Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

Page 68/244 | < Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75 | Next Page >

Storing user info in Session using an Object vs. normal variables

- by justinl

I'm in the process of implementing a user authentication system for my website. I'm using an open source library that maintains user information by creating a User object and storing that object inside my php SESSION variable. Is this the best way to store and access that information? I find it a bit of a hassle to access the user variables because I have to create an object to access them first: $userObj = $_SESSION['userObject']; $userObj->userId; instead of just accessing the user id like this how I would usually store the user ID: $_SESSION['userId']; Is there an advantage to storing a bunch of user data as an object instead of just storing them as individual SESSION variables? ps - The library also seems to store a handful of variables inside the user object (id, username, date joined, email, last user db query) but I really don't care to have all that information stored in my session. I only really want to keep the user id and username.

Read the article
Rails application settings?

- by Danny McClelland

Hi Everyone, I am working on a Rails application that has user authentication which provides an administrators account. Within the administrators account I have made a page for sitewide settings. I was wondering what the norm is for creating these settings. Say for example I would like one of the settings to be to change the name of the application name, or change a colour of the header. What I am looking for is for someone to explain the basic process/method - not necessarily specific code - although that would be great! Thanks, Danny

Read the article
Python urllib2 Basic Auth Problem

- by Simon

I'm having a problem sending basic AUTH over urllib2. I took a look at this article, and followed the example. My code: passman = urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_password(None, "api.foursquare.com", username, password) urllib2.install_opener(urllib2.build_opener(urllib2.HTTPBasicAuthHandler(passman))) req = urllib2.Request("http://api.foursquare.com/v1/user") f = urllib2.urlopen(req) data = f.read() I'm seeing the following on the Wire via wireshark: GET /v1/user HTTP/1.1 Host: api.foursquare.com Connection: close Accept-Encoding: gzip User-Agent: Python-urllib/2.5 You can see the Authorization is not sent, vs. when I send a request via curl: curl -u user:password http://api.foursquare.com/v1/user GET /v1/user HTTP/1.1 Authorization: Basic =SNIP= User-Agent: curl/7.19.4 (universal-apple-darwin10.0) libcurl/7.19.4 OpenSSL/0.9.8k zlib/1.2.3 Host: api.foursquare.com Accept: */* For some reason my code seems to not send the authentication - anyone see what I'm missing? thanks -simon

Read the article
How to use Windows login for single-sign-on and for Active Directory entries for Desktop Java applic

- by Touko

I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to : Be sure that the particular user has logged in to Windows with some user entry. Check out some setup information for that user from the Active Directory With http://stackoverflow.com/questions/31394/java-programatic-way-to-determine-current-windows-user I can get the name of the current Windows user but can I rely to that? I think the System.getProperty("user.name") won't be secure enough? ("user.name" seems to be got from environment variables, so I can't rely on that, I think?) Question http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux provides me the authentication for given name+pass but I'd like to authenticate based on the Windows logon? For the Active Directory access, the LDAP would probably be the choise? I'm not totally sure if I'm asking the right questions but hopefully somebody has some ideas to forward me on.

Read the article
Can django's auth_user.username be varchar(75)?

- by perrierism

Django's auth_user.username field is 30 characters. That means you can't have auth_user.username store an email address. If you want to have users authenticate based on their email address it would seem you have to do some wonky stuff like writing your own authentication backend which authenticates based on (email, password) instead of (username, password) and furthermore, figuring out what you're going to put in the username field since it is required and it is a primary key. Do you put a hash in there, do you try to put the id in there... bleh! Why should you have to write all this code and consider edge cases simply because username is too small for your (farily common) purposes? Is there anything wrong with running alter table on auth_user to make username be varchar(75) so it can fit an email? What does that break if anything?

Read the article
PHP Session when using desktop app

- by Jonathan

In this question I asked how to POST to a php file form a vb.net app: http://stackoverflow.com/questions/2615335/post-to-webpage-in-vb-net-win-forms-desktop-not-asp-net So now I've logged in the user user by posting their username and password to the php file, the php file then does security/checks they exist/etc and if both username and password are correct is stores the user ID in a session variable. Now if the vb.net app tries to download data off a page which needs the user to logged in, it checks this by doing: if (!isset($_SESSION['uid'])) { header("Location: index.php"); } However after having logged correctly in the app the session variable is not set. How does session work with a vb.net app like this? When the user logs in successfully should I download the user id and keep it in the vb.net app and then post it to each page that requires authentication?

Read the article
RIA Services: custom autorization

- by Budda

Here is a good example how to create custom autorization for RIA services: http://stackoverflow.com/questions/1195326/ria-services-how-can-i-create-custom-authentication In my case a silverlight-pages will be displayed as a part of HTML-content and user authorisation is already implemented on the server-side (ASP.NET Membership is not used). It is required to show on the silverlight pages different information for authorised and non-authorised users. Is there any possibility to track on the Silverlight side if user is already authorized on the server side (on the usual ASP.NET web-site)? Please adivse how to do this. Thank you in advance.

Read the article
What is a hardware-id?

- by Rob

Some forums that I regularly visit sell premium programs, and to prevent them from being leaked they use hardware-id authentication. That is, first they send you a program to run to grab your HWID, you tell them your HWID, they store it in a database, then they send you the actual program. If your HWID isn't in the database, the program won't run. So what is Hardware-ID, and how is it generated? Why is it that my HWID is different depending on the programmer that sends me a HWID-grabber?

Read the article
log in as a proxy for a certain user

- by Samuel

We have a requirement, wherein the administrative user needs to proxy in as a certain user in an environment where several users (Role: User) are managed by an administrator (Role: Admin). e.g If we have the following users in the database (admin, user1, user2, user3), we would want the admin to proxy as 'user2' and use the system in certain scenarios. Authentication in our web application is based username / password credentials, what mechanisms are available for the admin to proxy as 'user2' when he doesn't have the password for 'user2'. How can the application track such access for audit purposes to mention that 'admin' had proxied for 'user2' and performed certain actions. I am looking for suggestions on supporting this in our j2ee (jboss seam) web application.

Read the article
Setting Sql server security rights for multiple situations

- by DanDan

We have an application which uses an instance of Sql Server locally for its backend storage. The administrator windows login has had its sysadmin right revoked, and instead two sql logins have been created; one for the application with a secret password and one read only login we let users view the raw data with. This was working fine until we moved on FileStreams, which requires intergrated windows authentication. So now the sql server logins must be replaced. As a result, I am now reviewing all of our logins but I am not sure how it is possible. It seems that the application needs full read/write access, yet I still need to lock down writing to the tables so the user cannot login into the database and delete data randomly. Does anyone have any tips for setting multiple levels of security using intergrated windows logins, or can you direct me to any further reading? Some answers can also be found on serverfault: http://serverfault.com/questions/138763/setting-sql-server-security-rights-for-multiple-situations

Read the article
Backup Google Calendar programmatically: http://www.google.com/reader/subscriptions/export

- by Michael

I'm struggling with writing a python script that automatically grabs the zip fail containing all my google calendars and stores it (as a backup) on my harddisk. I'm using ClientLogin to get an authentication token (and successfully can obtain the token). Unfortunately, i'm unable to retrieve the file at https://www.google.com/calendar/exporticalzip It always asks me for the login credentials again by returning a login page as html (instead of the zip). Here's the critical code: post_data = post_data = urllib.urlencode({ 'auth': token, 'continue': zip_url}) request = urllib2.Request('https://www.google.com/calendar', post_data, header) try: f = urllib2.urlopen(request) result = f.read() except: print "Error" Anyone any ideas or done that before? Or an alternative idea how to backup all my calendars (automatically!)

Read the article
best way to authenticate and consume web service using phonegap (html5/javascript)

- by Raiss

I am going to develop a phonegap application which is pretty simple. I need to implement an authentication and some simple data transfer back and forth to the phone and server. I prefer to use ASP.NET as a web service and our database is MS SQL but I am not sure what approach should I take to create a secure communication between Phonegap App and webservice. The problem with a simple AJAX request is limitation in cross-domain and I’m not sure if JSONP is a good option. I was wondering if someone can tell me what technology I should use in order to make a semi secure connection which works with PhoneGap (html5, javascript ) and .Net webservice. I understand that it’s a general question but I need to know what technology is the best in such a case. thanks

Read the article
What one-time-password devices are compatible with mod_authn_otp?

- by netvope

mod_authn_otp is an Apache web server module for two-factor authentication using one-time passwords (OTP) generated via the HOTP/OATH algorithm defined in RFC 4226. The developer's has listed only one compatible device (the Authenex's A-Key 3600) on their website. If a device is fully compliant with the standard, and it allows you to recover the token ID, it should work. However, without testing, it's hard to tell whether a device is fully compliant. Have you ever tried other devices (software or hardware) with mod_authn_otp (or other open source server-side OTP program)? If yes, please share your experience :)

Read the article
RoR Devise: Sign in with username OR email

- by Patrick Oscity

Whats the best way to enable users to log in with their email address OR their username? I am using warden + devise for authentication. I think it probably won't be too hard to do it but i guess i need some advice here on where to put all the stuff that is needed. Perhaps devise devise already provides this feature? like in the config/initializers/devise.rb you would write: config.authentication_keys = [ :email, :username ] To require both username AND email for signing in. But i really want to have only one field for both username and email and require only one of them. I'll just visualize that with some ASCII art, it should look something like this in the view: Username or Email: [____________________] Password: [____________________] [Sign In]

Read the article
Trouble with authlogic_rpx

- by Andrei

Hi, I'm trying to run http://github.com/tardate/rails-authlogic-rpx-sample (only rails version was changed) but get error message http://gist.github.com/385696, when RPX returns information after successful authentication via Google Account. What is wrong here? And how I can fix it? The code was successfully tested with rails 2.3.3 by its author: http://rails-authlogic-rpx-sample.heroku.com/ I run on Windows with cygwin and rails (2.3.5), rpx_now (0.6.20), authlogic_rpx (1.1.1). Update In several hours RPX rejected my app http://img96.imageshack.us/img96/2508/14128362.png

Read the article
Download a file from one ASP.NET web application to other (given the credentials)

- by Tom S.

Hi everybody! Im working on a asp.net 3.5 web application (C#), where i have a file with some information that is updated frequently, and only few accounts can access to it (the application is using the asp.net authentication system, stored in a SQL database). My task is to parse that file, so i made a small parser (another web app) a to show the information in a more friendly way. However, everytime i want to parse it, i need to enter in the application with one of those accounts, download the file, put in the parser's folder. Is there any way to, given the username and password, download the file directly from the parser application and use that one? Thanks in advance

Read the article
How can I use htaccess to protect a subdirectory of codeigniter installation?

- by Art Peterson

I have codeigniter installed at the root directory, and would like to have a subdirectory called "test" password protected using htaccess. I keep getting a "404 page not found" no matter what I try. The directory structure is: /public_html /css /images /system (codeigniter directory) /test .htaccess .htaccess .htpasswd index.php The root .htaccess file looks like: RewriteEngine On RewriteBase / Options -Indexes # Removes trailing slashes RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.+)/$ $1 [L,R=301] # Enforce www RewriteCond %{HTTP_HOST} !^(www) [NC] RewriteRule ^(.*)$ http://www.mydomain.com/$1 [L,R=301] #Checks to see if the user is attempting to access a valid file, #such as an image or css document, if this isn't true it sends the #request to index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^(.*)test(.*) RewriteRule ^(.*)$ index.php?/$1 [L] The /test/.htaccess file: AuthUserFile /home/dir/.htpasswd AuthName "Protected Area" AuthType Basic <limit GET POST PUT> require user adminuser </limit> I'm not even getting the authentication prompt, just the codeigniter 404 page when I navigate to the url "http://www.mydomain.com/test/". Please advise!

Read the article
Accessing protected REST endpoint with JQuery

- by Andy

I have a site where members login to their account (FormsAuth). I would like to set up a RESTful service that I can access using jQuery. I would like to protect these services using the same FormsAuth. How would a third-party site be able to access these services? They would need to pass in the Principal/Identity to the service, right? I've only seen examples of Basic Authentication (which Twitter uses and jQuery supports). I'm very new to WCT/REST, so not sure how this should be done.

Read the article
Problem with Validate Anti Forgery

- by Mikael Egnér

Hi! I have a problem regarding MVC Anti forgery token. When I do my authentication I have pseudo code like this: var user = userRepository.GetByEmail(email); System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User = user; by doing so I'm able to get the current user in my code like this: var user = HttpContext.Current.User as EntityUser; This works fine until I add the [ValidateAntiForgeryToken] attribute to an action. When I add the attribute I get A required anti-forgery token was not supplied or was invalid. If I comment out this line: System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User = user; The antiforgery validation works fine, but the I don't have my convenient way of getting my "EntityUser" from the HttpContext. Any ideas of how to work around this? Best regards Mikael

Read the article
Invoke an action that is using ASP.NET MVC [Authorize] from outside the application

- by Nate Bross

Is this possible? I'd like to expose a URL (action) such as http://mysever/myapp/UpdateHeartbeat/. In my MVC application it looks like [Authorize] [AcceptsVerbs(HttpVerbs.Post)] public ActionResult UpdateHeartbeat() { // update date in DB to DateTime.Now } Now, in my MVC application the user has logged in via FORMS authentication and they can execute that action to their hearts content. What I want to do, is hit that URL progromatically (as part of an API that I wouldl like to build) -- is there a way I can do that without removing the [Authorize] attribute and adding username/password as parameters to the POST?

Read the article
Fully customized login system in Django?

- by user367817

Hey, I am currently writing an application which I plan to sell as SaaS. Without giving away "secrets," I can say that it is basically a "document editing system" in which many users will be submitting documents. The basic heirarchy is this: Institution Individual Document Sub-document So each Individual should be able to BROWSE all documents that were submitted by anybody in their institution, but should only be able to EDIT documents that they created. No individual should even be aware of the existence of another Institution--that should all be completely hidden. I have written a Django/Python class that would facilitate this, but every document regarding authentication that I have read requires that I use the User object. Is this just a limitation of Django, or is there a way to do this? If there is a way, how can I get my own "Individual" class details attached to the "request" objects so I can validate the things I should be showing the users?

Read the article
asp.net: Is it possible to have multiple login forms to access different subfolders?

- by Anthony

Hi, Is it possible to have multiple login pages for different folders within an asp.net application? Say I have this structure: /admin /customer /login-admin.aspx /login-customer.aspx I have 2 different login forms. One for the admin people and one for the customers (the forms are different as the customers need to provide extra information on their login page). In the authentication section of the webconfig file (which is at the root of the web app), I can only specify one Login page. So how can I make sure thaf if anyone tries to access a webpage in /admin they will be redirected to /login-admin.aspx and if they try to access a webpage in /customer they will be redirected to /login-customer.aspx ? Thanks, Anthony

Read the article
Not Seeing Ajax Requests In Firebug If Header Has Been Modified

- by FluidFoundation

Hey braintrust, I'm making an ajax call using jQuery's library to an api, which requires a username and password encoded to base64 be added to the header. here's a basic example: $.ajax({ type: "GET", contentType: 'application/json', beforeSend:function(xhr){ xhr.setRequestHeader("Authentication", "Basic " + base64EncodedValue); } url: 'https://api.company.com/uri/', complete: function(result) { alert(result); } }); But when this fires off, I get a black alert box, so it doesn't appear as if something is coming back. There is no log in the Firebug console that a get ajax request was done. However, if I remove the beforeSend option, I do see the ajax request get logged, but the request gets back a 'not authorized', so it definitely hit the right place. Any ideas on why it's not showing up in Firebug so I can verify the headers are being sent out correctly?

Read the article
Sending a signup confirmation email with having to confirm using Devise

- by slythic

Hi all, I'm using devise to handle user authentication with my rails app. I'd like to allow my users to sign up and be instantly logged in and receive a confirmation email. Devise has the Confirmable module which sends out an email but requires the user to open up their mail application, find the email and click a link which then leads them to the site again. I'd like to just email the user a confirmation that they signed up and that's it. Is there a way for devise to do this or do I need to resolve to handling ActionMailer myself (if so, is there a quick and non-complex example)? Many thanks! -Tony

Read the article
losing session in rails 2.3.2 app using subdomain

- by mike in africa

i have a 2.2.3 app which i upgraded to 2.3.2 it's a multi-site (using subdomain) that creates one top level session for all sites. this is how i change the domain in production.rb: ActionController::Base.session_options[:domain] = "xxx.com" # in rails 2.2.2, this is what i used to do: # ActionController::Base.session_options[:session_domain] = "xxx.com" strange things started to happen after i upgraded i can no longer login using restful authentication; it does authenticate me, but as soon as i'm redirected, it would ask me to login again. as i said, i use restful_authentication and i also use passenger 2.1.2. anyone can help?

Read the article

< Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75 | Next Page >