Using php I authenticate a user, then behind the scenes,they are then again authenticated a second time with a single .htaccess username & password. This would be the same for all users, but I would not want them to have to enter a username and password again and they would now be allowed to enter the password protected directory. I pref...
is any solution to mark method like this [IsAuthenticated(true)] public ActionResult Profile() { return View(); } not call if (request.IsAuthenticated) ? ...
My question may be very silly but here it is. I went through this question. jassuncao has suggested to use custom binding created Yaron Naveh. Now that it is not a very secure way of authentication, my question is, what if I use Yaron's custom binding and put my service behind https? Will it still be unsecured? ...
I like to use wcf (windows communication foundation) with windows authentication. Do I need Active directory for this purpose? How the server knows about the identity of the client? If someone can found out the pass of the client that is using the wcf services, can he create the same user name on different computer and use the passwor...
We're creating a website where we will be giving out code snippets to our users which they can place on their own websites. These snippets contain a link a javascript include. When clicking the link, an iframe containing the login dialog to our site opens. The user then authenticates inside the iframe, does his work and when he leaves th...
can I make role based authorization when sending requests to an ASP.NET MVC backend system. I am calling action methods and expecting JSON results, however, some action methods are decorated with the [Authorize] attribute, others require some role privileges to be present. I certainly hope that passing authorization data with every reque...
I think everyone here would be knowing that, if I am logged in any of the google's website(i.e www.orkut.com), I don't need to authenticate again for www.gmail.com. How google is managing this. I think, it would be a cookie stored on user's browser. But, if it is a cookie, how different domains are able to read this cookie. What do you ...
google-app-engine-django/ claims to have an "App Engine compatible implementation of the Django authentication framework". Does this authentication work only with Google Accounts? Is it possible to register a user with a username/password and authenticate him/her with that username/password without that user having a Google account? I...
One of the new features of the client http stack in Silverlight 4 is the ability to supply network credentials. When I use this feature Windows shows a "Windows Security" message box that prompts the user for a login and password (text in the box is "The server xx at xx requires a username and password. Warning: This server is requesti...
Hi, Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication? For example: A website contains several other folders that contain parts of the overall application: /frontend, /backend, /login The bin folder is on the same level as these subfolder, i.e. the root o...
Is there some way to authenticate as a local (not network) user in order to copy files over the network in .Net? net use is not an option, and I can't seem to get LogonUser to work. Any ideas? [Edit] Here is some code: public class UserImpersonator : IDisposable { private WindowsImpersonationContext _impersonationContext; p...
Hi there! I'm having a problem with a site where I'm using the ASP.NET SQL Membership Provider. Everything works correctly upon first login. I.e., the user is directed to the login page, and upon successful login, they are sent the original page they requested. However, after they close the browser, and re-open it, the authentication...
Let's assume the following: I have an IIS web site set up IIS is configured to use Digest authentication I'm running an ASP.NET page The page has a code-behing assembly that overrides Page_Load When a user navigates to that page, I get a security prompt for the username and password. If the username and password are invalid (i.e. in...
Hi guys, I need to delete duplicate users in django (by duplicate I mean two or more users with the same email). If for instance there are three records like this: id email 3 [email protected] 56 [email protected] 90 [email protected] I need to delete records 56 and 90 and leave the oldest record id -> 3 Is there a way to quickly do this. Thanks ...
Hi, I would like to display the list of the authenticated users. On the documentation: http://docs.djangoproject.com/en/dev/topics/auth/ class models.User is_authenticated()¶ Always returns True. This is a way to tell if the user has been authenticated. ... You can know on the template side is the current User is authenticated o...
I have a Silverlight app that calls a WCF service, the service calls some stored procedures in an SQL db using Visual Studio 2008's Link to SQL class and returns the information to whatever called it. I have set up the compiled project (website with embedded app and the WCF service) on an remote IIS 7 server. I recompiled my local copy ...
I'm implementing an app using spring security 3.0.2 with OpenId login and registration. I can login succesfully, but if the user isn't registered i want to do: 1) Get some OpenId attributes like email and name. 2) Show to the user a registration form with just these two fields and the OpenId URI filled. I've been searching a lot but i...
I am getting the error "The return URL specified for request redirection is invalid" when using forms authentication. I found this thread that says this is a known issue with return URLs that contain colons (mine indeed contains a few). The workaround in that thread is to catch the error and use a default return URL ... hardly an accept...
We have an organization with several hundred internal users in Active Directory. We have some of our computer systems integrated with AD but have many disparate web applications scattered through the organization that have separate authentication and authorization mechanisms. In addition, we have about 60K external users who will event...
For ASP.NET MVC extranet applications, what are the pros and cons of using SQL Authentication instead of the ASP.NET Membership API to handle security? ...