My question is this: With a web application, after performing a login authentication for a protected resource, how can I run some sort of function (in this case, I want to run a function to initialize some user-dependent session-scope variables) BEFORE the web-app redirects to the protected resource. I am programming a web application ...
After posting this a while back, I decided to create my own Registration / Authentication capability in PHP. I'd love anyone to point out the flaws / opportunities for improvement, particularly around what's stored in the session... The logical flow is: 1 - User Registers using email as username, a "site name" which then forms part of...
I'm working on my first application using ASP.Net with web services and I'm having an authentication issue. At least I think that's the issue. When I run the application locally in debug mode it works fine. It even works when I run it out of debug mode (through IIS) in IE 7. But when I have a coworker run it (from my IIS) on their box, ...
How to authenticate local windows user account in C# 3.0. Windows OS on which i have to validate the password is Vista and Win2K8. Note: User account is a local account and not an domain account. I found a solution in C# 3.5(PrincipalContext class), but could not find in 3.0 framework. Please suggest, thanks ...
I am using jQuery to call web service (*.asmx) methods. The web service uses FormsAuthentication to determine whether the calling user is authenticated. I am unable to return a redirect status code from the web method, e.g. [WebMethod(EnableSession=true)] public Dictionary<string, object> GetArchivedFiles(int pageSize, int page) { i...
How do you login to a webpage and retrieve its content in C#? ...
My company is developing an online HR and Payroll application where securing access is critical. I'm clear on how to lock down most of the authentication/authorization processes, except for the 'Forgotten Password' page. My initial plan was to require the user to enter both an e-mail address and a response to a previously selected/ente...
Our system consists of a self-hosted (non-IIS) WCF service and an Asp.net website which hosts a Silverlight application. The application is supposed to do pretty much everything, the website is just a "shell" in this case. We have a hard time figuring out how to solve user authentication securely. To my knowledge, Silverlight can not h...
I'm using CakePHP 1.2 with Auth and ACL components. In my user register action, the password is coming in unhashed. Specifically, this expression: if ($this->data['User']['password'] != $this->Auth->password($this->data['User']['confirm_password'])) This is evaluating to true, even when I submit identical values for password and...
My company is building an ASP.NET HR application and we have decided to create one database per client. This ensures that clients cannot accidentally view another client's data, while also allowing for easy scalability (among other benefits, already discussed here). My question is - what is the best way to handle security and data acce...
Here's how my university handles authentication: we redirect the user to a website, they enter in their username and password, then they get redirected back to us with the username and a login key passed in the query string. When we get the user back, we call a stored procedure in the university's database that takes the username, logi...
I'm thinking about serving user-specific static content from S3 - the user needs to be authenticated in order to access his static content. So if user A has content c1, c2 and use B has c3, c4, only A should be able to access c1, c2 . What's a good way to accomplish this? Is there a way to perform per-user / per file authentication in S...
I'm doing a custom authentication method that uses a light session object to hold a user's authorization details. Now I want each page (mainly child pages of masters) to be able to tell whether a user should have access to the page. Should I create a page class and derive the child pages from that? What's the best way for the applicat...
Currently applications are deployed only to my office of 40 employees or so. ClickOnce works great for this as everyone has network access or VPN access which makes updating pretty straightforward. Now, it has been tasked to me to figure out the best way to deploy these applications to res of the company. ClickOnce would work but the ...
I'm pretty new to the ASP.NET world so I'm having a little trouble coming up with the best way to configure a connection string at runtime and have the entire application use that connection string. Here is a little more info on the application that I plan to build: Application uses Forms authentication, not Windows authentication The...
I'm starting on a project to allow an existing web application to use active directory for authentication but leaving authorization within the application. I want to start off simple so I was thinking a user would type their AD username/password into my existing login form, I would then do an ldap bind against the AD server to authentica...
During the setup of windows service I get the error: error 1001 no mapping between account and security windows service We use a custom user account for the server. (administrator account) ...
I'm playing around, trying to write some code to use the http://tr.im APIs (http://tr.im/api/) to shorten a URL. After reading http://docs.python.org/library/urllib2.html, I tried: TRIM_API_URL = 'http://api.tr.im/api' auth_handler = urllib2.HTTPBasicAuthHandler() auth_handler.add_password(realm='tr.im', ...
I'm trying to add "remember me" functionality to a website using a cookie with the user's username and a token, which is also stored encrypted in a database. My question is how long should this token be? One website I read said 128bit, which in my thinking is 16 characters. I'm not too worried about duplicates as even 16 characters from ...
The Asp.net AJAX authentication service provides Login and Logout methods. I can configure a membership provider and a client side call to Login will call my server side ValidateUser defined in the membership provider. All good so far. However, the Logout method issues a call to the built-in service's Logout method which basically set t...