If I have a users 6 digit PIN (or n char string) and I wish to verify say 3 digits chosen at random from the PIN (or x chars) as part of a 'login' procedure, how would I store the PIN in a database or some encrypted/hashed version of the PIN in such a way that I could verify the users identity? Thoughts: Store the PIN in a reversible ...
As per the title really, just what can be done to defeat key/keystroke logging when authenticating access? I have just posted a related question (how-to-store-and-verify-digits-chosen-at-random-from-a-pin-password) asking for advice for choosing random digits from a PIN/password. What other reasonably unobtrusive methods might there be?...
Hello, I'm working on a Project where I run a Server that is basically a .Net C# Application with a SQL Server Express DB and will now use WCF for Webservice implementation and then there are Silverlight Clients that different Companies will use to interact with this Server. How do I implement User Authentication in a good and reliable ...
In the Apache log configuration it is possible to specify that the HTTP auth user name should be logged. Most PHP scripts have their own, cookie-based authentication. Is it possible in PHP to provide Apache with a HTTP auth username for logging purposes, even if the authentication is cookie-based? If yes, how would the code look like? If...
I'm using an ASP .NET Membership database to authenticate users in a web application. Users log in using their email addresses but something else is used in the Username field of the database. So on the login form, I fetch my users using Membership.FindUsersByEmail The problem is that this function uses a 'LIKE' in SQL and that SQL wi...
I can't decide which to use, they both look pretty similar. It's for a shopping cart script, so it has to be quite secure, what thinks you? ...
I noticed that most sites send the passwords as plain text over HTTPS to the server. Is there any advantage if instead of that I sent the hash of the password to the server? Would it be more secure? ...
I am having a problem very similar to this question here: Can I use NSURLCredentialStorage for HTTP Basic Authentication? The author of that question accepted an answer but later posted that the solution code was returning NSURLErrorUserCancelledAuthentication errors. I am using DIGEST authentication, but otherwise my code is doing the ...
Hello. How can I share login between multiple WPF applications? that is, if one application logs in to the server, I want other applications get logged in too, and if I log out from one application, other applications get logged out too. I know this can be done using cookies in ASP.NET applications. I've looked towards using 'Client ...
The title pretty much says it all. Note I'm talking about MS-CHAP v2, not v1. Also using EAP-TLS is not an option (that's why I'm asking this.) ...
which is the best gem for creating a login system? ...
Hello all, I plan to use two tables (i.e. guest and employee) to control which page is available to which user. The guess can sign up for an account while the employee cannot. The account of an employee can only be assigned by a system administrator. Here is the question I just found: Assume UserA is a employee and has 'login001' as ...
I have the following code in my appinclude.php file and for some reason the app keeps redirecting forever and firefox gives me an error that the redirect will never end. I am not sure if i am missing something but i have tried to change the redirect_uri to the directory on my server where the app is hosted but i get an error from facebo...
I would need to write an Authentication Module for IIS7 that behaves exactly like NTLM, but does some extra checking. The Module does NTLM against Active Directory (so that the module knows if the user is OK) and then needs to call another service to finally verify access. I have to do this in an Authentication Module because the actual...
Has anyone tried to test the Authlogic "Remember Me" functionality with Cucumber? I am not sure how to get webrat to "close a browser" to test persistence. Only thought is maybe it requires selenium? Is there a way to do without? ...
Hi guys, Whenever i try to access SSRS 2008 R2 through a URL i.e after being published on the net it always shows a login prompt when accessing the report. The problem does not appear on the developement enviroment. how do i prevent this login prompt from showing whenever i try to access a report. at present we are solving this proble...
I'm using the new HttpClient class, part of the WCF REST Starter Kit, to authenticate to Google's Map Data service. I've got my ClientLogin authentication token, but I'm not sure how to take this instruction: GET http://maps.google.com/maps/feeds/maps/userID/full Authorization: GoogleLogin auth="authorization_token" and make...
I'm building a social media app in Flash (AS3) that is tightly integrated with Facebook--all user accounts are handled via Facebook connect, and all Facebook connectivity is handled via a combination of the Javascript and AS3 Facebook APIs. I'm using Codeigniter on the backend for server-side data management, which includes tracking use...
How can I accomplish this using MVC.NET? I've found resources on the Internet about how to do it in ASP.NET, but I haven't found a way to do it in MVC.NET (I'm an MVC.NET newbie, though). I can generate a 401 response using [Authorize] attributes but I don't have any idea about what to do after that. [EDIT] After some playing around, ...
We have a C# .NET http handler that we are trying to secure by using X509 certificates that are shared between our structure servers and a customer's work stations. However, there is relatively little documentation on how to handle 509 cert authentication on the code level. The client's cert will be attached to the web request, and the...