Search Results

Search found 17257 results on 691 pages for 'mixed mode authentication'.

Page 8/691 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

• In a SSL web application, what would be the vulnerabilities of using session based authentication?

  - by Thomas C. G. de Vilhena

  I'm not sure the term even exists, so let me explain what I mean by "session based authentication" through some pseudo-code: void PerformLogin(string userName, string password) { if(AreValidCredentials(userName, password)) { Session.Set("IsAuthenticated", true); } else { Message.Show("Invalid credentials!"); } } So the above method simply verifies the provided credentials are valid and then sets a session flag to indicate that the session user is authenticated. Under plain HTTP that is obviously unsafe, because anyone could hijack the session cookie/querystring and breach security. However, under HTTPS the session cookie/querystring is protected because client-server communication is encrypted, so I believe this authentication approach would be safe, wouldn't it? I'm asking this because I want to know how authentication tickets can improve web applications security. Thanks in advance!

  Read the article

• Cannot login to Windows7 in normal mode but can in safe mode

  - by Guy

  I have a Windows 7 Ultimate computer (Shuttle) that I built myself and in it I put a Solid State Drive (SSD). It's been working well for a number of months but now when I start it there are problems. I have 2 users setup on the computer and when I try and sign in with either user it claims that the password is incorrect. I could understand the odd typo but I've had my wife try it as well and we've got the passwords correct. On top of that it will remain at the login screen for 1 minute and 20 seconds and then spontaneously reboot without shutting down. So I'm trying to work out if this is a hard disk problem or something else. Any ideas? (I have a nightly backup to a WHS so it will be easy to recover but I don't want to do that unless I have to and don't want to waste time putting in a new HD just to discover it's something else.) More info: If I start in Safe Mode I am able to login with the password and all appears as normal as it can in Safe Mode. However, normal boot continues with same problem.

  Read the article

• Consuming Web Services requiring Authentication from behind Proxy server

  - by Jan Petersen

  Hi All, I've seen a number of post about Proxy Authentication, but none that seams to address this problem. I'm building a SharePoint Web Service consuming desktop application, using Java, JAX-WS in NetBeans. I have a working prototype, that can query the server for authentication mode, successfully authenticate and retrieve a list of web site. However, if I run the same app from a network that is behind a proxy server (the proxy does not require authentication), then I'm running into trouble. The normal -dhttp.proxyHost ... settings does not seam to help any. But I have found that by creating a ProxySelector class and setting it as default, I can regain access to the authentication web service, but I still can't retrieve the list of web sites from the SharePoint server. It's almost as if the authentication I provide is going to the proxy rather than the SharePoint server. Anyone have any experience on how to make this work? I have put the source text java class files of a demo app up, showing the issue at the following urls (it's a bit to long even in the short demo form to post here). link text When running the code from a network behind a proxy server, I successfully retrieve the Authentication mode from the server, but the request for the Web Site list generates an exception originating at: com.sun.xml.internal.ws.transport.http.client .HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:201) The output from the source when no proxy is on the network is listed below: Successfully retrieved the SharePoint WebService response for Authentication SharePoint authentication method is: WINDOWS Calling Web Service to retrieve list of web site. Web Service call response: -------------- XML START -------------- <Webs xmlns="http://schemas.microsoft.com/sharepoint/soap/"> <Web Title="Collaboration Lab" Url="http://host.domain.com/collaboration"/> <Web Title="Global Data Lists" Url="http://host.domain.com/global_data_lists"/> <Web Title="Landing" Url="http://host.domain.com/Landing"/> <Web Title="SharePoint HelpDesk" Url="http://host.domain.com/helpdesk"/> <Web Title="Program Management" Url="http://host.domain.com/programmanagement"/> <Web Title="Project Site" Url="http://host.domain.com/Project Site"/> <Web Title="SharePoint Administration Tools" Url="http://host.domain.com/admin"/> <Web Title="Space Management Project" Url="http://host.domain.com/spacemgmt"/> </Webs> -------------- XML END -------------- Br Jan

  Read the article

• What alternatives are there for asp.net forms authentication?

  - by Eytan Levit

  Hi, We are developing a web app that will have a pretty complex user and permission system. The general idea is that we have 3 levels of security: a simple user - that can only access basic data that is in a data repository a manager - that can open up data repositories a superuser - that can open up repository factories. each repository contains various data types(text, images, etc etc). We are looking for authentication methods that will allow us: 1. Scalability. 2. Customization. 3. To create permissions that will effect the GUI + deny access to certain pages. 4. To create predefined roles - that will allow for easy setup of new users. 5. To create custom roles for specific users - allowing them permission sets that are different from the predefined roles. Thanks in advance

  Read the article

• Lock down a site using Forms Auth in IIS7 with Windows Auth

  - by Josh

  I have an ASP.NET MVC 1.0 application that uses Forms Authentication. We are using Windows Server 2008. I need to lock down the site so that only certain users (in AD Groups) can access the site. Unfortunately, though, when I set the site to not allow anon users and use windows authentication, due to the integration of the site and IIS, it shows the user as signed in as their domain account, instead of allowing them to sign in through Forms Auth. So, I need a mixed mode authentication. I need the site to be only accessible through windows auth, without anon users, but once you are in, it needs to use forms auth only. How would I go about doing this the right way?

  Read the article

• Lock down a site using Forms Auth in IIS7 with Windows Auth

  - by justjoshingyou

  I have an ASP.NET MVC 1.0 application that uses Forms Authentication. We are using Windows Server 2008. I need to lock down the site so that only certain users (in AD Groups) can access the site. Unfortunately, though, when I set the site to not allow anon users and use windows authentication, due to the integration of the site and IIS, it shows the user as signed in as their domain account, instead of allowing them to sign in through Forms Auth. So, I need a mixed mode authentication. I need the site to be only accessible through windows auth, without anon users, but once you are in, it needs to use forms auth only. How would I go about doing this the right way?

  Read the article

• Offline mode app in a (HTML5) browser possible?

  - by Horace Ho

  Is it possible to build an application inside in browser? An application means: 1 Where there is connection (online mode) between the browser and an remote application server: the application runs in typical web-based mode the application stores necessary data in offline storage, to be used in offline mode (2) the application sync/push data (captured during offline mode) back to the server when it is resumed from offline mode back to online mode 2 Where there is no connection (offline mode) between the browser and an remote application server: the application will still run (javascript?) the application will present data (which is stored offline) to user the application can accept input from user (and store/append in offline storage) Is this possible? If the answer is a yes, is there any (Ruby/Python/PHP) framework being built? Thanks

  Read the article

• Integrated Windows Authentication with Chrome and FireFox

  - by Jaap

  I have a webapplication which uses claims based authentication. The STS is ADFS 2.0. When I am in the intranet and use IE, IWA is used and no login dialog appears. When I am on the internet zone, the Forms based authentication of ADFS is used. Just what I want. Chrome and FireFox are also working as expected when I am in the internet zone. But when I am in the intranet zone, both come with a login dialog, instead of using IWA. And supplying my credentials in that dialog does not work, it keeps repeating the dialog. Any hints? UPDATE: Did about an hour searching on the internet before I asked this question. But after asking it I did just another search giving the answer :-), matter of finding the correct keywords. Here the answer: http://stackoverflow.com/questions/5724377/mvc3-site-using-azure-acs-adfs-continually-prompts-for-credentials-when-using

  Read the article

• SSH: Two Factor Authentication

  - by Pierre

  I currently have a Ubuntu Server 12.04 running OpenSSH along with Samba and a few other services. At the current time I have public key authentication set up, and I'm wondering if it's possible to set up two factor authentication? I've been looking at Google Authenticator which I currently use with my Gmail account. I've found a PAM module that looks like it will be compatible however it seems that you are forced to use a password and the code generated. I'm wondering if there is a way to use the Google Authenticator Application (or something similar) along with my public key to authenticate into my SSH server?

  Read the article

• Teamcity nuget feed http authentication

  - by Mihalis Bagos

  Nuget feed by team city is working perfectly but there is a strange problem. Local IP (http://192.168.xx.xx:9999/feed/../): Listing through browser works Accessing packages through Visual studio 11 nuget works VPN IP (http://55.xx.xx.xx:9999/feed/../): Listing packages through browser works Accessing packages through Visual studio 11 nuget PROBLEM GUEST Account: Everything works fine, both on VPN and local IP (so its purely an authentication problem) The problem is, we can't get the user to authenticate. Using the same credentials, no matter what we try we get 401. The server VPN ip is whitelisted in internet explorer intranet settings. Any ideas? Basically HTTP authentication is failing for the VPN although it shouldn't, since the browser works fine!

  Read the article

• Firewall Authentication - logon failed

  - by RoseofPurple

  I am attempting to use a Watchguard firebox 550e with Fireware XTM 11 to authenticate incoming traffic for RDP access. I have configured the firewall to use my domain controller for Active directory authentication with a Windows 2000 server farm and added a couple of user accounts to the users list in the firewall, but when I attempt to log onto the authentication page for the firewall, I get Logon failed. I know that the user names work and that the passwords are correct. I am also certain that I have told it to log on using Active Directory instead of the FireboxDB. I have tried using the username alone, the domain\username, and the email address. I believe that the Search base is correct (DC=mydomainname,DC=com), and I did not change any defaults for sAMAccountName (and I do not recall making any changes to those items when configuring the domain structure). Any assistance would be appreciated.

  Read the article

• Does Hotmail really offer two-factor authentication? [closed]

  - by Brian Koser

  I've read multiple news articles that claim Hotmail offers two-factor authentication. One of the articles describes Hotmail's system, saying ...whenever you go to Hotmail...you can choose to get a single-use code–a string of numbers that will be sent via text message to your phone–to use instead of your password. Is this an accurate description of Hotmail's system? If so, does Hotmail really offer two-factor authentication? If you can use either your password or a single-use code, it seems to me that it does not. Is this system really more secure than just having a password? Doesn't this just make an additional "key" available to a hacker? (I must be wrong here, I know the folks at Microsoft are much smarter than I am).

  Read the article

• Industry Standard DNS & Authentication?

  - by James Murphy

  I'm just curious as to what is considered industry standard when it comes to doing DNS and authentication on an environment with mainly linux machines? Do people use Windows DNS & Windows AD to do it all if they have at least one windows server (well - alot might, but should they)? Does ANYONE use hosts files or local only user accounts on each server? What would people like Facebook/Google use for their DNS and authentication on their servers? We have an environment where we have about 10-15 linux servers and 1-2 windows servers. We are currently using Windows AD and Windows DNS but it doesn't seem like it's the most secure/stable/scalable way to do it for a mainly linux environment? We use RHEL as our linux environment.

  Read the article

• Authentication in Apache2 with mod_dav_svn

  - by Poita_

  I'm having some trouble setting up authentication in Apache2 for a SVN repository that's being served using mod_dav_svn. Here is my Apache config for the directory: <Location /svn> DAV svn SVNParentPath /var/svn/repos AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dev.passwd Require valid-user </Location> I can use svn with the projects under /var/svn/repos, so I know that the DAV is working, but when I do svn updates or commits (or anything), Apache doesn't ask for any authentication... It does the exact same thing whether the Auth directives are there or not. The permissions on the repository directory (and all subdirectories/files) only give permission to www-data (the Apache2 user/group). I have also ensured that all relevant modules are enabled (in particular mod_auth is enabled, as are all mod_dav* modules). Any ideas why svn commands aren't authenticating? Thanks in advance.

  Read the article

• Update saved password for basic authentication using a script

  - by Kalamane

  I have a website that uses basic authentication as described on this webpage. Each of the computers I manage have the password saved in their browser. There is only one username and password for this. After someone logs in to the site this way, they are presented with their individual username and password prompt as part of the web page. The purpose of the initial username/password is to discourage non-technical employees that aren't supposed to be using the page from even viewing it. So far, when we've had to change this password, I've manually gone to each computer and updated the saved password. I'm writing a startup script to configure other aspects of these systems so that I can maintain them easier. I'd like to be able to update the saved password via this script. The operating system running on these machines is Windows XP SP3 and the browsers they're using to access this site are IE8 and IE9. How can I update the saved basic authentication information for a website via a script?

  Read the article

• Logs being flooded from Squid for having intercepted and authentication enabled together

  - by Horace

  I have done some hefty Google'ing and I can't seem to find a single solution to this issue that I cam currently experiencing. Here is a sample configuration from squid that I have: # # DIGEST Auth # auth_param digest program /usr/sbin/digest_file_auth /etc/squid/digpass auth_param digest children 8 auth_param digest realm LHPROJECTS.LAN Network Proxy auth_param digest nonce_garbage_interval 10 minutes auth_param digest nonce_max_duration 45 minutes auth_param digest nonce_max_count 100 auth_param digest nonce_strictness on # Squid normally listens to port 3128 # Squid normally listens to port 3128 http_port 192.168.10.2:3128 transparent https_port 192.168.10.2:3128 intercept http_port 192.168.10.2:3130 As noted above, I have three ports defined, 2 of them are transparent/intercept and one is a regular http port (which I use for authentication). Which works rather well in this configuration however my logs are getting flooded of this entry authentication not applicable on intercepted requests whenever a transparent connection is made. So far, I can't seem to find any documentation that would describe how to suppress these messages ?

  Read the article

• How to disabled password authentication for specific users in SSHD

  - by Nick

  I have read several posts regarding restricting ALL users to Key authentication ONLY, however I want to force only a single user (svn) onto Key auth only, the rest can be key or password. I read How to disable password authentication for every users except several, however it seems the "match user" part of sshd_config is part of openssh-5.1. I am running CentOS 5.6 and only have OpenSSH 4.3. I have the following repos available at the moment. $ yum repolist Loaded plugins: fastestmirror repo id repo name status base CentOS-5 - Base enabled: 3,535 epel Extra Packages for Enterprise Linux 5 - x86_64 enabled: 6,510 extras CentOS-5 - Extras enabled: 299 ius IUS Community Packages for Enterprise Linux 5 - x86_64 enabled: 218 rpmforge RHEL 5 - RPMforge.net - dag enabled: 10,636 updates CentOS-5 - Updates enabled: 720 repolist: 21,918 I mainly use epel, rpmforge is used to the latest version (1.6) of subversion. Is there any way to achieve this with my current setup? I don't want to restrict the server to keys only because if I lose my key I lose my server ;-)

  Read the article

• Kerberos authentication between 2 applications

  - by Spivi

  We work on a server 2003 and server 2008 R2 enviroment. I'm familiar with the basic usage of the Kerberos protocol where the protocol authenticates a client when he tries to use a shared resource (server, folder, printer, etc.). We have three distinct and independent .NET applications that we develop inhouse (app A, app B & app C) but they need to communicate for a given reason (A recieves messages only from B and C and C recieves messages only from B). Is it possible to configure the Kerberos services to authenticate messages/request between two .NET apps ? (Instead of a user-server authentication, we will have an application-application authentication)

  Read the article

• Authentication in Apache2 with mod_dav_svn

  - by Poita_

  I'm having some trouble setting up authentication in Apache2 for a SVN repository that's being served using mod_dav_svn. Here is my Apache config for the directory: <Location /svn> DAV svn SVNParentPath /var/svn/repos AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/apache2/dev.passwd Require valid-user </Location> I can use svn with the projects under /var/svn/repos, so I know that the DAV is working, but when I do svn updates or commits (or anything), Apache doesn't ask for any authentication... It does the exact same thing whether the Auth directives are there or not. The permissions on the repository directory (and all subdirectories/files) only give permission to www-data (the Apache2 user/group). I have also ensured that all relevant modules are enabled (in particular mod_auth is enabled, as are all mod_dav* modules). Any ideas why svn commands aren't authenticating? Thanks in advance.

  Read the article

• Authentication settings in IIS Manager versus web.config versus system.serviceModel

  - by Joe

  I'm new to ASP.NET :) I have a WCF web service, and I want to use Basic authentication. I am getting lost in the authentication options: In IIS 6 Manager, I can go in to the properties of the web site and set authentication options. In the web site's web.config file, under system.web, there is an <authentication mode="Windows"/> tag In the web site's web.config file, under system.serviceModel, I can configure: <wsHttpBinding <binding name="MyBinding" <security mode="Transport" <transport clientCredentialType="Basic"/ </security </binding </wsHttpBinding What is the difference between these three? How should each be configured? Some context: I have a simple web site project that contains a single .svc web service, and I want it to use Basic authentication over SSL. (Also, I want it to not use Windows accounts, but maybe that is another question.)

  Read the article

• Android WebView Authentication

  - by bobthemac

  I am having issues with authentication for my webview I have a https address that requires authentication but it isn't basic authentication. When I access chrome on my phone and go to this site I get a dialogue box that asks me for a username and password I want to do something similar but all the attempts at authentication I have made have failed using the what I have found as they all seem to be for basic authentication and I don't think this is what it is. any help is appreciated, sorry if this is duplicate but I have looked and found nothing similar .

  Read the article

• Spring-Security http-basic auth in addition to other authentication types

  - by Keith

  I have a pretty standard existing webapp using spring security that requires a database-backed form login for user-specific paths (such as /user/**), and some completely open and public paths (such as /index.html). However, as this webapp is still under development, I'd like to add a http-basic popup across all paths (/**) to add some privacy. Therefore, I'm trying to add a http-basic popup that asks for a universal user/pass combo (ex admin/foo) that would be required to view any path, but then still keep intact all of the other underlying authentication mechanisms. I can't really do anything with the <http> tag, since that will confuse the "keep out the nosy crawlers" authentication with the "user login" authentication, and I'm not seeing any way to associate different paths with different authentication mechanisms. Is there some way to do this with spring security? Alternatively, is there some kind of a dead simple filter that I can apply independently of spring-security's authentication mechanisms?

  Read the article

• Batch insert mode with hibernate and oracle: seems to be dropping back to slow mode silently

  - by Chris

  I'm trying to get a batch insert working with Hibernate into Oracle, according to what i've read here: http://docs.jboss.org/hibernate/core/3.3/reference/en/html/batch.html , but with my benchmarking it doesn't seem any faster than before. Can anyone suggest a way to prove whether hibernate is using batch mode or not? I hear that there are numerous reasons why it may silently drop into normal mode (eg associations and generated ids) so is there some way to find out why it has gone non-batch? My hibernate.cfg.xml contains this line which i believe is all i need to enable batch mode: <property name="jdbc.batch_size">50</property> My insert code looks like this: List<LogEntry> entries = ..a list of 100 LogEntry data classes... Session sess = sessionFactory.getCurrentSession(); for(LogEntry e : entries) { sess.save(e); } sess.flush(); sess.clear(); My 'logentry' class has no associations, the only interesting field is the id: @Entity @Table(name="log_entries") public class LogEntry { @Id @GeneratedValue public Long id; ..other fields - strings and ints... However, since it is oracle, i believe the @GeneratedValue will use the sequence generator. And i believe that only the 'identity' generator will stop bulk inserts. So if anyone can explain why it isn't running in batch mode, or how i can find out for sure if it is or isn't in batch mode, or find out why hibernate is silently dropping back to slow mode, i'd be most grateful. Thanks

  Read the article

• Invoking 'Hotkey Mode' in IO Gear's GCS632U KVM Switch

  - by Tim Visher

  Awhile ago I changed the switch port key to left control on my IO Gear USB Switch and I'd like to change it back to Scroll Lock. When I did this, I have some memory of believing that I had found an error in the documentation for the switch regarding how to enter Hotkey Mode. Per the instructions in the manual(PDF), I'm supposed to be able to enter Hotkey Mode by Holding Scroll Lock for 2 seconds, adding Minus on the keypad for one second, and then release Minus first and within a second release Scroll lock. Ignoring the strangeness and fragility of this process, I'm looking for confirmation that this indeed works for anyone else. I can't remember why I thought it was wrong but I clearly remember that I did (I even had a blog post that I was going to write about but it got lost in the sands of time). As an aside, I'd be interested in seeing if there is any way to force a reset for the switch without entering Hotkey Mode as that would do exactly what I'm trying to do and I wouldn't have to mess with Hotkey Mode. Thanks in advance!

  Read the article

• unable to boot into safe mode even after fixing registry

  - by Anirudh Goel

  I have a windows XP sp3 system which is affected by Sality Worm. The usual symptoms of taskmanager and regedit disabled were there, and i saw that i was unable to boot my system in safe mode. Then i found that the sality worm removes the SAFEBOOT keys from registry hive. So i downloaded this reg file from http://support.kaspersky.com/faq/?qid=208279889 and was successfully able to update the reg file to my system. But still when i hit F8 during boot and select safe mode option, it still restarts after loading mup.sys file. i don't know what more to do to get to safe mode. The virus is still there in dormant stage, i can verify that because taskmanager and regedit is not disabled after i restarted in normal mode and i could browse any site and it did not kill the browser process. I also ran the salitykiller from same link above and it healed all infected exe files. This is related to another question which i have asked here,but i don't see how a common solution can solve both of those problems. Any help folks? Thanks

  Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >