How to encrypt username and password before transmit on client side

Similar Messages

• How to set username and password before redirecting to a RESTful webservice

  I am a .Net developer who has developed a webservice used by my ColdFusion colleagues. They are using ColdFusion 9 but I'm not sure if they have incorporated any of the newer features of ColdFusion in their apps. Here is a snippet of how they have been invoking the webmethods:
  <cfscript>
                       ws = CreateObject("webservice", "#qTrim.webServiceName#");
                       ws.setUsername("#qTrim.trimAcct#");
                       ws.setPassword("#qTrim.trimpwd#");
                       wsString=ws.UploadFileCF("#qTrim.webserviceurl#","#objBinaryData#", "#qFiles.Filename#", "Document", "#MetaData#");
              </cfscript>
  As I understand things, the .setUsername and .setPassword correspond to the Windows credentials the CF Admin set when the URL of the .Net webservice was "registered" and given its "name" (for the CreateObject statement above). I have 4 webmethods that are all invoked in this manner and this SOAP protocol works adequately for us. Please note that this ColdFusion web app authenticates anonymous remote internet users by prompting for a username and password and compares them to an application database (i.e. Microsoft calls this "forms authentication"). Because only a few Windows domain accounts are authorized to call this .Net webservice, the above code always uses the same username/password constants and it all works.
  My question involves the newest webmethod added to the .Net webservice. It requires that callers must invoke it as a RESTful service which means it must be invoked by its URL. Here is a snippet of C# code that invokes it from an ASP.NET webclient:
              string r = txtRecordNumber.Text;
              string baseurl = "http://localhost/sdkTrimFileServiceASMX/FileService.asmx/DownloadFileCF?";
              StringBuilder url = new StringBuilder(baseurl);
              url.Append("trimURL="); url.Append(txtFakeURLParm.Text);
              url.Append("&");
              url.Append("TrimRecordNumber="); url.Append(txtRecordNumber.Text);
              Response.Redirect(url.ToString());
  I assume a ColdFusion script could easily build a full URL as above with appended querystring parameters and redirect. Is there some way for the CF code redirecting to a RESTful webservice (by way of its URL) to set the Username and Password to this Windows account mentioned above? When the DownloadFileCF webmethod is hit it must be with the credentials of this special Windows domain account. Can that be set by ColdFusion someway to mimic the result of the SOAP technique (the first snippet above).
  I hope my question is clear and someone can help me make suggestions to my ColdFusion colleagues. Thanks.

  Can you clarify what you mean by "establish a different Windows identity"?  Usually passing identity to a web site or service means adding something to the request's HTTP headers.  This could be a cookie in the case of .NET forms authentication or the "Authorization" header in the case of basic authentication.
  The SOAP web service invocation code you posted does use basic authentication, according to the CF docs "ColdFusion inserts the user name/password string in the authorization request header as a base64 binary encoded string, with a colon separating the user name and password. This method of passing the user name/password is compatible with the HTTP basic authentication mechanism used by web servers."
  http://help.adobe.com/en_US/ColdFusion/9.0/Developing/WSc3ff6d0ea77859461172e0811cbec13a13 -7fe0.html
  If you need to mimic the SOAP techinque you should have basic authentication enabled for your REST service endpoints.
  If your authentication method is different then CF developers will need to add the appropriate HTTP headers to their service calls.  Note that calling a REST service from CF would probably be accomplished using the CFHTTP tag if the service is designed to be consumed by the CF server.

• How to pass username and password with the portal url

  i want to access portal from my web site. i have created username and password fields in my web page. when submited , my portal page should open. so how to pass username and password with the portal url.

  This is not straightforward; but it is doable.
  First tell us about your portal version; portal 10.1.4 has a slightly different method of doing it and the pre-10g portals were completely different animals.
  And if you are in AS Rel 2, then the most important document for you would probably be the following:
  [Creating Deployment Specific Pages| http://download-west.oracle.com/docs/cd/B14099_19/idmanage.1012/b14078/custom.htm#i1015535]
  You might want to use it in conjunction with some metalink notes about your portal version and such a login page.
  hope that helps!
  AMN

• How-to access username and password protected Java EE Web services from ADF

  The title of this post is exactly the same as this article by Frank Nimphius:
  http://www.oracle.com/technology/products/jdev/howtos/1013/protectedws/access_protected_web_services_from_adf.htm
  The article addresses the problem of securing web services using usernames and passwords, when those web services are accessed through a proxy or a data control. In the examples, the user names and passwords are specified, whether in the code or the definition of data controls. (SKING/SKING).
  In a very common scenario, users login to reach a page, for example, A.jspx, which contains a button that calls a web service, for example displayDate. Suppose that user has logged in by username/pass of (AHUNOLD/AHUNOLD) and AHUNOLD has access to the service and the page. Is there any way to pass the logged in user name and password to the webservice ? Of course we can hard-code the username in the data control definition or proxy code, but this is just one of the thousands of users who have access to the service and the authentication is not dynamic this way.
  Hope my question is clear. Wishing you all a great Christmas.
  Farbod

  Hi Frank, and happy new year.
  Are you implying that it couldn't be done declaratively? What is your suggestion for this problem? You know the problem... As I described:
  - I need to secure my web services, so when exposed, no one from inside network or the internet, can access the web service without proper permission
  - The web services are shown as web controls on jspx pages. The user has logged in before reaching the page. It is irrelevant to ask him to enter user name and password again.
  - I have user names, passwords and roles in Oracle Internet Directory (Identity Management). It provides some APIs and I can retrieve the usernames and attempt logging in programmically. But how can I get username and password from the session in ADF application?
  I guess using SAML or certificate could be the solution, but I have a problem with SAML, described here:
  Re: Webservices Security, SAML, and Identity Management (OID)
  Best Regards,
  Farbod

• Enter username and password before subscribing to an online (OneDrive) calendar

  Hi guys,
  I use microsoft outlook at work but I at home I have a macbook pro and an iphone. Therefore, I would like to see all appointments and events from my outlook calendar on my apple calendars as well.
  I published the outlook calendar (.ics) on onedrive, which is microsoft's cloud service. Then I tried to subscribe to the calendar on my macbook. After entering the calendar url I get the following error message:
  "There was an error subscribing to the calendar. You do not have permission to access the calendar at https://...."
  Supposedly, I have to enter my onedrive username and password. But the programm does not ask me for it. I just get the error message.
  How can I enter the credentials before the the mac calendar tries to subscribe to the online calendar?
  Appreciate your help
  cheers

  See:
  *http://kb.mozillazine.org/Firefox_crashes
  *https://support.mozilla.com/kb/Firefox+crashes

• Storing encrypted username and password along with the Key into Windows Keystore

  I have a WPf application and I need to allow the user to enter the username and password. Username and Password should be encrypted and store them with the key into the windows Keystore. I used the Cryptography class to encrypt the username and password but
  I am not sure how to store them in the Windows Key Store.
  This login is used for configuration purpose only. User enters  and  it is saved into the clients machine. As long these credentials are correct, we are going to allow this machine to call another API to download files.
  I would really appreciate for any sample code. Basically, I need to store them in the registry and be able to call them to verify.

  Data encryption and key management is certainly not a WPF topic so you are in the wrong forum but you could take a look at the ProtectedData class:
  https://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx.
  It provides methods for encrypting and decrypting data on user or machine level. Please refer to the following link for more information:
  http://stackoverflow.com/questions/4967325/best-way-to-store-encryption-keys-in-net-c-sharp
  Here is another link on the subject that may be helpful:
  http://stackoverflow.com/questions/7459069/where-to-store-sensitive-information-needed-for-an-application-to-run
  Please remember to mark helpful posts as answer to close your threads.

• How to extract username and password from CRMOD

  I have a requirement where i have make a jsp paget hru which user can upload doc in UCM and embed in CRMOD using Web Applet.But at the backend the UCM requires CRMOD username and password.How can i extract username and password frm crmod using java.

  You can get this info from your ISP. This one may help.
  Create a Broadband connection using PPPoE in Windows Vista and Windows Server 2008
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• How to supply username and password for consuming webservice in BizTalk Adaptor?

  While I hit the web service directly , I am able get response from that service, it asked for username and password, after that it processed the request and gave expected output. I am trying to consume the same web service (https) from BizTalk orchestration
  ,  it created message type , port type, binding for me , all fine, but while sending message to the webservice , it throws error like this 
  <SOAP-ENV:Fault xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wd="urn:com.abc/bsvc">
  <faultcode>SOAP-ENV:Client.authenticationError</faultcode>
  <faultstring>invalid username or password</faultstring>
  </SOAP-ENV:Fault>
  I have given username and passoword in port level. I tried basic binding, I also tried wcf_basic binding , but no luck. These bindings were generated by wizard only, I Imported those bindings , ports got created, I just added username and password in the
  port level.
  How should I supply username and password in BizTalk to get this working ? Any inputs would be greatly appriciated
  Regards
  Vivek

  Hi,
  the way to resolve this is to write a Wcf Custom Behavior.
  Several people have blogged about this and Microsoft have written some articles:
  http://social.technet.microsoft.com/wiki/contents/articles/627.using-custom-behaviors-with-the-biztalk-wcf-adapters-part-2.aspx
  http://msdn.microsoft.com/en-us/library/cc952299(v=bts.10).aspx
  The articles are old so you need to verify they still apply.
  mark

• How to change username and password

  How can you change username and password for icloud under settings on iPhone?

  Scroll to bottom and tap the big red Delete Account button, then sign back in with the correct username and password.

• How to know username and password from existing PPPOE broadband connection?

  Hi All,
  I am using windows server 2008 R2, and now I've used PPPOE broadband connection to connect the internet. what I am asking is how to know the username and password from my PPPOE setting, I have the requirement to create same setting in the difference machine.
  thanks.

  You can get this info from your ISP. This one may help.
  Create a Broadband connection using PPPoE in Windows Vista and Windows Server 2008
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• How to change username and password in application connection?

  Hi all!
  when i create a application connection(10gAS), i must enter ias_admin and password, and EJB connection i must enter one user. but i don't know which user.
  can you tell me user and password of that user?
  and if i want change username and password then how must i do ?
  thanks!

  you may change the userID/ passwd from menu or create conn segment for each of the userID/ passwd combination .

• How to give Username and password when calling HTTP page?

  I have this code when i run this I get credentials error. How to give credentials .The authentication is set to windows in the https page. Means pop up will appear to get the credentials
  declare
  req UTL_HTTP.REQ;
  resp UTL_HTTP.RESP;
  value varchar2(1024);
  p_url varchar2(4000);
  OPT varchar2(1000);
  BEGIN
  dbms_output.put_line('');
  p_url:='http://www.xyz.com/';
  dbms_output.put_line(p_url);
  req := UTL_HTTP.begin_REQUEST(p_url);
  utl_http.set_header(req, 'User-Agent', 'Mozilla/4.0');
  resp := utl_http.get_response(req);
  loop
  utl_http.read_line(resp, value, true);
  dbms_output.put_line(value);
  end loop;
  exception
  when utl_http.end_of_body then
  utl_http.end_response(resp);
  END;
  When i run this i get
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
  <title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
  <style type="text/css">

  Basic authentication is set using the UTL_HTTP.Set_Authentication() call.
  If you are using a proxy and need procy authentication, you can set the username and password for proxy access, as part of the proxy URL. E.g.
  utl_http.set_proxy( 'http://proxyuser:[email protected]', null );NTLM (Windows NT LAN Manager) authentication is proprietary and not part of the HTTP specifications. If that is needed, try and use the username and password as part of the URL - or do some research on how to manually perform NTLM authentication.
  If you are using HTTPS, you need an Oracle Wallet with that server's certificate (making it a trusted certificate), and then set/use the wallet using the UTL_HTTP.Set_Wallet() call. See sample code in {message:id=10820182}.

• How to send username and password to XISOAPAdapter

  Hi,
  Can someone please provide a sample piece of source code showing how I can invoke the SOAP Adapter, sending an XML payload and also pass the username and password?
  Many thanks
  Brian

  Hi Peter,
  You're correct. We actually have a mobile c# client running on smartphones (some Pocket PC 2003, some Windows Mobile 5 and now Windows Mobile 6). We are attempting to convert from Business Connector to PI.
  Because of scalability issues with SAP Web Dispatcher we are not using it, but instead we are going PDA <-> Microsoft ISA Server (using Active Directory cert authentication) <-> PI <-> ECC
  So we need to provide a client Certificate for ISA but also username/password for XI SOAP Adapter
  The problem is there seems to be limitations in the mobile c# SSL capabilities so we are trying to understand whether there is some way to send the username and password as header variables.
  thanks
  Brian

• How do I pass username and password to the Citrix client via netlet

  I have managed to call a Citrix managed application from the portal via netlet (via InitialProgram within citrix_start.html) - thankyou William Geurts.
  How do I use the Portal's single sign-on functionality to pass the username and password through to Citrix via netlet?

  Hi,
  This can be done by writing a small application that will pull session/user info from Portal and then pass it on to another app as needed.
  Thanks,
  Raj_indts
  Developer Technical Support
  Sun Microsystems
  http://www.sun.com/developers/support

• How to pass Username and password using Invoke to a webservice

  Hi Guys,
  Please tell me how can I pass Username and password using Invoke to a webservice, I am using SOA 11G.
  Thanks
  Yatan

  Hi Yatan
  I suppose you want to use basic HTTP authentication.
  Try to lookup in the SOA docs this property
  oracle/wss_http_token_client_policy
  http://download.oracle.com/docs/cd/E17904_01/web.1111/b32511/configuring.htm#WSSEC2261
  Regards
  Mihai