Search Results

Search found 15558 results on 623 pages for 'basic authentication'.

Page 51/623 | < Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58 | Next Page >

System.Net.WebClient doesn't work with Windows Authentication

- by Peter Hahndorf

I am trying to use System.Net.WebClient in a WinForms application to upload a file to an IIS6 server which has Windows Authentication as it only 'Authentication' method. WebClient myWebClient = new WebClient(); myWebClient.Credentials = new System.Net.NetworkCredential(@"boxname\peter", "mypassword"); byte[] responseArray = myWebClient.UploadFile("http://localhost/upload.aspx", fileName); I get a 'The remote server returned an error: (401) Unauthorized', actually it is a 401.2 Both client and IIS are on the same Windows Server 2003 Dev machine. When I try to open the page in Firefox and enter the same correct credentials as in the code, the page comes up. However when using IE8, I get the same 401.2 error. Tried Chrome and Opera and they both work. I have 'Enable Integrated Windows Authentication' enabled in the IE Internet options. The Security Event Log has a Failure Audit: Logon Failure: Reason: An error occurred during logon User Name: peter Domain: boxname Logon Type: 3 Logon Process: ÈùÄ Authentication Package: NTLM Workstation Name: boxname Status code: 0xC000006D Substatus code: 0x0 Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 127.0.0.1 Source Port: 1476 I used Process Monitor and Fiddler to investigate but to no avail. Why would this work for 3rd party browsers but not with IE or System.Net.WebClient?

Read the article
Can not call web service with basic authentication using WCF

- by RexM

I've been given a web service written in Java that I'm not able to make any changes to. It requires the user authenticate with basic authentication to access any of the methods. The suggested way to interact with this service in .NET is by using Visual Studio 2005 with WSE 3.0 installed. This is an issue, since the project is already using Visual Studio 2008 (targeting .NET 2.0). I could do it in VS2005, however I do not want to tie the project to VS2005 or do it by creating an assembly in VS2005 and including that in the VS2008 solution (which basically ties the project to 2005 anyway for any future changes to the assembly). I think that either of these options would make things complicated for new developers by forcing them to install WSE 3.0 and keep the project from being able to use 2008 and features in .NET 3.5 in the future... ie, I truly believe using WCF is the way to go. I've been looking into using WCF for this, however I'm unsure how to get the WCF service to understand that it needs to send the authentication headers along with each request. I'm getting 401 errors when I attempt to do anything with the web service. This is what my code looks like: WebHttpBinding webBinding = new WebHttpBinding(); ChannelFactory<MyService> factory = new ChannelFactory<MyService>(webBinding, new EndpointAddress( "http://127.0.0.1:80/Service/Service/")); factory.Endpoint.Behaviors.Add(new WebHttpBehavior()); factory.Credentials.UserName.UserName = "username"; factory.Credentials.UserName.Password = "password"; MyService proxy = factory.CreateChannel(); proxy.postSubmission(_postSubmission); This will run and throw the following exception: "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=realm'." And this has an inner exception of: "The remote server returned an error: (401) Unauthorized." Any thoughts about what might be causing this issue would be greatly appreciated.

Read the article
End-to-end kerberos delegated authentication in ASP.NET

- by Erlend

I'm trying to setup an internal website that will contact another backend service within the network on behalf of the user using a HttpWebRequest. I have to use Integrated Windows Authentication on the ASP.NET application as the backend system only supports this type of authentication. I'm able to setup IWA on the ASP.NET application, and it's using kerberos as I expect it to. However when the authentication is delegated to the backend system it doesn't work anymore. This is because the backend system only supports kerberos IWA, but the delegation for some reason - even though the incoming request is kerberos authenticated - converts the authentication to NTLM before forwaring to the backend system. Does anybody know what I need to do on the ASP.NET application in order to allow it to forward the identity using kerberos? I've currently tried the followin but it doesn't seem to work CredentialCache credentialCache = new CredentialCache(); credentialCache.Add(request.RequestUri, "Negotiate", CredentialCache.DefaultCredentials.GetCredential(request.RequestUri, "Kerberos")); request.Credentials = credentialCache; I've also tried to set "Kerberos" where it now says "Negotiate", but it doesn't seem to do much.

Read the article
Facebook Graph API authentication in canvas app and track session

- by cdpnet

Short question is: how can i use graph api oauth redirects mechanism to authenticate user and save retrieved access_token and also use javascript SDK when needed (the problem is javascript SDK will have different access_token when initialized). I have initially setup my facebook iframe canvas app, with single sign on. This works well with graph api, as I am able to use access_token saved by facebook's javascript when it detects sessionchange(user logged in). But, I want to rather not do single sign-on. But, use graph api redirect and force user to send to a permissions dialog. But, if he has already given permissions, I shouldn't redirect user. How to handle this? Another question: I have done graph api redirects for authentication and have retrieved access_token also. But then, what if I want to use javascript call FB.ui to do stream.Publish? I think it will use it's own access_token which is set during FB.init and detecting session. So, I am looking for some path here. How to use graph api for authentication and also use facebook's javascript SDK when needed. P.S. I'm using ASP .NET MVC 2. I have an authentication filter developed, which needs to detect the user's authentication state and redirect.(currently it does this to graph api authorize url)

Read the article
Spring Security 3.0 - Intercept-URL - All pages require authentication but one

- by gav

Hi All, I want any user to be able to submit their name to a volunteer form but only administrators to be able to view any other URL. Unfortunately I don't seem to be able to get this correct. My resources.xml are as follows; <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http realm = "BumBumTrain Personnel list requires you to login" auto-config="true" use-expressions="true"> <http-basic/> <intercept-url pattern="/person/volunteer*" access=""/> <intercept-url pattern="/**" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans> Specifically I am trying to achieve the access settings I described via; <intercept-url pattern="/person/volunteer*" access=""/> <intercept-url pattern="/**" access="isAuthenticated()" /> Could someone please describe how to use intercept-url to achieve the outcome I've described? Thanks Gav

Read the article
Spring Security 3.0- Customise basic http Authentication Dialog

- by gav

Rather than reading; A user name and password are being requested by http://localhost:8080. The site says: "Spring Security Application" I want to change the prompt, or at least change what the "site says". Does anyone know how to do this via resources.xml? In my Grails App Spring configuration, my current version is as follows; <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http auto-config="true" use-expressions="true"> <http-basic/> <intercept-url pattern="/**" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans>

Read the article
Replacing mysql user authentication with openid

- by David

So, I'm working with a really old system which uses a person's mysql database credentials to authenticate to a web site (the database was originally only accessed from the command line, but is now accessed from a php frontend). Because of some internal reasons (and to preserve the user's history), I have to leave the old authentication intact. I've been charged with adding openid authentication to this system. Somehow I need to be able to retrieve a users mysql username and password upon logging into the site through openid (using the Zend framework, by the way). I've thought of simply requiring registration at the first login, where the user must provide their mysql credentials, but I'd rather not store the password plain text. I've also considered blanking everyone's mysql passwords, and just setting the user's mysql username manually (rather than having the user provide this, since they could provide any username). This is turning into a security nightmare. Does anyone have any suggestions for alternatives? This is running on a Linux server, by the way. Also, I can't use mysql pluggable authentication because the mysql version is 5.0 (pluggable authentication requires mysql 5.5), and no, I can't update it.

Read the article
How do I grant anonymous access to a url using FormsAuthentication?

- by Brian Bolton

For the most part, my webapp requires authentication to do anything. There are a few pages, namely the homepage, that I'd like people to be able to access without authenticating. Specifically, I'd like to allow anonymous access to these urls: /home /default.aspx I'm using asp.net MVC and FormsAuthentication. Both urls point to the same view: /home/index.aspx Here is my current configuration in web.config. <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> <authorization> <deny users="?" /> </authorization> Reading the documentation for the authorization tag, it says "Configures the authorization for a Web application, controlling client access to URL resources." It seems like I should be able to use the authorization tag to specify a url and allow access. Something like: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> <authorization> <deny users="?" /> </authorization> <authorization url="/default.aspx"> <allow users="?" /> </authorization> <authorization url="/home"> <allow users="?" /> </authorization>

Read the article
Consuming SharePoint Web Services fails when behind Proxy server

- by Jan Petersen

Hi All, I've seen a number of post about consuming Web Services from behind a proxy server, but none that seams to address this problem. I'm building a desktop application, using Java, JAX-WS in NetBeans. I have a working prototype, that can query the server for authentication mode, successfully authenticate and retrieve a list of web site. However, if I run the same app from a network that is behind a proxy server (the proxy does not require authentication), then I'm running into trouble. The normal -dhttp.proxyHost ... settings does not seam to help any. But I have found that by creating a ProxySelector class and setting it as default, I can regain access to the authentication web service, but I still can't retrieve the list of web sites from the SharePoint server. Anyone have any experience on how to make this work? I have put the source text java class files of a demo app up, showing the issue at the following urls (it's a bit to long even in the short demo form to post here). link text When running the code from a network behind a proxy server, I successfully retrieve the Authentication mode from the server, but the request for the Web Site list generates an exception originating at: com.sun.xml.internal.ws.transport.http.client .HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:201) The output from the source when no proxy is on the network is listed below: Successfully retrieved the SharePoint WebService response for Authentication SharePoint authentication method is: WINDOWS Calling Web Service to retrieve list of web site. Web Service call response: -------------- XML START -------------- <Webs xmlns="http://schemas.microsoft.com/sharepoint/soap/"> <Web Title="Collaboration Lab" Url="http://host.domain.com/collaboration"/> <Web Title="Global Data Lists" Url="http://host.domain.com/global_data_lists"/> <Web Title="Landing" Url="http://host.domain.com/Landing"/> <Web Title="SharePoint HelpDesk" Url="http://host.domain.com/helpdesk"/> <Web Title="Program Management" Url="http://host.domain.com/programmanagement"/> <Web Title="Project Site" Url="http://host.domain.com/Project Site"/> <Web Title="SharePoint Administration Tools" Url="http://host.domain.com/admin"/> <Web Title="Space Management Project" Url="http://host.domain.com/spacemgmt"/> </Webs> -------------- XML END -------------- Br Jan

Read the article
Authenticate sites with different domain names using the Facebook API

- by Onema

We have a CMS that supports multiple sites, one of our features allows our users (The site admin) to connect to the site facebook account to allow status updates, create events and upload pictures to FB from with in the CMS. The authentication needs to occur once since each site may have multiple site admins that do not have access to the site FB user name and password. We use iframe and authenticate using $facebook-require_login() which redirects the user to the FB login and authentication pages. All this works just fine but when the user hits "Allow" the authentication will break as it will only redirect to whatever is in the "Post-Authorize Redirect URL" field making the app obsolete for any other domain except the one in the "Post-Authorize Redirect URL" I know other API's authentication methods like in Vimeo and YouTube will allow you to specify a NEXT parameter which is the equivalent of the "Post-Authorize Redirect URL" and it can be set at run time. How can I make this work for multiple domain names? Any hints on this issue will be of great help

Read the article
ReturnUrl = Default.aspx for MVC?

- by Cynthia

I'm trying to secure my entire MVC site, so before the Home controller, I added an [Authorize] attribute. Now if you run it from Visual Studio or navigate using the root URL (e.g. http://localhost:2897) it does redirect to the login page, as expected. However the URL in the address bar after redirection looks like this: http://localhost:2897/Account/LogOn?ReturnUrl=%2fdefault.aspx%3f I haven't tested this out, seeing as I have not implemented my authentication code. However, this looks like a big problem to me, since I do not have a default.aspx in my project! My authentication tag in the web.config looks like this: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" defaultUrl="~/Home/Index" timeout="2880"/> </authentication> Why doesn't it pick up this route as the default ReturnUrl instead of default.aspx?

Read the article
REST API unauthenticated requests exception based on the User-Agent

- by Shay Tsadok

Hi All, I am developing a REST API that supports two kinds of authentication protocols: login form authentication - for browser based clients. Simple Basic authentication - for non-browser clients. I developed a flow in which unauthenticated requests redirected to the "login form", the problem is that this is an undesired behavior for non-borwser clients! I thought to solve it by decide according to the "User-Agent" what to do: browsers will be redirected to the "login form" and non-browser clients will get the standard 401:Basic Authentication. A. What do you think about this solution? B. Is there a standard way in Java to check if the request came from browser, or do i need to develop this kind of mechanism by my own? Thanks in advance!

Read the article
CSRF protection and cross site form access

- by fl00r

Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

Read the article
How do I ensure my C# software can access the internet in a Citrix + ISA environment?

- by TomFromThePool

Hi everyone, A client recently informed us that deployment of our software in their environment has failed due to a proxy error when the software attempts to access the internet. The client has a combination of Citrix and Microsoft's ISA server. The software allows the use of a proxy and the ability to manually enter authentication information, or automatically retrieve the current system proxy settings. The error returned is the standard 407 authentication error, but the client assures us that they have entered the authentication information required. They have also shown us the snippet of the ISA error logs which identify the client as Anonymous and the authentication protocol as Basic. I have a few questions I suppose: How should I go about dealing with the ISA server in my code? I have no real experience with this environment and am assuming that the ISA server is treated like any other proxy. If I am mistaken, what should I be doing? Does ISA allow the administrator to disallow specific authentication protocols - and if this is the case and 'Basic' auth is disallowed, would it still return a 407 error? Could the Citrix environment have caused this issue? Is there any particular way to ensure that my software will work in such an environment? Code-samples would be much appreciated. I have neither a Citrix test server or an ISA server at my disposal to carry out testing on this so I am currently trying to identify possible causes before I make the case for investment in a more robust testing environment. Thanks for any help!

Read the article
CSRF protecting and cross site form access

- by fl00r

Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

Read the article
Is it possible to have windows integrated and forms auth on the same web app (same url) ?

- by Petar Repac

Basically I want to build a web app that will try windows authentication and if authentication fails then will provide the user with a login form ? I do not want to have different web apps for different authentication modes. Is this possible ? Did I missed some points about this ?

Read the article
DTaskManager Runtime '5' error?

- by pcmantinker

I really enjoy using DTaskManager as an alternative to Windows TaskManager, but recently I've been getting Runtime Error '5' messages. It looks like DTaskManager was programmed in Visual Basic 6, but it is quite powerful. I'm running Windows 7 Enterprise x64 so I suspect that the error might be coming from a Visual Basic runtime problem. I'm not sure which registry keys to edit to fix the Runtime Error '5' message.

Read the article
rumtime error 424 on comm port

- by Neha Hafeez

I am trying to rectify this problem which i am facing on Visual Basic 6.0. my devices connected on Comm port are not detected simultaneously on visual Basic. Erroor msg displayed on this line of code: MSComm5.PortOpen = True HELP

Read the article
How can I password prompt certain IPs and allow all others free access using Apache?

- by Moak

SOLVED: The idea is that if the visitor comes from China they have to pass a basic authentication. If you have any other IP address you can visit the site without being hassled (including proxies) //1400 rules.... SetEnvIf Remote_Addr 222.249.128.0/19 china SetEnvIf Remote_Addr 222.249.160.0/20 china SetEnvIf Remote_Addr 222.249.176.0/20 china AuthType Basic AuthName "Restricted" AuthUserFile /www/passwd/users Require valid-user Order allow,deny Allow from All Deny from env=china Satisfy any

Read the article
Jetty - 401 Unauthorized when using basic authentication

- by JP.

I am running SOLR on jetty in Ubuntu (a bitnami VM, if that helps) and am trying to lock down access to both the admin pages and the update/delete/etc. pages using basic authentication. When I attempt to connect to the admin console via a web browser I am prompted for a user name and password, but the username and password I use simply does not work. For test purposes I am using foo:bar as the credentials, but I receive a '401 Unauthorized' response. I see the following in my request log. 127.0.0.1 - - [10/Nov/2013:05:35:46 +0000] "GET /solr/ HTTP/1.1" 401 1376 Am I doing something wrong and/or is there anything obviously incorrect with the below configuration? Any help is greatly appreciated. Jetty.xml <Call name="addBean"> <Arg> <New class="org.eclipse.jetty.security.HashLoginService"> <Set name="name">solr</Set> <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set> <Set name="refreshInterval">5</Set> </New> </Arg> </Call> /etc/realm.properties foo: bar, solr_admin webdefault.xml <security-constraint> <web-resource-collection> <url-pattern>/</url-pattern> </web-resource-collection> <auth-constraint> <role-name>solr_admin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>solr</realm-name> </login-config>

Read the article
Use Apache authentication + authorization to control access to Subversion subdirectories

- by Stefan Lasiewski

I have a single SVN repo at /var/svn/ with a few subdirectories. Staff must be able to access the top-level directory and all subdirectories within it, but I want to restrict access to subdirectories using alternate htpasswd files. This works for our Staff. <Location /> DAV svn SVNParentPath /var/svn AuthType Basic AuthBasicProvider ldap # mod_authnz_ldap AuthzLDAPAuthoritative off AuthLDAPURL "ldap.example.org:636/ou=people,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org?uid?sub?(objectClass=PosixAccount)" AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off Require ldap-group cn=staff,ou=PosixGroup,ou=Unit,ou=Host,o=ldapsvc,dc=example,dc=org </Location> Now, I am trying to restrict access to a subdirectory with a separate htpasswd file, like this: <Location /customerA> DAV svn SVNParentPath /var/svn # mod_authn_file AuthType Basic AuthBasicProvider file AuthUserFile /usr/local/etc/apache22/htpasswd.customerA Require user customerA </Location> I can use Firefox and curl to browse to this folder fine: curl https://svn.example.org/customerA/ --user customerA:password But I cannot use check out this SVN repository: $ svn co https://svn.example.org/customerA/ svn: Repository moved permanently to 'https://svn.example.org/customerA/'; please relocate And on the server logs, I get this strange error: # httpd-access.log 192.168.19.13 - - [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 401 401 192.168.19.13 - customerA [03/May/2010:16:40:00 -0700] "OPTIONS /customerA HTTP/1.1" 301 244 # httpd-error.log [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Could not fetch resource information. [301, #0] [Mon May 03 16:40:00 2010] [error] [client 192.168.19.13] Requests for a collection must have a trailing slash on the URI. [301, #0] My question: Can I restrict access to Subversion subdirectories using Apache access controls? DocumentRoot is commented out, so it's not clear that the FAQ at http://subversion.apache.org/faq.html#http-301-error applies.

Read the article
Spring 3 Security Authentication Success Handler

- by Eqbal

I am using form-login for security and I am trying to implement an authentication success handler, but I am not sure how to go back to the resource that was initially requested before the login process. By default I think it implements a SimpleUrlAuthenticationSuccessHandler and I tried to mirror that class implementation. But it sets a setDefaultTargetUrl(defaultTargetUrl) and perhaps thats where the magic happens that it remembers the resource to go back to after the login process. Any help is greatly appreciated. Below is my spring security <form-login/> element <form-login login-page="/login.jsp" login-processing-url="/b2broe_login" authentication-success-handler-ref="passwordExpiredHandler" authentication-failure-url="/login.jsp?loginfailed=true" />

Read the article
How to call windows authentication programmatically in sharepoint?

- by HamdiKavak

Hi guys, Here is my scenario. When anonymous user visits site collection's default site, custom login form panel is shown. This form is a webUserControl(.ascx file) that is embeded into page as webpart. Then user enters username and password. When submit button has been clicked, authentication will be handled by code behind of custom login form panel. Here is my question. How can I call SharePoint's authentication method with the username and password that is entered by user. Simply, I want users to login through my custom login form panel because default windows authentication window is looking really bad.

Read the article
Hostgator SSH returns Too many authentication failures for username

- by Tri Nguyen

I was trying to ssh into my Hostgator shared hosting account following this guide: http://support.hostgator.com/articles/getting-started/how-do-i-get-and-use-ssh-access However, it returns this error: Received disconnect from 96.125.167.124: 2: Too many authentication failures for tridn I tried to search around for a solution, and found this: http://www.ipreferjim.com/2011/07/hostgator-ssh-warns-too-many-authentication-failures/ I tried doing what he suggested, but encountered another error: jailshell: .ssh/authorized_keys: No such file or directory So I ssh into my server using the PubkeyAuthentication=n flag, and create a directory called .ssh and a file called authorized_keys. I then redid what was suggested in the article, which is this: cat ~/.ssh/hostgator.pub | ssh -p 2222 -o PubkeyAuthentication=no [email protected] 'cat >> .ssh/authorized_keys' (note: my ssh key is called hostgator.pub. it's dsa I verified that the authorized_keys now has the content of this key. However, it still get the same error as before: eceived disconnect from 96.125.167.124: 2: Too many authentication failures for tridn Anybody knows how I should proceed next?

Read the article
Use gmail domain account with IMAP authentication with SAML authentication not working...

- by mscd000

I have a python script that interfaces gmail accounts and allows searches, etc. This works on normal emails (ending on @gmail.com) but not on domain accounts. In this case authentication is done via SAML, and IMAP is enabled on the gmail domain account... The instructions from google on how to configure IMAP only seem to work for @gmail.com accounts... I've tried authentication to IMAP using user, user@admin and using host: imap.gmail.com as well as my domain's email and authentication is not working.... is there a specific 'host' from gmail for domain accounts? other way to get imap on gmail domain accounts? Thanks, Rodolfo

Read the article

< Previous Page | 47 48 49 50 51 52 53 54 55 56 57 58 | Next Page >