Search Results

Search found 5866 results on 235 pages for 'authentication'.

Page 70/235 | < Previous Page | 66 67 68 69 70 71 72 73 74 75 76 77 | Next Page >

Using OpenID as the only authentication method

- by iconiK

I have read the other questions and they mostly talk about the security of doing so. That's not entirely my concern, mostly because the website is question is a browser-based game. However, the larger issue is the user - not every user is literate enough to understand OpenID. Sure RPX makes this pretty easy, which is what I'll use, but what if the user does not have an account at Google or Facebook or whatever, or does not trust the system to log in with an existing account? They'd have to get an account at another provide - I'm sure most will know how to do it, let alone be bothered to do it. There is also the problem of how to manage it in the application. A user might want to use multiple identities with a single account, so it's not as simple as username + password to deal with. How do I store the OpenID identities of a user in the database? Using OpenID gives me a benefit too: RPX can provide extensive profile information, so I can just prefill the profile form and ask the user to edit as required. I currently have this: UserID Email ------ --------------- 86000 [email protected] 86001 [email protected] UserOpenID OpenID ---------- ------ 86000 16733 86001 16839 86002 19361 OpenID Provider Identifier ------ -------- ---------------- 16733 Yahoo https:\\me.yahoo.com\bob#d36bd 16839 Yahoo https:\\me.yahoo.com\bigbobby#x75af 19361 Yahoo https:\\me.yahoo.com\alice#c19fd Is that the right way to store OpenID identifiers in the database? How would I match the identifier RPX gave me with one in the database to log in the user (if the identifier is known). So here are concrete questions: How would I make it accessible to users not having an OpenID or not wanting to use one? (security concerns over say, logging in with their Google account for example) How do I store the identifier in the database? (I'm not sure if the tables above are right) What measures do I need to take in order to prevent someone from logging in as another user and happily doing anything with their account? (as I understand RPX sends the identifier via HTTP, so what anyone would have to do is to just somehow grab it then enter it in the "OpenID" field) What else do I need to be aware of when using OpenID?

Read the article
django: caching passwords for custom authentication

- by gruszczy

I am authenticating users in ldap, but this happens only once, when user is logging in. Afterwards I need to keep username and password, because before every ldap operation I need to make bind on ldap server before every operation. What is the safe way to cache this password (I can't store in the database or cookies) for as long as session persists.

Read the article
Simple example of popup authentication with Facebook Graph API

- by ensnare

Trying to get Facebook to authenticate my users via a javascript popup. Right now, I have: <input type="button" value="Connect with Facebook" onclick="window.open('https://graph.facebook.com/oauth/authorize?client_id=XXXXXXXXXXX&redirect_uri=http://example.com/step2&display=popup')" /> But when the user logs in via Facebook, the popup just displays the Facebook.com homepage. I'd like for the popup to authenticate the user and go away so that I can start retrieving user data from the graph api. Is there a better / easier way to do this? Simple examples are appreciated. Thank you.

Read the article
Login authentication using LDAP

- by Muhammad Akhtar

Hi I want to authenticate of my user to domain account using LDAP in c# (ASP.Net) Please guide how can I accomplish this? Thanks

Read the article
Django authentication

- by webvulture

In my base.html file, I am using {% if user.is_authenticated %} <a href="#">{{user.username}}</a> {% else %} <a href="/acc/login/">log in</a> Here, even if the user is logged in, the log in button shows up. Now when I click on the log in link, it shows the username and also the normal login view, saying user is logged in. So, what's wrong?

Read the article
How to do URL authentication in struts2

- by Enrique Malhotra

Hi, I am using struts2.1.6 + Spring 2.5 I have four modules in my application. Registration Module Admin Module Quote Module Location Module. In registration module the customer can register himself and only after registering he is supposed to have access of the remaining three modules. I want to implement something like if the action being called belongs to the registration module it will work as normal but if the action being called belongs to the rest of those three modules it first should check if the user is logged-in and session has not timed-out. if yes it should proceed normally otherwise it should redirect to the login page. Through research I have found out that interceptors could be used for this purpose but before proceeding I thought its better to get some feedback on it from experts. Please suggest how it should be done and If possible put some code suggestions. Here is my struts.xml file(The struts.xml contains four different config files belonging to each module): <struts> <include file="struts-default.xml" /> <constant name="struts.i18n.reload" value="false" /> <constant name="struts.objectFactory" value="spring" /> <constant name="struts.devMode" value="false" /> <constant name="struts.serve.static.browserCache" value="false" /> <constant name="struts.enable.DynamicMethodInvocation" value="true" /> <constant name="struts.multipart.maxSize" value="10000000" /> <constant name="struts.multipart.saveDir" value="C:/Temporary_image_location" /> <include file="/com/action/mappingFiles/registration_config.xml" /> <include file="/com/action/mappingFiles/admin_config.xml" /> <include file="/com/action/mappingFiles/quote.xml" /> <include file="/com/action/mappingFiles/location_config.xml" /> </struts> The sample registration_config.xml file is: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts> <package name="registration" extends="struts-default" namespace="/my_company"> <action name="LoginView" class="registration" method="showLoginView"> <result>....</result> <result name="input">...</result> </action> </package> </struts> The sample admin_config.xml file is: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" "http://struts.apache.org/dtds/struts-2.0.dtd"> <struts> <package name="admin" extends="struts-default" namespace="/my_company"> <action name="viewAdmin" class="admin" method="showAdminView"> <result>....</result> <result name="input">...</result> </action> </package> </struts> Same code is there in the rest of two struts2 xml config files. I have used the same namespace in all the four config files with the different package names(As you can see)

Read the article
How to configure IIS authentication password?

- by salvationishere

I am developing a C# / ASP.NET web application in VS 2008 on a 32-bit XP. I created a Login.aspx file for the user to enter a user name and password initially before seeing any data. This functionality works now from VS. I added users and roles by entering ASP.NET Configuration. However, after publishing to IIS 6.0, the password does not work there. How do I configure Directory Security in IIS for the same user name and password to work?

Read the article
SWFUpload Authentication

- by durilai

I am using SWFUpload to do file uploading in a ASP.NET MVC 1.0 website. It is working fine, but I am not able to authenticate the upload method. The HttpContext.User.Identity.Name returns an empty string. I am assuming this is because the Flash movie is making the post. I am also using the wrapper provided here: http://blog.codeville.net/2008/11/24/jquery-ajax-uploader-plugin-with-progress-bar/. The controller action below gets fired, but as mentiond above the user object is not passed. Any help is appreciated! View HTML <form enctype="multipart/form-data" method="post" action="/Media/Upload/Photo"> <input type="file" id="userPhoto_Photo" name="userPhoto_Photo" /> </form> Javascript $(function() { $("#userPhoto").makeAsyncUploader({ upload_url: '/Media/Upload', flash_url: '<%= Url.Content("~/Content/Flash/swfUpload-2.2.0.1.swf") %>', file_size_limit: '1 MB', file_types: '*.jpg; *.png; *.gif', button_action: SWFUpload.BUTTON_ACTION.SELECT_FILE, button_width: 210, button_height: 35, button_image_url: '<%= Url.Content("~/Content/Images/UploadPhoto.png") %>', button_text: '', button_cursor: SWFUpload.CURSOR.HAND, button_window_mode: SWFUpload.WINDOW_MODE.TRANSPARENT }); }); Controller Action [AcceptVerbs(HttpVerbs.Post)] public ActionResult Upload() { if (Request.Files.Count == 1) { //Upload work } return RedirectToAction("Index", "Profile"); }

Read the article
CodeIgniter Authentication Library for Beginners?

- by 01010011

Hi, Can anyone recommend a great CodeIgniter Registration/Login/Logout library for beginners to web development? I read on stackoverflow that Redux was highly recommended at one time. What is the current recommendation?

Read the article
Google App Engine - Uploading blobs and authentication

- by Keyur

(I tried asking this on the GAE forums but didn't get an answer so am trying it here.) Currently to upload blobs, the app engine's blob store service creates a unique one- time URL that a user can post blobs to. My requirement is that I only want authenticated / authorized users to post blobs in my application. I can achieve this currently if the page that includes the multipart form to upload blobs is in my application. However, I am looking to providing a "REST API" for my users to upload their blobs. While it is true that the one-time nature of the upload URL mitigates the chances of rogue use but it's still possible. I was wondering if there is anyone on the app engine team here that can consider a feature where developers can register an upload listener. (Or if there is already a way, I'll be all ears). A standard servlet filter could also potentially do the job. This will give us an opportunity to authenticate / validate / decorate requests before the request gets forwarded to the blob store service. Thanks, Keyur

Read the article
How to record different authentication types (username / password vs token based) in audit log

- by RM

I have two types of users for my system, normal human users with a username / password, and delegation authorized accounts through OAuth (i.e. using a token identifier). The information that is stored for each is quite different, and are managed by different subsytems. They do however interact with the same tables / data within the system, so I need to maintain the audit trail regardless of whether human user, or token-based user modified the data. My solution at the moment is to have a table called something like AuditableIdentity, and then have the two types inheriting off that table (either in the single table, or as two seperate tables with 1 to 1 PK with AuditableIdentity. All operations would use the common AuditableIdentity PK for CreatedBy, ModifiedBy etc columns. There isn't any FK constraint on the audit columns, so any text can go in there, but I want an easy way to easily determine whether it was a human or system that made the change, and joining to the one AuditableIdentity table seems like a clean way to do that? Is there a best practice for this scenario? Is this an appropriate way of approaching the problem - or would you not bother with the common table and just rely on joins (to the two seperate un-related user / token tables) later to determine which user type matches which audit records?

Read the article
Failure in Yahoo Authentication in Android

- by Jayson Tamayo

I'm trying to integrate Yahoo into my application. I want them to login using their Yahoo accounts because I will be needing their names later in the application. But whenever I request for a token, I receive the following errors: getRequestToken() Exception: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: Service provider responded in error: 400 (Bad Request) Here is my code (Request_Token_Activity.java): import oauth.signpost.OAuth; import oauth.signpost.OAuthConsumer; import oauth.signpost.OAuthProvider; import oauth.signpost.commonshttp.CommonsHttpOAuthConsumer; import oauth.signpost.commonshttp.CommonsHttpOAuthProvider; import oauth.signpost.signature.HmacSha1MessageSigner; import android.app.Activity; import android.content.Intent; import android.content.SharedPreferences; import android.content.SharedPreferences.Editor; import android.net.Uri; import android.os.Bundle; import android.preference.PreferenceManager; import android.util.Log; public class Request_Token_Activity extends Activity { private OAuthConsumer consumer; private OAuthProvider provider; private SharedPreferences prefs; @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); try { consumer = new CommonsHttpOAuthConsumer("my consumer key", "my consumer secret"); consumer.setMessageSigner(new HmacSha1MessageSigner()); provider = new CommonsHttpOAuthProvider( "http://api.login.yahoo.com/oauth/v2/get_request_token", "http://api.login.yahoo.com/oauth/v2/get_token", "http://api.login.yahoo.com/oauth/v2/request_auth"); } catch (Exception e) { Log.e("", "onCreate Exception: " + e.toString()); } getRequestToken(); } private void getRequestToken() { try { String url = provider.retrieveRequestToken(consumer, "yahooapi://callback"); Log.i("", "Yahoo URL: " + url); Intent intent = new Intent(Intent.ACTION_VIEW, Uri.parse(url)).setFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_NO_HISTORY | Intent.FLAG_FROM_BACKGROUND); this.startActivity(intent); } catch (Exception e) { Log.i("", "getRequestToken() Exception: " + e.toString()); } } @Override public void onNewIntent(Intent intent) { super.onNewIntent(intent); prefs = PreferenceManager.getDefaultSharedPreferences(this); final Uri uri = intent.getData(); if (uri != null && uri.getScheme().equals("yahooapi")) { getAccessToken(uri); } } private void getAccessToken(Uri uri) { final String oauth_verifier = uri.getQueryParameter(OAuth.OAUTH_VERIFIER); try { provider.retrieveAccessToken(consumer, oauth_verifier); final Editor edit = prefs.edit(); edit.putString("YAHOO_OAUTH_TOKEN", consumer.getToken()); edit.putString("YAHOO_OAUTH_TOKEN_SECRET", consumer.getTokenSecret()); edit.commit(); String token = prefs.getString("YAHOO_OAUTH_TOKEN", ""); String secret = prefs.getString("YAHOO_OAUTH_TOKEN_SECRET", ""); consumer.setTokenWithSecret(token, secret); Log.i("", "Yahoo OAuth Token: " + token); Log.i("", "Yahoo OAuth Token Secret: " + token); } catch (Exception e) { Log.i("", "getAccessToken Exception: " + e.toString()); } } } And this is a snapshot of my AndroidManifest.xml: <activity android:name="Request_Token_Activity" android:launchMode="singleTask"> <intent-filter> <action android:name="android.intent.action.VIEW" /> <category android:name="android.intent.category.DEFAULT" /> <category android:name="android.intent.category.BROWSABLE" /> <data android:scheme="yahooapi" android:host="callback" /> </intent-filter> </activity> I have set-up my Yahoo Project as a Web Application and put Read and Write access to Social and Contacts. What am I doing wrong?

Read the article
WebSockets authentication

- by Tomi

What are the possible ways to authenticate user when websocket connection is used? Example scenario: Web based multi-user chat application through encrypted websocket connection. How can I ensure (or guarantee) that each connection in this application belongs to certain authenticated user and "can't be" exploited by false user impersonation during the connection.

Read the article
Does ADFS2.0 provide custom authentication stores?

- by chugh97

I wanted to find out if ADFS2.0 provides a way for users to be authenticated with a Custom Store? Version 1.0 you could only authenticate users in the Windows domain, using Forms/Windows Integrated/Cardspace. I have an ASP.NEt website, which I would like the users to be authenticated against a custom store in SQL and then ADFS2.0 to take care of the claims issued to the user...

Read the article
Password authentication in sqlite3 for iphone

- by user271753

Hey Guys .. I am new to programming in Objective C . I checked many tutorials on reading data in sqlite3 , but almost all of them have show the data in UITableView . I have a page where the user types in the password, the password lets say 1234 is saved in the database ( I have created a table already ) . I have got the database into the project folder . I just want a statement like if(databasepassword == correct from the uitextfield ) { show next page } else { password is incorrect.text } I will figure out on how to show the next page and display the password is incorrect.text I just want a method to cross check with the password saved in the database . How can I do that ? Regards

Read the article
PAM authentication problem

- by mdipierro

I am using this module to authenticate using pam: http://code.google.com/p/web2py/source/browse/gluon/contrib/pam.py I can call authenticate('username','password') and it returns True/ False. It works for any 'username' but 'root'. My guess is that there is a security restriction in PAM that does not allow to check for the root password. I need to be able to check the root password. Is there anything I can change in the pam.conf or somewhere else to remove this restriction?

Read the article
Omniauth Facebook authentication on localhost

- by Ryan Foster

I am trying to set up Omniauth as described in this Railscast. While it works with Twitter, I am unable to get it working with Facebook. I also set up 'http://localhost:3000' as siteurl and 'localhost' as domain but still see the following error message in the browser: Invalid redirect_uri: Given URL is not allowed by the Application configuration. Does anyone of you have any suggestions on how to fix this? Thanks in advance.

Read the article
HTTP authentication and filesend in C

- by sfactor

i have some parsed data in two files. i need to send these to a webserver of a website. i also need to be logged into the webserver first. i am new to this web interaction thing. i just need to know how might i go about doing this. i am learning the libcurl library so i guess in can send standard HTTP POST messages. i will make a simple webserver to test it myself. can anyone tell me what kind of interaction is needed. by that i mean how do i send the username and password information, know that i am logged in and then be send the files. may be some examples of Form Posts which i believe is what i shud be doing right now.

Read the article
Authentication and authorization for RESTfull API (java jersery)

- by abovesun

Hi, implementing service something similar with tinyurl or bit.ly, I'm would like to expose service as API, I'm using java and jersey as RESTfull service implementation. I'm looking for simplest way for authentification of users who use API, OAuth is first thing coming in mind, but the problem is I don't need this 3 iteration calls with request token query, than access token query with callback url passing. I just need to give user ability to invoke api with no additional security calls to my server.

Read the article
web service client authentication

- by Jack

I want to consume Java based web service with c#.net client. The problem is, I couldnt authenticate to the service. it didnt work with this: mywebservice.Credentials = new System.Net.NetworkCredential(userid, userpass); I tried to write base class for my client method. public class ClientProtocols : SoapHttpClientProtocol { protected override WebRequest GetWebRequest(Uri uri) { System.Net.WebRequest request = base.GetWebRequest(uri); if (null != Credentials) request.Headers.Add("Authorization", GetAuthHeader()); return request; } protected override WebResponse GetWebResponse(WebRequest request) { WebResponse response = base.GetWebResponse(request); return response; } private string GetAuthHeader() { StringBuilder sb = new StringBuilder(); sb.Append("Basic "); NetworkCredential cred = Credentials.GetCredential(new Uri(Url), "Basic"); string s = string.Format("{0}:{1}", cred.UserName, cred.Password); sb.Append(Convert.ToBase64String(Encoding.ASCII.GetBytes(s))); return sb.ToString(); } } How can I use this class and authorize to the web service? Thanks.

Read the article
Twitter Authentication through Android's AccountManager classes.

- by Robby Pond

I am working on a twitter based app and am trying to incorporate Android's built-in Account support for Twitter. The following code works to popup the confirmation dialog for my app to access twitter but I am unsure of what to pass in as the authenticationType. Any help would be appreciated. I've googled all over the place and can't seem to find the correct answer. It goes in place of "oauth" below. AccountManager am = AccountManager.get(this); Account[] accts = am.getAccountsByType(TWITTER_ACCOUNT_TYPE); if(accts.length > 0) { Account acct = accts[0]; am.getAuthToken(acct, "oauth"/*what goes here*/, null, this, new AccountManagerCallback<Bundle>() { @Override public void run(AccountManagerFuture<Bundle> arg0) { try { Bundle b = arg0.getResult(); Log.e("TrendDroid", "THIS AUTHTOKEN: " + b.getString(AccountManager.KEY_AUTHTOKEN)); } catch (Exception e) { Log.e("TrendDroid", "EXCEPTION@AUTHTOKEN"); } }}, null); }

Read the article
Security & Authentication: SSL vs SASL

- by 4herpsand7derpsago

My understanding is that SSL combines an encryption algorithm (like AES, DES, etc.) with akey exchange method (like Diffier-Hellman) to provide secure encryption and identification services between two endpoints on an un-secure network (like the Internet). My understanding is that SASL is an MD5/Kerberos protocol that pretty much does the same thing. So my question: what are the pros/cons to choosing both and what scenarios make both more preferable? Basically, I'm looking for a guidelines to follow when choosing SSL or to go with SASL instead. Thanks in advance!

Read the article
ASP.Net forms authentication - multiple providers

- by Chris Klepeis

I have an ASP.Net 4.0 application, and within it is a folder called "Forum", setup as a sub application in IIS 7. This forum package implements a custom provider for .net membership. The forum is running in .net 3.5. I'd like to setup the main site so that when users login, it logs them into both my site and the forum site. Both the main site and the forum have separate .Net membership tables. How can I specify which provider to use with formsauthentication? right now I have FormsAuthentication.SetAuthCookie(...); this, however, just uses my default provider and does nothing with the provider for the forum I tried setting the forum app and my web app to have the same cookie name, as well as setting the machinekey on each: <machineKey validationKey="AutoGenerate" validation="SHA1" /> no dice. I googled and didnt really come up with any example of how to use multiple providers like I want to. I updated my web.config to have both provideers but this is useless if I cannot specify in my code which one to use.

Read the article
Work flow for authentication and API use with Twitter on OAuth

- by Gustavo Carreno

I'm a bit confused about all this OAuth bruhaha in the sense that all the examples I can find are for web applications and none of them for desktop applications. I understand the Web application work flow, but that includes some redirections between the web app and twitter. How does one do this in an desktop application? How does the redirects work? Should I have to include a Web Browser object? Is there a way to go around this? Could anyone point me to resources instead of a full blown solution please? Thanks

Read the article
Jenkins and Visual Studio Online integration authentication

- by user3120361

right now I am trying to Setup Continuouse Integration - Delivery for a basic WCF Service, which will be hosted on a Microsoft Azure VM. The Project is Version Controlled through Visual Studio Online. So I installed Jenkins (also on the Azure VM), TFS plugin etc. and started the first Test Build: As Server URL I used "[VSO Adress]/DefaultCollection" and for Login purposes my Microsoft Account (I can Access VSO with that). The Problem is, when I run the Build I get the following error: Started by user Developer Building in workspace C:\Program Files (x86)\Jenkins\jobs\test\workspace [workspace] $ "C:\Program Files (x86)\TEE-CLC-11.0.0.1306\TEE-CLC-11.0.0\tf.cmd" workspaces -format:brief -server:[VSO Adress]/DefaultCollection ****" An error occurred: Access denied connecting to TFS server [VSO Adress] (authenticating as har****@*******o.com) FATAL: Executable returned an unexpected result code [100] ERROR: null Finished: FAILURE So my question is, whether it is generally possible to connect Jenkins and VSO that way and if so, which login credentials are needed

Read the article

< Previous Page | 66 67 68 69 70 71 72 73 74 75 76 77 | Next Page >