I'm using jQuery's ajax methods to interact with the Twitter REST API. Their API is a bit annoying, in that some actions will return a 401 HTTP status code. In that case, I just want it to fail, instead of displaying a login box. I've tried just providing an incorrect user:pass pair in the URL, in case that might suppress the dialog a...
I am writing a web app for a client. Users will have a one-time key that they will use to initially identify themselves to the app. Once the app verifies that the key is valid it will take them to a page where they can create a normal account to use for all subsequent logins. The create-account page should only be accessible after enteri...
Does something like OpenSSO (https://opensso.dev.java.net/) or ESOE (http://esoeproject.org/) exist for the .NET platform? ...
Hi, I'm using this code for login, but when I enter a username and password it just loads the page and the login page again is displayed. Why does this happen? <?php session_start(); if(!isset($_POST['username']) || !isset($_POST['password']) || empty($_POST['username']) || empty($_POST['password'])) { ?> <html> <h...
Some existing web services I consume have methods that look something like this: List<Employee> employees = employeeService.GetEmployees(accessKey, allDepartments); The accessKey serves two purposes; it acts as both authentication and identification. Only valid access codes are responded to (authentication) and it services a...
what are the benefits of using HTTP authentication with PHP (HTTP 401 headers) instead of using a normal form submit authentication?? ...
I am developing an application where the security requirements for data transferred and access are fairly high. As I understand, Windows authentication is the preferred method for TCP over an intranet. How do you deal with situations where Domains are not used and only simple workgroups are available? (Some customers will not be using d...
This is for IIS 7 on a Windows Server 2008 that is not part of an AD domain. I would like to password protect a website, where people have to enter a username/password (a windows account for example) to view the website. The website would then use its own authentication method (forms) to handle user accounts and decide whether or not t...
Hello, I have to copy a file over to our local server using asp.net. The remote server uses Digest Authentication and will supply the credentials needed. How do I connect to their server in asp.net using digest authentication to copy a text file over to our local machine? thanks ...
Here's something similar to this question on general SSO best-practices. What is the best approach for dealing with a disabled or for-whatever-reason-unreachable central identity provider. If your website allows users to login with their centrally-stored credentials, and the central service is not working or unreachable do you: Allow u...
CakePHP's AuthController assumes you have a Users table that contains a username and password. I'd like to find a way to override the default tablename from Users to Accounts. Background Information: The way I have designed my database is to have a Users table and an Accounts table. Accounts : id user_id username password authentica...
Hi, is it possible to clear the pool of the current processes' UnsafeAuthenticatedConnectionSharing pool, i.e. close all authenticated pooled connections? ...
I would like to use NTLM authentication with Tomcat so that Iexplorer send automatically both the user id+pwd to webapp. Is this possible? With "BASIC" authentication IE pops up the usual pwd dialog but I want to skip this dialog. ( Note, I use JNDIReal/ldap) ...
I have a solution with 2 projects. In the first project a I have a website with a Logon Control. In the second project I have a WCF project with an AuthenticatonService configured. What is the easiest way to integrate both? In other word, How do I call the Authentication Service from the login control? EDIT: OK, what I mean is that by ...
I have a .NET client application that needs to communicate with a server using two distinct user credentials. Lets say that the application runs two threads. When start running, every thread sends the user & password to authenticate and the server in return stores a cookie on the http session. The subsequent calls send the authentication...
What are the best practices for handling security i.e. Authorization and Authentication in Web Application? I am working on a web application, using WCF as SOA, there are more chances that in future individual component in my application can be integrated with some third party application. I am looking for a solution by which I can hand...
Hi, I'm looking to implement user login onto my site for the first time. I'm happy to either build my own solution, or implement something open source, however no package has been an obvious choice in my search so far. Equally, I'm fully aware that as an intermediate php programmer at best, I am highly likely to miss something obvious...
Hi, i want to protect my Java product by using some USB-based authentication and password management solution like you can buy it here: aladdin This mean that you have to connect a USB stick with a special software on it, before you can start your application. I would like to here some experience of users which have used hardware like ...
I read somewhere that currently urllib2 doesn't support authenticated https connection. My proxy uses a basic authentication only, but how to open an https based webpage through it . Please help me. Thanks. ...
We're using the standard ASP.NET authentication provider (AspNetSqlMembershipProvider as it happens) and the defualt password strength requirement is a little excessive for our needs. We require our users to enter a password that is alphanumeric at least (i.e, letters and at least one number mandatory, mixed case and non-alphanumeric ch...