Because form_authenticity_token is used to validate requests, is it redundant to use it when you're already checking whether a user is logged in? I.e., is form_authenticity_token really intended only for forms which are available to anyone, as opposed to forms exclusively for logged-in users? ...
I have a Silverlight application and want to use it, on Azure with Live ID web autentication. Now I search for a good tutorial or solution to use the Live Id Web Authentication in a Cloud application, to use it on Azure. Can someone help me? ...
I wrote a twitter application in Python. Following is the code I used for a module where I find if x is following y. This code can be obviously improved upon. A pythonic way to do that? import urllib2 import sys import re import base64 from urlparse import urlparse import simplejson def is_follows(follower, following): theurl = 'h...
I'm working on a registration process for an internal application. My initial design is below. My main question is whether it's really necessary to include a registration_confirmation_code. Does it protect the app from a realistic threat or just add unnecessary complexity? I'm not sure about that. User enters email address. Since th...
I'd like to customize the login error message that visitors get when their login attempt fails. In ASP.NET, you'd override the Login_LoginError event, as described in this 4GuysFromRolla article. Anyone know how to do this in ASP.NET MVC? Thanks in advance! ...
I've been given the task of finding and evaluating some authentication libraries for use in one of our products and one of the selling features being pushed by some solutions is "two-factor authentication". What is this method and how does it work? Are there better methods (such as three-factor authentication, I guess)? ...
How do I get username and password in webservice when I use vbscript code as below. call oXMLHTTP.open("POST","http://localhost:11883/ServiceCall.asmx/GetEmloyee,false,testUser,testPasword) ...
User Login functionality is very common to many applications. I would like to see how people implement this functionality in Object oriented way. I have a User and I need to validate the userId and password against a system(this could be ldap, database, etc.). So what kind of classes and operations you would create to achieve this funct...
Well, on my free time, I'm making this small web site. The site will not require to authenticate, only some actions (like leaving a comment) will require to do so. I would expect to have up to 100 (probably less) unique visitors a day. I don't really expect more than 50% to (bother to) register. Right now, I'm thinking of three possibl...
I had to ditch the basic WCF UserName/Pwd security and implement my own custom client credentials to hold some more info beyond what is provided by default. I worked throughthis MSDN article, but I'm missing something because it doesn't work. First, I have some custom ClientCredentials that provide a custom ClientCredentialsSecurityTok...
I'm having reports and complaints from my user that they will be using a screen and get kicked back to the login screen immediately on their next request. It doesn't happen all the time but randomly. After looking at the Web server the error that shows up in the application event log is: Event code: 4005 Event message: Forms authentic...
Typical ISP setup. One server is the web server, another is the DB SQL server. There is a local administrator account, let's say XYZ, created on both machines. So when I log in remotely, I am either WebServer\XYZ or DBServer\XYZ, depending where I log in. Now, when I login to SQL Server SSMS on DBServer using Windows Authentication, ...
My Java RCP application prompts the user for username and password upon start-up. How could I use these credentials to do authentication against the native OS without using JNI to port some C libraries? Thanks! PS. If possible, pure Java implementation without using third-party libraries will be very much preferable. ...
Brainstorming request I need an idea for an authentication algorithm with some unusual requirements. The algorithm would be used to verify that the sender of a message is legitimate. Restrictions: The "transport layer" is e-mail the sender ('Alice') is a human being Alice only has access to a web browser and internet access (includi...
This might seem like a basic question and back to Http protocol 101. But I am having difficulty in understanding how Basic Authentication works. I am implementing a windows service and need it to be secure. I would like to obtain the user name and password and authenticate the user to a custom user store. I also want to minimize the n...
I am basically trying to export a configuration file, once a week. While the product in question allows you to manually log in via a web client, enter some information, and get an XML file back when you submit, there's no facility for automating this. I can get away with using Python 2.5 (have used for a while) or 2.6 (unfamiliar) to d...
Using a JSP page I get username and password. How do I check this in active directory. Please give example with some code. ...
I am using OpenID authentication in conjunction with traditional register/signin authentication on a site of mine. When someone signs in for the first time using OpenID, I would like to be able to extract a username for use on the site. This is easy for some openid identifiers - eg: http://username.myopenid.com/ http://username.livejo...
How do I implement site authentication using gmail, yahoo or facebook IDs (not OpenID login)? PS: Using PHP. ...
I have an existing database I'm trying to put a cake app on top of. The old app used crypt() in Perl to hash the passwords, I need to do the same in the PHP app. Where is the correct place to make that change in a standard cakephp app? And what would such a change look like? ...