authentication

Getting started with Pylons

Hello, I am just starting to use a web framework. I have decided I really like python and started looking at web frameworks. I don't really like django for a few reasons, but from what I have tried so far I found I really like pylons. The problem I have is that I can't find that many articles/tutorials about pylons, especially 1.0 art...

ASIHTTPRequest Authentification

Hello everyone. I have discovered ASIHTTPRequest a few days ago and I'm now blocked on a thing. I would like to authenticate my self on an https address (https://user:[email protected]/0.1/userCom/?apikey=12432 ) I try this code : NSURL *url = [NSURL URLWithString:@"https://api.domain.com/0.1/userCom/?apikey=12432"]; ASIFormDataReq...

PHP on Windows: How to use web services with the logged on user's identity?

Hello, I have a Windows 2008R2 based intranet server running a PHP based intranet application in IIS. We want to improve the intranet now and integrate data from external systems, for instance data retrieved from the Exchange web services or information from a Sharepoint webservice. Log in for the users with their windows credentials wo...

Bouncing an Apache http auth proxy request to another device

I've got a hardware internet radio player which needs to play a stream which is behind an http auth (standard 401 request). Unfortunately, the device can't cope with http auth, you can't build the username and password into the link (eg: username:password@http etc - and besides, the server won't accept that) and it plays streams by call...

Dojo login to secure REST JAX-RS server

Hi All, I am using the JAX-RS REST service on a GlassFIsh server (JDK6 application). I secured my REST application with @RolesAllowed() annotations. I have a Dojo web client that need access to the REST resources. I am using FORM authentication on the REST server but happy to change it if there is a better way. When I access my resource...

Why is user.getRole() set as the GrantedAuthority in this Spring 3.0 authentication example?

I'm trying to understand Spring 3.0 authentication. In the code below, why is user.getRole() set as the GrantedAuthority? public final UserDetails loadUserByUsername(final String username) { final List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); UserAccount user = (UserAccount) memcacheService.get(userna...

What is the difference between ROLE_USER and ROLE_ANONYMOUS in a Spring intercept url configuration?

What is the difference between ROLE_USER and ROLE_ANONYMOUS in a Spring intercept url configuration such as the example below? <http auto-config="false" access-decision-manager-ref="accessDecisionManager" use-expressions="true"> <intercept-url pattern="/admin/**" access="hasRole('ROLE_ANONYMOUS')" requires-channel="http"...

Why is this BeanPostProcessor needed in addition to a UserDetailsService in this Spring 3.0 authentication example?

I'm trying to understand a Spring 3.0 application which contains the following BeanPostProcessor implementation. What is this code needed for? I thought the UserDetailsService was sufficient for getting and setting the User account information. @Service public class UserPassAuthFilterBeanPostProcessor implements BeanPostProcessor { ...

Example sites that use LinkedIn's API equivalent of 'Facebook Connect'?

Anyone know of any example sites that use LinkedIn's API as sign-up/registration service... similar to how 'facebook connect' is used. Can't seem to find many, if any, examples out there. I wonder why. Must be a good reason for the lack of sites adopting this method of authentication. ...

Facebook Iframe App - Strange Redirection Problems

When I'm doing a server-side redirection in a Facebook iframe application, I get the this strange Facebook Logo with a link. When I click it, I get redirected to site I set the redirection to in the first place. What happens here? Any "Click Protection" in place? Thanks! Redirection Code: Tried Client Redirect args = dict(client_...

Is there an alternative to hierarchical Spring security roles?

Can Spring roles only be defined in relative hierarchical terms as in this example? Is there any way to define the roles in absolute terms? <beans:bean id="roleHierarchy" class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl"> <beans:property name="hierarchy"> <beans:value> ROLE_ADMI...

ASP.NET - FormsAuthentication - unable to redirect after login

Hi, I am using Forms Authentication in my VS-2005 website. In case of wrong credentials or while explicitly requesting protected pages the website is able to redirect user to login page. However, when correct login credentials are provided the application is not able to redirect the user to the desired page. While debugging I found tha...

Google Apps and Open ID Authentication in Rails - Security

I'm moving an app to use only Google Federated Login (OpenID) for an application (we use google apps for everything and feel it would be easier to combine user management there). While I can successfully login and create users, my thoughts are now on security... When a user logs in I only have a "Log In" button - nothing else. The sit...

How to design User authentication for 2 servers

I need to authenticate a user from 2 servers. First, a user would be authenticated from Server A, on success, his AD (Active Directory) credentials would be authenticated to Server B (which is AD). Should, server A, send an OKAY signal to Server B (Active Directory) that server A has done with authentication and its okay. I am confused...

WCF REST RequestInterceptor authentication

I am trying to do some basic authentication in a WCF RequestInterceptor. I am using this article as a start. The problem I am running into is communicating between the interceptor and the service. Nothing I have tried seems to work. So far, I have tried: OperationContext.Current requestContext.RequestMessage.Properties[HttpRequestMess...

How to handle optional login in rails

I'm building a rails app where login is optional. In other words, many of the same actions/views/controllers/pages will work logged in or logged out. You simply get more functionality if you are logged in (like the app remembers what you've done). I'm currently using restful_authentication and role_requirement, and wondering which level...

Is existed Authentication and Authorization frmeworks for Java that support openId (except Spring security)?

Actually I am interested in Java AA framework that supports many types of A&A. I found that exist JAAS, but don't fond any information about OpenId support. Maybe there exists a module to use it? Spring security supports OpenId but I just want to see any alternative. Also I read that Spring Security is a little bit complicated. I think ...

What is the Best way for database desktop application permission managing ?

Many desktop applications use SQL tables to manage their users permissions and roles. In fact they restrict access to some parts of application in their application code. It means they need a constant connection string to SQL server with maximum permissions. My target is C# 2010, Sql Server 2005 or 2008. What if with any reason someone...

What languages can use the System.Net.CookieContainer class?

Hello, I'm working on a webservice that needs to be contacted from different clients. Since I never know what language the client will be using I was wondering if every language can retrieve and pass a Class of the type "System.Net.CookieContainer". Ex: I have a webservice that authenticates a client and returns a CookieContainer (this...

SSO / Authentication Server

I have a project with the purpose of exposing multiple web applications over the internet. These applications are build using IIS/DotNet and Apache/Php. The internet user should log-in in only one place, and then be able to access any aplication. What are the posible solutions to this scenario? One requirement is that changes to existin...