I'm working on a webservice + AJAX interface, and I'm worried about authentication. This moment I'm passing username and password to the webservice as arguments, but I fear that this approach is highly insecure. I was told that ssl could solve my problem, but I want more alternatives. My webservice is written in php and my interface is ...
Assuming I have a client and a server java process running on the commandline. I want the identity of each to come from the windows process it is executing under (in order to associate permissions in AD groups). Assuming I have a working knowledge of setspn http://technet.microsoft.com/en-us/library/cc773257(WS.10).aspx How do I get th...
I want to do a simple role authentication in .NET - but am lost in the profusion of apis... I would like to have a web.config per directory with role access like: <authorization> <allow roles="admin"/> <deny users="*"/> </authorization> And in my login page, where I do FormsAuthentication.RedirectFromLoginPage I want to speci...
i want to validate a set of credentials against the domain controller. e.g.: Username: STACKOVERFLOW\joel Password: splotchy Method 1. Query Active Directory with Impersonation A lot of people suggest querying the Active Directory for something. If an exception is thrown, then you know the credentials are not valid - as is suggested ...
We have one web application (sharepoint) that collects information from disparate sources. We would like to be able to link users to the main websites of those various sources and have them pre-authenticated. I.E. they enter their credentials for the other sources (which are a number of different types LDAP, AD and home grown!) and we re...
I have a ASP.NET web application that I use to display MS reports using a Report Viewer. The reports are sitting on a remote server. I need to use windows authentication to connect to the reporting services, as I need to display the reports based on who is logged on the web application. I've searched on the net for a solution,but couldn...
We are working on a service that will have website access for stats and other tasks, but the majority of use will be through a client gem and rake tasks. What is the best way to handle authentication for both pieces. It looks like fiveruns_tuneup, getexceptional, New Relic and others have websites with username and pass, but use API key...
I have a domain and a group of sub-domains that require authentication to access. I am currently using mod_auth to authenticate users (mod_auth basic) at the domain.tld level. My goal is for single sign-on between the domain and all the sub-domains. Will these credentials carry on to the sub-domains automatically, or with a simple vhost...
My previous job involved maintenance and programming for a very large database with massive amounts of data. Users viewed this data primarily through an intranet web interface. Instead of having a table of user accounts, each user account was a real first-class account in the RDBMS, which permitted them to connect with their own query ...
Hi, Is there any way to get a String[] with the roles a user has in the JSP or Servlet? I know about request.isUserInRole("role1") but I also want to know all the roles of the user. I searched the servlet source and it seems this is not possible, but this seems odd to me. So... any ideas? ...
Hello Everyone, Here is how our Tomcat webserver is currently setup. We are using jsp for the webpages. /webserverpath/main (all public pages and the login page) /webserverpath/secure1 (private pages) /webserverpath/secure2 (private pages) /webserverpath/secure3 (private pages) I recently discovered that the authentication is very ...
Let's say that I'm considering designing a WCF service whose primary purpose is to provide broad services that can be used by three disparate applications: a public-facing Web site, an internal Windows Forms application, and a wireless mobile device. The purpose of the service is twofold: (1) to consolidate code related to business proce...
I know there has to be an obvious solution to this problem and I am missing it, so I would much appreciate someone enlightening me so I don't spin my wheels... I am writing an ASP.Net application that will interact with a service API (Evernote specifically). Evernote requires OAuth for security and before I can actually interact with t...
I see there are a few. Which ones are best maintained and easy to use? Or should I just write my own? ...
I normally in my projects use such these code: If user.IsInRole("Admin") Then deleteButton.Visible = True else deleteButton.Visible = False But I want to control roles, which can see this button in database. For this purpose how should database design be? Thanks. ...
I have an asp.net application directory, and I want to use anonymous authentication in the Directory Sercurity tab. If I use the pre-Windows 2000 style DOMAIN\USERNAME for the username, everything is fine. If I use the AD-style (UPN) [email protected], then I get a 401.1 failed login. I've tried a number of variations, but can't ge...
I'm a C# developer. I develop both Windows & Web Applications. I would like to build an Winforms application that has a role-based system. All users must in role/group(s). Then we assign permissions like "View, Add, Update,.." to role/group. The role/group is dynamic, so we let users to define it. Is there any frameworks and good sample...
I am a little curious to know about how OpenID authentication works. Is there any difference between OpenID authentication and the authentication which sites use exclusively for themselves? ...
What's the best way to authenticate and track user authentication state from page to page? Some say session state, some say cookies? Could I just use a session variable that has the ID of the user and upon authentication, instatiate a custom User class that has the User's information. Then, on every page, verify the session variable is...
I'm creating a multi-tenancy web site which hosts pages for clients. The first segment of the URL will be a string which identifies the client, defined in Global.asax using the following URL routing scheme: "{client}/{controller}/{action}/{id}" This works fine, with URLs such as /foo/Home/Index. However, when using the [Authorize]...