This is something of a rant, as well as a question. There are some sites, like Facebook, where you would only want to be logged into one account at a time. But everything from blogging sites to email always force you to logout before you can login to another account. And I understand the security implications, and how it would make c...
I am working on designing an api/application structure to mimick facebook's for a project of mine. I am wondering what the best way of going about authenticating users is. For an app how do I give them the nessecaru credentials and how do I authenticate those credentials? ...
I have a web app that authenticates against a SQL DB and sets a cookie with credentials, like a "remember me" sort of thing. Part of the app involves using a bookmarklet to add things into your personal slice of another DB. This works fine if you authenticate and, in the SAME TAB, begin using the bookmarklet. However, if you authenticate...
i'm using form based authntication in my WAR. i want to implement a 'remember me' cookie so: 1) how can i intercept the authentication before user is redirected to the form? 2) say i checked the cookie and its fine, how do i actually login the user? ...
I posted days ago about access control to web service (http://stackoverflow.com/questions/390853/access-control-to-web-service). In short, I have an ASP.NET web service deployed on //service/webservice and I want my ASP.NET web application (app1) on the //web1 to access the web service with certificate authentication. I keep getting Syst...
Hi. Now I'm trying to work with System.Web.Routing. All is just fine, but I can't understand how to make form authentication work with url routing (return url, redirection, etc). Google says nothing. Help! :) UPD: I forgot - I don't use MVC. That's the problem. How to use rounig and form authentication without MVC UPD2: more about my...
I'm working on an IPhone application that works with a Google App Engine application. I manage to get logged by using a google account and I get the authentication token. I'm also able to GET data from the GAE service (I did it after reading another question written here) but now I need to POST data so I need to send the authentication t...
I understand that I can do browser authentication with Javascript, and then grab, say, an XML file with that javascript. My use case is a bit different though: There's a link on a webpage to a PDF on a different server. That server does browser authentication. The username and password are NOT secrets, in fact right now, we publish the l...
I wrote an application recently, which relies on OpenID for authentication. A lot of web applications these days are moving to OpenID, insofar that they already have userid/password authentication scheme, and OpenID is just an add-on. Since my application is a new one, I decided that it makes no sense to program separate authentication m...
My network has a kerberos server for username/password authentication. Machines that run my application have functioning kerberos clients, so users can use kinit, etc. How do I interact with the server programatically, from my own custom applications? The preferred language for an example is C. I want users of my application to authen...
My application needs to be designed so that an administrator can, via a web interface select if their users login via windows authentication or forms authentication. This means I cant specify the authentication mode in the web.config i.e.: <system.web> <authentication mode="Windows"/> </system.web> How do I approach this? ...
I have an authentication webservice which I pass a username and password to. This returns a bespoke credentials object to the requesting application. This credentials object is then used throughout the application (its passed to other service methods). public Credentials login (string username, string password) { } I have been asked t...
I'm aware of the risks of rolling your own user authentication scripts, but I'm also wary of using packages that don't seem to be actively maintained: the current version of PEAR LiveUser is almost a year old. Please recommend (and argue the case for) an actively-maintained user-authentication library which can be integrated into an exi...
I have implemented authentication systems for webapps several times over the years, but before I do it once more, I thought I'd ask if there's a canned solution I should know about. Last time I checked, there was no built-in Rails authentication system and the standard solution was the restful-authentication plugin. Is that still the ca...
We've successfully configured IIS to front 2 Tomcat instances using isapi_redirect.dll. It's doing everything smartly, and we've been very happy. Now, however, we're using one of the Tomcat instances to serve up web services through AXIS. This requires BASIC Auth, and .NET clients are failing. + .NET clients can bypass IIS by surfing to ...
Background: Customer X is a low-budget non-profit outfit that nonetheless has a lot of activity configured on virtual hosts, and the virtual hosts multiply very frequently. Customer X also has a lot of users and is interested in getting them over to a single sign on solution. This way, all the users can use the same credentials on all th...
Is there any framework/library for using ASP.NET Membership Provider with confirmation email, something ready to be used ? Standard functionality used on almost all public web sites. ...
If I am to follow What should a developer know before building a public web site? on authentication, then what options do I have ? I have never used PEAR, and I'm not about to start. I have read about phpGALC but have yet to try it. After the authentication do rights/access level kick in. I'm not a big fan of using a single tinyint val...
We're planning to use standard ASP.NET user authentication for our application. However, by default this requires us to have our user database on our web server in the App_Data folder. This is usually a big no-no for us - our databases are all behind the firewall and all access is done via a WCF Service layer. If the database was on a ...
I've got a server I'm in the process of setting up and I'm running into an Apache configuration problem that I can not get around. I've got Apache 2.2 and Passenger serving a Rails app with distributed asset hosting. This is the feature of Rails that lets you serve your static assets from assets0.example.com, assets1, assets2, and so on...