authentication

android to django - how to authenticate users

Hi all I'm trying to get json data from a django view (login required) into a new android app I'm working on. I would like to authenticate the user against the django login and keep the cookie/session for all the django view calls to get data from the server. I did some googling but nothing helped me, even if I guess it should be a q...

zend framework question

Hi stackworld, Well heres my question. In my project im using a rest service to authenticate clients. That part is ok as I have used a simple authentication by hashing a user id and a password together. After the authentication I want to open to the users few other rest services through the modular scheme in zend framework. I am curre...

Setting an apache reverse proxy as a gateway between client cert authentication (mod_ssl) and basic authentication for backend server

Hi, I have a backend server that expects a Basic HTTP Authentication. I can't touch this server and its authentication mode. But, I'd like to replace this authentication by a client certificate on a reverse proxy in front of this server. This would make something like this : User --(ssl auth)--> ReverseProxy ---(Basic Auth with login)...

How do I get user email using Facebook Graph API in GAE Python?

I'm using Facebook Graph API on Google App Engine. I was able to fetch all the basic info from an user. However when I tried to fetch any user info that requires permission, email for exemple, it always appears as None. I've followed the whole tutorial available at the developers blog. Here's my code: class User(db.Model): id = db....

Deny certain controller action permission in CakePHP

The idea is quite simple. If you are not logged in, you have no access to any page beside the register and login page. If you are logged in, you have access to all pages except the register page. Now, half of this is achieved by using CakePHP's Auth Component. This restricts access when not logged, and allows access when logged. The pr...

PHP sessions; How should I solve this big security problem?

I am fairly new to sessions. I have a classifieds website, and users may chose to "EDIT" their classifieds. All they have to enter is a password which they chose when creating the classified. In the "edit.php" page, if the password is correct, the classified details show up. There is a picture upload tool, which reloads the page but u...

SSRS: Enumerate available reports - only works with UseDefaultCredetials

I'm trying to generate a list of available reports from an SSRS 2008 installation, using code as below: ReportingService2005 rs = new ReportingService2005(); rs.UseDefaultCredentials = true; CatalogItem[] items = rs.ListChildren("/", true); foreach(CatalogItem ci in items) { if (ddlReport.Type == ItemTypeEnum.Report) ddlRepor...

CAS authentication and limiting access for specified users

Hi, I'm using CAS (Central Authentication Service) from Jasig in a client JSF app running on tomcat 6 server. I would like to limit the access to the app just for the users specified in my database rather than all the users which can be authenticated using that CAS service. When the user attempts to log in, I need to check if his userna...

How to make authenticated request to wcf service hosted in sharepoint 2010?

Hello. I have a win-service what make calls to wcf-service, hosted inside sharepoint 2010. In wcf-service i access a SPList on the sp-site. But I can't access a list becouse of win-service uses anonymous call to wcf-service. How can i implement authenticated request to sharepoint wcf-service. My win-service runs under identities of the...

weblogic user authentication in java

in one web application, user will enter login and password. User is created in WebLogic server 10.3 I need to authenticat user in weblogic server. I was searching on google, i found there is some sample code on http://dev.bea.com/code for authentication through JAAS. I tried to access that web page but it seems page has been removed. ...

Web Application Security and Client Authentication

Consider the following implementation of Web app and Client - that uses Spring/Hibernate for the web app. The Application container is Tomcat Web App 1 (Primary) Web App 2 Web App 3 Web App 1, 2 and 3 expose services that talk JSON The Client is a normal browser, say there are 3 clients Client 1 Client 2 Client 3 The requirement of ...

MEF: Component authentication

I am building a Windows (Service) application that, in short, consists of a "bootstrapper" and an "engine" (an object loaded by the bootstrapper, which transfers control to it, and then performs the actual tasks of the application). The bootstrapper is a very basic startup routine that has few features that are likely to change. But the ...

Is it worth using the ASP.Net built in profile system?

I just discovered ASP.net uses its own profile system to register users and there seems to be a lot of features available as bonus with it (such as secure authentication). However it seems rather specific to have such a feature for a general purpose development environment and things which work in the background the way the profiles syst...

What is a secure way to pass login and password from a client to a server during authentication?

I've just set up a proxy and run all my request through that proxy. I investigated several different applications: they pass login and password pair raw, i.e. I can grab them from POST-request parameter. How should it be implemented to make it more secure? (I haven't investigated gmail and facebook yet, but I think they don't have thi...

Custom authentication from third party in ASP.net/MVC

I'm trying to wrap up a custom authentication system for internal use for a project I'm working on in MVC. We currently have a partner that hosts an external site with forms authentication. Certain sections of this site redirect to a section on our internal site. Passed along with this redirection is an id and a session id. They pr...

Using SMS as an authentication factor for a website.

Hello, This question is a follow up to a previous question I had http://stackoverflow.com/questions/2822885/im-trying-to-implement-2-factor-authentication-on-the-cheap-how-would-i-do-that I'm exploring the idea of using an android phone to SMS or robot talk a pin/token code to a user's home phone or mobile device. I'm looking at using...

receive application access token from Facebook

I'm trying to learn how to get an application access token from Facebook for my app. I'm sending a jquery reguest (in the firebug console) based on the data specified here (http://developers.facebook.com/docs/authentication/#client_credentials). I seem to get the response ( access_token = 'my_app_id|'+the_app_token ) but firebug se...

Securing Google App Engine Authsub callback url ('next_url')

I have run through the google example of using Authsub to retrieve Google feed data (http://code.google.com/appengine/articles/python/retrieving_gdata_feeds.html) If I understand correctly, it is possible for a malicious hacker to call the 'next_url' (which google auth service calls with your token) and inject their own token? Meaning ...

iis7 Challenge-based and login redirect-based authentication cannot be used simultaneously

I have an asp.net web site, earlier version of the application need to run in classic mode, the latest version can run in integrated mode. Generally the application is configured to use Forms Authentication but it can be configured to used Windows Authentication. There is a business requirement that even when running IIS in Windows Aut...

ASP - Biometric Authentication

Cheers, We started implementing biometrics authentication in our web system and came to a doubt. We're going to use a third-party solution for performing it which is going to be called via a web service. There are going to be four kinds of authentication: Regular one: username/password Challenge Fingerprint Cellphone All users will...