Search Results

Search found 367 results on 15 pages for 'authorize'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 8/15 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • iPhone payment portal development

    - by Mike Litt
    A client has asked me about building an iphone app that can take restaurant orders. I have the resources to get this app done, but I had a few questions. *Will this app require a portion of the sale to go to apple (if so how much?) *Whats the best way to integrate a payment portal to this? *Will I have to/should I have someone authorize the payments? Thanks, All feedback is appreciated.

    Read the article

  • Simple Java web application on Tomcat

    - by EugeneP
    If we only need to graphically authorize a user, view a few tables representation (from database), ability to change data in the database visually what tools to use to write such a web application that will run on Tomcat? What framework allows to do that in the most straightforward, easy-to-manage and elegant way?

    Read the article

  • Securing an ASP.NET MVC 2 Application

    - by rajbk
    This post attempts to look at some of the methods that can be used to secure an ASP.NET MVC 2 Application called Northwind Traders Human Resources.  The sample code for the project is attached at the bottom of this post. We are going to use a slightly modified Northwind database. The screen capture from SQL server management studio shows the change. I added a new column called Salary, inserted some random salaries for the employees and then turned off AllowNulls.   The reporting relationship for Northwind Employees is shown below.   The requirements for our application are as follows: Employees can see their LastName, FirstName, Title, Address and Salary Employees are allowed to edit only their Address information Employees can see the LastName, FirstName, Title, Address and Salary of their immediate reports Employees cannot see records of non immediate reports.  Employees are allowed to edit only the Salary and Title information of their immediate reports. Employees are not allowed to edit the Address of an immediate report Employees should be authenticated into the system. Employees by default get the “Employee” role. If a user has direct reports, they will also get assigned a “Manager” role. We use a very basic empId/pwd scheme of EmployeeID (1-9) and password test$1. You should never do this in an actual application. The application should protect from Cross Site Request Forgery (CSRF). For example, Michael could trick Steven, who is already logged on to the HR website, to load a page which contains a malicious request. where without Steven’s knowledge, a form on the site posts information back to the Northwind HR website using Steven’s credentials. Michael could use this technique to give himself a raise :-) UI Notes The layout of our app looks like so: When Nancy (EmpID 1) signs on, she sees the default page with her details and is allowed to edit her address. If Nancy attempts to view the record of employee Andrew who has an employeeID of 2 (Employees/Edit/2), she will get a “Not Authorized” error page. When Andrew (EmpID 2) signs on, he can edit the address field of his record and change the title and salary of employees that directly report to him. Implementation Notes All controllers inherit from a BaseController. The BaseController currently only has error handling code. When a user signs on, we check to see if they are in a Manager role. We then create a FormsAuthenticationTicket, encrypt it (including the roles that the employee belongs to) and add it to a cookie. private void SetAuthenticationCookie(int employeeID, List<string> roles) { HttpCookiesSection cookieSection = (HttpCookiesSection) ConfigurationManager.GetSection("system.web/httpCookies"); AuthenticationSection authenticationSection = (AuthenticationSection) ConfigurationManager.GetSection("system.web/authentication"); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, employeeID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(authenticationSection.Forms.Timeout.TotalMinutes), false, string.Join("|", roles.ToArray())); String encryptedTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); if (cookieSection.RequireSSL || authenticationSection.Forms.RequireSSL) { authCookie.Secure = true; } HttpContext.Current.Response.Cookies.Add(authCookie); } We read this cookie back in Global.asax and set the Context.User to be a new GenericPrincipal with the roles we assigned earlier. protected void Application_AuthenticateRequest(Object sender, EventArgs e){ if (Context.User != null) { string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; if (authCookie == null) return; FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); string[] roles = authTicket.UserData.Split(new char[] { '|' }); FormsIdentity fi = (FormsIdentity)(Context.User.Identity); Context.User = new System.Security.Principal.GenericPrincipal(fi, roles); }} We ensure that a user has permissions to view a record by creating a custom attribute AuthorizeToViewID that inherits from ActionFilterAttribute. public class AuthorizeToViewIDAttribute : ActionFilterAttribute{ IEmployeeRepository employeeRepository = new EmployeeRepository(); public override void OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext.ActionParameters.ContainsKey("id") && filterContext.ActionParameters["id"] != null) { if (employeeRepository.IsAuthorizedToView((int)filterContext.ActionParameters["id"])) { return; } } throw new UnauthorizedAccessException("The record does not exist or you do not have permission to access it"); }} We add the AuthorizeToView attribute to any Action method that requires authorization. [HttpPost][Authorize(Order = 1)]//To prevent CSRF[ValidateAntiForgeryToken(Salt = Globals.EditSalt, Order = 2)]//See AuthorizeToViewIDAttribute class[AuthorizeToViewID(Order = 3)] [ActionName("Edit")]public ActionResult Update(int id){ var employeeToEdit = employeeRepository.GetEmployee(id); if (employeeToEdit != null) { //Employees can edit only their address //A manager can edit the title and salary of their subordinate string[] whiteList = (employeeToEdit.IsSubordinate) ? new string[] { "Title", "Salary" } : new string[] { "Address" }; if (TryUpdateModel(employeeToEdit, whiteList)) { employeeRepository.Save(employeeToEdit); return RedirectToAction("Details", new { id = id }); } else { ModelState.AddModelError("", "Please correct the following errors."); } } return View(employeeToEdit);} The Authorize attribute is added to ensure that only authorized users can execute that Action. We use the TryUpdateModel with a white list to ensure that (a) an employee is able to edit only their Address and (b) that a manager is able to edit only the Title and Salary of a subordinate. This works in conjunction with the AuthorizeToViewIDAttribute. The ValidateAntiForgeryToken attribute is added (with a salt) to avoid CSRF. The Order on the attributes specify the order in which the attributes are executed. The Edit View uses the AntiForgeryToken helper to render the hidden token: ......<% using (Html.BeginForm()) {%><%=Html.AntiForgeryToken(NorthwindHR.Models.Globals.EditSalt)%><%= Html.ValidationSummary(true, "Please correct the errors and try again.") %><div class="editor-label"> <%= Html.LabelFor(model => model.LastName) %></div><div class="editor-field">...... The application uses View specific models for ease of model binding. public class EmployeeViewModel{ public int EmployeeID; [Required] [DisplayName("Last Name")] public string LastName { get; set; } [Required] [DisplayName("First Name")] public string FirstName { get; set; } [Required] [DisplayName("Title")] public string Title { get; set; } [Required] [DisplayName("Address")] public string Address { get; set; } [Required] [DisplayName("Salary")] [Range(500, double.MaxValue)] public decimal Salary { get; set; } public bool IsSubordinate { get; set; }} To help with displaying readonly/editable fields, we use a helper method. //Simple extension method to display a TextboxFor or DisplayFor based on the isEditable variablepublic static MvcHtmlString TextBoxOrLabelFor<TModel, TProperty>(this HtmlHelper<TModel> htmlHelper, Expression<Func<TModel, TProperty>> expression, bool isEditable){ if (isEditable) { return htmlHelper.TextBoxFor(expression); } else { return htmlHelper.DisplayFor(expression); }} The helper method is used in the view like so: <%=Html.TextBoxOrLabelFor(model => model.Title, Model.IsSubordinate)%> As mentioned in this post, there is a much easier way to update properties on an object. Download Demo Project VS 2008, ASP.NET MVC 2 RTM Remember to change the connectionString to point to your Northwind DB NorthwindHR.zip Feedback and bugs are always welcome :-)

    Read the article

  • ASP.NET MVC2 Implementing Custom RoleManager problem

    - by ile
    To create a custom membership provider I followed these instructions: http://stackoverflow.com/questions/2771094/asp-net-mvc2-custom-membership and these: http://mattwrock.com/post/2009/10/14/Implementing-custom-Membership-Provider-and-Role-Provider-for-Authinticating-ASPNET-MVC-Applications.aspx So far, I've managed to implement custom membership provider and that part works fine. RoleManager still needs some modifications... Project structure: SAMembershipProvider.cs: public class SAMembershipProvider : MembershipProvider { #region - Properties - private int NewPasswordLength { get; set; } private string ConnectionString { get; set; } public bool enablePasswordReset { get; set; } public bool enablePasswordRetrieval { get; set; } public bool requiresQuestionAndAnswer { get; set; } public bool requiresUniqueEmail { get; set; } public int maxInvalidPasswordAttempts { get; set; } public int passwordAttemptWindow { get; set; } public MembershipPasswordFormat passwordFormat { get; set; } public int minRequiredNonAlphanumericCharacters { get; set; } public int minRequiredPasswordLength { get; set; } public string passwordStrengthRegularExpression { get; set; } public override string ApplicationName { get; set; } public override bool EnablePasswordRetrieval { get { return enablePasswordRetrieval; } } public override bool EnablePasswordReset { get { return enablePasswordReset; } } public override bool RequiresQuestionAndAnswer { get { return requiresQuestionAndAnswer; } } public override int MaxInvalidPasswordAttempts { get { return maxInvalidPasswordAttempts; } } public override int PasswordAttemptWindow { get { return passwordAttemptWindow; } } public override bool RequiresUniqueEmail { get { return requiresUniqueEmail; } } public override MembershipPasswordFormat PasswordFormat { get { return passwordFormat; } } public override int MinRequiredPasswordLength { get { return minRequiredPasswordLength; } } public override int MinRequiredNonAlphanumericCharacters { get { return minRequiredNonAlphanumericCharacters; } } public override string PasswordStrengthRegularExpression { get { return passwordStrengthRegularExpression; } } #endregion #region - Methods - public override void Initialize(string name, NameValueCollection config) { throw new NotImplementedException(); } public override bool ChangePassword(string username, string oldPassword, string newPassword) { throw new NotImplementedException(); } public override bool ChangePasswordQuestionAndAnswer(string username, string password, string newPasswordQuestion, string newPasswordAnswer) { throw new NotImplementedException(); } public override MembershipUser CreateUser(string username, string password, string email, string passwordQuestion, string passwordAnswer, bool isApproved, object providerUserKey, out MembershipCreateStatus status) { throw new NotImplementedException(); } public override bool DeleteUser(string username, bool deleteAllRelatedData) { throw new NotImplementedException(); } public override MembershipUserCollection FindUsersByEmail(string emailToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new NotImplementedException(); } public override MembershipUserCollection FindUsersByName(string usernameToMatch, int pageIndex, int pageSize, out int totalRecords) { throw new NotImplementedException(); } public override MembershipUserCollection GetAllUsers(int pageIndex, int pageSize, out int totalRecords) { throw new NotImplementedException(); } public override int GetNumberOfUsersOnline() { throw new NotImplementedException(); } public override string GetPassword(string username, string answer) { throw new NotImplementedException(); } public override MembershipUser GetUser(object providerUserKey, bool userIsOnline) { throw new NotImplementedException(); } public override MembershipUser GetUser(string username, bool userIsOnline) { throw new NotImplementedException(); } public override string GetUserNameByEmail(string email) { throw new NotImplementedException(); } protected override void OnValidatingPassword(ValidatePasswordEventArgs e) { base.OnValidatingPassword(e); } public override string ResetPassword(string username, string answer) { throw new NotImplementedException(); } public override bool UnlockUser(string userName) { throw new NotImplementedException(); } public override void UpdateUser(MembershipUser user) { throw new NotImplementedException(); } public override bool ValidateUser(string username, string password) { AccountRepository accountRepository = new AccountRepository(); var user = accountRepository.GetUser(username); if (string.IsNullOrEmpty(password.Trim())) return false; if (user == null) return false; //string hash = EncryptPassword(password); var email = user.Email; var pass = user.Password; if (user == null) return false; if (pass == password) { //User = user; return true; } return false; } #endregion protected string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } } SARoleProvider.cs public class SARoleProvider : RoleProvider { AccountRepository accountRepository = new AccountRepository(); public override bool IsUserInRole(string username, string roleName) { return true; } public override string ApplicationName { get { throw new NotImplementedException(); } set { throw new NotImplementedException(); } } public override void AddUsersToRoles(string[] usernames, string[] roleNames) { throw new NotImplementedException(); } public override void RemoveUsersFromRoles(string[] usernames, string[] roleNames) { throw new NotImplementedException(); } public override void CreateRole(string roleName) { throw new NotImplementedException(); } public override bool DeleteRole(string roleName, bool throwOnPopulatedRole) { throw new NotImplementedException(); } public override bool RoleExists(string roleName) { throw new NotImplementedException(); } public override string[] GetRolesForUser(string username) { int rolesCount = 0; IQueryable<RoleViewModel> rolesNames; try { // get roles for this user from DB... rolesNames = accountRepository.GetRolesForUser(username); rolesCount = rolesNames.Count(); } catch (Exception ex) { throw ex; } string[] roles = new string[rolesCount]; int counter = 0; foreach (var item in rolesNames) { roles[counter] = item.RoleName.ToString(); counter++; } return roles; } public override string[] GetUsersInRole(string roleName) { throw new NotImplementedException(); } public override string[] FindUsersInRole(string roleName, string usernameToMatch) { throw new NotImplementedException(); } public override string[] GetAllRoles() { throw new NotImplementedException(); } } AccountRepository.cs public class RoleViewModel { public string RoleName { get; set; } } public class AccountRepository { private DB db = new DB(); public User GetUser(string email) { return db.Users.SingleOrDefault(d => d.Email == email); } public IQueryable<RoleViewModel> GetRolesForUser(string email) { var result = ( from role in db.Roles join user in db.Users on role.RoleID equals user.RoleID where user.Email == email select new RoleViewModel { RoleName = role.Name }); return result; } } webconfig <membership defaultProvider="SAMembershipProvider" userIsOnlineTimeWindow="15"> <providers> <clear/> <add name="SAMembershipProvider" type="SA_Contacts.Membership.SAMembershipProvider, SA_Contacts" connectionStringName ="ShinyAntConnectionString" /> </providers> </membership> <roleManager defaultProvider="SARoleProvider" enabled="true" cacheRolesInCookie="true"> <providers> <clear/> <add name="SARoleProvider" type="SA_Contacts.Membership.SARoleProvider" connectionStringName ="ShinyAntConnectionString" /> </providers> </roleManager> AccountController.cs: public class AccountController : Controller { SAMembershipProvider provider = new SAMembershipProvider(); AccountRepository accountRepository = new AccountRepository(); public AccountController() { } public ActionResult LogOn() { return View(); } [AcceptVerbs(HttpVerbs.Post)] public ActionResult LogOn(string userName, string password, string returnUrl) { if (!ValidateLogOn(userName, password)) { return View(); } var user = accountRepository.GetUser(userName); var userFullName = user.FirstName + " " + user.LastName; FormsAuthentication.SetAuthCookie(userFullName, false); if (!String.IsNullOrEmpty(returnUrl) && returnUrl != "/") { return Redirect(returnUrl); } else { return RedirectToAction("Index", "Home"); } } public ActionResult LogOff() { FormsAuthentication.SignOut(); return RedirectToAction("Index", "Home"); } private bool ValidateLogOn(string userName, string password) { if (String.IsNullOrEmpty(userName)) { ModelState.AddModelError("username", "You must specify a username."); } if (String.IsNullOrEmpty(password)) { ModelState.AddModelError("password", "You must specify a password."); } if (!provider.ValidateUser(userName, password)) { ModelState.AddModelError("_FORM", "The username or password provided is incorrect."); } return ModelState.IsValid; } } In some testing controller I have following: [Authorize] public class ContactsController : Controller { SAMembershipProvider saMembershipProvider = new SAMembershipProvider(); SARoleProvider saRoleProvider = new SARoleProvider(); // // GET: /Contact/ public ActionResult Index() { string[] roleNames = Roles.GetRolesForUser("[email protected]"); // Outputs admin ViewData["r1"] = roleNames[0].ToString(); // Outputs True // I'm not even sure if this method is the same as the one below ViewData["r2"] = Roles.IsUserInRole("[email protected]", roleNames[0].ToString()); // Outputs True ViewData["r3"] = saRoleProvider.IsUserInRole("[email protected]", "admin"); return View(); } If I use attribute [Authorize] then everything works ok, but if I use [Authorize(Roles="admin")] then user is always rejected, like he is not in role. Any idea of what could be wrong here? Thanks in advance, Ile

    Read the article

  • Getting apache to use ldap group and filesystem group information

    - by Angelo
    We have an Apache server which serves out of a particular directory, and just supplies a listing of files. From this directory, each subdirectory is owned by a certain group of users (at the filesystem level). User groups are determined by a posixGroup in ldap. Is there any simple way I can tell Apache to authorize access based on filesystem permissions, just like if the users were to access the filesystem from a shell? I would like to be able to simply add users/groups/directories without having to add another Directory or Location directive in Apache's conf?

    Read the article

  • Web Deploy to IIS7 fails with 401 (Unauthorized)

    - by Trex
    we have IIS7 running on Windows Web Server 2008 R2 and it's set up to support Web Deploy. It worked fine when we used the default Administrator account. We recently disabled this account (for security reasons) and are now trying to deploy using another account which is member of the Administrators group, but the deploy fails with 401 (Unauthorized). More specifically, it says: Connected to '<IP>' using Web Deployment Agent Service, but could not authorize. Make sure you are an admin on '<IP>'. The remote server returned an error: (401) Unauthorized. Anybody has any ideas why this is happening? Thanks. Trex

    Read the article

  • Where do I learn about IP blocks and subnets? Or is there just a calculator that does it all for me?

    - by cwd
    Amazon's elastic compute tool (among others) requires the ip block format for their command: ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16 I may be doing this wrong, but as far as I can tell I need to use the block format even for a single IP address. 1) So, how would I do that for this IP? 71.75.232.132 Several years ago I took a CCNA class, and I remember going over IPs and subnets, masks, broadcast addresses, class a/b/c networks, etc. However a lot seems to have changed since then - for example I don't think you can tell what "class" a network is in just by looking at it anymore - sometimes they could be multiple classes. 2) Anyhow, my second question is where do I go to get a refresher on all these things? 3) Or should I just be using ipcalc or an online calculator to do it all for me - and if so, which one?

    Read the article

  • Can I disallow printing with parent controls on Snow Leopard?

    - by Quinn Taylor
    I have two children under 4 who are quite computer-savvy, and have their own account managed by parental controls to restrict what they can do an see. However, I haven't found a way to disallow them from printing, and I'm looking for a way do so. Their pictures of Sesame Street and Word World are cute and all, but I'd like to be in control of what (or even if) they print. (Our printer is connected wirelessly, not directly to the Mac.) I know I can add more time or authorize use of a given application by providing my password — can I do something similar for printing, such as approving or denying particular print jobs?

    Read the article

  • Apache: how to set custom 401 error page and save original behaviour

    - by petRUShka
    I have Kerberos-based authentication with Apache/2.2.3 (Linux/SUSE). When user is trying to open some url, browser ask him about domain login and password like in HTTP Basic Auth. If user cancel such request 3 times Apache returns 401 Authorization Required error page. My current virtual host config is <Directory /home/user/www/current/public/> Options -MultiViews +FollowSymLinks AllowOverride None Order allow,deny Allow from all AuthType Kerberos AuthName "Domain login" KrbAuthRealms DOMAIN.COM KrbMethodK5Passwd On Krb5KeyTab /etc/httpd/httpd.keytab require valid-user </Directory> I want to set nice custom 401 error page with some instructions for users. And I added such line in virtual host config: ErrorDocument 401 /pages/401 It works, when user can't authorize apache redirects him to my nice page. But Apache doesn't ask user login\password as it did before. I want this functionality and nice error page simultaneously! Is it possible to make it works properly?

    Read the article

  • X11 for apache user

    - by fuenfundachtzig
    We are using inkscape to convert SVG images uploaded to our server via a web form. For this inkscape offers a batch mode via the -z option, but this batch mode has a flaw: When inkscape is run by the apache user, it breaks saying $ inkscape -z -W drawing.svg X11 connection rejected because of wrong authentication. The application 'inkscape' lost its connection to the display localhost:11.0; most likely the X server was shut down or you killed/destroyed the application. If you do the same as a normal user you also get errors: Xlib: connection to "localhost:11.0" refused by server Xlib: PuTTY X11 proxy: MIT-MAGIC-COOKIE-1 data did not match (inkscape:24050): Gdk-CRITICAL **: gdk_display_list_devices: assertion `GDK_IS_DISPLAY (display)' failed 301.27942 But at least inkscape gives the correct answer (here the number stating the width of the image). Does somebody know how to make this also work for the apache user? Does it make sense to authorize apache to use X (if so how)? In any case it doesn't feel like the right solution...

    Read the article

  • Enable file download via redirect in IE7

    - by Christian W
    Our application enables our customers to download files to their computer. The way I have implemented it is using asp.net with a dropdown. When the user clicks the dropdown they get the choice of "PDF","Powerpoint", and a couple of other choices depending on circumstances. Then, in postback depending on the choice the user made, it will return a file (changing the content-header and such and then bitbanging a file to the user). This works perfectly in all browsers, but IE7 complains that this is a security risk and blocks the download. Is there any way for the users to authorize downloads from our webapplication?

    Read the article

  • Why does this work: Windows same local admin username and password, able to access other computer?

    - by Ankush
    I've two machines MachineA and MachineB. Both have two local accounts which have same username . Both accounts are local admin on those machines. If they have same password, I'm able to access \\MachineA\C$ from MachineB. But if I change any one password above doesn't work. And it prompts for username and password. Now if I provide MachineA\username and password, it then connects. Why isn't there a prompt for password when passwords are same? I expected passwords to be hashed with random salt, how does windows know passwords are same and authorize access? These machines are running Windows Server 2008 R2. PS. I've created following reg key to enable drive access HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy to 1

    Read the article

  • Network Role based routing

    - by Steve Butler
    Apologies my networking skills are a tad rusty. I'm looking for a way to setup a system that gives me the ability to setup Role-based access to specific network resources. For example, i have three private subnets for specific groups, users will need access to one one or more subnets. I'd like to have all client machines on the same subnet/vlan, and then use 802.1x to authorize into a router(NAC device/whatever), the router would then see what user had authenticated(huge plus if it could determine AD group), and then allow routing to one or more of the three private subnets based upon their group membership. I've looked at packetFence, and it appears to work by assigning a client to a VLAN, but i'd still need a way to route some users into different back-end networks.

    Read the article

  • How to allow simple file sharing on Windows Server 2008R2 through VPN

    - by Martin Wiboe
    We are a small, distributed company with a Windows Server 2008R2 installation. I would like to set up a way for our employees to connect securely to this server via VPN and then be able to map a network drive. I have gotten this to work somewhat by installing the Network Policy and Access Services Role on the server and using the default settings. I have also created a network share on the server. The problem is that our connectivity is sporadic (sometimes the service stops listening on the port or simply refuses to authorize correct credentials) and slow. I can always connect through VPN, but mapping is problematic. I would be grateful for the answer on how to accomplish this as well as some guidance on whether I am on the right track. Thanks in advance!

    Read the article

  • How do I set up a working GUEST USER account in Win XP Pro?

    - by user6501
    I have two user accounts within my WinXP Pro PC. One I'd like to erase. But I'd also like to setup a GUEST user account. I've already gotten 2-step instructions on how to get rid of the extraneous account: a) use an MS tool called delprof.msi b) manually delete the former users files in Documents & Settings. But I guess my original question was too complex -- kind of like a bill in Congress. So now I am just asking the final part of the question: How do I create a GUEST ACCOUNT -- then define what it will authorize/grant access to? i.e. internet browser(s), specific programs and files etc

    Read the article

  • Token based Authentication for WCF HTTP/REST Services: Authorization

    - by Your DisplayName here!
    In the previous post I showed how token based authentication can be implemented for WCF HTTP based services. Authentication is the process of finding out who the user is – this includes anonymous users. Then it is up to the service to decide under which circumstances the client has access to the service as a whole or individual operations. This is called authorization. By default – my framework does not allow anonymous users and will deny access right in the service authorization manager. You can however turn anonymous access on – that means technically, that instead of denying access, an anonymous principal is placed on Thread.CurrentPrincipal. You can flip that switch in the configuration class that you can pass into the service host/factory. var configuration = new WebTokenWebServiceHostConfiguration {     AllowAnonymousAccess = true }; But this is not enough, in addition you also need to decorate the individual operations to allow anonymous access as well, e.g.: [AllowAnonymousAccess] public string GetInfo() {     ... } Inside these operations you might have an authenticated or an anonymous principal on Thread.CurrentPrincipal, and it is up to your code to decide what to do. Side note: Being a security guy, I like this opt-in approach to anonymous access much better that all those opt-out approaches out there (like the Authorize attribute – or this.). Claims-based Authorization Since there is a ClaimsPrincipal available, you can use the standard WIF claims authorization manager infrastructure – either declaratively via ClaimsPrincipalPermission or programmatically (see also here). [ClaimsPrincipalPermission(SecurityAction.Demand,     Resource = "Claims",     Operation = "View")] public ViewClaims GetClientIdentity() {     return new ServiceLogic().GetClaims(); }   In addition you can also turn off per-request authorization (see here for background) via the config and just use the “domain specific” instrumentation. While the code is not 100% done – you can download the current solution here. HTH (Wanna learn more about federation, WIF, claims, tokens etc.? Click here.)

    Read the article

  • Reuse security code between WCF and MVC.NET

    - by mrjoltcola
    First the background: I jumped into MVC.NET from the Java MVC world, so my implementation below is possibly cheating, I don't know. I avoided fooling with a custom membership provider and I just implemented the base code needed to authenticate and load roles in my LogOn action. Typically I just need to check roles programatically, and have no use for all of the other membership features, so I didn't originally think I needed a full Membership provider. I have a successful WCF project with a custom authentication and authorization layer that I did at least write per the proper API. I implemented it with custom IPrincipal, UserNamePasswordValidator and IAuthorizationPolicy classes to load from an Oracle database. In my WCF services, I use declarative security: [PrincipalPermission(SecurityAction.Demand, Role="ADMIN")]. The question (on the ASP.NET/MCV.NET side): All my reading indicates I should implement a custom Membership/Roles provider, and use [Authorize(Roles="ADMIN")] on my controller actions. At this point, I don't have a true Membership provider, but I'm using the same User class that implements the IPrincipal interface that works with the WCF security. I plan to share common code between the WCF and ASP.NET modules. So my LogOn action is not using the FormsService (and I assume this is bad). I had commented it out, and just used my "UserService" to access the Oracle db. Note my "TODO" comment below. public ActionResult LogOn(LogOnModel model, string returnUrl) { log.Info("Login attempt by " + model.UserName); if (ModelState.IsValid) { User user = userService.findByUserName(model.UserName); // Commented original MemberShipService code, this is probably bad // if (MembershipService.ValidateUser(model.UserName, model.Password)) if (user != null && user.Authenticate(model.Password) == true) { log.Info("Login success by " + model.UserName); FormsService.SignIn(model.UserName, model.RememberMe); // TODO: Override with Custom identity / roles? user.AddRoles(userService.listRolesByUser(user)); // pull in roles from db if (!String.IsNullOrEmpty(returnUrl)) return Redirect(returnUrl); else return RedirectToAction("Index", "Home"); } else { log.Info("Login failure by " + model.UserName); ModelState.AddModelError("", "The user name or password provided is incorrect."); } } // If we got this far, something failed, redisplay form return View(model); } So can I make the above work? Can I stick the IPrincipal (User) into the CurrentContext or HttpContext? Can I integrate the custom IPrincipal I've already created without writing a full Membership/Roles Provider? I currently stick the User object into the session and access it from all MVC.NET controllers with "CurrentUser" property which grabs it from the session on demand. But this doesn't work with the [Authorize] attribute; I assume that is because it knows nothing about my custom Principal in the session, and is instead using whatever FormsService.SignIn() produces. I also found that session timeouts screw up the login redirect, the user doesn't get forwarded, instead we get a null exception accessing User from the session, and I assume it is related to my "skipping steps" to get a quick implementation. Thanks.

    Read the article

  • How to enable Google Drive offline access

    - by Gopinath
    Google’s latest cloud offering Google Drive provides 5GB of free storage to let you store documents, spread sheets, photos and other stuff and access them using a variety of devices – PCs, Macs, smartphones and tablets. You can also set up offline access to Google Drive so that you can access files on the move even if you don’t have access to internet connection. To access Google Drive offline you need Chrome browser and here are the simple steps to be followed for setting up. Step 1:  Login to Google Drive and click the gear icon in the upper right of your window. Step 2: Select Set up Docs offline from the drop-down menu. The “Set up offline viewing of Google Docs” dialog will appear Step 3:  Authorize Google Chrome to store your Google Drive content by clicking on “Allow offline docs” and then install “Docs Chrome web app” by clicking on “Install from Chrome web store”. You’ll be taken to the Chrome web store, where you’ll need to click Install on the right-hand side of the browser window. Step 4: Once the app is installed, you’ll be taken to a Chrome page with the Google Docs app icon. Click the icon to go back to your Documents List. Google Chrome take few minutes to prepare Google Drive for offline access by downloading all the files to your local computer. Once it’s completed, you can access Google Drive files offline. To access files of Google Drive offline point your Chrome browser to drive.google.com. When offline your Google Docs stored on Google Drive are available in view only mode. You can open Google Documents, Spread sheets & Presentations and see the content but you can’t edit them.

    Read the article

  • Phpmyadmin Not Working

    - by glenbl54
    I recently installed phpmyadmin onto ubuntu server 10.04 using sudo apt-get install phpmyadmin The installation went fine and everything was working including phpmyadmin. I then performed a restart of the server and now apache2 starts up but when I navigate to http://192.168.1.72/phpmyadmin/ I am getting a 403 error. I have included /etc/phpmyadmin/apache.conf file in /etc/apahe2/apache2.conf file /etc/phpmyadmin/apache.conf # phpMyAdmin default Apache configuration Alias /phpmyadmin /usr/share/phpmyadmin <Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_value include_path . </IfModule> </Directory> # Authorize for setup <Directory /usr/share/phpmyadmin/setup> <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </Directory> #Disallow web access to directories that don't need it <Directory /usr/share/phpmyadmin/libraries> Order Deny,Allow Deny from All </Directory> <Directory /usr/share/phpmyadmin/setup/lib> Order Deny,Allow Deny from All </Directory> The only change that was made since phpmyadmin was installed was that timetrex was installed. Is there anyway to manually start phpmyadmin or should it already be working once apache started?

    Read the article

  • Customize Your WordPress Blog & Build an Audience

    - by Matthew Guay
    Want to quickly give your blog a fresh coat of paint and make it stand out from the pack?  Here’s how you can customize your WordPress blog and make it uniquely yours. WordPress offers many features that help you make your blog the best it can be.  Although it doesn’t offer as many customization features as full WordPress running on your own server, it still makes it easy to make your free blog as professional or cute as you like.  Here we’ll look at how you can customize features in your blog and build an audience. Personalize Your Blog WordPress make it easy to personalize your blog.  Most of the personalization options are available under the Appearance menu on the left.  Here we’ll look at how you can use most of these. Add New Theme WordPress is popular for the wide range of themes available for it.  While you cannot upload your own theme to your blog, you can choose from over 90 free themes currently available with more added all the time.  To change your theme, select the Themes page under Appearance. The Themes page will show random themes, but you can choose to view them in alphabetical order, by popularity, or how recently they were added.  Or, you can search for a theme by name or features. One neat way to find a theme that suites your needs is the Feature Filter.  Click the link on the right of the search button, and then select the options you want to make sure your theme has.  Click Apply Filters and WordPress will streamline your choices to themes that contain these features. Once you find a theme you like, click Preview under its name to see how your blog will look. This will open a popup that shows your blog with the new theme.  Click the Activate link in the top right corner of the popup if you want to keep this theme; otherwise, click the x in the top left corner to close the preview and continue your search for one you want.   Edit Current Theme Many of the themes on WordPress have customization options so you can make your blog stand out from others using the same theme.  The default theme Twenty Ten lets you customize both the header and background image, and many themes have similar options. To choose a new header image, select the Header page under Appearance.  Select one of the pre-installed images and click Save Changes, or upload your own image. If you upload an image larger than the size for the header, WordPress will let you crop it directly in the web interface.  Click Crop Header when you’ve selected the portion you want for the header of your blog. You can also customize your blog’s background from the Background page under Appearance.  You can upload an image for the background, or can enter a hex value of a color for a solid background.  If you’d rather visually choose a color, click Select a Color to open a color wheel that makes it easy to choose a nice color.  Click Save Changes when you’re done. Note: that all themes may not contain these customization options, but many are flexible.  You cannot edit the actual CSS of your theme on free WordPress blogs, but you you can purchase the Custom CSS Upgrade for $14.97/year to add this ability. Add Widgets With Extra Content Widgets are small addons for your blog, similar to Desktop Gadgets in Windows 7 or Dashboard widgets in Mac OS X.  You can add widgets to your blog to show recent Tweets, favorite Flickr pictures, popular articles, and more.  To add widgets to your blog, open the Widgets page under Appearance. You’ll see a variety of widgets available in the main white box.  Select one you want to add, and drag it to the widget area of your choice.  Different themes may offer different areas to place Widgets, such as the sidebar or footer. Most of the widgets offer configuration options.  Click the down arrow beside its name to edit it.  Set them up as you wish, and click Save on the bottom of the widget. Now we’ve got some nice dynamic content on our blog that’s automatically updated from the net. Choose Blog Extras By default, WordPress shows previews of websites when visitors hover over links on your blog, uses a special mobile theme when people visit from a mobile device, and shows related links to other blogs on the WordPress network at the end of your posts.  If you don’t like these features, you can disable them on the Extras page under Appearance. Build Your Audience Now that your blog is looking nice, we can make sure others will discover it.  WordPress makes it easy for you to make your site discoverable on search engines or social network, and even gives you the option to keep your site private if you’d prefer.  Open the Privacy page under Tools to change your site’s visibility.  By default, it will be indexed by search engines and be viewable to everyone.  You can also choose to leave your blog public but block search engines, or you can make it fully private. If you choose to make your blog private, you can enter up to 35 usernames of people you want to be able to see it.  Each private visitor must have a WordPress.com account so they can login.  If you need more than 35 private members, you can upgrade to allow unlimited private members for $29.97/year. Then, if you do want your site visible from search engines, one of the best ways to make sure your content is discovered by search engines is to register with their webmaster tools.  Once registered, you need to add your key to your site so the search engine will find and index it.  On the bottom of the Tools page, WordPress lets you enter your key from Google, Bing, and Yahoo! to make sure your site is discovered.  If you haven’t signed up with these tools yet, you can signup via the links on this page as well. Post Blog Updates to Social Networks Many people discover the sites they visit from friends and others via social networks.  WordPress makes it easy to automatically share links to your content on popular social networks.  To activate this feature, open the My Blogs page under Dashboard. Now, select the services you want to activate under the Publicize section.  This will automatically update Yahoo!, Twitter, and/or Facebook every time you publish a new post. You’ll have to authorize your connection with the social network.  With Twitter and Yahoo!, you can authorize them with only two clicks, but integrating with Facebook will take several steps.   If you’d rather share links yourself on social networks, you can get shortened URLs to your posts.  When you write a new post or edit an existing one, click the Get Shortlink button located underneath the post’s title. This will give you a small URL, usually 20 characters or less, that you can use to post on social networks such as Twitter.   This should help build your traffic, and if you want to see how many people are checking out your site, check out the stats on your Dashboard.  This shows a graph of how many people are visiting, and popular posts.  Click View All if you’d like more detailed stats including search engine terms that lead people to your blog. Conclusion Whether you’re looking to make a private blog for your group or publish a blog that’s read by millions around the world, WordPress is a great way to do it for free.  And with all of the personalization options, you can make your it memorable and exciting for your visitors. If you don’t have a blog, you can always signup for a free one from WordPress.com.  Also make sure to check out our article on how to Start Your Own Blog with WordPress. Similar Articles Productive Geek Tips Manage Your WordPress Blog Comments from Your Windows DesktopAdd Social Bookmarking (Digg This!) Links to your Wordpress BlogHow-To Geek SoftwareMake a Backup Copy of your Production Wordpress Blog on UbuntuOops! Sorry About the Feed Errors TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips CloudBerry Online Backup 1.5 for Windows Home Server Snagit 10 VMware Workstation 7 Acronis Online Backup Windows Firewall with Advanced Security – How To Guides Sculptris 1.0, 3D Drawing app AceStock, a Tiny Desktop Quote Monitor Gmail Button Addon (Firefox) Hyperwords addon (Firefox) Backup Outlook 2010

    Read the article

  • Deploy code to Windows Azure from Dropbox

    - by Gopinath
    There is a lot of innovation happening at Windows Azure team these days under the leadership of ScottGu. The recent updates to Windows Azure published couple of days ago allows us to deploy code to Windows Azure websites straight from Dropbox. It’s very easy and simple to use. Authorize Windows Azure account to talk to Dropbox and whenever you want to deploy latest code from Dropbox just click it button. Boom! The latest code from Dropbox will be automatically deployed on Windows Azure. Everything works like magic. Wow, isn’t this a cool feature for those who don’t want to maintain their version control systems like Git, Svn or TFS? This is a big deal to many developers who maintain their personal websites source code on Dropbox. Wondering why developers maintain their source code in Dropbox? It’s easy to use Dropbox(zero learning curve) and setting up a source control systems demands lot of administrative activities as well as money for hosting them. Here is a quick walk through of deploying code to Windows Azure from Dropbox. Though I’m not going to user this feature for deploying code of my website coziie.com (I’ve a personal SVN server hosted), I’m going to recommend to all my friends who maintain their source code on Dropbox.  For more details read the detailed post on ScottGu’s blog.

    Read the article

  • How to set up a VirtualHost on Amazon EC2 for phpmyadmin

    - by Oudin
    Hi I'm currently working on setting up a VirtualHost on Amazon EC2 for accessing phpmyadmin so i can access it with test.example.com as oppose to it being widely available as it's default example.com/phpmyadmin. So far I've created a file "testfile" in /etc/apache2/sites-available/ with the code below and enabled it "a2ensite testfile" However I'm not getting the vhost to work <VirtualHost *:80> ServerAdmin [email protected] ServerName test.example.com ServerAlias test.example.com #DocumentRoot /usr/share/phpmyadmin DocumentRoot /home/user/public_html/folder RewriteEngine On RewriteCond %{HTTP_HOST} !test.example.com RewriteRule (.*) [L] <Directory /home/user/public_html/folder> Options FollowSymLinks DirectoryIndex index.php AllowOverride None <IfModule mod_php5.c> AddType application/x-httpd-php .php php_flag magic_quotes_gpc Off php_flag track_vars On php_flag register_globals Off php_admin_flag allow_url_fopen Off php_value include_path . php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/ </IfModule> </Directory> # Authorize for setup <Directory /usr/share/phpmyadmin/setup> <IfModule mod_authn_file.c> AuthType Basic AuthName "phpMyAdmin Setup" AuthUserFile /etc/phpmyadmin/htpasswd.setup </IfModule> Require valid-user </Directory> # Disallow web access to directories that don't need it <Directory /usr/share/phpmyadmin/libraries> Order Deny,Allow Deny from All </Directory> <Directory /usr/share/phpmyadmin/setup/lib> Order Deny,Allow Deny from All </Directory> ErrorLog /home/user/public_html/folder/logs/error.log LogLevel warn CustomLog /home/user/public_html/folder/logs/access.log combined </VirtualHost> sudo ln -s /usr/share/phpmyadmin /home/user/public_html/folder The above line creates a link of the phpmyadmin in the public folder. Any help on this would be greatly appreciated. Note: example.com will be replaced with my official domain

    Read the article

  • WolframAlpha Can Now Do In-depth Analysis of Your Facebook Account

    - by Jason Fitzpatrick
    If you’re a big fan of WolframAlpha’s ability to crunch the numbers on just about anything–and we certainly are–you’ll likely be just as delighted as we were to watch it massage the data from your Facebook account. Find out your most liked, discussed, and shared posts, see your Facebook habits, and other neat trends. I unleashed it on my account this morning, not sure what to expect from the results. Within the results tabulation WolframAlpha provided me with all sorts of neat data break downs. I now know exactly how many days it is to my next birthday, the composition of my aggregate posting habits (how many posts are status updates, links, or photos), the time of day when I do the most posting (and what the composition of those posts is), and my average post length. I also know my most liked post and my most commented on post. It will even crunch the numbers on your network of friends (60.6% of my friends are married, for example). By far one of the more interesting data analysis it does on the friendship data, however, is organizing all your friends into relationship clusters so you can see who in your Facebook network is friends with other people in your Facebook network. The service from WolframAlpha is free: simply visit the WolframAlpha search portal and type in “Facebook report” to start the process. You’ll be prompted to create a WolframAlpha account if you don’t have one and to authorize the WolframAlpha Facebook app to access your data. Your Facebook data is cached to your WolframAlpha account for one hour in order to crunch the numbers and display the results. WolframAlpha HTG Explains: How Windows Uses The Task Scheduler for System Tasks HTG Explains: Why Do Hard Drives Show the Wrong Capacity in Windows? Java is Insecure and Awful, It’s Time to Disable It, and Here’s How

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >