Hello, I do want to start off by saying this is completely out of my area as I've never really worked with any ASP.net sites and hosting off IIS is also new to me. The site we currently have deployed is c#.net and was written back in 2005-2007, I have never used c# to create any ASP.net sites however I was going to start learning it but it seems that now it is more apparent to use MVC instead of webforms. The question I have regarding this area is that our site uses windows authentication and Active Directory to authenticate …

Member Avatar
Member Avatar
+0 forum 6

Hey guys, I am currently *trying* to create an IMAP authentication backend for Baikal/SabreDAV. The aim is for SabreDAV to authenticate users using an IMAP server (which will make CalDAV and CardDAV authentication a lot easier). This is the code I have produced so far: <?php namespace Sabre\DAV\Auth\Backend; // Auth Class class IMAP extends AbstractBasic { protected $imap_server; /** * Reference to PDO connection * * @var PDO */ protected $pdo; /** * PDO table name we'll be using * * @var string */ protected $tableName; /** * 'modtime' timeout (deprecated) * * @var integer */ protected $timeout; public function …

Member Avatar
+0 forum 0

Hello, I'm not sure if this is the right place to post this question in, but here goes... I have a new macbook air and I'm attempting to use a shared printer that's on my windows network. I can detect the printer, and it's installed on my mac, but when I try to print, I get an error that says "HOLD FOR AUTHENTICATION." It give me an option to type in a user name and password, but I don't have one... my mac password doesn't work, and I don't have any user names or passwords on the windows machine. I …

Member Avatar
Member Avatar
+0 forum 2

Spring has been getting rather unseasonably hot for Apache users as far as security flaws go. First there was news of how the FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability could impact Apache. For more on FREAK see this [excellent analysis](http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html) by Matthew Green, a cryptographer and research professor at Johns Hopkins University. Green points out that "Apache mod_ssl by default will generate a single export-grade RSA key when the server starts up, and will simply re-use that key for the lifetime of that server. What this means is that you can obtain that RSA key once, factor it, and …

Member Avatar
+1 forum 0

Hi guys, I am trying to create a login page using apache mod_auth_form to authenticate users. Once the user is authenticated he/she should be able to access the main page. # my public directory: # C:/webroot/ regtrack_newSG.php # my protected directory: # C:/webroot/myapp/ regtrack_studysiteone.php # my password file: C:/Apache24/passwd/passwords # .htaccess file under the protected directory: # AuthFormProvider file AuthUserFile "C:\Apache24\passwd\passwords" AuthFormLoginRequiredLocation /regtrack_newSG.php AuthFormLoginSuccessLocation /myapp/regtrack_studysiteone.php AuthType form AuthName realm Session On SessionCookieName session path=/ SessionCryptoPassphrase secret Require valid-user # httpd config: # LoadModule auth_form_module modules/mod_auth_form.so DocumentRoot "c:/webroot" <Directory "c:/webroot"> Options Indexes FollowSymLinks AllowOverride AuthConfig Order allow,deny Allow from all </Directory> …

Member Avatar
Member Avatar
+0 forum 3

Hello guys,how are you? well im in a bit of trouble,so i want some help. I´m developing a site in VB.NET that in the beginning the user must login to access other pages.This part is ok,the user logins successfully and goes to members area.In this area,i would like to show in the header,the sentence 'welcome'+username during all the pages that he enters,like for example 'about page' or 'privacy policy page'i would like that if he´s logged in,his username appearing in the header. I´m not using masterpage.I was using request.querystring to get the value of an early session to the next …

Member Avatar
Member Avatar
+0 forum 7

Hi, i have windows application , in that i have reference to the web service. Now when i put username and password , application calls to authentication service ( which is hosted on same machine IIS 7.5 ) i get pop up which is asking for Proxy Authentication. can anyone plz help me out for the same :) Following is the Error : {"System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.Data.SqlClient.SqlException: The EXECUTE permission was denied on the object 'SP_AUTHENTICATE', database 'XXXXXXX', schema 'dbo'.\n at System.Data.SqlClient.SqlConnection.OnError (SqlException exception, Boolean breakConnection)\n at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning (TdsParserStateObject stateObj)\n at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, …

Member Avatar
+0 forum 0

I have been plagued by an issue for the past couple of days and I am yet to find a solution. I have an service installed at several customer sites. This service grabs data from a database, packages it up and then submits it to a web service hosted on a different server. This is done using SOAP and everything works absolutely fine when I am running the submission service under .NET 2. However, after a recent upgrade to .NET 4, I have been receiving a SoapException when my submission service attempts to logon to the web service. The error …

Member Avatar
Member Avatar
+0 forum 1

I need to change the default page a C# application redirects to when the current authenticated user doesn't have permission to reach that page. I looked through the application and found the following code: <authentication mode="Forms"> <forms timeout="525600" loginUrl="~/login/" defaultUrl="~/unauthorized/" /> </authentication> It did not have a defaultUrl before, so I added one, tested it, and saw no change in behavior. As a test I also changed the loginUrl to another page, rebuilt the site, cleared my browser cache, and still saw no change. No matter what I put in loginUrl and defaultUrl, I couldn't get the default page to …

Member Avatar
Member Avatar
+0 forum 3

I've successfully gotten authentication to work on my web application using LDAP. So nothing is technically wrong with my login. What I'm having trouble with is once I have verified that a user is in active directory, I need to check a database to see if they have an account in it and/or if they are marked active or not. Then I need to store some basic information (username and id) that will be used on other pages to query my database and return information about the user. This is all on an intranet site so unfortunately I can not …

Member Avatar
Member Avatar
+0 forum 6

What is the best way to implement the forgot password functionality ?

Member Avatar
Member Avatar
+0 forum 1

Hi Everyone, I'm not sure if I may be in the wrong venue to post as this would have to do with PHP, CURL and SSL, so I've decided to place the question here. Please feel free to let me know if the question should be dropped in some other location… My company has been using a ticketing system that is hosted on another server being cloud based which uses a RESTful style API over HTTP using XML. They also use HTTP Basic Authentication over SSL to secure data. For any options worth knowing, the cloud based ticketing system cannot …

Member Avatar
Member Avatar
+1 forum 3

I've been working on an ASP.NET project. I've successfully implemented LDAP authentication for login and have tested it with multiple users with no issues. LDAP is only controlling my login credential. Everything else is stored in a SQL db. In that database I have a users table that has a bunch of information about the user. I need to do two items with this table as soon as my LDAP authentication completes. * I need to verify the user actually has an account in my users table and if not redirect them to a page with information to contact a …

Member Avatar
Member Avatar
+0 forum 1

Dear friends, I am using the XML-RPC Server to implement a simple login authentication as a web service . So I wrote a function in wp-includes\class-wp-xmlrpc-server.php like function web_auth($host, $db, $dbuser, $dbpass, $username, $password) { $dbhandle = mysql_connect($host, $dbuser, $dbpass) or die("Unable to connect to MySQL"); $selected = mysql_select_db($db,$dbhandle) or die("Could not select database"); //$md5_password = md5($password); $md5_password = wp_hash_password($password); $result = mysql_query("SELECT count(*) AS total FROM wp_users WHERE user_login='$username' AND user_pass='$md5_password' AND user_status=0"); $data=mysql_fetch_assoc($result); //echo "SELECT count(*) AS total FROM wp_users WHERE user_login='$username' AND user_pass='$md5_password' AND user_status=0"; //die($data['total']); if($data['total'] == 1) { return true; } return false; } But …

Member Avatar
Member Avatar
+0 forum 1

Hi there, i tryed to use the authentication with forms... I only added this code to my web.config but that give me an error.. ** <authentication mode="Forms"> <forms name=".myCookieSuffix" loginurl="Login.aspx"/> </authentication> ** do i need to add some more code or something else to my website? Another question, ho can i put some pages avaible even if whe are not conncted? Thanks

Member Avatar
Member Avatar
+0 forum 2

I am creating a new ASP.NET MVC 4 application (actually my first MVC application) that is a part of my previous ASP.NET web forms application. I have never used ASP.NET inbuilt authentication methods in any of my project. This new MVC 4 app will be published on a sub-domain of previous app. Login will be done from previous app. A return url should be provided from MVC app to return back to current page if not logged in. However, New User Registration, Account Recovery options are already developed in previous web forms application and I don't want to replicate them …

Member Avatar
Member Avatar
+0 forum 1

Hello, I have a Ruby On Rails app online which uses devise authentication. I am trying to make an android app which make a request from ror app when a user try to log in (so the users can use same account from ror app). I heard that what I need is basic http authentication. Can you help me please with a functional example, or some useful links? All the examples found on the internet were useless. Thanks

Member Avatar
Member Avatar
+0 forum 1

I'm dipping my toe in the water of salted passwords by upgrading an older webapp, and would like to present the rough outline of how my system would work in the hope that those with more experience than I might tell me if I'm going in the right direction; In general terms: > ***** SET/CHANGE PASSWORD ***** > > $salt = md5(time()); > $salted_password = hash('sha256', $salt . $_POST['password']); // Hash the password > > Insert $salt and $salted_password into the database user table > > > ***** LOGIN ***** > Pull salt from database > Prepend salt to submitted …

Member Avatar
Member Avatar
+0 forum 8

Hi Everyone, When I feed details in Enquiry Form and click on submit then, my email is not going. It displays error message as "Warning: mail() [function.mail]: SMTP server response: 530 SMTP authentication is required. in E:\HostingSpaces\flashprop\flash-properties.com\wwwroot\sell.php on line 39". Kindly, help. Thanks in advance.

Member Avatar
Member Avatar
+0 forum 10

Hi, i made an HTML contact form with the following fields name, email and message and i want to send it to my gmail address with SMTP authentication. Please can anyone guide me with a step by step process? i am new to PHP. i found the script for SMTP authentication but i am unable to configure it. regards Aqeel

Member Avatar
Member Avatar
+0 forum 8

Here is some code (snippet) from a function I have that takes a users "user_name" and "password" as parameters. There is an if else statement that triggers along the way, basically, if there is a value $v, then it look ups the users user_name and password in a table and appends the @gmail part to it (so that the input username matches the email in the database) and if they are equal, it will log them in, otherwise it will display a message stating that there was an error while logging in. The trouble is, I can't get the error …

Member Avatar
Member Avatar
+0 forum 6

Hi all, What is the best to autenticate with out using the standar roles from VStudio.

Member Avatar
Member Avatar
+0 forum 2

Hi After learning jquery for about a month, I make an attempt to make username & password authentication form. Howver, i get stuck 2 days now, and i will soon start bumping my head against the wall. What I am trying to do is if user enter the wrong username or password to display the message without reloading the page, and if he enter right username and password, php page that make the check against the database should redirect the user. I will post my function(s) that doesnt work here, and if anyone can help me to make them work …

Member Avatar
Member Avatar
+0 forum 4

Hello All, I have been developing a website that has a secure area. At the beginning of the secure page I wrote a scriptlet to check whether the user is logged in. I want to take this scriplet and put it in a javabean. Could any of you guys suggest a way of doing this? String clientIP = request.getRemoteAddr(); //get remote address String clientHost = request.getRemoteHost(); //get client host int hashVal = (request.getRemoteAddr() + request.getRemoteHost()).hashCode(); //create hash if(session.getAttribute("hsh") != null){ //hash was not created for this session.. if(Integer.parseInt(session.getAttribute("hsh").toString()) != hashVal){ //hashes should be the same response.sendRedirect("./login_page.jsp?error=2"); //the hashes dont match …

Member Avatar
Member Avatar
+0 forum 1

Hello all, I am using Windows server 2008 OS as domain controller. When user's request comes, his id & password are verified across Active directory. If his id & password are already present in active directory then java program returns as valid user or otherwise returns as invalid user. Now, password policy is set to default. I want minimun password length to be 4 chars. & password must be numeric. When i did these settings, java program gives authentication exception. I have little knoweldge about Active directory integration. Can anyone help me with active directory settings. Plz plz help, its …

Member Avatar
Member Avatar
+0 forum 2

Recently 2 Admins on my website asked me that they would like to Code a software which will help them Moderate normal users and i agreed by saying that i would code them a very! simple API with only the basic stuff they would need. Now the question that came to my mind is that how do i restrict access so that only they could use it? **Unsuccessful Solution 1** I thought about using an API key which they would need in order to use the API. But the problem is, if the API key is somehow stolen or leaked, …

Member Avatar
+0 forum 0

My project is what I thought is probably a popular one, so I'm hoping the solution is easy enough. To develop an Intranet using the functionality of forms authentication, but automatically logs in authenticated Active Directory users with their Windows authentication (so they do not have to sign in again after logging onto a computer). So far I've got an ASP.NET(v4.0) website using Windows Authentication on IIS6 and it works well. I've followed the posts listed below, but with my limited knowledge of asp.net & vb.net I'm struggling to get these solutions working - and I've also noted they are …

Member Avatar
Member Avatar
+0 forum 2

Since md5 will be deprecated at some point (if it isn't already), and will soon pass away, I thought I should think about of another way of securing passwords. I've been thinking about phpass for a while and decided to jump in feet first. I am pretty sure that I understand the concept but my code isn't working for some reason. Like yet again, I need another pair of eyes to see what I am not seeing at the moment. Below is the code: $hash_cost_log2 = 8; $hash_portable = FALSE; $hasher = new PasswordHash($hash_cost_log2, $hash_portable); $user = strtolower( pmdb::connect()->escape($_POST['username']) ); …

Member Avatar
Member Avatar
+0 forum 1

search and didnt find anything that was close to this. so my assignment is to simulate a simple authentication, where the user enters their original pin or password(numbers only). it must use arrays to assign the password a pseudo-random assignment of 1-3 for digits 0-9. after that the program clears the screen and asks the user to reenter the password using the only 1-3 according to the reference table displayed. then the program is supposed to output if the new entry was correct or not. most of the program works logically at least but my problem is idk how to …

Member Avatar
Member Avatar
+0 forum 4

Has anybody here had any experience of using OpenID (or FB, Twitter, Yahoo etc) to login into your site. I've been wondering whether I should adopt this approach for a new project. However, as a password will not be stored in my DB, how will the user remember which service he/she used to log in before. How will say data saved into DB while logged in through FB be available if they log in via Yahoo? Does that make sense?

Member Avatar
Member Avatar
+0 forum 3

The End.