I'm writing a RESTful Database Server called Phoenix. Being an easy interface into an entire application's data, security is quite an important issue, and I'm interested in what authentication solutions any of you could suggest. It needs to be: Secure - it's got to be very hard to break. Signing requests could be a good way of doing t...
I have a Windows application which has a browser in it. The Windows application opens a webpage in the browser. With this request it also sends form data (post method) to the webpage. Then, the webpage reads this post data and then the user is logged on. The webpage that is being called is part of a web application that uses Forms Authe...
I have a user model and a profile model. user has_one :profile profile belongs_to :user On the "show" view of the profile, there's an input field that only the owner of the profile should see. I currently have it limited to where only a logged-in user can see it, but I need it to go further and only appear visible to the user who owns...
Hi, I have set up an Apache2.2.11 server on a WinXP machine along with Subversion 1.6.1 and SVNService 0.52. I created a Windows directory C:\Repositories\ inside that directory I put my projects svnadmin create C:/Repositories/project1 svnadmin create C:/Repositories/project2 I created a password file using apache's htpasswd and pu...
My asp.net app is using Forms Authentication. Running the project from the Visual Studio .NET 2008 has absolutely no problem, but it doesn't work on IIS, after clicking the Login button, the authentication code run with no error, but the Login page kept getting reloaded and reloaded. any ideas? tks in advance, james ...
hie i have a html form and while posting a request to a url i also want to pass crendtials using basic-auth can anybody please share a code example on how to do that? ...
[Cross-posted from the OAuth Ruby Google Group. If you couldn't help me there, don't worry bout it] I'm working on integrating a project with TripIt's OAuth API and am running into a weird issue. I authenticate fine, I store and retrieve the token/secret for a given user with no problem, I can even make GET requests to a number of serv...
Why use the proposed OpenID OAuth Extension over another OAuth-based protocol? Discovery doesn't seem to be a feature. Although the consumer only needs a claimed identifier to start the authentication process, any authorization will still require that the consumer knows the access token URL, signature methods, and have a shared key/secr...
Hi all! I'm making a system called NCIV in PHP. In that system you can change a setting in settings.php, which allows the system's admin to enable or disable the usage of MySQL rather then a bunch of text files. However, changing that setting if the site already has content, will move all the data from/to the MySQL Database to/from the ...
I need to build a script that uses OAuth authentication to connect to Foursquare's API, but oauth-php library is too complicated. Any one page scripts that don't use MySQL? I would rather just use cookies. ...
The problem A tomcat manager page can not be accessed by a user granted a manager role. The things I tryed to do I added a user with a manager role into tomcat-users.xml: <role rolename="manager"/> <user username="emanemos" password="password" roles="manager"/> I also looked up the $CATALINA_HOME/webapps/manager/WEB-INF/web.xml to ...
Started with this question: http://stackoverflow.com/questions/1385082/openid-how-do-you-logout OK. So OpenID does not have single logout. I can see the uses but there are some situations that worry me: Single signon on is great for mobile devices and your personal computer. You sign on once and probably never need to sign out again (j...
I need to implement a CAS Proxy Granting Ticket System. So I need to understand the system. There is a good doc here, but I have no idea about the proxyCallback I need. Could someone explain me that ? ...
Hi, I'm currently integrating a CMS (developed in PHP) authentication with Active Directory. This specific Active Directory only allows authentication through Kerberos, or ldaps:// (but this last one is not the most wanted since I'll have to use absolute paths). I've been searching the web for anything about PHP AD Kerberos Authenticat...
Hi, I'm coming across a peculiar request: I have a website that uses Forms Authentication, but it now needs to grab the WindowsPrincipal (Windows Authentication) at some point in order to reuse it. My first instinct was to create a new page, and to disable Anonymous Access on IIS for that precise page. When I'm on that page, Request.Se...
Hey guys, I have an app that communicates with a server that uses HTTP Digest authentication. It seems to me that the 'session' management within the iPhone is pretty "black box" to us developers. Is it true that we can't see how the framework handles / persists http sessions? If I'm just being dim here, would someone care to explain ...
I have SSRS setup and working fine. I can even access them from a web browser. The only problem is that it requires me to log in every time I want to review a report. I need anonymous users to be able to view these reports. Is this possible? ...
Let's say we have an application that has a number of features and each feature as a permission set of users that are allowed to use that feature. The application is designed to be always-on, but at different times during the day we want different users to log on and use it. Rather than reinvent the wheel and create yet another user acc...
We have several existing web applications and SharePoint sites that we want to take off the intranet and make public to authorized external users. There are several commercial Identity and Access Management (IAM) solutions available but I'm trying to find an open source alternative. I would like to avoid building a custom membership pro...
I'm working on a CakePHP project and am currently building the user authentication part of it. The problem is that my authentication information (ie: the passwords) are not stored in my database -- the authentication source is LDAP but my question applies equally to any non-database source. It appears as though Cake only handles passwor...