavior?

Read the article
Php/ODBC encoding problem

- by JohnM2

I use ODBC to connect to SQL Server from PHP. In PHP I read some string (nvarchar column) data from SQL Server and then want to insert it to mysql database. When I try to insert such value to mysql database table I get this mysql error: Incorrect string value: '\xB3\xB9ow...' for column 'name' at row 1 For string with all ASCII characters everything is fine, the problem occurs when non-ASCII characters (from some European languages) exist. So, in more general terms: there is a Unicode string in MS SQL Server database, which is retrieved by PHP trough ODBC. Then it is put in sql insert query (as value for utf-8 varchar column) which is executed for mysql database. Can someone explain to me what is happening in this situation in terms of encoding? At which step what character encoding convertions may take place? I use: PHP 5.2.5, MySQL5.0.45-community-nt, MS Sql Server 2005.

Read the article
Convert date from access to SQL Server with SSIS

- by Arne

Hi, I want to convert a database from access to SQL Server using SSIS. I cannot convert the date/time columns of the access db. SSIS says something like: conversion between DT_Date and DT_DBTIMESTAMP is not supported. (Its translated from my German version, might be different in English version). In Access I have Date/Time column, in SQL Server I have datetime. In the dataflow chart of the SSIS I have a OLE DB source for the access db, an sql server target and a data conversion. In the data conversion I convert the columns to date[DT_DATE]. They are connected like this: AccessDB -> conversion -> SQL DB What am I doing wrong? How can I convert the Access date columns to SQL Server date columns?

Read the article
Error(2,7): PLS-00428: an INTO clause is expected in this SELECT statement

- by omgzor

I'm trying to create this trigger and getting the following compiler errors: create or replace TRIGGER RESTAR_PLAZAS AFTER INSERT ON PLAN_VUELO BEGIN SELECT F.NRO_VUELO, M.CAPACIDAD, M.CAPACIDAD - COALESCE(( SELECT count(*) FROM PLAN_VUELO P WHERE P.NRO_VUELO = F.NRO_VUELO ), 0) as PLAZAS_DISPONIBLES FROM VUELO F INNER JOIN MODELO M ON M.ID = F.CODIGO_AVION; END RESTAR_PLAZAS; Error(2,7): PL/SQL: SQL Statement ignored Error(8,5): PL/SQL: ORA-00933: SQL command not properly ended Error(8,27): PLS-00103: Encountered the symbol "end-of-file" when expecting one of the following: begin case declare end exception exit for goto if loop mod null pragma raise return select update while with <an identifier> <a double-quoted delimited-identifier> <a bind variable> << close current delete fetch lock insert open rollback savepoint set sql execute commit forall merge pipe Error(2,1): PLS-00428: an INTO clause is expected in this SELECT statement What's wrong with this trigger?

Read the article
Backup Google Calendar programmatically: https://www.google.com/calendar/exporticalzip

- by Michael

I'm struggling with writing a python script that automatically grabs the zip fail containing all my google calendars and stores it (as a backup) on my harddisk. I'm using ClientLogin to get an authentication token (and successfully can obtain the token). Unfortunately, i'm unable to retrieve the file at https://www.google.com/calendar/exporticalzip It always asks me for the login credentials again by returning a login page as html (instead of the zip). Here's the critical code: post_data = post_data = urllib.urlencode({ 'auth': token, 'continue': zip_url}) request = urllib2.Request('https://www.google.com/calendar', post_data, header) try: f = urllib2.urlopen(request) result = f.read() except: print "Error" Anyone any ideas or done that before? Or an alternative idea how to backup all my calendars (automatically!)

Read the article
What is the current standard for authenticating Http requests (REST, Xml over Http)?

- by CodeToGlory

The standard should solve the following Authentication challenges like- Replay attacks Man in the Middle Plaintext attacks Dictionary attacks Brute force attacks Spoofing by counterfeit servers I have already looked at Amazon Web Services and that is one possibility. More importantly there seems to be two most common approaches: Use apiKey which is encoded in a similar fashion like AWS but is a post parameter to a request Use Http AuthenticationHeader and use a similar signature like AWS. Signature is typically obtained by signing a date stamp with an encrypted shared secret. This signature is therefore passed either as an apiKey or in the Http AuthenticationHeader. I would like to know weigh both the options from the community, who may have used one or more and would also like to explore other options that I am not considering. I would also use HTTPS to secure my services.

Read the article
IIS Active Directory double handshake hickup

- by AngryHacker

I have a .net 2.0 click-once application that connects to IIS web services on Windows 2003 R2 64-bits. The IIS is setup with Integrated Windows Authentication. So whenever a web service call is made to IIS web services, there is a double handshake taking place: Client Request #1 GetEmployeeList Server Response #1 <- 401 HTTP/1.1 401 Unauthorized WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Client Request #2 REQUEST Header... Server Response #2 <- 200 Data Received Lately, however, Server Response #1 will sometimes (a good 20 percent of the calls) take a massive amount of time (like 25 to 30 seconds). How do I debug this problem? Is this a Active Directory problem or a Domain Controller problem?

Read the article
How to bind to current riacontext user in xaml

- by Jakob

Hi. I Have a datacontext that has a "getuserbyguid" method, i want to pass in the current logged in user.userid as a parameter, but I don't know how to bind to the current logged in user through xaml. I've tried {Binding Path=User.UserId} but without any luck. I'm using the built in riaservices authentication methods, so the userinfo should be exposed in the riacontext, or am I wrong about this? I have this for instance <riaControls:DomainDataSource x:Name="FollowingGridData" AutoLoad="True" QueryName="GetUsersFollowedByIDQuery" LoadSize="20"> <riaControls:DomainDataSource.DomainContext> <my:NotesDomainContext /> </riaControls:DomainDataSource.DomainContext> <riaControls:DomainDataSource.QueryParameters> <riaControls:Parameter ParameterName="userguid" Value="{Binding Path=User.UserId}" /> </riaControls:DomainDataSource.QueryParameters> </riaControls:DomainDataSource> But it gives me an error saying that it's not a guid, meaning that it must not be binding correctly

Read the article
last_login_at not working (null) w/ Authlogic Magic Columns...

- by bgadoci

I am using the Authlogicgem for authentication and most of it seems to be working great. Authlogic provides several columns that you can add to your Users table (for example) that it knows to fill in if they are present. i.e. login_count, current_login_ip, last_request_at and last_login_at. All seem to be working fine with the exception of the last_login_at field which is null for each user. Is there anything specific that could be causing this perhaps having to do with the user sessions, etc? I can post code if needed but wasn't sure what would relate to this.

Read the article
OpenID PAM module

- by Harvey Kwok

I am looking for a PAM module that can use OpenID to do the authentication. My idea is that I want to logon my Linux box using my gmail account and password. I found there is a open source project in Google Code which seems to be doing the things I want but I don't see any code available for download. I saw there are so many examples or implementations but they are all about web apps. Is there any non-web based OpenID applications in the world? Is it technically possible to make a non-web based OpenID application? I naively think that it should be possible. I can emulate whatever packets the browser send out to the OpenID provider and get back the result. As long as my Linux box is connected to the Internet, I should be able to use my OpenID to login. Appreciate any comments, suggestions or pointers on how to make an OpenID PAM module. Thanks!

Read the article
Security for web services only used from a Silverlight application?

- by Lasse V. Karlsen

I have googled a bit for how I should handle security in a web service application when the application is basically the data repository for a Silverlight application, but have gotten inconclusive results. The Silverlight application is not supposed to have its own user authentication, since it will be reachable only through a web application that the user have already authenticated to get into. As such, I was thinking I could simply add a parameter to the SL application that is a cookie-type value, with a certain lifetime, linked to the user in the database. The SL application would then have to pass this value alongside other parameters to the web services. Since the web service is hopefully going to be a generic web service endpoint, few methods, adding an extra parameter at this level will not be a problem. But, am I supposed to roll this system on my own? It sounds to me as this isn't exactly new features that nobody has considered before, so what are my options?

Read the article
Why is it a bad idea to use ClientLogin for web apps in the Google API?

- by Onema

I just picked up the Google API today to allow some users of our site to upload videos to our own organization YouTube account. I Don't want our users to know our user name and password, but rather give them the option if they want to upload videos to youtube or not. If they choose to do it, they check on a check box and hit the submit button. I keep seeing over, and over in the Developers guide that ClientLogin, which to me looks like the best option to implement what I want to do, is not a good idea for user authentication in web applicaitons. The "AuthSub for web applications" doesn't seem to be the best mechanism for what I want to implement! Any ideas on what to do? Thank you

Read the article
Using IPrinciple.Identity.Name as a key in a dataBase to identify user's rows.

- by bplus

I'm writing a small intranet app that uses Windows Authentication and Asp.Net MVC. I need to store various bits of data in a db against each user. As far as I can tell the IPrinciple object does not seem to have something like a unique id. So I was thinking I could just use User.Identity.Name as a unique value to identify rows in my db. Is this a bad idea? Is there an alternative to this approach? Thanks for any help.

Read the article
More than one profile in Django?

- by JPC

Is it possible to use Django's user authentication features with more than one profile? Currently I have a settings.py file that has this in it: AUTH_PROFILE_MODULE = 'auth.UserProfileA' and a models.py file that has this in it: from django.db import models from django.contrib.auth.models import User class UserProfileA(models.Model): company = models.CharField(max_length=30) user = models.ForeignKey(User, unique=True) that way, if a user logs in, I can easily get the profile because the User has a get_profile() method. However, I would like to add UserProfileB. From looking around a bit, it seems that the starting point is to create a superclass to use as the AUTH_PROFILE_MODULE and have both UserProfileA and UserProfileB inherit from that superclass. The problem is, I don't think the get_profile() method returns the correct profile. It would return an instance of the superclass. I come from a java background (polymorphism) so I'm not sure exactly what I should be doing. Thanks!

Read the article
Logging NHibernate SQL queries

- by GuestMVCAsync

Is there a way to access the full SQL query, including the values, inside my code? I am able to log SQL queries using log4net: <logger name="NHibernate.SQL" additivity="false"> <level value="ALL"/> <appender-ref ref="NHibernateSQLFileLog"/> </logger> However, I would like to find a way to log SQL queries from the code also. This way I will log the specific SQL query that causes an exception in my try/catch statement. Right now I have to data-mine the SQLFileLog to find the query that caused the exception when an exception occurs and it is not efficient.

Read the article
Regarding Authlogic and page redirection.

- by Paddy

I am using authlogic for authentication in my Rails app. Have named routes for the frequent actions, viz: map.login "login", :controller = "user_sessions", :action = "new" map.logout "logout", :controller = "user_sessions", :action = "destroy" map.register "register", :controller = "users", :action = "new" map.edit 'user/edit/:id', :controller = "users", :action = "edit" But also in my routes.rb i have these automatically created REST routes too: map.resources :user_sessions map.resources :users The problem now is that a user can login from two different routes. Ex: From, http://localhost/login and also from http ://localhost/user_sessions/new. How do i restrict access only from the named route i have defined and not allow from user_sessions/new?

Read the article
Setting Up TFS Server outside of a domain

- by Ben

Hi Im trying to set up TFS 2010 on a machine that is connected to a network, but not on the domain. I am trying to connect this to a SQL Server that is also connected to the network and also not on the domain. When I run through the TFS configuration Wizard and try to connect to the SQL Server, it fails with a message "A connection can not be made...." which looks like it cant see the Server. However when i connect through SQL Management Studio it works when i use SQL Authentication (not Windows Auth). I beleive its failing because TFS needs to connect using Windows Authetication (please correct me if im wrong). I can not add the Windows Authentication for my TFS machine onto the SQL machine becuase they are on different domains (again, pleas correct me if I'm wrong). Does anyone have any suggestions? Thanks.

Read the article
Anonymous users support vs Google bot

- by Andy

I have a User class in my web app that represents a user currently logged in. Every time a user vists a page, a User instance is populated based on authentication data supplied in cookies. A User instance is created even if an anonymous user logs in - and a corresponding new record is created in the User table in the database. This approach allows me to save some state info for the current user regardless of its type. The problem however with this approach is the Google bot, and other non-human web organisms crawling my pages. Every time a bot starts to walk around the site, thousands of useless records will be created in the database, each of them only to be used for a single page. Question: what is the best trade off? How to support anonymous users, save their state, and don't get too much overhead because of cookieless bots?

Read the article
REST client website login

- by Jordan

I have written a REST service that uses WSSE as an authentication method but i want to be able to use this rest service through a browser by creating a website around the service. I want the user to be able to log in on the website then when they view, for example the "view users" page an ajax request is made to test.com/users and back comes the list. The part i'm trying to get my head around is the logging in/out on the website and keeping the user logged in across pages. Since in a true REST implementation there's no state held on the server, i can't use $_SESSION and now i don't know where to start! What is the best way to go about this? Do i still need to store session information on the server then possibly use cURL to make the request? Thanks Jay

Read the article
Web Form based login in Java

- by BrunoLM

How can I block access to the site if a user is not logged in? Under web.xml Security I checked Form authentication then I selected Login and Error page, but I don't know how to block the access and redirect the user to the login page. Do I need a filter? If so, how can I get the login url I specified? And how should I call the validation method? I saw in some examples this code <form method=post action="j_security_check"> <input type="text" name="j_username" /> <input type="password" name="j_password" /> </form> What does it do?

Read the article
ASP NET forms Authorization: how to reduce duration?

- by eddo

I've got a web page which is implementing cookie based ASPNET Forms Authentication. Once the user has logged in the page, he can edit some information using a form which is created using a partialview and returned to him as a dialog for editing. The action linked to the partial view is decorated as follows: [HttpGet] [OutputCache(Duration = 0, VaryByParam = "None")] [Authorize(Roles = "test")] public ActionResult changeTripInfo(int tripID, bool ovride=false) { ... } The problem i am experiencing is the latency between the request and the time when the dialog is shown to the user: time ranges between 800 and 1100 ms which is not justified by the complexity of the form. Investigating with Glimpse turns out that the time to process the AuthorizeAttribute (see snip) sums up to at least 650 ms which is troubling me. Looking at the Sql server log, the call which checks the user roles takes, as expected, virtually nothing (duration 0). How can I reduce this time? Am I missing some optimization?

Read the article
Best approach to store login credentials for website

- by Zerotoinfinite

I have created a site in ASP.NET 3.5 & I have only 2 or 3 user login IDs who can login to the website. What would be the best way to save these login details? Which of these approaches, or others, would be most suitable? Using Forms Authentication, and saving credentials (username and password) in web.config to create a text file in directory and modify it Which approach is best from a security and maintenance perspective? What other approaches are suitable for a login system for ASP.NET?

Read the article

< Previous Page | 489 490 491 492 493 494 495 496 497 498 499 500 | Next Page >