We have several UNIX machines you can wind up with when you telnet to a certain box. The passwd files are not on a shared mount (I am not sure how safe it is to mount them anyway). The end result is that if you change your password on one box that when you login to the second box it will tell you that your password is invalid. This ma...
Basically I want to build a web app that will try windows authentication and if authentication fails then will provide the user with a login form ? I do not want to have different web apps for different authentication modes. Is this possible ? Did I missed some points about this ? ...
given 1. the initial idea, link text and 2. creating nested loops link text can I use linq here or how should I massage this to authenticate WindowsPrincipal to sql table? Thanks, -greg protected void Page_Load(object sender, EventArgs e) { string UserIdentityName = Server.HtmlEncode(User.Identity.Name); Boolean Match ...
I'm building a system that allows people to submit text and photos via email in addition to standard access on the website. I'm trying to weight the security advantages of two strategies in particular for verifying submissions from a user. Here they are as follows: To based auth: Create a secret email address per user and present thi...
I need to know how the a .net web service authenticates a request from a client that is using a certificate. I know that the client will have to attach their certificate to the service proxy before they make a request, but I dont know how to check that the correct computer is contacting us. This needs to be implemented in a shared hosti...
When a user logs in to my site, the date of the visit is stamped in the database (User table). This is handled by the (custom) membership provider. However, if the user checks the "Remember me?" option when logging in, they are (naturally) not prompted to log in on subsequent visits. As the membership provider is not employed in this sit...
Hi, I am developing an application that loads images and video into a Flash player (currently using Flash 8 to develop so this is AS2.0). We are going to host the files on Amazon S3 servers. Can anyone point out the best way to go about loading the files into Flash Player from Amazon S3. I have been using MovieClipLoader to load images ...
Does the Cyrus SASL api not support the EXTERNAL mechanism? I'm trying to use it as a client, but it returns SASL_NOMECH when asked. % cat cyrus_sal_ex.c /* cyrus_sasl_ex.c: Example of using the Cyrus SASL api */ #include <stdio.h> /* for printf() */ #include <sasl/sasl.h> /* for sasl_client_*(), SASL_*, sasl_*_t */ static char...
I've got a master page in a root folder of an asp.net application and content pages in subfolders. I'm using forms authentication and am not sure what to do, in web.config, for the master page. Does the forms authentication protect the child pages or the master page? How does it work? ...
Trying to find an Auth library for CodeIgniter 1.7.x but am not having much luck. I originally found this SO post: http://stackoverflow.com/questions/346980/what-code-igniter-authentication-library-is-best which listed several, but most were either too simple and/or were designed for CI 1.5.x I've played with FreakAuth, UserAuth, Redux,...
So recently I learned how to properly add a username and password to a database. My database is usersys, and the table storing user information is called userdb. The table has two columns - username (primary), password. The registration form works great, enters the users input into the database correctly and also checks to see whether t...
Environment: IIS 6.0, ASP.NET 3.5 I have the need to secure just one file with windows authentication and just want to ensure that I understand my options correctly. Through IIS turn off anonymous access for the file I want to secure, and make sure Integrated Windows Security is checked Put the file in its own directory and drop a we...
I have a .net 2.0 click-once application that connects to IIS web services on Windows 2003 R2 64-bits. The IIS is setup with Integrated Windows Authentication. So whenever a web service call is made to IIS web services, there is a double handshake taking place: Client Request #1 GetEmployeeList Server Response #1 <- 401 HTTP...
If a user logs into the site, and says 'remember me', we get the unique identifier for the user, encrypt this with RijndaelManaged with a keysize of 256 and place this in a httponly cookie with a set expiration of say.. 120 days, the expiration is refreshed each successful request to the server. Optionally we generate the initialization...
I want to download a page from the web, it's allowed to do when you are using a simple browser like Firefox, but when I use "file_get_contents" the server refuses and replies that it understands the command but don't allow such downloads. So what to do? I think I saw in some scripts (on Perl) a way to make your script like a real browse...
Hello, I am not sure how to phrase a good question, so I will just say what I am after! I have to retool a web application for our vendors and part of that requires restricting content on a vendor by vendor basis. Looking at ASP.NET (MVC) this seems easy enough using the built in Authorization Filters and the IPrincipal and IIdentity ...
An internal team, separate from my own, has stated that they prefer to do incoming authentication based on client certificates. Which sounds good to me, except that I haven't messed with them before and aren't quite sure where to start researching (Wikipedia went straight into a lot of detail that I'm not sure is pertinent to what I need...
I'm developing my own PHP framework, and I'm trying to do things more "by the book". I want to build login system. I have done this plenty of times, but now I just want to confirm/get some feedback on a system. I know we need... A Session Object A User Object A Login Controller What my question is, is who holds what power? Here's ...
This is a pure Google Mail question. I am accessing Google Mail via Perl's Net::SMTP::SSL module. From time to time the authentication fails not because of a bad password, but because of some additional password check. The only way to unlock it is via the web interface with an additional entry of text presented as an image. Has anyone s...
I use Eclipse daily for software development and those of you that use it know that you download plugins and updates regularly. The company I work for has Bluecoat installed, which blocks all of the updates. However, the update URLs are not blocked in Internet Explorer. With this said, the problem seems to be that Eclipse is not using Wi...