Search Results

Search found 414 results on 17 pages for '401'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 5/17 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • IIS 7 Authentication: Certain users can't authenticate, while almost all others can.

    - by user35335
    I'm using IIS 7 Digest authentication to control access to a certain directory containing files. Users access the files through a department website from inside our network and outside. I've set NTFS permissions on the directory to allow a certain AD group to view the files. When I click a link to one of those files on the website I get prompted for a username and password. With most users everything works fine, but with a few of them it prompts for a password 3 times and then get: 401 - Unauthorized: Access is denied due to invalid credentials. But other users that are in the group can get in without a problem. If I switch it over to Windows Authentication, then the trouble users can log in fine. That directory is also shared, and users that can't log in through the website are able to browse to the share and view files in it, so I know that the permissions are ok. Here's the portion of the IIS log where I tried to download the file (/assets/files/secure/WWGNL.pdf): 2010-02-19 19:47:20 xxx.xxx.xxx.xxx GET /assets/images/bullet.gif - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 200 0 0 218 2010-02-19 19:47:20 xxx.xxx.xxx.xxx GET /assets/images/bgOFF.gif - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 200 0 0 218 2010-02-19 19:47:21 xxx.xxx.xxx.xxx GET /assets/files/secure/WWGNL.pdf - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 401 2 5 0 2010-02-19 19:47:36 xxx.xxx.xxx.xxx GET /assets/files/secure/WWGNL.pdf - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 401 1 2148074252 0 2010-02-19 19:47:43 xxx.xxx.xxx.xxx GET /assets/files/secure/WWGNL.pdf - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 401 1 2148074252 15 2010-02-19 19:47:46 xxx.xxx.xxx.xxx GET /manager/media/script/_session.gif 0.19665693119168282 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 200 0 0 203 2010-02-19 19:47:46 xxx.xxx.xxx.xxx POST /manager/index.php - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 200 0 0 296 2010-02-19 19:47:56 xxx.xxx.xxx.xxx GET /assets/files/secure/WWGNL.pdf - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 401 1 2148074252 15 2010-02-19 19:47:59 xxx.xxx.xxx.xxx GET /favicon.ico - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 404 0 2 0 Here's the Failed Logon attempt in the Security Log: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2/19/2010 11:47:43 AM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: WEB4.net.domain.org Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: jim.lastname Account Domain: net.domain.org Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: - Source Network Address: 10.5.16.138 Source Port: 50065 Detailed Authentication Information: Logon Process: WDIGEST Authentication Package: WDigest Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>4625</EventID> <Version>0</Version> <Level>0</Level> <Task>12544</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2010-02-19T19:47:43.890Z" /> <EventRecordID>2276316</EventRecordID> <Correlation /> <Execution ProcessID="612" ThreadID="692" /> <Channel>Security</Channel> <Computer>WEB4.net.domain.org</Computer> <Security /> </System> <EventData> <Data Name="SubjectUserSid">S-1-0-0</Data> <Data Name="SubjectUserName">-</Data> <Data Name="SubjectDomainName">-</Data> <Data Name="SubjectLogonId">0x0</Data> <Data Name="TargetUserSid">S-1-0-0</Data> <Data Name="TargetUserName">jim.lastname</Data> <Data Name="TargetDomainName">net.domain.org</Data> <Data Name="Status">0xc000006d</Data> <Data Name="FailureReason">%%2313</Data> <Data Name="SubStatus">0xc000006a</Data> <Data Name="LogonType">3</Data> <Data Name="LogonProcessName">WDIGEST</Data> <Data Name="AuthenticationPackageName">WDigest</Data> <Data Name="WorkstationName">-</Data> <Data Name="TransmittedServices">-</Data> <Data Name="LmPackageName">-</Data> <Data Name="KeyLength">0</Data> <Data Name="ProcessId">0x0</Data> <Data Name="ProcessName">-</Data> <Data Name="IpAddress">10.5.16.138</Data> <Data Name="IpPort">50065</Data> </EventData> </Event>

    Read the article

  • Unable to run WCAT against DotNetNuke with NTLM authentication

    - by David Neale
    I have a ubr file setup to stress test an internal DotNetNuke site with WCAT: transaction { id = "Intranet Home Page"; weight = 1000; cookies{clear = true;} sleep{delay = rand("1","500");} request { url = "/"; statuscode = 401; } request { url = "/"; authentication = ntlm; username = "mydomain\\accountname"; password = "password"; statuscode = 200; } close{ method = reset;} } When running this (wcat.wsf -run -clients localhost -s myserver -t test.ubr -f settings.ubr -x) I simply get lots of error 500s: 2010-03-08 10:29:31 192.168.11.239 GET / - 80 - 192.168.52.139 - 401 2 2148074254 2010-03-08 10:29:31 192.168.11.239 GET / - 80 - 192.168.52.139 - 401 1 0 2010-03-08 10:29:31 192.168.11.239 GET /Default.aspx - 80 mydomain\myaccount 192.168.52.139 - 500 0 0 DNN is reporting these errors as: AssemblyVersion: 5.2.3 PortalID: 0 PortalName: My Company UserID: -1 UserName: ActiveTabID: 39 ActiveTabName: Home RawURL: /Default.aspx AbsoluteURL: /Default.aspx AbsoluteURLReferrer: UserAgent: DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider ExceptionGUID: 28d8821f-1ef2-41db-8a65-d33e97a69130 InnerException: *Unhandled Error:* FileName: FileLineNumber: 0 FileColumnNumber: 0 Method: DotNetNuke.Authentication.ActiveDirectory.HttpModules.AuthenticationModule.OnAuthenticateRequest StackTrace: Message: System.Exception: Unhandled Error: --- System.NullReferenceException: Object reference not set to an instance of an object. at DotNetNuke.Authentication.ActiveDirectory.HttpModules.AuthenticationModule.OnAuthenticateRequest(Object s, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) --- End of inner exception stack trace --- Source: Server Name: MYSERVER It seems to be losing the username somehow.

    Read the article

  • Custom basic authentication fails in IIS7

    - by manu08
    I have an ASP.NET MVC application, with some RESTful services that I'm trying to secure using custom basic authentication (they are authenticated against my own database). I have implemented this by writing an HTTPModule. I have one method attached to the HttpApplication.AuthenticateRequest event, which calls this method in the case of authentication failure: private static void RejectWith401(HttpApplication app) { app.Response.StatusCode = 401; app.Response.StatusDescription = "Access Denied"; app.CompleteRequest(); } This method is attached to the HttpApplication.EndRequest event: public void OnEndRequest(object source, EventArgs eventArgs) { var app = (HttpApplication) source; if (app.Response.StatusCode == 401) { string val = String.Format("Basic Realm=\"{0}\"", "MyCustomBasicAuthentication"); app.Response.AppendHeader("WWW-Authenticate", val); } } This code adds the "WWW-Authenticate" header which tells the browser to throw up the login dialog. This works perfectly when I debug locally using Visual Studio's web server. But it fails when I run it in IIS7. For IIS7 I have the built-in authentication modules all turned off, except anonymous. It still returns an HTTP 401 response, but it appears to be removing the WWW-Authenticate header. Any ideas?

    Read the article

  • Integrated Security on Reporting Services XML Datasource

    - by Nathan
    Hey all, I am working on setting up my report server to use a web service as an XML datasource. I seem to be having authentication issues between the web service and the report with I choose to use Integrated security. Here's what I have: 1) I have a website w/ an exposed service. This website is configured to run ONLY on Integrated Security. This means that we have all other modes turned off AND Enabled anonymous access turned off under directory security. 2) Within the Web.config of the website, I have the authentication mode set to Windows. 3) I have the report datasource set to being an XML data source. I have the correct URL to the service and have it set to Windows Integrated Security. Since I am making a hop from the Browser to the Reporting Server to the Web Service, I wonder if I am having an issue w/ Kerberos, but I am not sure. When I try to access the service, I get a 401 error. Here are the IIS logs that I am generating: 2011-01-07 14:52:12 W3SVC IP_ADDY POST /URL.asmx - 80 - IP_ADDY - 401 1 0 2011-01-07 14:52:12 W3SVC IP_ADDY POST /URL.asmx - 80 - IP_ADDY - 401 1 5 Has anyone worked out this issue before? Thanks!

    Read the article

  • ActiveSync gives a 401.2 error

    - by Justin James
    Hello - I've been struggling for a while with a problem with ActiveSync, it is giving 401.2 errors when trying to access the mailboxes. Oddly enough, clients can get to the calendars just fine. I've tried from an Android device as well as the Exchange remote connectivity troubleshooter, same error both times. Here is the configuration: Connectivity through ISA 2006 Exchange 2007 on Windows 2008 Basic authentication is on ISA is passing through all authentication directly to the Exchange server The user IS allowed to get to ActiveSync in their Exchange mailbox settings I have tried the following, without success: * Making SSL not required * Enabling Windows Integrated and Digest authentication Here is an example of the errors in the IIS log: OPTIONS /Microsoft-Server-ActiveSync/default.eas - 443 - 192.168.32.18 TestActiveSyncConnectivity 401 2 5 0 Here is what I am seeing in my trace log: ModuleName IIS Web Core Notification 2 HttpStatus 401 HttpReason Unauthorized HttpSubStatus 2 ErrorCode 2147942405 ConfigExceptionInfo Notification AUTHENTICATE_REQUEST ErrorCode Access is denied. (0x80070005) I'm 100% stumped. Any clues? Thanks! J.Ja

    Read the article

  • Un-failing over a Cisco PIX 515e

    - by ABrown
    We had a power outage at our data center last week and when our dual PIX 515E running IOS 7.0(8) (configured with a failover cable) came back, they were in a failed over state where the Secondary unit is active and the Primary unit is standby I have tried 'failover reset', 'failover active', and 'failover reload-standby' as well as executing reloads on both units in a variety of orders, and they don't come back Primary/Active Secondary/Standby. The only thing in my arsenal that I haven't tried is driving to the data center and performing a hard reboot, which I hate to do. I have read How Failover Works on the Cisco Secure Firewall and it seems like this should be wicked straight forward. output of show failover on Primary: Failover On Cable status: Normal Failover unit Primary Failover LAN Interface: N/A - Serial-based failover enabled Unit Poll frequency 15 seconds, holdtime 45 seconds Interface Poll frequency 15 seconds Interface Policy 1 Monitored Interfaces 2 of 250 maximum Version: Ours 7.0(8), Mate 7.0(8) Last Failover at: 02:52:05 UTC Mar 10 2010 This host: Primary - Standby Ready Active time: 0 (sec) Interface outside (x.x.x.165): Normal Interface inside (y.y.y.3): Normal Other host: Secondary - Active Active time: 897045 (sec) Interface outside (x.x.x.164): Normal Interface inside (y.y.y.4): Normal Stateful Failover Logical Update Statistics Link : Unconfigured. output of show failover on Secondary: Failover On Cable status: Normal Failover unit Secondary Failover LAN Interface: N/A - Serial-based failover enabled Unit Poll frequency 15 seconds, holdtime 45 seconds Interface Poll frequency 15 seconds Interface Policy 1 Monitored Interfaces 2 of 250 maximum Version: Ours 7.0(8), Mate 7.0(8) Last Failover at: 02:03:04 UTC Feb 28 2010 This host: Secondary - Active Active time: 896925 (sec) Interface outside (x.x.x.164): Normal Interface inside (y.y.y.4): Normal Other host: Primary - Standby Ready Active time: 0 (sec) Interface outside (x.x.x.165): Normal Interface inside (y.y.y.3): Normal Stateful Failover Logical Update Statistics Link : Unconfigured. I'm seeing the following in my syslog: Mar 10 03:05:00 fw1 %PIX-5-111008: User 'enable_15' executed the 'failover reset' command. Mar 10 03:05:09 fw1 %PIX-5-111008: User 'enable_15' executed the 'failover reload-standby' command. Mar 10 03:05:12 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=406,op=20,my=Active,peer=Failed. Mar 10 03:05:12 fw1 %PIX-6-720028: (VPN-Secondary) HA status callback: Peer state Failed. Mar 10 03:06:09 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=401,op=0,my=Active,peer=Failed. Mar 10 03:06:09 fw1 %PIX-6-720024: (VPN-Secondary) HA status callback: Control channel is down. Mar 10 03:06:09 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=401,op=1,my=Active,peer=Failed. Mar 10 03:06:10 fw1 %PIX-6-720024: (VPN-Secondary) HA status callback: Control channel is up. Mar 10 03:06:10 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=411,op=2,my=Active,peer=Failed. Mar 10 03:06:23 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=406,op=80,my=Active,peer=Standby Ready. Mar 10 03:06:23 fw1 %PIX-6-720028: (VPN-Secondary) HA status callback: Peer state Standby Ready. Mar 10 03:06:24 fw2 %PIX-6-720027: (VPN-Primary) HA status callback: My state Standby Ready. Mar 10 03:07:05 fw1 %PIX-5-111008: User 'enable_15' executed the 'failover reset' command. Mar 10 03:07:31 fw1 %PIX-5-111008: User 'enable_15' executed the 'failover active' command. Mar 10 03:08:04 fw1 %PIX-5-611103: User logged out: Uname: enable_1 Mar 10 03:08:04 fw1 %PIX-6-315011: SSH session from admin1_int on interface inside for user "pix" terminated normally Mar 10 03:08:39 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=406,op=20,my=Active,peer=Failed. Mar 10 03:08:39 fw1 %PIX-6-720028: (VPN-Secondary) HA status callback: Peer state Failed. Mar 10 03:09:10 fw1 %PIX-6-605005: Login permitted from admin1_int/36891 to inside:192.168.4.4/ssh for user "pix" Mar 10 03:09:23 fw1 %PIX-5-111008: User 'enable_15' executed the 'failover reset' command. Mar 10 03:09:38 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=401,op=0,my=Active,peer=Failed. Mar 10 03:09:39 fw1 %PIX-6-720024: (VPN-Secondary) HA status callback: Control channel is down. Mar 10 03:09:39 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=401,op=1,my=Active,peer=Failed. Mar 10 03:09:39 fw1 %PIX-6-720024: (VPN-Secondary) HA status callback: Control channel is up. Mar 10 03:09:39 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=411,op=2,my=Active,peer=Failed. Mar 10 03:09:52 fw1 %PIX-6-720032: (VPN-Secondary) HA status callback: id=3,seq=200,grp=0,event=406,op=80,my=Active,peer=Standby Ready. Mar 10 03:09:52 fw1 %PIX-6-720028: (VPN-Secondary) HA status callback: Peer state Standby Ready. Mar 10 03:09:53 fw2 %PIX-6-720027: (VPN-Primary) HA status callback: My state Standby Ready. I'm not exactly sure how to interpret that syslog data. Primary doesn't seem to even try to become Active. When I reload the individual units separately, my connections are retained, so it doesn't seem like I have a real hardware failure. Is there something I can query (IOS or SNMP) to check for hardware issues? Any thoughts? My IOS-fu is weak. Thanks for any help you might provide, Aaron

    Read the article

  • Sharing authentication methods across API and web app

    - by Snixtor
    I'm wanting to share an authentication implementation across a web application, and web API. The web application will be ASP.NET (mostly MVC 4), the API will be mostly ASP.NET WEB API, though I anticipate it will also have a few custom modules or handlers. I want to: Share as much authentication implementation between the app and API as possible. Have the web application behave like forms authentication (attractive log-in page, logout option, redirect to / from login page when a request requires authentication / authorisation). Have API callers use something closer to standard HTTP (401 - Unauthorized, not 302 - Redirect). Provide client and server side logout mechanisms that don't require a change of password (so HTTP basic is out, since clients typically cache their credentials). The way I'm thinking of implementing this is using plain old ASP.NET forms authentication for the web application, and pushing another module into the stack (much like MADAM - Mixed Authentication Disposition ASP.NET Module). This module will look for some HTTP header (implementation specific) which indicates "caller is API". If the header "caller is API" is set, then the service will respond differently than standard ASP.NET forms authentication, it will: 401 instead of 302 on a request lacking authentication. Look for username + pass in a custom "Login" HTTP header, and return a FormsAuthentication ticket in a custom "FormsAuth" header. Look for FormsAuthentication ticket in a custom "FormsAuth" header. My question(s) are: Is there a framework for ASP.NET that already covers this scenario? Are there any glaring holes in this proposed implementation? My primary fear is a security risk that I can't see, but I'm similarly concerned that there may be something about such an implementation that will make it overly restrictive or clumsy to work with.

    Read the article

  • IIS: redirect to a webpage if authentication fails

    - by DrStalker
    We have an IIS site (MOSS 2007) that uses Windows Authentication. When a user that has forgotten their password tries to login the servers keeps sending 401 requests. This means on IE the user gets three prompts before IE displays a blank page, on Firefox the user is prompted over and over until they give up. We would like to change the behavior so if a user fails to login three times in a row we send them a redirect to a different site, instead of another 401 Forms authentication is not an option; the site has to remain on windows authentication to allow for SSO capabilities and certain sharepoint functions. Is there any way to tweak the IIS behavior to do this?

    Read the article

  • Error with RewriteCond in .htaccess about '-f' option when it is not present.

    - by Tyler Crompton
    Whenever I look at my error logs this is what I see: RewriteCond: NoCase option for non-regex pattern '-f' is not supported and will be ignored. However, I am not using -f. I am still new to Apache stuff. This is what my .htaccess files looks like in the site's root directory: # Use PHP5 Single php.ini as default AddHandler application/x-httpd-php5s .php Options -Indexes SetEnv INCLUDES /home1/tylercro/public_html/includes/ SetEnv TZ America/Chicago ErrorDocument 400 /400/ ErrorDocument 401 /401/ ErrorDocument 403 /403/ ErrorDocument 404 /404/ ErrorDocument 500 /500/ order allow,deny deny from 69.28.58.33 deny from 95.24.184.87 deny from 95.108. deny from 119.63.196. deny from 123.125.71. deny from 216.92.127.133 deny from 204.236.225.207 allow from all RewriteEngine On # Take off a the end script name if it is an index page. RewriteCond %{REQUEST_URI} (.*)(index|default)\.\w{1,4}$ [NC] RewriteRule .* %1 [R=301] # Force "/" at end of URL if directory. RewriteRule (.*)!(\.\w{1,5}$) $1 [R=301]

    Read the article

  • Hiding a HTTP Auth-Realm by sending 404 to non-known IPs?

    - by zhenech
    I have an Apache (2.2) serving a web-app on example.com. That web-app has a debug-page reachable via example.com/debug. /debug is currently protected with a HTTP basic auth. As there is only a very small user-base who has access to the debug-page, I would like to hide it based on IP address and return 404 to clients not accessing from our VPN. Serving a 404 based on IP-address only is easy and is described in http://serverfault.com/a/13071. But as soon I add authentication, the users see a 401 instead of a 404. Basically, what I need is: if ($REMOTE_ADDR ~ 10.11.12.*): do_basic_auth (aka return 401) else: return 404

    Read the article

  • Tykie

    - by Brian
    Here’s the obituary my mother wrote for Tykie, I still miss the little guy quite a bit. Anyone who’s interested in further information on hearing dogs should check out the IHDI website. I cannot begin to express how helpful a hearing dog can be for the hearing impaired. If you feel so inclined, please make a donation. In Memoriam, Tykie 1993-2010 The American Legion Post 401, South Wichita, KS, supported one of its members and commander by sponsoring a service dog for him. Unlike most service dogs this one was for the hearing impaired. Both Ocie and Betty Sims had hearing loss – Ocie more than Betty. The Post and Auxilliary had garage sales, auctions and other fund-raising endeavors to get donations for the dog. Betty made Teddy bears with growlers that were auctioned for donations to bring a hearing dog from International Hearing Dog, Henderson, Colorado. Tykie, a small wiry, salt and pepper terrier, arrived September 1, 1994 to begin his work that included attending Post 401 meetings and celebrations as well as raising more money to be donated to IHD to help others have hearing dogs. Tykie was a young dog less than a year old when he came to Wichita. He was always anxious to please and seldom barked, though he did put out a kind of cry when he was giving his urgent announcement that someone was at the door or the telephone was ringing. He also enjoyed chasing squirrels in the backyard garden that Ocie prized. In 1995, Betty almost died of a lung infection. Tykie was at the hospital with Ocie when he could visit. Several weeks after she was able to come home after a miraculous recovery, Tykie and Ocie went to a car show in downtown Wichita. Ocie’s retina tore loose in the only eye he could see out of and he almost blind was in great pain. How Ocie and Tykie got home is still a mystery, but the family legend goes that Tykie added seeing eye dog to his repertoire and helped drive him home. Health problems continued for Ocie and when he was placed in a nursing home, Tykie was moved to be Betty’s hearing dog. No problem for Tykie, he still saw his friends at the post and continued to help with visitors at the door. The night of May 3, 1999, Betty and Tykie were in the bedroom watching TV when Tykie began hitting her with both front paws as he would if something were urgent. She said later she thought he wanted to go out. As she and the dog walked down the hall towards the back of the house, Tykie hit her again with his front paws with such urgency that she fell into a small coat closet. That small 2-by-2 closet became their refuge as that very second the roof of her house went off as the f4 tornado raced through the city. Betty acquired one small wound on her hand from a piece of flying glass as she pulled Tykie into the closet with her. Tykie was a hero that day and a lot of days after. He kept Betty going as she rebuilt her home and after her husband died April 15, 2000. Tykie had to be cared for so she had to take him outside and bring him inside. He attended weddings of grandchildren and funerals of Post friends. When Betty died February 17, 2002 Tykie’s life changed again. IHD gave approval for his transfer and retirement to Betty and Ocie’s grandson, Brian Laird, who has a similar hearing loss to his grandfather. A few days after the funeral Tykie flew to his new home in Rutherford, NJ where he was able to take long walks for a couple of years before moving back to the Kansas City area. He was still full of adventure. He was written up in a book about service dogs and his story of the tornado and his picture appeared. He spent weekends at Brian’s mother’s farm to get muddy and be afraid of cats and chickens. He also took on an odyssey as he slipped from his fenced yard in Lenexa one day and walked more than seven miles in Overland Park traffic before being found by a good Samaritan who called IHD to find out where he belonged. Tykie was deaf for about the last two years of his long life and became blind as well, but he continued to strive to please. Tykie was 16 years and 4 months when he was cremated. His ashes were scattered on the graves of Betty and Ocie Sims at Greenwood Cemetery west of Wichita on the afternoon of March 21, 2010, with about a dozen family and Post 401 members. It is still the rule. Service dogs are the only dogs allowed inside the Post home. Submitted by Linda Laird, daughter of Betty and Ocie and mother of Brian Laird.

    Read the article

  • Token based Authentication for WCF HTTP/REST Services: Authentication

    - by Your DisplayName here!
    This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. For the theoretical background, see my previous post. Disclaimer The framework I am using/building here is not the only possible approach to tackle the problem. Based on customer feedback and requirements the code has gone through several iterations to a point where we think it is ready to handle most of the situations. Goals and requirements The framework should be able to handle typical scenarios like username/password based authentication, as well as token based authentication The framework should allow adding new supported token types Should work with WCF web programming model either self-host or IIS hosted Service code can rely on an IClaimsPrincipal on Thread.CurrentPrincipal that describes the client using claims-based identity Implementation overview In WCF the main extensibility point for this kind of security work is the ServiceAuthorizationManager. It gets invoked early enough in the pipeline, has access to the HTTP protocol details of the incoming request and can set Thread.CurrentPrincipal. The job of the SAM is simple: Check the Authorization header of the incoming HTTP request Check if a “registered” token (more on that later) is present If yes, validate the token using a security token handler, create the claims principal (including claims transformation) and set Thread.CurrentPrincipal If no, set an anonymous principal on Thread.CurrentPrincipal. By default, anonymous principals are denied access – so the request ends here with a 401 (more on that later). To wire up the custom authorization manager you need a custom service host – which in turn needs a custom service host factory. The full object model looks like this: Token handling A nice piece of existing WIF infrastructure are security token handlers. Their job is to serialize a received security token into a CLR representation, validate the token and turn the token into claims. The way this works with WS-Security based services is that WIF passes the name/namespace of the incoming token to WIF’s security token handler collection. This in turn finds out which token handler can deal with the token and returns the right instances. For HTTP based services we can do something very similar. The scheme on the Authorization header gives the service a hint how to deal with an incoming token. So the only missing link is a way to associate a token handler (or multiple token handlers) with a scheme and we are (almost) done. WIF already includes token handler for a variety of tokens like username/password or SAML 1.1/2.0. The accompanying sample has a implementation for a Simple Web Token (SWT) token handler, and as soon as JSON Web Token are ready, simply adding a corresponding token handler will add support for this token type, too. All supported schemes/token types are organized in a WebSecurityTokenHandlerCollectionManager and passed into the host factory/host/authorization manager. Adding support for basic authentication against a membership provider would e.g. look like this (in global.asax): var manager = new WebSecurityTokenHandlerCollectionManager(); manager.AddBasicAuthenticationHandler((username, password) => Membership.ValidateUser(username, password));   Adding support for Simple Web Tokens with a scheme of Bearer (the current OAuth2 scheme) requires passing in a issuer, audience and signature verification key: manager.AddSimpleWebTokenHandler(     "Bearer",     "http://identityserver.thinktecture.com/trust/initial",     "https://roadie/webservicesecurity/rest/",     "WFD7i8XRHsrUPEdwSisdHoHy08W3lM16Bk6SCT8ht6A="); In some situations, SAML token may be used as well. The following configures SAML support for a token coming from ADFS2: var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer( "d1 c5 b1 25 97 d0 36 94 65 1c e2 64 fe 48 06 01 35 f7 bd db", "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add( new Uri("https://roadie/webservicesecurity/rest/")); adfsConfig.IssuerNameRegistry = registry; adfsConfig.CertificateValidator = X509CertificateValidator.None; // token decryption (read from config) adfsConfig.ServiceTokenResolver = IdentityModelConfiguration.ServiceConfiguration.CreateAggregateTokenResolver();             manager.AddSaml11SecurityTokenHandler("SAML", adfsConfig);   Transformation The custom authorization manager will also try to invoke a configured claims authentication manager. This means that the standard WIF claims transformation logic can be used here as well. And even better, can be also shared with e.g. a “surrounding” web application. Error handling A WCF error handler takes care of turning “access denied” faults into 401 status codes and a message inspector adds the registered authentication schemes to the outgoing WWW-Authenticate header when a 401 occurs. The next post will conclude with authorization as well as the source code download.   (Wanna learn more about federation, WIF, claims, tokens etc.? Click here.)

    Read the article

  • Problem with Twitter basic authentication using AJAX

    - by jelford
    I'm developing a javascript App that needs, as part of its functionality, for users to be able to update their Twitter status. The App is designed to work on mobiles, and as such I don't really want to be sending users all the way over to the Twitter site to sign in; they should just be able to pass their credentials to the app, and I'll handle all the signin. So I'm trying to use the Basic Auth with the restful API. My code looks like: function postTweet(input){ $.ajax( { type: "POST", url: "http://twitter.com/statuses/update.json", data: {status: input}, dataType: "json", error: function() { alert("Some error occured"); }, success: function() { alert("Success!"); }, beforeSend: function(request) { request.setRequestHeader("Authorization", "Basic BASE64OFMYCREDENTIALS");} } ) ; } So, as far as I'm aware, this should perform the authentication from the XMLHttpRequest header, and then post the status. However, whenever I call this code, I get a "401 Unauthorized" error from Twitter. Below are the request & response headers from firebug: Request: OPTIONS /statuses/update.json HTTP/1.1 Host: twitter.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2) Gecko/20100115 Firefox/3.6 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-gb,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Origin: null Access-Control-Request-Method: POST Access-Control-Request-Headers: authorization Response: HTTP/1.1 401 Unauthorized Date: Sat, 13 Mar 2010 11:08:58 GMT Server: hi Status: 401 Unauthorized WWW-Authenticate: Basic realm="Twitter API" X-Runtime: 0.00204 Content-Type: application/json; charset=utf-8 Cache-Control: no-cache, max-age=300 Set-Cookie: guest_id=1268478538488; path=/ _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCPlyNlcnAToHaWQiJWUyN2YzYjc3OTk2NGQ3%250ANzJkYTA4MjYzOWJmYTQyYmUyIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--d687808459872da0aa6a89cab35fd347300b4d07; domain=.twitter.com; path=/ Expires: Sat, 13 Mar 2010 11:13:58 GMT Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 88 Connection: close Any help with this would be much appreciated, Thanks, jelford ps. I should mention I'm using JQuery, incase it's not clear.

    Read the article

  • posting twitter status whilst receiving tweets iphone mgtwitterengine

    - by d4ndym1k3
    i have set up a twitter client on my iphone using mgtwitterengine. i've managed to set it up so i can tweet and recieve status updates. using the standard set up you can only receive between 10&20 updates. to be able to receive more updates then that you have to put[_engine getFollowedTimelineSinceID:0 startingAtPage:0 count:50]; but this does not allow you to get more than the original amount untill you activateif (params) { fullPath = [self _queryStringWithBase:fullPath parameters:params prefixed:YES]; } in SA_OAuthTwitterEngine.m. my problem is when i do this i can no longer post a new status from my app. i can have upto 200 statuses in the stream but no posting capabilities. this is the error:Error Domain=HTTP Code=401 "The operation couldn’t be completed. (HTTP error 401.)" any help would be appreciated. many thanks in advance

    Read the article

  • login through twitter not working in osqa

    - by Pankaj Khurana
    Hi, I have installed osqa on a site hosted on hostgator. The login functionality is working for google,yahoo,facebook. But when i click on twitter icon its generating an exception. I have already added the twitter consumer key and the twitter consumer secret through admin interface. The exception i am getting is: HTTPError at /account/twitter/signin/ HTTP Error 401: Unauthorized Request Method: GET Request URL: http://mydomain/account/twitter/signin/?validate_email=yes Exception Type: HTTPError Exception Value: HTTP Error 401: Unauthorized Exception Location: /usr/lib/python2.4/urllib2.py in http_error_default, line 480 Python Executable: /usr/bin/python Python Version: 2.4.3 I am unable to trace out the reason for the same. Please help me on this. Thanks

    Read the article

  • SQL Server Reporting Services 2008: How to set the credentials property properly?

    - by wgpubs
    No matter how I configure the Credentials property I get a 401 exception when I try to Render the report. Here is my (latest) code: var rs = new ReportExecutionService(); rs.Url = "https://myserver/reportserver/reportexecution2005.asmx"; var myCache = new System.Net.CredentialCache(); myCache.Add(new Uri(rs.Url), "kerberos" , new System.Net.NetworkCredential("username", "password", "Domain")); rs.Credentials = myCache; The URL and credentials are all correct. But still getting a 401 when I cal rs.Render(...). The Reporting Services install is sitting on a Windows Server 2008 box and requires integrated authentication. Thanks

    Read the article

  • Authkit - deferring action to HTTP response to client application

    - by jon
    Form, Redirect and Forward all send an unauthenticated user to a Form on a login page specified within an Authkit middleware application. I'd like to allow a client application to request a service via XHR and then present a custom 'client side' form if a HTTP status code of 401 is returned, which would then post to Authkit for authentication until valid authentication/authorization occured. Specifically, 1) a jquery $.get request might request a resource. 2) if an Authkit cookie check confirmed previous authorization the content would be returned. 3) if not I would like Authkit to simply return the '401 response' (and not redirect to another page, or return a form template) where a client side exception handler would notify the user and present an authentication form. Can Authkit work like this?

    Read the article

  • IIS Active Directory double handshake hickup

    - by AngryHacker
    I have a .net 2.0 click-once application that connects to IIS web services on Windows 2003 R2 64-bits. The IIS is setup with Integrated Windows Authentication. So whenever a web service call is made to IIS web services, there is a double handshake taking place: Client Request #1 GetEmployeeList Server Response #1 <- 401 HTTP/1.1 401 Unauthorized WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Client Request #2 REQUEST Header... Server Response #2 <- 200 Data Received Lately, however, Server Response #1 will sometimes (a good 20 percent of the calls) take a massive amount of time (like 25 to 30 seconds). How do I debug this problem? Is this a Active Directory problem or a Domain Controller problem?

    Read the article

  • Is it possible to suppress the IE standard login dialog when Windows Authentication is enabled?

    - by Rocko
    Hello, i have a web application with Windows Authentication enabled. In my web.config I restrict the access with the following code: <authorization> <allow users="rba\eigg"/> <deny users="*"/> </authorization> When I call the application in a browser, the IE's standard login dialog pops up and if I close it by cancel I get the HTTP 401 (Access is denied) error page. Is there a way to suppress the login dialog so that the user gets the 401 error page directly? Thanks! Rocko

    Read the article

  • Are these REST HTTP response codes right, and what about the Content-Type?

    - by talentedmrjones
    I'm writing a controller helper that sets the proper response headers for my REST controller action. It's pasted below and should be simplified enough for those who aren't familiar with Zend Framework to understand what I'm doing. My question is: Are these codes correct for their respective responses, and in the case of "access denied" do I use a 401 or 403? Also, in case of responding with an error, I understand I should be placing a message in the response body, but should I set the "Content-Type" to "text/plain"? <?php class App_Controller_Helper_RestResponse extends Zend_Controller_Action_Helper_Abstract { public function denied() { // 403 or 401? } public function notFound() { // 404 } public function created() { // 201 } public function deleted() { // 204 } public function redirect() { // 301 // new url } public function malformed() { // 400 } public function gone() { // 410 } }

    Read the article

  • JAAS : on Callback ( Interesting based on HTTP headers )

    - by VJS
    I am using NameCallback and PasswordCallback for username and password.For username and password, popup comes on browser and when i enter username ans password, JAAS authenticates my request. On the wireshark, I have seen that 401 Unauthorized message (WWW-Authenticate header)comes and when i enter username/password HTTP request with credentials generate ( with Authorization header) and goes to server. My requirement : I don't want pop up to come.My application on other server having username / password, so once it received 401 then based on some logic it will generate HTTP request with Authorization header / credentials and sent it back. FLow : User - Other Server - My Tomcat5.5 Here on Other Server, nobody is available to enter username/password manually.Application is deployed and it will only generate HTTP request with credential and sent it back to tomcat. Can we have any other callback which behave like this.Need your help.Please provide me feedback as well related to approach.

    Read the article

  • How to setup Dual Head with "radeon" driver for R770?

    - by user1709408
    I want to make dual head setup without xrandr but with Xinerama. I put "Screen 1" line into xorg.conf, but card still show identical output on DVI-2 and DVI-3 It is important to use xinerama for me (to glue three monitors), that's why i decide not to use ranrd (randr is incompatible with xinerama as i read somewhere) Here is my videocard (HD 4850 X2): lspci | grep R700 03:00.0 VGA compatible controller: Advanced Micro Devices [AMD] nee ATI R700 [Radeon HD 4850] 04:00.0 Display controller: Advanced Micro Devices [AMD] nee ATI R700 [Radeon HD 4850] Here is how monitors are connected: grep "DVI" /var/log/Xorg.0.log [ 1210.002] (II) RADEON(0): Output DVI-0 using monitor section Monitor0 [ 1210.048] (II) RADEON(0): Output DVI-1 has no monitor section [ 1210.079] (II) RADEON(0): EDID for output DVI-0 [ 1210.080] (II) RADEON(0): Printing probed modes for output DVI-0 [ 1210.128] (II) RADEON(0): EDID for output DVI-1 [ 1210.128] (II) RADEON(0): Output DVI-0 connected [ 1210.128] (II) RADEON(0): Output DVI-1 disconnected [ 1210.128] (II) RADEON(0): Output DVI-0 using initial mode 1920x1200 [ 1210.160] (II) RADEON(1): Output DVI-2 using monitor section Monitor2 [ 1210.215] (II) RADEON(1): Output DVI-3 has no monitor section [ 1210.246] (II) RADEON(1): EDID for output DVI-2 [ 1210.247] (II) RADEON(1): Printing probed modes for output DVI-2 [ 1210.299] (II) RADEON(1): EDID for output DVI-3 [ 1210.300] (II) RADEON(1): Printing probed modes for output DVI-3 [ 1210.300] (II) RADEON(1): Output DVI-2 connected [ 1210.300] (II) RADEON(1): Output DVI-3 connected [ 1210.300] (II) RADEON(1): Output DVI-2 using initial mode 1920x1200 [ 1210.300] (II) RADEON(1): Output DVI-3 using initial mode 1920x1200 Here is my /etc/X11/xorg.conf Section "ServerFlags" Option "RandR" "0" Option "Xinerama" "1" EndSection Section "ServerLayout" Identifier "Three Head Layout" Screen "MyPrecious0" Screen "MyPrecious2" RightOf "MyPrecious0" Screen "MyPrecious3" LeftOf "MyPrecious0" EndSection Section "Screen" Identifier "MyPrecious0" Monitor "Monitor0" Device "Device300" EndSection Section "Screen" Identifier "MyPrecious2" Monitor "Monitor2" Device "Device400" EndSection Section "Screen" Identifier "MyPrecious3" Monitor "Monitor3" Device "Device401" EndSection Section "Device" Identifier "Device300" BusID "PCI:3:0:0" Screen 0 Driver "radeon" EndSection Section "Device" Identifier "Device400" BusID "PCI:4:0:0" Screen 0 Driver "radeon" EndSection Section "Device" Identifier "Device401" BusID "PCI:4:0:0" Screen 1 Driver "radeon" EndSection Section "Monitor" Identifier "Monitor0" EndSection Section "Monitor" Identifier "Monitor2" EndSection Section "Monitor" Identifier "Monitor3" EndSection I tried to switch to vesa driver (didn't work for me) I tried to add options like Option "ZaphodHeads" "DVI-2" and Option "ZaphodHeads" "DVI-3" into sections "Device 400" and "Device 401" (this didn't help because "ZaphodHeads" option is for ranrd, and randr is disabled by decision) I tried to merge sections "Device 400" and "Device 401" into one section and add Option "ZaphodHeads" "DVI-2,DVI-3" (see comment about randr above) single section setup helps to change log line RADEON(1): Output DVI-3 has no monitor section into RADEON(1): Output DVI-3 using monitor section Monitor3 but nothing was enough to switch from screen cloning to separate screens. This problem (lack of documentation on radeon driver) is similar to these: Radeon display driver clones monitors while using Xinerama (moderators decision to close that problem was wrong) Ubuntu 12.10 multi-monitor setup isn't working The problem is solvable, because this hardware worked as three headed for me earlier with gentoo/xorg-server-1.3 Xorg -configure creates setup for the first monitor on the first GPU Please don't advise to use fglrx/aticonfig/amdcccle (this goes against my religion beliefs)

    Read the article

  • Web Apps vs Web Services: 302s and 401s are not always good Friends

    - by Your DisplayName here!
    It is not very uncommon to have web sites that have web UX and services content. The UX part maybe uses WS-Federation (or some other redirect based mechanism). That means whenever an authorization error occurs (401 status code), this is picked by the corresponding redirect module and turned into a redirect (302) to the login page. All is good. But in services, when you emit a 401, you typically want that status code to travel back to the client agent, so it can do error handling. These two approaches conflict. If you think (like me) that you should separate UX and services into separate apps, you don’t need to read on. Just do it ;) If you need to mix both mechanisms in a single app – here’s how I solved it for a project. I sub classed the redirect module – this was in my case the WIF WS-Federation HTTP module and modified the OnAuthorizationFailed method. In there I check for a special HttpContext item, and if that is present, I suppress the redirect. Otherwise everything works as normal: class ServiceAwareWSFederationAuthenticationModule : WSFederationAuthenticationModule {     protected override void OnAuthorizationFailed(AuthorizationFailedEventArgs e)     {         base.OnAuthorizationFailed(e);         var isService = HttpContext.Current.Items[AdvertiseWcfInHttpPipelineBehavior.DefaultLabel];         if (isService != null)         {             e.RedirectToIdentityProvider = false;         }     } } Now the question is, how do you smuggle that value into the HttpContext. If it is a MVC based web service, that’s easy of course. In the case of WCF, one approach that worked for me was to set it in a service behavior (dispatch message inspector to be exact): public void BeforeSendReply( ref Message reply, object correlationState) {     if (HttpContext.Current != null)     {         HttpContext.Current.Items[DefaultLabel] = true;     } } HTH

    Read the article

  • Problems with LDAP auth in Apache, works only for one group

    - by tore-
    Hi, I'm currently publishing some subversions repos within Apache: <Location /dev/> DAV svn SVNPath /opt/svn/repos/dev/ AuthType Basic AuthName "Subversion repo authentication" AuthBasicProvider ldap AuthzLDAPAuthoritative On AuthLDAPBindDN "CN=readonlyaccount,OU=Objects,DC=invalid,DC=now" AuthLDAPBindPassword readonlyaccountspassword AuthLDAPURL "ldap://invalid.domain:389/OU=Objects,DC=invalid,DC=domain?sAMAccountName?sub?(objectClass=*)" Require ldap-group cn=dev,ou=SVN,DC=invalid,DC=domain </Location> This setup works great, but now we want to give an LDAP group read only access to our repo, then my apache config looks like this: <Location /dev/> DAV svn SVNPath /opt/svn/repos/dev/ AuthType Basic AuthName "Subversion repo authentication" AuthBasicProvider ldap AuthzLDAPAuthoritative On AuthLDAPBindDN "CN=readonlyaccount,OU=Objects,DC=invalid,DC=now" AuthLDAPBindPassword readonlyaccountspassword AuthLDAPURL "ldap://invalid.domain:389/OU=Objects,DC=invalid,DC=domain?sAMAccountName?sub?(objectClass=*)" <Limit OPTIONS PROPFIND GET REPORT> Require ldap-group cn=dev-ro,ou=SVN,dc=invalid,dc=domain </Limit> <LimitExcept OPTIONS PROPFIND GET REPORT> Require ldap-group cn=dev-rw,ou=SVN,dc=invalid,dc=domain </LimitExcept> </Location> All of my user accounts is under: OU=Objects,DC=invalid,DC=domain All groups related to subversion is under: ou=SVN,dc=invalid,dc=domain The problem after modification, only users in the dev-ro LDAP group is able to authenticate. I know that authentication with LDAP works, since my apache logs show my usernames: 10.1.1.126 - tore [...] "GET /dev/ HTTP/1.1" 200 339 "-" "Mozilla/5.0 (...)" 10.1.1.126 - - [...] "GET /dev/ HTTP/1.1" 401 501 "-" "Mozilla/4.0 (...)" 10.1.1.126 - readonly [...] "GET /dev/ HTTP/1.1" 401 501 "-" "Mozilla/4.0 (...) line = user in group dev-rw, 2. line is unauthenticated user, 3. line is unauthenticated user, authenticated as a user in group dev-ro So I think I've messed up my apache config. Advise?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >