What is the best method for user authorisation/authentication in ASP.NET MVC? I see there are really two approaches: Use the built-in ASP.NET authorisation system. Use a custom system with my own User, Permission, UserGroup tables etc. I'd prefer the second option, because User is part of my domain model (and I have zero experience...
I have a web application that uses Integrated Windows Authentication to validate users. Most of them are remote and don't have access to a workstation to update their AD password. Rather than manually managing passwords my self, I'd like to put together a script so they can change them on their own. How would I update their windows pas...
I am trying to connect to a biztalk instance over the network, and not being all that successful. The SQL server with the biztalk databases on it has named pipes disabled. When I try to connect to the server that has biztalk installed, it gives a named pipes error. When I try to connect to the database server, it just times out and gives...
Typically, I always recommend using a cryptographically-strong random value as salt, to be used with hash functions (e.g. for passwords), such as to protect against Rainbow Table attacks. But is it actually cryptographically necessary for the salt to be random? Would any unique value (unique per user, e.g. userId) suffice in this rega...
I have to login in to various elements to retrieve some data, problem is each element has its own login credentials, I want to write all such data collection processes into one single program so that I dont have 10 different scheduled processes to look at. Did any of you have such a challenge, if so how did you go about it? I am right n...
I have been studying Oracle's mechanism for authenticating against a 10g database. Although it is less documented than its 9i counterpart, I have still managed to find many of its details on various web sites and blogs. One piece remains a mystery, however. Before I mention what is missing, let me explain what is known about the protocol...
I am building a web based application written in ASP.NET and Flex. One of my biggest challenges is implementing security for the application in a flexible and maintainable way. This challenge is compounded when different technologies are involved. I'll try to describe what I have below. The website is laid out as follows: /mydomain....
I have a home network which I access remotely quite a bit. But I'm worried about security. While I do have strong passwords, I'm worried that someone will acquire my password and use it to gain access. I heard about "one time passwords" and even got to use them at my university. We'd just press a button on a device (or run an applicatio...
Hi, I have an IIS website on www.example.com and a virtual directory at www.example.com/demo/ How can I use the authentication cookie from www.example.com in my virtual directory? ...
Hello all, Somebody please help me by modifying this code.In my login page i have three column Login,UserName,Password.In Login i have kept dropdownlist with two list item Admin and User.So when i Select Admin,UserName,Password it should go to desired destination page and when i select User,UserName,Password it should go to another des...
I have an ASP.NET app that writes files to a NETAPP. It's finicky, and the only way we could get it to work was to set <identity impersonate="true"/> and remove the <authentication.../> tag in web.config. This allows the app to write to the NETAPP (with the appropriate monkeying of permissions behind the scenes), but now my app can't tel...
There's a number of posts here on hashing of passwords and numerous recommendations on how to go about doing it, but before I go off and write something based on the suggestions here, is there a standard library I can use to save me some time (and potentially blushes, knowing how complex this stuff can be). My criteria is it has to work...
OpenID authentication is inherently browser based. If I wanted to allow an OpenID user to authenticate against an API for use in alternative clients, is there an accepted best practice for that? So if a user tried to log in with their OpenID into an iPhone app, for instance, how would that work? The only thing I can think of generatin...
This question crossed my mind after I read this post: “Common REST Mistakes: Sessions are irrelevant” If sessions are indeed discouraged in a RESTful application. How would you handle licenses in such application. I'm specifically referring to concurrent licenses model and not named licenses. i.e. the customer buys X licenses which mea...
I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to : Be sure that the particular user has logged in to Windows with some user entry. Check out some setup information for that user from the Active Directory With http://stackoverflow.com/questions/31394/java...
hello, I am currently working on a site that requires use of ACL and seen as I am using Zend it makes sense for my make use of there ACL class but I have little to zero idea of how to do this, I have read the docs but this has confused me further...basically all I want do is set up two user groups e.g. normal and admin, normal users ca...
I have some "kiosks" that run under machine specific AD accounts that I would like to deploy reports on. For security reasons I need to verify individual user credentials before allowing access to the reports. Is there a way to do this with reporting services?We are running Reporting Services 2005, but will be upgrading fairly soon. ...
Hi my project is to make an module enrollment system for our university. So I contacted the IT people in my university for details to authenticate students to the system we are developin using the existing university login. They give me some LDAP information, I don't know how I can use it in my project. For the project I'm using PHP,Mysq...
I have a web application which passes an authentication key to web services for security. to avoid Man In The Middle attacks, the IP address of every request is checked against the IP address from the initial authentication request. However, when accessed from a machine that uses a proxy server, the IP address is not necessarily the sa...
it seems there are 2 options when dealing with security permissions for views in mvc: either handle the permissions control logic in the controller and direct the user to the appropriate view... Or implement some form of security-aware HtmlHelper extensions that render (or not) appropriate form fields/data am i missing any other op...