I have installed Microsoft Search Server 2008 Express on a Windows 2003 server and created a search content source (our corporate website) for testing. I can search this source just fine from the Search Centre. From an ASP.NET web application I am trying to query the provided web service as described here I am using impersonation sett...
Hi I was wondering what is the best way to force the user to login when arriving at a website, in .net. I have set up the Membership features and I was wondering what is the best way to ensure that no matter what address the user arrives at, they must first get authenticated before proceding to the page they requested. Any resources wi...
When accessing an application I've written FireBug shows that each call to a web service or HTTP handler is attempted three times, and the first two times show as '401 Unauthorized' even though they return the correct result. This consistent. Every call does this same thing. Any ideas why this happens? ...
Is stack overflow uisng https://rpxnow.com/ for login in using different services. If so is it good, and does it have good (preferable free, preferable with PHP api) alternatives. What I'm looking for is a login page wich would allow users to login using major web open-id providers + facebook connect. ...
I have an application that hosts several WCF services. I have created a custom ServiceAuthorizationManager that is working perfectly. I inspect a few elements on the OperationContext.IncomingMessageHeaders to get a username and password. This was to overcome some limitations in our environment that wouldnt allow us to use what was bui...
I have developed a web service which accepts the login credentials from the XML message passed to it. I have concerns over this method as the developer who consumes the service can easily share the login credentials and my service can be called from some other application that uses the same credentials. Is there any way that I can issue ...
I have an asp.net (dynamic data) website set up as an application in a subdirectory of another site. This site requires different security settings from the top level site. Something like: <authorization> <allow roles="ADMIN"/> <deny users="*"/> </authorization> These settings are ignored in the sub site. However...
Assuming that current account has no rights to access "\server\share". If we MapNetworkDrive with admin credentials, and then RemoveNetworkDrive, would current user be able to access "\server\share"? Or the autorization will be revoked? Where can I read what happens under the hood when MapNetworkDrive/RemoveNetworkDrive called, or 'net ...
Is it possible to set fine-grained permissions using either Apache or nginx? Given a large number of files and a large number of users, what's a good way to specify that each authenticated user only has access his/her own files? user_a can access file_a_1, file_a_2 user_b can access file_b_1 user_c can access file_c_1, file_c2, file_c3,...
Hi there, I have this function $.ajax({ url:aurl, method:'GET', beforeSend:function(req) {req.setRequestHeader('Authorization', auth);}, cache:false, dataType:"json", error:function() {...}, success:function(t) {...} }); However, the parameters: method beforeSend Cache are ignored by my browsers FF3, IE8 and Chrome. So, whatever i...
We're beginning to design a whole bunch of new services to create (WCF, ADO.NET Data Services, possibly in the cloud at some point) and one question that pops up is what authentication and authorization scheme to use - there are quite a few! We basically need to be able to identify users (actual people, and "virtual" application/servic...
I've got a web app I'm building in ASP.NET that has the following security requirements: Must be able to integrate with a master authentication scheme that passes back a unique key to the application to indicate a user has logged in via a third-party site. Must be able to use existing user/roles tables. May use forms authentication and...
I'm currently working to specify my company's new partner/public API, which will be a resource-oriented RESTful web service. The missing piece of the puzzle at the moment is authentication/authorization. The requirements are: Initially it must work for a server-to-server environment, e.g. a server application must be able to identify ...
Case 1. When I browse a little test site from my own PC called JOHNXP (e.g. http://localhost/WebClient ), my .aspx page invokes my ASMX webservice picks up my credentials and passes them across to another webservice on ANOTHER machine (SERVERTRIM) in the same domain. I can see my request resulting in a Security Log entry on the SERVERTRI...
I have a pretty simple ASP.NET MVC Site Application. (MVC 1.0) I have NO authorization sections in my web.config because I use the [Authoize] attribute on my controllers. The default web.config for the server allows * for forms authentication, as expected. I have 2 existing Windows 2008 dedicated (hosted) servers. The site works well...
I want to make the roles default for my controller class to "Administrators, Content Editors" [Authorize(Roles = "Administrators, Content Editor")] I've done this by adorning the controller with the attribute above. However, there is one action that I want to be available to all (namely "View"). How can I reset the Roles so that ever...
I come from an ASP.NET background and find the entire roles based authorization scheme limiting to say the least. I've read about Microsoft's new Identity Model and the Geneva Framework with its Claims based architecture but it seems overly complex. In general, I'd like to know more about possible authorization architectures to find out...
Throughout our site there's a common model, let's say Video, that has a number of attributes like private/public/pending, downloadable, etc. Based on the controller, action, request parameters and current user, we want to filter out particular videos from display. For instance, on the homepage we only want to show videos that are public...
I'm currently investigating alternative solutions to the standard page authorization configuration in asp.net. The location tag works ok if you have directories of files that need the same access policy but if you have lots of individual access policies the location tag is a pain. I could roll my own custom auth system but if it can be ...
I have a private folder with thousand of users' folders which only be accessible by the correct user. No user can access other users' folders. I can only think of creating a web.config authorization rules for each of the users' subfolder. In this case, I don't have to add every rules for each user in one web.config files. I am wondering...