As part of an API I am building, there is a user authentication method which upon success, returns a payload of useful user information, API token, etc. In writing functional tests for the controller that handles this, I am running in to an issue testing HTTP Basic auth; I have found numerous blogs that mention the following code should...
Hi folks -- I have a client running an ASP.NET application. Inside of that, there's a self-contained PHP wiki. The problem is that the wiki won't use the .NET authentication, so requests directly to http://foobar/path/wiki/ will resolve without forcing a login. My simple solution for this is to run the PHP application in an iFrame fro...
Hi, I am looking for a website that requires HTTP authentication, so I can observe the behaviour of typical HTTP authentication dialog boxes. The reason I am looking into this, is that for some reason, on Firefox 3, our Flex app seems to open another HTTP authentication dialog box again, after cancel is clicked. It only seems to happen i...
I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex. I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication. channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login(). What I ...
I need to consume a rest web service with java, passing the credentials of a domain user account. right now I'm doing it with classic asp set xmlHttp = server.createObject( "msxml2.serverxmlhttp" ) xmlHttp.open method, url, false, domain request.Credentials = new NetworkCredential(user, password, domain); request.Method = WebReques...
Currently I have a graphical application that has two levels of access, operator and administrator. The login and authentication is all homebrewed and I'd like to switch the application to use PAM instead. I'm not sure what the right way to do that is. Correct me if I'm wrong, but it seems that PAM boils down to a "yes" or "no" check--y...
1) Make sure you're logged out of facebook 2) Go to http://apps.facebook.com/marketplace/ 3) Click one of the Items for Sale categories 4) Login at the top 5) You'll get back to a malformed URL / improper redirect This is happening to my facebook app as well. Does anyone know a workaround for this? Thanks ...
Has anybody tried out simpleloginsecure authentication library for codeigniter? I like that it has such a small footprint. Also it uses phpass for hashing which is supposed to be good. I am concerned that it does not store session data in the database (i.e. $config['sess_use_database'] = FALSE;). I guess I could add custom functional...
Ok now I am confused. I have been getting advice from SO users on libraries to use with codeigniter for authentication. I have explored dx_auth and simpleloginsecure (I think I will use the latter due to its supposed secure hashing and small footprint). BUT, what about hashing the password on the client side? I haven't seen any mentio...
I am working on a project that requires user login/registration. I'd like to avoid setting up private SSL since I am using a shared hosting provider and would like to host multiple domains off of the same plan (but since a private SSL certificate requires a dedicated ip, I can only have 1 certificate per plan...but would still like to s...
I am creating an activation form for newly-created users in ASP.NET's membership system. When the user is created I send an email with a link to an activation page. However, before the user is activated, I want to verify their user name and password, so I have them enter their credentials into text boxes. However, based on what I've r...
I asked this as part of another question but feel like it should have its own: With a shared hosting plan, is there any way to secure multiple domains (assuming the host allows multiple domains under a single plan) with a single SSL certificate? I know that private SSL certificates require a dedicated IP but I am looking for work-aroun...
Hi all, I have configured a Spring bean as follows to return a SecurityContext: <bean id="securityContext" class="org.springframework.security.context.SecurityContextHolder" factory-method="getContext"> </bean> When I use this bean the Authentication object returns null. Authentication authentication = securityContext.getAuthen...
I've set up a JDBC Realm in my META-INF/Context.xml as shown below, and that works. The trouble is the JDBC driver now have to be placed under $CATALINA_HOME/lib/ Is there any way I can get that realm to load the jdbc driver from elsewhere, such as WEB-INF/lib/ in my webapp ? META-INF/Context.xml <?xml version="1.0" encoding="UTF-8"?>...
I have an ASP.NET web application I built for a client that uses default the ASP.NET forms authentication. They are now requesting a desktop (WinForms) app that works "with" the web application. I have created the webservices to access the data they want from the web app and put it into the desktop app. That works great.. but there needs...
In many applications when you make a mistake in either your user name or password you get a non-specific error indicating that either the user name entered does not exist or the password is incorrect for that user name. I (naively) would expect the application to specify which one of the two errors happened. Is there any reason for not...
Any one know how to go back to the "last page" after a user is presented the login screen and chooses to create a new account? Basically the sequence is this: User tries to get to protected content Redirected to login page If he logs in he is redirected to original page If he chooses "create new account" and fills it out, he is redire...
Hi, when using the Flex mx.rpc.http.HTTPService object to send a request that requires authentication I'm setting the headers to do authentication (which works fine..) but, in the case where the wrong authentication details are sent, an operating system level popup is being seen. Apparently on the URLRequest object there is a property...
Thanks for your reply but no luck with that code..I am sending you complete config files related to service and application ....Give me any valuable suggession. Service web.config ...
My company has a web application hosted on a client's machine that uses forms authentication in ASP.net. When visiting the website http://www.client.com/Application and trying to authenticate on the login page the user gets redirected back to the login page. When accessing it via http://localhost/Application the authentication works fi...