Search Results

Search found 5866 results on 235 pages for 'authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 72/235 | < Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >

  • Single Sign On for Web Application and Application in Virtual Directory

    - by Stefan
    To enable single sign-on for a web application and a web application in a virtual directory, I set the machinekey in both apps to the same: <machineKey validationKey="xxx" decryptionKey="yy" validation="SHA1" /> The single sign on works just fine, but existing users can't sign in any more; their passwords are rejected. The machinekey used to be this in the parent application: <machineKey validationKey="xxx,IsolateApps" decryptionKey="yy,IsolateApps" validation="SHA1" /> I tried other ways to make single sign on work, but it just won't as long as the keys contain "IsolateApps". What am I missing? I should add that the in the membership provider, passwordFormat is set to "Encrypted". So I assume the password was encrypted using the key that contained "IsolateApps" and now when it tries to validate the password it's using the key without the "IsolateApps". Still not sure how to solve that problem. Is there maybe a way that I can set the encryption keys for the password separately from the one that is used for the authentication cookie?

    Read the article

  • How to get current Joomla user with external PHP script

    - by Joey Adams
    I have a couple PHP scripts used for AJAX queries, but I want them to be able to operate under the umbrella of Joomla's authentication system. Is the following safe? Are there any unnecessary lines? joomla-auth.php (located in the same directory as Joomla's index.php): <?php define( '_JEXEC', 1 ); define('JPATH_BASE', dirname(__FILE__)); define( 'DS', DIRECTORY_SEPARATOR ); require_once ( JPATH_BASE .DS.'includes'.DS.'defines.php' ); require_once ( JPATH_BASE .DS.'includes'.DS.'framework.php' ); /* Create the Application */ $mainframe =& JFactory::getApplication('site'); /* Make sure we are logged in at all. */ if (JFactory::getUser()->id == 0) die("Access denied: login required."); ?> test.php: <?php include 'joomla-auth.php'; echo 'Logged in as "' . JFactory::getUser()->username . '"'; /* We then proceed to access things only the user of that name has access to. */ ?>

    Read the article

  • Problems requesting the LDAP: The server is unwilling to process the request.

    - by Flo
    We have written an authentication provider for a SharePoint web application which can requests multiple LDAP directories. One of the LDAP server have to be requested via SSL. So we imported the CA certificate which was used to sign the LDAP server's certificate into the certificate store of the SharePoint server. The following code snippet shows how we authenticate an user. The passed credentials (account, password) belong to the user we want to authenticate. var entry = new DirectoryEntry("LDAP://<ldap-server-address>", "cn=account,ou=sub,o=xyz,c=de", "password", AuthenticationTypes.SecureSocketsLayer); var searcher = new DirectorySearcher(entry); var found = searcher.FindOne(); When the code is processed, the call to searcher.FindOne() throws following exception. System.Runtime.InteropServices.COMException (0x80072035): The server is unwilling to process the request What circumstance can lead to this error? UPDATE: I found some information about the error message. There the problem seems to be the certificate store, as the user has only stored the certificate in the in the user's store and not in the computer's store. Unfortunately we've already stored it there. So could this be still a certificate issue? UPDATE/SOLUTION: Actually the problem is solved. It seems as if the root CA certificate was imported correctly but the error messages the LDAP server responded was caused by an expired user account our customer gave us for testing.

    Read the article

  • Web service SSL handshake fails in production environment unless SSL debugging enabled

    - by JST
    Scenario: calling a client web service over SSL (https) with mutual SSL authentication. Different service endpoint URLs and certs (both keystore and truststore) for test vs. production environments. Both test and production environments run tomcat / JBoss clustered. Production environment has load balancing / BigIP, runs Blade and non-Blade machines. Truststore is set (using -Djavax.net.ssl.trustStore=value) at startup. Keystore is set using System.setProperty("javax.net.ssl.keyStore", "value") in Java code. Web service call made using Axis2. All works fine in test environment, but when we moved to production environment (6 servers), it appears certs are not being forwarded for the handshake. Here's what we've done: in test environment, handshake using test versions of certs has been working all along, with no ssl debugging enabled confirmed in test environment that handshake with client production endpoint succeeds (production certs, both ours and theirs, are fine) -- this was done using -Djavax.net.debug=handshake,ssl confirmed that the error condition occurs on all 6 production servers took one server out of the cluster, turned on ssl debugging for just that one (with a restart), hit it directly, handshake works! switched to a different server without the debugging turned on, handshake error condition occurs turned debugging on on that second server (with a restart), hit it directly, handshake works! From the evidence, it seems like somehow the debugging being enabled causes the certificates to be properly retrieved/conveyed, although that makes no sense! I wonder whether somehow the enabled debugging makes the system pay attention to the System.setProperty call, and ignore it otherwise. However, in local and test environments, handshake worked without debugging enabled. Do I maybe need to be setting keystore on server startup like I'm setting truststore? Have been avoiding that because the keystore will differ for each of our test environments (16 of them).

    Read the article

  • Is an LSA MSV1_0 subauthentication package needed for some impersonation use cases?

    - by Chris Sears
    Greetings, I'm working with a vendor who has implemented some code that uses a Windows LSA MSV1_0 subauthentication package (MSDN info if you're interested: http://msdn.microsoft.com/en-us/library/aa374786(VS.85).aspx ) and I'm trying to figure out if it's necessary. As far as I can tell, the subauthentication routine and filter allow for hooking or customizing the standard LSA MSV1_0 logon event processing. The issue is that I don't understand why the vendor's product would need these capabilities. I've asked them and they said they use it to perform impersonation. The product definitely does need to do impersonation, but based on my limited win32 knowledge, they could get the functionality they need using the normal auth APIs (LsaLogonUser, ImpersonateLoggedOnUser, etc) without the subauthentication package. Furthermore, I've worked with a number of similar products that all do impersonation, and this is the only one that's used a subauthentication package. If you're wondering why I would care, a previous version of the product had a bug in the subauthentication package dll that would cause lockups or bluescreens. That makes me rather nervous and has me questioning the use of such a low-level, kernel sensitive interface. I'd like to go back to the vendor and say "There's no way you could need an LSA subauth package for impersonation - take it out", but I'm not sure I understand the use cases and possible limitations of the standard win32 authentication/impersonation APIs well enough to make that claim definitively. So, to the win32 security gurus out there, is there any reason you would need an LSA MSV1_0 subauthentication package if all you were doing is impersonation? Thanks in advance for any thoughts!

    Read the article

  • How to set up RPX widget and facebook app to be able to authenticate with rpx_now?

    - by Andrei
    Using the sample app for rpx_now gem ( http://github.com/grosser/rpx_now_example) on localhost:3000, I have successfully logged in via Google Accounts, myOpenID, Yahoo, but cannot make it via Facebook. In the RPX app/widget settings I have set my facebook-app key and secret. In my facebook app settings, the Connect URL is myappname.rpxnow.com. But when I try to connect, then I don't even see a facebook login page, just a number of redirects and I am back to my localhost with the following exception http://gist.github.com/386520 . Before I was successfully connecting with oauth2 gem, however, without fetching user data - only authentication. That time I set only key/secret and localhost as my Connect URL. Currently, I don't even ask for email etc., but still the same problem. Can it happen because rpx_now cannot get requested user data from facebook? Or it is a problem of facebook key/secret? May be I need to provide more settings of my facebook app? RPXNow::ApiError in UsersController#create Got error: Invalid parameter: token (code: 1), HTTP status: 200 RAILS_ROOT: /home/Andrei/rpx_now_example Application Trace | Framework Trace | Full Trace /usr/lib/ruby/gems/1.8/gems/rpx_now-0.6.20/lib/rpx_now/api.rb:71:in `parse_response' /usr/lib/ruby/gems/1.8/gems/rpx_now-0.6.20/lib/rpx_now/api.rb:21:in `call' /usr/lib/ruby/gems/1.8/gems/rpx_now-0.6.20/lib/rpx_now.rb:23:in `user_data' /home/Andrei/rpx_now_example/app/controllers/users_controller.rb:16:in `create' Request Parameters: None Show session dump Response Headers: {"Content-Type"="", "Cache-Control"="no-cache"}

    Read the article

  • Authenticating to Google Search Appliance using Basic HTTP auth and ASP.NET (VB)

    - by Chainlink
    I've run into a snag though which has to do with authentication between the Google Search Appliance and ASP. Normally, when asking for secure pages from the search appliance, the search appliance asks for credentials, then uses these credentials to try and access the secure results. If this attempt is successful, the page shows up in the results list. Since ASP is contacting the search appliance on the client's behalf, it will need to collect credentials and pass them along to the search appliance. I have tried a couple of different documented ways of accomplishing this, but they don't seem to work. Below is the code I have tried: 'Bypass SSL since discovery.gov.mb.ca does not have valid SSL cert (NOT PRODUCTION SAFE) ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(AddressOf customXertificateValidation) googleUrl = "https://removed.com" Dim rdr As New XmlTextReader(googleUrl) Dim resolver As New XmlUrlResolver() Dim myCred As New System.Net.NetworkCredential("USERNAME", "PASSWORD", Nothing) Dim credCache As New CredentialCache() credCache.Add(New Uri(googleUrl), "Basic", myCred) resolver.Credentials = credCache rdr.XmlResolver = resolver doc = New System.Xml.XPath.XPathDocument(rdr) path = doc.CreateNavigator() Private Function customXertificateValidation(ByVal sender As Object, ByVal certificate As System.Security.Cryptography.X509Certificates.X509Certificate, ByVal chain As System.Security.Cryptography.X509Certificates.X509Chain, ByVal sslPolicyErrors As Net.Security.SslPolicyErrors) As Boolean Return True End Function

    Read the article

  • Django - Override admin site's login form

    - by TrojanCentaur
    I'm currently trying to override the default form used in Django 1.4 when logging in to the admin site (my site uses an additional 'token' field required for users who opt in to Two Factor Authentication, and is mandatory for site staff). Django's default form does not support what I need. Currently, I've got a file in my templates/ directory called templates/admin/login.html, which seems to be correctly overriding the template used with the one I use throughout the rest of my site. The contents of the file are simply as below: # admin/login.html: {% extends "login.html" %} The actual login form is as below: # login.html: {% load url from future %}<!DOCTYPE html> <html> <head> <title>Please log in</title> </head> <body> <div id="loginform"> <form method="post" action="{% url 'id.views.auth' %}"> {% csrf_token %} <input type="hidden" name="next" value="{{ next }}" /> {{ form.username.label_tag }}<br/> {{ form.username }}<br/> {{ form.password.label_tag }}<br/> {{ form.password }}<br/> {{ form.token.label_tag }}<br/> {{ form.token }}<br/> <input type="submit" value="Log In" /> </form> </div> </body> </html> My issue is that the form provided works perfectly fine when accessed using my normal login URLs because I supply my own AuthenticationForm as the form to display, but through the Django Admin login route, Django likes to supply it's own form to this template and thus only the username and password fields render. Is there any way I can make this work, or is this something I am just better off 'hard coding' the HTML fields into the form for?

    Read the article

  • IIS 6 forces AppRoot/Starting Point to upper case when Virtual Directory is imported from a file

    - by user276464
    I have searched the web for this and couldn't find anything (well one remotely relevant post), so here I am. We have multiple ASP.NET apps in IIS 6 using Forms Authentication with dedicated path for each app. Since path is case sensitive it must match URL's path section exactly. However, because of an incorrect casing in IIS 6 Metabase for AppRoot (or Starting Point in IIS UI) bowser doesn't send Form cookie to the server whenever URL is previously resolved on the server and sent to client in incorrect case. Example: App URL = "https://Test.net/Application1" Cookie path = /Application1 Metabase AppRoot = /LM/W3SVC/1393818691/ROOT/APPLICATIONPATH1 Resolved URL = "https://Test.net/APPLICATIONPATH1" Now to the root cause... We create virtual directories on test server manually in a specific case (matches Path for each application). We then export virtual directory using UI to an XML file, which is then imported to another server (let's say production), at which point IIS decides to uppercase AppRoot element of the metabase. Can anyone shed some light on this? Is there a setting on IIS I am not aware of? I am trying to avoid manual edit of metabase after the import. Is that a bug?

    Read the article

  • AspNetMembership provider with WCF service

    - by Sly
    I'm trying to configure AspNetMembershipProvider to be used for authenticating in my WCF service that is using basicHttpBinding. I have following configuration: <system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> <bindings> <basicHttpBinding> <binding name="basicSecureBinding"> <security mode="Message"></security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="MyApp.Services.ComputersServiceBehavior"> <serviceAuthorization roleProviderName="AspNetSqlRoleProvider" principalPermissionMode="UseAspNetRoles" /> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="AspNetSqlMembershipProvider"/> </serviceCredentials> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <services> <service behaviorConfiguration="MyApp.Services.ComputersServiceBehavior" name="MyApp.Services.ComputersService"> <endpoint binding="basicHttpBinding" contract="MyApp.Services.IComputersService" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> </system.serviceModel> Roles are enabled and membership provider is configured (its working for web site). But authentication process is not fired at all. There is no calles to data base during request, and when I try to set following attribute on method: [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] public bool Test() { return true; } I'm getting access denied exception. Any thoughts how to fix it?

    Read the article

  • how to verify browser IP for server-side web service

    - by Anthony
    I have a web service that needs to be able to verify the end-user's IP that called the server-script that is requesting the web service. Simple layout: Person A goes to Webpage B. Webpage B calls Web Service C to get some info on Person A. Web Service C won't give Webpage B the requested information without confirmation that the request originated from Person A's IP and not someone who has stolen Person A's session. I'm thinking that for a browser-based solution, the original site (Webpage B) can open an iframe that goes to the Web Service's authentication page. A key of some kind is passed to the browser which will some how indicate both the user's IP and Web Page B's IP, so that the Web Service can confirm that no one has nabbed anything. I have two challenges, but I'll stick to the more immediate one first: I'm not sure if my browser-based plan really makes sense. If someone steals the session cookie, how is the Web Service going to know? Would this cookie be held be Web Page B and thus be harder to steal? Is it a sound assumption that a cookie or key held by the server only and not the browser is safe? Also, would the web service, based on the iframe initial connection, be expecting the server/user-ip combo? What I mean is, does the session key provided via the iframe get stored by the web service and the Web Site B shows it has a match? Or is the session key more generic, meaning the web service is passed the key by Website B and the Web Service verifies that this is a valid session key based on what a valid session key should look like?

    Read the article

  • My Website was hacked using Statcounter! Does Statcounter keep a record of cookies?

    - by Cyril Gupta
    I had a rather interesting case of hacking on my ASP.Net MVC website. For this website I had implemented a rather uncomplicated authentication system for my admin area -- an encrypted cookie which had an identifying signature for the member. Whenever the admin visits the website the cookie would be decrypted and signature verified. If matching he wouldn't have to sign in. Couple of days ago a visitor on my site told me that he was able to sign into my website simply by clicking no a referral link on his Statcounter console which pointed to my admin area (I had visited his site from a link inside my admin view). He just clicked on a link in statcounter and he was signed in as the admin! The only way this could have happened was if statcounter somehow recorded my cookies and used those when he clicked on the link pointing to my admin! Is that logical or fathomable? I don't understand what's going on. Do you have any suggestions as to how I can protect my website against things like this?

    Read the article

  • How to elegantly handle ReturnUrl when using UrlRewrite in ASP.NET 2.0 WebForms

    - by Brian Kim
    I have a folder with multiple .aspx pages that I want to restrict access to. I have added web.config to that folder with <deny users="?"/>. The problem is that ReturnUrl is auto-generated with physical path to the .aspx file while I'm using UrlRewrite. Is there a way to manipulate ReturnUrl without doing manual authentication check and redirection? Is there a way to set ReturnUrl from code-behind or from web.config? EDIT: The application is using ASP.NET 2.0 WebForms. I cannot use 3.5 routing. EDIT 2: It seems like 401 status code is never captured. It returns 302 for protected page and redirects to login page with ReturnUrl. It does not return 401 for protected page. Hmm... Interesting... Ref: http://msdn.microsoft.com/en-us/library/aa480476.aspx This makes things harder... I might have to write reverse rewrite mapping rules to regex match ReturnUrl and replace it if it doesn't return 401... If it does return 401 I can either set RawUrl to Response.RedirectLocation or replace ReturnUrl with RawUrl. Anyone else have any other ideas?

    Read the article

  • Multiuser login into winforms application

    - by schoetbi
    Hi there, i have a winforms app in C# that needs access control for certain forms. That means, the application is running under the same (default) user at system startup, but certain forms need to be secured, so that only certain windows users could have access to the additional functions after identifying themself with username and password. For that step windows authentication should be used. Now the tricky part. Although the application was started under a "normal" user I would like the superusers to "login" into the special form without restarting the entiere application. My question now is. Is this possible (i.e. create one thread with the credentials of an administrator). Or do I need to setup another appdomain for that? Please give me a hint wather the user of a running application could be changed somehow. Thank you. EDIT I replaced administrators by "certain users" since the privileged user could be just another ordinary user that is granted access to the special functionality by the configuration of the installation.

    Read the article

  • Forms Auth: have different credentials for a subdirectory?

    - by Fyodor Soikin
    My website has forms authentication, and all is well. Now I want to create a subdirectory and have it also password-protected, but! I need the subdirectory to use a completely different set of logins/passwords than the whole website uses. Say, for example, I have users for the website stored in the "Users" table in a database. But for the subdirectory, I want the users to be taken from the "SubdirUsers" table. Which probably has a completely different structure. Consequently, I need the logins to be completely parallel, as in: Logging into the whole website does not make you logged into the subdirectory as well Clicking "logout" on the whole website does not nullify your login in the subdirectory And vice versa I do not want to create a separate virtual application for the subdirectory, because I want to share all libraries, user controls, as well as application state and cache. In other words, it has to be the same application. I also do not want to just add a flag to the "Users" table indicating whether this is a whole website user or the subdirectory user. User lists have to come from different sources. For now, the only option that I see is to roll my own Forms Auth for the subdirectory. Anybody can propose a better alternative?

    Read the article

  • What is the best way to extend restful_authentication/AuthLogic to support lazy logins by an anonymo

    - by Kevin Elliott
    I'm building an iPhone application that talks to a Ruby on Rails backend. The Ruby on Rails application will also service web users. The restful_authentication plugin is an excellent way to provide quick and customizable user authentication. However, I would like users of the iPhone application to have an account created automatically by the phone's unique identifier ([[UIDevice device] uniqueIdentifier]) stored in a new column. Later, when users are ready to create a username/password, the account will be updated to contain the username and password, leaving the iPhone unique identifier intact. Users should not be able to access the website until they've setup their username/password. They can however, use the iPhone application, since the application can authenticate itself using it's identifier. What is the best way to modify restful_authentication to do this? Create a plugin? Or modify the generated code? What about alternative frameworks, such as AuthLogic. What is the best way to allow iPhones to get a generated auth token locked to their UUID's, but then let the user create a username/password later?

    Read the article

  • How can I display an ASP.NET MVC html part from one application in another

    - by Frank Sessions
    We have several asp.net MVC apps in the following setup SecurityApp (root application - handles forms auth for SSO and has a profile edit page) Application1 (virtual directory) Application2 (virtual directory) Application3 (virtual directory) so that domain.com points to SecurityApp and domain.com/Application1 etc point to their associated virtual directories. All of our Single Sign On (SSO) is working properly using forms authentication. Based on the users permissions when logging in a menu that lists their available applications and a logout link will be generated and saved in the cache - this menu displays fine whenever the user is in the SecurityApp (editing their profile) but we cannot figure out how to get the Applications in the virtual directories to display the same application menu. We have tried: 1) Using JSONP to do an request that will return the html for the menu. The ajax call returns the HTML with the html; however, because User.IsAuthenticated is false the menu comes back empty. 2) We created a user control and include it along with the dll's for the SecurityApp project and this works; however, we dont want to have to include all the dlls for the SecurityApp project in every application that we create (along with all the app settings in the web.config) We would like this to be as simple as possible to implement so that anyone creating a new app can add the menu to their application in as few steps as possible... Any ideas? To Clarify - we are using ASP.NET MVC 1.0 since these apps are in production and we do not have the okay to go to ASP.NET MVC 2.0 (unfortunately)

    Read the article

  • Rails Heroku Migrate Unknown Error

    - by Ryan Max
    Hello. I am trying to get my app up and running on heroku. However once I go to migrate I get the following error: $ heroku rake db:migrate rake aborted! An error has occurred, this and all later migrations canceled: 530 5.7.0 Must issue a STARTTLS command first. bv42sm676794ibb.5 (See full trace by running task with --trace) (in /disk1/home/slugs/155328_f2d3c00_845e/mnt) == BortMigration: migrating ================================================= -- create_table(:sessions) -> 0.1366s -- add_index(:sessions, :session_id) -> 0.0759s -- add_index(:sessions, :updated_at) -> 0.0393s -- create_table(:open_id_authentication_associations, {:force=>true}) -> 0.0611s -- create_table(:open_id_authentication_nonces, {:force=>true}) -> 0.0298s -- create_table(:users) -> 0.0222s -- add_index(:users, :login, {:unique=>true}) -> 0.0068s -- create_table(:passwords) -> 0.0123s -- create_table(:roles) -> 0.0119s -- create_table(:roles_users, {:id=>false}) -> 0.0029s I'm not sure exactly what it means. Or really what it means at all. Could it have to do with my Bort installation? I did remove all the open-id stuff from it. But I never had any problems with my migrations locally. Additionally on Bort the Restful Authentication uses my gmail stmp to send confirmation emails...all the searches on google i do on STARTTLS have to do with stmp. Can someone point me in the right direction?

    Read the article

  • tipfy for Google App Engine: Is it stable? Can auth/session components of tipfy be used with webapp?

    - by cv12
    I am building a web application on Google App Engine that requires users to register with the application and subsequently authenticate with it and maintain sessions. I don't want to force users to have Google accounts. Also, the target audience for the application is the average non-geek, so I'm not very keen on using OpenID or OAuth. I need something simple like: User registers with an e-mail and password, and then can log back in with those credentials. I understand that this approach does not provide the security benefits of Google or OpenID authentication, but I am prepared to trade foolproof security for end-user convenience and hassle-free experience. I explored Django, but decided that consecutive deprecations from appengine-helper to app-engine-patch to django-nonrel may signal that path may be a bit risky in the long-term. I'd like to use a code base that is likely to be maintained consistently. I also explored standalone session/auth packages like gaeutilities and suas. GAEUtilities looked a bit immature (e.g., the code wasn't pythonic in places, in my opinion) and SUAS did not give me a lot of comfort with the cookie-only sessions. I could be wrong with my assessment of these two, so I would appreciate input on those (or others that may serve my objective). Finally, I recently came across tipfy. It appears to be based on Werkzeug and Alex Martelli spoke highly of it here on stackoverflow. I have two primary questions related to tipfy: As a framework, is it as mature as webapp? Is it stable and likely to be maintained for some time? Since my primary interest is the auth/session components, can those components of the tipfy framework be used with webapp, independent of the broader tipfy framework? If yes, I would appreciate a few pointers to how I could go about doing that.

    Read the article

  • 401 Unauthorized returned on GET request (https) with correct credentials

    - by Johnny Grass
    I am trying to login to my web app using HttpWebRequest but I keep getting the following error: System.Net.WebException: The remote server returned an error: (401) Unauthorized. Fiddler has the following output: Result Protocol Host URL 200 HTTP CONNECT mysite.com:443 302 HTTPS mysite.com /auth 401 HTTP mysite.com /auth This is what I'm doing: // to ignore SSL certificate errors public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; } try { // request Uri uri = new Uri("https://mysite.com/auth"); HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri) as HttpWebRequest; request.Accept = "application/xml"; // authentication string user = "user"; string pwd = "secret"; string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd)); request.Headers.Add("Authorization", auth); ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications); // response. HttpWebResponse response = (HttpWebResponse)request.GetResponse(); // Display Stream dataStream = response.GetResponseStream(); StreamReader reader = new StreamReader(dataStream); string responseFromServer = reader.ReadToEnd(); Console.WriteLine(responseFromServer); // Cleanup reader.Close(); dataStream.Close(); response.Close(); } catch (WebException webEx) { Console.Write(webEx.ToString()); } I am able to log in to the same site with no problem using ASIHTTPRequest in a Mac app like this: NSURL *login_url = [NSURL URLWithString:@"https://mysite.com/auth"]; ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:login_url]; [request setDelegate:self]; [request setUsername:name]; [request setPassword:pwd]; [request setRequestMethod:@"GET"]; [request addRequestHeader:@"Accept" value:@"application/xml"]; [request startAsynchronous];

    Read the article

  • How to handle dynamic role or username changes in JSF?

    - by roadrunner
    I have a JSF application running on glassfish 2.1 with a EJB 3 backend. For authentication I use a custom realm. The user authenticates using the e-mail-address and password he specified on registration. Everything is working quite well. Now I have two related problems: 1) The user can edit his profile and -- naturally -- he can also change his e-mail-address. Unfortunately when I perform operations based on the current user's identity using ExternalContext.getUserPrincipal().getName(), I will receive the previous e-mail-address the user used on login. At the moment I handle this by forcing the user to reauthenticate after he changed his e-mail-address, but is there another more graceful possibility? 2) Same for user roles. E.g. I have the user roles MEMBER and PREMIUM_MEMBER. A MEMBER may become a PREMIUM_MEMBER during his current session. Unfortunately the role seems to be only determined at login. Is there any possibility, that JSF and EJB recognize the new user role without the need for the user to re-authenticated?

    Read the article

  • Asp.net Web Site Administration Tool with SqlCeMembership

    - by Riderman de Sousa Barbosa
    I am developing an application in MVC 3. I installed this provider via Nuget . Basically, it allows to use any part of memberships, rules and profiles with a .sdf (compact) database. I need the "Web Site Administration Tool" use this provider. But I can not use it. Already checked the web.config and everything is ok. When I open the "Web Site Administration Tool" on the Security I click test (any provider) and the error happens. The following images. Error when clicking test "Could not establish a connection to the database. If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider." Here part of my web.config <authentication mode="Forms" /> <membership> <providers> <add connectionStringName="SqlCeServices" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" writeExceptionsToEventLog="false" name="SqlCeMembershipProvider" type="ErikEJ.SqlCeMembershipProvider, ErikEJ.SqlCeMembership" /> </providers> </membership> <profile enabled="false"> <providers> <clear /> <add name="SqlCeProfileProvider" type="ErikEJ.SqlCeProfileProvider" connectionStringName="SqlCeServices" applicationName="/" /> </providers> </profile> <roleManager> <providers> <add connectionStringName="SqlCeServices" applicationName="/" writeExceptionsToEventLog="false" name="SqlCeRoleProvider" type="ErikEJ.SqlCeRoleProvider, ErikEJ.SqlCeMembership" /> </providers> </roleManager> <connectionStrings> <add name="SqlCeServices" connectionString="data source=|DataDirectory|\SqlCeAspnetdb.sdf" /> </connectionStrings>

    Read the article

  • Which parts of the client certificate to use when uniquely identifying users?

    - by miha
    I'm designing a system where users will be able to register and afterward authenticate with client certificates in addition to username/password authentication. The client certificates will have to be valid certificates issued by a configured list of certificate authorities and will be checked (validated) when presented. In the registration phase, I need to store part(s) of the client certificate in a user repository (DB, LDAP, whatever) so that I can map the user who authenticates with client certificate to an internal "user". One fairly obvious choice would be to use certificate fingerprint; But fingerprint itself is not enough, since collisions may occur (even though they're not probable), so we need to store additional information from the certificate. This SO question is also informative in this regard. RFC 2459 defines (4.1.2.2) that certificate serial number must be unique within a given CA. With all of this combined, I'm thinking of storing certificate serial number and certificate issuer for each registered user. Given that client certificates will be verified and valid, this should uniquely identify each client certificate. That way, even when client certificate is renewed, it would still be valid (serial number stays the same, and so does the issuer). Did I miss something?

    Read the article

  • Multiple websites, Single sign-on design

    - by Yannis
    Hi all, I have a question. A client I have been doing some work recently has a range of websites with different login mechanisms. He is looking to slowly migrate to a single sign-on mechanism for his websites (all written in asp.net mvc). I am looking at my options here, so here is a list of requirements: 1) It has to be secure (duh) 2) It needs to support extra user properties over and above the usual name, address stuff (such as money or credits for a user) 3) It has to provide a centralized user management web console for his convenience (I understand that this will be a small project on top of whatever design solution I choose to go for) 4) It has to integrate with the existing websites without re-engineering the whole product (I understand that this depends on the current product implementation). 5) It has to deal with emailing the user when he registers (in order for him to activate his account) 6) It has to deal with activating the user when he clicks the activate me link in the email (I understand that 5 and 6 require some form of email templating system to support different emails per application) I was thinking of creating a library working together with forms authentication that exposes whatever methods are required (e.g. login, logout, activate, etc. and a small restful service to implement activation from email, registration processing etc. Taking into account that loads of things have been left out to make this question brief and to the point, does this sound like a good design? But this looks like a very common problem so arent there any existing projects that I could use? Thanks for reading.

    Read the article

  • SharePoint webpart with button to auto-login to 3rd party website

    - by JCdowney
    I have been tasked with creating a SharePoint 2007 webpart that logs the user directly into our website (which uses forms authentication). Most likely the username and password will be same in the SharePoint account as in our website. Ideally we would like it to be fully integrated in that the webpart looks up the SP login & password, somehow encodes that using SHA1, MD5 or similar encryption, then passes that along to our login page on the query string. However given we have little experience with SharePoint, and that it's probably impossible to programmatically access the SP username/password from a webpart we realize this isn't very likely to be possible and if so would probably require a lot of development time. Another option would be to load a login form from the website within an iframe in the webpart, which would show the login & password first but store a "remember me" cookie after the first login, and on each subsequent load display just a button that logs them in directly using the cookie. Has anyone done something similar before? I'm in over my head, any guidance would be much appreciated! :)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >