Search Results

Search found 320 results on 13 pages for 'unauthorized'.

Page 8/13 | < Previous Page | 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • DotNetOpenAuth DesktopConsumer with GData help needed

    - by DBa
    Hi folks, I am trying to get DotNetOpenAuth's DesktopConsumer to work with Google, with not much success actually... Here is what I am doing (reduced to essential code parts): myApp = new DesktopConsumer(google, tm); var extraParameters = new Dictionary<string, string> { { "scope", GetScopeUri(Applications.Calendar) }, }; AuthorizeForm af = new AuthorizeForm(); af.setAuthUrl(myApp.RequestUserAuthorization(extraParameters, null, out requestToken)); // This makes a webbrowser control in the AuthorizeForm navigate to the google page //which asks for login and authorization af.ShowDialog(); // Open the form, as modal var accessTokenResponse = myApp.ProcessUserAuthorization(requestToken, af.getVerifier()); // af.getVerifier gets the verificatino code which the user has to copy from the // webbrowser control to a textbox (if he grants the authorization, of course :D) HttpWebRequest req = myApp.PrepareAuthorizedRequest( new MessageReceivingEndpoint( "http://www.google.com/calendar/feeds/default/owncalendars/full", HttpDeliveryMethods.GetRequest ), accessTokenResponse.AccessToken); WebResponse rsp = req.GetResponse(); // Here I get the "401 Unauthorized" exception Any idea what I am doing wrong? Thanks in advance, Dmitri

    Read the article

  • Rails 2.x http basic authentication

    - by randombits
    I'm trying to get basic http authentication working on my Rails app. I'm offering a simple REST interface served by a Rails server, only xml/json output. Every method needs authentication, so I put the authenticate filter in ApplicationController: class ApplicationController < ActionController::Base helper :all # include all helpers, all the time before_filter :authenticate protected def authenticate authenticate_or_request_with_http_basic do |u, p| true end end end Even with having the method return true, I'm receiving a 401 from the server: $ curl http://127.0.0.1:3000/myresource/1.xml -i HTTP/1.1 401 Unauthorized Cache-Control: no-cache WWW-Authenticate: Basic realm="Application" X-Runtime: 1 Content-Type: text/html; charset=utf-8 Content-Length: 27 Server: WEBrick/1.3.1 (Ruby/1.9.1/2010-01-10) Date: Thu, 03 Jun 2010 02:43:55 GMT Connection: Keep-Alive HTTP Basic: Access denied. If I'm explicitly returning true, yet getting served a 401.

    Read the article

  • Using ClaimsPrincipalPermissionAttribute, how do I catch the SecurityException?

    - by Ryan Roark
    In my MVC application I have a Controller Action that Deletes a customer, which I'm applying Claims Based Authorization to using WIF. Problem: if someone doesn't have access they see an exception in the browser (complete with stacktrace), but I'd rather just redirect them. This works and allows me to redirect: public ActionResult Delete(int id) { try { ClaimsPrincipalPermission.CheckAccess("Customer", "Delete"); _supplier.Delete(id); return RedirectToAction("List"); } catch (SecurityException ex) { return RedirectToAction("NotAuthorized", "Account"); } } This works but throws a SecurityException I don't know how to catch (when the user is not authorized): [ClaimsPrincipalPermission(SecurityAction.Demand, Operation = "Delete", Resource = "Customer")] public ActionResult Delete(int id) { _supplier.Delete(id); return RedirectToAction("List"); } I'd like to use the declarative approach, but not sure how to handle unauthorized requests. Any suggestions?

    Read the article

  • WCF to WCF communication 401, HttpClient

    - by youwhut
    I have a WCF REST service that needs to communicate with another WCF REST service. There are three websites: Default Web Site Website1 Website2 If I set up both services in Default Web Site and connect to the other (using HttpClient) using the URI http://localhost/service then everything is okay. The desired set-up is to move these two services to separate websites and rather than using the URI http://localhost/service, accessing the service via http://website1.domain.com/service still using HttpClient. I received the exception: System.ArgumentOutOfRangeException: Unauthorized (401) is not one of the following: OK (200), Created (201), Accepted (202), NonAuthoritativeInformation (203), NoContent (204), ResetContent (205), PartialContent (206) I can see this is a 401, but what is going on here? Thanks

    Read the article

  • How to secure licensekey generation

    - by Jakob Gade
    Scenario, simplified for brevity: A developer creates an application for a customer. The customer sells this app to end-users. The app requires a license key to run, and this key is generated by the customer for each end-user with a simple tool created by the developer. The license key contains an expiry date for the license and is encrypted so the end-user can’t tamper with it. The problem here is that the developer (or anybody who has a copy of the license key generator) can easily create valid license keys. Should this generator fall into the wrong hands, it could spell disaster for the customers business. Ideally, the customer would have to use a password to create new license keys. And this password would be unknown to the developer, and somehow baked into the decryption algorithm in the application so it will fail if an attempt to use an unauthorized key is made. How would you implement a solution for this problem that is both transparent and secure?

    Read the article

  • How to verify mail origin?

    - by MrZombie
    I wish to code a little service where I will be able to send an e-mail to a specific address used by my server to send specific commands to my server. I'll check against a list of permitted e-mail addresses to make sure no one unauthorized will send a command to the server, but how do I make sure that, say, an e-mail sent by "[email protected]" really comes from "thezombie.net"? I thought about checking the header for the original e-mail server's IP and pinging the domain to make sure it is the same, but would that be reliable? Example: Server receives a command from [email protected] [email protected] is authorized, proceed with checks Server checks "thezombie.net"'s IP from the header: W.X.Y.Z Server pings "thezombie.net" for it's IP: A.B.C.D The IPs do not correspond, do not process command Is there any better way to do that?

    Read the article

  • Creating and debugging a Sharepoint Services 3.0 WebPart

    - by Filip Ekberg
    I am trying to create a WebPart for my locally installed Sharepoint Services 3.0 and I've followed various tips and guides to get it all working. However somewhere on the road I must have missed something or this is just not "in all the books". When creating an empty Sharepoint WebPart and just hitting F5 to debug it, I get the following message: Error 1 The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. 0 0 And as this article from microsoft suggests I did enable Negotiate, NTLM. But it's still not working, Any suggestions?

    Read the article

  • How to receive userinfo with google adwords api libraries

    - by PatrickvKleef
    I'm using the Google Adwords API libraries and I would like to receive the userinfo of the logged in user. I added the userinfo scope as followed: googleAdwordsUser = new AdWordsUser(); string oauth_callback_url = HttpContext.Current.Request.Url.GetLeftPart(UriPartial.Path); googleAdwordsUser.OAuthProvider = new AdsOAuthNetProvider("https://adwords-sandbox.google.com/api/adwords/ https://www.googleapis.com/auth/userinfo.email", oauth_callback_url, Session.SessionID); When the callback url is called, I'm trying to get the users emailaddress, but it isn't working, the error 'The remote server returned an error: (401) Unauthorized.' is thrown. string url = @"https://www.googleapis.com/oauth2/v2/userinfo?access_token=" + token; HttpWebRequest objRequest = (HttpWebRequest)WebRequest.Create(url); objRequest.Method = "GET"; HttpWebResponse objResponse = (HttpWebResponse)objRequest.GetResponse(); string result = string.Empty; using (StreamReader sr = new StreamReader(objResponse.GetResponseStream())) { result = sr.ReadToEnd(); } Does somebody knows how to fix this? Thanks.

    Read the article

  • Issues while downloading document from Sharepoint using JAVA

    - by Deepak Singh Rawat
    I am trying to download a file from Sharepoint 2007 sp2 document library using GetItem method of the Copy webservice. I am facing the following issues : In the local instance ( Windows Vista ) I can save only 10.5 Kb of any file. The webservice is returning only 10.5 Kb of data for any file. On the production server, I am able to List the documents using some credentials but when I am trying to download a document using the same credentials I get a 401 : Unauthorized message. I can download the document using the Sharepoint website successfully.

    Read the article

  • How to secure authorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • http_post_data basic authentication?

    - by kristian nissen
    I have a remote service that I need to access, according to the documentation it's restricted using basic authentication and all requests have to be posted (HTTP POST). The documentation contains this code example - VB script: Private Function SendRequest(ByVal Url, ByVal Username, ByVal Password, ByVal Request) Dim XmlHttp Set XmlHttp = CreateObject("MSXML2.XmlHttp") XmlHttp.Open "POST", Url, False, Username, Password XmlHttp.SetRequestHeader "Content-Type", "text/xml" XmlHttp.Send Request Set SendRequest = XmlHttp End Function how can I accomplish this in PHP? When I post data to the remote server it replies: 401 Unauthorized Access which is fine because I'm not posting my user/pass just the data. Bu when I add my user/pass as it's describe here: http://dk.php.net/manual/en/http.request.options.php like this: $res = http_post_data('https://example.com', $data, array( 'Content-Type: "text/xml"', 'httpauth' => base64_encode('user:pass'), 'httpauthtype' => HTTP_AUTH_BASIC ) ); the protocol is https - I get a runtime error in return (it's a .Net service). I have tried it without the base64_encode but with the same result.

    Read the article

  • What's the funniest user request you've ever had?

    - by Shaul
    Users sometimes come up with the most amusing, weird and wonderful requirements for programmers to design and implement. Today I read a memo from my boss that we need the "ability to import any excel or access data, irrespective of size, easily and quickly." From the same memo, we have a requirement to "know if anyone unauthorized accessed the system" - as if a hacker is going to leave his calling card wedged between an index and a foreign key somewhere. I think my boss has been watching too much "Star Trek"... :) What's the funniest user request you've ever had?

    Read the article

  • Can someone explain this block of ASP.NET MVC code to me, please?

    - by Pure.Krome
    Hi folks, this is the current code in ASP.NET MVC2 (RTM) System.Web.Mvc.AuthorizeAttribute class :- public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (this.AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback( new HttpCacheValidateHandler(this.CacheValidateHandler), null); } else { filterContext.Result = new HttpUnauthorizedResult(); } } so if i'm 'authorized' then do some caching stuff, otherwise throw a 401 Unauthorized response. Question: What does those 3 caching lines do? cheers :)

    Read the article

  • How to secure authiorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • Twitter @Anywhere oauth_bridge_code

    - by AngelCabo
    I'm having trouble with Twitter's implementation of an oauth_bridge_code for the @anywhere api. I've seen a few walkthrough's on how to use this functionality but I can't seem to get the request to work for me. I'm using Ruby on Rails with the oauth gem. My code is as follows: def callback consumer = OAuth::Consumer.new(APP_CONFIG['twitter_key'], APP_CONFIG['twitter_secret'], :site => "http://api.twitter.com", :request_token_path => "/oauth/request_token", :authorize_path => "/oauth/authorize", :access_token_path => "/oauth/access_token", :http_method => :post) request = OAuth::AccessToken.new consumer json = request.post("https://api.twitter.com/oauth/access_token?oauth_bridge_code=#{params[:oauth_bridge_code]}") end I keep getting 401 unauthorized responses from the signed post request even though this is supposed to be working according to this walkthrough: http://blog.abrah.am/2010/09/using-twitter-anywhere-bridge-codes.html and a presentation from Matt Harris on slideshare. Any ideas on what I'm doing wrong (besides possibly trying to hit functionality that may not be in place)? Greatly appreciated!

    Read the article

  • Software protection

    - by anfono
    I want to protect my software from being used without permission. I will provide it for free to the parties I authorize to use it. Anyone knows a good protection scheme against having it copied and run by unauthorized parties ? So far, I thought about introducing a key validation mechanism: periodically, the user needs to send me (web site query) a code based on which I generate a new code that app validates against. There is an initial code, and so I can track users... Thoughts ? Later edit: I changed the licensing part to avoid unfocused discussion.

    Read the article

  • WCF client using basic HTTP authentication

    - by AZ
    I'm trying to connect to a service that uses basic HTTP authentication. I've configured my binding like this <bindings> <basicHttpBinding> <binding name ="binding"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> and i'm setting the credentials like this: client.ClientCredentials.UserName.UserName = Settings.UserName; client.ClientCredentials.UserName.Password = Settings.Password; Sill when i make a request i get a "The HTTP request is unauthorized with client authentication scheme 'Basic'" fault back. What am i doing wrong? (i don't have control over the service so all solutions must relate to the client configuration)

    Read the article

  • Jquery .Ajax error when trying to POST data in ASP.NET MVC

    - by GB
    I am unable to access an action in my controller using .ajax. The code works on my development machine but as soon as I place it on the server it gives the error 401 Unauthorized. Here is a snippet of the code in the .aspx file... var encoded = $.toJSON(courseItem); $.ajax({ url: '<%= Url.Action("ViewCourseByID", "Home") %>/', type: "POST", dataType: 'json', data: encoded, //contentType: "application/json; charset=utf-8", success: function(result) { Update: The only time this doesn't work is when I pass json data to the Ajax call, it works fine with HTML data.

    Read the article

  • ASP .NET MVC Secure all resources

    - by Tim
    How to enable Authentication on whole controller and disable only for certain action methods. I want authentication for all resources. If I write something like that: [Authorize] public class HomeController : BaseController { //This is public [UnAuthorized] public ActionResult Index() { ViewData["Message"] = "Welcome to ASP.NET MVC!"; return View(); } //This is private resource public ActionResult PrivateResource() { return View(); } } Then anyone can access this resource. Do you have any ideas how to make it better way?

    Read the article

  • IIS Active Directory double handshake hickup

    - by AngryHacker
    I have a .net 2.0 click-once application that connects to IIS web services on Windows 2003 R2 64-bits. The IIS is setup with Integrated Windows Authentication. So whenever a web service call is made to IIS web services, there is a double handshake taking place: Client Request #1 GetEmployeeList Server Response #1 <- 401 HTTP/1.1 401 Unauthorized WWW-Authenticate: Negotiate WWW-Authenticate: NTLM Client Request #2 REQUEST Header... Server Response #2 <- 200 Data Received Lately, however, Server Response #1 will sometimes (a good 20 percent of the calls) take a massive amount of time (like 25 to 30 seconds). How do I debug this problem? Is this a Active Directory problem or a Domain Controller problem?

    Read the article

  • What is the best way to mock a 3rd party object in ruby?

    - by spinlock
    I'm writing a test app using the twitter gem and I'd like to write an integration test but I can't figure out how to mock the objects in the Twitter namespace. Here's the function that I want to test: def build_twitter(omniauth) Twitter.configure do |config| config.consumer_key = TWITTER_KEY config.consumer_secret = TWITTER_SECRET config.oauth_token = omniauth['credentials']['token'] config.oauth_token_secret = omniauth['credentials']['secret'] end client = Twitter::Client.new user = client.current_user self.name = user.name end and here's the rspec test that I'm trying to write: feature 'testing oauth' do before(:each) do @twitter = double("Twitter") @twitter.stub!(:configure).and_return true @client = double("Twitter::Client") @client.stub!(:current_user).and_return(@user) @user = double("Twitter::User") @user.stub!(:name).and_return("Tester") end scenario 'twitter' do visit root_path login_with_oauth page.should have_content("Pages#home") end end But, I'm getting this error: 1) testing oauth twitter Failure/Error: login_with_oauth Twitter::Error::Unauthorized: GET https://api.twitter.com/1/account/verify_credentials.json: 401: Invalid / expired Token # ./app/models/user.rb:40:in `build_twitter' # ./app/models/user.rb:16:in `build_authentication' # ./app/controllers/authentications_controller.rb:47:in `create' # ./spec/support/integration_spec_helper.rb:3:in `login_with_oauth' # ./spec/integration/twit_test.rb:16:in `block (2 levels) in <top (required)>' The mocks above are using rspec but I'm open to trying mocha too. Any help would be greatly appreciated.

    Read the article

  • ASP.NET Windows authentication with wrong identity over VPN

    - by Dilyan Dimitrov
    I have ASP.NET application with windows authentication. When I browse it from home over VPN (Cisco VPN Client) as a username in the windows identity I get "\" not the credentials from the AD of the server (the same that I am using to connect to the VPN) even though I fill them in the prompt for localhost authentication from the browser. This only happens with Firefox. In the IE and Chrome after the prompt I get 401.1 Unauthorized page from IIS. How to make IIS to use the right credentials or the problem is somewhere else? Any ideas?

    Read the article

  • Consuming Web Service via Windows Authentication

    - by saravanaram
    I am just trying to consuming a web service in remote computer using windows authentication however login credentials are different in local & remote computer. Code Snippet: Dim objproxy As New WebReference.Service1 'Create a new instance of CredentialCache. Dim mycredentialCache As CredentialCache = New CredentialCache() 'Create a new instance of NetworkCredential using the client Dim credentials As NetworkCredential = New NetworkCredential("username", "pwd","domain") 'Add the NetworkCredential to the CredentialCache. 'mycredentialCache.Add(New Uri(objproxy.Url), "Basic", credentials) objproxy.Credentials = credentials It is timing out but when i use mycredentialCache.Add(New Uri(objproxy.Url), "Basic", credentials) I get "401 Unauthorized" message, Please assist.

    Read the article

  • Security in HTTP Adapters

    - by Debopam
    I just started using IBM Worklight 5.0. I have been going through the HTTP Adapters recently and have successfully been able to Run as "Invoke Worklight Procedure". But I am stuck with the Adapter execution in the App. To my knowledge I think this is some kind of security issue where the client request to Worklight Server is unauthorized (401). Can any tell me or refer to some blog/website where there are steps to overcome this problem? I already got some of the websites but at this moment I am really confused on how to use them.

    Read the article

  • Setting custom HTTP request headers in an URL object doesn't work.

    - by Blagovest Buyukliev
    I am trying to fetch an image from an IP camera using HTTP. The camera requires HTTP basic authentication, so I have to add the corresponding request header: URL url = new URL("http://myipcam/snapshot.jpg"); URLConnection uc = url.openConnection(); uc.setRequestProperty("Authorization", "Basic " + new String(Base64.encode("user:pass".getBytes()))); // outputs "null" System.out.println(uc.getRequestProperty("Authorization")); I am later passing the url object to ImageIO.read(), and, as you can guess, I am getting an HTTP 401 Unauthorized, although user and pass are correct. What am I doing wrong? I've also tried new URL("http://user:pass@myipcam/snapshot.jpg"), but that doesn't work either.

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13  | Next Page >