I've got quite a few GreaseMonkey scripts that I wrote at my work which automatically log me into the internal sites we have here. I've managed to write a script for nearly each one of these sites except for our time sheet application, which uses HTTP authentication. Is there a way I can use GreaseMonkey to log me into this site auto...
My web application has a login page that submits authentication credentials via an AJAX call. If the user enters the correct username and password, everything is fine, but if not, the following happens: The web server determines that although the request included a well-formed Authorization header, the credentials in the header do not ...
Why does Kerberos authentication use T125 protocol? I believe Kerberos authentication behaves this way: Client asks for a ticket to the Kerberos authority The Kerberos authority provides a Ticket to the client The Client tries to authenticate towards a Server and sends to the server this Ticket. The Server verifies the Ticket is OK wit...
We have a website running on Apache, access to which has a number of static pages protected via HTTP Basic authentication. I've written a new part of the site with Django using Django's built in support for user management. The problem I have is that users have to log in once via the HTTP Basic authentication and then again using a Dja...
I want to develop a website in ASP classic that uses HTTP Authentication against a database or password list that is under the control of the script. Ideally, the solution should involve no components or IIS settings as the script should be runnable in a hosted environment. Any clues/code deeply appreciated. ...
All of this is pertaining to WebHttp binding, hosted in a custom Service Host (IIS is not an option at this time). I've implemented a custom UserNamePasswordValidator, and a custom IAuthorizationPolicy. When I configure the endpoint's binding to use Basic authentication, everything works just as I'd like (custom principal, custom roles...
Why isn't there a logout button? Why no list of "websites you're logged into"? Is it because of some issue with the HTTP specs? Life would be much easier for web developers if they could actually rely on HTTP auth ... ...
So here's what I'd like to do: access to http://example.com/* would require the user to enter a username/password, except when they go to a certain URIs (e.g. http://example.com/contact/ , http://example.com/blog/, etc.) they shouldn't have to authenticate. http://example.com (the root) should be open, too. I know I've got to set up so...
Hi Folks, i've got a stock standard ASP.NET web site, deployed to our development machine (internal machine in our server room). Now, this dev site can be accessed by both INTERNAL and EXTERNAL users. Now, in IIS6 we used to have it so that Anonymous Authentication was turned off and something else was turned on .. giving the users a p...
I have a .NET client application that needs to communicate with a server using two distinct user credentials. Lets say that the application runs two threads. When start running, every thread sends the user & password to authenticate and the server in return stores a cookie on the http session. The subsequent calls send the authentication...
I'm trying to request a HTTP resource that requires basic authorization headers from within an Adobe AIR application. I've tried manually adding the headers to the request, as well as using the setRemoteCredentials() method to set them, to no avail. Here's the code: <mx:Script> <![CDATA[ import mx.rpc.events.ResultEvent; ...
I have a Flex file upload script that uses URLRequest to upload files to a server. I want to add support for http authentication (password protected directories on the server), but I don't know how to implement this - I assume I need to extend the class somehow, but on how to I'm a little lost. I tried to modify the following (replacin...
Hi all, is there a library in elisp which helps to get data of a page which is only reachable through HTTP redirect after authentication? I've just started looking at the URL lib. ...
We have a web service that we will be hosting on a public web server and it will be contacted by web services hosted on web servers within the walls of a hospital. We have written both pieces of the software so we have complete control over what is implemented. We would like to secure communications between the two web servers. Curren...
What is the difference between HTTP Digest Authentication and SSL from a performance, security and flexibility point of view? ...
I'm looking for an existing HTTP protocol for securing authentication but not the payload that follows. I want the server to store the username, hashed password and different salt per user. HTTP Digest Authentication fails these requirements because all accounts use the same salt. SSL fails because it encrypts the entire connection. Ed...
I've run into a snag though which has to do with authentication between the Google Search Appliance and ASP. Normally, when asking for secure pages from the search appliance, the search appliance asks for credentials, then uses these credentials to try and access the secure results. If this attempt is successful, the page shows up in the...
Hi guys. I am designing a web api. I need to let the user authenticate themselves. I am a little hesistant to let the user pass in their username/password in cleartext.. something like: api.mysite.com/auth.php?user=x&pass=y Another option i read about was Base64 encoding the username/password and then sending a HTTP request. So does tha...
Hi, I'm looking into to having IIS doing authentication in an application being executed on a J2EE server (JBoss). Is there any ways to have IIS work as reverse proxy and propagating the username and/or roles of the user the proxied application (JBoss). And also what IIS version would I need, if it's possible? I have license for IIS, so...
I'm using django and jquery to implement authenticated sessions and Ajax requests. I have authenticated session timeouts to log authenticated users out after a long period of inactivity on my site. Some of the pages on my site have a lot of AJAX calls in them that require the user to be in an authenticated session. When a user leaves ...