http-authentication

All of this is pertaining to WebHttp binding, hosted in a custom Service Host (IIS is not an option at this time). I've implemented a custom UserNamePasswordValidator, and a custom IAuthorizationPolicy. When I configure the endpoint's binding to use Basic authentication, everything works just as I'd like (custom principal, custom roles, etc..). I'd like to add the ability for anonymous HTTP access as well, and have my custom implementations put the Anonymous user in some default roles, etc.. (if no Authenticate header is sent). What happens now is that anonymous users are given a 401 before

I need to authenticate my RTSP stream to a streaming server, here is the challenge : RTSP/1.0 401 Unauthorized WWW-Authenticate: Digest realm="Streaming Server", nonce="76bfe6986d3e766424de9bd6e7d3ccc1" Session: 1845562184;timeout=60 Cseq: 1 ... Wirecast manage to successfully authenticate with those settings : Host name : 192.168.33.9:1935/live/my_stream.sdp location : live/my_stream.sdp username : user password : test its response is : e1dff363b9763df0c7615429af79715c So according to wikipedia I tried to authenticate with the method : //H(data) = MD5(data) //KD(secret, data) = H(secret:data)

I want to access a remote elasticsearch which is protected by a username and password. https://[username]:[password]@aws-eu-west-1-portal1.dblayer.com:11109/ In Spring using the XML config I was able to access my localhost elastic as shown below <!-- ElasticSearch --> <elasticsearch:repositories base-package="be.smartsearch.service.repository.elasticsearch" /> <elasticsearch:transport-client id="esClient" cluster-nodes="localhost:9300" /> <bean id="elasticsearchTemplate" class="org.springframework.data.elasticsearch.core.ElasticsearchTemplate"> <constructor-arg name="client" ref="esClient" />

Why isn't there a logout button? Why no list of "websites you're logged into"? Is it because of some issue with the HTTP specs? Life would be much easier for web developers if they could actually rely on HTTP auth ... No technical reason. I suppose if anything, the auth UI is neglected because fewer and fewer web sites are still using HTTP Basic Authentication, trending more towards various cookie-related login schemes... precisely because the auth UI is so poor! One could probably hack together a Firefox add-on to do it quite easily, which would be the quickest fix. (And the same goes for the

I installed jenkins on my server and I want to protected it with nginx http auth so that requests to: http://my_domain.com:8080 http://ci.my_domain.com will be protected except one location: http://ci.my_domain.com/job/my_job/build needed to trigger build. I am kinda new to nginx so I stuck with nginx config for that. upstream jenkins { server 127.0.0.1:8080; } server { listen x.x.x.x:8080; server_name *.*; location '/' { proxy_pass http://jenkins; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; auth_basic "Restricted"; auth

How do you determine if a REST webservice is using Basic, Kerberos, NTLM, or one of the many other authentication methods? When you send an unauthenticated request the service has to respond with a "HTTP/1.1 401 Unauthorized" and the response contains a WWW-Authenticate header that specifies what authentication scheme is expected ( Basic , Digest ), the security realm and any other specific value (like Digets's nonce). So if the server responds with: HTTP/1.0 401 Unauthorized WWW-Authenticate: Digest realm="example.com", qop="auth,auth-int", nonce="...", opaque="..." it wants a Digest