Search Results

Search found 34094 results on 1364 pages for 'open authentication'.

Page 67/1364 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >

• Directory access control with Apache: do I need to use a specific .htaccess?

  - by Mirror51

  I have an Apache webserver, and in the Apache configuration, I have Alias /backups "/backups" <Directory "/backups"> AllowOverride None Options Indexes Order allow,deny Allow from all </Directory> I can access files via http://127.0.0.1/backups. The problem is everyone can access that. I have a web interface, e.g. http://localhost/adminm that is protected with htaccess and password. Now I don't want separate .htaccess and .htpasswd for /backups, and I don't want a second password prompt when a user clicks on /backups in the web interface. Is there any way to use same .htaccess and .htpasswd for the backups directory?

  Read the article

• Gnome/X logs off immediately after login -- which logfiles are relevant?

  - by joebuntu

  I've been tinkering with fingerprint-gui as well as X/xrandr resolution settings. When I start my machine, it boots up normally. As soon as X and gnome have finished starting, it logs me off automatically and brings me back to the gdm login prompt with the user list. Then I am, however, able to log in using "Ubuntu Desktop Fail-safe". I've checked the list of start-up applications, but everything seems fine there. I can't yet put my finger on what exactly might be responsible for this: X, gnome or some messed up pam.d settings. So far I've checked /var/logs/X11/xorg.0.log, /var/logs/auth.log and ~/.xsession-errors. In addition, I don't quite seem to understand the "interplay" between X, GDM, GNOME, GNOME-policykit, PAM.d and all that. Are there any other relevant log files that could point me to what's broken? Specs: Ubuntu 10.10 Maverick Meerkat IBM/Lenovo Thinkpad R60, ATI Radeon x1400 Mobility all updates installed Linux User 1 year+,

  Read the article

• My cPanel login is being redirected. How can I resolve this?

  - by Suz

  I'm trying to get to cPanel to manage my website. When I type www.mydomain.com:2082 into the browser window, the request seems to be redirected. I made a screen-cast so I could slow down the changes in the address bar. First it seems to go to http://www.mydomain.com:2082/login then http://www.mydomain.com/cgi-sys/login.cgi At this point, a screen briefly appears which says 'Login attempt failed' and then the address is redirected to https://this22.thishost.com:2083/, which is no relation to my site at all. This looks to me like there has been an attack on the system and the login.cgi file is compromised. Any suggestions on how to analyze this further? or fix it? Of course my 'free hosting' isn't any help at all.

  Read the article

• How to Unlock Applications folder

  - by Mark Coleman

  This question relates to Ubuntu 12.04 LTS. I wish to move a folder from the desktop into the applications folder at home/usr/share/applications. When I attempt to drag the folder from the desktop to the applications folder, I get the following message: "Error moving file: Permission denied" Permission or no permission, I want to move a folder from the desktop to the above said applications folder. How do I authenticate so I can make this move? There is no opportunity to authenticate when I get the error message, only "Skip" or "Cancel". I don't want to skip or cancel, I want to authenticate and move the folder. How do I do this? Thank you!

  Read the article

• Will using HTTPS hurt my site's SEO or other statistics?

  - by yannbane

  I've set up a WordPress blog. Since I have to log into it from many different locations/machines, I've also got an SSL certificate, and set up Apache to redirect HTTP to HTTPS. It all works, but I'm wondering whether that's an overkill. Since most people who go to my site don't have to log in, I'm starting to wonder whether HTTPS has some drawbacks. If so, should I look for a way to make HTTPS optional?

  Read the article

• The HTTP request was forbidden with client authentication scheme 'Anonymous'

  - by dudia

  I am trying to configure a WCF server\client to work with SSL I get the following exception: The HTTP request was forbidden with client authentication scheme 'Anonymous' I have a self hosted WCF server. I have run hhtpcfg both my client and server certificates are stored under Personal and Trusted People on the Local Machine Here is the server code: binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; binding.Security.Mode = WebHttpSecurityMode.Transport; _host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust; _host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; _host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine; _host.Credentials.ServiceCertificate.SetCertificate("cn=ServerSide", StoreLocation.LocalMachine, StoreName.My); Client Code: binding.Security.Mode = WebHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; WebChannelFactory<ITestClientForServer> cf = new WebChannelFactory<ITestClientForServer>(binding, url2Bind); cf.Credentials.ClientCertificate.SetCertificate("cn=ClientSide", StoreLocation.LocalMachine, StoreName.My); ServicePointManager.ServerCertificateValidationCallback += RemoteCertificateValidate; Looking at web_tracelog.svclog and trace.log reveals that the server cannot autheticate the client certificate My certificate are not signed by an Authorized CA but this is why I added them to the Trusted People.... What Am I missing? What am I missing?

  Read the article

• System.Net.WebClient doesn't work with Windows Authentication

  - by Peter Hahndorf

  I am trying to use System.Net.WebClient in a WinForms application to upload a file to an IIS6 server which has Windows Authentication as it only 'Authentication' method. WebClient myWebClient = new WebClient(); myWebClient.Credentials = new System.Net.NetworkCredential(@"boxname\peter", "mypassword"); byte[] responseArray = myWebClient.UploadFile("http://localhost/upload.aspx", fileName); I get a 'The remote server returned an error: (401) Unauthorized', actually it is a 401.2 Both client and IIS are on the same Windows Server 2003 Dev machine. When I try to open the page in Firefox and enter the same correct credentials as in the code, the page comes up. However when using IE8, I get the same 401.2 error. Tried Chrome and Opera and they both work. I have 'Enable Integrated Windows Authentication' enabled in the IE Internet options. The Security Event Log has a Failure Audit: Logon Failure: Reason: An error occurred during logon User Name: peter Domain: boxname Logon Type: 3 Logon Process: ÈùÄ Authentication Package: NTLM Workstation Name: boxname Status code: 0xC000006D Substatus code: 0x0 Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 127.0.0.1 Source Port: 1476 I used Process Monitor and Fiddler to investigate but to no avail. Why would this work for 3rd party browsers but not with IE or System.Net.WebClient?

  Read the article

• Is there any open source tool that automatically 'detects' email threading like Gmail?

  - by Chris W.

  For instance, if the original message (message 1) is... Hey Jon, Want to go get some pizza? -Bill And the reply (message 2) is... Bill, Sorry, I can't make lunch today. Jonathon Parks, CTO Acme Systems On Wed, Feb 24, 2010 at 4:43 PM, Bill Waters wrote: Hey John, Want to go get some pizza? -Bill In Gmail, the system (a) detects that message 2 is a reply to message 1 and turns this into a 'thread' of sorts and (b) detects where the replied portion of the message actually is and hides it from the user. (In this case the hidden portion would start at "On Wed, Feb..." and continue to the end of the message.) Obviously, in this simple example it would be easy to detect the "On <Date, <Name wrote:" or the "" character prefixes. But many email systems have many different style of marking replies (not to mention HTML emails). I get the feeling that you would have to have some damn smart string parsing algorithms to get anywhere near how good GMail's is. Does this technology already exist in an open source project somewhere? Either in some library devoted to this exclusively or perhaps in some open source email client that does similar message threading? Thanks.

  Read the article

• Can not call web service with basic authentication using WCF

  - by RexM

  I've been given a web service written in Java that I'm not able to make any changes to. It requires the user authenticate with basic authentication to access any of the methods. The suggested way to interact with this service in .NET is by using Visual Studio 2005 with WSE 3.0 installed. This is an issue, since the project is already using Visual Studio 2008 (targeting .NET 2.0). I could do it in VS2005, however I do not want to tie the project to VS2005 or do it by creating an assembly in VS2005 and including that in the VS2008 solution (which basically ties the project to 2005 anyway for any future changes to the assembly). I think that either of these options would make things complicated for new developers by forcing them to install WSE 3.0 and keep the project from being able to use 2008 and features in .NET 3.5 in the future... ie, I truly believe using WCF is the way to go. I've been looking into using WCF for this, however I'm unsure how to get the WCF service to understand that it needs to send the authentication headers along with each request. I'm getting 401 errors when I attempt to do anything with the web service. This is what my code looks like: WebHttpBinding webBinding = new WebHttpBinding(); ChannelFactory<MyService> factory = new ChannelFactory<MyService>(webBinding, new EndpointAddress( "http://127.0.0.1:80/Service/Service/")); factory.Endpoint.Behaviors.Add(new WebHttpBehavior()); factory.Credentials.UserName.UserName = "username"; factory.Credentials.UserName.Password = "password"; MyService proxy = factory.CreateChannel(); proxy.postSubmission(_postSubmission); This will run and throw the following exception: "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=realm'." And this has an inner exception of: "The remote server returned an error: (401) Unauthorized." Any thoughts about what might be causing this issue would be greatly appreciated.

  Read the article

• End-to-end kerberos delegated authentication in ASP.NET

  - by Erlend

  I'm trying to setup an internal website that will contact another backend service within the network on behalf of the user using a HttpWebRequest. I have to use Integrated Windows Authentication on the ASP.NET application as the backend system only supports this type of authentication. I'm able to setup IWA on the ASP.NET application, and it's using kerberos as I expect it to. However when the authentication is delegated to the backend system it doesn't work anymore. This is because the backend system only supports kerberos IWA, but the delegation for some reason - even though the incoming request is kerberos authenticated - converts the authentication to NTLM before forwaring to the backend system. Does anybody know what I need to do on the ASP.NET application in order to allow it to forward the identity using kerberos? I've currently tried the followin but it doesn't seem to work CredentialCache credentialCache = new CredentialCache(); credentialCache.Add(request.RequestUri, "Negotiate", CredentialCache.DefaultCredentials.GetCredential(request.RequestUri, "Kerberos")); request.Credentials = credentialCache; I've also tried to set "Kerberos" where it now says "Negotiate", but it doesn't seem to do much.

  Read the article

• Facebook Graph API authentication in canvas app and track session

  - by cdpnet

  Short question is: how can i use graph api oauth redirects mechanism to authenticate user and save retrieved access_token and also use javascript SDK when needed (the problem is javascript SDK will have different access_token when initialized). I have initially setup my facebook iframe canvas app, with single sign on. This works well with graph api, as I am able to use access_token saved by facebook's javascript when it detects sessionchange(user logged in). But, I want to rather not do single sign-on. But, use graph api redirect and force user to send to a permissions dialog. But, if he has already given permissions, I shouldn't redirect user. How to handle this? Another question: I have done graph api redirects for authentication and have retrieved access_token also. But then, what if I want to use javascript call FB.ui to do stream.Publish? I think it will use it's own access_token which is set during FB.init and detecting session. So, I am looking for some path here. How to use graph api for authentication and also use facebook's javascript SDK when needed. P.S. I'm using ASP .NET MVC 2. I have an authentication filter developed, which needs to detect the user's authentication state and redirect.(currently it does this to graph api authorize url)

  Read the article

• Spring Security 3.0 - Intercept-URL - All pages require authentication but one

  - by gav

  Hi All, I want any user to be able to submit their name to a volunteer form but only administrators to be able to view any other URL. Unfortunately I don't seem to be able to get this correct. My resources.xml are as follows; <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http realm = "BumBumTrain Personnel list requires you to login" auto-config="true" use-expressions="true"> <http-basic/> <intercept-url pattern="/person/volunteer*" access=""/> <intercept-url pattern="/**" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans> Specifically I am trying to achieve the access settings I described via; <intercept-url pattern="/person/volunteer*" access=""/> <intercept-url pattern="/**" access="isAuthenticated()" /> Could someone please describe how to use intercept-url to achieve the outcome I've described? Thanks Gav

  Read the article

• A commercial software but open and free for personal/edu. How to license?

  - by Ivan

  I am developing a software to sell for business use but am willing to make it free and open-source for personal and educational use. Actually I can see the flowing requirements I would like the license to set: Personal and educational usage of the program and its source codes is to be free. In case of publishing of derivative works the original work and author (me) must be mentioned (incl. textual link to my website in a not-very-far-hidden place) and the derivative work must have different name. A derivative work can be closed-source. In every case of commercial (when the end-user is a commercial body (as a company (expect of non-profit organizations), an individual entrepreneur or government office)) usage of my work or any of derivative works made by anyone, the end-user, service provider or the derivative author must buy a commercial license from me. I mean no guarantees or responsibilities, whether expressed or implied... (except the case when one explicitly purchases a support service contract from me and the particular contract specifies a responsibility). Is there a known common license for this case? As far as I can see now it can not be OSI-approved as it does not comply to the §6. of OSI definition of open source. But there still can be an a common known reusable license for this case as it looks quite natural, I think.

  Read the article

• Spring Security 3.0- Customise basic http Authentication Dialog

  - by gav

  Rather than reading; A user name and password are being requested by http://localhost:8080. The site says: "Spring Security Application" I want to change the prompt, or at least change what the "site says". Does anyone know how to do this via resources.xml? In my Grails App Spring configuration, my current version is as follows; <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http auto-config="true" use-expressions="true"> <http-basic/> <intercept-url pattern="/**" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans>

  Read the article

• How should I manage/declare dependencies between open source C# projects?

  - by munificent

  I've got a game (a roguelike to be specific) in C# that I'm in the process of cleaning up to open source. One step I'd like to take is splitting it into three distinct pieces: A simple package of utility classes, things like 2D arrays, vectors, etc. A terminal UI package that gives you a curses-like display. It depends on 1. The actual game, which uses 1 and 2. Right now, these are all separate projects in the same solution, but I'd kind of like to make them completely separate projects (in the "open source project" sense, not the "visual studio project" use of the term) with their own names and repos. I think, at the very least, #1 is generally useful even if you aren't building game, and I don't want someone to have to build an entire game just to get some handy functions. What I'm not sure about is how to handle the dependencies if I split up the solution. If someone decides they want to sync the game, how should I ensure they also get 1 and 2? Include the built dependent .dlls in the games repo? Just document, "you need these other projects and they must be in a path relative to the game like this". Just leave it all one giant solution and a single repo. Something I'm not thinking of?

  Read the article

• Viewing recently edited etherpads (note new 'etherpad' tag for open sourced etherpad code!)

  - by dreeves

  Prescript: The amazing etherpad was recently open sourced. Get it here: http://code.google.com/p/etherpad. This is the first question that I know of on StackOverflow about the etherpad code. If you're part of the etherpad open source community, you might want to subscribe to the RSS feed for questions tagged 'etherpad' just in case this catches on! My actual question, which assumes you have etherpad installed on your own server: First, here's a query to view recently edited pads: SELECT id,lastWriteTime,creationTime,headRev FROM PAD_SQLMETA ORDER BY lastWriteTime, headRev; Or, if you want to run it from a unix prompt: mysql -u root -pPASSWD etherpad -e "select id,lastWriteTime,creationTime,headRev from PAD_SQLMETA order by lastWriteTime, headRev" That's handy, however lastWriteTime actually gets updated every time someone so much as views a pad in their browser. I'd rather sort the pads by when they were actually last edited. There's probably a fancy SQL query involving a join with another table that would show actual last edit time. Does anyone know what that is? Alternatively, you could have a script that notices when headRev changes but that doesn't seem like the cleanest way to do it.

  Read the article

• Is there any time estimation about sqlite3's open speed?

  - by sxingfeng

  I am using SQLite3 in C++, I found the opening time of sqlite seems unstable at the first time( I mean ,open windows and open the db at the first time) It takes a long tiom on 50M db, about 10s in windows? and vary on different times. Has any one met the same problem? I am writting an desktop application in windows, so the openning speed is really important for me. Thanks in advance! int nRet; #if defined(_UNICODE) || defined(UNICODE) nRet = sqlite3_open16(szFile, &mpDB); // not tested under window 98 #else // For Ansi Version //*************- Added by Begemot szFile must be in unicode- 23/03/06 11:04 - **** OSVERSIONINFOEX osvi; ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX)); osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX); GetVersionEx ((OSVERSIONINFO *) &osvi); if ( osvi.dwMajorVersion == 5) { WCHAR pMultiByteStr[MAX_PATH+1]; MultiByteToWideChar( CP_ACP, 0, szFile, _tcslen(szFile)+1, pMultiByteStr, sizeof(pMultiByteStr)/sizeof(pMultiByteStr[0]) ); nRet = sqlite3_open16(pMultiByteStr, &mpDB); } else nRet = sqlite3_open(szFile,&mpDB); #endif //************************* if (nRet != SQLITE_OK) { LPCTSTR szError = (LPCTSTR) _sqlite3_errmsg(mpDB); throw CppSQLite3Exception(nRet, (LPTSTR)szError, DONT_DELETE_MSG); } setBusyTimeout(mnBusyTimeoutMs);

  Read the article

• Replacing mysql user authentication with openid

  - by David

  So, I'm working with a really old system which uses a person's mysql database credentials to authenticate to a web site (the database was originally only accessed from the command line, but is now accessed from a php frontend). Because of some internal reasons (and to preserve the user's history), I have to leave the old authentication intact. I've been charged with adding openid authentication to this system. Somehow I need to be able to retrieve a users mysql username and password upon logging into the site through openid (using the Zend framework, by the way). I've thought of simply requiring registration at the first login, where the user must provide their mysql credentials, but I'd rather not store the password plain text. I've also considered blanking everyone's mysql passwords, and just setting the user's mysql username manually (rather than having the user provide this, since they could provide any username). This is turning into a security nightmare. Does anyone have any suggestions for alternatives? This is running on a Linux server, by the way. Also, I can't use mysql pluggable authentication because the mysql version is 5.0 (pluggable authentication requires mysql 5.5), and no, I can't update it.

  Read the article

• How do I grant anonymous access to a url using FormsAuthentication?

  - by Brian Bolton

  For the most part, my webapp requires authentication to do anything. There are a few pages, namely the homepage, that I'd like people to be able to access without authenticating. Specifically, I'd like to allow anonymous access to these urls: /home /default.aspx I'm using asp.net MVC and FormsAuthentication. Both urls point to the same view: /home/index.aspx Here is my current configuration in web.config. <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> <authorization> <deny users="?" /> </authorization> Reading the documentation for the authorization tag, it says "Configures the authorization for a Web application, controlling client access to URL resources." It seems like I should be able to use the authorization tag to specify a url and allow access. Something like: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> <authorization> <deny users="?" /> </authorization> <authorization url="/default.aspx"> <allow users="?" /> </authorization> <authorization url="/home"> <allow users="?" /> </authorization>

  Read the article

• Consuming SharePoint Web Services fails when behind Proxy server

  - by Jan Petersen

  Hi All, I've seen a number of post about consuming Web Services from behind a proxy server, but none that seams to address this problem. I'm building a desktop application, using Java, JAX-WS in NetBeans. I have a working prototype, that can query the server for authentication mode, successfully authenticate and retrieve a list of web site. However, if I run the same app from a network that is behind a proxy server (the proxy does not require authentication), then I'm running into trouble. The normal -dhttp.proxyHost ... settings does not seam to help any. But I have found that by creating a ProxySelector class and setting it as default, I can regain access to the authentication web service, but I still can't retrieve the list of web sites from the SharePoint server. Anyone have any experience on how to make this work? I have put the source text java class files of a demo app up, showing the issue at the following urls (it's a bit to long even in the short demo form to post here). link text When running the code from a network behind a proxy server, I successfully retrieve the Authentication mode from the server, but the request for the Web Site list generates an exception originating at: com.sun.xml.internal.ws.transport.http.client .HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:201) The output from the source when no proxy is on the network is listed below: Successfully retrieved the SharePoint WebService response for Authentication SharePoint authentication method is: WINDOWS Calling Web Service to retrieve list of web site. Web Service call response: -------------- XML START -------------- <Webs xmlns="http://schemas.microsoft.com/sharepoint/soap/"> <Web Title="Collaboration Lab" Url="http://host.domain.com/collaboration"/> <Web Title="Global Data Lists" Url="http://host.domain.com/global_data_lists"/> <Web Title="Landing" Url="http://host.domain.com/Landing"/> <Web Title="SharePoint HelpDesk" Url="http://host.domain.com/helpdesk"/> <Web Title="Program Management" Url="http://host.domain.com/programmanagement"/> <Web Title="Project Site" Url="http://host.domain.com/Project Site"/> <Web Title="SharePoint Administration Tools" Url="http://host.domain.com/admin"/> <Web Title="Space Management Project" Url="http://host.domain.com/spacemgmt"/> </Webs> -------------- XML END -------------- Br Jan

  Read the article

• Authenticate sites with different domain names using the Facebook API

  - by Onema

  We have a CMS that supports multiple sites, one of our features allows our users (The site admin) to connect to the site facebook account to allow status updates, create events and upload pictures to FB from with in the CMS. The authentication needs to occur once since each site may have multiple site admins that do not have access to the site FB user name and password. We use iframe and authenticate using $facebook-require_login() which redirects the user to the FB login and authentication pages. All this works just fine but when the user hits "Allow" the authentication will break as it will only redirect to whatever is in the "Post-Authorize Redirect URL" field making the app obsolete for any other domain except the one in the "Post-Authorize Redirect URL" I know other API's authentication methods like in Vimeo and YouTube will allow you to specify a NEXT parameter which is the equivalent of the "Post-Authorize Redirect URL" and it can be set at run time. How can I make this work for multiple domain names? Any hints on this issue will be of great help

  Read the article

• ReturnUrl = Default.aspx for MVC?

  - by Cynthia

  I'm trying to secure my entire MVC site, so before the Home controller, I added an [Authorize] attribute. Now if you run it from Visual Studio or navigate using the root URL (e.g. http://localhost:2897) it does redirect to the login page, as expected. However the URL in the address bar after redirection looks like this: http://localhost:2897/Account/LogOn?ReturnUrl=%2fdefault.aspx%3f I haven't tested this out, seeing as I have not implemented my authentication code. However, this looks like a big problem to me, since I do not have a default.aspx in my project! My authentication tag in the web.config looks like this: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" defaultUrl="~/Home/Index" timeout="2880"/> </authentication> Why doesn't it pick up this route as the default ReturnUrl instead of default.aspx?

  Read the article

• REST API unauthenticated requests exception based on the User-Agent

  - by Shay Tsadok

  Hi All, I am developing a REST API that supports two kinds of authentication protocols: login form authentication - for browser based clients. Simple Basic authentication - for non-browser clients. I developed a flow in which unauthenticated requests redirected to the "login form", the problem is that this is an undesired behavior for non-borwser clients! I thought to solve it by decide according to the "User-Agent" what to do: browsers will be redirected to the "login form" and non-browser clients will get the standard 401:Basic Authentication. A. What do you think about this solution? B. Is there a standard way in Java to check if the request came from browser, or do i need to develop this kind of mechanism by my own? Thanks in advance!

  Read the article

• CSRF protection and cross site form access

  - by fl00r

  Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

  Read the article

• How do I ensure my C# software can access the internet in a Citrix + ISA environment?

  - by TomFromThePool

  Hi everyone, A client recently informed us that deployment of our software in their environment has failed due to a proxy error when the software attempts to access the internet. The client has a combination of Citrix and Microsoft's ISA server. The software allows the use of a proxy and the ability to manually enter authentication information, or automatically retrieve the current system proxy settings. The error returned is the standard 407 authentication error, but the client assures us that they have entered the authentication information required. They have also shown us the snippet of the ISA error logs which identify the client as Anonymous and the authentication protocol as Basic. I have a few questions I suppose: How should I go about dealing with the ISA server in my code? I have no real experience with this environment and am assuming that the ISA server is treated like any other proxy. If I am mistaken, what should I be doing? Does ISA allow the administrator to disallow specific authentication protocols - and if this is the case and 'Basic' auth is disallowed, would it still return a 407 error? Could the Citrix environment have caused this issue? Is there any particular way to ensure that my software will work in such an environment? Code-samples would be much appreciated. I have neither a Citrix test server or an ISA server at my disposal to carry out testing on this so I am currently trying to identify possible causes before I make the case for investment in a more robust testing environment. Thanks for any help!

  Read the article

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >