Search Results

Search found 1466 results on 59 pages for 'authenticate'.

Page 51/59 | < Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58 | Next Page >

HTTP Negotiate windows vs. Unix server implementation using python-kerberos

- by ondra

I tried to implement a simple single-sign-on in my python web server. I have used the python-kerberos package which works nicely. I have tested it from my Linux box (authenticating against active directory) and it was without problem. However, when I tried to authenticate using Firefox from Windows machine (no special setup, just having the user logged into the domain + added my server into negotiate-auth.trusted-uris), it doesn't work. I have looked at what is sent and it doesn't even resemble the things the Linux machine sends. This Microsoft description of the process pretty much resembles the way my interaction from Linux works, but the Windows machine generally sends a very short string, which doesn't even resemble the things microsoft documentation states, and when base64 decoded, it is something like 12 zero bytes followed by 3 or 4 non-zero bytes (GSS functions then return that it doesn't support such scheme) Either there is something wrong with the client Firefox settings, or there is some protocol which I am supposed to follow for the Negotiate protocol, but which I cannot find any reference anywhere. Any ideas what's wrong? Do you have any idea what protocol I should by trying to find, as it doesn' look like SPNEGO, at least from MS documentation.

Read the article
Are there any security issues to avoid when providing a email-or-username-can-act-as-username login

- by Tchalvak

I am in the process of moving from a "username/password" system to one that uses email for login. I don't think that there's any horrible problem with allowing either email or username for login, and I remember seeing sites that I consider somewhat respectable doing it as well, but I'd like to be aware of any major security flaws that I may be introducing. More specifically, here is the pertinent function (the query_row function parameterizes the sql). function authenticate($p_user, $p_pass) { $user = (string)$p_user; $pass = (string)$p_pass; $returnValue = false; if ($user != '' && $pass != '') { // Allow login via username or email. $sql = "SELECT account_id, account_identity, uname, player_id FROM accounts join account_players on account_id=_account_id join players on player_id = _player_id WHERE lower(account_identity) = lower(:login) OR lower(uname) = lower(:login) AND phash = crypt(:pass, phash)"; $returnValue = query_row($sql, array(':login'=>$user, ':pass'=>$pass)); } return $returnValue; } Notably, I have added the WHERE lower(account_identity) = lower(:login) OR lower(uname) = lower(:login) ...etc section to allow graceful backwards compatibility for users who won't be used to using their email for the login procedure. I'm not completely sure that that OR is safe, though. Are there some ways that I should tighten the security of the php code above?

Read the article
Cannot connect to SQL Server from ASP.NET MVC app

- by Dan Fergus

I have an ASP.NET MVC app that has on a hosted server for over a year, connecting to SQL Server. I've had to change hosting services, the new one supports MVC 1.0. I've also moved a non MVC ASP app to the same hosting service. Now, MY MVC based app retturnes this error when I try to validate a user login. A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) Now, the non-MVC app can access the exact same database and authenticate users just fine. The MVC app, when run from my dev box connects fine. It also run/connects/authenticates without problem when I install and run the site from an internal SQL 2008 server running IIS 7. I, along with the hosting support techs, am at a loss how the exact same connect string works every where except on the hosted server, and only when run from inside an ASP.NET MVC web app. Any ideas would be greatly appreciated.

Read the article
how to put header authentication into a form using php?

- by SkyWookie

Hey guys, for the page I am doing needs a login authentication using Twitter (using tweetphp API). For test purposes I used this code below to do a successful login: if (!isset($_SERVER['PHP_AUTH_USER'])){ header('WWW-Authenticate: Basic realm="Enter your Twitter username and password:"'); header('HTTP/1.0 401 Unauthorized'); echo 'Please enter your Twitter username and password to view your followers.'; exit(); } $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; The problem now is, I want to integrate it into a form, so far I have the following: <form action="logincheck.php" method="post" class="niceform" > <fieldset> <legend>Twitter Login:</legend> <dl> <dt><label for="email">Twitter Username:</label></dt> <dd><input type="text" name="username" id="username" size="32" maxlength="128" /></dd> </dl> <dl> <dt><label for="password">Password:</label></dt> <dd><input type="password" name="password" id="password" size="32" maxlength="32" /></dd> </dl> </fieldset> <fieldset class="action"> <input type="submit" name="submit" id="submit" value="Submit" /> I am sending it to logincheck.php, this is where I think I get stuck. I am not sure how to compare the form data with Twitter's login data. I was trying a similar if statement as I used in the first code (box that pops up before page loads), but I couldn't wrap my head around it. Thanks again guys!

Read the article
How to build a simulation of a login hardware token in .Net

- by Michel

Hi, i have a hardware token for remote login to some citrix environment. When i click the button on the device, i get an id and i can use that to login to the citrix farm. I can click the button as much as i like, and every time a new code gets generated, and they all work. Now i want to secure my private website likewise, but not with the hardware token, but with a 'token app' on my phone. So i run an app on my phone, generate a key, and use that to (partly) authenticate myself on the server. But here's the point: i don't know how it works! How can i generate 1, 2 or 100 keys at one time which i can see (on the server) are all valid, but without the server and the phone app having contact (the hardware token also is an 'offline' solution). Can you help me with a hint how i would do this? This is what i thought of so far: the phone app and the server app know (hardcoded) the same encryption key. The phone app encrypts the current time. The server app decrypts the string to the current time and if the diff between that time and the actual server time is less than 10 minutes it's an ok. Difficult for other users to fake a key, but encryption gives such nasty strings to enter, and the hardware token gives me nice things like 'H554TU8' And this is probably not how the real hardware token works, because the server and the phone app must 'know' the same encryption key. Michel

Read the article
Java Client interoperating with WSE 3.0 Web Service

- by Dee

I have a Interoperable Security Token Service (STS) that authenticates the User and then issues a SAML token. I also have transaction services that expects the SAML token in the incoming SOAP request header. For a client to make a call to transaction service, it first needs to authenticate with the STS, get the SAML token and then make a call to the transaction services. The STS is an interoperable service and can be invoked from a Java client. The Transaction services are build using WSE 3.0 framework, but the WSDL that it generates is not good enough for a Java client to understand it. I want my Java client to explicitly call the STS and then using the received SAML token make a call to Transaction Services. I tried with Netbeans and Metro WSIT toolkit. I was able to call the Transaction Services if it were implemented using WCF. With WCF Transaction Service the WSDL generated has complete information using which the Java client can figure out how to call to STS and then call the WCF Transaction service. How can my Java client explicitly call the STS and then in turn call the WSE 3.0 transaction services?

Read the article
C++ socket concurrent server

- by gregpi

Hi all; Im writing a concurrent server that's supposed to have a communication channel and a data channel. The client initially connect to the communication channel to authenticate, upon successful authentication, the client is then connected to the data channel to access data. My program is already doing that, and im using threads.My only issue is that if I try to connect another client, I get a "cannot bind : address already in use" error. I have it this way: PART A Client connect to port 4567 (and enter his login info). A thread spawn to handle the client(repeated for each client that connects). In the thread created, I have a function(let's call it FUNC_A) that checks the client's login info(dont worry about how the check is done), if successful, the thread starts the data server(listening on 8976) then sends an OK to the client, once received the client attempts to connect to the data server. PART B Once a client connect to the data server, from inside FUNC_A the client is accepted and another thread is spawn to handle the client's connection to the data server.(hopefully everything is clear). Now, all that is working fine. However, if I try to connect with second client when it gets to PART B I get a "cannot bind error: address already in use". I've tried so many different ways, I've even tried spawning a thread to start the data server and accept the client and then start another thread to handle that connection. still no luck. Please give me a suggestion as to what I'm doing wrong, how do I go about doing this or what's the best way to implement it. Thank you

Read the article
DWR and Spring Security - User is deauthenticated in few seconds

- by Vojtech

I am trying to implement user authentication via DWR as follows: public class PublicRemote { @Autowired @Qualifier("authenticationManager") private AuthenticationManager authenticationManager; public Map<String, Object> userLogin(String username, String password, boolean stay) { Map<String, Object> map = new HashMap<>(); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password); try { Authentication authentication = authenticationManager.authenticate(authRequest); SecurityContextHolder.getContext().setAuthentication(authentication); map.put("success", "true"); } catch (Exception e) { map.put("success", "false"); } return map; } public Map<String, Object> getUserState() { Map<String, Object> map = new HashMap<>(); Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); boolean authenticated = authentication != null && authentication.isAuthenticated(); map.put("authenticated", authenticated); if (authenticated) { map.put("authorities", authentication.getAuthorities()); } return map; } } The authentication works correctly and by calling getUserState() I can see that the user is successfully logged in. The problem is that this state will stay only for few seconds. In probably 5 seconds, the getAuthentication() starts returning null. Is there some problem with session in DWR or is it some misconfiguration of Spring Security?

Read the article
Facebook Connect Login redirecting in Chrome and Safari

- by Lobe

I am having a problem with Facebook Connect that I can't seem to get my head around. A user clicks on the fb-login button, the pop up appears and they authenticate, the pop up closes and the on-login function is called. This happens in IE and Firefox as is expected. However in Chrome and Safari, the pop up redirects to the canvas url and doesn't close. Also the on-login function isn't called. I have googled and it seems to be something to do with the xd-receiver.htm file, however it seems weird that it is working in IE and Firefox but not Chrome or Safari. Thanks The facebook javascript <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php/en_US" type="text/javascript"></script> <script type="text/javascript">FB.init("xxxxxxxxxxxxxxxxxx","xd_receiver.htm");</script> And the button <fb:login-button v="2" size="large" onlogin='window.location = "http://www.xxxxxxxxxx.com/development/redirect.php?size=large";'>Connect</fb:login-button> Obviously with Appid and domain hidden. Any ideas? EDIT: After a bit more playing around it turned out that I didn't have my base domain set in Facebook settings. Why it works in some browsers and not others beats me, however it works now. Thanks NSD for your suggestion.

Read the article
Kohana 3.2 - Database Session losing data on new Page Request

- by reado

I've setup my dev Kohana server to use an encrypted database as the default Session type. I'm also using this in combination with Auth to implement user authentication. Right now my user's are able to authenticate correctly and the authentication keys are being stored in the session. I'm also storing additional data like the user's firstname and businessname during the login procedure. When my login function is ready to redirect the user to the user dashboard, I'm able to see all the data correctly when I do $session::instance()->as_array(); (Array ( [auth_user] => NRyk6lA8 [businessname] => Dudetown [firstname] => Matt )) As soon as I redirect the user to another page, $session::instance()->as_array(); is empty. By dumping out the Session::instance() object, I can see that the Session id's are still the same. When I look at my database table though, i dont see any session records being saved and my session table is empty. My bootstrap.php contains: Session::$default = 'database'; Cookie::$salt = 'asdfasdf'; Cookie::$expiration = 1209600; Cookie::$domain = FALSE; and my session.php config file looks like: return array( 'database' => array( 'name' => 'auth_user', 'encrypted' => TRUE, 'lifetime' => 24 * 3600, 'group' => 'default', 'table' => 'sessions', 'columns' => array( 'session_id' => 'session_id', 'last_active' => 'last_active', 'contents' => 'contents' ), 'gc' => 500, ), ); I've looked high and low for an answer.. if anyone has any suggestions, i'm all ears! Thanks!

Read the article
Are there any security issues to avoid when providing a either-email-or-username-can-act-as-username

- by Tchalvak

I am in the process of moving from a "username/password" system to one that uses email for login. I don't think that there's any horrible problem with allowing either email or username for login, and I remember seeing sites that I consider somewhat respectable doing it as well, but I'd like to be aware of any major security flaws that I may be introducing. More specifically, here is the pertinent function (the query_row function parameterizes the sql). function authenticate($p_user, $p_pass) { $user = (string)$p_user; $pass = (string)$p_pass; $returnValue = false; if ($user != '' && $pass != '') { // Allow login via username or email. $sql = "SELECT account_id, account_identity, uname, player_id FROM accounts join account_players on account_id=_account_id join players on player_id = _player_id WHERE lower(account_identity) = lower(:login) OR lower(uname) = lower(:login) AND phash = crypt(:pass, phash)"; $returnValue = query_row($sql, array(':login'=>$user, ':pass'=>$pass)); } return $returnValue; } Notably, I have added the WHERE lower(account_identity) = lower(:login) OR lower(uname) = lower(:login) ...etc section to allow graceful backwards compatibility for users who won't be used to using their email for the login procedure. I'm not completely sure that that OR is safe, though. Are there some ways that I should tighten the security of the php code above?

Read the article
Protecting sensitive entity data

- by Andreas

Hi, I'm looking for some advice on architecture for a client/server solution with some peculiarities. The client is a fairly thick one, leaving the server mostly to peristence, concurrency and infrastructure concerns. The server contains a number of entities which contain both sensitive and public information. Think for example that the entities are persons, assume that social security number and name are sensitive and age is publicly viewable. When starting the client, the user is presented with a number of entities, not disclosing any sensitive information. At any time the user can choose to log in and authenticate against the server, given the authentication is successful the user is granted access to the sensitive information. The client is hosting a domain model and I was thinking of implementing this as some kind of "lazy loading", making the first request instantiating the entities and later refreshing them with sensitive data. The entity getters would throw exceptions on sensitive information when they've not been disclosed, f.e.: class PersonImpl : PersonEntity { private bool undisclosed; public override string SocialSecurityNumber { get { if (undisclosed) throw new UndisclosedDataException(); return base.SocialSecurityNumber; } } } Another more friendly approach could be to have a value object indicating that the value is undisclosed. get { if (undisclosed) return undisclosedValue; return base.SocialSecurityNumber; } Some concerns: What if the user logs in and then out, the sensitive data has been loaded but must be disclosed once again. One could argue that this type of functionality belongs within the domain and not some infrastructural implementation(i.e. repository implementations). As always when dealing with a larger number of properties there's a risk that this type of functionality clutters the code Any insights or discussion is appreciated!

Read the article
Cross-Origin Resource Sharing (CORS) - am I missing something here?

- by David Semeria

I was reading about CORS (https://developer.mozilla.org/en/HTTP_access_control) and I think the implementation is both simple and effective. However, unless I'm missing something, I think there's a big part missing from the spec. As I understand, it's the foreign site that decides, based on the origin of the request (and optionally including credentials), whether to allow access to its resources. This is fine. But what if malicious code on the page wants to POST a user's sensitive information to a foreign site? The foreign site is obviously going to authenticate the request. Hence, again if I'm not missing something, CORS actually makes it easier to steal sensitive information. I think it would have made much more sense if the original site could also supply an immutable list of servers its page is allowed to access. So the expanded sequence would be: 1) Supply a page with list of acceptable CORS servers (abc.com, xyz.com, etc) 2) Page wants to make an XHR request to abc.com - the browser allows this because it's in the allowed list and authentication proceeds as normal 3) Page wants to make an XHR request to malicious.com - request rejected locally (ie by the browser) because the server is not in the list. I know that malicious code could still use JSONP to do its dirty work, but I would have thought that a complete implementation of CORS would imply the closing of the script tag multi-site loophole. I also checked out the official CORS spec (http://www.w3.org/TR/cors) and could not find any mention of this issue.

Read the article
Integrated Windows authentication in IIS causing ADO.NET failure

- by TrueWill

We have a .NET 3.5 Web Service running under IIS. It must use identity impersonate="true" and Integrated Windows authentication in order to authenticate to third-party software. In addition, it connects to a SQL Server database using ADO.NET and SQL Server Authentication (specifying a fixed User ID and Password in the connection string). Everything worked fine until the database was moved to another SQL Server. Then the Web Service would throw the following exception: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) This error only occurs if identity impersonate is true in the Web.config. Again, the connection string hasn't changed and it specifies the user. I have tested the connection string and it works, both under the impersonated account and under the service account (and from both the remote machine and the server). What needs to be changed to get this to work with impersonation?

Read the article
Why does an authorized OAuth request token need to be exchanged for an access token?

- by Joe Shaw

I'm wondering what the reasons are for OAuth to require a round-trip to the data provider to exchange an authorized request token for an access token. My understanding of the OAuth workflow is: Requesting site (consumer) gets a request token from the data provider site (service provider). Requesting site asks the data provider site to authenticate the user, passing in a callback. Once the user has been authenticated and authorized the requesting site, the user is directed back to the requesting site (consumer) via the callback provided which passes back the now-authorized request token and a verification code. The requesting site exchanges the request token for an access token. The requesting site uses the access token to get data from the data provider site. Assuming I got that right, why couldn't the callback simply provide the access token to the requesting site directly in step 3, eliminating step 4? Why is the request to exchange the request token for the access token necessary? Does it exist solely for consumers that require users to enter the verification code manually, with the thought that it would be shorter and simpler than the access token itself?

Read the article
Windows Forms application C# | Sending Tweet

- by Andrew Craswell

I've been able to get my Twitter web app working just fine, but I've recently decided to add Tweeting functionality from a Windows Form, but I'm having no luck sending tweets. No errors are thrown or anything. Mind looking over my code? using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Windows.Forms; using TweetSharp; namespace TwitterAdvirtiser { public partial class Form1 : Form { private string cKey = "xxx"; private string cSecret = "xxx"; private string oToken = "xxx"; private string aToken = "xxx"; public Form1() { InitializeComponent(); OnStart(); } private void OnStart() { //Authenticate with Twitter TwitterService service = new TwitterService(cKey, cSecret); service.AuthenticateWith(oToken, aToken); service.SendTweet("testing"); } } } It seems like I'm authenticating just fine, I can walk through debug mode and see all my details in the TwitterUser structure, and yet my tweets never show up on my feed. Whats up? By the way, I'm using Visual Studios 2010, and .NET 4.0. I have verified that the oToken and aToken strings have my developer tokens.

Read the article
Rails 3, Devise and custom controller action

- by Johnny Klassy

routes.rb match 'agencies/stub' => 'agencies#stub', :via => :get resources :agencies Here's the rake routes dump agencies_stub GET /agencies/stub(.:format) {:controller=>"agencies", :action=>"stub"} agencies GET /agencies(.:format) {:action=>"index", :controller=>"agencies"} POST /agencies(.:format) {:action=>"create", :controller=>"agencies"} new_agency GET /agencies/new(.:format) {:action=>"new", :controller=>"agencies"} edit_agency GET /agencies/:id/edit(.:format) {:action=>"edit", :controller=>"agencies"} agency GET /agencies/:id(.:format) {:action=>"show", :controller=>"agencies"} PUT /agencies/:id(.:format) {:action=>"update", :controller=>"agencies"} DELETE /agencies/:id(.:format) {:action=>"destroy", :controller=>"agencies"} Devise is setup to have all agenciesroutes only accessible as admin. The call I'm testing with is http://xyz:12345@localhost:3000/agencies/stub but it doesn't authenticate properly, ie, it doesn't recognize it as admin and throws me back to the Devise login page. The creds are a valid admin account. I'm baffled and have no idea why this is happening. Any insights will be much appreciated.

Read the article
Need Help with .NET OpenId HttpHandler

- by Mark E

I'm trying to use a single HTTPHandler to authenticate a user's open id and receive a claimresponse. The initial authentication works, but the claimresponse does not. The error I receive is "This webpage has a redirect loop." What am I doing wrong? public class OpenIdLogin : IHttpHandler { private HttpContext _context = null; public void ProcessRequest(HttpContext context) { _context = context; var openid = new OpenIdRelyingParty(); var response = openid.GetResponse(); if (response == null) { // Stage 2: user submitting Identifier openid.CreateRequest(context.Request.Form["openid_identifier"]).RedirectToProvider(); } else { // Stage 3: OpenID Provider sending assertion response switch (response.Status) { case AuthenticationStatus.Authenticated: //FormsAuthentication.RedirectFromLoginPage(response.ClaimedIdentifier, false); string identifier = response.ClaimedIdentifier; //****** TODO only proceed if we don't have the user's extended info in the database ************** ClaimsResponse claim = response.GetExtension<ClaimsResponse>(); if (claim == null) { //IAuthenticationRequest req = openid.CreateRequest(identifier); IAuthenticationRequest req = openid.CreateRequest(Identifier.Parse(identifier)); var fields = new ClaimsRequest(); fields.Email = DemandLevel.Request; req.AddExtension(fields); req.RedirectingResponse.Send(); //Is this correct? } else { context.Response.ContentType = "text/plain"; context.Response.Write(claim.Email); //claim.FullName; } break; case AuthenticationStatus.Canceled: //TODO break; case AuthenticationStatus.Failed: //TODO break; } } }

Read the article
Codeigniter only loads the default controller

- by fh47331

I am very new to CodeIgniter, but have been programming PHP for ages. I'm writing some software at the moment and using CI for the first time with it. The default controller is set to the first controller I want to action call 'login' (the controller is login.php, the view is login.php. When the form is submitted it calls the 'authenticate' controller. This executes fine, process the login data correctly and then does a redirect command (without any output to the screen prior) to the next page in this case 'newspage'. The problem is that the redirect, never reaches 'newspage' but the default controller runs again. It doesn't matter what I put ... ht tp://domain.name/anything ... (yes im using .htaccess to remove the index.php) the anything never gets called, just the default controller. I have left the standard 'welcome.php' controller and 'welcome_message.php' in the folders and even putting ht tp://domain.name/welcome all I get is the login screen! (Obviously there shouldn't be a space between the http - thats just done so it does not show as a hyperlink!) Can anyone tell me what i've done wrong!

Read the article
How does this Bookmarklet allow you to stay signed into this site?

- by Abs

Hello all, I have come across Evernote's bookmarklet and was wondering how this worked. You can just drag it to your bookmark and go to any webpage, click that bookmarklet and it will first ask you to login in. All this I have done already and know how it works. The bit that I don't understand is that when you log in they authenticate you and allow you to submit stuff (in this case, a site url etc). When you are done the bookmarklet which placed a small overlay on the page you are viewing disappears. When you go to a new tab and use the bookmarklet again you are still logged in! How? I can see they are using an iFrame when their bookmarklet loads the overlay onto the page - but do they set cookies or something? If so, is this secure? Anyone can change the values? Or are they using some sort of private/public key system Btw, I would like to replicate this Bookmarklet using PHP/Javascript(JQuery maybe). I would appreciate if anyone can help me understand how they do this or point me to relevant tutorials. Thanks all for any help.

Read the article
Bing search API and Azure

- by Gapton

I am trying to programatically perform a search on Microsoft Bing search engine. Here is my understanding: There was a Bing Search API 2.0 , which will be replaced soon (1st Aug 2012) The new API is known as Windows Azure Marketplace. You use different URL for the two. In the old API (Bing Search API 2.0), you specify a key (Application ID) in the URL, and such key will be used to authenticate the request. As long as you have the key as a parameter in the URL, you can obtain the results. In the new API (Windows Azure Marketplace), you do NOT include the key (Account Key) in the URL. Instead, you put in a query URL, then the server will ask for your credentials. When using a browser, there will be a pop-up asking for a/c name and password. Instruction was to leave the account name blank and insert your key in the password field. Okay, I have done all that and I can see a JSON-formatted results of my search on my browser page. How do I do this programmatically in PHP? I tried searching for the documentation and sample code from Microsoft MSDN library, but I was either searching in the wrong place, or there are extremely limited resources in there. Would anyone be able to tell me how do you do the "enter the key in the password field in the pop-up" part in PHP please? Thanks alot in advance.

Read the article
asp.net, wcf authentication and caching

- by andrew

I need to place my app business logic into a WCF service. The service shouldn't be dependent on ASP.NET and there is a lot of data regarding the authenticated user which is frequently used in the business logic hence it's supposed to be cached (probably using a distributed cache). As for authentication - I'm going to use two level authentication: Front-End - forms authentication back-end (WCF Service) - message username authentication. For both authentications the same custom membership provider is supposed to be used. To cache the authenticated user data, I'm going to implement two service methods: 1) Authenticate - will retrieve the needed data and place it into the cache(where username will be used as a key) 2) SignOut - will remove the data from the cache Question 1. Is correct to perform authentication that way (in two places) ? Question 2. Is this caching strategy worth using or should I look at using aspnet compatible service and asp.net session ? Maybe, these questions are too general. But, anyway I'd like to get any suggestions or recommendations. Any Idea

Read the article
using asp.net membership provider in a dll

- by Keith Barrows

I've used Membership Providers in web apps over the last several years. I now have a new "request" for an internal project at work. They would like a service (not a web service) to do a quick authenticate against. Basically, exposing the ValidateUser(UserName, Password) method... I am building this in a DLL that will sit with our internal web site. What is the best approach to make this work? The DLL will not reference the web app and the web app will reference the DLL. How do I make the DLL aware of the Membership Provider? TIA PS: If this has been answered elsewhere please direct me to that... EDIT: I found an article on using ASP.NET Membership with WinForms and/or WPF applications. Unfortunately, these depend on an app.config file. A DLL appears to not use the app.config once published. If I am wrong, please set me straight! The article is here: http://aspalliance.com/1595_Client_Application_Services__Part_1.all

Read the article
S3 file Uploading from Mac app though PHP?

- by Ilija Tovilo

I have asked this question before, but it was deleted due too little information. I'll try to be more concrete this time. I have an Objective-C mac application, which should allow users to upload files to S3-storage. The s3 storage is mine, the users don't have an Amazon account. Until now, the files were uploaded directly to the amazon servers. After thinking some more about it, it wasn't really a great concept, regarding security and flexibility. I want to add a server in between. The user should authenticate with my server, the server would open a session if the authentication was successful, and the file-sharing could begin. Now my question. I want to upload the files to S3. One option would be to make a POST-request and wait until the server would receive the file. Problems here are, that there would be a delay, when the file is being uploaded from my server to the S3 servers, and it would double the uploading time. Best would be, if I could validate the request, and then redirecting it, so the client uploads it directly to the s3-storage. Not sure if this is possible somehow. Uploading directly to S3 doesn't seem to be very smart. After looking into other apps like Droplr and Dropmark, it looks like they don't do this. Btw. I did this using Little Snitch. They have their api on their own web-server, and that's it. Could someone clear things up for me? EDIT How should I transmit my files to S3? Is there a way to "forward" it, or do I have to upload it to my server and then upload it from there to S3? Like I said, other apps can do this efficiently and without the need of communicating with S3 directly.

Read the article
PHP mail may be filtered out by spam?

- by Derek

I am creating a small company, and would like to send out emails to my clients once they have signed up for my service to activate their accounts. I am currently using PHP's mail() function, however I am worried that my emails are being filtered out by spam filters. Is there a better way to go about this? $email = 'XZY Client Email address @ somedomain.com'; $emailSubject = "Welcome to XYZ Service!"; $to = $email; $subject .= "".$emailSubject.""; $headers .= "From: [email protected]\r\n" . "X-Mailer: php"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; $message = "<html><body>"; $message .= "Welcome to XYZ Service! \n Activate your account by clicking the following link: link..."; mail($to, $subject, $message, $headers); Is there a way to authenticate these emails so that my clients know that they are from my actual service? Thank you in advance!

Read the article

< Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58 | Next Page >