Search Results

Search found 1925 results on 77 pages for 'auth'.

Page 7/77 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • Forms Auth: have different credentials for a subdirectory?

    - by Fyodor Soikin
    My website has forms authentication, and all is well. Now I want to create a subdirectory and have it also password-protected, but! I need the subdirectory to use a completely different set of logins/passwords than the whole website uses. Say, for example, I have users for the website stored in the "Users" table in a database. But for the subdirectory, I want the users to be taken from the "SubdirUsers" table. Which probably has a completely different structure. Consequently, I need the logins to be completely parallel, as in: Logging into the whole website does not make you logged into the subdirectory as well Clicking "logout" on the whole website does not nullify your login in the subdirectory And vice versa I do not want to create a separate virtual application for the subdirectory, because I want to share all libraries, user controls, as well as application state and cache. In other words, it has to be the same application. I also do not want to just add a flag to the "Users" table indicating whether this is a whole website user or the subdirectory user. User lists have to come from different sources. For now, the only option that I see is to roll my own Forms Auth for the subdirectory. Anybody can propose a better alternative?

    Read the article

  • How to ask memcached auth connection by sasl and pam?

    - by user199216
    I use memcached in a untrust network, so I try to use sasl and pam to auth connection to memcached. I installed sasl and pam module, compiled and installed memcached with sasl enabled. Also I created db and table for pam user. I run: $ sudo testsaslauthd -u tester -p abc123 -s /etc/pam.d/memcached 0: OK "Success." where the tester and abc123 is the authed user in db, which I inserted. But my python script cannot be authed, always authentication failed returned. It seems it dose not use pam to authentication, still use sasldb, because when I add user by: $ sudo saslpasswd2 -a memcached -c tester and input password: abc123, It can passed. Python script: client = bmemcached.Client(('localhost:11211'), 'tester', 'abc123') and error: bmemcached.exceptions.MemcachedException: Code: 32 Message: Auth failure. memcached log: authenticated() in cmd 0x21 is true mech: ``PLAIN'' with 14 bytes of data SASL (severity 2): Password verification failed sasl result code: -20 Unknown sasl response: -20 >30 Writing an error: Auth failure. >30 Writing bin response: no auth log found in: /var/log/auth.log Configurations: vi /etc/default/saslauthd MECHANISMS="pam" vi /etc/pam.d/memcached auth sufficient pam_mysql.so user=sasl passwd=abc123 host=localhost db=sasldb table=sasl_user usercolumn=user_name passwdcolumn=password crypt=0 sqllog=1 verbose=1 account required pam_mysql.so user=sasl passwd=abc123 host=localhost db=sasldb table=sasl_user usercolumn=user_name passwdcolumn=password crypt=0 sqllog=1 verbose=1 vi /etc/sasl2/memcached.conf pwcheck_method: saslauthd Do I make my question clear, english is not my native language, sorry! Any tips will be thankful!

    Read the article

  • How to resovle javax.mail.AuthenticationFailedException issue?

    - by jl
    Hi, I am doing a sendMail Servlet with JavaMail. I have javax.mail.AuthenticationFailedException on my output. Can anyone please help me out? Thanks. sendMailServlet code: try { String host = "smtp.gmail.com"; String from = "[email protected]"; String pass = "pass"; Properties props = System.getProperties(); props.put("mail.smtp.starttls.enable", "true"); props.put("mail.smtp.host", host); props.put("mail.smtp.user", from); props.put("mail.smtp.password", pass); props.put("mail.smtp.port", "587"); props.put("mail.smtp.auth", "true"); props.put("mail.debug", "true"); Session session = Session.getDefaultInstance(props, null); MimeMessage message = new MimeMessage(session); Address fromAddress = new InternetAddress(from); Address toAddress = new InternetAddress("[email protected]"); message.setFrom(fromAddress); message.setRecipient(Message.RecipientType.TO, toAddress); message.setSubject("Testing JavaMail"); message.setText("Welcome to JavaMail"); Transport transport = session.getTransport("smtp"); transport.connect(host, from, pass); message.saveChanges(); Transport.send(message); transport.close(); }catch(Exception ex){ out.println("<html><head></head><body>"); out.println("ERROR: " + ex); out.println("</body></html>"); } Output on GlassFish 2.1: DEBUG SMTP: trying to connect to host "smtp.gmail.com", port 587, isSSL false 220 mx.google.com ESMTP 36sm10907668yxh.13 DEBUG SMTP: connected to host "smtp.gmail.com", port: 587 EHLO platform-4cfaca 250-mx.google.com at your service, [203.126.159.130] 250-SIZE 35651584 250-8BITMIME 250-STARTTLS 250-ENHANCEDSTATUSCODES 250 PIPELINING DEBUG SMTP: Found extension "SIZE", arg "35651584" DEBUG SMTP: Found extension "8BITMIME", arg "" DEBUG SMTP: Found extension "STARTTLS", arg "" DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg "" DEBUG SMTP: Found extension "PIPELINING", arg "" STARTTLS 220 2.0.0 Ready to start TLS EHLO platform-4cfaca 250-mx.google.com at your service, [203.126.159.130] 250-SIZE 35651584 250-8BITMIME 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250 PIPELINING DEBUG SMTP: Found extension "SIZE", arg "35651584" DEBUG SMTP: Found extension "8BITMIME", arg "" DEBUG SMTP: Found extension "AUTH", arg "LOGIN PLAIN" DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg "" DEBUG SMTP: Found extension "PIPELINING", arg "" DEBUG SMTP: Attempt to authenticate AUTH LOGIN 334 VXNlcm5hbWU6 aWpveWNlbGVvbmdAZ21haWwuY29t 334 UGFzc3dvcmQ6 MTIzNDU2Nzhf 235 2.7.0 Accepted DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc] DEBUG SMTP: useEhlo true, useAuth true

    Read the article

  • Passing Auth to API calls with Web Service References

    - by coffeeaddict
    I am new to web services. The last time I dealt with SOAP was when I created a bunch of wrapper classes that sent requests and received responses back per some response objects/classes I had created. So I had an object to send certain API requests and likewise a set of objects to hold the response back as an object so I could utilize that 3rd party API. Then someone came to me and said why not just use the wsdl and a web service. Ok, so today I went and created a "Service Reference". I see that this is what's called a "Proxy Class". You just instantiate an instance of this and then walla you have access to all the methods from the wsdl. But this leaves me with auth questions. Back when I created my own classes manually, I had a class which exposed properties that I would set then access for things like signature, username, password that got sent along with the Http request that were required by whatever 3rd party API I was using to make API calls. But then with using a Service Reference, how then would I pass this information just like I had done in my custom classes? For instance I'm going to be working with the PayPal API. It requires you to send a signature and a few other pieces of information like username and password. // Determins if API call needs to use a session based URI string requestURI = UseAuthURI == true ? _requestURIAuthBased + aSessionID : _requestURI; byte[] data = XmlUtil.DocumentToBytes(doc); // Create the atual Request instance HttpWebRequest request = CreateWebRequest(requestURI, data.Length); So how do I pass username, password, signature, etc. when using web service references for each method call? Is it as simple as specifying it as a param to the method or do you use the .Credentials and .URL methods of your proxy class object? It seems to me Credentials means windows credentials but I could be wrong. Is it limited to that or can you use that to specify those required header values that PayPal expects with each method call/API request?

    Read the article

  • Do logins by the gdm (or lightdm) user in auth.log mean my system is breached?

    - by Pramanshu
    Please look at this auth.log (from Ubuntu 14.04) I have provided and tell me who this gdm user is and why there are all these unauthenticated logins? I am freaked out; please help! Here's the /var/log/auth.log file: http://paste.ubuntu.com/8120231/ Update: I know now that "gdm" is gnome desktop manager and it's there because of root. But please look at the log there is more and tell me if my system is breached.

    Read the article

  • Users being forced to re-login randomly, before session and auth ticket timeout values are reached

    - by Don
    I'm having reports and complaints from my user that they will be using a screen and get kicked back to the login screen immediately on their next request. It doesn't happen all the time but randomly. After looking at the Web server the error that shows up in the application event log is: Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied has expired. Everything that I read starts out with people asking about web gardens or load balancing. We are not using either of those. We're a single Windows 2003 (32-bit OS, 64-bit hardware) Server with IIS6. This is the only website on this server too. This behavior does not generate any application exceptions or visible issues to the user. They just get booted back to the login screen and are forced to login. As you can imagine this is extremely annoying and counter-productive for our users. Here's what I have set in my web.config for the application in the root: <authentication mode="Forms"> <forms name=".TcaNet" protection="All" timeout="40" loginUrl="~/Login.aspx" defaultUrl="~/MyHome.aspx" path="/" slidingExpiration="true" requireSSL="false" /> </authentication> I have also read that if you have some locations setup that no longer exist or are bogus you could have issues. My path attributes are all valid directories so that shouldn't be the problem: <location path="js"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <location path="images"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <location path="anon"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <location path="App_Themes"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> <location path="NonSSL"> <system.web> <authorization> <allow users="*" /> </authorization> </system.web> </location> The only thing I'm not clear on is if my timeout value in the forms property for the auth ticket has to be the same as my session timeout value (defined in the app's configuration in IIS). I've read some things that say you should have the authentication timeout shorter (40) than the session timeout (45) to avoid possible complications. Either way we have users that get kicked to the login screen a minute or two after their last action. So the session definitely should not be expiring. Update 2/23/09: I've since set the session timeout and authentication ticket timeout values to both be 45 and the problem still seems to be happening. The only other web.config in the application is in 1 virtual directory that hosts Community Server. That web.config's authentication settings are as follows: <authentication mode="Forms"> <forms name=".TcaNet" protection="All" timeout="40" loginUrl="~/Login.aspx" defaultUrl="~/MyHome.aspx" path="/" slidingExpiration="true" requireSSL="true" /> </authentication> And while I don't believe it applies unless you're in a web garden, I have both of the machine key values set in both web.config files to be the same (removed for convenience): <machineKey validationKey="<MYVALIDATIONKEYHERE>" decryptionKey="<MYDECRYPTIONKEYHERE>" validation="SHA1" /> <machineKey validationKey="<MYVALIDATIONKEYHERE>" decryptionKey="<MYDECRYPTIONKEYHERE>" validation="SHA1"/> Any help with this would be greatly appreciated. This seems to be one of those problems that yields a ton of Google results, none of which seem to be fitting into my situation so far.

    Read the article

  • issue using Postfix as authen SMTP client relay to Exchange 2010

    - by Gk
    Hi, I'm using postfix to relay mail to Exchange 2010. Here is my config: relayhost = [smtp.exchange.2010] smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd smtp_sasl_security_options = #smtp_sasl_mechanism_filter = ntlm (/etc/postfix/relay_passwd contains login information of some accounts on Exchange) With this configuration I can relay email to Exchange. The problem is: the message send from Postfix has header: X-MS-Exchange-Organization-AuthAs: Anonymous and the message is treated like unAuthenicated message on Exchange system (i.e when sending to distribution group require senders are authenicated, I received error: #550 5.7.1 RESOLVER.RST.AuthRequired; authentication required ##rfc822;[email protected]). I using Outlook with the same account as in Postfix and it can send without problem. The different I realized between two case is: Outlook send with NTLM auth mech, Postfix using LOGIN mech. Any idea?

    Read the article

  • Raw FTP SSL with C#

    - by Chuck
    Hi, I'm trying to understand how SSL works. In my wish to make a small FTP client which supports SSL I've run into some problems: TcpClient FtpConnection = new TcpClient(FtpServer, FtpPort); NetworkStream FtpStream = FtpConnection.GetStream(); StreamReader FtpReader = new StreamReader(FtpStream); FtpWriter = new StreamWriter(IrcStream); send_cmd("AUTH SSL"); send_cmd is just a FtpWriter.WriteLine(text); FtpWriter.Flush(); function. My "problem" is this: First I need to make a (non-ssl) connection to the FTP, then tell it to do a ssl connection (AUTH SSL), and I would guess I then need to make a new connection - something like: TcpClient client = new TcpClient(FtpServer, FtpPort); SslStream sslStream = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null); try { sslStream.AuthenticateAsClient("foobar"); } catch (AuthenticationException e) { MessageBox.Show("Authentication failed - closing the connection."); client.Close(); return; } Taken from msdn. I keep dying on handshake failed due to unexpected packet format (which I've tried googling, but all say it's because the author has connected to a wrong port), which I take as: The connection is not ssl until AUTH SSL is send to it. So my question is, how would i go about making this a "hybrid" connection so I can make an SSL connection to the server? Any help is greatly appreciated!

    Read the article

  • HTTP Basic Auth for Selenium in Firefox 2

    - by Peter
    I know that normally you can login to sites that require HTTP basic authentication with Selenium by passing the username and password in the URL, e.g.: selenium.open("http://myusername:[email protected]/mypath"); I've been running a Selenium test with Firefox 2 and there I still get the "Authentication Required" dialog window? Thanks for any hints! Peter

    Read the article

  • DirectoryServices auth problem asp

    - by ChrisMuench
    Hello, I'm getting the following error [error] IIS://networth-web6/W3SVC/AppPools/netbasistest errorSystem.Runtime.InteropServices.COMException (0x80020006): Unknown name. (Exception from HRESULT: 0x80020006 (DISP_E_UNKNOWNNAME)) at System.DirectoryServices.DirectoryEntry.Invoke(String methodName, Object[] args) at ASP.nb_test_aspx._Render_control1(HtmlTextWriter __w, Control parameterContainer) [/error] any ideas? I know my username and password work just fine to rdp into the server. when use with this code. [code] <%@ Page Language="vb" % <%@ Import Namespace="System.Xml" % <%@ Import Namespace="System.Management" % <%@ Import Namespace="System.DirectoryServices" % <% Response.Write("") Dim AppPoolFullPath As String = "IIS://networth-web6/W3SVC/AppPools/netbasistest" Dim Username as String = "networth-web6\username" Dim Password as String = "password" Try Dim w3svc As New DirectoryEntry(AppPoolFullPath,Username,Password) w3svc.Username = Username w3svc.Password = Password w3svc.Invoke("Recycle", Nothing) Response.Write(AppPoolFullPath & "") Catch exc as exception Response.Write(AppPoolFullPath & " error"&exc.tostring()&"") End Try Response.Write("<p />-- done --") Response.Write("</BODY></HTML>") %> [/code]

    Read the article

  • Django Auth Model Issue - AUTH_USER_MODEL Not Installed

    - by Ian Warner
    Trying to debug this error with getting a Django project running ImproperlyConfigured: AUTH_USER_MODEL refers to model 'accounts.User' that has not been installed Running python manage.py migrate Must iterate i am in no way a python or django expert - I have simply inherited someone elses project that I am trying to get running for the team here. I have followed steps to install postgres required modules including south creating database for postgres Any help appreciated on how to debug this. settings/base.py contains INSTALLED_APPS = DJANGO_APPS + THIRD_PARTY_APPS + LOCAL_APPS LOCAL_APPS = ( 'apps.core', 'apps.accounts', 'apps.project_tool', 'apps.internal', 'apps.external', ) so apps.accounts exits - but it asks for AUTH_USER_MODEL = 'accounts.User' - should it be AUTH_USER_MODEL = 'apps.accounts.User'?

    Read the article

  • java RMI newbie-- some basic questions about SSL and auth/.rate limiting an RMI service

    - by Arvind
    I am trying to work to secure a java based RMI service using SSL. I have some basic questions about the capabilities of using SSL. Specifically, from what I understand, the client and server connecting via SSL will need to have appropriate credential certificates in both client and server, for a client to be granted access to the server. Am I correct in my understanding? Also, what I want to know is, can a person who is already using my RMI service and has access to a client machine , make a copy of the certificate in the client machine to other client machines-- and then invoke my RMI service from those other machines as well? How do I prevent such a situation from occurring? I mean, in a REST API you can use OAuth authentication, can we have some kind of authentication in an RMI Service? Also, can I possibly limit usage of the RMI service? For eg, a specific client may be allowed to make only 5000 calls per day to my RMI service, and if he makes more calls the calls occurring after the 5000 calls limit are all denied? How do I do such rate limiting and/or authentication for my RMI Service?

    Read the article

  • (O)Auth with ExtJS

    - by TheShow
    Hi, today i tried to get django-piston and ExtJS working. I used the ExtJS restful example and the piston example to create a little restful webapp. Everything works fine except the authentication. Whats the best way to get Basic/Digest/OAuth authentication working with ExtJS? Atm I'm not sure where to set the Username/Password. Thanks

    Read the article

  • Authenticating to Google Search Appliance using Basic HTTP auth and ASP.NET (VB)

    - by Chainlink
    I've run into a snag though which has to do with authentication between the Google Search Appliance and ASP. Normally, when asking for secure pages from the search appliance, the search appliance asks for credentials, then uses these credentials to try and access the secure results. If this attempt is successful, the page shows up in the results list. Since ASP is contacting the search appliance on the client's behalf, it will need to collect credentials and pass them along to the search appliance. I have tried a couple of different documented ways of accomplishing this, but they don't seem to work. Below is the code I have tried: 'Bypass SSL since discovery.gov.mb.ca does not have valid SSL cert (NOT PRODUCTION SAFE) ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf customXertificateValidation) googleUrl = "https://removed.com" Dim rdr As New XmlTextReader(googleUrl) Dim resolver As New XmlUrlResolver() Dim myCred As New System.Net.NetworkCredential("USERNAME", "PASSWORD", Nothing) Dim credCache As New CredentialCache() credCache.Add(New Uri(googleUrl), "Basic", myCred) resolver.Credentials = credCache rdr.XmlResolver = resolver doc = New System.Xml.XPath.XPathDocument(rdr) path = doc.CreateNavigator() Private Function customXertificateValidation(ByVal sender As Object, ByVal certificate As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As Net.Security.SslPolicyErrors) As Boolean Return True End Function

    Read the article

  • Can python mechanize handle HTTP auth?

    - by Shekhar
    Mechanize (Python) is failing with 401 for me to open http digest URLs. I googled and tried debugging but no success. My code looks like this. import mechanize project = "test" baseurl = "http://trac.somewhere.net" loginurl = "%s/%s/login" % (baseurl, project) b = mechanize.Browser() b.add_password(baseurl, "user", "secret", "some Realm") b.open(loginurl)

    Read the article

  • How to use sessions with django piston auth?

    - by xyld
    The problem is that I want to store authentication in a cookie that I can present to django piston rather than requiring user/password to be typed in each time (without hardcoding or storing the user/pass combo somewhere on disk). I was hoping to accomplish this with cookies like someone would without the piston API. Am I missing something? Django Piston doesn't seem to care about session cookies at all? Or can someone suggest a good alternative? Maybe I shouldn't use Piston?

    Read the article

  • iPhone NSURLConnection through Proxy+Auth

    - by woody993
    I am using NSURLConnection to make connections to a server, through a proxy that requires authentication this fails. The proxy settings are set under the WiFi, but the connection still fails. I believe there is a part of CFNetwork that can fix this, but this might be just for streams and I am unsure of how to implement it with NSURLConnection. How can I tell my application to use the proxy settings set under WiFi?

    Read the article

  • .net open auth?

    - by chobo2
    Hi I know stackoverflow uses open authentication. I want to try and use this as well. I am using asp.net mvc 2.0 with C#. I found this http://www.dotnetopenauth.net/ and I am wondering if this is what was used for stackoverflow. Also any tutorials would be nice as well. Edit I am trying to load up some sample projects but when I build it in VS2010 I get Error 6 'System.Diagnostics.Contracts.ContractInvariantMethodAttribute' is inaccessible due to its protection level C:\Users\chobo2\Downloads\DotNetOpenAuth-3.4.6.10357\DotNetOpenAuth-3.4.6.10357\Samples\OpenIdOfflineProvider\TextBoxTextWriter.cs 73 4 OpenIdOfflineProvider Error 7 The type or namespace name 'ContractInvariantMethod' could not be found (are you missing a using directive or an assembly reference?) C:\Users\chobo2\Downloads\DotNetOpenAuth-3.4.6.10357\DotNetOpenAuth-3.4.6.10357\Samples\OpenIdOfflineProvider\TextBoxTextWriter.cs 73 4 OpenIdOfflineProvider

    Read the article

  • Cache Auth Tokens (or Caching HTTP headers in General) - Best Practices

    - by viatropos
    I'm using the Ruby GData Library to access Google Docs and I recently got the GData::Client::CaptchaError because I was re-logging in with every request. Reading this post, it recommends not logging in with every request, but caching the authentication token. How do I go about doing that correctly? Google says it expires every 24 hours, and it doesn't seem like I should store it in the session, so what should I do? I'm using Ruby on Rails with all this. Thanks so much

    Read the article

  • Twitter O-Auth Callback url

    - by jtymann
    I am having a problem with Twitter's oauth authentication and using a callback url. I am coding in php and using the sample code referenced by the twitter wiki, http://github.com/abraham/twitteroauth I got that code, and tried a simple test and it worked nicely. However I want to programatically specify the callback url, and the example did not support that. So I quickly modified the getRequestToken() method to take in a parameter and now it looks like this: function getRequestToken($params = array()) { $r = $this->oAuthRequest($this->requestTokenURL(), $params); $token = $this->oAuthParseResponse($r); $this->token = new OAuthConsumer($token['oauth_token'], $token['oauth_token_secret']); return $token; } and my call looks like this $tok = $to->getRequestToken(array('oauth_callback' => 'http://127.0.0.1/twitter_prompt/index.php')); This is the only change I made, and the redirect works like a charm, however I am getting an error when I then try and use my newly granted access to try and make a call. I get a "Could not authenticate you" error. Also the application never actually gets added to the users authorized connections. Now I read the specs and I thought all I had to do was specify the parameter when getting the request token. Could someone a little more seasoned in oauth and twitter possibly give me a hand? Thank You

    Read the article

  • Spring-Security http-basic auth in addition to other authentication types

    - by Keith
    I have a pretty standard existing webapp using spring security that requires a database-backed form login for user-specific paths (such as /user/**), and some completely open and public paths (such as /index.html). However, as this webapp is still under development, I'd like to add a http-basic popup across all paths (/**) to add some privacy. Therefore, I'm trying to add a http-basic popup that asks for a universal user/pass combo (ex admin/foo) that would be required to view any path, but then still keep intact all of the other underlying authentication mechanisms. I can't really do anything with the <http> tag, since that will confuse the "keep out the nosy crawlers" authentication with the "user login" authentication, and I'm not seeing any way to associate different paths with different authentication mechanisms. Is there some way to do this with spring security? Alternatively, is there some kind of a dead simple filter that I can apply independently of spring-security's authentication mechanisms?

    Read the article

  • Advice on simple efficient way to store web form data when no db/auth required

    - by ted776
    Hi, I have a situation where I need to provide an efficient way to process and store comments submitted via a web form. I would normally use PHP and either MySQL or XML to store the data, but this is slightly different in that this web form will only be temporarily available in a closed LAN environment, and all i need to do is process the form data and store it a format which can be accessed by another application on the LAN (Adobe Director). Each request made by the Director app should pop the stack of data. I'm wondering how best to store the data for this type of situation as it's not something I would normally do. I'm thinking possibly storing the data in an XML file, but any advice would be great!

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >