Hi everyone. Now I know that I should not try to reinvent the wheel and try to write an authentication system, since I don't understand the security issues well enough. However, I need to add a basic authentication system to my site, so I can limit access to certain resources. How do you recommend that I do this? Edit: I am not trying...
Hi, I'm creating an MVC web site, and I want to mix forms authentication (the built in authentication) with Twitter authentication in my site (eventually it will have Facebook/Google authentication too). The approach I'm taking is this: - I let the logic to create users and validate users/passwords from the Forms authentication as it ...
Hi, We want to use OpenSSO for our authentication and authorization needs but would prefer it talking to database instead of the default LDAP datastore. We found that there is an experimental Database datastore present in the OpenAM 9.0 release. However, it seems to be just concerned with authentication and user lifecycle managemen...
I'd like to know what would be the best "practise" to use: Authentication Authorization Facebook connect I have seen authlogic has an Facebook Connect plugin. But the roles (authorization) haven't been described there. How would i do this? ...
i am creating a window application in c#.. i want to search the profiles in linked in... so how can i use the authorization........? thanks, ...
Hi guys, i'm trying to secure some WCF services. I'd like to use IIS or the Web.config todo all of the heavy lifting/configuration if possible. I don't want to embed anything in my code - thought I know that may not be feasible. If possible, I'd like to achieve this without having to resort to AspCompatibilityMode :( I'm using a custom...
i'm trying to verify in my controller whether user has sufficient rights to upload files or not. swfupload does a POST request with (according to documentation) cookie values passed directly in POST request. this makes before_filter :authenticate_user! unusable, user is not authorized correctly. as far as I know from devise docs, there ...
Hello, I created WebService using JAXWS. Glassfish generated wsdl, and whole webservice is published under http://localhost:8081/mycompanyApi/api?wsdl How can I add some additional parameter to this url like http://localhost:8081/mycompanyApi/api?wsdl&hash=asdfa. I'd like to do the authorization by 'hash' parameter. ...
The Scenario: 1. We have a site running .Net 4.0 who's manage the users, logins, data etc...; 2. We have another site running just client side script (javascript); We need: A. Log from client side site on .Net site; B. For the time of .Net session(15min) access data in Database , implementing some authorization, or save some info on cl...
Is it possible to use our solution's existing authentication mechanism for determining access rights to a MS Analysis services cube? We already have a system that manages usage policies and we would like to avoid duplicating this on the SQL Server. Our authentication system is based on NetSqlAzMan and we could expose it as a web servic...
Hello, On my social network. There are "home" links that take you to the appropriate index if you are signed in or out. There is a "index.php", that if you are browsing the site signed out, it takes you there, and if signed in, and hit "home" it takes you to "index_signedIn.php" This is working fine for me. The problem is, when I close ...
it doesn`t working web.xml <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/jshop-servlet.xml, /WEB-INF/applicationContext-security.xml </param-value> ...
I have a public facing web site living at www.somedomain.com. This web site renders pages with links to images that live at photos.somedomain.com. All users that view images on www.somedomain.com must be authenticated with forms authentication and they are authenticated by the asp.net membership provider running in the context of the w...
I want to write a ruby app for personal use that access my personal dropbox through their API. I'm using Tim Morgan gem 'dropbox' version 1.1.1 What I don't understand is the difference between a developer_key and a consumer_key. The gem docs say that I have to use the consumer_key, but when I registered my app on dropbox.com I received ...
I am trying to solve a problem where i have a WCF system that i have built a custom Host, Factory host, instance providers and service behaviors to do authentication and dependency injection. However I have come up with a problem at the authorisation level as I would like to do authorisation at the level of the method being called. For ...
Please, help. How can I validate user's group membership? Only users of a few google groups can access some pages on the site on appengine (python). validating group membership gives a negative answer to my question, but it was a year ago, maybe something has changed.. ...
This is a recursive function I wrote to determine whether or not a given user is authorized to view content on a page. It is called in essentially the following fashion: if(authorize($_SESSION['user']['user_id'], $necessaryClearance)){ //Output restricted content } else{ //Inform user they are not authorized } Every user has ...
Hi, I have an ASP.MVC 2 web page and I have my authentication done like this: FormsAuthentication.SetAuthCookie(user.UserName, false); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, "fooPage" + user.UserName, DateTime.Now, DateTime.Now.AddMinutes(10), false, String.Empty); HttpCookie cookie = new HttpCookie(F...
I am developing a .NET for ASP.NET Web Application and am trying to deny all users who are unauthorised from accessing my application but allowing them only to the login page. Below is a snippet of the code which is inside my system.web section: <authentication mode="Forms"> <forms loginUrl="Login.aspx" timeout="60" name="APPNAME" ...
As part of a testing utility I am creating some registry keys and applying a specific security descriptor to them. Later on I want to reset it to the "default" security descriptor (i.e. inherited from the parent). What is the proper way to do this? I can't save and restore the original security descriptor because this utility may be r...