I have two apache servers set up. One is public facing, the other is behind a firewall. The one behind the firewall is used to serve up content (vids, pics, etc). I've set up a reverse proxy so that any requests to http://mysite.com/content/ actually go to the server inside my firewall. See my serverfault question. My site uses PHP ...
Hi All, I've been developing an application that makes use of Authentication of users to access the program. I wondered if there's actually some framework in C# somewhere that can be used to make this process of WinForm Authentication in software development easier? Tony ...
I am using .NET 3.5. Also, Forms Authentication is used. Is there any way to get the list of ALL logged-in users or a count in ASP.NET? Note: I am not using Memberships and Roles ...
My web application only has one level of authorization. It's either you're logged in or not. Would ACL be overkill for this? Would the Auth component be sufficient/secure enough to handle this situation? Does CakePHP session anonymous users? If so, is there a way to turn that off? I don't think I need sessions to be passed around if...
I can't seem to stumble upon the correct combination of IIS / ASP.NET settings to accomplish the following: All users on an internal domain should be able to access IIS site (w/ NTLM authentication), and the ASP.NET application should be able to get the username of the current user (aka the user is authenticated as themselves). The run...
I get this error when trying to get a feed from Google Analytics API. However, using the same token I get successful feeds from Google Calendar. The code between the two is exactly the same except for the feed url. So it must have something to do with Analytics being https and Calendar just http. I have successfully created a non-s...
Hello, The Twitter API lets me request another users statuses with user_timeline and the authenticated users @replies with mentions. Is there a way to request another users @replies (both to and from them)? Thanks ...
Im trying to allow users to login to a website by verifying if they are registered users of a sister website. Im not really sure what is the best way to implement this. The website which is referred to uses authlogic authentication, so would it be wise to have a REST method that the new website calls to obtain a session token of some sor...
Is there any way to provide user log-in without the need for a DB. We are deploying a system to control some hardware and the customer wants an interface they can access from a browser, but they also want to provide log-in to prevent just any body from accessing it. I have no reason for a DB to implement what I need. I would hate to ha...
I've posted this on Server Fault, but as there is sort of a programming aspect to it, I'll post it here too. I have an ASP.NET MVC 1.0 application that uses Forms Authentication. We are using Windows Server 2008. I need to lock down the site so that only certain users (in AD Groups) can access the site. Unfortunately, though, when I set...
I need to create a subdomain based authentication system, like the one 37signals, freshbooks, codebase use. That is, each subdomain of my main application needs to have its own username namespace. I would like to keep as much as possible of the django authentication system. What is a good way to store the username? In particular, it sh...
How do I ensure that a username/password combination is not read from memory while my application is in use. My program is a GUI wrapper for some CYGWIN tools, including SSH and SCP. I need to ensure single sign-on capabilities to a variety of hosts. ...
Hello, are there any solutions to implement REST authentications for clients using only Javascript? Because the Javascript code is always readable by anyone. I've read many posts about REST authentication here but didn't found any ansers. ...
I'm currently trying to expand my PHP driven intranet site for my company. It essentially functions as a bunch of miscellaneous reports and utilities that I've thrown together and linked to on the internal webserver. Whenever people keep wanting the same task done, I script it if at all possible and throw it up on the intranet page so pe...
Here is the issue, The JAAS realm connects to the database fine, the user name and password match, the session is authenticated. HOWEVER, none of the roles seem to be getting into the Principal. Tomcat's isInUserRole returns false for every role, and tomcat security doesn't see them either. Here is the realm configuration in the Serv...
I'm writing a database authentication system for my web application which is wrriten in ASP.NET MVC. When someone authorize, it should save his username in cookies. Is it safe to just use HttpResponse.Cookies` for saving a cookie that its value is username? Wouldn't it forgeable? Saving only the username... Is it the right and safe way?...
I work at company X and we want to engage in a B2B transaction with company Y. In doing so, Y is requiring client side authentication; they already provide server-side authentication - so this would be a mutual SSL transaction. My understanding is that I simply need to provide my CA-signed cert as part of my client side HTTPS communica...
How can I improve this username/password checking? [AcceptVerbs(HttpVerbs.Post)] public ActionResult Login(FormCollection collection) { var users = (from p in _dataContext.Users where p.Name == collection["Username"] && p.Password == collection["Password"] select p); if (...
I have an ASP application that requires an authentication handler where it redirects users based on the AUTH_USER server variable. I have IIS 5.1 on my PC and when enabling both Integrated Windows Authentication (IWA) and Anonymous this seems to work fine. When I deploy to Windows Server 2K3 it all changes and with both IWA and Anonym...
I'm new to Rails and I'm trying to create a standard CRUD rails application for displaying text posts. It's pretty similar to blog where I would like authenticated users to be able to edit and destroy posts while visitors to the site can just see and browse the existing posts. I would like to know what is the best way to manage this. So...