My goal is to create a RESTful HTTP API (most likely hosted in IIS) to be used within a company's intranet that hosts Windows machines. The RESTful API will be created using WCF. Consequently, the WCF binding type is webHttpBinding. Fundamentally, the API consists of various resources e.g. http://domain/service1, domain/service2, etc, e...
I have written an IIS module (base IHttpModule) that does some custom (OpenAuth) authentication before preceding to my WCF REST service. I have extended GenericPrincipal to track my user, with an IIdentity, and set the context.User field to my new principal: application.context.User = principal However, when I receive the context in WC...
1) I am using a middleware to log users ipaddress,but this should happen only once,and also only after user is authenticated.How can I do this? 2)In my application,I have login for users which is different from admin login.Now,when admin clicks logout,he is directed to users login page.But,I want to direct to admin login page.How can I ...
Hi, I'm aware this has been asked a million times, but all I could find is either very simple scenarios or over-complicated ones that aren't of much use to me (like the huge MembershipProvider sample implementation at MSDN). Here's my problem : I have a database with a Users table. A User has a username, password and some other importa...
I'm trying to implement Nutch + Solr based search engine into my Etherpad installation. The main issue I'm having is that Nutch doesn't support POST authentication. Etherpad and Nutch are installed on the same machine, so an obvious solution would be to find a way to bypass authentication for localhost. This is where I'm stuck. I don't ...
Hay I was wondering if anyone knew a better way to do this. def login_user(request): username = request.POST.get('username') password = request.POST.get('password') user = User.objects.filter(username=username) if user: user = user[0] if user.password == generate_password(password): return H...
I would like to use form-based authentication as outlined in the book JavaServer Faces (O'REILLY). But instead of letting Tomcat manage the users, I would like to manage them myself: store them in a database etc. Can anyone give me a few pointers? Thanks in advance! ...
Hi, I'm working with an iPhone developer who does not have any Django experience, and I am relatively new to Django. I've built an existing Django app with a web interface that allows a user to log in and add books from our database to his personal library. We are trying to build an iPhone application that allows a user to authenticate ...
Which one is the best approach/method to implement security in J2EE?(JPA/JSPs) I'm working on a personal project so I can learn J2EE and I am a little confuse on how to approach the AUTHORIZATION and AUTHENTICATION process on my website. I have different roles and I don't want certain users to access certain parts of the website. So I'...
I'm writing Baby's First Web Application. My first task has been to set up an authentication system, which I think I've done okay on. I'm new to the whole thing, though, so: When the user reports that he's forgotten his password, I e-mail him a temporary replacement password in plain text. It's perhaps not the most secure way to handle ...
I wonder what is the optimal authentication method for services and webservices: user/password is sent on each request user/password is sent once to obtain an authentication code that will be sent on each request Is there any alternative? Which is better? Why? ...
I'm using git repo with git-http-backend. In apache2 I have location what needs authentication for clone and push actions. When I protected it location with AuthType Basic all works is fine, git passes authentication and can clone and push, but if I change type to KerberosV5 git can't access to repo with correctly credentials. If I'm us...
I wonder how gmail/Google keeps a user logged in even across sessions. And how (e.g. cookies) and what (e.g. time) do they use to decide to re-prompt the user for the login? ...
Do you know if is possibile to get the uuid, the result of [[UIDevice currentDevice] uniqueIdentifier], using a web app ? I need to access from iphone/ipad a web page using safari (and not UIwebview under application control) and I should identify the device using its UUID. For example I would like to send an email Message to a user con...
We are developing many WCF services that are hosted in IIS. (IIS 6.0 running on Windows Server 2003 SP2). These services are set up for REST. For an environment (DEV, CERT, PROD), we typically have many services per IIS server. Each service has its own login account that's assigned via the Application Pool. This works fine, but if we ...
I have a NAnt script that does a build and deployment of an ASP.Net application. This lives on a remote machine that many people log into to perform builds. (this is not automated for various reasons that are irrelevant) Upon success or failure of the Nant script, I have an email being sent out to a team distribution list, stating that...
We are using the “CAS” Single Sign-On system that was developed by Jasig. And trying to authenticate users against it for a SharePoint 2010 site. The main issue is that we are validating the user’s username and password on an external site that sends a “ticket” back to our SP2010 site via query string. Our app then revalidates this ti...
I'm developing an IFrame-based Canvas app. I'm hoping to use Adobe's AS3 API to do the lion's share of work with retrieving and displaying the user's Facebook information (my current goal is to display a list of friends). The AS3 API expects that three values be passed down to the Flash movie from the IFrame page: fb_sig_api_key fb_sig_...
I am not sure if this is the right place to ask this question or no but i could not find any other website. I want to give access of different applications using ActiveDirectory. Before you answer this question, let me explain you few things I know only the very basics of AD When i said application security, I meant that those applic...
Hello everyone, I am developing my Rails 3 application that uses Twitter OAuth and I am getting troubles because apparently I can't get the access_token, after clicking 'Allow' and Twitter redirecting me back to my application url, when I go to twitter.com/settings/connections I can't see my app there as authorized. I guess there is som...