Hi, I am trying to figure out how to handle authentication and data for client applications who will connect to eachother. In other words, each client app would authenticate to.. and use a central service to find out info about the other client so that they can connect directly. Specifically, what should I deploy to accomplish this and...
HiI want to create a WCF service that have login method, which is authenticating and giving user roles, and depending to that roles, allow or disallow user to call other service methods. Which is the best way to do that? Is there WCF standart mechanism to achieve this?Thanks a lot! ...
I'm writing a simple iphone application that brings a particular website experience onto the rich world of the iphone. The website currently doesn't talk to any clients other than browsers, so it doesn't have an API. I'm trying to design an API for consumption by my iphone app as well as other rich clients. With REST and Xml/Json form...
I am trying to set up the following: auth.domain.com sub1.domain.com sub2.domain.com where if the user visits sub1.domain.com or sub2.domain.com and they are not logged in, they get pushed over to auth.domain.com and can log in. sub1.domain.com and sub2.domain.com are two separate applications but use the same credentials. I tried se...
Hi, I'm looking for a protocol to secure a connection between a mobile device and a web service. I want to ensure that only the mobile device can perform actions on the web service and vice versa. Data doesn't need to be encrypted. I know Oauth, but it seems that it's more used to secure connections when you got 3 different entities (...
I'm writing a program which has both an ASP.NET configuration system and a Silverlight application. Most users will remain on the Silverlight page and not visit the ASP.NET site except for logging in, etc. The problem is, I need the session to remain active for authentication purposes, but the session will timeout even if the user is u...
Applications send out emails to verify user accounts or reset a password. I believe the following is the way it should be and I am asking for references and implementations. If an application has to send out a link in an email to verify the user's address, according to my view, the link and the application's processing of the link shoul...
Hi, I want to store some data like the user nickname and user ID (table primary key) in the user data section of the auth cookie. The reason I'm doing this is to retain this data when the browser is closed, without having the user relogin. Edit: Whoops! Realized I'd not explained myself well. I am not trying to reauthenticate a user b...
I'm looking for a good PHP login class via MySQL, and I'm not yet completely satisfied with anything I've found. This prior SO question doesn't really address my needs, as I'd prefer to stay away from PEAR and CodeIgniter, and just have a simple and small PHP class to do the job. There's a TalkPHP forum that has several to choose from, ...
Hi, I am relatively new to the WCF world so my applogies for the newbie question. I am currently designing a layer of WCF services. One of them is an authentication service, so I came up with the following authentication mechanism: IUserService.TryAuthenticateUser(string username, string password, out string key) Basicly the user tri...
I have always enabled integrated security on my web apps inside IIS with the assumption that the passwords that are requested on the client end will always be transmitted securely (encrypted) to my authentication server (AD/LSA). Am I correct on my assumption? The reason I have always assumed this is 'coz I always think of them as being ...
So I'm building my first ever website with user accounts. What data should I store to the cookie so the user can prove that they are in fact that user? Right now when the user logs in I save the user ID, the username, a randomly generated session ID and the hashed and salted password for future authentication. I'm not sure if I should be...
sn -k TestKey.snk is giving me "Failed to create TestKey.snk -- Access is denied." What kind of rights do I need? ...
i have designed an application which validates users against online database and then allow users to work, after authentication it shows desktop, it loads on startup. i would like to start my login application at windows start up, i have added my login application path to registry it is started well with windows. but it has one issue fi...
If i'm not authorized on a controller action, i am getting a blank page and no error message? I'd like to display a message of some sort, Here's my setup: class MyAuth : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { if (!httpContext.User.Identity.IsAuthenticated) re...
I'm using Struts2 and Java to create an iFrame Facebook-application utilizing the Facebook-Java-Api in version 2.1.0. Unfortunately, and not surprisingly, I have encountered some issues regarding the authentication. Every request to the application is intercepted by a filter. My plan is to take care of the authentication part in the fil...
What's the best way to handle an expired password in an ASP.NET MVC application? Let me explain - ASP.NET MVC is obviously set up (both in the barebones app the NerdDinner example) to handle the following scenarios: Register new users Allow them to change their password Log in using a valid account/password What it doesn't have is a...
Project Background: I am setting up a small farm where the Intranet is its own application. Following the Least Priveleged Account setup principle, I have Domain User accounts created for each process/app. pool. The service authentication works great over Kerberos. One of the projects needs to have another web application (separate from...
Hi, I am putting my old flash site into GAE. I want to use Google's user authentication too. Now, I want to put Googles login box inside the flash instead of redirecting to Google's login page. Same thing I want for forgot password. Is it possible to do this? How to do this? ...
I'm trying to get a Ruby script to download a file off a server, but I'm getting a 401.2 from IIS: You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. I've ch...