I am just starting to learn Ruby on Rails and have a newbie question that I have so far been unable to find the answer for. I have a small app that uses HTTP basic authentication and I have design elements in my view that I only want to display if the request is authenticated. How can I access this information? ...
Does anyone have any experience of supporting multiple realms in HTTP Authentication? The Microsoft website states: Each authenticate response header contains an available authentication scheme and a realm. If multiple authentication schemes are supported, the server returns multiple authenticate response headers. The ...
Hi experts, I have two laptop,both Win7 64 bit.To demostrate some POC,configured apache(2.2.16),and wrote links in PPT,when clicking a picture in PPT,then guide user to the localhost web site.The issue is we can't log in in one computer,but can log in in another computer, and all the files are same copy. Here is the http.conf configrua...
Regarding multiple WWW-Authenticate challenges, according to the specification, they can be returned either within the same WWW-Authenticate header or by using multiple WWW-Authenticate headers within the same response. Is there a consensus on which method is preferred? ...
I am trying to access a .Net service which requires an authentication header. If WebService is used it works fine. But when it is accessed using HTTPService it throws error. The project is already done by somebody else using HTTPService. Now changing to webService requires some time since there needs to be modification in a lot of files...
I have a WPF C# client app with an embedded webbrowser control. I have all of the proper hooks in place so that if the site I'm browsing to requires authentication, I handle the IAuthenticate and pass in the required credentials (the user has already logged in to the client app itself). That works great, except... If user "Bob" visits t...
For some reason, none of the code within if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { // When the above is set, the code that is here will execute of course } is being executed for me. When I enter the correct username and password, the prompt box for the authorization again pops up. Wouldn't both...
What's the best way to authenticate where a request is coming from? I want my application to redirect to a standard message page if the request didn't come from a defined web page. Requirements: PHP Users have to be able to define the source, eg. set up database records defining valid source pages. This doesn't have to be super secure, j...
Hi, Here my http basic authentication in the application controller file (application_controller.rb) ... before_filter :authenticate protected def authenticate authenticate_or_request_with_http_basic do |username, password| username == "username" && password == "password" end end and the default test for the index action ...
Hi, I have an ActiveX that deploys some application on the client machine and starts it. When using NTLM on the IIS, the authentication with the web server done by IE and there is no problem to download files (I'm using URL Monikers API) but when an ActiveX starts the application (application also needs an access to the server) there is...
I wish to tie my user accounts into HTTP for a specific directory of my website and normally that wouldn't be too much of a problem, because I could either edit the htpasswd file or use mod_auth_mysql (which I'm not too familiar with). However, the passwords are encrypted using SHA1 and a salt. How can I HTTP authentication password an...
Hey, I'm currently developing a chrome extension, I need to access some http-auth protected resources (webdav). The HTTP auth is using (in the best case) a digest authentication. I'm able to do the auth directly in the ajax request using the https://login:[email protected]/path/to/ressource form. The issue is : if the login/password...
Is there a maximum length for a username or password which is sent to a web application through HTTP BASIC authentication? I looked through RFC2617 and couldn't find anything obvious, but was curious and wanted to make sure. (This is all being done over SSL, so don't worry about security for my sake.) ...
<?php $prev_path = "./../../."; $dont_redirect = true; require_once "${prev_path}./config.php"; session_start(); function http_digest_parse($txt){ $needed_parts = array("nonce"=>1, "nc"=>1, "cnonce"=>1, "qop"=>1, "username"=>1, "uri"=>1, "response"=>1); $data = array(); $keys = implode("|", array_keys($n...
Anyone know how to remove all each NSURLCredential for my application? I'm using asihttprequest as library and I'm trying to implement a logout function and [ASIHTTPRequest clearSession] doesn't seem to be enough! looking at the sqlite db here: "~/Library/Application Support/iPhone Simulator/4.0.1/Library/Keychains" after [ASIHTTPRe...
http://admin:[email protected]/videostream.cgi To access a url that doesn't require http authenticate it's quite easy: telnet 192.168.1.178 80 Get /videostream.cgi HTTP/1.1 Accept: text/html;text/plain User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.13) Gecko/20100914 Firefox/3.5.13 Connection: close But how...