Logging users out of a Django site after N minutes of inactivity
I'm working on a website that requires us to log a user out after N minutes of inactivity. Are there any best practices for this using Django? ...
authentication
ASP.NET: disabling authentication for a single aspx page (custom error page)?
I am using a custom error page in IIS 6: <customErrors redirectMode="ResponseRedirect" mode="On" defaultRedirect="Error2.aspx"/> I want to disable authentication for the custom error page because the error being raised is related to an authentication module and I don't want to get into an infinite loop and I want to display a clean er...
Setting the Identity/Principal from a MessageInspector in WCF
I am developing a WCF service that receives the user's credentials in the SOAP header. These credentials are read on the server side using a MessageInspector. So far so good. I want to set the Thread.CurrentPrincipal to a custom principal (CustomPrincipal), but when I do this from the MessageInspector, it gets overridden by the time the...
Active Directory: User UPN or DN for NTLM name, using pure LDAP?
I have a Java app that can authenticate to LDAP by logging users into the AD LDAP server with the NTLM name (which they are used to - this is a requirement). I now also need to do authorization, and hence need to find a forest-unique identifier for the user (DN or UPN should work), from which I can further query the directory. The meth...
2 roles, admin and user. Is using anything other than basic http auth overkill?
I'm building my first website with rails,it consists of a blog, a few static pages and a photo gallery. The admin section has namespaced controllers. I also want to create a mailing list, collecting contact info, (maybe a spree store in the future too.) Should I just use basic http authentication and check if the user is admin? Or is a ...
Invoke an action that is using ASP.NET MVC [Authorize] from outside the application
Is this possible? I'd like to expose a URL (action) such as http://mysever/myapp/UpdateHeartbeat/. In my MVC application it looks like [Authorize] [AcceptsVerbs(HttpVerbs.Post)] public ActionResult UpdateHeartbeat() { // update date in DB to DateTime.Now } Now, in my MVC application the user has logged in via FORMS authenticatio...
Best place to check user authenticity in a back end module where all pages are only available to members?
I've a backend module which could only be accessed by authorized members. So I need to check authenticity for all actions and for all controllers. Currently I'm doing it inside preDispatch() functions inside controller classes. So it takes care of all the actions inside that controller. But still I've to do it for all controllers. Is the...
how to check from JavaScript if loaded page has ASP.NET authentication cookie?
It looks like JavaScript does not have access to authentication cookies ('ASP.NET_SessionId', '.ASPXFORMSAUTH') in the http headers I can see cookies but document.cookie object does not have them. ...
Cakephp 1.3, router and authentication problem
Trying to implements simple privileges for admin user. Don't need huge acl rules and groups system. There are admin users, overs - just registered users. They can't access actions with admin prefix. So It was implemented in cakephp1.2 version with following code in app_controller: function isAuthorized() { if (isset($this->params[Co...
What code can I use for authentication of users through login control?
Hi.. Where should I type the authentication code in order to validate the users trying to login to the website. I have used login control in my website. Also I would appreciate few examples of codes which are generally used in authentication code. ...
SSO possible with LDAP-backed web applications?
I have a client who wants their wordpress and google apps user accounts accessible using SSO, ie if they log in on one app domain google.client.com they will be logged into wordpress.client.com too without extra steps. The same LDAP directory will be used to do backend authentication for both systems. Is it possible to setup SSO for ...
authentication and session in Java
hi, I would like to know if it is possible to maintain an authentication (like a session with login and password in php) on a website from a java program, and if anyone had any lead on the subject or some reading for me, that would be great. thanks ...
Ruby on rails authentication guide
Does anyone know of a good guide on building your own authentication system in ruby on rails? I want to roll my own system to use with my community im building :) Thanks! ...
How to use Auth in cakephp?
i have 3 controllers: userscontroller, frontpagescontroller & blogscontroller with methods: add, edit ,delete and index for all.And login , logout methods for only userscontroller. In appcontroller : function beforeFilter() { $this->Auth->allowedActions = array('display'); $this->Auth->actionPath = 'controllers/'; $this->A...
Avoid 'Proxy Authentication Required' in all my c# application
In my application i use external resources on web that require proxy authentication. All my requests are http type by using WebRequest / DataSet.ReadXml(url) / ecc..... Every time i need to give credentials... So is possible to assign credential only one time in my application? ...
iFrame suppress authentication popup for https when parent window is already authenticated
I've developed a print mechanism for an intranet application running over HTTPS. Using javascript and jQuery I create an iframe in the page and populate it with all the dynamic data that should be printed. The iframe has a source of /MyController/Print which just returns a blank dummy page. This is then replaced with the dynamic content...
PHP - Checking Twitter username and password
Hey, I've been playing around with the Twitter api and I would need one more thing, that no tutorial covers .. Here si the code that I use to pick up data: $curlhandle = curl_init(); curl_setopt($curlhandle, CURLOPT_URL, "http://twitter.com/statuses/user_timeline.xml"); curl_setopt($curlhandle, CURLOPT_USERPWD, $username.':'.$pass...
ASP .NET MVC Secure all resources
How to enable Authentication on whole controller and disable only for certain action methods. I want authentication for all resources. If I write something like that: [Authorize] public class HomeController : BaseController { //This is public [UnAuthorized] public ActionResult Index() { ViewData["Message"] = "Wel...
Use web.sitemap to control page access
I was setting up permissions for pages in a ASP.NET website with <location> tags in web.config, something similar to this: <location path="Users.aspx"> <system.web> <authorization> <allow roles="Administrator"/> <deny users="*"/> </authorization> </system.web> </location> However, I also have a web.sitemap whic...
how to force client(winform) application to use NTLM when calling web services
Hi, I have a winform application calling web services hosted in IIS, by default, the client app will use Kerberose for authentication to IIS, and it failed for some reasons。 But the same app works fine at another PC(with different user login), and I found it is using NTLM by checking the IIS server event log. is there anyway we can cha...