hello, I'm trying to integrate Spring Security in my web application. It seems pretty easy to do as long as you integrate the whole process of authentication and authorization. However, both authentication and authorization seem so coupled that it's being very time-consuming for me to understand how I could split these processes, and...
I have a WCF service configured to use custom UserName validation via the overriden Validate() method of the System.IdentityModel.Selectors.UserNamePasswordValidator class. All methods of the contract have been decorated with the FaultContractAttribute to specify a custom SOAP fault as being returnable. When throwing FaultException<T>,...
I have a VPN in my office. One machine has windows server 2003 installed. I am coding an app in C# to upload files from a machine connected to the server machine on a shared folder. The file transfer code has been written, but it throw Access denied exception when I run it. However when I open the shared folder using windows explorer a...
I am trying to load a java applet using Oracle Jinitiator specifically version 1.3.1.13 but hit problems when this goes through a ISA proxy server which requires authentication. Is this a common issue, is there anyway I could use Internet Explorers pass through authentication? ...
I am creating a web service to allow application developers (my fiends LOL) to query my database. The thing is, as a security constraint i wanna be able to track each user. I am in the process of creating a unique app id like facebook or Google maps. Any help? The developer must submit a user-name and email-address, when they click gene...
I would like to know what is the best practice for informing a user that their access attempt was denied. I realize there are probably more options, but these are the methods I'm considering: Inform a user on a dedicated "Access Denied" page reached when my script redirects them via header("Location:") Inform a user in message in the r...
I'm trying to come up with a plan to allow users to auth with a MySQL database (many, actually) using LDAP. More specifically, ActiveDirectory. Database will likely be accessed through applications, not web. What are my options? EDIT: Okay. It seems that there is no "official" way to allow authentication on MySQL using LDAP. What othe...
So after a lot of searching, trying and failing I've finally got the recipe down for creating a COM visible .net dll file, signing it and installing it (via cab and an exe) via IE such that you can use the control inside IE. Problem now is, it won't run at the default IE security level (Vista/Windows7). I got a thawte Authenticode cert...
So I have Authlogic working fine with this user_sessions/new view: <% form_for @user_session, :url => user_session_path do |f| %> <% if @user_session.errors.present? %> Invalid username or password <% end %> <%= f.label :login %><br /> <%= f.text_field :login %><br /> <br /> <%= f.label :password %><br /> <%= f.passw...
Hi folks, I need some help to understand what is happening with my web application. I have a simple web app (c# .Net 2.0) that uses a smartcard authentication. In my testing box (win 2k3 32 bits, iis6) everything works fine but in my production box (win2k3 64 bits, iis6) firefox is unable to send the certificate, hosted in the card, to...
Hi We have some asp.net pages that include the asp.net membership user controls for forms based authentication and would like to make use of these in a SharePoint MOSS environment. Can anyone suggest the best place to deploy these and the best method for deployment, I was hoping to use solution packages to deploy them to the root of th...
I'm trying to modify my simple Twisted web proxy to use "Proxy-Authentication" (username/password) instead of the current IP based authentication. Problem is, I'm new to Twisted and don't even know where to start. Here is my Factory Class. class ProxyFactory(http.HTTPFactory): def __init__(self, ip, internal_ips): http.H...
I've been asked to provide support for authenticating users against an Active Directory in our existing client server application. At the moment a user supplies a user name and password from a client machine, passed over the wire (encrypted) to our server process and matched against a user name/password stored in a database. Initiall...
I'm attempting to expose a single API call using three different authentication mechanisms: django's login_required , HTTP basic auth, and OAuth. I have decorators for all three but can't quite figure out how to have them all get along smoothly. The required logic is to allow access to the view if any of the decorators / authentication ...
I developed a remoting service (hosting .NET type in the ISS). IIS is configured to use "Integrated Windows Auth". It works perfectly when I execute unit test the service on the "localhost" (the code below is the code I use for testing), but after I have deployed a service to the test server (which in another another domain), it started...
I'm having a hard time getting my head around this, and Google just isn't being helpful. I'm looking at converting some legacy code to use the following technologies: ASP.NET, WCF, jQuery. The ASP.NET conversion isn't an issue, nor is accessing the WCF service for data, on the server-side. However, what I'm having an issue with is pot...
Hi, I have windows server 2003 machine as a part of our network. I have created an administrator user on it. Now this server system has a shared folder. I am writing a C# application which will copy some files a local system to that shared folder in the windows server 2003 machine. I have coded the file transfer code, it works fine i...
Hi, I have a ASP.NET Website (.NET 2 IIS 5.1) running on machine A with Integrated Windows Authentication enabled. It has a user Automation. When I connect to it from machine B with user 'Ganesh', I am prompted to enter username & password (by IE itself). CASE 1: If I DONT save the credentials using remember my password option: I get c...
Does anyone know of any best practices or 'standard' techniques for implementing authentication between a silverlight client and WCF services WITHOUT using either RIA Services or ASP.Net authentication & cookies. My current best option seems to be to add additional message headers to each call and authenticate the user with each call. A...
I'm building a site where registered users can upload files. Those files are then served via Apache. Only users who are logged in should be able to access those files. I have read this page but it seems that people would have to log in twice to access both the site and the media, each time using a different type of login box. Is there ...