Search Results

Search found 5866 results on 235 pages for 'authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 79/235 | < Previous Page | 75 76 77 78 79 80 81 82 83 84 85 86  | Next Page >

  • mod_rewrite with location-based ACL in apache?

    - by Alexey
    Hi. There is a CGI-script that provides some API for our customers. Call syntax is: script.cgi?module=<str>&func=<str>[&other-options] The task is to make different authentiction rules for different modules. Optionally, it will be great to have nice URLs. My config: <VirtualHost *:80> DocumentRoot /var/www/example ServerName example.com # Global policy is to deny all <Location /> Order deny,allow Deny from all </Location> # doesn't work :( <Location /api/foo> Order deny,allow Deny from all Allow from 127.0.0.1 </Location> RewriteEngine On # The only allowed type of requests: RewriteRule /api/(.+?)/(.+) /cgi-bin/api.cgi?module=$1&func=$2 [PT] # All others are forbidden: RewriteRule /(.*) - [F] RewriteLog /var/log/apache2/rewrite.log RewriteLogLevel 5 ScriptAlias /cgi-bin /var/www/example <Directory /var/www/example> Options -Indexes AddHandler cgi-script .cgi </Directory> </VirtualHost> Well, I know that problem is order of processing that directives. <Location>s will be processed after mod_rewrite has done its work. But I believe there is a way to change it. :) Using of standard Order deny,allow + Allow from <something> directives is preferable because it's commonly used in other places like this. Thank you for your attention. :)

    Read the article

  • Active Directory: User UPN or DN for NTLM name, using pure LDAP?

    - by Bernd Haug
    I have a Java app that can authenticate to LDAP by logging users into the AD LDAP server with the NTLM name (which they are used to - this is a requirement). I now also need to do authorization, and hence need to find a forest-unique identifier for the user (DN or UPN should work), from which I can further query the directory. The method needs to be absolutely portable, even if the AD is structured in an unusual fashion, otherwise I could just do a string replacement and search for a UPN of "${ntlm-user}@${ntlm-domain}.${configured-trailing-domain}" How can I do this, using pure LDAP? Currently, I'm using the java.naming.directory package, which I'd like to keep using, since it doesn't throw up problems when not binding with a DN but logging in with an NTLM name?

    Read the article

  • How to share the credentials between Webform and Winform?

    - by Daniel
    Hi! Question: I want to make a login form at the Clickonce deployment webpage, and only allow the authenticated users to download the application. and I want the downloaded application to use the same credentials entered at the webpage, without prompting the users to enter the credentials again. Details: I have an application(Windows Client) which needs customized settings for different users. the application is deployed through ClickOnce. Currently, the users are given the ClickOnce webpage URL, then download the application from there. after download and running the application, the application prompts users with a login form. If their credentials are authenticated, the application loads the customized settings from the server's database according to the credentials given. The problem is, any unauthenticated users can download the application if they just know the ClickOnce deployement webpage's URL. Unauthenticated users won't be able to run the application anyways, because the application asks for credentials when started, but I want to prevent the unauthenticated users from downloading the application at all. Am I asking the wrong question maybe? Your help is much appreciated!

    Read the article

  • FormsAuthentication.RedirectFromLoginPage reload page

    - by Dofs
    Hi, I am using the .Net memebership system, and uptil now I haven't had any real troubles with it. I now have a overlay where a user can create a profile. When the profile is created I just want to redirect to the same page, and not to the default page or the return url - which doesn't exists. I have tried to stop the FormsAuthentication.RedirectFromLoginPage response, but with no effect: FormsAuthentication.RedirectFromLoginPage(username, false); // End the redirect so it doesnt redirect to default url (front-page) Response.End(); Response.Redirect(Request.RawUrl); Does anyone have an idea to how this can be solved?

    Read the article

  • simple authorisation in web api

    - by monthon1
    I want to make nice and clean api; I'm making site and I want to offer the ability to mobile apps use web API of my site. I don't want to use oAuth, becouse the mobile and embedded applications that are facing the biggest hurdle, as they may not be able to bring up and/or control the web browser. Also its a little complicate. I know, that HTTP basic authorisation is not safe, but it's so simple... I want to use it in my api. I have somee users logins and their passwords (md5-encoded) in mysql base, but how to use those data in this HTTP basic authorisation?

    Read the article

  • Android: prevent user from coming back to login page after logging in

    - by user522559
    Hi all, I have a login page in my android app. I want to prevent the user after logging in to come back to the login page. Also, when the user reopens the app, if he has logged in before, I want to go directly to the main page without having to go to the login page. What the best way of doing that? One idea I thought of is to save the login parameters in a cookie, and then, when the app is reopens, if the cookie contains some login information, I inflate the main page, otherwise, I inflate the login page. Is this the best way of doing it? Thanks,

    Read the article

  • Flex URLRequest and .NET authorization

    - by user252160
    can I make role based authorization when sending requests to an ASP.NET MVC backend system. I am calling action methods and expecting JSON results, however, some action methods are decorated with the [Authorize] attribute, others require some role privileges to be present. I certainly hope that passing authorization data with every request is possible

    Read the article

  • Is it possible to use Integrated Windows Auth when Server isn't on the domain?

    - by jskentzos
    Our production web servers ARE NOT part of the domain, but we'd like people to be able to log in automatically since they are logged into the domain on their PC. Is there anyway to get the browser (IE7+) to send the appropriate information to the server (IIS6) so I can retrieve the ServerVariables["AUTH_USER"] or ServerVariables["LOGON_USER"]? I presume the answer is no since if I set the security for windows auth to "on" and anonymous access to "off", then the server wouldn't know what do do with any user information for a domain which it has no knowledge of. I just want to know for sure before I give the SSO team a "not possible" answer.

    Read the article

  • Best place to check user authenticity in a back end module where all pages are only available to mem

    - by understack
    I've a backend module which could only be accessed by only authorized members. So I need to check authenticity for all actions and for all controllers. Currently I'm doing it inside preDispatch() functions inside controller classes. So it takes care of all the actions inside that controller. But still I've to do it for all controllers. Is there a place I could check it for all the controllers as well. So basically I want one place authenticity check for whole backend module. Can I do it in bootstrap?

    Read the article

  • IIS7 integrated mode closing token between requests

    - by user607287
    We are migrating to IIS7 integrated mode and have come across an issue. We authenticate using WindowsAuthentication but then store a reference to the WindowsPrincipal so that on future requests we can authorize as needed against AD. In IIS 7 Integrated mode, the token is being closed (between requests) so that when we try to run IsInRole it generates a disposed exception. Is there a way to cache this token or change our use of WindowsPrincipal so that we don't need to make successive AD requests to get it for each authorization request? Here is the exception being thrown from WindowsPrincipal.IsInRole("") - System.ObjectDisposedException: {"Safe handle has been closed"} Thanks.

    Read the article

  • Why second user login redirects me to /accounts/profile/ url?

    - by drupality
    I am using Django built in view for user login: url(r'^user/login/$', 'django.contrib.auth.views.login', {'template_name': 'users/templates/login.html'}, name='user-login'), After login when I goto user/login again I can login second time. I submit the form and getting: The current URL, accounts/profile/, didn't match any of these. I haven't declare this url in urls.py. What I am doing wrong? Why framework want to redirect to this url?

    Read the article

  • Create an own "OpenID-like system" Provider

    - by user502052
    I know that Facebook use their own OpenID-like system called "Facebook connect", which you can use to authenticate users on your site, among other features. In my case I have multiple Ruby on Rails applications: users.example.com profiles.example.com photos.example.com ... I would like to use 'users.example.com' as a web service that allows users to authenticate to all my other applications the same way as works "Facebook connect" or OpenID. In few words, 'users.example.com' must works as a "OpenID-like system" for my applications in 'example.com'. Can anyone give me tips and links to some useful resources? P.S.: since I am a newbie in this matter, I do not know if I'm saying things that make sense. So someone could help me to understand (if I am wrong) ...

    Read the article

  • Does CAS Support Application Level Impersonation?

    - by Rob Wilkerson
    I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and manage privileges (which are based on username). A new requirement has come up, though, that requires the original app to include, via an iframe, content from a second PHP app that is also CAS-enabled. Somehow, I need for the second app to know whether impersonation is happening in the first. I don't want to pass usernames around for security reasons, so I'm wondering whether I can offload the responsibility for handling impersonation to the CAS server which is shared by both apps. Thanks.

    Read the article

  • Restrict access to a specific URL, running on IIS7 / ASP.NET

    - by frankadelic
    I am deploying a public ASP.NET website on an IIS7 web farm. The application runs on 3 web servers and is behind a firewall. We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc. /admin/somepage.aspx What is the best way to control access to this page? We need to: Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks. Should this access control be done at the (a) network level, (b) application level, etc.?

    Read the article

  • Sending data to a web site over HTTP

    - by sfactor
    i have a program that receives data from a wireless device over bluetooth...i now need to do some operations in the data and then send it to the website (web server!!!) as a .csv file...i also need to authenticate the device itself from it hardware address which is also obtained in the program.i am coding this in gcc linux compiler using C...can anyone tell me how do i go about doing this?

    Read the article

  • How to update user info with restful_authentication plugin in Rails?

    - by benoror
    Hi people, I want to give the users to change their account info with restful_authentication plugin in rails. I added this two methods to my controller: def edit @user = User.find(params[:id]) end def update @user = User.find(params[:id]) # Only update password when necessary params[:user].delete(:password) if pàrams[:user][:password].blank? respond_to do |format| if @user.update_attributes(params[:user]) flash[:notice] = 'User was successfully updated.' format.html { redirect_to(@user) } format.xml { head :ok } else format.html { render :action => "edit" } format.xml { render :xml => @user.errors, :status => :unprocessable_entity } end end end Also, I copied new.html.erb to edit.html.erb. Considering that resources are already defined in routes.rb I was expecting it to work easily, bute somehow when I click the save button it calls the create method, instead of update, using a POST http request. Any ideas?

    Read the article

  • htaccess: only do [some lines of code] for one domain, no others.

    - by Coronatus
    Say I have a htaccess file shared by "dev.server" and "server.site.com". The first domain should allow all users to access it unchallenged (it only exists on my local development server). The second domain I want to authenticate users with Apache (NOT by database). The code to authenticate users is: AuthType Basic AuthName "Server Admin" AuthUserFile "/path/to/passwd" require valid-user What I can't do is make those 4 lines only matter if the domain is "server.site.com". How can I do this? I searched for something like <IfEnv HTTP_HOST "site.server.com"> but had no luck.

    Read the article

  • twitter basic authorisation not working?

    - by Bunny Rabbit
    URL url = new URL("http://twitter.com/statuses/update.xml"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setDoOutput(true); String cridentials = new sun.misc.BASE64Encoder().encode((username + ":" + password).getBytes()); conn.setRequestProperty ("Authorization", "Basic " + cridentials); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(status); wr.flush(); wr.close(); why the above code for updating twitter status is not working ? i am running it on google app engine.

    Read the article

  • Using web.config directory security and extensionless urls

    - by Matt Brailsford
    Hi Guys, I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows: Members Members/News Members/Press Members/Movies Users should be able to have access to the members parent page, but not child pages. My problem is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?

    Read the article

  • Can't sign into linkedin when using a QT4 (WebKit-based) browser?

    - by Inshim
    I started using the lightweight QT4 browser for some of the time on my Mac. Most simple websites, and even quite a few AJAX-heavy web apps, work for me flawlessly, including gmail (!) However, with LinkedIn, I can't even manage to sign in. Even when I change the useragent to one of a regular browser, it keeps kicking me out. Any ideas what could be wrong and for some workaround? Thanks!

    Read the article

  • How can I log any login operation in case of "Remember Me" option ?

    - by Space Cracker
    I have an asp.net login web form that have ( username textBox - password textBox ) plus Remember Me CheckBox option When user login i do the below code if (provider.ValidateUser(username, password)) { int timeOut = 0x13; DateTime expireDate = DateTime.Now.AddMinutes(19.0); if (rememberMeCheckBox.Checked) { timeOut = 0x80520; expireDate = DateTime.Now.AddYears(1); } FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(username, true, timeOut); string cookieValue = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieValue); cookie.Expires = expireDate; HttpContext.Current.Response.Cookies.Add(cookie); AddForLogin(username); Response.Redirect("..."); } as in code after user is authenticated i log that he login in db by calling method AddForLogin(username); But if user choose remember me in login and then he try to go to site any time this login method isn't executed as it use cookies ... so i have many questions: 1- Is this the best way to log login operation or is there any other better ? 2- In my case how to log login operation in case of remember me chosen by user ?

    Read the article

  • Self Authenticating Links in Django

    - by awolf
    In my web app I would like to be able to email self-authenticating links to users. These links will contain a unique token (uuid). When they click the link the token being present in the query string will be enough to authenticate them and they won't have to enter their username and password. What's the best way to do this?

    Read the article

  • Does mcrypt support asymmetric encryption?

    - by bryanagee
    I want to use asymmetric encryption of headers in RESTful requests to verify the identity of the system sending the request: i e System A encrypts it's name, timestamp, and the service name using it's public key in a request to System B. System B then uses the public key of System A to decrypt, proving the authenticity of the request. 1) Does php-mcrypt support this? 2) Has anyone benchmarked this type of operation?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 75 76 77 78 79 80 81 82 83 84 85 86  | Next Page >