Hello all, I am trying to set up Digest Auth on shared server. I am using the script found here. Works on my home set up but when i use it on the host i get the error... Notice: HTTP Digest headers not being passed to PHP by the server, unable to authenticate user in <filename> Last time encountered this with another host they said ...
Can I just use Session["role"] = "theRole", or that would be a bad practice, so I would create my custom authorize attribute where I'm going to look into the Session ...
I seem to have coded myself into a corner. First let me tell you what my end goal is: I have a GWT app that will have features available to users who are not logged in, and other features only available to authenticated users. When an unauthenticated user clicks on something that requires authentication, I would like a login box to pop u...
Ok, before you think that this is a simplistic request and that it must be out there; I've done about 2-3 hours of searching with no results. Is there a way to pass authentication information through Java Web Start (javaws) to access a password protected website? Essentially what I'm working towards is an auto-restart of a javaws appli...
I'm using Authlogic and I would like to implement Basic HTTP Authentication in my controller so I could define which action requires authentication. I know how to do Basic HTTP Authentication authenticate_or_request_with_http_basic an before_filter, but I would like to here from other how to implement it with Authlogic plugin. class I...
Hi, guys I am developing a web app by using Grails and using Grails LDAP as my Authentication mechanism. However, i always get following error: {Error 500: Cannot pass null or empty values to constructor Servlet: default URI: /ldap-app/j_spring_security_check Exception Message: Cannot pass null or empty values to constructor Caused by:...
Replicating a production server's Active Directory is possible through a number of approaches as mentioned here and here. I'm looking for a simpler approach if one exists. I have a mixed-mode authentication site that I need to test. Quite simply AD users (internal) will have more privilege's than someone who logs in via forms (external)...
Hey, I would like to check whether the request is XML od HTML. When HTML the page is redirected to login form (if a user is not logged in) and when XML the user get not authorized status code. Example: class ApplicationController < ActionController::Base def require_user unless current_user IF XML RESPOND WITH CODE...
Is it possible to implement an equivalent of sudo for Django profiles ? I'm using the basic authentication system django.contrib.auth. Usecase: Sometimes, users report bugs which are only reproductible in their profile, so, each time, I change their password, log in, fix the bug and replaces the password with the original one. I tried...
How can I use authentication with System.ServiceModel.Syndication to read a private RSS? The code I use right now just returns forbidden. I have tried adding &PASS=password and &PASSWORD=password to the URL but it doesnt help. try { using (XmlReader reader = XmlReader.Create("http://trac:8080/Project/report/7?format=rs...
I'm creating a custom authentication service (I just need more than the default allows). I can't decide if I should extend MembershipUser and implement the appropriate interfaces, or completely roll my own. Is there any advantaged to rolling my own, or any pitfalls I should be aware of when extending the default mechanism? ...
Hi all. I'm looking for help getting SharePoint 2007's SPPersistedObject to store information at the Farm level. When I create a persistent object as a child of the SPFarm instance and call my object's Update() method, an "Access Denied" exception is thrown. Looking at the SharePoint log, I see a complaint that "the current user is not...
Hi, I'm working on an ASP.NET MVC web application and I've made my own authentication module, which is session-based (no cookies). The problem is: When I rebuild my application, I'm automatically logged of (session is empty). Normally this is not a big problem because my application is not 'automatically' rebuilding in a production env...
How can I just enable anonymous user in Django? I mean, what is the minimum I should do to be logged in as anonymous first time I go to my site? Regards, Arshavski Alexander. ...
We've got a DotNetNuke 5 based website that uses the ActiveForum module to allow for a forum to exist. I'd like to show an RSS feed from the forum on another page. So I find the link to the ActiveForum RSS feed, add a News Feeds (RSS) module to the page and then add a feed to the RSS. This then gives me an error saying it can't load th...
Hello folks, I have been struggling to get my jquery call to a webmethod to work. I am being bounced by the server with a "401 Unauthorized" response. I must have an incorrect setting in the web.config or somewhere else that would be preventing a successful call. Your insight is appreciated! Call to js function the invokes the jquer...
Hello. I have a HTTP server with some Mercurial repositories; in which I handle digest authentication, and I found myself pushing changes to the server too often, so, I wanna know If is there any way to send the credentials (user and password) along with the hg push command? Thanks ...
Hi Guys, I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows: Members Members/News Members/Press Members/Movies Users should be able to have access to the members parent page, but not child pages. My problem is, because I ...
Hello, I am trying to use the Rest-client gem to do a few small tasks for my app which uses Authlogic to authenticate users. From Rest-Client's API, I see that one can post data necessary for the log-in process like this: require 'rest_client' RestClient.post "http://127.0.0.1:3000/user_sessions", {:user_session => {:username => 'myuser...
I'd like to restrict access to my web service to registered clients. The first thing I thought of was to mimic that of AWS which, in a nutshell, issues clients a non-secret and secret key pair, and requires clients to prove knowledge of the secret key by using a cryptographic function of some of the HTTP request data and the secret key,...