i have a directory in my website that is protected from anonymous users. my web.config looks like this <location path="members"> <system.web> <authorization> <allow roles="members" /> <deny users="*" /> </authorization> </system.web> </location> if anonymous users try to access pages in the "/members" directory they will b...
In web applications user login information is usually stored in a session but how about windows applications? Is using a singleton the right thing to do? Should I just use a static property? Lets say that I store the login information in a static property ApplicationController. LoggedInUser. When a user logs in successfully, that proper...
Hi We have a login control on a page named login.aspx which is set as the start page of the website. Once the user logs in, it is redirecting to default.aspx although our destinationpageurl is not set to any value. If we set the destinationpageurl to somepage.aspx, it is working redirecting properly, but why is it redirecting to defaul...
I'm looking for help on how to code the following: I want to create a pop-up or Javascript item that allows users to accept the terms of completing an offer for me. Once they have accepted the terms, I would like that offer that they agreed to do to go under the account in a section or tabled labeled "Offers". Please advise on how to c...
i need to alert or warn the user.. while user login into particular account 'your account has been expired next week' like that.. my user table having validfrom and validto date. Before 1 week of validto date.. i need to warn users at every time login. my application using strus2.. for above business logic i need any schedular.. otherw...
Hi. I'm trying to login to a website using HTTP POST method. I've inspected and altered the POST data while logging in to the website and I came to the conclusion that only the two "username" and "password" fields are required to be passed as POST data to the login page, I removed all other headers namely user-agent, Referer etc and stil...
I justed moved out dnn website to a new webserver running Windows 2008 64-bit. After some tweaks I was able to get things running great. However there is one last quirk. When I try to login to the admin/host portion of the site, I receive an error. Specifically, I get A critical error has occurred.- Object reference not set to an in...
Hi, I am trying to use PostgreSQL database for storing Apache's session information, but I can't get it to work. It is failing with the following error: Undefined subroutine &DBD::Pg::db::_login It seems that MySQL users have run into the same problem in DBD::MySQL::db. I have the latest CPAN version of both DBI and DBD::Pg. It does...
(This is in principal a language-agnostic question, though in my case I am using ASP.NET 3.5) I am using the standard ASP.NET login control and would like to implement the following failed login attempt throttling logic. Handle the OnLoginError event and maintain, in Session, a count of failed login attempts When this count gets to [s...
The site I'm working on is mid-sized, 3 developers, a few thousand users, and is very critical to the small business running it. So what I'm getting at is, this is not a Fortune 500 company, but is a serious enterprise needing to implement role-based security in a time/budget efficent way that is still pretty simple to use and has a hig...
The website I'm developing will allow users to login at 3 levels. Level 1 - Not logged in Level 2 - They register their email address and receive a confirmation email, and login that way. Level 2 - They login with a username/password, which is then sent to a web service. If the web service comes back with a "successful login" result, ...
Obviously some sort of mechanism for limiting login attempts is a security requisite. While I like the concept of an exponentially increasing time between attempts, what I'm not sure of storing the information. I'm also interested in alternative solutions, preferrably not including captchas. I'm guessing a cookie wouldn't work due to ...
Hi, How can i login without logout from current user to another Active Directory user with C#. ; 1-Getting new user's access 2- doing my work and than logout with c# same way. For example i am a user at blabla.com domain.I have logged in a Power User.But i need Admin Rights for something so i need to logout and change user to Administ...
I have an MSI-packaged application that is being deployed via Group Policy Objects (GPO) from a Windows 2003 Domain Server to all the XP client machines in the network. This application reads two environment variables for its configuration (which server IPs to talk to) and it seems like we'd also want to push this configuration via a GP...
Im using jQuery validate plugin and every form has multiple validation levels. level is by validate plugin level is: data is submitted to site I get a reply if everything is ok -> JS redirects to url if there is an error, it shows warnings Now I wonder, is it safe to send login info via ajax? I know that with addons like firebug,...
I am working on a Windows Form that connects to a ASP.NET membership database and I am trying to use the AJAX Login Service. No matter what I do I keep on getting 404 errors on the Authentication_JSON_AppService.axd call. Web Config Below <?xml version="1.0"?> <!-- Note: As an alternative to hand editing this file you can use the ...
After posting this a while back, I decided to create my own Registration / Authentication capability in PHP. I'd love anyone to point out the flaws / opportunities for improvement, particularly around what's stored in the session... The logical flow is: 1 - User Registers using email as username, a "site name" which then forms part of...
How should i design a login protocol to be more secure the way i have it right now is the client connects and sends his username the server sends the salt(always same) for the user the client adds the salt to the password hashes it and sends it to the server This way the password is hidden all the time but it does not stop a hacker ...
Fogbugz-on-demand, 37 signals, and PB-Wiki all use sub-domains with custom url's for each group of users to access their login page. So it doesn't even seem possible for a user using those services to login to a generc login (that any user of the service could log into.) At first I thought this was a terrible design flaw, but now I thi...
In my Rails app, I have a login page. After that person logs in, what is the best way for my app to continue tracking the person that has logged in. For example, if the user moves to different pages, my controllers/actions will lose track of that user unless I keep passing a variable between each page the user subsequently visits. Is the...