If someone knows my url of the admin page such as www.example.com/admin.php, then they will easily access the page by directly accesing that url. How to restrict this. Please help ...
I have a site that has the main path under password protection. I also have a subfolder that have a separate (htaccess/htpasswd) password protection. For some reason, when I access the subfolder, I'm asked to put in my id/password twice. All of the files that are referenced are under the subfolder. What should I be doing to troublesh...
To begin I know about http://blog.kadirpekel.com/2009/11/09/facebook-connect-integration-with-spring-security/ The only problem is that it completely replaces the Form Login with Facebook Connect. I have the native form login in place, I also have Facebook Connect in place, Upon gathering user information I link it to a native accoun...
I have an app hosted by google app engine, and I am having trouble with authentication. When I login using my admin account and try to access the admin page or members pages, I just get a blank screen. I can login, and the members only menu shows when I login, but I just can't see any data from the members pages. I'm not really sure ...
I'm building an Adobe Air app that interacts with a third party service using HTTP Basic auth for it's authentication. I'd like to handle the login process completely in my own code. I'm using jQuery to handle the ajax. The issue is that when the user enters bad credentials Air pops up an authentication dialog box before my javascript e...
Im adding a premium section to my site which already has free registration. People who will pay a monthly fee will have access to content (html, images and media files) that will be hosted on a subdomain lets say..... content1.domain.com How would I make it so files that are delivered via that subdomain, cannot be hotlinked or copied, u...
My Ruby on Rails application is mostly contained behind a login page. I'd still like to be able to stress test these pages, as they have some heavy database access. Sending the username and password into a post for my login isn't difficult, but the Authenticity Token keeps changing, which makes my tests unrepeatable. Is there a way to...
This question is an open question since it's not bound to a programming language: Is it a bad idea to provide users an auto-login feature? Why? I've been reading a couple of papers arguing that auto-login feature on web development leads to many user having trouble with "hijacked" accounts. However, I would like to read a real answer/c...
I have a requirement where the login page opens up the main page in a popup, this is how I handled it in normal authentication: <http> ... <form-login login-page="/Login.html" authentication-failure-url="/LoginHandler.jsp" always-use-default-target="false" default-target-url="/LoginHandler.jsp"/> ... </http> Login page creates an aja...
I'm building a web site that will acts as a client to a persistant server process. ASP.NET will communicate with the server using .NET Remoting. The server is used by other clients as well (thick WPF clients and automated processes) and already has methods for password based authentication, authorization and sessions. The way I intend to...
I have a Delphi app that's running on Windows Server 2003. The app communicates with a webservice on another server that is protected by a Cisco ACE XML Gateway requiring a certificate for client authentication. When I run my app as a local administrator on the box I have no problems connecting to the webservice. When I run it as a me...
I'm using the ASP.NET/C# Login control and that entire authentication and authorization system. I set up the roles and have users go to certain pages when they log into the system dependent on their role. Right now I'm trying to restrict access to certain pages, which is working correctly. However, when it restricts the access to a user...
It seems there's an implementation of HMAC in every language under the sun. (See below.) And the algorithm is quite straightforward: http://en.wikipedia.org/wiki/HMAC Has anyone implemented it in Mathematica? Here are pointers to implementations in other languages: http://docs.python.org/library/hmac.html http://php.net/manual/en/fu...
I'm developing my first web portal in ASP.NET where I would like to have authentication. I have heard that ASP.NET has quite a big and well-built authentication system, but I've never used it before. Could you suggest some tutorials or sample code that could help me get started from the basics of ASP.NET authentication? Specifically for...
I am using Visual studio, 2008, and am attempting to create an Admin section so the site owners can go in and alter their site. However, whenever I go to Website->ASP .Net Configuration to try to open the website administration tool, it tells me: An error was encountered. Please return to the previous page and try again. If I click on ...
How can you setup PAC files to use SOCKS proxies with authentication? Using this simple PAC file as an example: function FindProxyForURL(url, host) { return "SOCKS 69.123.133.75:7257;"; } How would you connect to that socks proxy using a username and password? ...
I have a WCF Server running on IIS 7 using default application pool, with SSL activate, the services is installed in a SBS Server 2008. I implement client application services with wcf and SQL 2005 for setting the access control in my application. The application run under windows vista and is make with WPF. In my developer machine the ...
In my pet project I want to have a user system with the following requirements: It needs to work with Db4o as a persistance model I want to use DI (by means of Turbine) to deliver the needed dependencies to my user model It needs to be easy to plug in to asp.net-mvc It needs to be testable without much hassle It needs to support anonym...
Background We are integrating third party email solution into our site. When a user goes to the Mail page it must be automatically authenticated at the Mail site. For now, the Mail link points to our page which automatically submits a form with the user's login and password. After clicking submit the user is redirected to the Mail sit...
I am creating a website which will contain both ASP.NET pages and a Flash applet. I want to encapsulate my business logic in a WCF service which will be exposed through two endpoints: One accesssible over the Internet through HTTP(S), for use by the Flash client, and one accessible within the data center for use by the application serv...