Does anyone know of a good guide on building your own authentication system in ruby on rails?
I want to roll my own system to use with my community im building :)
Thanks!
Ok so I am using forms authentication in my web site and I defined this in my config. Therefore I have an ASPNETDB.MDF. So do I need to have a database called ASPNETDB.MDF in my web host? If that is the case then how do I connect this so that my site uses this to verify users? I am sorry this seems to be like a very noob question
I'm authenticating a user in my application with the method "FormsAuthentication.SetAuthCookie" method, but when I close the browser and reopen it, it is still authenticated, but the session is over already, then my app crashes because it has necessary data on the session to generate the menus.
What I want to do is the following: Create an authentication ticket without create a auth cookie to, whenever the user open the page in a new browser session it will request the login once again.
How can I achieve this.
I like to use wcf (windows communication foundation) with windows authentication.
Do I need Active directory for this purpose?
How the server knows about the identity of the client?
If someone can found out the pass of the client that is using the wcf services, can he create the same user name on different computer and use the password to access the wcf services ?
Regards,
Darko Petreski
Hi Guys,
I code in C# (ASP.NET) and am using Forms authentication.
I would like to know which is the best method to change a user password without using the asp:ChangePassword control.
I dont want to use the reset password method.
I just want to grab the password i have inside my textbox and replace it with my older password.
Please note that the PasswordFormat I use is passwordFormat="Hashed"
Some code snippets would be helpful
Regards,
Naveen Jose
Hello,
I would like to add authentication to my Rails app. I came across few plugins that do this: acts_as_authenticated, restful_authentication, Authlogic...etc
I haven't seen an article that describes differences, advantages and disadvantages of using each.
Can you help with that? which one do you use and why?
Thanks,
Tam
I am developing a SOAP client using C#. The web service requires HTTP Basic Authentication. Can I configure the username and password in app.config? Can u provide a sample?
Hi!
I am new to .NET, and don't have much experience in programming.
What is the standard way of handling user authentication in .NET in the following situation?
In Process A, User inputs ID/Password
Process A sends the ID/Password to Process B over a nonsecure public channel.
Process B authenticates the user with the recieved ID/Password
what are some of the standard cryptographic algorithms I can use in above model?
thank you for your time!
How can I use authentication with System.ServiceModel.Syndication to read a private RSS?
The code I use right now just returns forbidden.
I have tried adding &PASS=password and &PASSWORD=password to the URL but it doesnt help.
try
{
using (XmlReader reader = XmlReader.Create("http://trac:8080/Project/report/7?format=rss&USER=enr"))
{
tracFeed = SyndicationFeed.Load(reader);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
I am using
JBoss AS 4.2.3
JBossSeam 2.1
My Problem is that I can login/logout with different users as long as I do not enter a wrong password for one user. If this happens it is not possible to authenticate any user. Authentication always fails.
If I delete the browser cookies everything works fine.
I have tried to set DefaultCacheTimeout and DefaultCacheResolution to 0 but without luck.
Why does JBoss cache wrong credentials?
Hi
I am using Netbeans 6.8 on ubuntu 10.04 and am having trouble installing RESTful Authentication. I have gone to Install Generators, selected restful_authentication and installed it - all messages from Gem show that it has installed and it shows under the Installed tab. However, when I come to use it by clicking on the Generator drop down there is no sign of it. I beleive ther should be a selection saying "authenticated".
When I'm connecting to imap.gmail.com, the server is connected. But, the authentication is failed due to following error
Server returned:CAPABILITY IMAP4rev1 UNSELECT LITERAL+ IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 UIDPLUS COMPRESS=DEFLATE
Any Idea plz???
Its not specific perl question
I am building a perl gui/wxperl application that connect to DB .
I want my application to be a password protected i.e first the user should enter the user and password and then use the appication .
what is the best secure method to store the password could someone provide an idea what is the best method to how should i store the user and the password and how should i retrieve them for authentication ?
if possible could someone provide some perl code how to do this ?
I am new to .NET, and don't have much experience in programming.
What is the standard way of handling user authentication in .NET in the following situation?
In Process A, User inputs ID/Password
Process A sends the ID/Password to Process B over a nonsecure public channel.
Process B authenticates the user with the recieved ID/Password
what are some of the standard cryptographic algorithms I can use in above model?
What is the correct way to log out of HTTP authentication protected folder?
There are workarounds that can achieve this, but they are potentially dangerous because they can be buggy or don't work in certain situations / browsers. That is why I am looking for correct and clean solution.
I have a database which users should not be able to alter data in unless they use the specific app. I know best practice is to use windows authentication however that would mean that users could then connect to the database using any other data enabled app and change values which would then not be audited.
Unfortunately SQL 2008 with its inbuilt auditing is not available.
Any ideas how to ensure that users cannot change anything unless its through the controlling app?
hi,
I would like to know if it is possible to maintain an authentication (like a session with login and password in php) on a website from a java program, and if anyone had any lead on the subject or some reading for me, that would be great.
thanks
Hello,
I need to implement an authentication in my client application against my server application. I don't want users to enter any kind of credentials and I don't want to hard-code any password.
The purpose is to prevent other people/application to steal data from the server.
What is the best way to achieve this?
In my application i use external resources on web that require proxy authentication.
All my requests are http type by using WebRequest / DataSet.ReadXml(url) / ecc.....
Every time i need to give credentials...
So is possible to assign credential only one time in my application?
If have the following web.config:
<configuration>
<system.web>
<authentication mode="Forms">
<forms name="MembershipCookie"
loginUrl="Login.aspx"
protection="All"
timeout="525600"
slidingExpiration="true"
enableCrossAppRedirects="true"
path="/" />
</authentication>
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="Default.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
The application is an ASP.NET 2.0 application running on Windows 2008R2/IIS7.5.
If the site's application pool is configured to run ASP.NET 2.0 and I browse to http://example.com then Default.aspx is rendered as you'd expect from the rules above.
However if the application pool is set to run ASP.NET 4.0 I am redirected to the login page. If I explicitly specify http://example.com/default.aspx then all is good and default.aspx renders.
I've tried rewriting / -> /default.aspx (using IIS UrlRewriter 2.0) but the result is still the same, I get kicked to the login page.
I've also tried this with an ASP.NET 4.0 application with the same result (which is where the problem initially arose). The reason I tried this with a 2.0 application was to see if there was a change in behaviour, and it seems that / is handled differently in 4.0.
So to summarise, using the configuration above the following is observed:
ASP.NET Version Url Behaviour
-------------------------------------------------------------------------
2.0 http://example.com Renders Default.aspx
2.0 http://example.com/Default.aspx Renders Default.aspx
4.0 http://example.com Redirects to Login.aspx
4.0 http://example.com/Default.aspx Renders Default.aspx
Is this a bug/breaking change or have I missed something glaringly obvious?
I am currently accepting the parameters login and password in my servlet, but logs are storing this info when using wget (as long as it is GET method, and apache is in the middle)
Instead of this I want to enhance my servlet's authentication accepting:
wget --http-user=login --http-password=password http://myhost/myServlet
How can I read, in my servlet, the server side, the login and the password user is sending, in java code?
I have an asp website that uses form authentication to protect certain resources. I am developing a desktop winform application that accesses the protected resource. How do I take id and password from user on the desktop app and pass it to the site?
I initially thought WebRequest.Credentials can be used to achieve this but I was wrong.
Thanks!
I am using RestEasy to develop a REST server and using the mock dispatcher (org.jboss.resteasy.mockMockDispatcherFactory) for testing the service in my unit tests. My service requires digest authentication and I would to make that part of my testing.
Each of my services accepts a @Context SecurityContext securityContext parameter.
Is there any way is inject a fake SecurityContext in the dispatcher so that I can test that my security methods function properly?
I have:
a service running under user account domainA\userA on hostA from domainA
SPNs created for the service running on hostA for user account domainA\userA
a client part of my application is trying to access resources (through remoting) from the service running on hostA
but this client part is running on hostB from domainB and under the user account domainB\userB
appropriate delegation settings are done for user account domainA\userA
trusted for delegation
SPNs set properly with no duplicates
domainA and domainB have two way trust
I get this error:
A secuity package specific error occured: Unspecified error (0x80004005)
Could you please see if there is any authentication setting I missed?
Which user authentication scheme could be used at following scenario?
Users login at the website(ex: Microsoft.com)
If login is successful, access to the program in user's local machine(ex: MS Word) is granted.
The development environment is .NET.
Thanks in advance!