Today I implemented a session/token authentication system for my web api (http get/post rpc style), following this plan: legend: action (param1, param2) : returnvalue1, returnvalue2 login (username, password) : sessionkey, token requestA (sessionkey, token, paramA) : token requestB (sessionkey, token, paramB) : token logout (sessionke...
Hello, Q1 -IIS7 by default automatically registers FormsAuthenticationModule ( which is defined in root web.config file ), but does the term “Http module being integrated into IIS 7 processing pipeline refers” only to cases where this registered module is also configured to work with non-Asp.Net applications? In my opinion if modul...
Hello, FormsAuthenticationModule is used for tracking user and role information using encrypted cookie. But does this module also contain code that actually detects whether user requesting web page has forms authentication ticket and if not, redirects user to login page, or is it actually UrlAuthorizationModule that tells FormsAuthe...
Hi, i'm a little confused while trying to find out how ActiveDirectory and ASP.NET Membership work... I've created a new MVC project and removed the AccountController / Views. I've changed the Web.Config so that it uses ActiveDirectory and automatically authenticates users based on their current Windows login: Web.Config <authenticati...
Very simple question actually: I currently have IIS anonymous access disabled, users are automatically logged on using their Windows login. However calling User.IsInRole("Role name") returns false. I double-checked User.Identity.Name() and the "Role name" and it should return true. I currently have this in my Web.Config: UPDATE I was ...
I have a remote MSQL instance that I want to use with biztalk. My machine running biztalk cannot join the same domain as the MSSQL instance, nor can we create a trust relationship between the two windows domains. Is there a way to configure biztalk to authenticate? Username/password (like any other DB would use) would be perfectly fin...
I have set up an ADAM instance and added some test users. From c# I can bind to ADAM using a windows account but I cannot bind using one of the ADAM users. (I can successfully bind the adam users in ldp) & I have made sure the users are enabled by setting msDS-UserAccountDisabled attribute to false. When I bind with my windows account I...
How do I secure http files in Glassfish on Linux so before someone can see it they have to enter password. I know it is possible in Apache Server. ...
We have started building an asp.net mvc application. Application will consist with one main database with users, projects, common tables etc... and many databases (all with the same structure) with a data relevant to a particular project. Use can have some global roles (stored in a main database) and some project specific roles (stored i...
In building a content management system that incorporates jquery ajax into it's GUI I have come across a hurdle. It seems that some customers spend too long thinking about what they are going to write and therefore the server session logs them out, naturally being the web they have no idea about this. When they attempt to submit the chan...
I was wondering if protecting a web directory with an .htaccess file (with the .htpasswd file outside the public apache webroot) is a secure way to protect a directory (and its contents). Could someone explain the Do's and Don'ts of this kind of protection? ...
Hello! I'm developing an ASP.NET app (c#) that need to authenticate users. To do that I have a SQL Server database with the users of this application. Which is the best way to do that? I've been reading this: http://msdn.microsoft.com/en-us/library/xdt4thhy.aspx In the example I will to replace this code: <script runat="server"> ...
I am trying to read a spreadsheet from app engine using text_db and authsub. I read http://code.google.com/appengine/articles/gdata.html and got it to work. Then I read http://code.google.com/p/gdata-python-client/wiki/AuthSubWithTextDB and I tried to merge the two in the file below (step4.py) but when I run it locally I get: Traceback...
Hello, According to my book, if role management is enabled, then RoleManagerModule creates the security context of the user by assigning RolePrincipal object to the HttpRequest.User. But isn’t security context already created ( thus principal object being assigned to HttpContext.User ) by FormsAuthenticationModule, which is called pr...
Do you know of any open source fileupload servlets that are integrated with the ICAP protocol? I believe it is important to virus scan user uploaded files prior to writing to disk and would like to leverage this method. ...
Hello, Q1 - To my understanding FormsAuthenticationModule is subscribed to AuthenticateReuqest event, and thus only after this event is fired, is FormsAuthenticationModule called. But the following quotes got me a bit confused: A) The AuthenticateRequest event signals that the configured authentication mechanism has authenticat...
Hello, Q1 FormsAuthentication.CookieDomain property specifies the domain for which this cookie is valid. Overriding this property is useful if you want to enable the cookie to be used for more applications on your web server A) I assume the quote is suggesting that if same browser is used to log onto two web applications, then...
I am using basic level authentication and I need best logout code in JSP/Servlet. I am using JSP & servlet and MS-Access as backend. Is it required to create session in JSP? ...
Is it best to check for a null User when trying to access UserID or should I assign an anonymous account? Or other? ...
Hi, I'm trying to create a custom authentication plugin for WMS 2009 in C#. I managed to implement something that for some reason blocks all requests... [ComVisible(true)] [Guid("C0A0B38C-C4FE-43B5-BE9E-C100A83BBCEE")] public class AuthenticationPlugin : IWMSBasicPlugin, IWMSAuthenticationPlugin, IWMSAuthenticationContext private ...