I have a Django-based site (not yet launched, so there are no real users) using plain django.contrib.auth, and want to store passwords as plain-text, not salted SHA-1 hashes. The question is what's the best approach to do this, hopefully, without patching (or monkey-patching) Django source code? NOTE: I perfectly know this is certainly...
I am using form authentication inmy ASP.NET 2.0 website. Today during testing i was faced major probleM. After authentication, i have default page createuser.aspx. From that page i am creating new user.It is working fine. There is logout button in which i am clearing all sessions and redirecting it in login page. All was working fine. ...
I'm having a problem with a custom Authentication Backend I've built for an Active Directory via LDAP authentication. The problem is that from the admin login page, after it properly authenticates and creates the new user in the database (or updates their info from the LDAP server), but then returns me to the admin login page indicating...
So here is the scenario: I have a MOSS 2007 box and I want my clients to be able to access a SharePoint site via the internet. I am told that I will be using an IPA and AD for authentication. However I have a DB outside of SharePoint that holds various business data and I want to use Web Services to access the data, manipulate it, and s...
I have a website,which will be frequently updated. Sometimes changes happen to User specific models and are linked to sessions. So after I update my site, I want the user to logout and log back in. So I would logout the user right then. If he logs back in, he will see the latest updates to the site.How do I do it? ...
Hi, I'm considering to add "hard" email verification to my website(s). I.e. require users visit a link with a verification key sent by email before they can post content. This will add an extra step in the registration procedure and I'm concerned that it may keep some users away. In practice how does this affect the rate of new people...
I have two pages, NonMember.aspx and Member.aspx. If a user comes to the site, they will go to NonMember.aspx as soon as they login, I want them to immediately be redirected to Member.aspx, but instead of doing this, it is staying on NonMember.aspx. The user actually has to go click on the menu item again to get to Member.aspx. The li...
Can anyone roughly explain how can i do window authentication in JSF application? From google search quite lot of example is about asp.net. ...
Does anyone have an example of calling a webservice from actionscript 3.0 with NTLM authentication in place. The adobe livedocs list NTLM authentication as supported but I can't figure out where to pass user credentials. Thanks, Peter ...
Hello All, I'm about to start a very large project of rebuilding my companies intranet. The plan is to have most of the intranet live in a CI application. I chose to use CI because i'm very familiar with all the CI methods. Some sections of the intranet are going to be wordpress blogs. For example the Human Resources Dept. and the M...
I understand that salts make the same password hash to different values. However, salts are usually stored in the database with the password. So let's say I am attacker, here is how I might use a dictionary attack against a salt (note in this example i don't write out 128 bit hashes or salts for the sake of brevity): user_pw = 'blowfi...
I'm serving "sensitive" information in downloadable PDF's and Spreadsheets within a user registration section of a site. Is there a way to allow the django authentication to secure this media without serving it (and not have to manually login using basic auth)? I'm guessing theres (fingers crossed) not a way to do it with the psuedo co...
Gravatar is linked to email address. If I enter somebody else's email - I can use his/her photo as avatar and that someone won't like it. So the obvious solution is - validate email - which some other people will not like either. The question is - is it worth setting up email validation for the purpose of making sure that stealing avat...
Hi all. Hope this is the right place to be asking this, so my apologies if it isn't. I have written a number of web applications which use Windows authentication to allow uer access. The only problem is that we have 2 domains at work, one called student.local and one called staff.local. All of the servers sit on the staff.local domain...
.NET application being tested uses <authentication mode="Forms"> so whenever an instance of WatiN.Core.IE is created the login page appears. Can successfully fill in the login form and authenticate, but wondering how to handle this for multiple tests? As soon as the IE instance is released, the next test must log in again. Does WatiN h...
I am currently developing a Silverlight 3 app that needs some sort of user authentication, because the data pulled from a WCF service is user specific. Target audience is the regular Internet - so there is no AD to authenticate against. Here are some of the questions I have concerning that situation: Is there a framework or other mech...
I've implemented OpenID on my website but I'm having a hard time finding a list of OpenID Provider URLs. I thought this would be easy to find but I've scoured the web and only found a handful, mostly by accident. Is there a resource that lists available Providers and their authentication URLs? EDIT: Here are the ones I've found so far...
I am working on site where users get a 30 minute cookie and after it expires, any calls to the server redirect to a "session expired, click here to re-login screen." Here's the wrinkle: When the user gets to the session expired page, the URL of that page is that of the page they were trying to reach. Clicking the "Login Again" link tak...
I am trying to write Watin tests for an intranet application that uses Integrated Authentication. The web page that I am trying to test prints Page.User.Identity.Name. Here is some of the code from my test: if (Win32.LogonUser(u.UserName, u.Domain, u.Password, 2 /*LOGON32_LOGON_INTERACTIVE*/, 0 /*LOGON32_PROVIDER_DEFAULT*/, out hToke...
I'm getting "Msg 18456, Level 14, State 1, Line 1 Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." from when trying to execute the code below. I've change all of the critical information, but you should get the idea. Are some of my parameter incorrect? The local sql admin username is correct and the remote username and password is...