Search Results

Search found 15798 results on 632 pages for 'authentication required'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 84/632 | < Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91  | Next Page >

  • Why is it a bad idea to use ClientLogin for web apps in the Google API?

    - by Onema
    I just picked up the Google API today to allow some users of our site to upload videos to our own organization YouTube account. I Don't want our users to know our user name and password, but rather give them the option if they want to upload videos to youtube or not. If they choose to do it, they check on a check box and hit the submit button. I keep seeing over, and over in the Developers guide that ClientLogin, which to me looks like the best option to implement what I want to do, is not a good idea for user authentication in web applicaitons. The "AuthSub for web applications" doesn't seem to be the best mechanism for what I want to implement! Any ideas on what to do? Thank you

    Read the article

  • Security for web services only used from a Silverlight application?

    - by Lasse V. Karlsen
    I have googled a bit for how I should handle security in a web service application when the application is basically the data repository for a Silverlight application, but have gotten inconclusive results. The Silverlight application is not supposed to have its own user authentication, since it will be reachable only through a web application that the user have already authenticated to get into. As such, I was thinking I could simply add a parameter to the SL application that is a cookie-type value, with a certain lifetime, linked to the user in the database. The SL application would then have to pass this value alongside other parameters to the web services. Since the web service is hopefully going to be a generic web service endpoint, few methods, adding an extra parameter at this level will not be a problem. But, am I supposed to roll this system on my own? It sounds to me as this isn't exactly new features that nobody has considered before, so what are my options?

    Read the article

  • Using IPrinciple.Identity.Name as a key in a dataBase to identify user's rows.

    - by bplus
    I'm writing a small intranet app that uses Windows Authentication and Asp.Net MVC. I need to store various bits of data in a db against each user. As far as I can tell the IPrinciple object does not seem to have something like a unique id. So I was thinking I could just use User.Identity.Name as a unique value to identify rows in my db. Is this a bad idea? Is there an alternative to this approach? Thanks for any help.

    Read the article

  • More than one profile in Django?

    - by JPC
    Is it possible to use Django's user authentication features with more than one profile? Currently I have a settings.py file that has this in it: AUTH_PROFILE_MODULE = 'auth.UserProfileA' and a models.py file that has this in it: from django.db import models from django.contrib.auth.models import User class UserProfileA(models.Model): company = models.CharField(max_length=30) user = models.ForeignKey(User, unique=True) that way, if a user logs in, I can easily get the profile because the User has a get_profile() method. However, I would like to add UserProfileB. From looking around a bit, it seems that the starting point is to create a superclass to use as the AUTH_PROFILE_MODULE and have both UserProfileA and UserProfileB inherit from that superclass. The problem is, I don't think the get_profile() method returns the correct profile. It would return an instance of the superclass. I come from a java background (polymorphism) so I'm not sure exactly what I should be doing. Thanks!

    Read the article

  • Anonymous users support vs Google bot

    - by Andy
    I have a User class in my web app that represents a user currently logged in. Every time a user vists a page, a User instance is populated based on authentication data supplied in cookies. A User instance is created even if an anonymous user logs in - and a corresponding new record is created in the User table in the database. This approach allows me to save some state info for the current user regardless of its type. The problem however with this approach is the Google bot, and other non-human web organisms crawling my pages. Every time a bot starts to walk around the site, thousands of useless records will be created in the database, each of them only to be used for a single page. Question: what is the best trade off? How to support anonymous users, save their state, and don't get too much overhead because of cookieless bots?

    Read the article

  • Regarding Authlogic and page redirection.

    - by Paddy
    I am using authlogic for authentication in my Rails app. Have named routes for the frequent actions, viz: map.login "login", :controller = "user_sessions", :action = "new" map.logout "logout", :controller = "user_sessions", :action = "destroy" map.register "register", :controller = "users", :action = "new" map.edit 'user/edit/:id', :controller = "users", :action = "edit" But also in my routes.rb i have these automatically created REST routes too: map.resources :user_sessions map.resources :users The problem now is that a user can login from two different routes. Ex: From, http://localhost/login and also from http ://localhost/user_sessions/new. How do i restrict access only from the named route i have defined and not allow from user_sessions/new?

    Read the article

  • REST client website login

    - by Jordan
    I have written a REST service that uses WSSE as an authentication method but i want to be able to use this rest service through a browser by creating a website around the service. I want the user to be able to log in on the website then when they view, for example the "view users" page an ajax request is made to test.com/users and back comes the list. The part i'm trying to get my head around is the logging in/out on the website and keeping the user logged in across pages. Since in a true REST implementation there's no state held on the server, i can't use $_SESSION and now i don't know where to start! What is the best way to go about this? Do i still need to store session information on the server then possibly use cURL to make the request? Thanks Jay

    Read the article

  • Web Form based login in Java

    - by BrunoLM
    How can I block access to the site if a user is not logged in? Under web.xml Security I checked Form authentication then I selected Login and Error page, but I don't know how to block the access and redirect the user to the login page. Do I need a filter? If so, how can I get the login url I specified? And how should I call the validation method? I saw in some examples this code <form method=post action="j_security_check"> <input type="text" name="j_username" /> <input type="password" name="j_password" /> </form> What does it do?

    Read the article

  • ASP NET forms Authorization: how to reduce duration?

    - by eddo
    I've got a web page which is implementing cookie based ASPNET Forms Authentication. Once the user has logged in the page, he can edit some information using a form which is created using a partialview and returned to him as a dialog for editing. The action linked to the partial view is decorated as follows: [HttpGet] [OutputCache(Duration = 0, VaryByParam = "None")] [Authorize(Roles = "test")] public ActionResult changeTripInfo(int tripID, bool ovride=false) { ... } The problem i am experiencing is the latency between the request and the time when the dialog is shown to the user: time ranges between 800 and 1100 ms which is not justified by the complexity of the form. Investigating with Glimpse turns out that the time to process the AuthorizeAttribute (see snip) sums up to at least 650 ms which is troubling me. Looking at the Sql server log, the call which checks the user roles takes, as expected, virtually nothing (duration 0). How can I reduce this time? Am I missing some optimization?

    Read the article

  • single sign on in asp.net

    - by gopal
    Hi , We have developed implemented single sign on methodology to authenticate user. When a page is requested, if it is not authenticated then a login page will be redirected. Once they logged in the requested page will be shown. this is working when we don't assign a domain to the virtual directory. But when we assign the domain to virtual directory after the authentication the application is not redirecting to the requested page. We are using FormsAuthentication.GetRedirectUrl method to redirect the requested page. Why this is happening? How can we resolve this issue?

    Read the article

  • Best approach to store login credentials for website

    - by Zerotoinfinite
    I have created a site in ASP.NET 3.5 & I have only 2 or 3 user login IDs who can login to the website. What would be the best way to save these login details? Which of these approaches, or others, would be most suitable? Using Forms Authentication, and saving credentials (username and password) in web.config to create a text file in directory and modify it Which approach is best from a security and maintenance perspective? What other approaches are suitable for a login system for ASP.NET?

    Read the article

  • WCF server component getting outdated user name

    - by JoelFan
    I am overriding System.IdentityModel.Policy.IAuthorizationPolicy.Evaluate as follows: public bool Evaluate(EvaluationContext evaluationContext,ref object state) { var ids = (IList<IIdentity>)evaluationContext.Properties["Identities"]; var userName = ids[0].Name; // look up "userName" in a database to check for app. permissions } Recently one of the users had her user name changed in Active Directory. She is able to login to her Windows box fine with her new user name, but when she tries to run the client side of our application, the server gets her old user name in the "userName" variable in the code above, which messes up our authentication (since her old user name is no longer in our database). Another piece of info: This only happens when she connects to the server code on the Production server. We have the same server code running on a QA server, and it does not have this issue (the QA server code gets her correct (new) user name) Any ideas what could be going on?

    Read the article

  • asp.net impersonation identity: Where does it come from?

    - by Rising Star
    Here's a simple question I've been stuck on for a while. When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from? This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user: Httpcontext.Current.user System.Threading.Thread.Current System.Security.Principal.WindowsIdentity.GetCurrent It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config. I would like to know where the impersonated identity comes from.

    Read the article

  • Can SiteB Restrict Access Only to Users Authenticated on Site A? How?

    - by DaveDev
    I have recently been asked to estimate a piece of work which will provide functionality for authenticated users to access our site. The thing is, the user has to authenticate on a different site & domain to the one we are hosting. The user authenticates on SiteA.com and they are provided with a link to our site, SiteB. Only users who have authenticated on SiteA are allowed to access SiteB.com. I don't yet know what authentication system SiteA is using, but I thought I'd ask the community for some initial thoughts. Is this even possible? What do I need to consider? Thanks

    Read the article

  • Zend_Auth_Adapter_DbTable identity not unique

    - by volf
    For authentication on a website i use Zend_Auth_Adapter_DbTable. Everything work's fine, but Zend Framework only allow unique Identitys in the table. As an identity i use the mail-address from my users. The problem is, that there are more items in the table with this mail-adress. User can delete there account and so i don't delete the whole row, i only change the status to -2 or something else. active user has the status 1. i try to use it like so: $authAdapter = new Zend_Auth_Adapter_DbTable($db, 'user', 'email', 'password', "? AND `status`='1'"); $authAdapter->setIdentity($email); $authAdapter->setCredential($password); But it doesn't work. If i delete the inactive user with the same mail-address, everything work's. Why is that?

    Read the article

  • Best approach to store username & password

    - by Zerotoinfinite
    Hi All, I have created a site in asp.net 3.5 & my query is this that I have only 2 or 3 login Id (user) who can login to my website, then what would be the better way to save the login details. What I know I am writing below, please let me know which would be the correct approach to achieve this also if their is any nice approach to get this done: 1: to save username and password in web.config file 2: to create a text file in directory and modify it 3: To use form authentication Please let me know the approach I can use to solve it. thanks in advance P.S. : I have to create only 2-3 users, or in future may be 1-2 more, that's it.

    Read the article

  • How to set credential persistence permanent on Android

    - by doreamon
    My app has save login credential feature, so I store cookies for the next use after succeeding to sign in. However, after a time period, the session will be time out and cannot log in with the cookies any more. On iOS, after setting credential persistence to permanent, the app works nicely even after restarting the phone: [[challenge sender] useCredential:[NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistencePermanent] forAuthenticationChallenge:challenge]; On Android, I cannot find out such kind of this option. Here is from my HttpHelper class: ((AbstractHttpClient) HttpHelper.client).getAuthSchemes().register("ntlm",new NTLMSchemeFactory()); NTCredentials creds = new NTCredentials(user, pass, "", domain); ((AbstractHttpClient) HttpHelper.client).getCredentialsProvider().setCredentials(AuthScope.ANY, creds); The server is SharePoint so I have to deal with ntlm authentication by following this instruction If you have idea, please let me know. Thank you.

    Read the article

  • HWID locking a PHP page?

    - by Rob
    Currently I sell a program, that accesses my webpage. The program is HWID (Hard Ware ID) locked, and the only reason I use the program to access the webpage instead of direct access via a webbrowser, is so that I can use HWID authentication. However, I've just been told I can code a script to get computer information, such as hardware ID etc. Is this actually possible completely server-side? If so, can I do it with PHP? If not, what language would this be, and what functions would I have to look into for this?

    Read the article

  • Ruby on rails: Image downloads with Authentication/Authorization/Time outs

    - by ak1dnar
    Hi Guys, I'm having few doubts on implementing file downloads. I'm creating an app where I use attachment_fu with Amazon s3 to upload files. Things are working pretty well so far on uploading side. Now its the time to start the file downloads. Here is what I need, a logged in user search and browse for Images and they should able to add the files in to a download basket (Let's say its a Download Shopping Cart). Finally the user should be able to download these file(s) from S3 probably as a zipped file. Is there any plugin/gem where I can use for this?

    Read the article

  • WCF: Using Streaming and Username/Password authentication at the same time

    - by Kay
    Hi, I have a WCF Service with the following requirements: a) The client requests a file from the server which is transferred as a Stream. Files may be 100MB or larger. I need streaming or chucking or whatever to make sure that IIS is not loading the whole package into memory before starting to send it. b) The client will transfer an ID to identify the file to be downloaded. The user should be authenticated by providing username/password. c) While the username/password part of the communication needs to be encrypted, encryption of the downloaded file is optional for our use case. My other services, where I am returning smaller files, I am using the following binding: <ws2007HttpBinding> <binding name="ws2007HttpExtern" maxReceivedMessageSize="65536000"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </ws2007HttpBinding> But, as I said, that is no good for streaming (Message encryption needs the complete message to encrypt and that is not the case when streaming). So, I asked Microsoft support and I got more or less the following proposal: <bindings> <basicHttpBinding> <binding name="basicStreaming" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </bindings> <services> <service behaviorConfiguration="MyProject.WCFInterface.DownloadBehavior" name="MyProject.WCFInterface.DownloadFile"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicStreaming" contract="MyProject.WCFInterface.IDownloadFile" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyProject.WCFInterface.DownloadBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> When I use this, I get the following error message: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. I am using the Web Development Server so far (for production IIS7). I have two questions. a) How would you configure WCF to achieve the goal? b) If the MS proposal is good: What I am doing wrong, the error message does not really help me. Thanks.

    Read the article

  • Authentication and Login on 2 website

    - by xRobot
    Hi at all, I have 2 site: example.com and exampletwo.com I want that when a user login on example.com then he is automatically authenticated also on exampletwo.com How can I do that ? I use Django + Nginx on first website and Tornado framework + Tornado server on second website. Thanks ;) . P.S. If you don't know this platforms ( Django or Tornado or Nginx ), I accept also a solution for a generic PHP+Apache platform and then I will do some research :)

    Read the article

  • Cannot add Authorization field to HttpsUrlConnection in order to complete Basic authentication

    - by ES
    Hi, I'm using the Sun API HttpsURLConnection class, and have been trying for a day now to get it to send a simple request: URL url = new URL("https://thirdpartyserver.com/somelocation"); connection = (HttpsURLConnection)url.openConnection(); connection.setDoOutput(true); connection.setRequestMethod("POST"); if (doAuthorization) { Base64Converter converter = new Base64Converter(); connection.setRequestProperty("Authorization", "Basic " + converter.encode("username:password")); } OutputStreamWriter writer = new OutputStreamWriter(connection.getOutputStream()); writer.write("param1=100&param2=hello"); writer.flush(); writer.close(); I keep getting 401 from the third part server. When I look at the connection through the debugger, the method shows up as GET even though I set it to POST; the collection of request properties shows up as null. If I print the values out, the method shows up as POST, but the request parameters collection is still empty. I would love to be able to print the request and understand what's going on, but I could not figure out how to print the content of an output buffer. Any ideas? Thanks! ES

    Read the article

  • WCF how to pass token for authentication?

    - by Kevin
    I have a WCF service which would like to support basicHttpBinding and webHttpBinding. When the client successfully login, server will generate a token for client to pass to server on all the request make later. Question is how the client can pass the token to server? I don't want to add an extra parameter on every web method to hold the token.

    Read the article

  • Facebook canvas Iframe App authentication problem.

    - by itsoft3g
    hi, I am in the conversion process of facebook app from fbml to iframe. Now i am testing using few iframe pages. $user = $facebook->require_login(); It gives the current user logged in. Once it get the variable from the facebook.com it saves in cookie by the PHP API provided by facebook). I logged out using another tab of facebook and i tryed using my app without refreshing the whole site (by just using the links inside my app). It still gives the $user variable. It indicates that user has logged in instead of user logged out. Please help me out. I want my app secured. It looks my iframe app accessible when we select "open this frame in new window". I need a solution for this too. Thanks in advance.

    Read the article

  • Security and authentication in web services

    - by King
    Lets say we have a website that uses a web service for all of its functionality (i.e. retrieving and updating data from/to db), how does the web service authenticate requests? As I understand it, in a traditional java "website" a user provides a username & password, and upon validation a jsessionid is assigned to the user (client browser). Every time the client browser asks the website for something, the site checks for the jsessionid ensuring that the user is registered and authenticated. Is there a web services equivalent of this? If yes, what?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91  | Next Page >