basic-authentication

问题 i'm fairly new to django and just trying a couple simple experiments to get my feet wet. i'm running django 1.0, apache2 prefork and mod_wsgi. I'm trying to build a site with the following url structure / /members /admin the root is basically a public area. the members path should be protected using basic-authentication (probably authenticated by apache) the admin path should be protected using the built in django authentication. following the examples in documentation i can basically protect

问题 I'm using HTTP BASIC Authentication with Java. My Servlet sends a JMS message but I need to supply the user and password to authenticate myself while creating the connection: javax.jms.ConnectionFactory.createConnection(String username, String password) I can retrieve the username from HttpServletRequest.getUserPrincipal(). But there seems to be no way to retrieve the password. How do I solve this? 回答1: The password you are referring to is most probably different from the one provided by

问题 I'm currently creating an authentication system on front of a public web API for a web application. Given that each user account has an API key and each request must be authenticated, I have two alternatives: Using an HTTP Basic Authentication, like GitHub does. Requests must be sent to the URL http://api.example.com/resource/id with basic authentication username: token password: the api key Passing the API Token as querystring parameter. Requests must be sent to the URL http://api.example

问题 About to open up a public api with OAuth access, no problem with that. Main site uses the api but with basic authentication instead (restricted for our internal ip range) Next step is to plan a mobile application but how should one handle authentication there? First thought was to create a special log in screen just for our appid to make it look like authentication (instead of authorization) but it would not be very hard to revers engineer our appid. How does (for example) facebook handle log

问题 Using POSTMAN , everything is fine : I pass the same headers,params,... to superagent as following : const superagent = require('superagent'); const grab = require('ps-grab'); superagent.get('https://x.rathath.net/issue_statuses.json') .set({ 'Accept': 'application/json', 'Content-Type': 'application/json' }) .auth(grab('--user'),grab('--password')) .send({}) .end((error,response)=>{ console.log(response.text); }); However it is failed ! I have a doubt in : superagent+Authorization Header+

问题 Passing a username and a password for Basic Authentication is comfortable; But not if iOS Safari tells me to stay away from my website every time. Example URL http://bytecode77:123456@example-subdomain.bytecode77.com Is there anything I can change in my code or webserver configuration to avoid such suspiciousness? 回答1: AFAIK, user credentials in URLs have been removed for security reasons and no longer appear in the protocol specs. I read that Chrome and IE do not support that at all anymore.

问题 I was wondering what CURLOPT_USERPWD is actually doing to the url, header or data of a request. Is it INSTEAD OF the Authorization: Basic <base64 of user:pass> or does it work along side this? Is it modifying the url to this?: username:password@someurl.com I saw some code like this so I am wondering, as it seems if I request that url in a NodeJS equivalent request it is not working with just an Authorization header (I have a theory the server is broken and ignoring the Auth header and using

问题 I was wondering what CURLOPT_USERPWD is actually doing to the url, header or data of a request. Is it INSTEAD OF the Authorization: Basic <base64 of user:pass> or does it work along side this? Is it modifying the url to this?: username:password@someurl.com I saw some code like this so I am wondering, as it seems if I request that url in a NodeJS equivalent request it is not working with just an Authorization header (I have a theory the server is broken and ignoring the Auth header and using

问题 I have a very simple WCF webservice that a customer is hosting on their own IIS. The customer has their own client that they've been testing against it, in their testing environment, and everything was working fine, until they disabled anonymous authentication and enabled basic. Once they did, they started getting errors: The authentication schemes configured on the host ('Basic') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the

问题 I have two web pages that I am trying to send information between. One is the login page that takes in the users information and calls a web-service to determine if the user is authenticated. Upon ensuring authentication I want to redirect to my other web page with some way of telling that the user has logged in and is authenticated. I know that javascript has window.location = url but this does not forward the authentication header or anything else as far as I know. Is there a way to