I am working on an authentication system for an online game programmed using PHP and I would like to make sure it is secure. To help with this, I think logging would be useful (and good practice for me as well as a good test for a system logging class). I dont want to use the web server's logs, but I would like to know what would be impo...
In a service impersonating a client (using ImpersonateNamedPipeClient), I try to call CreateProcessAsUser. The executable filename is a UNC path located on a third computer (neither the server, nor the client connected to the pipe). The call fail with the error code 5 (ACCES DENIED). I tried to use WNetAddConnection2 to authenticate the...
Are there any simple diagnostics I can run to determine why authentication is not working with the ClientFormsAuthenticationMembershipProvider provider? My problem: I have a web site (we shall call it the "Authenticator" web site) hosted on Server A that is configured to use the AspNetSqlMembershipProvider provider for both Membership ...
Hi, Could anyone please tell me why the following paragraph is incorrect: If your deployment descriptor correctly declares an authentication type of BASIC, the container automatically requests a user name and password whenever a user starts a new session. ...
If I had a poll on my site, and I didn't want to require a registration to vote, but I only wanted each visit one, how might I do this? Let's say a visitor from IP 123.34.243.57 visits the site and votes. Would it then be safe to disallow anyone from 123.34.243.* from voting? Is this a good strategy? What's another one? ...
Hello, We want to implement SSO functionality in our organization, but we're not really sure what our options are, and what the benefits / disadvantages for the different solutions might be. -We have multiple old ASP(Active Server Pages) sites which should use SSO -We have multiple ASP.net web-Applications which should use SSO -We wa...
I'm building a website that will require user registration and logon. I would like to use the facebook connect to let people create a basic account and to log on without having to create a local account themselves - and let them fill in more profile details when they want to. What other 3rd party authorizations systems are there? Clear...
I'm starting to write a small web application and have started thinking about securing login (only used for administration). If I could, I'd install a CACert or self-signed SSL certificate, since for now I'll be the only one logging in, but my host isn't too accommodating. Are there any reasonable options for securing the site without ...
HEllo, In an ASP.net application I'm using Login control with custom membership provider that I wrote, and what I also want to do is to set Thread.CurrentPrincipal to my custom Principal object, just after the user is authenticated. I'm using the setter: Thread.CurrentPrincipal and it sets the Principal object for me but, on all the c...
Although I've set isPersistent to false, the authorization cookie is persisted between sessions. This only happens with IE8. With other browsers it works as supposed. Sys.Services.AuthenticationService.login(username, pw, false, null, null, null, null, "User Context") ...
I've got several sites: example.com, example1.com, and example2.com. All of them point to my server's /public_html folder, which is my Apache root folder. What do I need to add to my .htaccess file to use http authentication only if the user is coming from example2.com? example.com and example1.com should NOT use authentication. I k...
Due to our clients authentication and network topology we have a number of Windows Servers in a DMZ without Active Directory or a Domain Controller. Corporate policy stipulates that passwords must change once a month. Our dev machines are in AD (not in the DMZ) so we run into the situation that we have to synchronise our usernames and pa...
I'm using Catalyst with Catalyst::Plugin::Authentication and Catalyst::Plugin::Authorization::Roles and am wondering if there is a better approach to adding an attribute to a model that I'm not seeing. Each user is permitted to access one or more companies, but there is always one primary (current) company at a time. The permitted list ...
How do I write/put together a secure login in PHP? The website developer guide said I shouldn't roll my own, so referring to samples available via Google is useless. How do you pros do it? Lets say you're building a world-class app in rails, would the same libraries / techniques be usable here? Thanks ...
Hi, I'm interested in creating a sort of hand-off authentication method, where there's a client and two servers (let's call them Alice, Bob and Carmen Sandiego, respectively). Alice is a client (in a browser) somewhere on the 'net, possibly behind a NAT that gives a different IP for outgoing requests to different addresses (I know there...
I'm building a centralized desktop application using Python/wxPython. One of the requirements is User authentication, which I'm trying to implement using LDAP (although this is not mandatory). Users of the system will be mechanical and electrical engineers making budgets, and the biggest problem would be industrial espionage. Its a comm...
Let me rephrase my last question, what PHP library or framework can I use for professional and secure authentication? Extra points if your idea helps implement account Control Panel features (change password, edit profile). How do you pros do it? Have you ever done trustworthy authentication using PHP? ...
I'm developing a ASP.NET MVC app and I'm wondering which is the best way to handle an expired .NET Forms authentication cookie detected during an ajax call. Do you think that packing the ajax response into a JsonResult containing info about the cookie validity is the best solution? ...
Hello Everyone: I have a winforms (VB 2008) based app that I'm developing and I want to use custom roles for user access. Application Layout: I have a Main form that opens a login form when certain actions occur. The Login form intern uses an authentication class that I've created, to authenticate users and set access rights. On my...
When I try to login to our WSS demo site the authentication popup forces me to use the domain I'm currently using on my local computer. The WSS site does not have the same domain. I'm running IE8 on Windows 7. How do I change the domain!? ...