The authentication tag has no wiki summary.
0
votes
0answers
24 views
ASP.NET MVC WebService - Security for Industrial Android Clients
I'm trying to design a system that will allow a bunch of Android devices to securely log into an ASP.NET MVC REST Web service.
At present neither side are implemented. However there is an ASP.NET ...
-1
votes
0answers
13 views
Advice needed re. federation, auth, membership providers (ASP.NET/MVC) [closed]
I'm working on a new public multi-tenant website/system that will allow users to login with their own credentials (username/password), facebook/twitter/etc credentials, or bring their own AD
User ...
1
vote
0answers
76 views
How to authenticate user on php and Node.js
I´m currently developing a little chat page. The main page and user management is written in php and also all the authentication stuff with sessions.
Now I´m planning to run the messaging stuff on a ...
1
vote
0answers
69 views
Authorization and Authentication using multiple types of authentication in MVC
Currently I am managing a team where we're building a new SaaS application.
The way it is currently structured is that we have a solution that has our business logic and data, and a solution that ...
0
votes
1answer
70 views
Is it a good practice to decouple the membership system?
Currently I'm developing a project that basically is built with ASP.NET Web API. The membership system I'm using is ASP.NET Identity. The only problem I'm seeing with this is that the membership ...
1
vote
1answer
44 views
Implicit OAuth2 endpoint vs. cookies
I currently have an app which basically runs two halves of an API - a restful API for the web app, and a synchronisation API for the native clients (all over SSL).
The web app is completely ...
1
vote
1answer
148 views
Most Appropriate Authentication Type for MVC5 project
I am about to start a new ASP.NET MVC5 project and I am planning the authentication / authorization requirements at present.
The client wants Windows authentication, to prevent their users having to ...
0
votes
1answer
48 views
Flexible authorization design in ASP.NET pages?
I'm developing an ASP.NET webforms application with pages which displays information based on the authorization level of the authenticated user (very typical). I will write a simple example of the ...
1
vote
1answer
78 views
How to make sure that reported issues are not caused by wrong credentials or typos of the client? [duplicate]
I have found myself a few times in the situation where a client reports an issue like 'I can no longer login to my account'.
Sure enough when trying to login with the client's credentials myself ...
1
vote
3answers
227 views
Authentication with If/Else
For keeping the "Administration Panel" secure to those who are logged in, for my web application, is the best practice to use an If/Else Statement?
if($_SESSION['logged_in'] == true) {
include ...
1
vote
6answers
423 views
How to distribute, one virtual token to each person in this world, and make sure nobody gets more than one? [closed]
How to distribute, one virtual token to each person in this world, and make sure nobody gets more than one?
In other words, how to prevent a user from creating more than one user account in a site?
...
4
votes
1answer
95 views
Can someone explain the behind-the-scenes process of connecting an app account to a Facebook account?
I am developing an app that will use the Twitter and Facebook login APIs exclusively.
Suppose a new user downloads the apps and is presented with the option to log in through Facebook or Twitter. The ...
-3
votes
1answer
98 views
Can one determine the creation date of an email account?
Is it possible to determine the creation date of the email supplied with the authentication process flow; Or at least determine that the email was/was not created the same day as signup (or ...
1
vote
0answers
45 views
How to handle static-ish content from a CDN with authentication?
I have a website that allows user uploads of content. Part of the design, to date, involves storing the user content on a NAS that has been configured with a separate app pool in IIS that has ...
0
votes
1answer
107 views
How to manage multiple database credentials across multiple projects
We have 10 separate projects that all access the same database. Initially, all 10 projects had database credentials hardcoded into them. I decided to move the credentials into a utility method and ...
0
votes
0answers
52 views
How to have my callbacks authenticated in a REST app?
I'm developing a REST application and I allow my clients to authenticate in several ways (typically using Authorization: Token ... as in OAuth 2.0, but also there's session-based auth option for the ...
1
vote
0answers
48 views
How do I authenticate users from facebook/twitter?
I need to build a site for a mobile app that allows users to sign in with facebook/twitter or sign up as a new user (traditional username/password).
No matter which method the user chooses, they ...
6
votes
2answers
710 views
Best way to hide API key in source code
I need some ideas on how to protect a private API key in an application, specifically in a c# .NET application.
Firstly, I understand that it is theoretically impossible to hide anything in the ...
-2
votes
3answers
104 views
Why speaks basic http authentication always of a username
In RFC 2617 HTTP Authentication: Basic and Digest Access Authentication they speak always of username and password for the authentication.
Why should I choose to take a username as identifier for a ...
0
votes
1answer
154 views
Why can't we use unique identifier as combination of email and password? [closed]
For prevent email conflicts for authentication system we can surely choose email and password combination as unique identifier.
What can prevent me to built authentication system by treating unique ...
4
votes
3answers
140 views
Kerberos web authentication
I'v developed an internal singe-page web-app (unix, apache & postgresql) protected by a simple login page. Currently, the users have their own login role with a password.
This is starting to get ...
1
vote
1answer
185 views
What kind of user authentication do I need in for a restful web api
I am doing a restful web api with asp.net Web API 2
I do not want to use any form of cookies or basic authentication (send user/pass in cleartext thus SSL needed)
I do not use/need claims stuff.
I ...
0
votes
2answers
170 views
Limiting certain functionality to development environment only [closed]
I intuitively think that an application should be exactly the same in DEV, QA, and PROD environments. However, I have been asked to add a feature to an application that will only be available in DEV ...
1
vote
2answers
264 views
Is double password protection safe for admin authentication?
I was looking at some of my past codes, and I viewed one of my admin boards I've made. I had it setup so that the admin has to define/enter 2 passwords for his account.
Is this really double-safe or ...
2
votes
0answers
126 views
Facebook authentication with an Authoritative Server for a Flash Game
I'm working on a multiplatform game in Flash. This game utilizes Photon Server for authoritative physics and user statistics tracking. I'm looking to leverage Facebook authentication as an alternative ...
1
vote
1answer
263 views
Is it an implementation of a stateful mechanism for Rest API authentication?
In many articles about Rest API's best practices, it is recommended to not depend upon sessions on server side since it leads to a stateful mechanism.
I currently use Play 2.2 framework, with a ...
0
votes
1answer
53 views
Identifying how server is authenticating users
I'm trying to build a bot that will parse the list of classes offered by my university and let me know when the one I'm looking for is open. The problem is that in order to get to the ...
0
votes
0answers
46 views
Validating time-limited HMACs
I'm exploring using HMAC style secret-key authentication with timestamp expiry, but am struggling to get my head around how you validate the timestamp portion.
On the client side you would do:
...
4
votes
1answer
2k views
Authenticate native mobile app using a REST API
I'm starting a new project soon, which is targeting mobile application for all major mobile platforms (iOS, Android, Windows). It will be a client-server architecture.
The app is both informational ...
2
votes
1answer
174 views
Approach to Authenticate Clients to TCP Server
I'm writing a Server/Client application where clients will connect to the server. What I want to do, is make sure that the client connecting to the server is actually using my protocol and I can ...
0
votes
0answers
231 views
Is this a secure solution for RESTful authentication?
I need to quickly implement a RESTful authentication system for my JavaScript application to use. I think I understand how it should work, but I just want to double check. Here's what I'm thinking -- ...
0
votes
0answers
92 views
Problem with OAuth2 authentication process and session persistance
We're using node-oauth2-provider as an authentication library for our service. The current process for a user to log in is:
POST /oauth2/access_token
Which creates and saves the access_token to the ...
0
votes
2answers
63 views
Authentication at my web site using other credentials
Suppose there are 2 web site: example.com I don't own and example2.com I own. I want to extend the functionality of example.com somehow.
example.com doesn't have any API. I want the users of ...
2
votes
1answer
299 views
Implementing User Authentication on an N-Tier Web Application
I appreciate all help and feedback. Parts bolded are critical parts if this is too verbose. Perhaps it will help to mention I am a green developer. I have found some useful info from related ...
0
votes
0answers
940 views
How secure is this way of authenticating an ASP .NET Web API - creating your own tokens?
http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API#_rating
The above link shows exactly how I want to go about authenticating against an ASP .NET Web API. ...
2
votes
4answers
795 views
Authenticating users for a website
I'm working on a website and I want to validate that an individual is an employee at one of a large number of companies (probably using their company's email address, which I don't know before hand). ...
1
vote
0answers
118 views
How to evaluate Secure Authorization for server to client
I have a customer that wants me to build a web portal (Asp.net 4.0) that will communicate with a desktop client, tablet and/or smart phone (e.g. iOS and/or Android).
I was thinking of using oAuth ...
18
votes
4answers
2k views
How should I architect a RESTful webservice to use 3rd party (i.e. Google, Facebook, Twitter) for authentication?
For my job we have a nice RESTful webservice we've built out that we use to drive a couple websites we have. Basically the webservice lets you create and work with support tickets, and the website is ...
1
vote
1answer
203 views
User Authentication & Session Management
One of the fundamental ways of handling user login authentication & session management is by storing variables in Session space plus setting some data in cookies on client computer while sometimes ...
0
votes
2answers
461 views
Alternatives to Traditional Password Authentication [closed]
The third party login is excellent function that has come in recent years that relieves the load on a programmers mind so that I have to remember less useless passwords.
I don't use the same ...
-2
votes
2answers
130 views
APIs that deal with logins
I have been asked to make a mobile app for a friends website. The website is a Multi level marketing site that sells products and franchises. A client logs in in to the website and can view his or her ...
0
votes
0answers
23 views
Login to a Web App using PKI Certs [duplicate]
I understand PKI reasonably well from a conceptual point of view - i.e. private keys/public keys - the math behind them, use of hash & encryption to sign a certificate, Digital Signing of ...
2
votes
1answer
359 views
In what situations will Windows-based authentication for my ASP.NET MVC web application fail to allow users from accessing the web application?
My requirements are:
To build an ASP.NET MVC web application to use Windows-based authentication, since all the users which will be accessing the application are our internal employees, and they ...
8
votes
3answers
2k views
Web Authentication using PKI Certs
I understand PKI reasonably well from a conceptual point of view - i.e. private keys/public keys - the math behind them, use of hash & encryption to sign a certificate, Digital Signing of ...
2
votes
1answer
352 views
Client side authentication through signatures instead of passwords
I want to save some user-generated data with some signature of the user that generated it (let's say that the user has to fill some forms with some data and I want him to sign the written data).
The ...
0
votes
3answers
333 views
Where should authentication be handled, in the server's code, or in the application's server-side code?
I'm developing a simple web application in node.js. Users can log in from any page in the application, so I handle authentication in the server's code and logic, and the application's server-side ...
0
votes
3answers
438 views
Best way to auto login in web application
This question could be titled "Place password hash and salt in query string?" as well to be less subjective, but the point remains the same:
I want to create kind of a launcher application for my web ...
3
votes
1answer
204 views
Multiple SSH keys for different organizations
I can see that GitHub allows you to have multiple mail account and associate every organization you are part of with a different address.
Can this be done also for SSH keys?
What I would like to do ...
8
votes
2answers
524 views
Is this solution RESTful and secure?
Our product registers new players on our service, and we've chosen to host it on Azure (we're using .NET) and we wanted it to be stateless (for scalability) and relatively secure.
Since this is the ...
1
vote
1answer
84 views
How to authenticate an archive
Background:
I have a updator feature in my program which will downloads updates to a directory specified be the user. Then user can install these updates whenever he/she wants by just opening them. ...
