Search Results

Search found 6525 results on 261 pages for 'restful authentication'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 87/261 | < Previous Page | 83 84 85 86 87 88 89 90 91 92 93 94  | Next Page >

  • Rails 3 Authenticity Token

    - by matsko
    Does anyone know how the authenticity token is managed in rails 3? With all the unobtrusive javascript rails 3 articles showing how the html5 data attributes are used I don't see the authenticity token anywhere.

    Read the article

  • MySqlDataReader giving error at build

    - by TuxMeister
    Hey there. I have a function in VB.net that authenticates a user towards a MySQL DB before launching the main application. Here's the code of the function: Public Function authConnect() As Boolean Dim dbserver As String Dim dbuser As String Dim dbpass As String dbserver = My.Settings.dbserver.ToString dbuser = My.Settings.dbuser.ToString dbpass = My.Settings.dbpass.ToString conn = New MySqlConnection myConnString = "server=" & dbserver & ";" & "user id=" & dbuser & ";" & "password=" & dbpass & ";" & "database=rtadmin" Dim myCommand As New MySqlCommand Dim myAdapter As New MySqlDataAdapter Dim myData As New DataTable Dim myDataReader As New MySqlDataReader Dim query As String myCommand.Parameters.Add(New MySqlParameter("?Username", login_usr_txt.Text)) myCommand.Parameters.Add(New MySqlParameter("?Password", login_pass_txt.Text)) query = "select * from users where user = ?Username and passwd = ?Password" conn.ConnectionString = myConnString Try conn.Open() Try myCommand.Connection = conn myCommand.CommandText = query myAdapter.SelectCommand = myCommand myDataReader = myCommand.ExecuteReader If myDataReader.HasRows() Then MessageBox.Show("You've been logged in.", "RT Live! Information", MessageBoxButtons.OK, MessageBoxIcon.Information) End If Catch ex As Exception End Try Catch ex As Exception End Try End Function The function is not yet complete, there are a few other things that need to be done before launching the application, since I'm using a MessageBox to display the result of the login attempt. The error that I'm getting is the following: Error 1 'MySql.Data.MySqlClient.MySqlDataReader.Friend Sub New(cmd As MySql.Data.MySqlClient.MySqlCommand, statement As MySql.Data.MySqlClient.PreparableStatement, behavior As System.Data.CommandBehavior)' is not accessible in this context because it is 'Friend'. C:\Users\Mario\documents\visual studio 2010\Projects\Remote Techs Live!\Remote Techs Live!\Login.vb 43 13 Remote Techs Live! Any ideas? Thanks.

    Read the article

  • How do you authenticate user generated "apps" for your app?

    - by Brian Armstrong
    I'm think something like Facebook apps here. User generated pieces of code that people can write to interact with my app. I understand how an authenticated API works, but this seems a little more complicated because not only does the APP have to authenticate itself (with a regular api-key) but the USER using the app has to be authenticated somehow too, without giving the app free reign. I've been reading a bit here to see how FB does it: http://wiki.developers.facebook.com/index.php/How_Facebook_Authenticates_Your_Application And it looks like you have to pass a signature in addition to the api-key along with every call, but I'm having trouble wrapping my head around how this gets generated and used on the other end (my server). Figure there must be a simple explanation of this out there? Thanks! P.S. I'm building a Rails app if there are any applicable gems/plugins.

    Read the article

  • Why does "request.getUserPrincipal().getName()" sometimes return a blank string?

    - by Marcus
    Has somebody an idea, why the getName method of the requests getUserPrincipal Method sometimes provides an empty String? Most of the time it returns the correct user name but not every time. This behaviour does occur randonmly. I can start the application, run the command and it works. The next time I start the application and run the command (exactly the same way as before!) it does not work... Any ideas?

    Read the article

  • Public ASPXAUTH cookie and security

    - by Bara
    Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx I have to make the ASPXAUTH string "public" in the sense that it will be in the HTML of the page. My question is, how secure is this? I understand that anyone that can get to the string in the HTML can probably get to it from the cookie just as easily, but let's say someone does have this ASPXAUTH string. Is it possible that they can login as another user using this cookie? Would they be able to decrypt it? Bara

    Read the article

  • How to integrate vBulletin auth with my site?

    - by Exel
    Hello, I need to use vBulletin auth system on the rest of my site. Does vB has any APIs for that? Im expecting to find something like that: if($vBulletin->isAuthenticated()) { // user authenticated } In case of vB does not have such API, is there any other ways to check if user is authenticated?

    Read the article

  • How to get Alfresco login ticket without user password, but with impersonating user with user principal name (UPN)

    - by dok
    I'm writing a DLL that has function for getting Alfresco login ticket without using user password, using only a user principal name (UPN). I’m calling alfresco REST API service /wcservice. I use NTLM in Alfresco. I’m impersonating users using WindowsIdentity constructor as explained here http://msdn.microsoft.com/en-us/library/ms998351.aspx#paght000023_impersonatingbyusingwindowsidentity. I checked and user is properly impersonated (I checked WindowsIdentity.GetCurrent().Name property). After impersonating a user, I try to make HttpWebRequest and set its credentials with CredentialsCache.DefaultNetworkCredentials. I get the error: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() When I use new NetworkCredential("username", "P@ssw0rd") to set request credentials, I get Alfresco login ticket (HttpStatusCode.OK, 200). Is there any way that I can get Alfresco login ticket without user password? Here is the code that I'm using: private string GetTicket(string UPN) { WindowsIdentity identity = new WindowsIdentity(UPN); WindowsImpersonationContext context = null; try { context = identity.Impersonate(); MakeWebRequest(); } catch (Exception e) { return e.Message + Environment.NewLine + e.StackTrace; } finally { if (context != null) { context.Undo(); } } } private string MakeWebRequest() { string URI = "http://alfrescoserver/alfresco/wcservice/mg/util/login"; HttpWebRequest request = WebRequest.Create(URI) as HttpWebRequest; request.CookieContainer = new CookieContainer(1); //request.Credentials = new NetworkCredential("username", "p@ssw0rd"); // It works with this request.Credentials = CredentialCache.DefaultNetworkCredentials; // It doesn’t work with this //request.Credentials = CredentialCache.DefaultCredentials; // It doesn’t work with this either try { using (HttpWebResponse response = request.GetResponse() as HttpWebResponse) { StreamReader sr = new StreamReader(response.GetResponseStream()); return sr.ReadToEnd(); } } catch (Exception e) { return (e.Message + Environment.NewLine + e.StackTrace); } } Here are records from Alfresco stdout.log (if it helps in any way): 17:18:04,550 DEBUG [app.servlet.NTLMAuthenticationFilter] Processing request: /alfresco/wcservice/mg/util/login SID:7453F7BD4FD2E6A61AD40A31A37733A5 17:18:04,550 DEBUG [web.scripts.DeclarativeRegistry] Web Script index lookup for uri /mg/util/login took 0.526239ms 17:18:04,550 DEBUG [app.servlet.NTLMAuthenticationFilter] New NTLM auth request from 10.**.**.** (10.**.**.**:1229) 17:18:04,566 DEBUG [app.servlet.NTLMAuthenticationFilter] Processing request: /alfresco/wcservice/mg/util/login SID:7453F7BD4FD2E6A61AD40A31A37733A5 17:18:04,566 DEBUG [web.scripts.DeclarativeRegistry] Web Script index lookup for uri /mg/util/login took 0.400909ms 17:18:04,566 DEBUG [app.servlet.NTLMAuthenticationFilter] Received type1 [Type1:0xe20882b7,Domain:<NotSet>,Wks:<NotSet>] 17:18:04,566 DEBUG [app.servlet.NTLMAuthenticationFilter] Client domain null 17:18:04,675 DEBUG [app.servlet.NTLMAuthenticationFilter] Sending NTLM type2 to client - [Type2:0x80000283,Target:AlfrescoServerA,Ch:197e2631cc3f9e0a]

    Read the article

  • ldap_bind_s returning LDAP_SUCCESS with wrong credentials

    - by rezna
    Hi guys, I have this little problem. I want to authenticate user against LDAP (Windows Active Directory), everything works OK, but the combination (good user, good password, wrong domain). LDAP* ldap = ldap_init(L"myserver", 389); ULONG ldap_version = 3; ULONG ret = LDAP_SUCCESS; ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, (void*)&ldap_version); ret = ldap_connect(ldap, NULL); SEC_WINNT_AUTH_IDENTITY ai; ai.Domain = (unsigned short*)BAD_DOMAIN; ai.DomainLength = wcslen(BAD_DOMAIN); ai.User = (unsigned short*)OK_USER; ai.UserLength = wcslen(OK_USER); ai.Password = (unsigned short*)OK_PASS; ai.PasswordLength = wcslen(OK_PASS); ai.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE; ret = ldap_bind_s(ldap, NULL, (PWCHAR) &ai, LDAP_AUTH_NTLM); // !!! HERE !!! ret = ldap_unbind_s(ldap); On the line marke '!!! HERE !!!' I'd expect 0x31 or any other error returned. Instead I get LDAP_SUCCESS :( Any suggestions? Thx, Milan

    Read the article

  • Facebook Flash app security?

    - by mhdouglas
    I'm developing a Facebook app implemented in Flash, and I'd like to authenticate communication between my app and my server. In other words, I'd like to guarantee that all communication with my server is coming from my app, which has been launched from within facebook by a valid facebook user. Does the Facebook actionscript API support this type of operation? Or am I on my own?

    Read the article

  • Bundler http auth support

    - by brad
    does anyone know if Bundler supports http auth? I'm pretty sure rubygems does (I think i read that somewhere) but I don't see anywhere in the docs where I might specify a username/pwd for a particular repo I'm trying to run my own private gem server so as not to expose sensitive code

    Read the article

  • FormsAuthentication.SetAuthCookie in OnAuthorization of custom attribute

    - by Prasad
    I am trying to set an auth cookie in OnAuthorization of my custom attribute in asp.net mvc(C#) application. when the session expires(New Session), i am setting an auth cookie again to make it available until the users logout. I have used the following to set the auth cookie, //set forms auth cookie FormsAuthentication.SetAuthCookie(strUserName, true); But when i check HttpContext.User.Identity.IsAuthenticated, it returns false. How to set an auth cookie in OnAuthorization of custom attribute?

    Read the article

  • How can I authenticate when using the Bugzilla Perl API in a script?

    - by Allan Anderson
    Working from the Bugzilla API, I've written a quick Perl script to clone a Bugzilla Product (recreating all the Components under their new Product). The Bugzilla Perl API is quite easy to use from the command line. I could have just worked on the database directly, but I wanted a longer-term solution. Another option was the webservice, but I thought I'd try using the API directly this time. The one problem I'm running into is authenticating as my Bz admin user so I can create the new components. Looking at Bugzilla's Bugzilla.pm file, I see that they just run login() from a Bugzilla::Auth object. I'm not sure how to get the username and password in there. I suppose I could just add the script to the Bugzilla admin interface... Can any of you point me in the right direction?

    Read the article

  • Django-allauth redirected to connections

    - by camara90100
    I'm using django-allauth to signup users with Facebook, and I'm setting the ACCOUNT_EMAIL_REQUIRED to True so when a user doesn't have email saved on his account I get redirected to the allauth/templates/socialaccount/Signup.html and when I use a test user to enter a valid email, I get redirect to "connections.html" which then asks me to choose one of the social accounts and remove it. and the form action method is set to 'connections url' so it becomes an infinite loop. anyone knows what's wrong? here's my settings SOCIALACCOUNT_PROVIDERS = \ { 'facebook': { 'SCOPE': ['email', 'publish_stream'], # 'AUTH_PARAMS': { 'auth_type': 'reauthenticate' }, 'METHOD': 'js_sdk' , 'LOCALE_FUNC': lambda request: 'en_US'}} ACCOUNT_EMAIL_REQUIRED =True ACCOUNT_ADAPTER = 'profiles.adapter.MyAccountAdapter' SOCIALACCOUNT_ADAPTER ='profiles.adapter.MySocialAccountAdapter'

    Read the article

  • Login for webapp, needs to be available for support staff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". Authorized licenseholders which does all setup themselves. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support: we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • FormsAuthentication.SetAuthCookie

    - by Miral
    hi we are using FormsAuthentication.SetAuthCookie(profile.Id, false); Now the question is when does this cookie expires? It ofcourse expires once i close all the browsers but it doesn't i keep the browser open and i dont know the timelimit.

    Read the article

  • How to retreive SID's byte array

    - by rursw1
    Hello experts, How can I convert a PSID type into a byte array that contains the byte value of the SID? Something like: PSID pSid; byte sidBytes[68];//Max. length of SID in bytes is 68 if(GetAccountSid( NULL, // default lookup logic AccountName,// account to obtain SID &pSid // buffer to allocate to contain resultant SID ) { ConvertPSIDToByteArray(pSid, sidBytes); } --how should I write the function ConvertPSIDToByteArray? Thank you!

    Read the article

  • how to decrypt a string

    - by Avinash
    Hi, How to restore the value of a string after using FormsAuthentication.HashPasswordForStoringInConfigFile() i have a string s1 = "abc" then FormsAuthentication.HashPasswordForStoringInConfigFile(s1, "SHA1") = A9993E364706816ABA3E25717850C26C9CD0D89D How can i decrypt "A9993E364706816ABA3E25717850C26C9CD0D89D" back to "abc"??

    Read the article

  • How can I validate/secure/authenticate a JavaScript-based POST request?

    - by Bungle
    A product I'm helping to develop will basically work like this: A Web publisher creates a new page on their site that includes a <script> from our server. When a visitor reaches that new page, that <script> gathers the text content of the page and sends it to our server via a POST request (cross-domain, using a <form> inside of an <iframe>). Our server processes the text content and returns a response (via JSONP) that includes an HTML fragment listing links to related content around the Web. This response is cached and served to subsequent visitors until we receive another POST request with text content from the same URL, at which point we regenerate a "fresh" response. These POSTs only happen when our cached TTL expires, at which point the server signifies that and prompts the <script> on the page to gather and POST the text content again. The problem is that this system seems inherently insecure. In theory, anyone could spoof the HTTP POST request (including the referer header, so we couldn't just check for that) that sends a page's content to our server. This could include any text content, which we would then use to generate the related content links for that page. The primary difficulty in making this secure is that our JavaScript is publicly visible. We can't use any kind of private key or other cryptic identifier or pattern because that won't be secret. Ideally, we need a method that somehow verifies that a POST request corresponding to a particular Web page is authentic. We can't just scrape the Web page and compare the content with what's been POSTed, since the purpose of having JavaScript submit the content is that it may be behind a login system. Any ideas? I hope I've explained the problem well enough. Thanks in advance for any suggestions.

    Read the article

  • Login with Kohana auth module - what am I doing wrong?

    - by keithjgrant
    I'm trying to login with the following controller action, but my login attempt keeps failing (I get the 'invalid username and/or password' message). What am I doing wrong? I also tried the other method given in the examples in the auth documentation, Auth::instance()->login($user->username, $form->password);, but I get the same result. Kohana version is 2.3.4. public function login() { $auth = Auth::instance(); if ($auth->logged_in()) { url::redirect('/account/summary'); } $view = new View('login'); $view->username = ''; $view->password = ''; $post = $this->input->post(); $form = new Validation($post); $form->pre_filter('trim', 'username') ->pre_filter('trim', 'password') ->add_rules('username', 'required'); $failed = false; if (!empty($post) && $form->validate()) { $login = array( 'username' => $form->username, 'password' => $form->password, ); if (ORM::factory('user')->login($login)) { url::redirect('/accounts/summary'); } else { $view->username = $form->username; $view->message = in_array('required', $form->errors()) ? 'Username and password are required.' : 'Invalid username and/or password.'; } } $view->render(true); }

    Read the article

  • How to transfer url parameters to repoze custom predicate checkers

    - by user281521
    I would like to create a repoze custom predicate checker that is capable to access url parameters and validate something. But I would like to use allow_only to set this permission checker in all the controller's scope. Something like: class MyController(BaseController): allow_only = All(not_anonymous(msg=l_(u'You must be logged on')), my_custom_predicate(msg=l_(u'something wrong'))) def index(self, **kw): return dict() then, my_custom_predicate should check the url paramters for every request in every MyController method, and do whatever it do. The problem is just that: how to allow my_custom_predicate to check the url parameters, using it in that way I wrote above.

    Read the article

  • Rails: Accessing the username/password used for HTTP Basic Auth?

    - by Shpigford
    I'm building a basic API where user information can be retrieved after that user's login and password are correctly sent. Right now I'm using something like this: http://foo:[email protected]/api/user.xml So, what I need to do is access the user/password sent in the request (the foo and bar) but am not sure how to access that info in a Rails controller. Then I'd check those variables via a quick User.find and then set those as the username and password variables for authenticate_or_request_with_http_basic. It's possible I'm looking at this at the completely wrong way, but that's where I'm at right now. :)

    Read the article

  • Rails creating a new session every page view

    - by danhere
    Hi everyone, I'm following the Agile RoR book somewhat to apply it to a project for school. It's going good until I get to sessions. I continually get Authenticity Invalid Tokens and when I look at my sessions table in the database, there's a new session being created every time I refresh the page. Is that right or is something messed up? Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 83 84 85 86 87 88 89 90 91 92 93 94  | Next Page >