I've create Impersonation class which are include WindowsIdentity and WindowsImpersonationContext and I've add the Impersonation in my authentication application after the service is running for a while the lsass.exe process is consuming a lot of memory and CPU Could you please advice me how to solve this issue? public class Impersonat...
Hi What is the difference between a abandon Session and a cookie timeout, what if the session is abandon and the cookie is still alive, is that can lead to a problem? <sessionState timeout="1" /> <authentication mode="Forms"> <forms loginUrl="login.aspx" timeout="1" /> </authentication> Thanks ...
ok i have another question ! (god! i have so many questions) i have an application and a user must log-in before he/she can access pages. now once the user logs in i keep the user details in a session variable (say Session["CurrentUser"]). now if a user tries to jump to a page directly i will check if the Session["CurrentUser"] has a v...
I have been doing some research lately about best approaches to authenticating web services calls (REST SOAP or whatever). But none of the Approaches convinced me... But i still can't a make a choise... Some talk about SSL and http basic authentication -login/password- which just seems weird for a machine (i mean having to assign a logi...
I've got this function for encrypting passwords in Java, but somehow when I call MessageDigest, it returns a different result every time even though I call it with the same password. I wonder if I am initializing it wrong somehow. public String encrypt (String password) { MessageDigest md = MessageDigest.getInstance("SHA-1"); md...
Hi there: I am using Google account as authentication of my application. I am trying to use a RPC call to retrieve the user information using com.google.appengine.api.users.UserServiceFactory. So far I have something like: @SuppressWarnings("serial") public class MyAppImpl extends RemoteServiceServlet implements MyAppService { ...
i want to create users for my webapplication. im using symfony. i wonder if i should do that with sfDoctrineGuardPlugin or symfony's provided methods for this? // Add one or more credentials $user->addCredential('foo'); $user->addCredentials('foo', 'bar'); // Check if the user has a credential echo $user->hasCredential('foo'); ...
I'm working on a site that has a large proportion of users signing in via Facebook Connect, so they don't have a username and password for our site. We offer our own user-authenticated API using basic auth, but this doesn't allow facebook connect users to authenticate with clients using our API. Is there any way that doesn't break Face...
Hey, i need some help with rails, again! Last it was about Authlogic.. Well I'm gone a bit backward since.. I mean, Authlogic isn't a Authentcate system i like.. So now i wan't you guys to tell me what you think is the best! I going to use it to a project of mine. Where there has to be a few roles like Admin, User and Guest.. So might y...
I have to implement oAuth with DNN. How should i proceed? Should I use the existing oAuth libraries and just create a new provider for oAuth authentication or should i proceed otherwise? ...
Hi, We are designing a new intranet web app and will mostly likely integrate with Active Directory and provide a separate means of Authentication in the event that users outside the domain need access. [not v likely atm]. In an effort to do it right [and cut down on future support etc] we would like to design the user management in suc...
Hi In javascript alert(document.cookie); does not show the .ASPXAUTH Cookie although a sniffer is showing it, I need it because I have an AJAX Request to the server, the request should not take place when the user is already logged in, if I cannot check .ASPXAUTH for security reason, what I should do to check whether the user is alr...
I have an IIS 6 server hosting a website that is authenticated with NTLM. I would like to turn on anonymous access to most resources, such as css, icons, and javascript. I noticed, using Fiddler, that an NTLM handshake is occuring for all resources pulled from WebResource.axd and other HTTP handlers I am using. How do I turn authentic...
How can I block access to the site if a user is not logged in? Under web.xml > Security I checked Form authentication then I selected Login and Error page, but I don't know how to block the access and redirect the user to the login page. Do I need a filter? If so, how can I get the login url I specified? And how should I call the vali...
I have a problem creating authentication part for my application. Below is the simplified version of my controllers. The idea is that the MY_controller checks if session with user data exists. If it doesn’t, then redirects to the index page where you have to log in. MY_controller.php class MY_Controller extends Controller { function...
The exception is Remoting Exception - Authentication Failure. The detailed message says "Unable to read data from the transport connection: the connection was closed." I'm having trouble with creating two simple servers that can comunicate as remote objects in C#. ServerInfo is just a class I created that holds the IP and Port and can g...
Hi, Suppose i work in a company ABC.com and another parent company domain XYZ.com. What must I do to run the ASP.net application hosted in a machine at ABC.com but use the windows credentials of XYZ.com? Thanks in advance ...
I am using Apache to authenticate users for Django, but I would like to do so without the popup form that Apache uses in its basic configuration. How do I embed the login form within a page while still using Apache for authentication? That is, I'd like a page that says "Please login" and provides a form asking for username and passwo...
In the OAuth 2.0 draft specification, user-agent clients receive authorization in the form of a bearer token via redirection (from an authentication server) to a URL such as HTTP/1.1 302 Found Location: http://example.com/rd#access_token=FJQbwq9&expires_in=3600 According to Section 3.5.2 it is then the user-agent's job to GET the ...
Yes, yes, i know user and password. I need some trick in php to get logged into a website and retrieve some images/contents, like a normal website. Obviously with a curl o file_get_contents it doesn't work because i'm not authenticated. How i can do? The authentication is normal HTTP auth with POST. Edit: ok thanks for help it works...