Swing Client authentication on Glassfish
Hi there, I have to authenticate a user in Glassfishv3 application server in a swing client. I can't find instructions on how to do so. Can anyone help me? ...
authentication
ASP.NET Authentication doesn't work
Hello everyone, I'm learning how to use the asp authentication, and I have created a test project for it. I have the Default page, the Login page and a Test folder with a Default page inside. I want that Default page accesible for everyone (so, without authentication) and the "Test/Default.aspx" private. My "Web.config" is like this: ...
How do I tell a WCF client proxy class to use windows authentication and the WindowsPrincipal of the allready logged in domain user as credentials?
I've got a WPF windows client that calls a WCF web service. The user is already logged in on the windows domain before starting the application and the WCF service uses windows authentication. I want the WPF client to use the WindowsPrincipal of the already logged in user when calling the WCF service. I do NOT want to create a new Netwo...
Why are my forms authentication tickets expiring so fast?
I'm using forms authentication in an ASP.NET application. I configure the FormsAuthenticationTicket to expire in 1 year but it actually expires after 1 hour or so. I can't figure out why. Here is all the code involved in the login process: public static bool Login(int id) { try { string s...
Authentication in CakePHP
how can i use myown login function to authenticate users in cakePHP because my users table structure is different from the cakePHP structure. even i overridden the login function it still executing the login function in parent class can any one provide me a solution for this?? thanks in advance ...
How to debug Validate(...) function at server side?
I am using wsHttpBinding with custom username authentication. Thus, I had override Validate(string userName, string password) function of the UserNamePasswordValidator class. My Validate(...) like this: public override void Validate(string userName, string password) { if (userName.Equals(string.Empty) || password.Equals(stri...
Is there a codeigniter auth class which allows face book login?
^ or whats the best auth class for codeigniter? ...
What's the difference between the timeout property specified in the Web.Config and the ExpiryDate property of the FormsAuthenticationTicket?
In the Web.Config we have a timeout property. Ex: <authentication mode="Forms"> <forms loginUrl="~/Login.aspx" timeout="2880"/> </authentication> When loggin in, we can specify a ticket expiry date. Ex: FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, id.ToString(), DateTime.Now, exp...
How can I do digest authentication with HttpWebRequest?
Various articles (1, 2) I discovered make this look easy enough: WebRequest request = HttpWebRequest.Create(url); var credentialCache = new CredentialCache(); credentialCache.Add( new Uri(url), // request url "Digest", // authentication type new NetworkCredential("user", "password") // credentials ); request.Credentials = creden...
Spring Security 2.0, Getting the authentication status of a user
I am working on a webapp which uses Spring security 2.0 (not the new one), which we don't have the Java sources, but we do have access to the jsp. What is the easiest way to tell if a user is authenticated (any role will do) from the jsp? Basically I want to display a different link depending on whether a user logged in or not. ...
Security: Brute-forcing GET-requests by URL?
Hi everybody, what should my concerns be if I we're about to make an application that handles logins the following way: http://api.myApp.example/printSomething/username/password/ How insecure is it compared to a normal login page that are based on POSTed user details (username+password)? Is there a difference? Thanks ...
HTTP authentication - How do I make the user overwrite Authentication data?
I know I can't logout an HTTP authentication. Overwriting through the Location: http://logout:[email protected]/ way seems to work on most browsers, except IE. I was wondering however if I could let the users overwrite the Authentication data. So say the user has some auth data in its browser, now they go to my /logout pag...
Is there Out-of-the-box authentication for ASP.NET Dynamic Data websites?
Hi All, I'm developing my first Dynamic Data website and I need very simple authentication (basically, you have access to the application or not - there is no field or table level requirements). I've found a number of articles about enabling authentication however these seems to focus on a more complex granular level of requirement. ...
Redirect to Denied page after Ajax Login
Hi, folks, In my asp.net website i use Ajax login(that the part of standart Ajax Extension for asp.net). When i don't login and try to access to the denied page, i got redirected to page http://mywebsite.com/AccessDenied.aspx?ReturnUrl=/Admin/default.aspx, after i've logged in and have permission to access denied page, i still stayed ...
Problem authenticating user for Subversion using Apache and Ldap
I'm trying to use Ldap authentication for a Subversion repository, accessed via Apache. Whatever I try, Apache generates the following error msg - authentication failed; URI /repos/branches/my-branch [ldap_search_ext_s() for user failed][Operations Error] I've used the AD explorer from Sysinternals to connect to my AD server, and can s...
IIS Windows Authentication issue in Silverlight 4
Wondering if anyone has encountered this authentication issue? My web server is running IIS7 on a Windows Server 2008 machine and the .NET 4.0 runtime. The virtual directory for my application has ASP.NET impersonation and Windows authentication turned on. Anonymous, Basic, Digest and Forms Authentication are turned off. "There was a fa...
How Ruby's authlogic is compared to Python's repoze.what/who library?
I am trying to understand architecture of authlogic and repoze.what/who libraries but I could get the first level architectural definition. repoze packages seems to use the zope modules at some level.. Are there any equivalent or easier authentication framework like authlogic available in python? (I do not use Django.. I use Pylons) A...
AMF Login over Spring security
Hi, I'm trying to return some custom Authentication data using the details and/or the principal fields from that interface (org.springframework.security.core.Authentication) but nothing happens. The data returned on the other side of the Channel Set includes only the name and the authorities list (as Strings), and it's not useful enoug...
invalidate a cookie on password change
I use cookies to manage user sessions in my Rails app. I recently found that when a user changes the password, the cookie does not get invalidated as expected. As you realize, this could be a great threat to security. How should I handle this problem? I want to expire or invalidate a cookie once the user changes the password. How do I do...
How safe is openID?
Is this something that can be used for highly secure information or should it be bypassed for a single site authentication system? This may be a stupid question (as it does not sound secure) but I would like some advice. ...