Search Results

Search found 26659 results on 1067 pages for 'google authentication'.

Page 75/1067 | < Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82  | Next Page >

  • How to specify importance of html elements?

    - by Julien Fouilhé
    Is it possible to specify what elements of the page are important, or, more specifically, what elements of the page are not important? I'm using HTML5 new elements (nav, header, footer, section, article, aside...), but in the description of the website, there's sometimes my login form (in the header of my page though) in the Google description of my website pages... Is there a solution to resolve this problem? Thank you.

    Read the article

  • How much of a benefit does a changing landing page give in terms of SEO?

    - by Glycan
    I have a friend with a small business with a website. He asked me if he should make a put a section on his landing page under the fold that with his most recent review (or something along those lines). Specifically, he wants to know if that's the most efficient use of his time. Is there a list or such of things google values compared to each other, so that these kinds of answers could be easily answered?

    Read the article

  • Move old website with bad SEO to other domain: redirect or start from scratch?

    - by fox_mulder
    I have an old website with very bad SEO and PR, but still with some visitors per-day. Lately I've rebuilt the app and the concept of it and I'm going to deploy everything in a new domain. I would like to not lose those old visitors but I'm wondering if redirecting that old website to my new one is going to damage the SEO in the new website. Don't know also if it deserves to make the move in the Google Webmaster Tools and Bing or better start from scratch.

    Read the article

  • Google Chrome does not launch after some months without using it in Windows XP/Seven

    - by kokbira
    Well, I have in computers I use with Windows XP or Seven more than one browser installed on them, generally Internet Explorer 8, Firefox 4, Opera 11 and Google Chrome. I often use Firefox, but I want to use Google Chrome sometimes because I have a lot of addons and webapps on it. The issue is: when I try to execute Chrome after some months without using it, it does not function. Using Proccess Explorer or Task Manager, I can see that there is not any Google proccesses running. Then I reinstall it and all functions. But if I do not use it for some months again, it will not function... Is it an update problem? Must I use Chrome everyday or is there another way to avoid that issue? PS: I installed English and Portuguese last versions (how to get the version numbers when it does not execute?), not at the same time, and it continues to do not launch... PS2: There is a running Google Update proccess that is launched in startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run    Name:            Google Update    Type:            REG_SZ    Data:            "C:\Users\Ubirajara\AppData\Local\Google\Update\GoogleUpdate.exe" /c

    Read the article

  • How do you make Google's interface always be in your chosen language?

    - by Michael Wolf
    Google's interface and search results don't always appear in my preferred language, English. I'm located in Mexico City and, although I generally have no problem with Spanish, I would prefer search results in English most of the time. (The exception is when I'm using search terms in Spanish.) I'd also prefer the interface to be in English, but that's far less important to me than search results. Google looks at your IP to decide where you're coming from and thus what language to present results in. So, when I type www.google.com into the URL bar, it redirects me to www.google.com.mx. Is there a way to force Google to use one language all the time? Here are some things I've done and tried: 0) I have a Google account, and I've configured it such that it should know that English is my preferred language. I don't often explicitly log out of Google, so generally Google knows I'm me and my preferences when I access its services. 1) I've configured my browser to ask for pages in English. Very few sites support this feature at all; Google isn't one of them. 2) From www.google.com.mx, I can click on "Google.com in English". This works until, I think, I close the browser. 2a) From www.google.com.mx, I can go into account configuration, which is English. From then on, everything's in English. 3) I can append &hl=en (Human Language = English) to the end of the URLs of result pages. 2, 2a, and 3 all "work", but they're all mildly annoying. I'd rather avoid them if I could. (At the risk of stating the obvious, English and Spanish are the languages I'm dealing with, but I imagine that, say, a francophone using Google from Korea would run into basically the same issue.)

    Read the article

  • Understanding Authorized Access to your Google Account

    - by firebush
    I'm having trouble understanding what I'm am granting to sites when they have "Authorized Access to my Google Account." This is how I see what has authorized access: Log into gmail. Click on the link that is my name in the upper-right corner, and from the drop-down select Account. From the list of links to the left, select Security. Click on Edit next to Authorized applications and sites. Authenticate again. At the top of the page, I see a set of sites that have authorized access to my account in various ways. I'm having trouble finding out information about what is being told to me here. There's no "help" link anywhere on the page and my Google searches are coming up unproductive. From the looks of what I see there, Google has access to my Google calendar. I feel comfortable about that, I think. But other sites have authorization to "Sign in using your Google account". My question is, what exactly does that authorization mean? What do the sites that have authorization to "Sign in using my Google account" have the power to do? I hope that this simply means that they authorize using the same criterion that gmail does. I assume that this doesn't grant them the ability to access my email. Can someone please calm my paranoia by describing (or simply pointing me to a site that describes) what these terms mean exactly? Also, if you have any thoughts about the safety of this feature, please share. Thanks!

    Read the article

  • Google Apps routing to different servers, depending on domain

    - by Philip
    We are investigating Google Apps for Education for our group of schools. Currently, each school uses their own Exchange (2003) server. Each school has its own domain which I have added to Google Apps as additional domains. I would like to start transitioning certain staff and some new pupils over to Google Apps to start testing. In this interim phase, I need mail to be routed through Google Apps and then, if no appropriate mail box is found, route on to the individual schools depending on the recipient. I do know that it is possible to route mail that does not have an appropriate Google Apps mail account to a single server - under "Settings / E-mail Settings / General Settings / Routing / E-mail routing". This works well for a single organisation where all the extra mail is destined for one place. I do know that it is possible to set up Routes, under "Settings / E-mail Settings / Hosts" and then use rules, found under "Settigns / E-mail Settings / General Settings / Routing / Receiving Routing". I can then filter based on e-mail domain and forward on to the necessary server. My problem with this, as I understand it, is that it ignores the users that have Google Apps accounts set up and sends all mail to the Exchange server. Are there any solutions for this predicament? Many thanks!

    Read the article

  • Sharepoint web services -- The HTTP request is unauthorized with client authentication scheme 'Ntlm'

    - by Pandincus
    I know there's a lot of questions on SO similar to this, but I couldn't find one for this particular issue. A couple of points, first: I have no control over our Sharepoint server. I cannot tweak any IIS settings. I believe our IIS server version is IIS 7.0. Our Sharepoint Server is anticipating requests via NTLM. Our Sharepoint Server is on the same domain as my client computer. I am using .NET Framework 3.5, Visual Studio 2008 I am trying to write a simple console app to manipulate Sharepoint data using Sharepoint Web Services. I have added the Service Reference, and the following is my app.config: <system.serviceModel> <bindings> <basicHttpBinding> <binding name="ListsSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="Transport"> <transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://subdomain.companysite.com/subsite/_vti_bin/Lists.asmx" binding="basicHttpBinding" bindingConfiguration="ListsSoap" contract="ServiceReference1.ListsSoap" name="ListsSoap" /> </client> </system.serviceModel> This is my code: static void Main(string[] args) { using (var client = new ListsSoapClient()) { client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("username", "password", "domain"); client.GetListCollection(); } } When I call GetListCollection(), the following MessageSecurityException gets thrown: The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'. With an inner WebException: "The remote server returned an error: (401) Unauthorized." I've tried various bindings and various code tweaks to try to authenticate properly, but to no avail. I'll list those below. I've tried the following steps: Using a native Win32 Impersonator before creating the client using (new Impersonator.Impersonator("username", "password", "domain")) using (var client = new ListsSoapClient()) { client.ClientCredentials.Windows.ClientCredential = new NetworkCredential("dpincas", "password", "domain"); client.GetListCollection(); } This produced the same error message. Setting TokenImpersonationLevel for my client credentials using (var client = new ListsSoapClient()) { client.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation; client.GetListCollection(); } This produced the same error message. Using security mode=TransportCredentialOnly <security mode="TransportCredentialOnly"> <transport clientCredentialType="Ntlm" /> </security> This resulted in a different error message: The provided URI scheme 'https' is invalid; expected 'http'. Parameter name: via However, I need to use https, so I cannot change my URI scheme. I've tried some other combinations that I can't remember, but I'll post them when I do. I'm really at wits end here. I see a lot of links on Google that say "switch to Kerberos", but my server seems to only be accepting NTLM, not "Negotiate" (as it would say if it was looking for Kerberos), so that is unfortunately not an option. Any help out there, folks?

    Read the article

  • People Picker can't find Forms Authentication Users in WSS 3.0

    - by beyti
    I used a lot of tutorials to turn my windows authenticated default wss web app to use Forms Authentication. What I've done since; 1. created a web app. and a site in wss 3.0. Made its anonymous access enabled for all site content. This wss app is in the "wss3" server. 2. created a membership db with regsql.exe in .net framework folder.Created it with its default settings, like aspnetdb named database.This db is in the "sqlserver" server. 3. gave db.owner permission to the web app. admin of wss to the aspnetdb database. The user is registered under the same domain as the sql and the wss machines. 4. configured site's web.config file with following changes/adds: ..added the connectionString: <connectionStrings> <clear /> <add name="LocalSqlServer" connectionString="server=sqlserver;database=aspnetdb; Integrated Security=SSPI" providerName="System.Data.SqlClient" /> </connectionStrings> ..added the membershipProvider: <membership> <providers> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="LocalSqlServer" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" applicationName="/" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1" passwordAttemptWindow="10" passwordStrengthRegularExpression="" /> </providers> </membership> ..also checked the peoplepicker settings: <PeoplePickerWildcards> <clear /> <add key="AspNetSqlMembershipProvider" value="%" /> </PeoplePickerWildcards> 5. After all, I changed the application provider of the site I created to use forms. Gave it the provider name of "AspNetSqlMembershipProvider". 6. I've created some users for Forms Authentication via ASP.net Configuration page by visual studio. 7. Checked the users in the db aspnetdb. They are there. 8. Tried to login to wss with one of them. Successfully logged in. With no privilages ofcourse. 9. Tried to give permission via Web Application Policy to that user which logged in. 10. People Picker couldn't find it at all. Any of the forms users couldn't be found. But it clearly tells that AD connection is also changed that none of the AD users couldn't be found either. It seems I'm missing something to configure about people picker. Any help would be appreciated. Thanks in advance. Beytan

    Read the article

  • Forms Authentication works on dev server but not production server (same SQL db)

    - by Desmond
    Hi, I have the same problem as a previously solved question however, this solution did not help me. I have posted the previous question and answer below: http://stackoverflow.com/questions/2215963/forms-authentication-works-on-dev-server-but-not-production-server-same-sql-db/2963985#2963985 Question: I've never had this problem before, I'm at a total loss. I have a SQL Server 2008 database with ASP.NET Forms Authentication, profiles and roles created and is functional on the development workstation. I can login using the created users without problem. I back up the database on the development computer and restore it on the production server. I xcopy the DLLs and ASP.NET files to the server. I make the necessary changes in the web.config, changing the SQL connection strings to point to the production server database and upload it. I've made sure to generate a machine key and it is the same on both the development web.config and the production web.config. And yet, when I try to login on the production server, the same user that I'm able to login successfully with on the development computer, fails on the production server. There is other content in the database, the schema generated by FluentNHibernate. This content is able to be queried successfully on both development and production servers. This is mind boggling, I believe I've verified everything, but obviously it is still not working and I must have missed something. Please, any ideas? Answer: I ran into a problem with similar symptoms at one point by forgetting to set the applicationName attribute in the web.config under the membership providers element. Users are associated to a specific application. Since I didn't set the applicationName, it defaulted to the application path (something like "/MyApplication"). When it was moved to production, the path changed (for example to "/WebSiteFolder/SomeSubFolder /MyApplication"), so the application name defaulted to the new production path and an association could not be made to the original user accounts that were set up in development. Could your issues possibly be the same as mine? I have this already in my web.config but still get the issue. Any ideas? <membership> <providers> <clear/> <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="/"/> </providers> </membership> <profile> <providers> <clear/> <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ApplicationServices" applicationName="/"/> </providers> </profile> <roleManager enabled="false"> <providers> <clear/> <add connectionStringName="ApplicationServices" applicationName="/" name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> <add applicationName="/" name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/> </providers> </roleManager> Any help is greatly appriciated.

    Read the article

  • Authenticating a user for a single app with multiple domains

    - by hofnarwillie
    I have one asp.net web application, but two different domains point to this web app. For instance: www.one.com and www.two.com both point to the same web app. I have an issue where I need certain pages to be on a specific domain (due to some security requirements from our online payment provider - a third party website). So let's say page1.aspx needs to be called on www.two.com The process is as follows: A user logs into www.one.com The authentication cookie is saved to the browser The user then navigates to page1.aspx and, if on the wrong domain, gets redirected to the correct domain. (this redirection happens on page1.aspx in the page_load event) Then asp.net redirects the user to the login screen, because the authentication cookie is not sent to www.two.com. How can I track the user and keep him/her logged in between the two domains?

    Read the article

  • Is it possible to get a Proxy Authentication Dialog with Ubuntu Server?

    - by Johnny Bigoode
    I've got a VM Virtual Box with Ubuntu Server. I'set the http_proxy variable using export http_proxy="http://1234:linux@proxy:8080" The problem is that Ubuntu will constantly try to connect to the internet, even when I'm not logged in my company's account, so everyday I need to reset my password since Ubuntu will constantly try to access the internet. Also, it's always a problem when I need to authenticate the proxy with a different user/password. Can't I just set it to make a small prompt when it tries to connect to the proxy and fails? Like Firefox, Chrome and every app I have installed with Windows 7? I get this small dialog box that asks for a username and password when it can't access the internet. The Ubuntu Server doesn't need constant internet connection, specially since it's only online for tests over LAN.

    Read the article

  • Is there a proven concept to website reverse certificate authentication?

    - by Tom
    We're looking at exposing some of our internal application data externally via a website. The actual details of the website aren't that interesting, it'll be built using ASP.NET/IIS etc, that might be relevant. With this, I'm essentially I'm looking for a mechanism to authenticate users viewing my website. This sounds trivial, a username/password is typically fine, but I want more. Now I've read plenty about SSL/x.509 to realise that the CA determines that we're alright, and that the user can trust us. But I want to trust the user, I want the user to be rejected if they don't have the correct credentials. I've seen a system for online banking whereby the bank issues a certificate which gets installed on the users' computer (it was actually smartcard based). If the website can't discover/utilise the key-pair then you are immediately rejected! This is brutal, but necessary. Is there a mechanism where I can do the following: Generate a certificate for a user Issue the certificate for them to install, it can be installed on 1 machine If their certificate is not accessible, they are denied all access A standard username/password scheme is then used after that SSL employed using their certificate once they're "in" This really must already exist, please point me in the right direction! Thanks for your help :)

    Read the article

  • ASP.NET MVC 2 and authentication using WIF (Windows Identity Foundation)

    - by Russ Cam
    Are there any decent examples of the following available: Looking through the WIF SDK, there are examples of using WIF in conjunction with ASP.NET using the WSFederationAuthenticationModule (FAM) to redirect to an ASP.NET site thin skin on top of a Security Token Service (STS) that user uses to authenticate (via supplying a username and password). If I understand WIF and claims-based access correctly, I would like my application to provide its own login screen where users provide their username and password and let this delegate to an STS for authentication, sending the login details to an endpoint via a security standard (WS-*), and expecting a SAML token to be returned. Ideally, the SessionAuthenticationModule would work as per the examples using FAM in conjunction with SessionAuthenticationModule i.e. be responsible for reconstructing the IClaimsPrincipal from the session security chunked cookie and redirecting to my application login page when the security session expires. Is what I describe possible using FAM and SessionAuthenticationModule with appropriate web.config settings, or do I need to think about writing a HttpModule myself to handle this? Alternatively, is redirecting to a thin web site STS where users log in the de facto approach in a passive requestor scenario?

    Read the article

  • Where to mention Accessdenied page in form Authentication

    - by Muhammad Akhtar
    I have implement Form Authentication <location path="Admin"> <system.web> <authorization> <deny users="?"/> <allow roles="Admin" /> <deny roles="systemAdmin"/> </authorization> </system.web> </location> Since in above mentioned rights, Admin can have access to Admin folder and systemAdmin can't have. I have make custom Accessdenied page where I am showing message to user he has not permission to access this page Now the issue is, If systemAdmin try to hit Admin folder page, he will be redirected to AccessDenied.apsx page. (please Note: both user are authenticated, 1 user have permission to some folder and other user have permission to other folder. I don't want to put check in each page) where to specify accessdenied page redirection ? Thanks

    Read the article

  • With windows authentication, The trust relationship between the primary domain and the trusted domai

    - by yamspog
    I have my asp.net web server setup to use windows authentication. It is authenticating just fine with my current logged in user. I can verify this by viewing ... HttpContext.Current.User.Identity.Name And I can verify that I am authenticated by viewing... HttpContext.Current.User.Identity.IsAuthenticated However, when I call the .IsInRole function I get the trust relationship error... HttpContext.Current.User.IsInRole("accounting") I have found online references to problems with supplying domain name with the role name (domain\accounting), but I still get the same error. Any suggestions on where to look or troubleshoot the problem?

    Read the article

  • Consume a WebService with Integrated authentication from WPF windows application

    - by Tr1stan
    I have written a WPF windows application that consumes a .net WebService. This works fine when the web service in hosted to allow anonymous connections, however the WebService I need to consume when we go live will be held within a website that has Integrated Authentication enabled. The person running the WPF application will be logged onto a computer within the same domain as the web server and will have permission to see the WebService (without entering any auth info) if browsing to it using a web browser that is NTLM auth enabled. Is it possible to pass through the details of the already logged in user running the application to the WebService? Here is the code I'm currently using: MyWebService.SearchSoapClient client = new SearchSoapClient(); //From the research I've done I think I need to something with these: //UserName.PreAuthenticate = true; //System.Net.CredentialCache.DefaultCredentials; List<Person> result = client.FuzzySearch("This is my search string").ToList(); Any pointers much appreciated.

    Read the article

  • IIS: Anonymous and WIndows Authentication

    - by brad
    Scenario For a multiple file uploader I am implementing, I need to have a handler within a windows authenticated site that uses anonymous access. As detailed here, this is because Flash cannot use windows authentication. The aforementioned post states that the only way to accomplish this is to create a completely separate site. However, this seems like a big hassle just for an uploader. Is there a way to work around this limitation of IIS? Notes I am using asp.net 3.0 and IIS6 on a Windows 2003 Server with Service Pack 2.

    Read the article

  • Authentication on odata service

    - by Toad
    I want to add some authentication to my odata service. Depending on the user calling i want to: filter rows and/or remove columns. I read in scott hanselmans fine blogpost on odata ( http://www.hanselman.com/blog/CreatingAnODataAPIForStackOverflowIncludingXMLAndJSONIn30Minutes.aspx )that it is possible to intercept the incoming queries. If this works i could add some extra filtering. How would this intercepting and altering queries work exactly? I can not find any examples of where and how to do this. (i'm using entitie framework and wcf dataservices (just like scotts example blog)

    Read the article

  • Handling User Authentication in C#.NET?

    - by Daniel
    I am new to .NET, and don't have much experience in programming. What is the standard way of handling user authentication in .NET in the following situation? 1.In Process A, User inputs ID/Password 2.Process A sends the ID/Password to Process B over a nonsecure public channel. 3.Process B authenticates the user with the recieved ID/Password what are some of the standard cryptographic algorithms I can use in above model? The users(customers that bought my company's software) will be running the software(Process A) locally in their computer(connected to internet). I need to authenticate the users so that only registered users can run the program. Thank You!

    Read the article

  • WCF digest Authentication

    - by dudia
    What should be specified on the client side? Is this enough: binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Digest; ... cf.Credentials.HttpDigest.ClientCredential = new NetworkCredential("myuser", "mypass", "mydomain"); cf.Credentials.HttpDigest.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation; What should be specified on the server side? obviously one needs: binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Digest; but where do one specify in the server the digest username\password to validate the client against? In addition when Micosoft says that Digest Authentication uses the Domain Controller, what does it mean? Does it validate username\password against it?

    Read the article

  • sql db problem with windows authentication

    - by Jimmy
    Have a SQL Server 2008 db which I connect to the Windows Authentication .. has worked good for 7-8 months .. but now when I come to work today it no longer worked to connect, without that I had done something Error message was: Can not open user default database. Login failed. Login failed for user 'Jimmy-PC \ Jimmy'. where the first is the computer name and the second is the user. The problem seems to be that it tries to connect to the default database. Have tried to change it without success .. I do not have sql server management tools for sql 2008 but only to 2005, someone who has similar experience? who have not touched anything said over the weekend and it worked last Friday without any problems.

    Read the article

  • How do I use NTLM authentication with Active Directory

    - by Jon Works
    I am trying to implement NTLM authentication on one of our internal sites and everything is working. The one piece of the puzzle I do not have is how to take the information from NTLM and authenticate with Active Directory. There is a good description of NTLM and the encryption used for the passwords, which I used to implement this, but I am not sure of how to verify if the user's password is valid. I am using Coldfusion but a solution to this problem can be in any language (Java, Python, PHP, etc). Edit: I am using Coldfusion on Redhat Enterprise Linux. Unfortunately we cannot use IIS to manage this and instead have to write or use a 3rd party tool for this.

    Read the article

  • multiple login pages in ASP.NET forms authentication

    - by Brad
    My bank's website has 2 login pages for online banking. On the first page, I enter my username. If I don't enter a valid username, I get an error message, and do not get to the 2nd page. The 2nd page displays a picture based on my user name, and has me enter my password. If I manually type a URL to a page inside the site after entering my username but before entering my password, I am redirected back to the first login page. Is there a good way to implement this in ASP.NET with Forms Authentication? I only get 1 loginUrl in my web.config. I am fairly certain my bank uses Java.

    Read the article

  • WCF REST based services authentication schemes

    - by FlySwat
    I have a simple authentication scheme for a set of semi-public REST API's we are building: /-----------------------\ | Client POST's ID/Pass | | to an Auth Service | \-----------------------/ [Client] ------------POST----------------------> [Service/Authenticate] | /-------------------------------\ | Service checks credentials | [Client] <---------Session Cookie------- | and generates a session token | | | in a cookie. | | \-------------------------------/ | [Client] -----------GET /w Cookie -------------> [Service/Something] | /----------------------------------\ | Client must pass session cookie | | with each API request | | or will get a 401. | \----------------------------------/ This works well, because the client never needs to do anything except receive a cookie, and then pass it along. For browser applications, this happens automatically by the browser, for non browser applications, it is pretty trivial to save the cookie and send it with each request. However, I have not figured out a good approach for doing the initial handshake from browser applications. For example, if this is all happening using a AJAX technique, what prevents the user from being able to access the ID/Pass the client is using to handshake with the service? It seem's like this is the only stumbling block to this approach and I'm stumped.

    Read the article

< Previous Page | 71 72 73 74 75 76 77 78 79 80 81 82  | Next Page >