Through acquisition we have a number of products that require authentication and authorisation. The products include web sites and client side applications, the client side applications use some web services. We are a .Net shop and servers will be running Server 2008, clients will be running XP SP?? and later. Users of the products are ...
Does anyone know how exactly NTLM authentication works in WCF/basicHttp? I wonder if user credentials are passed for every single service method call, or if some kind of security token is being used for subsequent service method calls. The exact binding configuration that I am using: <bindings> <basicHttpBinding> <binding name="w...
Hello, Q1 - I’m not sure I understand why we should prefer to use PrincipalPermission.Union() ( or PrincipalPermission.Intersect() ) instead of IsInRole()? If anything, calling IsInRole() several times requires less code than creating multiple PrincipalPermission objects and merging them into one via Union() ( or Intersect() )? Q2...
Hello, I assume MembershipUser object and object implementing IPrincipal interface are “connected” in a sense that when certain information in one of the objects changes, the other object is also changed appropriately? thanx for helping ...
Hello, URL authorization only applies to Asp.Net related file types?1 But why couldn’t it also be applied to non-Asp.Net file types? Thanx ...
I have a login page that works in my local development environment. When I push the site onto the web server, i am getting this error when trying to login from the asp.net login control. An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact th...
Hi, While I have been able to customize the JasperServer to use existing iBatis/Struts infrastructure and integrate authentication using existing app, there is one thorn. How can I change the code called by modified login page to accept another field? Say I want user to enter Domain in addition to username and password. And use the t...
Is there a good way to do secret key authentication for http queries from a salesforce app to my own web server? In other words, I'd like to give each company that installs our application their own secret key. Then each http call the app makes to our server (whether json or just a link to a hosted iframe) would look something like this:...
Hello, According to my book, if role management is enabled, then RoleManagerModule creates the security context of the user by assigning RolePrincipal object to the HttpRequest.User. But isn’t security context already created ( thus principal object being assigned to HttpContext.User ) by FormsAuthenticationModule, which is called pr...
Hi, My goal is to write a cookie when the user authenticates. We are using a crappy framework that hides its source code and event model so when I use their login control I can't set a session timeout on it! Anyhow, I am trying to write a cookie when the user is logged in, and then refresh the cookie expire time on subsequent page vie...
Besides what it comes with in 2.0 (the generated aspnetdb.mdf), is there a standard login authorization authentication system for asp.net Internet websites? One that can plug into a website. ...
I need help figuring out why my authentication ticket is expiring after about an hour on my hosted website. But if I run the site locally the authentication ticket stays alive for the correct amount of time. This is my localhost web.config: <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="20160" slidingExpir...
I'm trying to get hold of Django. I use Pydev on Eclipse. I have written a simple signup page that I can't get to work. Eclipse complains that User.DoesNotExist is undefined. Most likely, I am missing something trivial. Here's the relevant portion of the code: from django.contrib.auth.models import User ... class SignUpForm (forms.Form)...
Hi, I have two servers, One is application server which has webservice and other server is a DB server,which has SQL server 2005 DB. Webservice is a vb.net app and all the input files will be on app server. When my application calls(through webservice) DB server to execute BULK insert statement with UNC path(of app server) using Windows...
Session.Abandon() doesn't seem to do anything. You would expect the Session_end event to fire when Session.Abandon() is called. ...
I'm building a web application using Stripes and Spring. It needs to have a login/authentication feature. Right now I store user information separate from user credentials in the database. My User model does not contain the credentials as I don't want to be passing around valuable passwords. Spring manages all of my DAO's. Now, I ...
Previously I had posted a program and asked about handling cookies in Javascript. I had posted one code and u can find it in my other question. Many gave good answers and I aslo tried their solutions. But since I am new to this html and javascript may be I dont know how to find bugs and debug it. So can anybody please post their solutio...
Can some body please tell me the way to access the google service such as the user feed items in google reader through the web application using username and password. I do not want the user to authenticate. I want the solution in ASP.net. There is already a solution avaible in Python at http://dalelane.co.uk/blog/?p=303 But I do not ...
I've implemented twitter authentication in my rails app, on my local dev box. However I'm not able to get the application to log off. Isn't it enough to clear these two cookies? remember-token and -twitterauth-session? ...
I wrote a small internal web app using (a subset of) pylons. As it turns out, I now need to allow a user to access it from the web. This is not an application that was written to be web facing, and it has a bunch of gaping security holes. What is the simplest way I can make sure this site is securely available to that user, but no one e...