I want to implement forms authentication on an ASP.NET website, the site should seek the user on the database to get some data and then authenticate against LDAP (Active Directory) to validate the user/password combo. After that I need to keep a instance of class that represents the user to use it in various forms. I tried to do it bef...
I want to develop a website in ASP classic that uses HTTP Authentication against a database or password list that is under the control of the script. Ideally, the solution should involve no components or IIS settings as the script should be runnable in a hosted environment. Any clues/code deeply appreciated. ...
I am attempting to do something simple (I thought) - securing my application using roles-based security using ActiveD groups in our Domain. Specifically, I need to show/hide items on a page depending upon whether the currently logged in user is part of "domain\groupA" in ActiveD. For some reason, it is difficult finding information on u...
Hi! I need that my apache require authentication only to external access but free in my local network. I have mod_user in my apache. ( sorry for my english :S ) Thx!! ...
All of this is pertaining to WebHttp binding, hosted in a custom Service Host (IIS is not an option at this time). I've implemented a custom UserNamePasswordValidator, and a custom IAuthorizationPolicy. When I configure the endpoint's binding to use Basic authentication, everything works just as I'd like (custom principal, custom roles...
Hi, In our current project, a system that will run on a local network with no more than 50 clients that connects to the same local server, we are creating a DB user for each client, to take advantage of the postgresql privilege system. I have some questions about this situation: 1) Analyzing the "performance", its OK to have ~ 50 DB u...
At about 24:20 in Stack Overflow Podcast 26 Joel Spolsky said there are services that mail postcards with codes for address verification. Spolsky: You know what we could have badges for? We could have badges for like: "Real Address". Like I have proven that you live at a certain address. Atwood: We could. Spolsky:...
When I try to login to this site using my yahoo openid, it takes me to the yahoo site, I click "continue" meaning that i want to send my authentication details to stackoverflow.com and stackoverflow.com gives me the following error underneath the login text field: Unable to log in with your OpenID provider: failed to authenticate, retu...
I am in my rookie season with WCF Services... I was running my first Visual Studio 2008 Unit Test with a WCF Service and I received the following error: Test method UnitTest.ServiceUnitTest.TestMyService threw exception: System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client au...
I am building authentication into a client-server application, and some of the feedback I've received is that I should leave the hash calculation to the server (it was initially implemented to have the client receive the hash, calculate a hash from the client's entered password, and compare them). That seems to make sense, but I am left...
Hi I have a sample file for BASIC page authentication that works perfectly in tomcat but it wont work at all in websphere. Any ideas what needs to be done differently in Websphere? Thanks Damien ...
I want to dynamically add menuitems to my master page based on membership security login role. From what I've read RenderAction in the master page html could perhaps do this. Since I'm fumbling thru this I am not sure how it would look and how in the controller I check my current role. I am considering creating a table and relating the a...
I can't understand the concept and, first of all, where it belongs. Is it solely a Shrepoint concept or more general like of ASP.NET or IIS level? Does it only affect authentication and if so how does it affect it? Or what effect does it have on an application? I know it is a broad question, but I've googled for about 15 minutes and have...
Is it possible to log out user from a web site if he is using basic authentication? Killing session is not enough, since, once user is authenticated, each request contains login info, so user is automatically logged in next time he access the site using the same credentials. The only solution so far is to close browser, but that's not ...
I have several sites (Asp.Net) that I would like to have a single sign on for... I would like a user to visit Site1 and have Site1 contact a central single sign-on server (SSS). The SSS would then determine that the user was not logged on (Not sure how) and would redirect the user to a Logon screen (Still on the SSS). If authenticat...
I am writing an application where I will be accessing the database from django and from a stand alone application. Both need to do session verification and the session should be the same for both of them. Django has a built in authentication/session verification, which is what I am using, now I need to figure out how to reuse the same se...
In ASP.NET MVC, you can mark up a controller method with AuthorizeAttribute, like this: [Authorize(Roles = "CanDeleteTags")] public void Delete(string tagName) { // ... } This means that, if the currently logged-in user is not in the "CanDeleteTags" role, the controller method will never be called. Unfortunately, for failures, Au...
I'm working on a REST service that has a few requirements: It has to be secure. Users should not be able to forge requests. My current proposed solution is to have a custom Authorization header that look like this (this is the same way that the amazon web services work): Authorization: MYAPI username:signature My question is how t...
Hi, For an enterprise type WCF service, where potentially 10K's of thousands of clients will be authenticating and sending data to central servers, what is 'best' practice when it comes to sessions or authentication? does WCF support a session, if yes, should I use it? or should I simply pass username/password on a per call basis? ...
What are some good suggestions or resources to look at to help me secure a single click URL based authentication? Essentially, the situation is a third party system which accepts an HTTPS request, through the browser, where you supply authentication information (un, pw, authkey, ect...). The service then, upon authenticating the prov...