Search Results

Search found 62215 results on 2489 pages for 'http basic authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 56/2489 | < Previous Page | 52 53 54 55 56 57 58 59 60 61 62 63  | Next Page >

  • Custom HTTP headers UIWebview

    - by kjeldGr
    I'm developing an application for iOS in Xcode 4.5 but I have a problem with a UIWebView. I want to set a header(BASE64 code) to skip a login part. When I try this, using the NPWebView project the webview always fails with an error which looks like this: Error Domain=NSURLErrorDomain Code=-999 "The operation couldn’t be completed. (NSURLErrorDomain error -999.)" UserInfo=0x6ace650 {NSErrorFailingURLKey="MY URL", NSErrorFailingURLStringKey="MY URL"} I hope someone can help me!

    Read the article

  • More HTTP verbs with AS3?

    - by tedw4rd
    I'm developing a social game in Flash with a team of developers. Our server-side guy has developed a really slick RESTful API for the Flash client to talk to. A lot of the client-server interactions involve adding and removing objects from a persistent world, so the API makes extensive use of the PUT and DELETE verbs. The problem is, the URLRequest object in AS3 only supports the GET and POST verbs. We're on a strict schedule, and we'd really rather not have to rewrite the whole API to just use GET and POST. Has anyone come up with a good way to get Flash to send other verbs?

    Read the article

  • Most efficient method of generating PNG as HTTP response

    - by awj
    I've built an ASP.NET page whose output stream is a dynamically-generated PNG image containing only text on a transparent background. The text is based upon database IDs contained in the querystring. There will be a limited number of variations. Which one of the following would be the most efficient means of returning the image to the client? Store each variation upon the first generation, and thenceforth retrieve this from the drive. Simply generate the image each time. Cache the output response based upon the querystring.

    Read the article

  • How to restrict http access to video files?

    - by Tharases
    I want to only let "right" people watch those videos. In other words, only registered users that are allowed (by other users, ie, friends) should see videos. I have a hard retriction for cpu usage in my shared environment, so I can use things like php's readfile.

    Read the article

  • Interrupted Upgrade from 11.10 to 12.04

    - by Tamil
    My upgrade using alternative iso from 11.10 to 12.04 got interrupted and I had to hard restart my machine. Now I feel that everything is recovered except my already installed packages like vim. How do I backup my home folder for fresh installation of ubuntu? Following are the errors I'm facing I couldn't mark any package for re-installation in synaptic or remove and install too. output of sudo apt-get install vim Building dependency tree Reading state information... Done Package vim is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'vim' has no installation candidate If I try installing it from synaptic I get apache2.2-common: Package apache2.2-common has no available version, but exists in the database. This typically means that the package was mentioned in a dependency and never uploaded, has been obsoleted or is not available with the contents of sources.list my sources.list file # added by the release upgrader # deb cdrom:[Ubuntu 12.04.1 LTS _Precise Pangolin_ - Release amd64 (20120822.4)]/ precise main restricted # added by the release upgrader # # deb cdrom:[Ubuntu 12.04.1 LTS _Precise Pangolin_ - Release amd64 (20120822.4)]/ precise main restricted # deb cdrom:[Ubuntu 11.04 _Natty Narwhal_ - Release amd64 (20110427.1)]/ natty main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://archive.ubuntu.com/ubuntu precise main restricted deb-src http://archive.ubuntu.com/ubuntu precise main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://archive.ubuntu.com/ubuntu precise-updates main restricted deb-src http://archive.ubuntu.com/ubuntu precise-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://archive.ubuntu.com/ubuntu precise universe deb-src http://archive.ubuntu.com/ubuntu precise universe deb http://archive.ubuntu.com/ubuntu precise-updates universe deb-src http://archive.ubuntu.com/ubuntu precise-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://archive.ubuntu.com/ubuntu precise multiverse deb-src http://archive.ubuntu.com/ubuntu precise multiverse deb http://archive.ubuntu.com/ubuntu precise-updates multiverse deb-src http://archive.ubuntu.com/ubuntu precise-updates multiverse ## Uncomment the following two lines to add software from the 'backports' ## repository. ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. # deb http://us.archive.ubuntu.com/ubuntu/ natty-backports main restricted universe multiverse # deb-src http://us.archive.ubuntu.com/ubuntu/ natty-backports main restricted universe multiverse deb http://archive.ubuntu.com/ubuntu precise-security main restricted deb-src http://archive.ubuntu.com/ubuntu precise-security main restricted deb http://archive.ubuntu.com/ubuntu precise-security universe deb-src http://archive.ubuntu.com/ubuntu precise-security universe deb http://archive.ubuntu.com/ubuntu precise-security multiverse deb-src http://archive.ubuntu.com/ubuntu precise-security multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. deb http://archive.canonical.com/ubuntu precise partner # deb-src http://archive.canonical.com/ubuntu natty partner ## This software is not part of Ubuntu, but is offered by third-party ## developers who want to ship their latest software. deb http://extras.ubuntu.com/ubuntu precise main deb-src http://extras.ubuntu.com/ubuntu precise main # deb http://tamil.3758_gmail.com:[email protected]/free unstable main # disabled on upgrade to oneiric # deb http://debian.datastax.com/natty oneiric main # disabled on upgrade to oneiric sudo apt-get update Err http://archive.ubuntu.com precise InRelease Err http://archive.canonical.com precise InRelease Err http://archive.ubuntu.com precise-updates InRelease Err http://archive.ubuntu.com precise-security InRelease Err http://extras.ubuntu.com precise InRelease Err http://archive.canonical.com precise Release.gpg Unable to connect to 172.16.140.249:3142: Err http://archive.ubuntu.com precise Release.gpg Unable to connect to 172.16.140.249:3142: Err http://archive.ubuntu.com precise-updates Release.gpg Unable to connect to 172.16.140.249:3142: Err http://extras.ubuntu.com precise Release.gpg Unable to connect to 172.16.140.249:3142: Err http://archive.ubuntu.com precise-security Release.gpg Unable to connect to 172.16.140.249:3142: W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/precise/InRelease

    Read the article

  • How can I disable Kerberos authentication for only the root of my site?

    - by petRUShka
    I have Kerberos-based authentication and I want to disable it on only root url: http://mysite.com/. And I want it to continue to work fine on any other page like http://mysite.com/page1. I have such things in my .htaccess: AuthType Kerberos AuthName "Domain login" KrbAuthRealms DOMAIN.COM KrbMethodK5Passwd on Krb5KeyTab /etc/httpd/httpd.keytab require valid-user I want to turn it off only for root URL. As workaround it is possible to turn off using .htaccess in virtual host config. Unfortunately I don't know how to do it. Part of my vhost.conf: <Directory /home/user/www/current/public/> Options -MultiViews +FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> UPD. I'm using Apache/2.2.3 (Linux/SUSE) I tried to use such version of .htaccess: SetEnvIf Request_URI ^/$ rootdir=1 Allow from env=rootdir Satisfy Any AuthType Kerberos AuthName "Domain login" KrbAuthRealms DOMAIN.COM KrbMethodK5Passwd on Krb5KeyTab /etc/httpd/httpd.keytab require valid-user Unfortunately such config turn Kerberos AuthType for all URLs. I tried to place first 3 lines SetEnvIf Request_URI ^/$ rootdir=1 Allow from env=rootdir Satisfy Any after main block, but it didn't help me.

    Read the article

  • How to use basic auth for single file in otherwise forbidden Apache directory?

    - by mit
    I want to allow access to a single file in a directory that is otherwise forbidden. This did not work: <VirtualHost 10.10.10.10:80> ServerName example.com DocumentRoot /var/www/html <Directory /var/www/html> Options FollowSymLinks AllowOverride None order allow,deny allow from all </Directory> # disallow the admin directory: <Directory /var/www/html/admin> order allow,deny deny from all </Directory> # but allow this single file:: <Files /var/www/html/admin/allowed.php> AuthType basic AuthName "private area" AuthUserFile /home/webroot/.htusers Require user admin1 </Files> ... </VirtualHost> When I visit http://example.com/admin/allowed.php I get the Forbidden message of the http://example.com/admin/ directory. How can I make an exception for allowed.php? If not possible, maybe I could enumerate all forbidden files in another Files directive? Let's say admin/ contains also user.php and admin.php which should be forbidden in this virtual host.

    Read the article

  • How do I add a header to a VB.NET 2008 SOAP request? [migrated]

    - by robokev
    I have a VB.NET 2008 program that accesses a Siebel web service defined by a WSDL and using the SOAP protocol. The Siebel web service requires that a header containing the username, password and session type be included with the service request, but the header is not defined in the WSDL. So, when I test the WSDL using the soapUI utility, the request as defined by the WSDL looks like this: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:lov="http://www.siebel.com/xml/LOVService" xmlns:lis="http://www.siebel.com/xml/ListQuery"> <soapenv:Header/> <soapenv:Body> <lov:EAILOVGetListOfValues_Input> <lis:ListsQuery> <lis:ListQuery> <lis:Active>Y</lis:Active> <lis:LanguageCode>ENU</lis:LanguageCode> <lis:Type>CUT_ACCOUNT_TYPE</lis:Type> </lis:ListQuery> </lis:ListsQuery> </lov:EAILOVGetListOfValues_Input> </soapenv:Body> </soapenv:Envelope> But the above does not work because it contains an empty header that is missing user and session credentials. It only works if I manually replace <soapenv:Header/> with a header containing the username, password, and session type as follows: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:lov="http://www.siebel.com/xml/LOVService" xmlns:lis="http://www.siebel.com/xml/ListQuery"> <soapenv:Header> <UsernameToken xmlns="http://siebel.com/webservices">TESTUSER</UsernameToken> <PasswordText xmlns="http://siebel.com/webservices">TESTPASSWORD</PasswordText> <SessionType xmlns="http://siebel.com/webservices">None</SessionType> </soapenv:Header> <soapenv:Body> <lov:EAILOVGetListOfValues_Input> <lis:ListsQuery> <lis:ListQuery> <lis:Active>Y</lis:Active> <lis:LanguageCode>ENU</lis:LanguageCode> <lis:Type>CUT_ACCOUNT_TYPE</lis:Type> </lis:ListQuery> </lis:ListsQuery> </lov:EAILOVGetListOfValues_Input> </soapenv:Body> </soapenv:Envelope> My problem is that I cannot sort out how to translate the above into VB.NET 2008 code. I have no problem importing the WSDL into Visual Studio 2008, defining the service in VB code and referencing the web service methods. However, I cannot sort out how to define the web service in VB such that the updated header in included in the web service request instead of the empty header. Consequently all my service requests from VB fail. I can define a class that inherits from the SoapHeader class... Public Class MySoapHeader : Inherits System.Web.Services.Protocols.SoapHeader Public Username As String Public Password As String Public SessionType As String End Class ...but how do I include this header in the SOAP request made from VB?

    Read the article

  • How to generate the right password format for Apache2 authentication in use with DBD and MySQL 5.1?

    - by Walkman
    I want to authenticate users for a folder from a MySQL 5.1 database with AuthType Basic. The passwords are stored in plain text (they are not really passwords, so doesn't matter). The password format for apache however only allows for SHA1, MD5 on Linux systems as described here. How could I generate the right format with an SQL query ? Seems like apache format is a binary format with a lenght of 20, but the mysql SHA1 function return 40 long. My SQL query is something like this: SELECT CONCAT('{SHA}', BASE64_ENCODE(SHA1(access_key))) FROM user_access_keys INNER JOIN users ON user_access_keys.user_id = users.id WHERE name = %s where base64_encode is a stored function (Mysql 5.1 doesn't have TO_BASE64 yet). This query returns a 61 byte BLOB which is not the same format that apache uses. How could I generate the same format ? You can suggest other method for this too. The point is that I want to authenticate users from a MySQL5.1 database using plain text as password.

    Read the article

  • Apache HTTP Server+Tomcat: Which file generates mod_jk.conf, how to modify generated stuff, and how does httpd reach it?

    - by Sk8erPeter
    I'm using XAMPP with Apache HTTP Server and Tomcat Add-On installed. There's a default mod_jk.conf which is generated by Tomcat when starting it. But which file generates this mod_jk.conf file? How can I modify default values? By default, it looks like this: pastebin - mod_jk.conf. How does Apache HTTP Server reach this file? I can't see any reference to this file when looking into httpd.conf. When I put a VirtualHost in my httpd.conf file, and I put the line JkMount /* ajp13 into it, Apache HTTP Server service can't start (causes a 7024 event id error in Event Viewer (with error code 1, but nothing specific), but puts no error messages into error.log. The VirtualHost looks like this: pastebin - VirtualHost + JkMount. This way Apache HTTP Server can not start. If I comment out the line JkMount /* ajp13, it starts without a problem. BUT if I put the following line, which is the same as in mod_jk.conf, before the mentioned VirtualHost again, the service can start! <IfModule !mod_jk.c LoadModule jk_module "C:/xampp/tomcat/xampp/apache/modules/mod_jk.so" </IfModule Why do I have to put this line in again? Why does that happen, that the http://localhost/example does work, so this query is redirected to AJP13, but I have to put the LoadModule line in again in another file? EDIT: I don't have a clue why, I surely modified something, but now /example doesn't work either... And the config above gives a 500 Internal Server Error... :S Thanks!

    Read the article

  • Can I get my http back in the address bar in Firefox?

    - by Abel
    Since Firefox 7 (or 6?) they silently removed "http" from the address bar. Previously, when you clicked it, "http" showed up again, allowing to easily just change http into https. So far, I found two ways to get it back, but isn't there a setting I can use to have it permanently in vision again, or at least when I click it? Way 1: copy selection and paste it again Way 2: type the whole scheme again in front of the address ...

    Read the article

  • SOA Suite Integration: Part 2: A basic BPEL process

    - by Anthony Shorten
    This is the next in the series about SOA Suite integration with Oracle Utilities Application Framework. One of the first scenarios I am going to illustrate in this series is building a basic BPEL process using Web Service calls to the Oracle Utilities Application Framework. The scenario is this. I will pass in the userid and the BPEL process will call our the AS-User Web Service we created in Part 1. This is just a basic test and illustrate how to import the Web Service into SOA Suite. To use this scenario, you will need access to Oracle SOA Suite, access to a copy of any Oracle Utilities Application Framework based product and Oracle JDeveloper (to build the process). First of all you need to start Oracle JDeveloper and create a new SOA Project to house the BPEL process in. For the purposes of this example I will call the project simpleBPEL and verify that SOA is part of the project. I will select "Composite with BPEL" to denote it as a BPEL process. I can also the same process to create a Mediator or OSB project (refer to the JDeveloper documentation on these technologies). For this example I will use BPEL 1.1 as my specification standard (BPEL 2.0 can also be used if desired). I give the individual BPEL process as simpleBPEL (you can use a different name but I wanted to keep the project and process the same for this example). I will also build a Synchronous BPEL Process as I want a response from the Web Service. I will leave the defaults to save time. I have no have a blank canvas to build my BPEL process against. Note: for simplicity I am going to use as much defaulting as possible. In fact I am not going to specify an input schema for the incoming call as I will use the basic single field used by BPEL as default. The first step is to import the AS-User Web Service into my BPEL project. To do this I use the standard Web Service BPEL component from the Component Palette to import the WSDL into the BPEL project. Now the tricky part (a joke), you drag and drop the component from the Palette onto the right side of the canvas in the Partner Links swim lane. This swim lane is reserved for Partner Links that have a Partner Role (i.e. being called rather than calling). When you drop the Web Service onto the canvas the Create Web Service wizard is invoked to ask for details of the Web Service. At this point you give the BPEL node a name. I have used the name RetrieveUser as a name. I placed the WSDL URL from the XAI Inbound Service screen in the WSDL URL. Once you specify the URL you can press the Find existing WSDL's button to load the information into BPEL from the call. You will notice the Port Type is prefilled with the port from the WSDL. I also suggest that you check copy wsdl and it's dependent artifacts into the project if you intending to work on the BPEL process offline. If you do not check this your target application must be accessible when you work on the BPEL process (that is not always convenient). Note: For the perceptive of you will notice that the URL specified in this example is different to the URL in the last post. The reason is for the demonstrations I shifted to a new server and did not redo all of the past screen captures. If you copy the WSDL into the project you will get an information screen about Localize Files. It is just a confirmation screen. The last confirmation screen is a summary of the partner link (the main tab is locked for editing at this stage). At this stage you have successfully imported the Web Service. To complete the setup of the Web Service you need to set the credentials for the Web Service to use. Refer to the past post on how to do that. Now to use the Web Service. To call the Web Service (as it is just imported not connected to the BPEL process yet), you must add an Invoke action to your BPEL Process. To do this, select Invoke action from the BPEL Constructs zone on the Component Palette and drop it on the edit nodes between the receiveInput and replyOutput nodes This will create an empty Invoke action. You will notice some connectors on the Invoke node. Grab the node closest to your Web Service and drag it to connect the Invoke to your Web Service. This instructs BPEL to use the Invoke to call the Web Service. Once the Invoke action is connected to the Web Service an Edit Invoke edit dialog is displayed. At this point I suggest you name the Invoke node. It is important to name the nodes straightaway and name them appropriately for you to trace the logic. I used InvokeUser as the name in this example. To complete the node configuration you must create Variables to hold the input and output for the call. To do this clock on Automatically Create Input Variable on the Edit Invoke dialog. You will be presented with a default variable name. It uses the node name (that is why it is important to name the node before hitting this button) as a prefix. You can name the variable anything but I usually take the default. Repeat the same for the output variable. You now have a completed node for invoking the service. You have a very basic BPEL process which contains an input, invoke and output node. It is not complete yet though. You need to tell the BPEL process how to pass data from the input to the invoke step and how to take the output from the service call and pass it back to the service. You need to now add an Assign node to assign the input to the Web Service. To do this select Assign activity from BPEL Constructs zone in the Component Palette. Drag and drop the Assign activity between the receiveInput and InvokeUser nodes as you want to pass data between these two nodes. You have now added a new Assign node to your BPEL process Double clicking the node allows you to specify the name of the node. I use AssignUser to describe that I am assigning user data. On the Copy Rules tab you can specify the mapping between the input variable InputVariable/payload/process/input string and the input variable for the Web Service call. We are passing data from the input to BPEL to the relevant input variable on the Web Service. This is simply drag and drop between the two data structures. In the example, I am using the input to pass to the user element in my Web Service as the user is the primary key for the object. The fields become linked (which means data from source will be copied to target). Almost there. You now need to process the output from the Web Service call to the outputVariable of the client call. I have decided to pass back one piece of data, the name associated with the user by concatenating the firstName and lastName elements from the Web Service call. To do this I will use a Transform as it is not just a matter of an Assign action. It is a concatenation operation. This also illustrates how you can use BPEL functionality to transform data from a Web Service call. As with the other components you drag and drop the Transform component to the appropriate place in the BPEL process. In this case we want to transform the output from the Web Service call so we want it after the InvokeUser action and the replyOutput action. The Transform component is actually part of the Oracle Extensions to the BPEL specification. Double clicking the Transform node will allow you to name the node.  In this example I used TransformName. To complete the transform I need to tell the product the source of the transformation and the target of the transform. In the example this is the InvokeUser output variable. I also named the mapper file to TransformName. By clicking the + or pencil icon next to the map I can create the map. The mapping screen is shows the source and target schemas for me to map across. As with the assign I can map the relevant elements. In my example, I first map the firstName from the Web Service to the result element. As I want to concatenate the names, I drop the concat function on the call line. I now attach the last name to the function to indicate the concatenation of the field. By default the names will be concatenated with no space. To make the name legible I add a space between the field by clicking the function and adding a space in the call. I now have a completed mapping. I can now save the whole project as my BPEL process is now complete. As you can see the following happens: We accept input from the client (the userid for the call) in the receiveInput step. We assign that value to the input parameters for the Web Service call in the AssignUser step. We invoke the Web Service call to retrieve the data from the product in the InvokeUser step. We take the output from the InvokeUser step and concatenate the names in the TransformName step. We pass back the data in the replyOutput step. At this point we can deploy the BPEL process to the SOA Suite server. I will not cover this aspect as it really all SOA Suite specific (it is all done via Oracle JDeveloper). Now we need to test the service in SOA Suite. We will use the Fusion Middleware Control test facility. I will assume that credentials have also been setup as per our previous post (else you will get a 401 error). You navigate to the deployed BPEL process within Fusion Middleware Control and select the Test Service option. Specify some test data on the payload at the bottom of the Test Service screen. In my case I am returning my own userid information. On the response tab you will see the result. It works. You can verify the steps using the Audit trace facility on individual calls. As you can see this is a basic BPEL but you get the idea of importing the Web Service is pretty straightforward. You can create more sophisticated BPEL processes using the full facilities in Oracle SOA Suite. I just showed you the basic principals.

    Read the article

  • Using JavaScript for basic HTML layout

    - by Slobaum
    I've been doing HTML layout as well as programming for many years and I'm seeing a growing issue recently. Folks who primarily do HTML layout are becoming increasingly more comfortable using JavaScript to solve basic page layout problems. Rather than consider what HTML is capable of doing (to hit their target browsers), they're slapping on bloated JS frameworks that "fix" fairly basic problems. Let's get this out of the way right here: I find this practice annoying and often inconsiderate of those with special accessibility needs. Unfortunately, when you try to tell these folks that what they're doing isn't semantic, ideal, or possibly even a good idea, they always counter with the same old arguments: "JavaScript has a market saturation of 98%, we don't care about the other 2%." or "Who doesn't have JavaScript enabled these days?" or simply "We don't care about those users." I find that remarkably short-sighted. I would really like the opinion of the community at large. What do you think, am I holding too fast to a dying ideal? I am willing to accept that, but would like to be given good arguments as to why I should disregard 2%+ of my user base (among others). Is JavaScript's prevalence a good excuse to use a programmatic language to do basic layout, thus mucking up your behavior and layout? jQuery and similar "behavior" based frameworks are blurring the lines, especially for those who don't realize the difference. Honestly (and probably most importantly), I would like some "argument ammo" to use against these folks when the "it's the right way to do it" argument is unacceptable. Can you cite sources outlining your stance, please? Thanks everybody, please be civil :)

    Read the article

  • Google is re-indexing pages after redirecting URLs from HTTP to HTTPS incorrectly

    - by SLIM
    I upgraded my site so that all pages have gone from using HTTP to HTTPS. I didn't consider that Google treats HTTPS pages differently than HTTP. I recreated my sitemap to so that all links now reflect the new HTTPS URLs and let it be for a few days. (Whoops!) Google is now re-indexing all the HTTPS pages. I have about 19k pages on the site, and Google has already indexed about 8k of the new HTTPS pages. The problem is that Google sees all of these as brand new pages when many of them have a long HTTP history. Of course most of you will recognize the problem, I didn't set up a 301 from the old HTTP to the new HTTPS URLs. Is it too late to do this? Should I switch my sitemap back to HTTP URLs and then 301 redirect to the new HTTPS URls? Or should I leave the sitemap as is, and setup 301 redirects anyway... I'm not even sure if Google is trying to reach the HTTP site anymore. Currently the site is doing 303 redirects (from HTTP to HTTPS), although I haven't figured out why yet.

    Read the article

  • Cookie access within a HTTP Class

    - by James Jeffery
    I have a HTTP class that has a Get, and Post, method. It's a simple class I created to encapsulate Post and Get requests so I don't have to repeat the get/post code throughout the application. In C#: class HTTP { private CookieContainer cookieJar; private String userAgent = "..."; public HTTP() { this.cookieJar = new CookieContainer(); } public String get(String url) { // Make get request. Return the JSON } public String post(String url, String postData) { // Make post request. Return the JSON } } I've made the CookieJar a property because I want to preserve the cookie values throughout the session. If the user is logged into Twitter with my application, each request I make (be it get or post) I want to use the cookies so they remain logged in. That's the basics of it anyway. But, I don't want to return a string in all instances. Sometimes I may want the cookie, or a header value, or something else from the request. Ideally I'd like to be able to do this in my code: Cookie cookie = http.get("http://google.com").cookie("g_user"); String g_user = cookie.value; or String source = http.get("http://google.com").body; My question - To do this, would I need to have a Get class, and a Post class, that are included within the HTTP class and are accessible via accessors? Within the Get and Post class I would then have the Cookie method, and the body property, and whatever else is needed. Should I also use an interface, or create a Request class and have Post and Get extend it so that common methods and properties are available to both classes? Or, am I thinking totally wrong?

    Read the article

  • ASP.Net Authentication with MVC2--how to integrate with DB?

    - by alchemical
    I'm trying to understand the authentication section sample project that opens in a new MVC2 project in VS2010. It essentially lets you register, login, etc. I looked through the code that implements this briefly, it looked fairly complicated. (10 tables, 40 sprocs, 10 views, 4 models, 1 model, 1 controller, etc.) Is it best to utilize this provided framework for authentication? If so, how would I integrate this with my own database models (which has user and role tables, etc.). Also, if I use their framework, are there any performance issues at higher traffic volumes (like SO for example), do I need to become responsible for maintaining the authentication DB as well in this case?

    Read the article

  • applet does not load

    - by jcp
    We have a legacy program that was ported from Java 1.3 to Java 1.5. This application involves applets which worked fine before. After porting however, the applet would not load. However there are no errors or exceptions. The app would just try to load it forever. We tried to run it with Java 1.6 and poof! No problems whatsoever. Isn't Java 6 backwards compatible? So how come it would run in that version and not in 1.5? ==== Java Console log for Java 1.5.0_19 basic: Registered modality listener basic: Registered modality listener basic: Registered modality listener liveconnect: Invoking JS method: document liveconnect: Invoking JS method: document liveconnect: Invoking JS method: document liveconnect: Invoking JS method: URL liveconnect: Invoking JS method: URL liveconnect: Invoking JS method: URL basic: Referencing classloader: sun.plugin.ClassLoaderInfo@bb7759, refcount=1 basic: Referencing classloader: sun.plugin.ClassLoaderInfo@bb7759, refcount=2 basic: Referencing classloader: sun.plugin.ClassLoaderInfo@bb7759, refcount=3 basic: Added progress listener: sun.plugin.util.GrayBoxPainter@b0bad7 basic: Loading applet ... basic: Initializing applet ... basic: Starting applet ... basic: Added progress listener: sun.plugin.util.GrayBoxPainter@ba9340 basic: Added progress listener: sun.plugin.util.GrayBoxPainter@1198891 basic: Loading applet ... basic: Initializing applet ... basic: Starting applet ... basic: Loading applet ... basic: Initializing applet ... basic: Starting applet ... basic: Referencing classloader: sun.plugin.ClassLoaderInfo@bb7759, refcount=4 basic: Releasing classloader: sun.plugin.ClassLoaderInfo@bb7759, refcount=3 basic: Referencing classloader: sun.plugin.ClassLoaderInfo@bb7759, refcount=4 basic: Releasing classloader: sun.plugin.ClassLoaderInfo@bb7759, refcount=3 basic: Referencing classloader: sun.plugin.ClassLoaderInfo@bb7759, refcount=4 basic: Releasing classloader: sun.plugin.ClassLoaderInfo@bb7759, refcount=3 network: Connecting <something>.jar with proxy=HTTP @ proxy/<ip address> basic: Loading <something>.jar from cache basic: No certificate info, this is unsigned JAR file. Left START init() Left END init() Right START init() Control start() Waiting for Left Panel to load... Right START start() network: Connecting socket://<ip address>:14444 with proxy=DIRECT Control start() Waiting for Left Panel to load... Control start() Waiting for Left Panel to load... Control start() Waiting for Left Panel to load... my HostName : <ip address> Thread-19 Check : Thread-19 Check : Monitor : run : start Thread-20 Monitor : Monitor: run() start Control start() Waiting for Left Panel to load... Control start() Waiting for Left Panel to load... Control start() Waiting for Left Panel to load... Control start() Waiting for Left Panel to load... Control start() Waiting for Left Panel to load... Control start() Waiting for Left Panel to load... the last message goes on forever... and now with the working version: ==== Java Console log for Java 1.6.0_15 basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1b000e7 basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@12611a7 basic: Added progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@1807ca8 network: CleanupThread used 6 us network: CleanupThread used 5 us network: CleanupThread used 6 us cache: Skip blacklist check as cached value is ok. network: Cache entry found [url: <something>.jar, version: null] network: Connecting <something>.jar with proxy=HTTP @ proxy/<ip address> network: ResponseCode for <something>.jar : 304 network: Encoding for <something>.jar : null network: Disconnect connection to <something>.jar Reading certificates from 11 <something>.jar | <something>.idx network: No certificate info for unsigned JAR file: <something>.jar basic: Applet loaded. basic: Applet loaded. basic: Applet resized and added to parent container basic: Applet resized and added to parent container basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 330275 us, pluginInit dt 27768955 us, TotalTime: 28099230 us Right START init() basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 330275 us, pluginInit dt 27770563 us, TotalTime: 28100838 us Left START init() basic: Applet loaded. basic: Applet resized and added to parent container basic: PERF: AppletExecutionRunnable - applet.init() BEGIN ; jvmLaunch dt 330275 us, pluginInit dt 27779332 us, TotalTime: 28109607 us Left END init() basic: Applet initialized basic: Removed progress listener: sun.plugin.util.GrayBoxPainter$GrayBoxProgressListener@12611a7 basic: Applet made visible And that's it. Still haven't figured out why it works with java6 and not java5. @valli: the object tag was used, not applet @thorbjorn: i tried that already... it just keeps saying loading applet... @aaron: how can i know what exception it is, if there really is one? and yes we have considered that its a java bug but i still havent found what that bug is. i have to submit a report tomorrow and i've scoured the net but came up with nothing as of yet... @all: thank you for your replies

    Read the article

  • What headers do I want to send together with a 304 response?

    - by Willem
    When I send a 304 response. How will the browser interpret other headers which I send together with the 304? E.g. header("HTTP/1.1 304 Not Modified"); header("Expires: " . gmdate("D, d M Y H:i:s", time() + $offset) . " GMT"); Will this make sure the browser will not send another conditional GET request (nor any request) until $offset time has "run out"? Also, what about other headers? Should I send headers like this together with the 304: header('Content-Type: text/html'); Do I have to send: header("Last-Modified:" . $modified); header('Etag: ' . $etag); To make sure the browser sends a conditional GET request the next time the $offset has "run out" or does it simply save the old Last Modified and Etag values? Are there other things I should be aware about when sending a 304 response header?

    Read the article

  • Using MAC Authentication for simple Web API’s consumption

    - by cibrax
    For simple scenarios of Web API consumption where identity delegation is not required, traditional http authentication schemas such as basic, certificates or digest are the most used nowadays. All these schemas rely on sending the caller credentials or some representation of it in every request message as part of the Authorization header, so they are prone to suffer phishing attacks if they are not correctly secured at transport level with https. In addition, most client applications typically authenticate two different things, the caller application and the user consuming the API on behalf of that application. For most cases, the schema is simplified by using a single set of username and password for authenticating both, making necessary to store those credentials temporally somewhere in memory. The true is that you can use two different identities, one for the user running the application, which you might authenticate just once during the first call when the application is initialized, and another identity for the application itself that you use on every call. Some cloud vendors like Windows Azure or Amazon Web Services have adopted an schema to authenticate the caller application based on a Message Authentication Code (MAC) generated with a symmetric algorithm using a key known by the two parties, the caller and the Web API. The caller must include a MAC as part of the Authorization header created from different pieces of information in the request message such as the address, the host, and some other headers. The Web API can authenticate the caller by using the key associated to it and validating the attached MAC in the request message. In that way, no credentials are sent as part of the request message, so there is no way an attacker to intercept the message and get access to those credentials. Anyways, this schema also suffers from some deficiencies that can generate attacks. For example, brute force can be still used to infer the key used for generating the MAC, and impersonate the original caller. This can be mitigated by renewing keys in a relative short period of time. This schema as any other can be complemented with transport security. Eran Rammer, one of the brains behind OAuth, has recently published an specification of a protocol based on MAC for Http authentication called Hawk. The initial version of the spec is available here. A curious fact is that the specification per se does not exist, and the specification itself is the code that Eran initially wrote using node.js. In that implementation, you can associate a key to an user, so once the MAC has been verified on the Web API, the user can be inferred from that key. Also a timestamp is used to avoid replay attacks. As a pet project, I decided to port that code to .NET using ASP.NET Web API, which is available also in github under https://github.com/pcibraro/hawknet Enjoy!.

    Read the article

  • openssl client authentication error: tlsv1 alert unknown ca: ... SSL alert number 48

    - by JoJoeDad
    I've generated a certificate using openssl and place it on the client's machine, but when I try to connect to my server using that certificate, I error mentioned in the subject line back from my server. Here's what I've done. 1) I do a test connect using openssl to see what the acceptable client certificate CA names are for my server, I issue this command from my client machine to my server: openssl s_client -connect myupload.mysite.net:443/cgi-bin/posupload.cgi -prexit and part of what I get back is as follow: Acceptable client certificate CA names /C=US/ST=Colorado/L=England/O=Inteliware/OU=Denver Office/CN=Tim Drake/[email protected] /C=US/ST=Colorado/O=Inteliware/OU=Denver Office/CN=myupload.mysite.net/[email protected] 2) Here is what is in the apache configuration file on the server regarding SSL client authentication: SSLCACertificatePath /etc/apache2/certs SSLVerifyClient require SSLVerifyDepth 10 3) I generated a self-signed client certificate called "client.pem" using mypos.pem and mypos.key, so when I run this command: openssl x509 -in client.pem -noout -issuer -subject -serial here is what is returned: issuer= /C=US/ST=Colorado/O=Inteliware/OU=Denver Office/CN=myupload.mysite.net/[email protected] subject= /C=US/ST=Colorado/O=Inteliware/OU=Denver Office/CN=mlR::mlR/[email protected] serial=0E (please note that mypos.pem is in /etc/apache2/certs/ and mypos.key is saved in /etc/apache2/certs/private/) 4) I put client.pem on the client machine, and on the client machine, I run the following command: openssl s_client -connect myupload.mysite.net:443/cgi-bin/posupload.cgi -status -cert client.pem and I get this error: CONNECTED(00000003) OCSP response: no response sent depth=1 /C=US/ST=Colorado/L=England/O=Inteliware/OU=Denver Office/CN=Tim Drake/[email protected] verify error:num=19:self signed certificate in certificate chain verify return:0 574:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:1102:SSL alert number 48 574:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s23_lib.c:182: I'm really stumped as to what I've done wrong. I've searched quite a bit on this error and what I found is that people are saying the issuing CA of the client's certificate is not trusted by the server, yet when I look at the issuer of my client certificate, it matches to one of the accepted CA returned by my server. Can anyone help, please? Thank you in advance.

    Read the article

  • Should OpenID clients accept adding WWW to the domain?

    - by Steve Clay
    For a long time I've used OpenID delegation on my site: http://example.org/ delegated to: http://example.openid-provider.com/, so I logged into OpenID-consuming sites using the former as ID. Recently I added www. to my site's canonical domain so http://example.org/ now redirects to http://www.example.org/. Should I be able to continue logging into existing OpenID accounts using http://example.org/? StackExchange sites say "yes". I can use either URL. At least one other doesn't recognize my existing account. Who's "right" (per spec) and is there anything I can fix on my end?

    Read the article

  • How To Use Google Authenticator and Other Two-Factor Authentication Apps Without a Smartphone

    - by Chris Hoffman
    Google, Dropbox, LastPass, Battle.net, Guild Wars 2 – all these services and more offer two-factor authentication apps that work on smartphones. If you don’t have a supported device, you can run an alternative application on your computer. When you log in, you’ll need to enter a time-based code from the app. Two-factor authentication prevents people who know your password – but don’t have the app and its security key – from logging in. How To Delete, Move, or Rename Locked Files in Windows HTG Explains: Why Screen Savers Are No Longer Necessary 6 Ways Windows 8 Is More Secure Than Windows 7

    Read the article

  • Getting Apache to serve same directory with different authentication over SSL?

    - by Lasse V. Karlsen
    I have set up VisualSVN server, a Subversion server that internally uses Apache, to serve my subversion repositories. I've managed to integrate WebSVN into it as well, and just now was able to get it to serve my repositories through WebSVN without having to authenticate, ie. no username or password prompt comes up. This is good. However, with this set up there is apparently no way for me to authenticate to WebSVN at all, which means all my private repositories are now invisible as far as WebSVN goes. I noticed there is a "Listen 81" directive in the .conf file, since I'm running the server on port 81 instead of 80, so I was wondering if I could set up a https:// connection to a different port, that did require authentication? The reason I need access to my private repositories is that I have linked my bug tracking system to the subversion repositories, so if I click a link in the bug tracking system, it will take me to diffs for the relevant files in WebSVN, and some products are in private repositories. Here's my Location section for WebSVN: <Location /websvn/> Options FollowSymLinks SVNListParentPath on SVNParentPath "C:/Repositories/" SVNPathAuthz on AuthName "Subversion Repository" AuthType Basic AuthBasicProvider file AuthUserFile "C:/Repositories/htpasswd" AuthzSVNAccessFile "C:/Repositories/authz" Satisfy Any Require valid-user </Location> Is there any way I can set up a separate section for a different port, say 8100, that does not have the Satisfy Any directive there, which is what enable anonymous access. Note that a different sub-directory on the server is acceptable as well, so /websvn_secure/, if I can make a location section for that and effectively serve the same content only without the Satisfy Any directive, that'd be good too.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 52 53 54 55 56 57 58 59 60 61 62 63  | Next Page >