I noticed that a lot of sites send a random token with form posts even though the user is not logged into a service requiring authentication. I understand the use of a token when you have an authenticated session, but what is the point in sending one when they aren't authenticated? Is it common practice to create a session when a user ...
I have a client program that consumes a web service. It works quite well in a number of installations. Now I have a situation where a new customer connects to the internet via a proxy server, and my program's attempt to access the web service gets the "HTTP status 407: Proxy authentication required" error. I thought that all the confi...
I would like to test appengine. At this moment it is not clear to me if there are libraries that support custom authentication. I want the user to be able to create an account on the site without having to have a google (or any other) account. Does that kind of libraries exists or do you have to write it from scratch? Can anyone prov...
Does linux support a replacement of its username/password collection UI in x-windows. To specify, I have a windows authentication method that uses gina/credential providers to display an alternative to the usual username and password. I wish to port this to linux. I realise that text-mode runlevels will not support this, and only x-wi...
Background I have a custom authentication back end for our django applications that refers to an LDAP server. As soon as I authenticate someone, I have a wealth of information that our network infrastructure guys put in the LDAP server about the user - their last names (which can change, for instance, if they marry), their e-mails (whi...
Why does aspnet_users use guid for id rather than incrementing int? Also is there any reason no to use this in other tables as the primary key? It feels a bit odd as I know most apps I've worked with in the past just use the normal int system. I'm also about to start using this id to match against an extended details table for extra us...
I'm at the stage in a project where I need to extend the user membership fields in a asp.net mvc website. I have gone through these different thought processes. Using "username" to join users to records. Very bad idea due to a user wanting to change their username etc. Then I thought I could connect the guid of userId to the other tab...
CakePHP Version 1.2.5 I would like a single user to have multiple email addresses. I would like a single user to have a single password. I would like users to log in using any of their multiple email addresses and their single password. I have created a users table with an id and a password field. I have created a user_email_addresses ...
I'm working with an HttpListener. I can set the Authentication mode to basic using: listener.AuthenticationScheme = AuthenticationSchemes.Basic; This works in IE, but Google Chrome doesn't seem to like empty realms. So the header should contain something like: WWW-Authenticate: Basic realm="The Byte that Overflew the Stack" However, ...
While looking into forms authorizing/authentication, I found that it is possible to do role based authorizing by adding an array of roles to a FormsAuthenticationTicket. That way I can write User.IsInRole(role from database) But is there any way to do the same thing with permissions on a role like : if (User.IsInRole(role from datab...
Hello, At our company, we had a computer running Outlook 2007 Business Contact Manager, with all our info tied to the SQL Server database MSSmallBusiness.mdf file. Everything was fine and dandy. We decided to update the computer to Windows 7, so we upgraded, and Windows 7 put all the old files into the Windows.old folder. Problem is...
Scenario: An intranet ASP.Net application using Integrated Windows Authentication and a SqlRoleProvider for authorization. The application is used by a small subset of users within the domain. If there are only a few users within the domain that should be able to access the application, can IWA be narrowed to allow authentication for ...
Why do I need to encode login and password in base64, when using SMTP-AUTH. Here is an example of my SMTP conversation 220 ALAN.CP.com Microsoft ESMTP MAIL Service ehlo 250 ALAN.CP.com Hello [10.10.1.1] more... verbs 250 OK auth login 334 VXNlcm5hbWU6 <base64 encoded password> 334 UGFzc3dvcmQ6 <base64 encoded password> 235 2.7....
My MVC site is using integrated authentication, and we had a request to allow users to sing in as another user, like in sharepoint. This has proved to be difficult... I've tried to send a 401 or 403 response, but the browser won't display the login popup and the user will continue to be loged in. (Fidler and firebug tell me that the res...
I'm using Authlogic for authentication in my app, using the standard User and UserSession models. I'm building an API into my app, and I want to authenticate API access with a single access token. In my app, every User belongs_to a Company, which has_many users. The API is for access to resources belonging to the company, so I'd like ...
I'm trying to connect a desktop application I am writing with the del.icio.us api @ http://delicious.com/help/api and simply provide them with my username and password and to request an url to post a bookmark to my profile. The problem I have is that I don't understand how to send my login credentials when I open a connection. How woul...
I have been using Django for several years now and up until this point have always redirected users to a login page after registering their account, and therefore have never had a problem of this sort. I am currently running Django v1.01 and on a new yet-to-be-released site have a combined registration/authenticate/login view which ...
Consider following scenario: I have RESTful URL /articles that returns list of articles user provide his credentials using Authorization HTTP header on each request articles may vary from user to user based on his privileges Its possible to use caching proxy, like Squid, for this scenario? Proxy will see only URL /articles so it may ...
I am trying to figure out how to implement an ASP.NET page with Windows Authentication without getting that annoying IIS login box. I currently have 3 domains in my network so all the people logging in would have to prefix their user names with the domain. This is not user friendly. I would like to have a custom login page that wou...
I'm trying to take away anonymous access to a single view of an MVC application. I tried to did this by going to the directory (i.e. /views/private) and removing anonymous authentication. This didn't help. What is the easiest way to do this? ...