Hi, I need to implement ACL based authentication mechanism for a device. This device can be accessed through various interfaces like web pages, TL1 (basically through some command prompt) etc. I need to keep ACL logic centralized so that request from any interface can be authenticated. ACL logic would basically check whether the logg...
Hi, I am working with asp.net website project that some of pages need authentication. I am using asp.net membership. I read some answers. e.g. make all of those pages in folder and create inner web.config that describe the privilege. This is one way solve the problem but I need way that is more fixable and effective. ...
First, a little background: It is no secret that I am implementing an auth+auth system for CodeIgniter, and so far I'm winning (so to speak). But I've run into a pretty non-trivial challenge (one that most auth libraries miss entirely, but I insist on handling it properly): how to deal intelligently with large-scale, distributed, variabl...
I am in a situation where my application has to read an XML file that another application will drop onto a specific location on the file system (on multiple platforms). I control the contents of this document. The other application is simply providing transport. I'd like to ensure that the document hasn't been modified in transit or f...
Suppose you want to add an extra layer of credentials on top of a SSL-encrypted login/password, but you don't want to increase complexity to the user. Is there a way to add the requirement of the possession of a dongle to web-server authentication schemes with existing cross-platform browser capabilities? In other words, to get access t...
We have a webpage that we provide to partner companies via an iFrame. The iFrame contains several javascript files that make ajax requests to our server for data. The iFrame itself requires an API Key that is keyed to the domain of the partner. This prevents the iFrame from displaying if it is installed on a domain that isn't register...
I add a web reference to my wse 3.0 service in Visual Studio 2005 and my intellisense shows the name of my service like MyServiceWse (it adds the WSE extension to the name). I also have access to SetClientCredentials() where I pass in my UsernameToken, everything works fine. In Visual Studio 2008 I don't have the proxy class with MySer...
Is there some sort of "built-in" authentication in WCF? I need to expose a web service to our clients so they can check status of their transactions. My initial thought was they would just use their normal Username and Password passed in as method properties. It would be over SSL, of course, but is this method of authentication not ...
I have Apache/SVN running on Windows 2003 with authentication via LDAP/Active Directory and a flat-file. It's working great except that any LDAP user can access everything. I'd like to be able to limit SVN repos by user or group. Ideally, I'd get to something like this: <Location /svn/repo1> # restricted to ldap-user1, file-user1, o...
Hello all, Simple way i am able to authenticate login page. How can i do that authentication in 3 tier architecture? please somebody send me the code that what should be in DAL,BAL,and GUI layers? Here is my simple code: Web.config: <authentication mode="form"> <form loginurl="Login.aspx"> <credential password Format="clea...
When a user logs in, I give them a cookie named auth with a value that is a GUID, which expires in 2 weeks. I save the hashed GUID in the database with a salt of their userID and then date when it expires. When a user accesses the site, I check for the cookie and log them in if it matches and hasn't expired in the database. At some poin...
I've been tasked with building a basic admin app. The app needs an ASP.NET front end which talks to a number of back end services using WCF. One requirement is that the users of the app are authenticated using Windows authentication. I can do this no problem if the app logic were contained in the ASP.NET app, but I have no idea how to p...
Hi, I'm having this problem with my dotnetnuke website where the .DOTNETNUKE cookie is being created twice, one for www.website.com and one for website.com. When a user logins in with a url of website.com and tries to access a page that is www.website.com it causes them to re-loggin with a new cookie for www.website.com. This results...
My use case is this, I want to call out to a webservice and if I am behind a proxy server that requires authentication I want to just use the default credentials... WebRequest.DefaultWebProxy.Credentials = CredentialCache.DefaultCredentials; Otherwise I'll just simply make the call, It would be very nice to determine if the auth is ...
I have a new website I'm working on that the client wants to keep a secret, but at the same time, I want to put an under construction page with some info on it. I would like to have everything except index.html require a user/password--index.html would be available to everyone. I have the following, but I'm not sure what I need to add: ...
We have a web page of a J2EE application, in which the user signs-in to the application. It contains a flash widget that needs to call services in the server, using the session that the user created. The web page passes the jsessionid to the flash widget, in order for the flash to use it to pass the authentication. However, the flash p...
We're experiencing some really strange problems with Integrated Windows Authentication with IIS and I'm not sure if I can see a pattern or not. We have a DNS-Cname record called Fred. We have an IIS website with Fred set as the host header. When I connect to this site I get prompted with a credential challenge. I would expect my credent...
I have a server set up with IIS, and my site has some pages which should allow anonymous access and some pages which should require the "Integrated Windows authentication". On the Authentication Method screen in IIS it looks like you can enable both "Integrated Windows Authentication" and anonymous access, but the documentation I've rea...
I need to build several Rails applications for one client. I would like to give them all the same user authentication system so that users will not have to remember separate login credentials for each app. These are strictly internal applications. OpenID is not an option for this organization. I am thinking of creating a central Rails a...
I'm designing a RESTful Web app that will provide an authentication system for several other apps. The other apps will query this app through HTTP and get back XML describing authenticated users. The authentication app needs to keep track of which users are allowed to do what on which applications. I'm working out the DB schema. Below ...