I have a directory structure similar to: - html - sites - .htaccess + files - .htaccess - index.php The file /html/.htaccess uses AuthUserFile to protect the entire site. However, the /html/sites/.htaccess file is also used to protect the "sites" folder with a separate password. The problem is when I attempt to visit a...
I have a database that have quite a bit relational user information that would be handy to load when the user is authenticated. I would like to use the Silverlight Business Application project template and extend the user class that exists in the AuthebticationService.cs file in that project. I have been able to add simple properties t...
I have spent two hours on this error "HTTP status 407: Proxy authentication required Error " when calling a web service, my code is like following WebProxy oWebProxy = new System.Net.WebProxy(ProxyServer, ProxyPort); oWebProxy.Credentials = new NetworkCredential(ProxyUser,ProxyPassword,ProxyDomain); o...
I apologize before hand if this is an obvious question: can Apache 2.0 + SSL + basic authentication be trusted in order to secure a website? The way I see it, SSL creates a secure connection between the client and the server and thus any HTTP requests containing the clear-text password should not be a security issue. thanks, S. ...
This is *** unbelievable! Flash programmers are familiar with the example: var req:URLRequest = new URLRequest("http://yoursite.com/yourservice.ext"); req.method = URLRequestMethod.POST; req.data = new URLVariables("name=John+Doe"); var encoder:Base64Encoder = new Base64Encoder(); encoder.encode("yourusername:yourpassword"); v...
In IIS 7 I try to deny access to all files with the extension .xml for all users. I tried the following setting in my web.config file: <location path="*.xml"> <system.web> <authorization> <deny users="*"/> </authorization> </system.web> </location> But then getting any file results in an internal server e...
Hi I have an ASP.net website which I want to introduce 'Facebook Connect' functionality into, purely for account login/creation purposes. I want a user to be able to click the 'Login using Facebook' type button, and to then log that user into my website based on a userid lookup from the Facebook response. I have a couple of questions s...
I'm working on a client<>server multiplayer game. The authentication is done on the same server as all game logic etc. This means that my authentication password encryption algorithm can't take too much calculation time as it would delay all the other required actions. If many people would logon at the same time that would cause a notice...
I'm looking for tips and ideas on how to best incorporate authentication with PHP using Cookies. Should each php script check for the cookie value to determine if the user is still logged in? Should there be one script that does this check and Include that script from each of the other scripts? Can the cookie value be seen by php fr...
Question: Is this API authentication technique easily hackable? apiKey = "123456789" apiCallId = "1256341451" apiSecret = "67d48e91ab2b7471d4be2a8c2e007d13" sig = md5(apiKey + apiCallId + apiSecret) = 09c297a354219f173bfc49c2e203ce03 where apiKey: some unique identifier for the user apiCallId: a unique integer that ...
Hi, is there a method for svn to explicitly create the cached name/password settings for a user and doing nothing else ? Name/password settings will be given via a dialog, while svn is probably installed just in the step before. I need that as a step in a workspace installer, which will later make use of svn. Thanks for any help. ...
I have a Silverlight application, and added a Silverlight-enabled WCF service. I would like to deploy this as an intranet solution using Windows authentication without anonymous access. Out of the box, the WCF service adds the following settings to the web.config: <system.serviceModel> <behaviors> <serviceBehaviors> <behavior...
I have a form and I need to send the content to the server. I use google authentication because only authorized people can send to the server. The form is somthing like this: <form action="/blog/submit" method="post"> ... </form> The authentication is needed only during the submit, not entering the form page. So in the submit contro...
I've had Windows Authentication setup on an area of our website for some time now, and it has worked flawlessly so far. Recently, the login prompt stopped appearing and went straight to "Page cannot be displayed" for some reason. While connected to our network, the page works fine. Outside our network, users are supposed to receive a log...
Hi, I'm new to ASP.NET MVC and need abit of advice on how to implement the following. The site is a heavily used site with roughly 200 users internally (intranet). We use forms authentication hitting a SQL Server DB (not windows integrated). Some actions are protected, some are viewable by anyone and some are viewable by both - so if...
Hi, What encryption method does the .NET FormsAuthentication.Encrypt() method use? There's no mention in the MSDN article: http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.encrypt.aspx Thanks. ...
Can any one tell me how to solve the following scenario in Asp.net application. I have an asp.net application which has 3 pages.Some user should allow to view some pages.For ex, user 1 should see page 1 but not page 2. In web.config file, under App_settings, I have a key-value(user1 - 0) if the value is 0 then he should allow to view th...
At what point should I be checking for my cookie in my mvc app? Basically what I wish to do for each request is check to see if there is a cookie and if so show their name on the screen somewhere if not and the page requires the user to be logged in redirect them to a login page. I DON'T want to use FormsAuthentication as I wish to cre...
Hi guys, I've configured my jBoss Portal against our AD. Everything seems to work but now I'm facing a problem: How do I determine which AD group should be admin on the portal? Cheers and regards ...
Hello everyone. Im developing a small web aplication, used in a shared computer. When the user closes the browser window, i want the session and the authentication to be deleted. In the Login page i use something like this to authenticate the user: FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1,txtUser.T...