I am creating a silver light application using Navigation app template. It is for internal use and hence uses windows authenticatoin. There is a dashboard page which shows couple of records filtered by logged in users id. To get the user id (which is an int) I call a web service by overriding the GetAuthenticatedUser and pass the usernam...
My ASP.NET 2.0 app creates a HTTPWebRequest to a site within a company's intranet, which uses NTLM authentication. The credentials passed are for a service account, which is authenticated on the domain successfully (the security log confirms this) Some abbreviated code follows.. HttpWebRequest req = WebRequest.Create(queryUrl) as HttpW...
According to the cakebook section on the Auth component, I can implement simple authentication by using the following Users controller: class UsersController extends AppController { var $name = 'Users'; var $components = array('Auth'); // Not necessary if declared in your app controller /** * The AuthComponent pr...
Hi everyone ! Almost everything is in the title : Here's what I'd like to do : A nice html page with a php authentication process (http first then http**s** & so on) Launch a flex app which knows (I don't know how (this is the actual question !)) the user has already been authenticated and display his/her stuff he/she has to do for ...
Is there anyway to pass a customer session to the admin side and vice versa? For example... what if I want to unify some customer and admin accounts (for some very special users =) Usecase: Redirect a user from the customer dashboard to the admin dashboard via a link. Assume username and password are already synced. I've been experimen...
I am doing an ASP.NET website for a client, who wants to make their reports page available via IFRAME on other "reseller" websites. The reseller websites are providing the same service with different branding. I need to avoid, where I can, requiring them to implement any code on their webserver to enable this - hence using iframes. A us...
In Windows, the GINA module can be extended to support different ways of authentication. For example, you can already see a support for Fingerprints, Smart Cards, or even Face Recognition (like what Lenovo did with their laptops). What I am trying to achieve is not something as complex as those methods. All what I want is to be able to p...
I've already separated the authentication bit out of my controllers, but I'm still forced to assign permissions and roles in my controller actions and service classes. Lets say that a user is creating a blog entry or something like that and the system will assign the user a permission giving him the right to do what ever he (or she) wa...
Is there a way to get the logged in user from a vb.net web application? IE, if someone logged in as "foo"/"bar" on their local machine accesses the site, I need code to get me "foo"/"bar". This is for a passthrough on our intranet, where everyone uses the same Active Directory. Essentially, I need to harvest the username of the logge...
In the authentication control I have the following line to mark a user as authenticated in the system (after checking out the password): FormsAuth.SignIn(userName, rememberMe); and if I redirect, which is the standard behvaior, everything is ok. But if I show a view right away, the usual ways to check whether a user is authenticated: ...
User should be redirected to the Login page after registration and after logout. In both cases there must be a message displayed indicating relevant messages. Using the django.contrib.auth.views.login how do I send these {{ info }} messages. A possible option would be to copy the auth.views to new registration module and include all es...
I am writing an account management controller and have to process deleting of own user's account separately: [Authorize] [AcceptVerbs(HttpVerbs.Post)] public ActionResult Delete(string userName, string confirmButton) { MembershipService.DeleteUser(userName); if (User.Identity.Name.Equals(userName, StringComparison.Invar...
I'm having a tough time trying to find clear and concise examples of how one would implement a service-based authentication scheme using tokens. As far as I can tell, the basic steps are as follows: Client requests username/password from user Client passes username/password to identity provider Provider checks username/password and se...
The HTTP spec states: 10.4.2 401 Unauthorized The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. If the only login scheme I support is OpenID (or CAS, or OAuth tokens, &c.), what should I put in this...
In our ASP.NET MVC application, we automatically redirect users to a log-on page via the <authentication> section of <system.web> when they attempt to access an authorized-only page. The problem is that one action in the middle of the application, designed to be used by a tool, needs to return a straight-up HTTP 401 response on bad acce...
I have an idea of how they would do this but it seems very hacky way about going about it. The problem I see from this is that youtube needs to grab gmail or google cookies. The way I would do this would be to open another frame from the gmail domain that reads the gmail cookies and forwards this information to a youtube url. This yout...
Hi all, I am using form based authentication with tomcat. In a certain point in my site I allow the user to decide whether they want to add a role to their account. i.e. a user can decide to be an administrator as well. This request results in a new database entry. Now, in the site I show or hide certain links depending to what roles t...
I'm building a website and I'd like to avoid using asp.net membership. I want to consider some alternatives before I decide to write this code from scratch. Are there any open source projects that tackle the authentication problem? note: I need user/pass auth (can't use Open Id). ...
I am using DotNetOpenId and Asp.NET MVC. I have the following problem: When using IE not problem I can login and when I check the Page.User.Identity.IsAuthenticated I get true. If I test this in Safari for Windows the Page.User.Identity.IsAuthenticated is false. If I use Safari in Mac I can Login without a problem. Any Idea? What Other...
I think the answer is an admin login and then check if the user has an admin flag, but I also thought of some other related questions. Is it better to have an admin flag (attr_protected) in the same user table as non admins? or should i have an admin users table? Should I create a separate rails application for the admin users? This mi...