I have logged in to the site with my webbrowser and whenever I try to call WebClient myWebClient = new WebClient(); string str = myWebClient.DownloadString("http://localhost/myxml.aspx"); Response.Write(str.ToString()); Or XmlTextReader reader = new XmlTextReader(url); while (reader.Read()) { Response.Write(reader.ReadOuterXml()); ...
Hi, I am using dozens of different web services, and I keep a password file in a remote Linux machine. The file contains my usernames, passwords and answers for security question. This server happens to be offline to often, and I'm looking for a way to keep the password file on my own computer, or on a service like DropBox. Obviously, ...
Hello, I would like to add authentication to my Rails app. I came across few plugins that do this: acts_as_authenticated, restful_authentication, Authlogic...etc I haven't seen an article that describes differences, advantages and disadvantages of using each. Can you help with that? which one do you use and why? Thanks, Tam ...
I would like to make a php script that can capture a page from a website. Think *file_get_contents($url)*. However, this website requires that you fill in a username/password log-in form before you can access any page. I imagine that once logged-in, the website sends your browser an authentication cookie and with every consequent browse...
Hi, I have a small problem, how do I set a cookie for multiple domains? I do understand the security problems, and I am sure it has been done before. The reason for this is SSO. ie. account.domain.com will need to set domain logged in for: domain.com domain1.com domain2.com Is there any easy way, using PHP and cookies, or any alte...
Question for all the SSL experts out there: We have an embedded device with a little web server on it, and we can install our own SSL self-signed certificates on it. The client is written in .NET (but that doesn't matter so much). How can I authenticate the device in .NET? Is it enough to compare the fingerprint of the certificate aga...
In order to store user information from people who login with OpenId I plan on creating a user table. My problem is that this new user table will contain new fields that I want the asp.net membership users to be able to fill in too (profile data). My plan is when a user wants a username and password, they register and the information i...
I often make small websites and use the built in ASP.NET membership functionality in a SQL Server database, using the default "hashing" password storage method. I'm wondering if there's a way to authenticate a user by hashing his password on the client and not sending it in clear text over the wire without using SSL. I realize that thi...
Through the years I've come across this scenario more than once. You have a bunch of user-related data that you want to send from one application to another. The second application is expected to "trust" this "token" and use the data within it. A timestamp is included in the token to prevent a theft/re-use attack. For whatever reason (le...
Hi, first of all: this is not the same as this. The ModelBackend has no request member. I want to access the session of the current user without access to the global request object or his/her session ID. Why? I wrote my own authentication backend, extending ModelBackend. In that I have the function get_user (self, user_id), that gets ...
I have followed the basic instalation ( http://railscasts.com/episodes/67-restful-authentication ) Doing this: 1.) ruby script/generate authenticated user sessions 2.) ruby script/generate authenticated user sessions and rake db:migrate 3.) On the file application_controler.rb I have included include AuthenticatedSystem 4.) On t...
Hi all, I have a webservice with a bunch of methods that i'd like to somewhat secure. The data is not really all that confidential, but i'd still like to restrict access to only those who use a certain user id and password that's stored in the webservices web.config file. A c# windows service client will be calling this webservice once ...
I have a set of .NET applications running in a public web environment which connect to a centralized component made up of web pages and web services. Is there any way to implement a security feature to make the centralized web pages be sure of the caller applications identity? Making a post and supplying a querystring parameter stating ...
I have a web based application that allows a user to point their DNS at my IP and my app will serve up their content based on the domain name I see in the HTTP host header. I should point out this is done by the application, not by the actual HTTP server(apache), it is a rebranded app sort of thing. The problem I have is that I would l...
How would one go about creating a site that will log you into other sites and gather your data. For instance, how mint.com allows you to input all your online bank details and it gathers your data for viewing within Mint. If someone could point me in the direction with some keywords or any scripts, it would be much appreciated. ...
I am trying to use Class::DBI with Catalyst::Plugin::Authentication::Store::DBIC. The example given on CPAN does not work with Class::DBI. For example, the config is incorrect: role_class => 'DB::Role' has to be replaced by role_class => 'MyApp::Model::DB::Role' I got Authentication working using plain DBI, but I would rather use Class...
Anybody have any ideas? The situation is like this: I have a primary rails app and an auxiliary one. The auxiliary app is used to transform a web service request into a RESTful PUT to the main app. The resource the auxiliary app is attempting to add to requires authentication. Any ideas would be much appreciated! Thanks SO! ...
I have 20 stores in different locations that want to login to a punch in(Employee/Hours) application. How can I force them all 20 stores to login from the same computer/store every day? I am working with .net but other solutions maybe consider. Thanks ...
I'd like to be able to send a POST request from an Android app to App Engine and have it linked to the user's Google account. I read that you need to obtain an authentication token and send it with the POST request. Does Android provide a way to request this token? And how would GAE process it? I feel like this should be easy and I...
I'm thinking what are the best method to implement the forgot password. I come out with 2 ideas. One, when user click on forgot password, the user is required to key in the username, email and maybe date of birth or last name. Then a mail with temporary password will be sent to user email account. The user use the temporary password to l...