basic-authentication

I've been looking at using oauth2 client credentials grant to secure my API (all users will be trusted 3rd parties). I'm following the same approach as paypal here: https://developer.paypal.com/docs/integration/direct/paypal-oauth2/ However, I see that HTTP:// basic auth is used to acquire a bearer token. Then the bearer token is used to secure the API calls. What I don't understand is, if you're going to trust TLS and http: basic auth to retrieve the bearer token - why not just use http: basic auth for the API calls? What is the benefit of using bearer tokens? What am I missing? As per The

I need to have password protection on some web pages outside of the main Wordpress site. The users would prefer to use the usernames and passwords they already have in the Wordpress. The obvious solution would seem to be to use the Apace module for Mysql based authentication: mod-auth-mysql. This however does not seem to be possible, because Wordpress uses Phpass password encryption, which is not supported by mod-auth-mysql. http://modauthmysql.sourceforge.net/CONFIGURE http://www.openwall.com/phpass/ https://wordpress.stackexchange.com/questions/32004/how-to-validate-wordpress-generated

I have posted this on rxandroid issue page too but no response its been 4 days but no response , problem is in debug apk rxjava functionalities are working as expected , but in release apk , only functionalities related to rxjava or rxandroid are not working at all build.gradle(project) apply plugin: 'com.android.application' //or apply plugin: 'java' apply plugin: 'me.tatarka.retrolambda' apply plugin: 'com.jakewharton.hugo' apply plugin: 'android-apt' def AAVersion = '4.1.0' android { compileSdkVersion 25 buildToolsVersion '25.0.2' defaultConfig { applicationId "com.jutt.example1"

I have an ASP MVC app that uses it's own custom authentication mechanism. However there is only one Action in one controller that I need to secure using Basic Authentication. The idea is when the URL for this particular action is hit, the browser pops up the basic authentication dialog and then I need to have the username and password IN the action itself. Any suggestions? Khash This is the answer which works: ASP.NET MVC - HTTP Authentication Prompt 来源： https://stackoverflow.com/questions/3680991/adding-basic-authentication-to-asp-mvc-action

I'm trying to exclude a path (URI) from being blocked by basic http auth. The path is /rest ( http://example.com/rest ) and represents a controller of a cakephp 3 application. It is NOT a real file, but rather a path rewritten by a rewite-condition and handeled by index.php in the webroot dir. Here's the rewrite rules: /var/www/.htaccess : <IfModule mod_rewrite.c> RewriteEngine on RewriteRule ^$ webroot/ [L] RewriteRule (.*) webroot/$1 [L] </IfModule> /var/www/webroot/.htaccess : <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f

Will it shut down & lock up after repeated false password tries, and/or will it add lags in-between retries? Or does this depend on which modules you or your provider install? Thanks! default Apache installation does not do that. usually this is better done by your web application (eg, PHP/JSP) for account attack. for network attack, better not for web servers because it's hard to identify the source due to so many anonymous / transparent proxy / VPN / NAT stuff. once you've implement that, you'd usually get lots of "why I can't connect" complains... 来源： https://stackoverflow.com/questions

I have a have Winforms client that uses Web services on a IIS7 (W2008) The client will first access a first.asmx page with anonymous aaccess, then access second.asmx with basic authentication (over SSL). This works fine in IIS6 where I can set first file to have anonymous authentication and the second file to have basic authentication. When I move to IIS7 there seems to be a problem having two different authentication modes in the same virtual folder. Does anyone know how this is intended to work? I have thought about fixing this with ACLs but it seems tricky.. or maybe move the anonymous

Really confused - Guess it has to do with a single character placement at the end, or possible padding done with basic digest that I'm not aware of..? So, if I execute this, you can see the product of the base64 encode: echo 'host@mail.com:password' | openssl enc -base64 aG9zdEBtYWlsLmNvbTpwYXNzd29yZAo= Now, if I make a curl request: curl -v -u host@mail.com:password https:// aG9zdEBtYWlsLmNvbTpwYXNzd29yZA== You'll notice that the base64 strings are NOT the same..haha what? The base64 command line one is actually incorrect - if you substitute that in the request, it fails. SO - does basic

I'm trying to load an SSL page with basic auth in a webview, but even though i run proceed() in onReceivedSslError and usr/pwd is correct I can't get past onReceivedHttpAuthRequest. If I remove the haveAuthenticated check in the code below it just loops endlessly with auth requests, like if the credentials were wrong. Seems like it won't accept the certificate when trying to authenticate. Adding the basic auth header didn't change anything, any other way to get around this? package com.my.package; import java.util.HashMap; import java.util.Map; import android.annotation.SuppressLint; import

in my RoR application i need to protect a page with basic authentication and i want that the credentials are asked every time that a user link to that page. so i added a filter before the operation, like this: before_filter :request_confirm, :only => [:delete_device] and the filter method is: def request_confirm user = User.find_by_id(session[:user_id]) authenticate_or_request_with_http_basic do |nick, pass| nick == user.nickname and pass == user.password end end it's ok, but only the first time because rails save inserted data, so the following times the filter will be execute but the