I have a WCF service which uses netTcp binding and transport security. It uses Windows authentication (default). Everything is working smoothly but I want to ensure that only a select windows user account can use this service instead of everyone in the domain. Is there any way to accomplish this such that select user accounts can be wr...
I installed this instant messenger program called IM+ that keeps your accounts online even when you exit the application (you know... touch: only one app at a time) it accepts push deliveries to report you have a message. I am kind of puzzled on how they can keep me logged in and send me a push notification that someone is messaging me....
I have an app that uses flatpages and other constructs that don't take a request object. This causes problems in base.html. Here's a simple example. If I wanted something like "Welcome {{ request.user.username }}!" at the top of every page, what's the best way to make that happen? ...
We're getting our new MVC project off the ground and are trying to tackle the concerns of authentication and authorization (through Action Filters preferably). Our roles will come across as AD groups (already determined for us) so all we really have to do is read the groups a user is in (from the identity). If you're in one of the grou...
I'm using the Auth Module in Kohana v 2.3.4. In terms of authenticating users, there's a two step process. The entry point is the function login. It's first task is to retrieve the password stored in the database and retrieve the password and determine the salt value. The salt is supposedly determined by an array of values, each corres...
Hi, I have a query regarding sending secure data over the network in iPhone. What should be used to secure credit-card, bank acct# etc. information which is sent over wireless network. Is there any difference in methods if we use a native-app or a web-app? Are there any direct APIs available for this? Any tutorial will be really he...
I'm trying to authenticate against the user db of my website (CMS based) and it uses a slightly different approach at storing hashed passwords. It uses a randomly generated salt for each user. The salt is stored in the user db along with the hashed passwords. Hence, direct field-mapped authentication (as the External DB plugin does) won'...
Hey there, I am trying to get up a simple authentication system with Rails' Restful-Authentication plugin, and am just wondering how it works, b/c I can't seem to figure out what the requirements are for cookies, and how to make it so the browser always remembers you (for 6+ months). Few questions: 1) How do you do remember_me's for r...
Hi guys, I would like my iphone app to store & get data from my app engine application, but how can i make sure only my app makes these requests? Do i have to make a gmail account, and let that account login as administrator to my google app engine application? So i can use that account from within my iphone app to handle the request? ...
Hi All, I have contact management / CRM application used in-house by our company, It is a web based app and thus uses a lot of Ajax. Most of the data is JSON, and the backend server uses PHP with MySQL as the database... I would like to build a mini Adobe Air version of that, mostly because I can use Drag and Drop file uploads, client...
i've been seeing a lot of activation links sent via email and I implemented one but just isn't satisfied with it (the long activation links from other sites kinda looks cool but I can't see the point of it being so long). Here's how my activation link looks like site/controller/method/4/MJKL the 3rd segment is the user id and the the 4...
I am trying to create a form to allow users to change their password: View: - form_tag change_password_users_path do = error_messages_for :user, :header_message => "Please Try Again", :message => "We had some problems updating your account" %br = label_tag :password, "New password:" = password_field_tag "password" %br =...
My system has 2 subsystems. Each subsystem has different set of users. Each user has an extra field "SystemName" that can be used to know which system this user belongs to. In the login forms (1 form for each subsystem) I added a hidden field specifying the type of the form (containing the SystemName value). Generally, the check is rat...
In C# how we can use SHA1 automatically?Is SHA1 better than MD5?(We use hashing for user name and password and need speed for authentication) ...
I am getting ready to start a project that requires using OpenID within Coldfusion 8. I have found a number of different options and was wondering what has worked the best, get's the most support, stays up to date, etc... OpenID CFC CFOpenID CFKit OpenID ...
I'm writing a comprehensive authentication system for an application and I was planning on logging failed authentication attempts in order to implement better security. I would like to check failed passwords for both brute force and dictionary attacks, however the only method I could think of doing this is by storing the raw password. ...
I have a WCF Server running on IIS 6 using a application pool with a custom identity right now the I looked on the web for two days and I can't find the exact answer to my problem. I know there are a lot of similar ones outer there On IIS6 the virtual directory has anonymous access disable and Integrated Windows authentication enabled...
Authentication cookies seem to timeout after a short period of time (a day or so). I am using Forms Authentication and have the timeout="10080" with slidingExpiration="false" in the web.config. With that setting, the cookie should expire roughly 7 days after the user is successfully authenticated. This worked as advertised with IIS6, bu...
I'm trying to create a Rails form that allows an admin user to change the assigned roles of other users. The form I've created registers changes to the user (such as password or login changes), but doesn't register changes to the user's role, which is a separate model. I'm using Acl9 for role-based authentication, which uses a User ...
Right now I have a server set up for multiple clients: clientA, clientB, clientC. Each client has their own users. The way I have it setup is clientA goes to http://www.site.com/clientA and is presented with a login screen which is triggered by an .htaccess file in a directory called /clientA. The .htaccess file has rules which direct...