authentication

Kerberos and T125 protocol

Why does Kerberos authentication use T125 protocol? I believe Kerberos authentication behaves this way: Client asks for a ticket to the Kerberos authority The Kerberos authority provides a Ticket to the client The Client tries to authenticate towards a Server and sends to the server this Ticket. The Server verifies the Ticket is OK wit...

Displaying the current authenticated Sharepoint user from an asp.net Page Viewer Web Part

I am creating a standalone asp.net page that needs to be embedded into a sharepoint site using the Page Viewer Web Part. The asp.net page is published to the same server on a different port, giving me the URL to embed. The requirement is that after a user is authenticated using Sharepoint authentication, they navigate to a page contain...

IIS 6.0 Is Stubbornly Remembering Authentication Settings

I have an .asmx in a folder in my application and I keep getting a 401 trying to access it. I have double and triple checked the setting including the directory security settings. It allows anonymous. I turned off Windows Authentication. If I delete the application and the folder its in, then redeploy it under the same application na...

How do I read/write as the authenticated user with Apache/WebDAV?

I've set up DAV in apache2, which works great. The thing is, all read/write operations are done with the apache user's credentials. Instead I want to use the HTTP authenticated user's credentials. If I authenticate as "john", all read and write operations should use the system user john's credentials (from /etc/passwd). suEXEC seems...

Best way to deal with session timeout in web apps?

I am currently building an internal web application used in a factory/warehouse type location. The users will be sharing a single PC between several people, so we need to have a fairly short session timeout to stop people wandering off and leaving the application logged in where someone else can come to the PC and do something under the ...

cURL equivalent in JAVA

I am tasked with writing an authentication component for an open source JAVA app. We have an in-house authentication widget that uses https. I have some example php code that accesses the widget which uses cURL to handle the transfer. My question is whether or not there is a port of cURL to JAVA, or better yet, what base package wil...

How to authenticate in a Facebook Flash application?

I do not understand how I can authenticate a user in a Facebook Flash application. I have read from the documentation that Facebook platform gives arguments, such as user id and session secret, to the Flash application, but how can I inside the Flash application make sure that these arguments are correct and not fake? Should I make some ...

ASP MVC Preview 5 and IIS 6 Windows Authentication

I've just built a basic ASP MVC web site for deployment on our intranet. It expects users to be on the same domain as the IIS box and if you're not an authenticated Windows User, you should not get access. I've just deployed this to IIS6 running on Server 2003 R2 SP2. The web app is configured with it's own pool with it's own pool user ...

Passing apache2 digest authentication information to a wsgi script run by mod_wsgi

I've got the directive <VirtualHost *> <Location /> AuthType Digest AuthName "global" AuthDigestDomain / AuthUserFile /root/apache_users <Limit GET> Require valid-user </Limit> </Location> WSGIScriptAlias / /some/script.wsgi WSGIDaemonProcess mywsgi user=someuse...

gss_acquire_cred returning Key table entry not found error

I have been trying to follow the guidelines in this Microsoft article to authenticate against Apache with Kerberos and AD. I have successfully tested the communication between the apache server and the AD server with kinit. However when I attempt to access a restricted page on the server with IE I get an Internal server error and the fo...

Is there a standard way to authenticate applications to your web API?

I'm looking at building a simple web app that will expose an API that lets third-party (well, written by me, but that's not the point) apps query for and modify user-specific data stored on the site. Obviously I don't want to allow apps to be able to get user-specific information without that users consent. I would want some kind of app...

Configure db used for ASP.Net Authentication

I want to use forms authentication in my asp.net mvc site. Can I use an already existing sql db (on a remote server) for it? How do I configure the site to use this db for authentication? Which tables do I need/are used for authentication? ...

.NET Windows Integrated Authentication

I'm looking for the best/easiest way to add extensions to an existing protocol (can't change the actual protocol easily) to allow the user to do windows authentication (NTLM?) in .NET. I looked at the AuthenticationManager class already but it requires that I use Web(Http)Request which isn't an option. NegotiateStream is an option either...

Authenticating against active directory using python + ldap

How do I authenticate against AD using Python + LDAP. I'm currently using the python-ldap library and all it is producing is tears. I can't even bind to perform a simple query: import sys import ldap Server = "ldap://my-ldap-server" DN, Secret, un = sys.argv[1:4] Base = "dc=mydomain,dc=co,dc=uk" Scope = ldap.SCOPE_SUBTREE Filter = "...

What is the best way to set-up authentication in a tomcat webapp?

I have a self built JSP webapp and at the moment I'm using tomcats built in admin pannel to manage user accounts (that are stored in tomcats config xml files) but this is limited because i can not create new accounts from within the web-app (eg. I can not have a sign up website) and need to manually create the accounts. What is the mos...

Return "correct" error code, or protect privacy?

OK, probably best to give an example here of what I mean. Imagine a web based forum system, where the user authentication is done by some external method, which the system is aware of. Now, say for example, a user enters the URL for a thread that they do not have access to. For this should I return a 403 (Forbidden), letting the user k...

HTTP Authentication in .NET

Is it possible to create a .NET equivalent to the following code? <?php if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); echo 'Text to send if user hits Cancel button'; exit; } else { echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; ...

Using "Remember Me" functionality for authentication in .NET 2.0

My client wants me to enable a "Remember Me" checkbox when the user logs in. I am encrypting and storing both the username and password in a cookie. However, you cannot write to a textbox when it's in password mode. I've seen this done numerous times, so how are they doing it? thanks in advance! ...

How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism?

I'm used to doing basic password protection for Apache w/ the following method in Apache config files: AuthType Basic AuthName "By Invitation Only" AuthUserFile /path/to/.htpasswd Require valid-user However, I've been asked to put some protection on a subdirectory of a site running ColdFusion on top of IIS6, and I'm unfamil...

New site creation and security/authentication,- should I use ASP.net Membership Provider?

There seem to many ways to skin this particular cat - but which is the best and easiest to implement. It would seem that the ASP.net Membership Provider is the one that will save more time, so my questions are: What are the pros/cons of Membership? How do you integrate the auto generated user db with your own custom made db? e.g custo...