Is LDAP obsolete?
Should I spend time implementing LDAP for authentication in my web application(php)? Is it a 'dead' technology? If it is what are the alternatives? and, if its not, what are good resources i can use? (books, tutorials) ...
authentication
Auth system that allows a user to add a password later?
Two goals: Minimize barriers to writing comments. Obvious design conclusion: don't make your users create a new account or login with a password. Allow users to accumulate karma/points for comments. Obvious design conclusion: have users create unique accounts so you can reward their activity. How have other people resolved this? D...
Can't login to my project using google or Yahoo OpenID
Hi guys I've set up an openID login system - just like the one we have here on stackoverflow and on the backend I'm using JanRains libraries. It was working fine until all of a sudden - people can't login using a google or yahoo openid. ITs constantly failingt - instead however any other regular openid seems to work fine. WHats going on ...
authenticate website in qt
how do i go about in authentication of a particular website say facebook on qt?please help.i am new to qt. say i want to use facebook in qt without using qt's webkit.i want to use the rest apis.the first step i want to do is to authenticate a valid user with a username and password.how do i link this username and password to be entered ...
Short-cut/Bypass Spring Security 2.0 authentication using custom AuthenticationManager
For an existing working app, I want to provide a secondary AuthenticationProvider, probably with a DaoAuthenticationProvider. Let's say it's for authenticating a "back up" password, or a prior password that was changed due to strict password policies and the user forgot the new password. ;-) For proof of concept, what would the implemen...
mod_rewrite with location-based ACL in apache?
Hi. There is a CGI-script that provides some API for our customers. Call syntax is: script.cgi?module=<str>&func=<str>[&other-options] The task is to make different authentiction rules for different modules. Optionally, it will be great to have nice URLs. My config: <VirtualHost *:80> DocumentRoot /var/www/example ServerNa...
Salt exposure in authentication stages
I have implemented the multistage authentication illustrated below. brackets ([ and ]) symbolizes a hash The client has a key and a secret used for authentication. The server has a database table with rows containing a key, salt and a [secret + salt] Client Server | ...
How to know if the Kerberos ticket has expired
Hi, I have a client side application that uses Kerberos authentication to connect to remote service. When reseting the password for the SPN in ADSI without renewing the ticket, the authentication fails (of course). The question is, if there is a way to know in advance that the ticket is not valid\ expired. Thanks!! ...
What's the best way to handle API authentication for users (especially for mobile devices)
We're looking to create an API for our website. One of the major usages for the API (I suspect) will be to allow people to create mobile apps (for the iPhone and hopefully other devices). What's the best way to handle API authentication for users. As a general rule, I don't like encouraging our users to hand their username/email/passwor...
AOL OpenID response too long
I've written an application using the DotNetOpenAuth library, which allows users to authenticate against a number of OpenID providers. All of them work fine except for AOL, which for one reason or another creates a return URL that is over 2200 characters long, a length that exceeds the maximum URL length (2048) for most browsers. Has a...
Authentication/Access Control in PHP
Some time ago I created this LAMP based web. At the time I wrote my own user authentication and access control system. It checks whether the user logged in with a correct password, and whether or not he/she has the correct permission level to access given page. State information is handled via PHP sessions while usernames, salted, hashed...
How can I override the django AuthenticationForm input css class?
I have a django site using the basic django registration framework. I have my login page working fine, but I want to change the css class on the inputs. The form passed to the login page looks to be an AuthenticationForm class. What would be a good way to add a css class to the username, and password fields? ...
how do i prevent public downloads of files using php?
Hi, i have a script that allows only authorised users to upload files to a certain folder. however i do not know how to prevent people from downloading freely without login. I need the solution in php. I have googled around but nothing straight forward as yet. currently in my document root i have a folder called admin and a subfol...
Undefined method stdClass::user() error when using CakePHP Auth
Hi there, I'm fairly new to CakePHPand am building a site using the Auth component. A couple of times I have tried to do things with this component which have caused the error Fatal error: Call to undefined method stdClass::user() in /ftphome/site/app/controllers/users_controller.php on line 395 The line it refers to in this case is ...
How do I determine the authentication method of an iFrame parent in ASP .Net?
I have a website which hosts some sub virtual directory content within an iFrame. I have setup shared forms based authentication between the parent site and the virtual directory such that when either expires the user is redirected back to a specific login page on the parent site. This works great, however, I need to be able to determin...
authentication in CodeIgniter
in the project I'm creating I need to check if the user is logged in or not, the tutorials I have seen do explain how to authenticate in the controllers and give access to a page or not. But I want all the pages to be visible to everyone but only show certain options if a user is logged in or not. something like this in the views if(is...
RedirectToRoute("Default") Not Redirecting, Returning LogOn PartialViewResult's HTML Instead
Account Page opens like normal: public ActionResult Index() { return View(); } this goes to render the following View template: (because at this point there is no CurrentUser, 'user' is null, so it runs Html.RenderAction("LogOn", "Account");) <% var user = (WAPConfigUser) HttpContext.Current.Session["...
HTTP Packets, Whats Happening?
Hi there. basically, i was wiresharking packets on my PS3 while viewing Motorstorm Leaderboards. The leaderboards are sent to my ps3 in XML format but only after i have been authorised. So can someone please tell me what is happening between these three packets and how i could replicate it in a browser? Packet 1 From my PS3 to Sony Serv...
Can Active Directory Authenticate a User Using an MD5 Hashed Password
Hi, Under normal circumstances to authenticate a user in AD, one sends AD the user's clear text password (using SSL, hopefully). For reasons that are out of my control, I only have an MD5 hash of the user's password. Is it possible to configure AD to authenticate users using this hash instead of the original password? Thank you ...
CodeIgniter: store more information into the session
this is the function I have, in my login controller, which stores data into an array and then set the userdata function validate_credentials() { $this->load->model('membership_model'); $query = $this->membership_model->validate(); if($query): $data = array( 'username' => $this->input->post('username'), //add...