Is HTTP digest authentication still supported in Rails 3? I tried the following code in Rails 2.3.5, it works. class Admin::BaseController < ApplicationController before_filter :authenticate USERS = { "lifo" => "world" } def authenticate authenticate_or_request_with_http_digest("Application") do |name| USERS[name] e...
Hello, I am trying to replace the default login slip which drops down when the user tries to access a page which needs HTTP Digest authentication. I'm trying to achieve this with jQuery. Below is a snippet of my code: $.ajax({ url: url, method:'GET', async:false, beforeSend:function(req) { req.setRequestHeader...
I have a test site set up as a virtual host in my Apache2 config file. It already has a directive for the root folder that first only authorizes access from a specific set of IP addresses, and then only after the user is also authenticated by Basic HTTP Auth. I would now like to add 127.0.0.1 to the list of allowed IP addresses (the ap...
Hi there, I have written a REST web service with Jersey Server (that totally rocks !). I am now developing the client part of it, with Jersey Client as well. On the server side, I have chosen a DIGEST authentication, because I personally think that BASIC authentication is an heresy that should be marked as "DEPRECATED" in our heads. U...
does anyone know if Bundler supports http auth? I'm pretty sure rubygems does (I think i read that somewhere) but I don't see anywhere in the docs where I might specify a username/pwd for a particular repo I'm trying to run my own private gem server so as not to expose sensitive code ...
Hi Guys!! I have developed the authenticated rss feed using the basic http authentication for my site.I also have the admin module for the site which uses the Asp.net Forms Authentication .Both are in the same project.When i turn on the forms authentication module to None in my web.config.My rss feed authentication works fine(the browser...
Does anyone have any examples or advice for how to go about using oAuth to provide the authentication mechanism for an API that should be publicly exposed? Specifically I'm talking about being an oAuth provider for my own API, not integrating or authenticating with anyone else's API. For example, I wish to be able to issue API keys to...
Our website has been working and still works if we are connected to the LAN but now if someone is elsewhere and tries to connect, they are presented with the screen called "User Authentification" asking for a username and password. What would have changed? The website is http://pc.bartselectric.com Any help is greatly appreciated. Th...
I am developing part of an Android application that needs to use a WebView to open a password protected site. I am using SharedPreferences to provide the username and password from when the user logs in the app for the first time. I've tested the credentials it's returning, so I know that those are correct. When I run this in the emulato...
Hi experts, I'm trying to setup a mod_ssl - Apache server for authentication purpose. I just downloaded the latest mod_ssl package (2.8.31) and the CHANGE document says it's only been upgraded to Apache 1.3.41. However, 1.3.x is no longer maintained. Should I stick with the older version of the Apache just because mod_ssl said so or s...
I'm working with Django on Linux and I have an application that integrates with Active Directory. I'm seeking opinions and advice about whether or not it would be feasible or reasonable to access the HTTP headers from within the application to coordinate HTTP authentication. The end goal would be to perform NTLM authentication without...
Hi, I have a directory which contains a htaccess file: AuthType Basic AuthName "Go away" AuthUserFile /home/daniel/.htpasswds/directory1/.htpasswd Require valid-user I have a subdirectory within that folder that I wish to use a different set of usernames/passwords for. How do I negate the effects of the first htaccess so I can use th...
I've often wanted to create applications that provide a simpler front-end to other websites that require users to login before the pages I want to use can be accessed. I was wondering, if (1) any website with a POST to an http page can be authenticated by POSTing postField1name=pf1Value&postField2name=pf2Value to the website, if tha...
I'm working on a Kerberos style cookie-based authentication mechanism for static files for the Nginx web-server (the cookie contains an encrypted string which much match with a sub-string in the URL, the sub-string is specified by a regular expression). The system does not require MITM security, and if it will we will probably just enabl...
What I would like to do is for my users to log in with http authentication. Based on their login username the working directory will be different. I need to use http authentication because I don't want to interfere with the web application (drupal) that is in the users working directories. I also don't the users to have access to the o...
I'm writing a WebDav implementation. I have implemented both basic and digest authentication. My problem is that Digest Authentication isn't implemented by all clients. (In particular Dreamweaver) While Windows Web Folders doesn't work when sent a basic http challenge. Is it possible to do client/server negotiation (Http Negotiation/S...
How do you determine if a REST webservice is using Basic, Kerberos, NTLM, or one of the many other authentication methods? ...
I have to securely connect to an authenticated SOAP web service in Android. The web service uses a self-trusted certificate. Unfortunately it seems that the usual Java libraries for this can't be used in Android. Could someone give me some pointers on how to do this? Is it possible to implement this connect just with HTTP POST request...
Hey guys, I was wondering if you guys could help me work through accessing the html behind a login page using C and libcurl. Specific Example: The website I'm trying to access is https://onlineservices.ubs.com/olsauth/ex/pbl/ubso/dl Is it possible to do something like this? The problem is that we have a lot of clients each of which h...
How to implement http authentication for a web app just to restrict the usage only for developers. ...