authentication

What is the best OpenLDAP authentication option for a C# asp.net application?

I want to avoid the users of browsing the other users names , security (of course) and performance thanks ...

ADAM authentication - howto?

I'm attempting to authenticate a user against ADAM using a user I created in ADAM. However, regardless of the password used (correct, or incorrect), my search comes back with a valid DirectoryEntry object. I would assume that if the password is invalid, then the search would come back with a null object. Are my assumptions wrong or is...

Best way to authenticate users in a web application

I was looking at ways to authenticate users in a web app, but in a way where the main web app doesn't need to process the password. Something like OpenId, but the authentication server would definitely need to be hosted on an intranet, internet services can't be accessed by the application server. My environement is pretty much Java web...

ADAM authentication w/ ADAM user and simple bind

I've followed the ADAM Step by Step Guide from Microsoft and setup an ADAM instance on my local machine. I'm attempting to authenticate using the "Mary Baker" account, but every time I get a COM exception on the if (entry.Guid != null) line below. The exception states that there's an unknown user name or bad password. However, I can u...

What are security problems with piggybacking authentication off another site (basic auth)?

I have a WSS installation that's behind basic authentication/SSL (it's hosted at a public web host). I'm creating a sister site in ASP.NET, and am considering just running the credentials through and allowing users to log into the new system providing there is no 401 Not Authorized error returned. Both are internet-facing applications t...

Updating Zend_Auth_Storage after edit users profile

Hi, I have following situation: I have loged user, standard authentication with DB table $authAdapter = new Zend_Auth_Adapter_DbTable(Zend_Db_Table::getDefaultAdapter()); $authAdapter->setTableName('users'); $authAdapter->setIdentityColumn('user_name'); $authAdapter->setCredentialColumn('password'); When user edits his profile, I ...

Exists a way to prevent cookies from getting stolen?

Hi, in Web 2.0 applications many users usually want to stay logged in ('remember me' flag) and on the other hand their cookie can give access to very private data. Is there a way to prevent that somebody who steals the cookie - directly from the computer or via sniffing - can use the cookie to get access to the user's data? Always HTTPS...

How to programatically encrypt/decrypt plain text credentials in JSP?

As as part of my daily routine, I have the misfortune of administering an ancient, once "just internal" JSP web application that relies on the following authentication schema: ... // Validate the user name and password. if ((user != null) && (password != null) && ( (user.equals("brianmay") && password.equals("queen")) || (user....

Any sites out there using CardSpace?

I'm interested to know if there's any sites out there that has implemented CardSpace as an alternative authentication. I certainly like to see how different it is from, say, using OpenID. ...

Where do you record your authentication information (urls/ips/usernames/passwords)?

I'm wondering what people use for storing their username, passwords, urls, IPs, domains, and any other login information they need to both do their job and in general life. It might also store serial numbers or similar data. I find that I'm registering for probably 5 sites a month, paying some piece of software, just setting up a new ho...

Django authentication and Ajax - URLs that require login

I want to add some Ajax-niceness to my Django-coded website. In my Django code, I use the @login_required decorator from django.contrib.auth.decorators to mark which view requires authentication. The default behavior when a not authenticated user clicks it is to redirect him/her to login page, and then pass the target page. What I sa...

Custom Rails authentication / authorization

I know questions of this kind have been asked before, but my situation differs a little. On my rails app I have to validate the user login against an existing repository and then control authorization to given modules. So, I don't want the solution I go for to generate a model for my users and rely on that. The authetication per se need...

Authentication Error when accessing Sharepoint list via web service

I wrote a windows service a few months ago that would ping a Sharepoint list using _vti_bin/lists.asmx function GetListItemChanges. It was working fine until a few weeks ago when my company upgraded our Sharepoint instance to SP1. Now whenever my service attempts to access Sharepoint I receive an 401.1 authentication error: Error: ...

Multiple/Different authentication settings in web.config

How would I go about setting different authentication tags for different parts of my web app? Say I have: / /folder1/ /folder2/ Would it be possible to specify different <authentication/> tags for each folder? I want folder1 to use Windows authentication but folder2 use Forms authentication. I tried doing in a <location/> tag but...

Session cookie lost with IE7

I have an ASP.NET 2.0 application. The login page redirects twice when the login is successful. This works OK on all test environment and production servers except one. We can see with Fiddler that the login redirects to the second page and it redirects to the third. When getting to the third page the authentication cookie is lost, and t...

RESTful Authentication

What does RESTful Authentication mean and how does it work. I can't find a good overview on google. My only understanding is that you pass the session key (remeberal) in the URL, but this could be horribly wrong. Thanks for your input! ...

ASP-MVC Forms authentication - cookie not persisting

Hi I have my own linq to sql database with a nice login method which gives me back a user. I have followed the 101 examples there on the web as to how to add the cookie to the client. FormsAuthenticationTicket ticket = new FormsAuthenticationTicket( 1, _u.id.ToString(), Dat...

WCF and Custom Soap Authentication

I am developing a server application using WCF to expose WebService endpoints for clients. I want to implement authentication through a simple custom provider that will use the username and password passed through the SOAP headers. I know how to set the user name and password to be sent on the client, I just want to know how to pull the ...

Control a service on a remote server from IIS

Please note: In each step I describe below I'm logged in as the same domain user account. I have a web application that controls a service on a remote machine (via ServiceController). When I connect to the website remotely and attempt to control the service, I get an InvalidOperationException: Access is denied. I know it CAN work, b...

How can I disable basic authentication on Tomcat 5.5.27

Please let me know how can I disable basic authentication on Tomcat 5.5.27 ...