An application I'm modifying has a Web Service, and one of the web methods on that web methods is used to authenticate a user against active directory. So the current code called by the AuthenticateUser web method looks something like this: string domainAndUsername = aDomain + @"\\" + username; string ldsPath = buildLdsPath(searchBase)...
Hi, I have a web site running on IIS on my localhost. This web site has directory security set to only allow Integrated Windows Authentication. It is part of an intranet and needs to authenticate by our domain accounts. I then connect to SQL Server with Integrated Security = SSPI in the connection string. This works fine with Microsof...
I note that some sites (such as gmail) allow the user to authenticate over https and then switch to http with non-secure cookies for the main use of the site. How is it possible to have http access to a session but this still be secure? Or is it not secure and hence this is why gmail gives the option to have the entire session secured ...
When developing a web app, in my case a ASP.NET MVC app, but this question isn't platform specific, when you do you add the infrastructure for membership, roles and authentication? I've actually done it both ways.... 1. Start developing the app with membership/roles/authentication being one of the first milestones and 2. Wait until mos...
How would I connect a Adobe Flex/AIR based application to REST-style services hosted on a web site protected by integrated Windows Authentication? From my experiments, that the call is successfully made (by using the HTTPService class), the request is received successfully by the web server (in this case, I'm using ASP.NET MVC), but th...
I have a site where members login to their account (FormsAuth). I would like to set up a RESTful service that I can access using jQuery. I would like to protect these services using the same FormsAuth. How would a third-party site be able to access these services? They would need to pass in the Principal/Identity to the service, right...
Hi Guys, I'm using the Zend framework and the openid selector from http://code.google.com/p/openid-selector/ - however I find I can't login using sites like Google and Yahoo as they use direct identity based login system whereby one is just redirected to a url as opposed to entering a unique url of their own for authentication. I've che...
I'm using cakePHP and I want to add a First and Last name column to the Users table, but when I pass through the field values firstname & lastname the columns are always left null, while the default fields are populate fine. Is it possible to do this or do I need to have a second table to store these values? Update code: Registration ...
Hello, wondering if someone has code or plugin for enabling password reset with Restful Authentication? I came across the following tutorial, but looking for either confirmation or alternatives: http://railsforum.com/viewtopic.php?pid=74245#p74245 Thank you. ...
I have an MVC controller base class on which I applied the Authorize attribute since I want almost all of the controllers (and their actions along) to be authorized. However I need to have a controller and an action of another controller unauthorized. I wanted to be able to decorate them with the [Authorize(false)] or something but thi...
In my web application, I have used the asp Login control to facilitate the login process. I have noticed that if I open the site in a browser and log in, and then open another browser and go to the site, then the second browser shows that I am already logged in, even though I didn't log in using that browser. I have noticed that some ...
I have an issue with my Rails application and the browser's cache: When a user logs out of the authenticated section of the site, they are still able to use the back button on the browser to see the authenticated page. I do not want to allow this. How can I expire the cache and force it to reload. Thank you ...
I have a basic authentication process that uses Zend_Auth_Adapter_DbTable. I have login and logout actions on my Authentication Controller. Now I want to create a function to reset forgotten passwords by automatically generating a password, saving the new password, and sending them an email with the newly generated password. What would ...
We're beginning to design a whole bunch of new services to create (WCF, ADO.NET Data Services, possibly in the cloud at some point) and one question that pops up is what authentication and authorization scheme to use - there are quite a few! We basically need to be able to identify users (actual people, and "virtual" application/servic...
Our workstations are not members of the domain our SQL Server is on. (They're not actually on a domain at all - don't ask). When we use SSMS or anything to connect to the SQL Server, we use RUNAS /NETONLY with DOMAIN\user. Then we type in the password and it launches the program. (RUNAS /NETONLY does not allow you to include the pass...
I can get the username by doing this: public function indexAction() { $this->view->username = Zend_Auth::getInstance()->getIdentity(); } "username" is the column in the table that validates the identity. "firstname" is also a column in that table. Does Zend_Auth only store the username? Or is there a way to access other columns fr...
Based on this article, it seems like SO is using Javascript OpenID Selector (JOIS) to handle OpenID logins in its "view". I love the simple interface and I would like to use it in a Rails project. I know that RPX would probably be the easier choice, but I'd like to build this on my own. Can you help me find answers to a few question...
I am seeking examples of how others have modified LDAP schemas to support Cardspace and/or OpenID. Links to LDIFs or other documentation is greatly appreciated. ...
I have a web application using the .Net 2.0 framework. The whole website is restricted to authenticated users using Windows authentication. These rules are set in the web.config file the following way : <location path="/"> <system.web> <authorization> <allow roles="CustomerAdministrator, Manager"/> <d...
I am trying to use the isAuthorized() method to do a check for an admin flag, but the function never seems to be called. Even when I set the function to always return false, it allows any user. It just seems like it isn't being called. Do I need to do something more than setting $this->Auth->authorize = 'controller' ? from /app/app_con...