Search Results

Search found 6525 results on 261 pages for 'restful authentication'.

Page 89/261 | < Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >

  • Why second user login redirects me to /accounts/profile/ url?

    - by drupality
    I am using Django built in view for user login: url(r'^user/login/$', 'django.contrib.auth.views.login', {'template_name': 'users/templates/login.html'}, name='user-login'), After login when I goto user/login again I can login second time. I submit the form and getting: The current URL, accounts/profile/, didn't match any of these. I haven't declare this url in urls.py. What I am doing wrong? Why framework want to redirect to this url?

    Read the article

  • Restrict access to a specific URL, running on IIS7 / ASP.NET

    - by frankadelic
    I am deploying a public ASP.NET website on an IIS7 web farm. The application runs on 3 web servers and is behind a firewall. We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc. /admin/somepage.aspx What is the best way to control access to this page? We need to: Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks. Should this access control be done at the (a) network level, (b) application level, etc.?

    Read the article

  • Does CAS Support Application Level Impersonation?

    - by Rob Wilkerson
    I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and manage privileges (which are based on username). A new requirement has come up, though, that requires the original app to include, via an iframe, content from a second PHP app that is also CAS-enabled. Somehow, I need for the second app to know whether impersonation is happening in the first. I don't want to pass usernames around for security reasons, so I'm wondering whether I can offload the responsibility for handling impersonation to the CAS server which is shared by both apps. Thanks.

    Read the article

  • How can I log any login operation in case of "Remember Me" option ?

    - by Space Cracker
    I have an asp.net login web form that have ( username textBox - password textBox ) plus Remember Me CheckBox option When user login i do the below code if (provider.ValidateUser(username, password)) { int timeOut = 0x13; DateTime expireDate = DateTime.Now.AddMinutes(19.0); if (rememberMeCheckBox.Checked) { timeOut = 0x80520; expireDate = DateTime.Now.AddYears(1); } FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(username, true, timeOut); string cookieValue = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, cookieValue); cookie.Expires = expireDate; HttpContext.Current.Response.Cookies.Add(cookie); AddForLogin(username); Response.Redirect("..."); } as in code after user is authenticated i log that he login in db by calling method AddForLogin(username); But if user choose remember me in login and then he try to go to site any time this login method isn't executed as it use cookies ... so i have many questions: 1- Is this the best way to log login operation or is there any other better ? 2- In my case how to log login operation in case of remember me chosen by user ?

    Read the article

  • Sending data to a web site over HTTP

    - by sfactor
    i have a program that receives data from a wireless device over bluetooth...i now need to do some operations in the data and then send it to the website (web server!!!) as a .csv file...i also need to authenticate the device itself from it hardware address which is also obtained in the program.i am coding this in gcc linux compiler using C...can anyone tell me how do i go about doing this?

    Read the article

  • Can't sign into linkedin when using a QT4 (WebKit-based) browser?

    - by Inshim
    I started using the lightweight QT4 browser for some of the time on my Mac. Most simple websites, and even quite a few AJAX-heavy web apps, work for me flawlessly, including gmail (!) However, with LinkedIn, I can't even manage to sign in. Even when I change the useragent to one of a regular browser, it keeps kicking me out. Any ideas what could be wrong and for some workaround? Thanks!

    Read the article

  • twitter basic authorisation not working?

    - by Bunny Rabbit
    URL url = new URL("http://twitter.com/statuses/update.xml"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); conn.setDoOutput(true); String cridentials = new sun.misc.BASE64Encoder().encode((username + ":" + password).getBytes()); conn.setRequestProperty ("Authorization", "Basic " + cridentials); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(status); wr.flush(); wr.close(); why the above code for updating twitter status is not working ? i am running it on google app engine.

    Read the article

  • htaccess: only do [some lines of code] for one domain, no others.

    - by Coronatus
    Say I have a htaccess file shared by "dev.server" and "server.site.com". The first domain should allow all users to access it unchallenged (it only exists on my local development server). The second domain I want to authenticate users with Apache (NOT by database). The code to authenticate users is: AuthType Basic AuthName "Server Admin" AuthUserFile "/path/to/passwd" require valid-user What I can't do is make those 4 lines only matter if the domain is "server.site.com". How can I do this? I searched for something like <IfEnv HTTP_HOST "site.server.com"> but had no luck.

    Read the article

  • Using web.config directory security and extensionless urls

    - by Matt Brailsford
    Hi Guys, I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows: Members Members/News Members/Press Members/Movies Users should be able to have access to the members parent page, but not child pages. My problem is, because I am using extensionless URLs, the web.config thinks this is a directory and so access is blocked. Is there a way to say only restrict access for sub pages?

    Read the article

  • Self Authenticating Links in Django

    - by awolf
    In my web app I would like to be able to email self-authenticating links to users. These links will contain a unique token (uuid). When they click the link the token being present in the query string will be enough to authenticate them and they won't have to enter their username and password. What's the best way to do this?

    Read the article

  • Is it a bad idea to have a login dialog inside an iframe?

    - by AyKarsi
    We're creating a website where we will be giving out code snippets to our users which they can place on their own websites. These snippets contain a link a javascript include. When clicking the link, an iframe containing the login dialog to our site opens. The user then authenticates inside the iframe, does his work and when he leaves the iframe his session is closed. We've got it working allready and it's very slick. Our main concern though is phishing. The user has absolutely now way of veryifying where the login page is really coming from. On the other hand, phising attacks are also succesfull even if the user can see the fake-url in the address bar. Would you enter your (OpenId) credentials in an iframe? Does anyone know a pattern with which we could minimise the chances of a phishing attack?

    Read the article

  • How to implement a Client-side Ajax Login on Asp.Net MVC (A link to the solution for Asp.Net Webform

    - by Matt
    Hi, I'm trying to implement a client-side ajax login on Asp.Net MVC. I used to have this set up just fine on WebForms, but now that I've moved to MVC it's giving me some troubles. If you'd like a tutorial on Client-side Ajax Login for Asp.Net Webforms, it can be found here -- Easy, A++ Now... for some reason it's not working for Asp.Net MVC. I used the exact same tutorial as for the Webforms, except when it executes the ssa.login() (equivalently: Sys.Services.AuthenticationService.login()) it's not doing anything. I have alerts in both the onLoginComplete() function and the onError() function. As well I have an alert before the ssa.login gets called and right after... function loginHandler() { var username = $("#login_UserName").val(); var password = $("#login_Password").val(); var isPersistent = $("#login_RememberMe").attr("checked"); var customInfo = null; var redirectUrl = null; // Log them in. alert("try login"); ssa.login(username, password, isPersistent, customInfo, redirectUrl, onLoginComplete, onError); alert("made it here"); } The first alert fires but the second one doesn't which means the function is failing. Here's the function I pulled from Asp.Net Ajax to show you: function(c, b, a, h, f, d, e, g) { this._invoke(this._get_path(), "Login", false, { userName: c, password: b, createPersistentCookie: a }, Function.createDelegate(this, this._onLoginComplete), Function.createDelegate(this, this._onLoginFailed), [c, b, a, h, f, d, e, g]); } Anyone have any idea of why it's failing?

    Read the article

  • Login From Multiple OAuth Services, Keeping Profiles in Sync

    - by viatropos
    Given the following: I have an application that allows people to login through twitter, myspace, yahoo, and google User creates initial account by logging in through Google User logs out User logs back in using Yahoo. ...is there a recommended way for the application to associate those two accounts together? Stack Overflow has this functionality but it seems like they need the user to manually say "this account google account is associated with that yahoo one". Is there no way to do this automatically?

    Read the article

  • Parameters lost on login form submitted with post in JBoss

    - by Supowski
    My login page contains two forms: one for logging in and one for signing up. Shorten like this: <form name="LoginForm" id="LoginForm" method="post" action="j_security_check" > <input type="text" name="j_username" /> <input type="text" name="j_password" /> <input type="submit" value="Sing In" /> <form> <form name="SignUpForm" id="SignUpForm" method="post" action="/homepage" > <input type="text" name="loginName" /> <input type="password" name="password1" /> <input type="password" name="password2" /> <input type="submit" value="Sing Up" /> <form> I If 'Sing Up', than values of input are lost during processing and not passed into my Servlet. It works fine with GET, but than there is password in URL, so it's not the right solution :) Similar problem has been posted to community.jboss.org, but with no response: http://community.jboss.org/message/7150#7150. I'm using JBoss 4.3eap. Any help?

    Read the article

  • CakePHP ACO based on each entry

    - by Randuin
    I'm trying to make a blogging system but obviously certain users in certain groups should only be able to edit/delete their own posts/comments. How would I go about doing this in CakePHP? I followed the manual's basic Acl guide to setup my current Auth system.

    Read the article

  • Writing a custom auth system (like the default django auth system), use it to generate tables in DB

    - by dotty
    Hay all, I've been reading up on middleware and how to use it with a context object. I want to write a simple middleware class which i can use on my own applications, it will essentially be a cut down version of the django one. The problem i seem to have is that if i have INSTALLED_APPS = ('django.contrib.my_auth') in the settings file, all is well. I've also added MIDDLEWARE_CLASSES = ('django.contrib.my_auth.middleware.MyAuthMiddleware') in it and everything is fine. My question is, how would i make my middleware automatically generate tables from a models.py module, much like how the django auth does when i run manage.py syncdb? thanks

    Read the article

  • Problem logging in and changing permissions in Facebook

    - by kujawk
    Hi everybody, I've got a piece of code that logs into Facebook, gets a session, sets status_update and offline_access permission if they are not set, and gets a new session with the newly set permissions. This code used to work fine but now I'm getting error 100 "One of the parameters specified was missing or invalid" as a response to the second call to get session and I can't figure out why. Here's the sequence in detail: CREATE TOKEN restserver.php?method=auth.createToken&api_key=[our key]&v=1.0&format=JSON&sig=[sig created with our secret] response: new token LOGIN m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[token created above] login screen loads and user successfully logs in with their username/password. GET SESSION restserver.php?method=auth.getSession&api_key=[our key]&v=1.0&format=JSON&auth_token=token created above&sig=[sig created with our secret] response: session key with expiration date and a secret CHECK/AUTHORIZE PERMISSIONS restserver.php?method=users.hasAppPermission&api_key=[our key]&v=1.0&format=JSON&ext_perm=status_update&call_id=[proper id]&session_key=[key returned above]&sig=[sig created with secret returned for get session] response: 0 m.facebook.com/authorize.php?api_key=[our key]&v=1.0&ext_perm=status_update authorization screen loads and user authorizes Same steps for status_update CREATE NEW TOKEN Same steps as done to create the first token LOGIN m.facebook.com/login.php?api_key=[our key]&v=1.0&auth_token=[new token] user is already logged in, redirected to their homepage GET NEW SESSION restserver.php?method=auth.getSession&api_key=[our key]&format=JSON&auth_token=[new token]&sig=[sig created with our secret] response: error 100 - missing or invalid parameter. Of course it doesn't tell me which one. Anybody have any ideas what I'm doing wrong here? I tried skipping the second login and going right to creating the new session and that didn't work. The only thing that seems to work is logging out the user after they've authorized the permissions and having them log back in again. I'd like to avoid this if possible. Can you have two outstanding sessions at one time? This code used to work but I'm thinking maybe something changed on Facebook's end that I'm not aware of. Thanks, kris

    Read the article

  • how to allow unamed user in svn authz file?

    - by dtrosset
    I have a subversion server running with apache. It authenticates users using LDAP in apache configuration and uses SVN authorizations to limit user access to certain repositories. This works perfectly. Apache DAV svn SVNParentPath /srv/svn SVNListParentPath Off SVNPathAuthz Off AuthType Basic AuthName "Subversion Repository" AuthBasicProvider ldap AuthLDAPBindDN # private stuff AuthLDAPBindPassword # private stuff AuthLDAPURL # private stuff Require valid-user AuthzSVNAccessFile /etc/apache2/dav_svn.authz Subversion [groups] soft = me, and, all, other, developpers Adding anonymous access from one machine Now, I have a service I want to setup (rietveld, for code reviews) that needs to have an anonymous access to the repository. As this is a web service, accesses are always done from the same server. Thus I added apache configuration to allow all accesses from this machine. This did not work until I add an additional line in the authorization file to allow read access to user -. Apache <Limit GET PROPFIND OPTIONS REPORT> Order allow,deny Allow from # private IP address Satisfy Any </Limit> Subversion [Software:/] @soft = rw - = r # <-- This is the added line For instance, before I add this, all users were authenticated, and thus had a name. Now, some accesses are done without a user name! I found this - user name in the apache log files. But does this line equals to * = r that I absolutely do not want to enable, or does it only allows the anonymous unnamed user (that is allowed access only from the rietveld server)?

    Read the article

  • Lazy Registration: How to let a guest user start their workflow and prompt registration when they tr

    - by Brandon Cordell
    I'm wondering what I would do to go about letting a guest use my web application without registering, then if they attempt to save their work they are prompted with a registration. This will be in a rails application by the way. Can I just allow public access to part of the work flow, then when they save check if they're a registered user (by session value, or cookie?). If they aren't a registered user, save all their work into the session and let them fill out a sign out form. On successful registration automatically log them in and initiate the create on the db?

    Read the article

  • Hashes or tokens for "remember me" cookies?

    - by Emanuil Rusev
    When it comes to remember me cookies, there are 2 distinct approaches: Hashes The remember me cookie stores a string that can identify the user (i.e. user ID) and a string that can prove that the identified user is the one it pretends to be - usually a hash based on the user password. Tokens The remember me cookie stores a random (meaningless), yet unique string that corresponds with with a record in a tokens table, that stores a user ID. Which approach is more secure and what are its disadvantages?

    Read the article

  • Restricting access to records. Is claim-based permissions a good idea.

    - by Vitalik
    in .net Claim-based identity framework If i wanted to restrict users to do an operation (view or edit) on let's say an account, a particular account #123456.(i am talking about business entity, like a bank account.) Is it a good idea to create a claim for each account they can view or edit? Any disadvantages of having a lot of claims in a set? a system admin might have access to all accounts in the system thus creating hundreds of claims (maybe more than one for each account)

    Read the article

  • Problem with skipping login validation for authlogic

    - by Andrei
    Hi, I want to use email for signing in, and to allow users to have similar names. One way to do this is to rename login/username field to something different. However, I want to do it just by setting up authlogic. I tried the following acts_as_authentic do |c| c.login_field :email c.validate_login_field false c.validate_email_field true end but it still complains that the login already exists. What must be done to avoid username validation without renaming the field?

    Read the article

  • Programmatically login to a website and redirect the user to the logged in page?

    - by Santhosh
    Hi, Right now, I have all the employees of my company login to an external website using the company id, username and a password. We are trying to integrate it into an intranet portal which should provide seamless access to this website without requiring the user to enter these credentials. Is there any way of doing this programmatically (.NET C#)? Very similar to screenscraping, Can I simulate the appropriate POST action and then redirect the user to the logged in page? Any help is appreciated. Thanks.

    Read the article

< Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >