authentication

Performing user authentication in Java EE / JSF using j_security_check

by

I suppose you want form based authentication using deployment descriptors and j_security_check. You can also do this in JSF by just using the same predefinied field names j_username and j_password as demonstrated in the tutorial. E.g. <form action=”j_security_check” method=”post”> <h:outputLabel for=”j_username” value=”Username” /> <h:inputText id=”j_username” /> <br /> <h:outputLabel for=”j_password” value=”Password” /> <h:inputSecret id=”j_password” /> … Read more

RESTful Authentication

by

How to handle authentication in a RESTful Client-Server architecture is a matter of debate. Commonly, it can be achieved, in the SOA over HTTP world via: HTTP basic auth over HTTPS; Cookies and session management; Token in HTTP headers (e.g. OAuth 2.0 + JWT); Query Authentication with additional signature parameters. You’ll have to adapt, or … Read more

Validate a username and password against Active Directory?

by

If you work on .NET 3.5 or newer, you can use the System.DirectoryServices.AccountManagement namespace and easily verify your credentials: // create a “principal context” – e.g. your domain (could be machine, too) using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, “YOURDOMAIN”)) { // validate the credentials bool isValid = pc.ValidateCredentials(“myuser”, “mypassword”); } It’s simple, it’s reliable, it’s 100% … Read more

The definitive guide to form-based website authentication [closed]

by

PART I: How To Log In We’ll assume you already know how to build a login+password HTML form which POSTs the values to a script on the server side for authentication. The sections below will deal with patterns for sound practical auth, and how to avoid the most common security pitfalls. To HTTPS or not … Read more

How does LDAP work in ASP.NET Boilerplate? [closed]

by

LDAP/Active Directory LdapAuthenticationSource is an implementation of external authentication to make users login with their LDAP (active directory) user name and password. If we want to use LDAP authentication, we first add Abp.Zero.Ldap nuget package to our project (generally to Core (domain) project). Then we should extend LdapAuthenticationSource for our application as shown below: public … Read more

Is it possible to secure an application if it is unlikely that the website will have an SSL certificate? [closed]

by

I ALWAYS use a hashed password with a salt. It is also good to implement some sort of brute force checking to block IPs that attempt more than X failed logins, etc. It’s a system people know. Giving someone a 32 character guid might work better if they could remember it. The problem is people … Read more

PHP Sessions across sub domains

by

I do not know if the problem still exists, but I just ran into the same problem and solved it setting a session name before calling session_set_cookie_params(): $some_name = session_name(“some_name”); session_set_cookie_params(0, “https://stackoverflow.com/”, ‘.example.com’); session_start(); I have changed nothing in my php.ini but now everything is working fine.