Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 78/244 | < Previous Page | 74 75 76 77 78 79 80 81 82 83 84 85  | Next Page >

  • Google's Oauth for Installed apps vs. Oauth for Web Apps

    - by burgerguy
    So I'm having trouble understanding something... If you do Oauth for Web Apps, you register your site with a callback URL and get a unique consumer secret key. But once you've obtained an Oauth for Web Apps token, you don't have to generate Oauth calls to the google server from your registered domain. I regularly use my key and token from scripts running via an apache server at localhost on my laptop and Google never says "you're not sending this request from the registered domain." It just sends me the data. Now, as I understand it, if you do Oauth for Installed Apps, you use "anonymous" instead of a secret key you got from Google. I've been thinking of just using the OAuth for Web Apps auth method, then passing that token to an installed app that has my secret code embedded in its innards. The worry is that the code could be discovered by bad people. But what's more secure... making them work for the secret code or letting them default to anonymous? What really goes bad if the "secret" is discovered when the alternative is using "anonymous" as the secret?

    Read the article

  • OpenID like Stack Overflow

    - by eWolf
    I want to create an OpenID login with PHP just like it can be found on Stack Overflow. I know there are many questions for this, but mine is different. If I understood it correctly, every OpenID is defined by a unique URL. But: If I hit the Google button on the Stack Overflow login page, one generic URL is inserted in the text field. Is this the direct URL to the OpenID server? And if it is, how do I have to pass the URL to this class?

    Read the article

  • DRY Authenticated Tasks in Cocoa (with distributed objects)

    - by arbales
    I'm kind of surprise/infuriated that the only way for me to run an authenticated task, like perhaps sudo gem install shi*t, is to make a tool with pre-written code. I'm writing a MacRuby application, which doesn't seem to expose the KAuthorization* constants/methods. So.. I learned Cocoa and Objective-C. My application creates a object, serves it and calls the a tool that elevates itself and then performs a selector on a distributed object (in the tool's thread). I hoped that the distributed object's methods would evaluated inside the tool, so I could use delegation to create "privileged" tasks. If this won't work, don't try to save it, I just want a DRY/cocoa solution. AuthHelper.m //AuthorizationExecuteWithPrivileges of this. AuthResponder* my_responder = [AuthResponder sharedResponder]; // Gets the proxy object (and it's delegate) NSString *selector = [NSString stringWithUTF8String:argv[3]]; NSLog(@"Performing selector: %@", selector); setuid(0); if ([[my_responder delegate] respondsToSelector:NSSelectorFromString(selector)]){ [[my_responder delegate] performSelectorOnMainThread:NSSelectorFromString(selector) withObject:nil waitUntilDone:YES]; } RandomController.m - (void)awakeFromNib { helperToolPath = [[[NSBundle mainBundle] resourcePath] stringByAppendingString:@"/AuthHelper"]; delegatePath = [[[NSBundle mainBundle] resourcePath] stringByAppendingString:@"/ABExtensions.rb"]; AuthResponder* my_responder = [AuthResponder initAsService]; [my_responder setDelegate:self]; } -(oneway void)install_gems{ NSArray *args = [NSArray arrayWithObjects: @"gem", @"install", @"sinatra", nil]; [NSTask launchedTaskWithLaunchPath:@"/usr/bin/sudo" arguments:args]; NSLog(@"Ran AuthResponder.delegate.install_gems"); // This prints. } ... other privileges tasks. "sudo gem update --system" for one. I'm guessing the proxy object is performing the selector in it's own thread, but I want the current (privileged thread) to do it so I can use sudo. Can I force the distributed object to evaluate the selector on the tool's thread? How else can I accomplish this dryly/cocoaly?

    Read the article

  • Multiple user roles in Ruby on Rails

    - by aguynamedloren
    I am building an inventory management application with four different user types: admin, employee, manufacturer, transporter. I haven't started coding yet, but this is what I'm thinking.. Manufacturers and transporters are related with has_many :through many-to-many association with products as follows: class Manufacturer < ActiveRecord::Base has_many :products has_many :transporters, :through => :products end class Product < ActiveRecord::Base belongs_to :manufacturer belongs_to :transporter end class Transporter < ActiveRecord::Base has_many :products has_many :manufacturers, :through => :products end All four user types will be able to login, but they will have different permissions and views, etc. I don't think I can put them in the same table (Users), however, because they will have different requirements, ie: vendors and manufacturers must have a billing address and contact info (through validations), but admins and employees should not have these fields. If possible, I would like to have a single login screen as opposed to 4 different screens. I'm not asking for the exact code to build this, but I'm having trouble determining the best way to make it happen. Any ideas would be greatly appreciated - thanks!

    Read the article

  • Use default credentials in order to call DirectoryEntry

    - by Copeleto
    Hi, I am working in a Login page and teh logic is like - try { DirectoryEntry LDAPLogin = new DirectoryEntry(ConfigurationSettings.AppSettings ["LDAPPath"].ToString(), Usuario, Txt_Contrasenia.Text.ToString()); if (LDAPLogin.NativeGuid != LDAPLogin.Name) ValidarGrupo(); } catch (Exception exc) { Label_Info.Text = "Sus credenciales no son validas: " + Usuario.ToString() + " " + exc.Message; } If the user enters the rights credentials I call a method ValidarGrupo that implements a lookup in the AD for a group of the user I would like to replace the username and password with UseDefaultCredentials in order to avoid that the user has to enter the username and password and the Login pages use the credentials of the user that is login on the machine.

    Read the article

  • Use web.sitemap to control page access

    - by Jakob Gade
    I was setting up permissions for pages in a ASP.NET website with <location> tags in web.config, something similar to this: <location path="Users.aspx"> <system.web> <authorization> <allow roles="Administrator"/> <deny users="*"/> </authorization> </system.web> </location> However, I also have a web.sitemap which basically contains the same information, i.e. which user roles can see/access which pages. A snippet from my web.sitemap: <?xml version="1.0" encoding="utf-8" ?> <siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" > <siteMapNode title="Home"> ... lots of nodes here ... <siteMapNode url="users.aspx" roles="Administrator" title="users" description="Edit users" /> ... </siteMapNode> </siteMap> Is there some kind of nifty way of using web.sitemap only to configure access? The <location> tags are quite verbose, and I don't like having to duplicate this information.

    Read the article

  • Node.js fetching Twitter Streaming API - EADDRNOTAVAIL

    - by Jordan Scales
    I have the following code written in node.js to access to the Twitter Streaming API. If I curl the URL below, it works. However, I cannot get it to work with my code. var https = require('https'); https.request('https://USERNAME:[email protected]/1.1/statuses/sample.json', function(res) { res.on('data', function(chunk) { var d = JSON.parse(chunk); console.log(d); }); }); But I receive the following node.js:201 throw e; // process.nextTick error, or 'error' event on first tick ^ Error: connect EADDRNOTAVAIL at errnoException (net.js:642:11) at connect (net.js:525:18) at Socket.connect (net.js:589:5) at Object.<anonymous> (net.js:77:12) at new ClientRequest (http.js:1073:25) at Object.request (https.js:80:10) at Object.<anonymous> (/Users/jordan/Projects/twitter-stream/app.js:3:7) at Module._compile (module.js:441:26) at Object..js (module.js:459:10) at Module.load (module.js:348:31) If anyone can offer an alternative solution, or explain to me why this doesn't work, I would be very grateful.

    Read the article

  • Can django's auth_user.username be varchar(75)? How could that be done?

    - by perrierism
    Is there anything wrong with running alter table on auth_user to make username be varchar(75) so it can fit an email? What does that break if anything? If you were to change auth_user.username to be varchar(75) where would you need to modify django? Is it simply a matter of changing 30 to 75 in the source code?: username = models.CharField(_('username'), max_length=30, unique=True, help_text=_("Required. 30 characters or fewer. Letters, numbers and @/./+/-/_ characters")) Or is there other validation on this field that would have to be changed or any other repercussions to doing so? See comment discussion with bartek below regarding the reason for doing it.

    Read the article

  • Help with storing/accessing user access roles C# Winforms

    - by user222453
    Hello, firstly I would like to thank you in advance for any assistance provided. I am new to software development and have designed several Client/Server applications over the last 12 months or so, I am currently working on a project that involves a user logging in to gain access to the application and I am looking at the most efficient and "simple" method of storing the users permissions once logged in to the application which can be used throughout restricting access to certain tabs on the main form. I have created a static class called "User" detailed below: static class User { public static int _userID; public static string _moduleName; public static string _userName; public static object[] UserData(object[] _dataRow) { _userID = (int)_dataRow[0]; _userName = (string)_dataRow[1]; _moduleName = (string)_dataRow[2]; return _moduleName; } } When the user logs in and they have been authenticated, I wish to store the _moduleName objects in memory so I can control which tabs on the main form tab control they can access, for example; if the user has been assigned the following roles in the database: "Sales Ledger", "Purchase Ledger" they can only see the relevant tabs on the form, by way of using a Switch - Case block once the login form is hidden and the main form is instantiated. I can store the userID and userName variables in the main form once it loads by means of say for example: Here we process the login data from the user: DataAccess _dal = new DataAccess(); switch (_dal.ValidateLogin(txtUserName.Text, txtPassword.Text)) { case DataAccess.ValidationCode.ConnectionFailed: MessageBox.Show("Database Server Connection Failed!"); break; case DataAccess.ValidationCode .LoginFailed: MessageBox.Show("Login Failed!"); _dal.RecordLogin(out errMsg, txtUserName.Text, workstationID, false); break; case DataAccess.ValidationCode .LoginSucceeded: frmMain frmMain = new frmMain(); _dal.GetUserPrivList(out errMsg,2); //< here I access my DB and get the user permissions based on the current login. frmMain.Show(); this.Hide(); break; default: break; } private void frmMain_Load(object sender, EventArgs e) { int UserID = User._userID; } That works fine, however the _modules object contains mutiple permissions/roles depending on what has been set in the database, how can I store the multiple values and access them via a Switch-Case block? Thank you again in advance.

    Read the article

  • How safe am I signing into Google Spreadsheets with yeroon.net/ggplot2

    - by Farrel
    I am impressed by what I have seen of yeroon.net/ggplot2 which is a web interface for Hadley Wickham's R package ggplot2. I want to try it out on my own data. The part that has me very excited is that one can use data stored in one's own Google spreadsheet as the data. One just signs into their Google Account so that yeroon.net/ggplot2 can access the spreadsheet list. I have been hesitant to do it. If I sign in whilst on yeroon.net am I handing over my username and password to a third party? It would not be wise of me to divulge my google password to third parties since Google is fast becoming my repository of everything. How do I know if Jeroon's application is using ClientLogin or OAuth? My understanding is very basic and may be wrong but nevertheless here it is. OAuth would be better since it does not actually pass the password onto the third party application.

    Read the article

  • Setting the Identity/Principal from a MessageInspector in WCF

    - by Robert Wagner
    I am developing a WCF service that receives the user's credentials in the SOAP header. These credentials are read on the server side using a MessageInspector. So far so good. I want to set the Thread.CurrentPrincipal to a custom principal (CustomPrincipal), but when I do this from the MessageInspector, it gets overridden by the time the service is invoked. When is the best time to set the principal? Also what is the best way to pass the principal, identity or credentials from the inspector to that location?

    Read the article

  • Does someone have used Network Emulator API exposed in VS 2010

    - by Pritam
    Hi, I have seen VS2010 exposing Network Emulator API. I have installed it and trying to use this API, but not able detect whether it is really running with this code or not. Sometime I have given wrong profile name but it does not throw any error. Please find below my piece of code. If some one have used it please help me. IntPtr m_emulatorHandle = IntPtr.Zero; NetworkEmulationApi.LoadProfile(m_emulatorHandle, "300KB_WithLatency.xml"); NetworkEmulationApi.StartEmulation(m_emulatorHandle); Thanks, Pritam

    Read the article

  • OAuth2 Flow for Mobile Devices

    - by Bart Jedrocha
    We're currently working on an API that will be consumed by a variety of different devices. We want to use the OAuth2 spec as it defines several flows which were not available in the original OAuth spec. My question is, what flow would work best for a mobile device such as the iPhone or iPad? What flow does an application like TweetDeck use? Looking around the web it seems clients like TweetDeck use the 'Username and Password Credentials Flow" (browserless token exchange). Can anyone provide more information on this topic?

    Read the article

  • adldap class, need to search for user in two groups

    - by Brad
    http://adldap.sourceforge.net/wiki/doku.php?id=api_user_functions#user_ingroup_username_group_recursive_null I am using the adLDAP class above to authenticate users against our ldap server. I was wondering how I could check multiple groups to see if the user belongs to either, if they belong to either. I don't know if user_ingroup($username,$group,$recursive=NULL); can handle search two different groups for the user, need help coding it to search for the user in two different groups, and as soon as it finds it in one of those, break the operation and set a variable to true. Any help is appreciated.

    Read the article

  • MySqlDataReader giving error at build

    - by TuxMeister
    Hey there. I have a function in VB.net that authenticates a user towards a MySQL DB before launching the main application. Here's the code of the function: Public Function authConnect() As Boolean Dim dbserver As String Dim dbuser As String Dim dbpass As String dbserver = My.Settings.dbserver.ToString dbuser = My.Settings.dbuser.ToString dbpass = My.Settings.dbpass.ToString conn = New MySqlConnection myConnString = "server=" & dbserver & ";" & "user id=" & dbuser & ";" & "password=" & dbpass & ";" & "database=rtadmin" Dim myCommand As New MySqlCommand Dim myAdapter As New MySqlDataAdapter Dim myData As New DataTable Dim myDataReader As New MySqlDataReader Dim query As String myCommand.Parameters.Add(New MySqlParameter("?Username", login_usr_txt.Text)) myCommand.Parameters.Add(New MySqlParameter("?Password", login_pass_txt.Text)) query = "select * from users where user = ?Username and passwd = ?Password" conn.ConnectionString = myConnString Try conn.Open() Try myCommand.Connection = conn myCommand.CommandText = query myAdapter.SelectCommand = myCommand myDataReader = myCommand.ExecuteReader If myDataReader.HasRows() Then MessageBox.Show("You've been logged in.", "RT Live! Information", MessageBoxButtons.OK, MessageBoxIcon.Information) End If Catch ex As Exception End Try Catch ex As Exception End Try End Function The function is not yet complete, there are a few other things that need to be done before launching the application, since I'm using a MessageBox to display the result of the login attempt. The error that I'm getting is the following: Error 1 'MySql.Data.MySqlClient.MySqlDataReader.Friend Sub New(cmd As MySql.Data.MySqlClient.MySqlCommand, statement As MySql.Data.MySqlClient.PreparableStatement, behavior As System.Data.CommandBehavior)' is not accessible in this context because it is 'Friend'. C:\Users\Mario\documents\visual studio 2010\Projects\Remote Techs Live!\Remote Techs Live!\Login.vb 43 13 Remote Techs Live! Any ideas? Thanks.

    Read the article

  • Login for webapp, needs to be availible for supportstaff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". 1. Authorized licenseholders which does all setup themselves. 2. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want's us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support, we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • Rails 3 Authenticity Token

    - by matsko
    Does anyone know how the authenticity token is managed in rails 3? With all the unobtrusive javascript rails 3 articles showing how the html5 data attributes are used I don't see the authenticity token anywhere.

    Read the article

  • Public ASPXAUTH cookie and security

    - by Bara
    Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx I have to make the ASPXAUTH string "public" in the sense that it will be in the HTML of the page. My question is, how secure is this? I understand that anyone that can get to the string in the HTML can probably get to it from the cookie just as easily, but let's say someone does have this ASPXAUTH string. Is it possible that they can login as another user using this cookie? Would they be able to decrypt it? Bara

    Read the article

  • How to integrate vBulletin auth with my site?

    - by Exel
    Hello, I need to use vBulletin auth system on the rest of my site. Does vB has any APIs for that? Im expecting to find something like that: if($vBulletin->isAuthenticated()) { // user authenticated } In case of vB does not have such API, is there any other ways to check if user is authenticated?

    Read the article

  • Why does "request.getUserPrincipal().getName()" sometimes return a blank string?

    - by Marcus
    Has somebody an idea, why the getName method of the requests getUserPrincipal Method sometimes provides an empty String? Most of the time it returns the correct user name but not every time. This behaviour does occur randonmly. I can start the application, run the command and it works. The next time I start the application and run the command (exactly the same way as before!) it does not work... Any ideas?

    Read the article

  • How do you authenticate user generated "apps" for your app?

    - by Brian Armstrong
    I'm think something like Facebook apps here. User generated pieces of code that people can write to interact with my app. I understand how an authenticated API works, but this seems a little more complicated because not only does the APP have to authenticate itself (with a regular api-key) but the USER using the app has to be authenticated somehow too, without giving the app free reign. I've been reading a bit here to see how FB does it: http://wiki.developers.facebook.com/index.php/How_Facebook_Authenticates_Your_Application And it looks like you have to pass a signature in addition to the api-key along with every call, but I'm having trouble wrapping my head around how this gets generated and used on the other end (my server). Figure there must be a simple explanation of this out there? Thanks! P.S. I'm building a Rails app if there are any applicable gems/plugins.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 74 75 76 77 78 79 80 81 82 83 84 85  | Next Page >