I am executing the following jquery ajax call to an asp.net mvc controller which works, however on the firebug console it seems it is getting executed three times. The first two times it returns 401 Unauthorized and the final time it return 200 Ok. Could anyone shed some light on what is happening when I make this request and how I could...
I have a WCF service that has a method to return the Windows Username of a Silverlight client that is consuming the service . The WCF service is using basicHttpBinding with the TransportCredentialOnly mode set and the TransportClientCredentialType set to Windows. In IIS Windows authentication is enabled and anon authentication disabled. ...
I am trying to login and retrieve status information from a HTTPS URL via Java programming. I login through /login.cgi, providing the username and password with a POST request to that script. The script then verifies the credentials and creates a specific cookie (with session information, user name, etc.) and then immediately calls a L...
I'm building a webservice that needs to be accessible to a variety of potential platforms, including a number of older ASP and ASP .NET applications. After some research, I settled on a WCF service with both a REST (webHttpBinding) and SOAP (wsHttpBinding) endpoint (that way, I can support a wide range of platforms and still make the .NE...
Here is the problem I am facing with the Django Authenetication Access a page that requires a login. Logout (accessing django.contrib.auth.logout) Access the original login-protected page. You are still logged in Any ideas how to solve the problem? MY Django Session Settings are SESSION_EXPIRE_AT_BROWSER_CLOSE = True SESSION_COOK...
Does anyone know what the official name is for a "domain\username" based login? I'm trying to troubleshoot an application which claims to have support for LDAP integration with OpenLDAP, Sun One etc. When I reviewed logs , and sniffed the network traffic I could see that in every instance of authentication a "domain\username" is passed...
I am writing an app which will display articles at a membership based website. We want the app to be able to read and display articles that are set as "members only" - even if the app owner is not a member. So I want to be able to login without showing the app user any user or password info. When I try to access a members only a...
Hi! I'm currently playing with the Java SASL API and I wrote a little program to simulate a challenge response sequence using CRAM-MD5. However, I'm unsure about how to do this, as SaslClient and SaslServer only have methods evaluateChallenge(...) and evaluateResponse(...). I would expect SaslServer to have a method like issueChallenge(...
I have bunch of action-methods that need to verify the ownership of the orderId passed to the action something like: public ActionResult CancelOrder(int orderId) { If (!MyDatabase.VerifyOwnership(orderId, User.Identity.Name) return View("You are an imposter!"); // ... } What's an easy way to verify orderId belongs to User.Iden...
I am developing a Django web application with a suite of steel design tools for structural engineers. There will be a database table of inputs for each design tool, and each row of each table will correspond to a particular design condition to be "solved." The users may work solely or in groups. Each user needs to have ongoing access to ...
I am in need of an authentication system that would work in harmony with the current authentication system my client's server uses. The current system works as follows: A page requiring authentication invokes an in-house developed mod_auth Apache module in the .htaccess file. The user is redirected to a generic log in page. After ente...
One thing you can do on my rap lyric explanation site is "like" explanations (once you're logged in): I'd like to show the "Like" links to users who aren't logged in, and then, when a non-logged in user clicks "Like", show him a lightbox with a "Login or Register" form (like Digg / Reddit) What's the best way to accomplish this? C...
I thought I understood how Open ID works, but now I'm confused... FYI, I'm not trying to understand how to use Open ID as a developer, but rather the actual actions it uses to authenticate via the client's browser. As I understood, the user (for example) choose Google as their Open ID provider. The server then requests a pre-determined...
How authentication in general (Mutual Authentication as a special case) works in MSDTC and how to configure Mutual Authentication on MSDTC?? I've a custom application (archival solution), a windows service which on a configured time fetch data from online database and dumps to a back-end archival database (Ideally online and back-end DB...
I am trying to develop a Facebook application using PyFacebook (hosted on Google App Engine). It's an FBML application (runs in a Facebook canvas instead of an iframe). I'm having problems getting any API calls to function. The sequence looks like this: fb = facebook.Faceboook(api_key, secret_key) fb.session_key = cherrypy.request.pa...
Is there a way to create a sort of authentication for wordpress which would block unauthorized users from some particular pages and posts but would allow any user to view some pages. I would also like the users of the blog to be able to register and login through facebook-connect, or google accounts. Is this possible. ...
I've implemented security of a BlazeDS service accessed through a Flex application by logging in and out of the ChannelSet (I followed: http://livedocs.adobe.com/blazeds/1/blazeds_devguide/help.html?content=services_security_1.html ). How do I handle timeouts? Right now I have a faultHandler for RemoteObject calls that checks if event....
Is there a SSL enabled client for C++ that can interact with HornetQ? The only client I could find is ActiveMQ-CMS from the Apache ActiveMQ project, which can use Stomp. But this client up to now does not seam to support SSL or any other form of security/authentication. ...
Asp.net stores the session in a cookie, thus not having to worry about sessions on the server side (traditionally sessions are stored in a database, and lookups are done via a session ID, which is usually a Guid like string). In my previous question, I was asking about how a spring application stores/creates sessions etc: http://stackov...
I am working on a system architecture for a fund/pension manager. We are providing two ASP.NET MVC web applications; one to allow members of the pension fund to login and check their balances, manage their investment, etc and another to allow employers to make contributions to the fund on the employees (members) behalf. There are also in...