What is an Endpoint?
I have been reading about oauth and it keeps talking about endpoints, I googled it no help, Please tell me what an endpoint is or link to somewhere that explains it thx ★✩ ...
authentication
How to restrict user access page in RoR?
I know that I can have a session after the user login. Also, I created a helper method called "current_user". I don't want to other people which are not signed in can get access to the page. Apart from making doing this, how can I do? I can do this to not allow people the get access to the content, but I don't want the user within login...
How to use Kerberos authentication with a Mac web server
I'm trying to do some development work that involves authentication at home on my Mac. I've got a full domain set up here with my mac joined to it. Unfortunately, it seems like mod_auth_kerb is non-existent for the Mac platform. I tried compiling from source, but I get a bunch of warnings that don't really make sense and the compilation ...
Are there any authentication plugins that work with DataMapper?
I'm in need of an authentication method that works with DataMapper. I can see that the authlogic plugin requires the fields crypted_password, password_salt, persistence_token in the User model. Is it enough to just add these fields to the User model definition using DataMapper? ...
Doing the CakePHP Acl tutorial. I can't seem to populate aros_acos.
I could've sworn I've done the tutorial correctly, but I am getting an error message and my aros_acos table is empty. What I've already done: On this page: http://book.cakephp.org/view/646/Creating-ACOs I've run "cake acl create aco root controllers" and it returned "New Aco 'controllers' created.". I've also added "$this->Auth->actio...
WCF services: passing a token to validate a subscription and get database info
Hello, I'm creating a smart client application using .NET 3.5. A Winforms client connecting through WCF services to retrieve data from SQL Server 2008. I need to pass a username/password (encrypted and over HTTPS) and return information such as: Is this user (e-mail address) under a current subscription What server should we go to ne...
Secure Login in PHP
What is a secured login? How do I develop one in PHP? Please keep in mind that I'm just a beginner in PHP. ...
HTTP 407 proxy authentication error when calling a web service
I'm working on a .NET app that calls 3rd party web services over the internet. The services do not use SOAP, so we manually construct an XML request document, send it to the service via HTTP, and retrieve an XML response. Our code is a Windows service that is run in the context of a normal Windows domain account, and sits behind a proxy...
How to integrate OpenID into GlassFish?
I want to integrate OpenID as an authentication mechanism into GlassFish 3.1 (preview). The Development Guide says that JSR 196 could be used to implement custom authentication mechanisms like OpenID. Is there already an OpenID authenticator for GlassFish conforming to JSR 196? Or is there a tutorial how to write one (somewhere in the b...
Using the browser's back button after SignOut() allows access to secure page (ASP.NET MVC)
I have an MVC app that uses [Authorize] to protect the private bits. When I select the SignOut() URL it signs me out but if I hit the back button on my browser the it goes to the secure page and even lets me use the form. The action takes place and then it shows that I'm signed out. The problem is that it performs the secured action (ins...
ASP.NET MVC Design Question Where to put specific user / "access level" code
So, I've successfully implemented my own MembershipProvider and that's working exactly as I intended it to. I've decorated my controller actions with the [Authorize] attribute, and this is also work exactly as I want. My question is, where should I put code that determines "how much" access a use has? [Authorize] simply means that th...
asp.net mvc [Authorize()] attribute for mixed group and user
I am using ASP.NET MVC 1.1 with Windows authentication. I trying to only authorize members of a group and myself. I am not a member of the group and would not need to be a member of this group. I am getting windows login/password prompt every time I access the URL of the web app. The HomeController has [HandleError] [Authorize(Roles=...
RFC question about cookies and paths
I'm trying to set a session cookie restricted to a particular path (let's say /foo) when a user logs in. The complication being that the login page is on /, but the request immediately redirects to /foo/something. Something like this: Request: POST / HTTP/1.1 username=foo&password=bar Response: HTTP/1.0 302 Found Location: http://e...
Single sign on with OpenSSL, LDAP and Windows Authentication
Hi, I am developing a PHP Application on Linux server. my application user are stored in LDAP Directory with their domain logins. Now, what i need to do is to give them SSO, attached with there domain credential so when a user logs in to the domain they will not be asked to provide their loginname and password. To do this, I have impl...
Logging off with java.net.Authenticator
Hi all, I was wondering if any of you know how to 'log-off' basic authentication (BA) using the java.net.Authenticator class. I know that BA doesn't have a log-off method, and that you have to close and reopen the browser to end the session. Question is, how do you 'close and reopen the browser' within java code? That is, I'm connecting...
how to handle an associated open id account blocked, stolen etc
If your website is providing an OpenId only authentication method (e.g. SO), what would be a best practice for handling a user whose openId account is lost or stolen or whatever...effectively preventing them from using your site. If the user had associated two open ids to their account then they could use the other login etc but in the ...
sync framework microsoft encryption and compression
Hi, We have started prototyping with the sync framework...I would like to know if / how we can use encryption, authentication and compression... Are we limited to using ssl in wcf or are there other possibilities...also would like to know if compression or authentication is possible and how? Any links with examples great... I am pres...
Java - Authenticate user using web application's security framework without Http requests
Hi, So I have a Tomcat server within a Java web application, authentication is done using Tomcat's usernames and passwords specified in the tomcat-users.xml file, and form based authentication (posting to *j_security_check*). I have now also registered a remote object (using Java RMI) that I want to access from outside of the web contex...
Rails, OpenID and Authlogic
I've been following ryan baytes screencast #170 and adding ruby-openid, authlogic and authlogic-oid to an existing authlogic authentication system. However, i keep getting the following stack of errors: NameError (uninitialized constant OpenIdAuthentication::InvalidOpenId): /Library/Ruby/Gems/1.8/gems/authlogic-oid-1.0.4/lib/authlo...
j_security_check connection interrupted
Hi, I am using tomcat's authentication. When I leave the login page open for about half an hour so and then try to login, I get the following error: URL: http://localhost/pc/j_security_check Page Content: Connection Interrupted The connection to the server was reset while the page was loading. The network link was interrupted while...