Hi everyone, A client recently informed us that deployment of our software in their environment has failed due to a proxy error when the software attempts to access the internet. The client has a combination of Citrix and Microsoft's ISA server. The software allows the use of a proxy and the ability to manually enter authentication in...
In our client/server application, a user can log in using a username/password. The server then authenticate the user from its local user database or from the active directory if the user is not found in the local database. For this scenario everythings is secure. But we want to implement an "Integrated Security" mode on the client to us...
Hi there. I have an ASP.NET MVC web site. I have many actions which require authentification to be performed. So, I need the user to get redirected to the login page, and after login(if successful) to be redirected back. So what I want to do now is to build a new class, smth. kind of seen below: class AuthChecker { public AuthCheck...
I have a web service that needs to be able to verify the end-user's IP that called the server-script that is requesting the web service. Simple layout: Person A goes to Webpage B. Webpage B calls Web Service C to get some info on Person A. Web Service C won't give Webpage B the requested information without confirmation that the request...
Original Question: i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i properly authenticate users without looking up database all the time to check for the user's roles? I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic...
Update: based on Lee's comment I decided to condense my code to a really simple script and run it from the command line: import urllib2 import sys username = sys.argv[1] password = sys.argv[2] url = sys.argv[3] print("calling %s with %s:%s\n" % (url, username, password)) passman = urllib2.HTTPPasswordMgrWithDefaultRealm() passman.add_...
I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". Authorized licenseholders which does all setup themselves. Clients who just want to have a survey r...
Hi, I have a security question about integrated windows authentication. Let say we are using .net remoting hosted in iis. The system uses integrated windows authentication. What if some client manages to clone the OS to other PC or just clone the user to other PC. (Other PC whit the same username and same password hash) Then also the...
I'm currently working on the login for a Zend Framework application, and I'm using a combination of Zend_Auth and Zend_Session using a database adapter (as described in the Zend Framework manuals). I've made a resource for the session: class DC_Resource_DbSession extends Zend_Application_Resource_ResourceAbstract{ public function init...
We have a Lotus Notes web service that generates an XML response. In our development environment on Visual Studio we can access the data source and run the report without issue. When we run the report from SQL Server we get the following error: An error has occurred during report processing. Query execution failed for data set ...
Hello, Sending username and password as plaintext, but trough HTTPS; then on server hash(salt+password) and compare that with the hash in the DB. (salt is per-user) Doin' it right? :) Cheers PS: I'm using Ruby/Sinatra, gonna serve via lighttpd, I think. ...
I've written a C# application that puts an XML-object into an MSMQ queue. The queue requires authentication. MessageQueue queue = GetQueue(); var message = new Message(); message.Formatter = new CustomXMLFormatter(); message.Body = xml.ToString(); message.Label = "From my application"; message.UseAuthentication = true; queue.Send(messag...
I have two Rails applications, let's call them A and B. A has existing user base and i want these users to be able to log in to B with the username and password managed in A. B is altered version of Altered Beast forum and it would be nice if users of my application do not have to create another user account to use forum. My initial tho...
I'm building a page that should only be visible to administrators on the web server. The standard prescription for this is: <system.web> <identity impersonate="true" /> <authorization> <allow roles="BUILTIN\Administrators" /> <deny users="*" /> </authorization> </system.web> but when User Access Control (UAC) is enabled...
I have to add a password protected zone to a site I am working on (using the .htpasswd file). The thing is the whole directory structure it's being pointed at doesn't exist and is created through mod_rewrite. Will it still work, or does the directory actually have to physically exist on the server? Clarification: While I may need to p...
Hi I've developed a very simple host and client which I wanted to use to test whether it would be possible for a WCF client to pass the logged on windows' user's credentials to the host service without requiring the user to re-enter their credentials or setup security. My host config looks like this: <configuration> <system.serviceM...
Hi I am going to do a web service. Now our customers are going to be able to call the method from their interface. I been thinking what I should do for authentication, I been reading and can not really decide. I want to pass username and password to the method. Do you got any advice? ...
I am in a situation where I am given a comma-separated VarChar as input to a stored procedure. I want to do something like this: SELECT * FROM tblMyTable INNER JOIN /*Bunch of inner joins here*/ WHERE ItemID IN ($MyList); However, you can't use a VarChar with the IN statement. There are two ways to get around this problem: (The Wr...
Is it possible to disable all authentication in a subfolder of a web site that is Forms Authenticated? How do you accomplish this? ...
I am about to start a new application and am excited about using asp.net mvc and nhibernate. However, the big "problem" is how I handle the user authentication stuff. What are some ways those used to using nhibernate and MVC solve this problem? My thought is let asp.net do its own thing and I do my own thing database wise. Am curios if ...