Hello, I have a directory structure root->admin-> admin operations admin page inherited from a ase page with principla security.demand role = "Admins" i am usinf forms authantication mode. i have also put a web.config file in admin folder, restricting other users. it is working normaly with siteroot/admin. I want to setup a mechan...
Hi, I know it's a good idea to use well implemented standard software for authorization and authentication. But this time I wrote it on my own. It is used in a intranet only application, so security requirements are low. But I, as the developer, would like to know, how secure it really is. I would please you to review the code and give ...
I have a portal application that loads external content (widgets) via an iframe. Users login to CAS via the portal itself. There are a few portal APIs, though, that need to be called from that external content. What information do I have to pass from the portal to the widgets that the widgets can use to make these calls without being rej...
Hi all! We need help with the direction after spending multiple days trying to resolve it on our own. We are building a marketplace where buyers meet sellers (think of eBay but for a specific niche). We want to facilitate a transaction where the buyer can buy a seller’s product and notify us about finished transaction. It is critical f...
Hi, I am working on ASP.NET using C#.I have created a website and now have to implement rolebase.This is a part of my final semister project and I am new to this.I need to work something like this-I have 3 roles say it owner,manager and teamleader.Owner can view all the employees which is in the database called through storedprocedure,ma...
Creating a API here and I want people to be able to make simple mobile apps that could get the username/password of my users and of they go to interact with my server. So I need to have a Basic Auth(OAuth and other stuff are also going to be supported, mostly for a different use case). Right now I have a example from a Book saying i coul...
I'm working on a program that has to archive (zip and delete files and folders) on a server. The servers that hosts the application (ASP.NET MVC) and the server that holds the files are two different servers. When I run the application without impersonation and the default webconfiguration everything works fine. The credential of the pro...
I have tried to set up .Net authentication to allow authentication across subdomains in my app. To do this, I added a "domain" attribute in the forms element, like this: <forms domain=".mydomain.com" name=".MyApp" loginUrl="Util/login.aspx" timeout="120" /> Then, for the role provider, I added a domain to that too: <roleManager doma...
I want to reuse the Windows authentication to bind to the Active Directory user and check group membership. I can get the Windows username with Environ("username"), but how do I get the password? I don't want to have to require the user to reenter their password, but there is no Environ("password"). How do I make this code work? Thank...
I've searched all over and can't find this addressed anywhere. I have a Flash Media Server script that writes data to an ASP.Net webservice when a user connects. It works great, but I want to lock down security if possible. The best I could come up with was to add a token to the flashVars of the client flv, then pass it through FMS w...
What is the most effective to way to make Catalyst::Plugin::Authentication work if the user uesrid is qualified by a domain (i.e. composite key)? Does it support this functionality? I'm looking specifically at using Catalyst::Plugin::Authentication::DBI but I'm not opposed to forking, patching, recreating it if it doesn't have the curre...
I am trying out Cucumber for the first time and I've come accross an issue. I am try to use RyanB's nifty authentication generator, but it seems I can't use the helper methods when running my Cucumber features. Part of my feature giving me problems: when I am on the new book page # features/step_defin...
Given the following section in Web.Config: <system.net> <mailSettings> <smtp deliveryMethod="Network" from="SomeWebsite Admin <[email protected]>"> <network host="smtp.gmail.com" port="587" defaultCredentials="true" userName="[email protected]" password="somepassword" /> </smtp> </mailSettings...
Hi all, Flat-file JMS authentication is easy to set up on Glassfish (see http://docs.sun.com/app/docs/doc/821-0027/aeofg?a=view). The problem is the client part. I am writing a standalone Java client to access my JMS ressources (ConnectionFactory and Destination) via JNDI. How to pass a username and a password to JMS from that client ...
I've just started to play with CodeIgniter 1.7.2 and imendialtly noticed that there is not a built-in library for user authentication. I don't need anything fancy. It's only to authenticate users in to my back office system. I don't need users and groups, or permissions etc. I just need a script to allow users to login. If a user tries ...
I'm very new to EJB security and GlassFish authentication, authorization mechanism. I have a jdbc realm and configured sun-web.xml and web.xml to map the roles and restrict access to a page. However, my problem is that when I restrict access to all the pages, it works and triggers the login pop up before loading the welcome page (using ...
I need to make a query to one of Google's services. I read this answer: http://stackoverflow.com/questions/1656446/download-csv-from-google-insight-for-search/1656817#1656817 The copied and pasted code from that question is: using (var client = new WebClient()) { // TODO: put your real email and password in the request str...
I am using GAE Java for a multi-user application. There are multiple users with different roles. Each user can login, do some operations and logout. The business restricts me from using Google User Service and I need to implement my own for authentication and session management. Can anyone please share with me how should I go about impl...
mod_authn_otp is an Apache web server module for two-factor authentication using one-time passwords (OTP) generated via the HOTP/OATH algorithm defined in RFC 4226. The developer's has listed only one compatible device (the Authenex's A-Key 3600) on their website. If a device is fully compliant with the standard, and it allows you to r...
Hi, I have a situation where ideally I want to be able to log-in to a secure area using a Java application. I would like to make an HTTP request and check the response to see if I need to do some kind of authenication before I can actually get the response expected, instead of effectively some login page. The complication is that the ...