In LiveId Web Auth scenario, when client application receive "clearcookie" request, it is responsible for clearing the authorization cookies and should confirm success by returning any GIF image through http. Using reference implementation of liveid web auth in asp.net-mvc looks like: if (Request["action"]=="clearcookie") { stri...
I've recently bumped into this issue: http://social.msdn.microsoft.com/Forums/en-US/Geneva/thread/adcdd533-d5e3-4af9-b3f5-b9a6d06b5c44?prof=required Does anyone have any ideas around this? ...
I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example imperson...
Hey, i need some help with rails, again! Last it was about Authlogic.. Well I'm gone a bit backward since.. I mean, Authlogic isn't a Authentcate system i like.. So now i wan't you guys to tell me what you think is the best! I going to use it to a project of mine. Where there has to be a few roles like Admin, User and Guest.. So might y...
I am trying to read the authorization header for an HTTP request (because I need to add something to it), but I always get null for the header value. Other headers work fine. public void testAuth() throws MalformedURLException, IOException{ URLConnection request = new URL("http://google.com").openConnection(); request.setRequest...
Hi, We are designing a new intranet web app and will mostly likely integrate with Active Directory and provide a separate means of Authentication in the event that users outside the domain need access. [not v likely atm]. In an effort to do it right [and cut down on future support etc] we would like to design the user management in suc...
I am trying to restrict access to certain actions using a before_filter which seems easy enough. Somehow the ApplicationController is not recognizing that the current_user is the owner of the user edit action. When I take the filter off the controller correctly routes the current_user to their edit view information. Here is the code. Li...
Hi, This is my first post here, so hello :) Okay, let's get to the point... I am writing my first app in ASP.NET MVC Framework and i have a problem with checking privileges to use instances of model classes (read, edit). Sample code looks like this: // Controller action [CustomAuthorize(Roles="Editor, Admin")] public ActionResult Stat...
In my ASP.NET application, I need to be able to authenticate/authorise against local Windows users/groups (ie. not Active Directory) on a different machine, as well as be able to change the passwords of said remote local Windows accounts. Yes, I know Active Directory is built for this sort of thing, but unfortunately the higher ups have...
I would like to set it up so that my domain account is allowed to publish a clickonce app without having to provide domain/admin (or local/admin) credentials. I had this set up once before but do not recall how or where I did this. ...
So I'm trying to parse an incoming request in PHP which has the following header set: Authorization: Custom Username Simple question: how on earth do I get my hands on it? If it was Authorization: Basic, I could get the username from $_SERVER["PHP_AUTH_USER"]. If it was X-Custom-Authorization: Username, I could get the username from...
Hi everybody. I use an IAuthorizationStrategy in wicket to limit access to certain pages. However, I also use html menus like this one: <div class="siteMenu"> <wicket:link> <a href="Page1.html" class="siteMenuLink"> <wicket:message key="pages.page1.title" /> </a> <a href="Page2.html" class="siteMenuLink"> ...
I have a wap site with susciription and I want to check if users are authorized to see some pages. I have decided to use http module. Should I use AuthorizeRequest or BeginRequest to check the users status? and why? ...
I want to make nice and clean api; I'm making site and I want to offer the ability to mobile apps use web API of my site. I don't want to use oAuth, becouse the mobile and embedded applications that are facing the biggest hurdle, as they may not be able to bring up and/or control the web browser. Also its a little complicate. I know, t...
I have a test site set up as a virtual host in my Apache2 config file. It already has a directive for the root folder that first only authorizes access from a specific set of IP addresses, and then only after the user is also authenticated by Basic HTTP Auth. I would now like to add 127.0.0.1 to the list of allowed IP addresses (the ap...
I've made a global authentication via WCF to use with the most of our systems, but found that load data via WCF not very so fast. What I need to do now is verify every time that the page is loading if the user has access granted to that page.... Its a good pratice to go back in WCF request this info for every page that the user access?T...
I have a wcf service consumed by a silverlight 3 control. The Silverlight client uses a basicHttpBindinging that is constructed at runtime from the control's initialization parameters like this: public static T GetServiceClient<T>(string serviceURL) { BasicHttpBinding binding = new BasicHttpBinding(Application.Current.Host.Source....
I would like to generate a 401 page if the user does not have the right permission. The user requests a url and is redirected to the login page (I have deny all anonymous in web.config). The user logs in successfully and is redirected to the original url. However, upon permission check, it is determined that the user does not have the...
Hi, NOTE: I have included 3 links in here to my localhost areas but could not submit the post so I seperetaed them with a space character so it would post on stackoverflow. I currently have 2 ASP.NET MVC apps in my solution. First I run the first one by setting it to be startup project. It goes to the login page, from there once the da...
Hello! I'm opening a connection to WebService with an URLConnection class. I also set request property for basic authorization like this: c.setRequestProperty("Authorization", "Basic " + usernameAndPasswordEncoded); Where c is an object of type URLConnection. So this is client side of WebService call. Now on server side I need to ge...