Is there a way to authenticating without web browser on Facebook API on iPhone(or similar native cli
- by Eonil
Facebook offers an Objective-C library, but it uses web browser session too.
Is there any browser-less way to do authentication?
Search Results
Search found 5866 results on 235 pages for 'authentication'.
Page 66/235 | < Previous Page | 62 63 64 65 66 67 68 69 70 71 72 73 | Next Page >
-
-
Knowing the user name in a Page
- by ctacke
Let's assume the following: I have an IIS web site set up IIS is configured to use Digest authentication I'm running an ASP.NET page The page has a code-behing assembly that overrides Page_Load When a user navigates to that page, I get a security prompt for the username and password. If the username and password are invalid (i.e. incorrect password) is there a way for the called page, in Page_Load to know, or does IIS handle this and return the 401 before the ASP.NET engine ever gets around to resolving the actual Page class that will get executed?Read the article
-
How can I configure Devise for Ruby on Rails to store the emails and passwords somewhere other than in the user model?
- by TLK
I'd like to store emails in a separate table and allow users to save multiple emails and log in with any of them. I'd also like to store passwords in a different table. How can I configure Devise to store authentication info elsewhere? Worst case scenario, if I just have to hack into it, is there a generator to just port everything over to the app? I noticed there was a generator for the views. Thanks.Read the article
-
Pros & Cons of separating the controllers using subfolders on an ruby on rails app based?
- by user293179
Hi, Need some help gathering thoughts on this issue. Our team is moving ahead with the idea that separating the authenticated and public sections of our app in two separate folders will allow us to be more organized and secured. I have seen this approach for Admin apps within the site but never for authentication. We are currently using Authlogic. What would be the disadvantage of this? Thanks for your help.Read the article
-
Credentials - Can I do this?
- by zburns
I've got an ASP.NET website that I use forms authentication using the default provider you can setup. This works just fine for the site. The question is can I pass the credentials from the web site to a web app on the same server?Read the article
-
How can I generate a client proxy for a WCF service with an HTTPS endpoint?
- by ng5000
Might be the same issue as this previuos question: WCF Proxy but not sure... I have an HTTPS service connfigured to use transport security and, I hope, Windows credentials. The service is only accessed internally (i.e. within the intranet). The configuration is as follows: <configuration> <system.serviceModel> <services> <service name="WCFTest.CalculatorService" behaviorConfiguration="WCFTest.CalculatorBehavior"> <host> <baseAddresses> <add baseAddress = "https://localhost:8000/WCFTest/CalculatorService/" /> </baseAddresses> </host> <endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> </services> <bindings> <basicHttpBinding> <binding name="basicHttpBindingConfig"> <security mode="Transport"> <transport clientCredentialType = "Windows"/> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="WCFTest.CalculatorBehavior"> <serviceAuthorization impersonateCallerForAllOperations="false" principalPermissionMode="UseWindowsGroups" /> <serviceCredentials > <windowsAuthentication allowAnonymousLogons="false" includeWindowsGroups="true" /> </serviceCredentials> <serviceMetadata httpsGetEnabled="True"/> <serviceDebug includeExceptionDetailInFaults="False" /> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> </configuration> When I run the service I can't see the service in IE. I get a "this page can not be displayed" error. If I try and create a client in VS2008 via the "add service reference" wizard I get this error: There was an error downloading 'https://localhost:8000/WCFTest/CalculatorService/'. There was an error downloading 'https://localhost:8000/WCFTest/CalculatorService/'. The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream. Metadata contains a reference that cannot be resolved: 'https://localhost:8000/WCFTest/CalculatorService/'. An error occurred while making the HTTP request to https://localhost:8000/WCFTest/CalculatorService/. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream. If the service is defined in the current solution, try building the solution and adding the service reference again. I think I'm missing some fundamental basics here. Do I need to set up some certificates? Or should it all just work as it seems to do when I use NetTcpBinding? ThanksRead the article
-
ASP.NET Login Page Redirection Problem
- by Daniel
Hello everyone! I'm building a silverlight application hosted on ASP.NET Web App. / IIS7 / SSL-enabled website. For security, I put my silverlight page inside a Members folder in the ASP.NET Web Application, and restricted access from anonymous users.(see web.config below) when users try to access pages under Members folder, they get redirected to https://www.ssldemo.com/authenticationtest/login.aspx. (see web.config below) (I've mapped www.ssldemo.com to 127.0.0.1). for security, I'm switching to HTTPS in login.aspx, and back to HTTP after validation. below is the code for login.aspx.cs. protected void Page_Load(object sender, EventArgs e) { LoginControl.LoggedIn += new EventHandler(LoginControl_LoggedIn); } void LoginControl_LoggedIn(object sender, EventArgs e) { //for going to ReturnURL & switching back to HTTP string serverName = HttpUtility.UrlEncode(Request.ServerVariables["SERVER_NAME"]); string returnURL = Request["ReturnURL"]; Response.Redirect(ResolveClientUrl("http://" + serverName + returnURL)); } The problem is, when I deploy another application to http://www.ssldemo.com/authenticationtest/members/AnotherApplication/ and open http://www.ssldemo.com/authenticationtest/members/AnotherApplication/default.aspx, Users get redirected to https://www.ssldemo.com/authenticationtest/login.aspx?ReturnUrl=%2fauthenticationtest%2fmembers%2fanotherapplication%2fdefault.aspx. but even when I enter the correct credentials at login page, I get redirected to the same login page again, not to the ReturnUrl. when I looked into fiddler, it said '302 object moved to here.' Thank you for reading! Any input will be much appreciated. <configuration> <connectionStrings> <add name="CompanyDatabase" connectionString="Data Source=192.168.0.2;Initial Catalog=SomeTable;User ID=Username;Password=P@ssword" /> </connectionStrings> <system.web> <compilation debug="true" targetFramework="4.0" /> <authentication mode="Forms"> <forms slidingExpiration="true" timeout="15" loginUrl="https://www.ssldemo.com/authenticationtest/login.aspx" defaultUrl="~/Members/Default.aspx" > </forms> </authentication> <!--Custom Membership Provider--> <membership defaultProvider="MyMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear /> <add name="MyMembershipProvider" type="AuthenticationTest.Web.MyMembershipProvider" connectionStringName="CompanyDatabase" applicationName="AuthenticationTest.Web"/> </providers> </membership> </system.web> <!--securing folders--> <location path="Members"> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> </configuration>Read the article
-
mobile browsers' can't login to my site
- by imin
i've tested my site on 2 phone models using the 'generic' browser that came with the phone, but sadly, everytime I tried to login, it will return me back to my index page. here's my login code <form name='login' method='POST' action='authentication.php'> <table border=0 cellpadding=2> <tr><td>Login:</td><td></td></tr> <tr><td>E-mail: </td><td><input type=text name='email' id='email' size=20 maxlength="200"></td></tr> <tr><td>Password: </td><td><input type=password name='password' id='password' size=20 maxlength="100"></td></tr> <tr><td></td><td><input type=submit value='Login'></td></tr> </table></form> and here's the authentication.php (snippet) $currentUserEmail = $_POST["email"]; $currentUserPwd = md5($_POST["password"]); $stmt = $dbi->prepare("select status from users where email=? and pwd=?"); $stmt->bind_param('ss', $currentUserEmail,$currentUserPwd); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $isUserAvailable = mysqli_stmt_num_rows($stmt); $stmt->bind_result($getUserStatus); $stmt->execute() or die (mysqli_error()); $stmt->store_result(); $stmt->fetch(); $stmt->close(); if($isUserAvailable > 0){ if ($getUserStatus == "PENDING") { $userIsLoggedIn = "NO"; $registeredUser = "NO"; unset($userIsLoggedIn); setcookie("currentMobileUserName", "", time()-3600); setcookie("currentMobileUserEmail", "", time()-3600); setcookie("currentMobileSessionID", "", time()-3600); setcookie("currentMobileUID", "", time()-3600); header('Location: '.$config['MOBILE_URL'].'/index.php?error=2&email='.$currentUserEmail); }elseif (($getUserStatus == "ACTIVE") || ($getUserStatus == "active")){ //means successfully logged in //set the cookie setcookie("currentMobileUserName", $currentUserName, $expire); setcookie("currentMobileUserEmail", $currentUserEmail, $expire); setcookie("currentMobileSessionID", $getGeneratedMobileUSID, $expire); setcookie("currentMobileUID", $currentUID, $expire); $userIsLoggedIn = "YES"; $registeredUser = "YES"; $result = $stmt->execute() or die (mysqli_error($dbi)); if ($caller == "indexLoginForm"){ header('Location: '.$config['MOBILE_URL'].'/home.php'); }else{ header('Location: '.$config['MOBILE_URL'].'/home.php'); } } }else{ $userIsLoggedIn = "NO"; $registeredUser = "NO"; unset($userIsLoggedIn); setcookie("currentMobileUserName", "", time()-3600); setcookie("currentMobileUserEmail", "", time()-3600); setcookie("currentMobileSessionID", "", time()-3600); setcookie("currentMobileUID", "", time()-3600); header('Location: '.$config['MOBILE_URL'].'/index.php?error=1'); } The only way I can access my mobile site is by using opera mini. Just FYI, both the 'generic browsers' i tested my site with supports cookie (at least this is what the browser settings said). thanksRead the article
-
Why RSA SSH authentication only works after console log-in?
- by smorhaim
I setup RSA authentication on one of my Ubuntu servers, however after every restart, I can't log-in via ssh RSA. In order to log-in with ssh I need to first log-in via console, then the RSA starts working. Why??? Below are my sshd config file as well as an output from the ssh -vv command before console log-in and after. . Before console log-in: debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/smorhaim/.ssh/smorhaim (0x7ff8d8c242c0) debug2: key: /Users/smorhaim/.ssh/id_rsaadmin (0x7ff8d8c24cf0) debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/smorhaim/.ssh/smorhaim debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug1: Offering RSA public key: /Users/smorhaim/.ssh/id_rsaadmin debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey). After console log-in: debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /Users/smorhaim/.ssh/smorhaim (0x7f91c14242c0) debug2: key: /Users/smorhaim/.ssh/id_rsaadmin (0x7f91c1424ae0) debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /Users/smorhaim/.ssh/smorhaim debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp b1:d5:90:43:be:43:52:a9:7f:05:c7:04:86:57:b3:ff debug1: Authentication succeeded (publickey). Authenticated to 10.10.30.151 ([10.10.30.151]:22). sshd config: Port 22 Protocol 2 ListenAddress 10.10.30.151 UsePrivilegeSeparation yes SyslogFacility AUTHPRIV PermitRootLogin no PasswordAuthentication no ChallengeResponseAuthentication no UsePAM yes X11Forwarding yesRead the article
-
Mac OS X printing to CUPS - More intuitive authentication failure?
- by Moduspwnens
We have a network-wide CUPS server that offers authenticated printer access to all our campus users. We've been pretty disappointed with the way Mac clients handle bad printing authentication, though. In any other authentication dialog, when a user types in a bad username or password, the window shakes briefly, allowing the user to re-enter. With printers, this isn't the case. It'll happily accept (and even save to the keychain, if specified) bad credentials. The authentication dialog is dismissed, and the user then has to deal with the print jobs showing up as "On hold (authentication required)". To get their job printed, they need to select it in the printer's queue, click "Resume", then re-enter appropriate credentials. Is there a way to get failed printing authentication to work more intuitively for Mac OS X clients? We're trying to support a BYOD environment, but our end users have been really confused by this. It's made even worse by the way it pre-populates the user's full login name (e.g. "Smith, John"), which tends to make them think to use their local machine passwords.Read the article
-
How to create public html (apache2) with LDAP authentication?
- by borjamf
Im running Apache2 on Ubuntu 12.04 Server because I want to create a home directory for each ldap user. I'm using LDAP for authentication and it's working ok. Also I've done some tests with LDAP module for Apache2 and it's working ok. The problem with this LDAP authentication is that any success login can access to ~user/public_html, even if the user is not the owner of that home. I dont know how to control that, for example, userldap2 access to userldap1/public_html. I want that only the userldap1 access to userldap1. Could anybody tell me how to control that with LDAP authentication? I hope that you'll understand me. My config (auth_ldap.conf) <Directory /home/disco2/*/public_html> AuthName "Authentication" AuthType basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL ldap://prueba.borja/dc=prueba,dc=borja?uid? Require ldap-filter objectClass=posixAccount </Directory>Read the article
-
How to use SharpSVN in ASP.NET?
- by Bryan
Trying to use use SharpSVN in an ASP.NET app. So far, it's been nothing but trouble. First, I kept getting permission errors on "lock" files (that don't exist), even though NETWORK SERVICE has full permissions on the directories. Finally in frustration I just granted Everyone full control. Now I get a new error: OPTIONS of 'https://server/svn/repo': authorization failed: Could not authenticate to server: rejected Basic challenge (https://server) This happens whether I have the DefaultCredentials set below or not: using (SvnClient client = new SvnClient()) { //client.Authentication.DefaultCredentials = new System.Net.NetworkCredential("user", "password"); client.LoadConfiguration(@"C:\users\myuser\AppData\Roaming\Subversion"); SvnUpdateResult result; client.Update(workingdir, out result); } Any clues? I wish there was SOME documentation with this library, as it seems so useful.Read the article
-
ASP.NET MVC: AuthorizeAttribute on default page
- by AlexB
The default controller in my ASP.NET MVC project is decorated with the [Authorize] attribute. When I deploy the website on my development machine and access the website, I am redirected to the login page (defined in forms loginUrl section of the Web.Config). Result: everything works as expected. When I publish the website on our production server (Windows Server 2008, IIS 7, DefaultAppPool) and access the website, the expected address shows in the address bar (/Account/LogOn?ReturnUrl=*my_expected_return_url*), but the page displays "You do not have permission to view this directory or page." instead of the login page. If I remove the [Authorize] attribute on the default controller/action, the page displays correctly. My Web.Config file: sessionState mode="InProc" timeout="30" authentication mode="Forms" forms loginUrl="~/Account/LogOn" timeout="2880"Read the article
-
RedirectFromLogin in Silverlight Login Page
- by Oliver
I am busy writing a login page in Silverlight. I am using an Authentication Service that processes the logins and I am also creating a custom Membership and Roles providers. Everything is working but I need some assistance. I would like some advice on how to redirect the user to page they came from before they were pushed to the Login page. Basically I want the same behavior as the standard ASP.Net login. I am fully aware of the differences between ASP and Silverlight regarding Client and Server side models. I can do the navigation but I always lose the session and cookie when I perform HtmlPage.Window.Navigate() to the ReturnUrl...Read the article
-
WCF via Windows Service - Authenticating Clients
- by Sean
I am a WCF / Security Newb. I have created a WCF service which is hosted via a windows service. The WCF service grabs data from a 3rd party data source that is secured via windows authentication. I need to either: Pass the client's privileges through the windows service, through the WCF service and into the 3rd party data source, or... Limit who can call the windows service / WCF service to members of a particular AD group. Any suggestions on how I can do either of these tasks?Read the article
-
Storing user info in Session using an Object vs. normal variables
- by justinl
I'm in the process of implementing a user authentication system for my website. I'm using an open source library that maintains user information by creating a User object and storing that object inside my php SESSION variable. Is this the best way to store and access that information? I find it a bit of a hassle to access the user variables because I have to create an object to access them first: $userObj = $_SESSION['userObject']; $userObj->userId; instead of just accessing the user id like this how I would usually store the user ID: $_SESSION['userId']; Is there an advantage to storing a bunch of user data as an object instead of just storing them as individual SESSION variables? ps - The library also seems to store a handful of variables inside the user object (id, username, date joined, email, last user db query) but I really don't care to have all that information stored in my session. I only really want to keep the user id and username.Read the article
-
Rails application settings?
- by Danny McClelland
Hi Everyone, I am working on a Rails application that has user authentication which provides an administrators account. Within the administrators account I have made a page for sitewide settings. I was wondering what the norm is for creating these settings. Say for example I would like one of the settings to be to change the name of the application name, or change a colour of the header. What I am looking for is for someone to explain the basic process/method - not necessarily specific code - although that would be great! Thanks, DannyRead the article
-
Python urllib2 Basic Auth Problem
- by Simon
I'm having a problem sending basic AUTH over urllib2. I took a look at this article, and followed the example. My code: passman = urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None, "api.foursquare.com", username, password) urllib2.install_opener(urllib2.build_opener(urllib2.HTTPBasicAuthHandler(passman))) req = urllib2.Request("http://api.foursquare.com/v1/user") f = urllib2.urlopen(req) data = f.read() I'm seeing the following on the Wire via wireshark: GET /v1/user HTTP/1.1 Host: api.foursquare.com Connection: close Accept-Encoding: gzip User-Agent: Python-urllib/2.5 You can see the Authorization is not sent, vs. when I send a request via curl: curl -u user:password http://api.foursquare.com/v1/user GET /v1/user HTTP/1.1 Authorization: Basic =SNIP= User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 OpenSSL/0.9.8k zlib/1.2.3 Host: api.foursquare.com Accept: */* For some reason my code seems to not send the authentication - anyone see what I'm missing? thanks -simonRead the article
-
How to use Windows login for single-sign-on and for Active Directory entries for Desktop Java applic
- by Touko
I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to : Be sure that the particular user has logged in to Windows with some user entry. Check out some setup information for that user from the Active Directory With http://stackoverflow.com/questions/31394/java-programatic-way-to-determine-current-windows-user I can get the name of the current Windows user but can I rely to that? I think the System.getProperty("user.name") won't be secure enough? ("user.name" seems to be got from environment variables, so I can't rely on that, I think?) Question http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux provides me the authentication for given name+pass but I'd like to authenticate based on the Windows logon? For the Active Directory access, the LDAP would probably be the choise? I'm not totally sure if I'm asking the right questions but hopefully somebody has some ideas to forward me on.Read the article
-
Can django's auth_user.username be varchar(75)?
- by perrierism
Django's auth_user.username field is 30 characters. That means you can't have auth_user.username store an email address. If you want to have users authenticate based on their email address it would seem you have to do some wonky stuff like writing your own authentication backend which authenticates based on (email, password) instead of (username, password) and furthermore, figuring out what you're going to put in the username field since it is required and it is a primary key. Do you put a hash in there, do you try to put the id in there... bleh! Why should you have to write all this code and consider edge cases simply because username is too small for your (farily common) purposes? Is there anything wrong with running alter table on auth_user to make username be varchar(75) so it can fit an email? What does that break if anything?Read the article
-
PHP Session when using desktop app
- by Jonathan
In this question I asked how to POST to a php file form a vb.net app: http://stackoverflow.com/questions/2615335/post-to-webpage-in-vb-net-win-forms-desktop-not-asp-net So now I've logged in the user user by posting their username and password to the php file, the php file then does security/checks they exist/etc and if both username and password are correct is stores the user ID in a session variable. Now if the vb.net app tries to download data off a page which needs the user to logged in, it checks this by doing: if (!isset($_SESSION['uid'])) { header("Location: index.php"); } However after having logged correctly in the app the session variable is not set. How does session work with a vb.net app like this? When the user logs in successfully should I download the user id and keep it in the vb.net app and then post it to each page that requires authentication?Read the article
-
RIA Services: custom autorization
- by Budda
Here is a good example how to create custom autorization for RIA services: http://stackoverflow.com/questions/1195326/ria-services-how-can-i-create-custom-authentication In my case a silverlight-pages will be displayed as a part of HTML-content and user authorisation is already implemented on the server-side (ASP.NET Membership is not used). It is required to show on the silverlight pages different information for authorised and non-authorised users. Is there any possibility to track on the Silverlight side if user is already authorized on the server side (on the usual ASP.NET web-site)? Please adivse how to do this. Thank you in advance.Read the article
-
What is a hardware-id?
- by Rob
Some forums that I regularly visit sell premium programs, and to prevent them from being leaked they use hardware-id authentication. That is, first they send you a program to run to grab your HWID, you tell them your HWID, they store it in a database, then they send you the actual program. If your HWID isn't in the database, the program won't run. So what is Hardware-ID, and how is it generated? Why is it that my HWID is different depending on the programmer that sends me a HWID-grabber?Read the article
-
log in as a proxy for a certain user
- by Samuel
We have a requirement, wherein the administrative user needs to proxy in as a certain user in an environment where several users (Role: User) are managed by an administrator (Role: Admin). e.g If we have the following users in the database (admin, user1, user2, user3), we would want the admin to proxy as 'user2' and use the system in certain scenarios. Authentication in our web application is based username / password credentials, what mechanisms are available for the admin to proxy as 'user2' when he doesn't have the password for 'user2'. How can the application track such access for audit purposes to mention that 'admin' had proxied for 'user2' and performed certain actions. I am looking for suggestions on supporting this in our j2ee (jboss seam) web application.Read the article
-
Setting Sql server security rights for multiple situations
- by DanDan
We have an application which uses an instance of Sql Server locally for its backend storage. The administrator windows login has had its sysadmin right revoked, and instead two sql logins have been created; one for the application with a secret password and one read only login we let users view the raw data with. This was working fine until we moved on FileStreams, which requires intergrated windows authentication. So now the sql server logins must be replaced. As a result, I am now reviewing all of our logins but I am not sure how it is possible. It seems that the application needs full read/write access, yet I still need to lock down writing to the tables so the user cannot login into the database and delete data randomly. Does anyone have any tips for setting multiple levels of security using intergrated windows logins, or can you direct me to any further reading? Some answers can also be found on serverfault: http://serverfault.com/questions/138763/setting-sql-server-security-rights-for-multiple-situationsRead the article
