Does anyone have any examples or advice for how to go about using oAuth to provide the authentication mechanism for an API that should be publicly exposed? Specifically I'm talking about being an oAuth provider for my own API, not integrating or authenticating with anyone else's API. For example, I wish to be able to issue API keys to...
Hi, When using the Service design pattern, do you usually place the logged in user, or user scope, as a parameter to the methods of the service interface, or do you call AutheticationService.getLoggedInUser() in the service implementation. What advantages/disadvantages do you find for each option? ...
What should be specified on the client side? Is this enough: binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Digest; //... cf.Credentials.HttpDigest.ClientCredential = new NetworkCredential("myuser", "mypass", "mydomain"); cf.Credentials.HttpDigest.AllowedImpersonationLevel = TokenImpersonationLevel.Imperso...
I'm building my startup and I'm thinking ahead for shared use of services. So far I want to allow people who have a user account on one app to be able to use the same user account on another app. This means I will have to build an authentication server. I would like some opinions on how to allow an app to talk to the authentication ser...
I'm looking into integrating with some external APIs that will improve website sign-in experience. RPX seems to be highly functional. The one issue that I have with it is that you can't link accounts unless you purchase the premium. With that said... Are there currently any viable alternatives to RPX? Strengths/weaknesses? ...
Hi folks, I wish to authenticate a user without having the page reloaded, and having the user submit a given form. However, the problem that I immediately run into here is that the authenticity token typically gets set when the page is reloaded. I need the authenticity token for the form submission, but i do not have it yet because t...
Since adding rpxnow to our website, less users are signing in. Are these readers worried about giving their (eg hotmail) password to a third party site? Has anyone found a good way to promote use of rpxnow (or other openid managers) as a secure method of authentication to non tech savvy readers? ...
Hi, I am working on Twitter login page validation. Now i have downloaded MGTwitterEngine package and implemented in my application. I have followed these steps in this Link. But i got the error:"error: OAuthConsumer.h: No such file or directory". I am struggling in this problem for last two days. How can i achieve this. Please guide me...
Hi, We are developing a web app that will have a pretty complex user and permission system. The general idea is that we have 3 levels of security: a simple user - that can only access basic data that is in a data repository a manager - that can open up data repositories a superuser - that can open up repository factories. each rep...
Hi everybody, I've got a piece of code that logs into Facebook, gets a session, sets status_update and offline_access permission if they are not set, and gets a new session with the newly set permissions. This code used to work fine but now I'm getting error 100 "One of the parameters specified was missing or invalid" as a response to ...
I'm new to mysql, I'm trying to run Wordpress inmy windows desktop and it need Mysql. I install everything with Web Platform Installer which provided by microsoft. I never seta root password for mysql and in final step of installing wordpressit askfor root password of mysql. What is the default password for root (if there is one) and h...
Using the current rails 2 I want users to be able to create an account from: traditional signup twitter facebook and then allow them to link facebook and/or twitter and/or traditional signup later. I read this http://www.themomorohoax.com/2009/02/21/rails-2-3-authentication-comparison and decided to check out: Authlogic Restful ...
Hello all, Wer'e developing an ASP.NET C# application, which will contain an authentication system that authenticates users in multiple levels (user, admin, super-admin, etc.). Our idea is NOT to use the built in ASP.NET forms authentication feature. Our plan is to create a whole 'new' system for it- based on the Session object, and SQ...
Hi, I am in the process of devloping a facebook canvas application in php and FBML, and am having issues when it comes to setting up authorization for the application. I basicly do not kno how to go about it, or what the best method is. I have been searching around on the internet most of the day but either stummble on old API things, ...
I see many examples of using this by creating the standard .NET stub clients and consuming services that way. Can anyone point me in the direction of an example using the System.Web.ApplicationServices.AuthenticationService WCF authentication service being consumed by a mobile app? Thanks. ...
Whats the best way to enable users to log in with their email address OR their username? I am using warden + devise for authentication. I think it probably won't be too hard to do it but i guess i need some advice here on where to put all the stuff that is needed. Perhaps devise devise already provides this feature? like in the config/in...
I'm building a iPhone App, that communicates with a webserver (Java webapp) using REST (XML over http). In my prototype I used http's basic-authentication to allow access and identify the user, using username and password. Since there should be friendships and profiles in my app, I want to use facebook-connect so I don't have to implemen...
Here's a simple question I've been stuck on for a while. When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from? This document: http://msdn.microsof...
I have an issue when attempting to retrieve a dependency from a nexus repository when running ant with ivy. the dependency is never resolved, when running with verbose output the suspect line is '[ivy:retrieve] authentication: k='@' c='null'. I have tried many different variations of providing the credentials configuration to ivy, but ...