Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 70/244 | < Previous Page | 66 67 68 69 70 71 72 73 74 75 76 77  | Next Page >

  • Anonymous users support vs Google bot

    - by Andy
    I have a User class in my web app that represents a user currently logged in. Every time a user vists a page, a User instance is populated based on authentication data supplied in cookies. A User instance is created even if an anonymous user logs in - and a corresponding new record is created in the User table in the database. This approach allows me to save some state info for the current user regardless of its type. The problem however with this approach is the Google bot, and other non-human web organisms crawling my pages. Every time a bot starts to walk around the site, thousands of useless records will be created in the database, each of them only to be used for a single page. Question: what is the best trade off? How to support anonymous users, save their state, and don't get too much overhead because of cookieless bots?

    Read the article

  • REST client website login

    - by Jordan
    I have written a REST service that uses WSSE as an authentication method but i want to be able to use this rest service through a browser by creating a website around the service. I want the user to be able to log in on the website then when they view, for example the "view users" page an ajax request is made to test.com/users and back comes the list. The part i'm trying to get my head around is the logging in/out on the website and keeping the user logged in across pages. Since in a true REST implementation there's no state held on the server, i can't use $_SESSION and now i don't know where to start! What is the best way to go about this? Do i still need to store session information on the server then possibly use cURL to make the request? Thanks Jay

    Read the article

  • Web Form based login in Java

    - by BrunoLM
    How can I block access to the site if a user is not logged in? Under web.xml Security I checked Form authentication then I selected Login and Error page, but I don't know how to block the access and redirect the user to the login page. Do I need a filter? If so, how can I get the login url I specified? And how should I call the validation method? I saw in some examples this code <form method=post action="j_security_check"> <input type="text" name="j_username" /> <input type="password" name="j_password" /> </form> What does it do?

    Read the article

  • ASP NET forms Authorization: how to reduce duration?

    - by eddo
    I've got a web page which is implementing cookie based ASPNET Forms Authentication. Once the user has logged in the page, he can edit some information using a form which is created using a partialview and returned to him as a dialog for editing. The action linked to the partial view is decorated as follows: [HttpGet] [OutputCache(Duration = 0, VaryByParam = "None")] [Authorize(Roles = "test")] public ActionResult changeTripInfo(int tripID, bool ovride=false) { ... } The problem i am experiencing is the latency between the request and the time when the dialog is shown to the user: time ranges between 800 and 1100 ms which is not justified by the complexity of the form. Investigating with Glimpse turns out that the time to process the AuthorizeAttribute (see snip) sums up to at least 650 ms which is troubling me. Looking at the Sql server log, the call which checks the user roles takes, as expected, virtually nothing (duration 0). How can I reduce this time? Am I missing some optimization?

    Read the article

  • Best approach to store login credentials for website

    - by Zerotoinfinite
    I have created a site in ASP.NET 3.5 & I have only 2 or 3 user login IDs who can login to the website. What would be the best way to save these login details? Which of these approaches, or others, would be most suitable? Using Forms Authentication, and saving credentials (username and password) in web.config to create a text file in directory and modify it Which approach is best from a security and maintenance perspective? What other approaches are suitable for a login system for ASP.NET?

    Read the article

  • single sign on in asp.net

    - by gopal
    Hi , We have developed implemented single sign on methodology to authenticate user. When a page is requested, if it is not authenticated then a login page will be redirected. Once they logged in the requested page will be shown. this is working when we don't assign a domain to the virtual directory. But when we assign the domain to virtual directory after the authentication the application is not redirecting to the requested page. We are using FormsAuthentication.GetRedirectUrl method to redirect the requested page. Why this is happening? How can we resolve this issue?

    Read the article

  • WCF server component getting outdated user name

    - by JoelFan
    I am overriding System.IdentityModel.Policy.IAuthorizationPolicy.Evaluate as follows: public bool Evaluate(EvaluationContext evaluationContext,ref object state) { var ids = (IList<IIdentity>)evaluationContext.Properties["Identities"]; var userName = ids[0].Name; // look up "userName" in a database to check for app. permissions } Recently one of the users had her user name changed in Active Directory. She is able to login to her Windows box fine with her new user name, but when she tries to run the client side of our application, the server gets her old user name in the "userName" variable in the code above, which messes up our authentication (since her old user name is no longer in our database). Another piece of info: This only happens when she connects to the server code on the Production server. We have the same server code running on a QA server, and it does not have this issue (the QA server code gets her correct (new) user name) Any ideas what could be going on?

    Read the article

  • asp.net impersonation identity: Where does it come from?

    - by Rising Star
    Here's a simple question I've been stuck on for a while. When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from? This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user: Httpcontext.Current.user System.Threading.Thread.Current System.Security.Principal.WindowsIdentity.GetCurrent It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config. I would like to know where the impersonated identity comes from.

    Read the article

  • Can SiteB Restrict Access Only to Users Authenticated on Site A? How?

    - by DaveDev
    I have recently been asked to estimate a piece of work which will provide functionality for authenticated users to access our site. The thing is, the user has to authenticate on a different site & domain to the one we are hosting. The user authenticates on SiteA.com and they are provided with a link to our site, SiteB. Only users who have authenticated on SiteA are allowed to access SiteB.com. I don't yet know what authentication system SiteA is using, but I thought I'd ask the community for some initial thoughts. Is this even possible? What do I need to consider? Thanks

    Read the article

  • Zend_Auth_Adapter_DbTable identity not unique

    - by volf
    For authentication on a website i use Zend_Auth_Adapter_DbTable. Everything work's fine, but Zend Framework only allow unique Identitys in the table. As an identity i use the mail-address from my users. The problem is, that there are more items in the table with this mail-adress. User can delete there account and so i don't delete the whole row, i only change the status to -2 or something else. active user has the status 1. i try to use it like so: $authAdapter = new Zend_Auth_Adapter_DbTable($db, 'user', 'email', 'password', "? AND `status`='1'"); $authAdapter->setIdentity($email); $authAdapter->setCredential($password); But it doesn't work. If i delete the inactive user with the same mail-address, everything work's. Why is that?

    Read the article

  • Best approach to store username & password

    - by Zerotoinfinite
    Hi All, I have created a site in asp.net 3.5 & my query is this that I have only 2 or 3 login Id (user) who can login to my website, then what would be the better way to save the login details. What I know I am writing below, please let me know which would be the correct approach to achieve this also if their is any nice approach to get this done: 1: to save username and password in web.config file 2: to create a text file in directory and modify it 3: To use form authentication Please let me know the approach I can use to solve it. thanks in advance P.S. : I have to create only 2-3 users, or in future may be 1-2 more, that's it.

    Read the article

  • How to set credential persistence permanent on Android

    - by doreamon
    My app has save login credential feature, so I store cookies for the next use after succeeding to sign in. However, after a time period, the session will be time out and cannot log in with the cookies any more. On iOS, after setting credential persistence to permanent, the app works nicely even after restarting the phone: [[challenge sender] useCredential:[NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistencePermanent] forAuthenticationChallenge:challenge]; On Android, I cannot find out such kind of this option. Here is from my HttpHelper class: ((AbstractHttpClient) HttpHelper.client).getAuthSchemes().register("ntlm",new NTLMSchemeFactory()); NTCredentials creds = new NTCredentials(user, pass, "", domain); ((AbstractHttpClient) HttpHelper.client).getCredentialsProvider().setCredentials(AuthScope.ANY, creds); The server is SharePoint so I have to deal with ntlm authentication by following this instruction If you have idea, please let me know. Thank you.

    Read the article

  • HWID locking a PHP page?

    - by Rob
    Currently I sell a program, that accesses my webpage. The program is HWID (Hard Ware ID) locked, and the only reason I use the program to access the webpage instead of direct access via a webbrowser, is so that I can use HWID authentication. However, I've just been told I can code a script to get computer information, such as hardware ID etc. Is this actually possible completely server-side? If so, can I do it with PHP? If not, what language would this be, and what functions would I have to look into for this?

    Read the article

  • Ruby on rails: Image downloads with Authentication/Authorization/Time outs

    - by ak1dnar
    Hi Guys, I'm having few doubts on implementing file downloads. I'm creating an app where I use attachment_fu with Amazon s3 to upload files. Things are working pretty well so far on uploading side. Now its the time to start the file downloads. Here is what I need, a logged in user search and browse for Images and they should able to add the files in to a download basket (Let's say its a Download Shopping Cart). Finally the user should be able to download these file(s) from S3 probably as a zipped file. Is there any plugin/gem where I can use for this?

    Read the article

  • WCF: Using Streaming and Username/Password authentication at the same time

    - by Kay
    Hi, I have a WCF Service with the following requirements: a) The client requests a file from the server which is transferred as a Stream. Files may be 100MB or larger. I need streaming or chucking or whatever to make sure that IIS is not loading the whole package into memory before starting to send it. b) The client will transfer an ID to identify the file to be downloaded. The user should be authenticated by providing username/password. c) While the username/password part of the communication needs to be encrypted, encryption of the downloaded file is optional for our use case. My other services, where I am returning smaller files, I am using the following binding: <ws2007HttpBinding> <binding name="ws2007HttpExtern" maxReceivedMessageSize="65536000"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </ws2007HttpBinding> But, as I said, that is no good for streaming (Message encryption needs the complete message to encrypt and that is not the case when streaming). So, I asked Microsoft support and I got more or less the following proposal: <bindings> <basicHttpBinding> <binding name="basicStreaming" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </bindings> <services> <service behaviorConfiguration="MyProject.WCFInterface.DownloadBehavior" name="MyProject.WCFInterface.DownloadFile"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicStreaming" contract="MyProject.WCFInterface.IDownloadFile" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyProject.WCFInterface.DownloadBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> When I use this, I get the following error message: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. I am using the Web Development Server so far (for production IIS7). I have two questions. a) How would you configure WCF to achieve the goal? b) If the MS proposal is good: What I am doing wrong, the error message does not really help me. Thanks.

    Read the article

  • WCF Service Authentication problem?

    - by Marcus
    I have an application which exposes lots of interfaces via net.tcp protocol, using both SecurityMode.Transport and SecurityMode.None (I really need support for both). My whole application is written in a DLL file. I have a form which consumes this DLL and now I made a Windows Service to consume this DLL. The problem is, when this windows service goes up, the insecure service throws this exception: Stream Security is required at http://www.w3.org/2005/08/addressing/anonymous, but no security context was negotiated. This is likely caused by the remote endpoint missing a StreamSecurityBindingElement from its binding. In the client side, nothing has changed. Is there any reason for this behaviour? The program is exactly the same. When I run the same test with the form app, it works... ps: I've already tried running the windows service as: SYSTEM, NETWORK SERVICE and my user account (which runs the form app) Thanks

    Read the article

  • Authentication and Login on 2 website

    - by xRobot
    Hi at all, I have 2 site: example.com and exampletwo.com I want that when a user login on example.com then he is automatically authenticated also on exampletwo.com How can I do that ? I use Django + Nginx on first website and Tornado framework + Tornado server on second website. Thanks ;) . P.S. If you don't know this platforms ( Django or Tornado or Nginx ), I accept also a solution for a generic PHP+Apache platform and then I will do some research :)

    Read the article

  • Cannot add Authorization field to HttpsUrlConnection in order to complete Basic authentication

    - by ES
    Hi, I'm using the Sun API HttpsURLConnection class, and have been trying for a day now to get it to send a simple request: URL url = new URL("https://thirdpartyserver.com/somelocation"); connection = (HttpsURLConnection)url.openConnection(); connection.setDoOutput(true); connection.setRequestMethod("POST"); if (doAuthorization) { Base64Converter converter = new Base64Converter(); connection.setRequestProperty("Authorization", "Basic " + converter.encode("username:password")); } OutputStreamWriter writer = new OutputStreamWriter(connection.getOutputStream()); writer.write("param1=100&param2=hello"); writer.flush(); writer.close(); I keep getting 401 from the third part server. When I look at the connection through the debugger, the method shows up as GET even though I set it to POST; the collection of request properties shows up as null. If I print the values out, the method shows up as POST, but the request parameters collection is still empty. I would love to be able to print the request and understand what's going on, but I could not figure out how to print the content of an output buffer. Any ideas? Thanks! ES

    Read the article

  • WCF how to pass token for authentication?

    - by Kevin
    I have a WCF service which would like to support basicHttpBinding and webHttpBinding. When the client successfully login, server will generate a token for client to pass to server on all the request make later. Question is how the client can pass the token to server? I don't want to add an extra parameter on every web method to hold the token.

    Read the article

  • Facebook canvas Iframe App authentication problem.

    - by itsoft3g
    hi, I am in the conversion process of facebook app from fbml to iframe. Now i am testing using few iframe pages. $user = $facebook->require_login(); It gives the current user logged in. Once it get the variable from the facebook.com it saves in cookie by the PHP API provided by facebook). I logged out using another tab of facebook and i tryed using my app without refreshing the whole site (by just using the links inside my app). It still gives the $user variable. It indicates that user has logged in instead of user logged out. Please help me out. I want my app secured. It looks my iframe app accessible when we select "open this frame in new window". I need a solution for this too. Thanks in advance.

    Read the article

  • Security and authentication in web services

    - by King
    Lets say we have a website that uses a web service for all of its functionality (i.e. retrieving and updating data from/to db), how does the web service authenticate requests? As I understand it, in a traditional java "website" a user provides a username & password, and upon validation a jsessionid is assigned to the user (client browser). Every time the client browser asks the website for something, the site checks for the jsessionid ensuring that the user is registered and authenticated. Is there a web services equivalent of this? If yes, what?

    Read the article

  • SSL on Heroku / User Authentication Across Multiple Domains

    - by Euwyn
    Posted a previous question on this, but have a followup. I was trying to create a workaround to use SSL on the expensive custom domain. I'm willing to live with bumping a user to https://app.heroku.com from http://www.app.com for certain secure pages, and have monkey-patched SSL required to make this happen. However, now this issue is with making sure my User is logged in when I do so. As I understand, cookies aren't cross domain. Is there a way around this issue?

    Read the article

  • How to perform CAM authentication with Cognos TM1 API

    - by tardate
    The Cognos TM1 API provides two server connect/authenticate methods: TM1SystemServerConnect (when IntegratedSecurityMode = 1 or 2) TM1SystemServerConnectIntegratedLogin (when IntegratedSecurityMode = 2 or 3) There is however a 4th security mode for use with CAM/Cognos Access Manager (IntegratedSecurityMode = 4). As of 9.5, it appears there is still no way to authenticate via the API if you have CAM enabled on the TM1 server. Does anyone know different, or have a workaround?

    Read the article

  • Yahoo authentication

    - by steve
    Hi - I'm playing around with the new yahoo API. I'd like to scrap some dummy data using the following address http://query.yahooapis.com/v1/public/yql?q=desc%20social.updates.search&format=json&diagnostics=true&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys&callback=cbfunc When I run this I get an authenticaion error (Need to be logged into Yahoo) This is fine obviously for me messing around on the internet. However I'd like to call this from a ruby script. Any ideas how I go about authenticating? I can only seem to find some web enabled version.

    Read the article

  • Login URL using authentication information in Django

    - by fuSi0N
    I'm working on a platform for online labs registration for my university. Login View [project views.py] from django.http import HttpResponse, HttpResponseRedirect, Http404 from django.shortcuts import render_to_response from django.template import RequestContext from django.contrib import auth def index(request): return render_to_response('index.html', {}, context_instance = RequestContext(request)) def login(request): if request.method == "POST": post = request.POST.copy() if post.has_key('username') and post.has_key('password'): usr = post['username'] pwd = post['password'] user = auth.authenticate(username=usr, password=pwd) if user is not None and user.is_active: auth.login(request, user) if user.get_profile().is_teacher: return HttpResponseRedirect('/teachers/'+user.username+'/') else: return HttpResponseRedirect('/students/'+user.username+'/') else: return render_to_response('index.html', {'msg': 'You don\'t belong here.'}, context_instance = RequestContext(request) return render_to_response('login.html', {}, context_instance = RequestContext(request)) def logout(request): auth.logout(request) return render_to_response('index.html', {}, context_instance = RequestContext(request)) URLS #========== PROJECT URLS ==========# urlpatterns = patterns('', (r'^media/(?P<path>.*)$', 'django.views.static.serve', {'document_root': settings.MEDIA_ROOT }), (r'^admin/', include(admin.site.urls)), (r'^teachers/', include('diogenis.teachers.urls')), (r'^students/', include('diogenis.students.urls')), (r'^login/', login), (r'^logout/', logout), (r'^$', index), ) #========== TEACHERS APP URLS ==========# urlpatterns = patterns('', (r'^(?P<username>\w{0,50})/', labs), ) The login view basically checks whether the logged in user is_teacher [UserProfile attribute via get_profile()] and redirects the user to his profile. Labs View [teachers app views.py] from django.http import HttpResponse, HttpResponseRedirect, Http404 from django.shortcuts import render_to_response from django.template import RequestContext from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.models import User from accounts.models import * from labs.models import * def user_is_teacher(user): return user.is_authenticated() and user.get_profile().is_teacher @user_passes_test(user_is_teacher, login_url="/login/") def labs(request, username): q1 = User.objects.get(username=username) q2 = u'%s %s' % (q1.last_name, q1.first_name) q2 = Teacher.objects.get(name=q2) results = TeacherToLab.objects.filter(teacher=q2) return render_to_response('teachers/labs.html', {'results': results}, context_instance = RequestContext(request)) I'm using @user_passes_test decorator for checking whether the authenticated user has the permission to use this view [labs view]. The problem I'm having with the current logic is that once Django authenticates a teacher user he has access to all teachers profiles basically by typing the teachers username in the url. Once a teacher finds a co-worker's username he has direct access to his data. Any suggestions would be much appreciated.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 66 67 68 69 70 71 72 73 74 75 76 77  | Next Page >