http-authentication

Can I use HTTP Basic Authentication with Django?

安稳与你 提交于 2019-11-27 04:03:13
问题 We have a website running on Apache, access to which has a number of static pages protected via HTTP Basic authentication. I've written a new part of the site with Django using Django's built in support for user management. The problem I have is that users have to log in once via the HTTP Basic authentication and then again using a Django login form. This both clumsy and very confusing for users. I was wondering if anyone had found a way to make Django log a user in using the HTTP Basic

Accessing a web service and a HTTP interface using certificate authentication

北城以北 提交于 2019-11-27 03:26:46
问题 It is the first time I have to use certificate authentication. A commercial partner expose two services, a XML Web Service and a HTTP service. I have to access both of them with .NET clients. What I have tried 0. Setting up the environment I have installed the SSLCACertificates (on root and two intermediate) and the client certificate in my local machine (win 7 professional) using certmgr.exe. 1. For the web service I have the client certificate (der). The service will be consumed via a .NET

Basic HTTP authentication with Jersey / Grizzly

非 Y 不嫁゛ 提交于 2019-11-27 02:19:30
问题 I've written a simple REST server using JAX-RS, Jersey and Grizzly. This is how I start the server: URI baseUri = UriBuilder.fromUri("http://localhost/api") .port(8081) .build(); ResourceConfig rc = new PackagesResourceConfig("se.aioobe.resources"); HttpServer httpServer = GrizzlyServerFactory.createHttpServer(baseUri, rc); Now I need to protect the resources using Basic HTTP authentication, and I can't figure out how to do this. I can switch from Grizzly to for instance Jetty if it is

HTTP Digest Authentication versus SSL

人走茶凉 提交于 2019-11-27 02:06:30
问题 What is the difference between HTTP Digest Authentication and SSL from a performance, security and flexibility point of view? 回答1: The pros and cons of HTTP Digest Authentication are explained quite clearly in the Wikipedia article on the topic -- you should read that! To put it bluntly: HTTP Digest Auth will only protect you from losing your cleartext password to an attacker (and considering the state of MD5 security, maybe not even that). It is however wide open to Man-in-the-Middle attacks

Flex 3 - how to support HTTP Authentication URLRequest?

谁说胖子不能爱 提交于 2019-11-27 00:45:15
I have a Flex file upload script that uses URLRequest to upload files to a server. I want to add support for http authentication (password protected directories on the server), but I don't know how to implement this - I assume I need to extend the class somehow, but on how to I'm a little lost. I tried to modify the following (replacing HTTPService with URLRequest), but that didn't work. private function authAndSend(service:HTTPService):void{ var encoder:Base64Encoder = new Base64Encoder(); encoder.encode("someusername:somepassword"); service.headers = {Authorization:"Basic " + encoder

Rails/Rspec Make tests pass with http basic authentication

微笑、不失礼 提交于 2019-11-27 00:01:34
问题 Here my http basic authentication in the application controller file (application_controller.rb) before_filter :authenticate protected def authenticate authenticate_or_request_with_http_basic do |username, password| username == "username" && password == "password" end end and the default test for the index action of my home controller (spec/controllers/home_controller_spec.rb) require 'spec_helper' describe HomeController do describe "GET 'index'" do it "should be successful" do get 'index'

PHP_AUTH_USER not set?

半城伤御伤魂 提交于 2019-11-26 18:44:41
For some reason, none of the code within if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) { // When the above is set, the code that is here will execute of course } is being executed for me. When I enter the correct username and password, the prompt box for the authorization again pops up. Wouldn't both fields be 'set' if they are correct and I press enter? But for some reason that is not the case. What can I be doing wrong? Thank you. There is a 'sensible way' to use HTTP Basic Auth in CGI-mode PHP: in the .htaccess use RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP

Basic HTTP authentication with Node and Express 4

此生再无相见时 提交于 2019-11-26 17:34:59
问题 It looks like implementing basic HTTP authentication with Express v3 was trivial: app.use(express.basicAuth('username', 'password')); Version 4 (I'm using 4.2) removed the basicAuth middleware, though, so I'm a little stuck. I have the following code, but it doesn't cause the browser to prompt the user for credentials, which is what I'd like (and what I imagine the old method did): app.use(function(req, res, next) { var user = auth(req); if (user === undefined || user['name'] !== 'username' |

How do I keep Firefox from prompting for username/password with HTTP Basic Auth with JQuery AJAX?

放肆的年华 提交于 2019-11-26 16:17:23
问题 I'm writing some browser side dynamic functionality and using HTTP Basic Auth to protect some resources. The user experience is very important and is highly customized. Here's a simple test JQuery method that eventually will test if a user has supplied the right credentials in a form: $(document).ready(function() { $("#submit").click(function() { var token = Base64.encode($('#username').val() + ':' + $('#password').val()); $.ajax({ url: '/private', method: 'GET', async: false, beforeSend:

How can I suppress the browser's authentication dialog?

允我心安 提交于 2019-11-26 14:14:18
My web application has a login page that submits authentication credentials via an AJAX call. If the user enters the correct username and password, everything is fine, but if not, the following happens: The web server determines that although the request included a well-formed Authorization header, the credentials in the header do not successfully authenticate. The web server returns a 401 status code and includes one or more WWW-Authenticate headers listing the supported authentication types. The browser detects that the response to my call on the XMLHttpRequest object is a 401 and the
订阅 http-authentication