Uploader: A simple uploader with user based authentication

Similar Messages

• Issue with form based Authentication in three tier sharepoint 2013 environment.

  Hi,
  We are facing issue with form based Authentication in three tier environment.
  We are able to add users to the database and in SharePoint.
  But we are not able to login with created users.
  In single tier everything working fine
  Please help , Its urgent ... Thanks in advance.
  Regards,
  Hari
  Regards, Hari

  if the environments match, then it sounds like a kerberos double-hop issue
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• ActiveSync with Certificate-Based Authentication

  We are trying to setup ActiveSync with certificate-based authentication against Exchange 2010 SP2, but with no luck.
  What has been done so far:
  OWA over https works fine. A public, trusted certificate is in place.
  Setup ActiveSync against this Exchange server: works fine, using user name/password.
  Issued a user cert, signed with an internal CA, CA-cert successfully imported into al client devices.
  Created a new OWA-site with cert-based authentication (just to make sure it works), imported user certificate into a mac, visit this OWA site - cert-based authentication works fine.
  Now, with the configuration utility, created configuration profile with that user cert and an ActiveSync account, left password blank and chose the imported cert (p12) as authentication means.
  After installing that last profile the device keeps asking for a password and refuses to synchronize. Logs on the server show error 401.2, so I assume iPhone is ignoring the cert and is trying to use password-authentication instead.
  The devices tested were iPhone 3G with IOS 4 and iPad 2 with IOS 5.
  Any help will be greatly appreciated.
  Roman.

  No-one with this experience?
  We've done some network analysis (as much as was possible to decrypt) and could see, that the server sends an SSL-Alert (rejection?) to the client after the client presents the certificate.
  That explains why the client falls back to password-authentication, but it does not tell us why the server rejects the cert (that is accepted perfectly when accessed from a browser) in first place.

• How To Use HttpUnit With FORM-based Authentication?

  I'm just getting started with HttpUnit, and I'm having a problem:
  How does one use HttpUnit with FORM-based authentication?
  I have a Web app where I specify a number of protected URLs. When a user tries to invoke one of them in a browser, Tomcat 4.1.30 brings up a login page that I specified and asks for a username and password. The values given by the user is checked against the tomcat-users.xml file. If the user is valid, Tomcat
  forwards the response from the original request. If invalid, an error page is displayed. The user is considered valid until either the session times out or the browser is closed.
  Does HttpUnit have to log into the app every time I run a test? How does it manage subsequent pages after login?

  I don't think that's true. HttpUnit is 100% Java and based on JUnit. HttpUnit has nothing to do with Apache, AFAIK. HttpUnit is for unit testing servlets and JSPs. Apache is a Web server. It doesn't have a servlet/JSP engine, unless you bolt Tomcat on top of it.
  Perhaps we're talking about two different packages. - %

• Exchange 2010 SP3 OWA with certificate based authentication

  Hi,
  I have a bizarre problem in my customer’s environment. Maybe someone has an idea.
  Exchange 2010 with SP3, latest cumulative Update installed.
  The problem I’m having is that when I enable Certificate based authentication (require client certificate option in IIS) on OWA and ECP virtual directories in conjunction with forms based authentication (this is the requirement – the user
  must have a client certificate and type in username and password to log in to OWA), the result is that after the user selects the certificate he wants to use, he is logged into OWA automatically, but cannot use the website, because it’s being constantly automatically
  refreshed (or redirected to itself or something like that). The behavior occurs with all users, with any browser. If client certificate is on required, forms based authentication works just fine. If I switch to “Basic Authentication” and enable client certificate
  requirement, then OWA act’s as it should be – so no problems. The problem only occurs when authentication type is forms based and client certificates are required.
  I have tried the exact same settings (as far as I can tell) on one other production server and one test server, and encountered no such problems.
  Anyone – any ideas?

  Hi McWax,
  According to your description and test, I understand that all accounts cannot login OWA when select require client certificate.
  Is there any error message when open OWA or login? For example, return error ”HTTP error: 403 - Forbidden”. Please post relative error for further troubleshooting.
  I want to confirm which authentication methods are used for OWA, Integrated Windows authentication or Digest authentication? More details about it, for your reference:
  http://technet.microsoft.com/en-us/library/bb430796(v=exchg.141).aspx
  If you select another authentication method, please check whether Client Certificate Mapping Authentication services is installed, and also enabled in IIS, please refer to:
  http://www.iis.net/configreference/system.webserver/security/authentication/clientcertificatemappingauthentication
  To prevent firewall factor, please try to sign in OWA at CAS server. Besides, I find a FAQ about certificate:
  http://technet.microsoft.com/en-us/library/aa998424(v=exchg.80).aspx
  Best Regards,
  Allen Wang

• How to pass credentials/saml token access sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication

  How to pass credentials/saml token exchange to the sharepoint web service ex:lists.asmx when sharepoint has single sign on with claims based authentication 
  Identity provider here is Oracle identity provider 
  harika kakkireni

  Hi,
  The following materials for your reference:
  Consuming List.asmx on a claims based sharepoint site
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/f965c1ee-4017-4066-ad0f-a4f56cd0e8da/consuming-listasmx-on-a-claims-based-sharepoint-site?forum=sharepointcustomizationprevious
  Sharepoint Claims based authentication and Single Sign on
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/2dfc1fdc-abc0-4fad-a414-302f52c1178b/sharepoint-claims-based-authentication-and-single-sign-on?forum=sharepointadminprevious
  Sharepoint Claim Based Authentication Web Service issuehttp://social.msdn.microsoft.com/Forums/office/en-US/dd4cc581-863c-439f-938f-948809dd18db/sharepoint-claim-based-authentication-web-service-issue?forum=sharepointgeneralprevious
  Best Regards
  Dennis Guo
  TechNet Community Support

• MfE with Certificate Based Authentication on E6

  Hello,
  I've been trying to setup MfE on my E6 but I can't find a way to configure it to use a personal certificate, I even tried using "Nokia Configuration Tool" but it tells me that my device does not support MfE with Certificate Based Authentication, I get "Invalid Credentials" when using a username & password.
  I get the same error on both Anna and Belle.
  Any help would be appreciated.
  Thanks

  Better give the MfE configuration in detail.
  Also please advise the if the server is a real Microsoft Exchange Server or a third-party mail service such as Gmail or Live.
  bbao
  * If this post helped you, please click the white Kudo star.
  * If this post has solved your issue, please click Accept as Solution.

• Exchange 2013 - How to configure Outlook Anywhere with certificate based authentication?

  Hello,
  is it possible to secure Outlook Anywhere in Exchange 2013 with certficate based authentication?
  I found documentation to configure CBA for OWA and ActiveSync, but not for Outlook Anywhere.
  We would like to secure external access to the mailboxes via Outlook by using CBA.
  Thanks a lot in advance!
  Regards,
  André

  Hi,
  Let’s begin with the answer in the following thread:
  http://social.technet.microsoft.com/Forums/en-US/e4b44ff0-4416-44e6-aa78-be4c1c03f433/twofactor-authentication-outlook-anywhere-2010?forum=exchange2010
  Based on my experience, Outlook client only has the following three authentication methods:Basic, NTML, Negotiate. And for more information about Security for Outlook Anywhere, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/bb430792(v=exchg.141).aspx
  If you have any question, please feel free to let me know.
  Thanks,
  If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Angela Shi
  TechNet Community Support

• EAS with certificate user based authentication

  Hello,
  Is it a way to sync with exchange using certificate based authentication ?
  I tried and tried but nothing happend...
  I could install personal certificate, but Iphone ever ask me username and password...
  Please help...

  We are trying to do the same thing. Our windows mobile implementation is working with Exchange 2003, where we are assigning client certificates for the users to their devices, where in turn the exchange server will only let them in if they use that client certificate.
  This does not seem to work on the iPhone. Does anyone have a contact at Apple that we can work through to get this to work?

• Ask for help with form based authentication & authorization

  Hi:
  I encountered the following problem when I tried the form based authentication & authorization (see the attached part of the config files, web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, it doesn't go the login error page as long as the user/pwd match, even though the user does not have the necessary role
  in the example below, user3 should be denied to access the signin page, but seems no login error page returned, actually I never see any page / error message which complain about the authorization / access control error
  2. after authenticate correctly, always get redirected to the / (context root) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

  Hi, Paul:
  Thanks a lot for your reply.
  Firstly let me just correct a little in the attachment I put previously, I think I missed following lines :
  <auth-constraint>
  <description>no description</description>
  <role-name>customer</role-name>
  </auth-constraint>
  So, user1 & user2 are in the customer group, but user3 not, and /control/singin is protected by this security constraint, as a result, when anyone click the link to /control/singin, he was led to the login page, if he tries to login as user1 & user2, he should pass & led to original page (in this case /control/singin, and my code's logic, once /control/signin is used, means that he already login successfully & redirected to the login success page), but if he tries to login as user3, he should only pass the authentication check, but fail the authorization check, and led to login error page.
  What not happen are :
  1. user1 & user2 pass, but redirect to /
  2. user3 also pass, because I see that debug message shows also get redirected to /, instead of login error page
  (login error page will be displayed, only if I try to login as a user with either wrong userid, or wrong password)
  3. one more thing I notice after I first time post the message, the container does not remember the principal, after 1. is done, not even for a while
  And the similar configuration works under Tomcat 3.2.1, for all 3. mentioned above.
  Any idea ?
  HaiMing
  "Paul Patrick" <[email protected]> wrote:
  If I understand what your trying to do, everyone should get access to the
  login page since roles are not
  associated with principals until after they authenticate. If I follow what
  you specified in the XML files,
  authenticated users user1 and user2 are members of a group called
  customer_group.
  The principal customer_group (and therefore its members) is mapped in the
  weblogic.xml file to the role
  customer.
  I can't speak to the reason your being redirected to the document root.
  Paul Patrick
  "HaiMing" <[email protected]> wrote in message
  news:[email protected]...
  Hi:
  I encountered the following problem when I tried the form basedauthentication & authorization (see the attached part of the config files,
  web.xml, weblogic.xml & weblogic.properties)
  1. authorization seems not invoked against the rules specfied, itdoesn't go the login error page as long as the user/pwd match, even though
  the user does not have the necessary role
  in the example below, user3 should be denied to access the signinpage, but seems no login error page returned, actually I never see any page
  / error message which complain about the authorization / access control
  error
  2. after authenticate correctly, always get redirected to the / (contextroot) url, instead of the url prior the login page, for e.g., signin page
  Any idea ?
  Thanks in advance.
  HaiMing
  attach config files
  web.xml
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>MySecureBit1</web-resource-name>
  <description>no description</description>
  <url-pattern>/control/signin</url-pattern>
  <http-method>POST</http-method>
  <http-method>GET</http-method>
  </web-resource-collection>
  </security-constraint>
  <login-config>
  <auth-method>FORM</auth-method>
  <realm-name>default</realm-name>
  <form-login-config>
  <form-login-page>/control/formbasedlogin</form-login-page>
  <form-error-page>/control/formbasedloginerror</form-error-page>
  </form-login-config>
  </login-config>
  <security-role>
  <description>the customer role</description>
  <role-name>customer</role-name>
  </security-role>
  weblogic.xml
  <security-role-assignment>
  <role-name>
  customer
  </role-name>
  <principal-name>
  customer_group
  </security-role-assignment>
  weblogic.properties
  weblogic.password.user1=user1pass
  weblogic.password.user2=user2pass
  weblogic.password.user3=user3pass
  weblogic.security.group.customer_group=user1,user2

• IOS 6.0.1 - Problems with certificate based authentication on wireless access point

  Hi all
  We are using iPad 2 as order terminals in our shops for about 5 months. Some of the iPads (the first who entered the field) started to cause problems now. These iPads are no longer able to keep long-term connection to the wireless access point in our stores. After selecting the SSID a successful authentication using the stored EAP-TLS certificate is performed (this can be seen in the log files of our wireless controller and by the IP adress that is given by DHCP). But within seconds the affected iPads opening up a captive portal page (empty, without contents) and separates the connection to the SSID after a short time again.
  Affected are currently only iPads 2 with iOS 6.0.1, which were staged about 5 months ago. The newer devices with iOS 6.1+ connect without problems and open no captive portal page. The first cases occurred on the last Wednesday. Before that everything worked without difficulty. No modifications took place on the security structure.  The numbers of affected devices increased until all iOS 6.0.1 were affected.
  Access to other SSIDs (without use of certificates, by entering a key) for the devices is still possible (the devices does not open an captive portal page). The DHCP scope is not used up, so there are enough IP addresses available.
  "Newer iPads" with an iOS of 6.1+ are are showing no problems on the same wireless access point, where the older devices are rejected. New and old devices use the same certificates and authentication mechanisms.
  In the analysis of the issue, it turned out that  the problem can be solved by an update to iOS 6.1.3. Subsequently, the iPads will be able to rebuild a connection with the access point, without a captive portal page.
  Since the bandwidth is very narrow dimensioned in our stores, the communication of the iPads was severely restricted. Thus, the iPads are for exampleare accessible for the APNS but can not find iOS updates or check for their availability.
  A comprehensive update to iOS 6.1.3 is currently excluded.
  Does anyone knows this issue? What else can be done (except from updating)?

  I will answer my own question in case it helps anyone else.
  It would "seem" the ios 6 devices try the proxy and if that is not working they resort to the def gateway.
  To Fix I did the following:
  Brocade WIFI network has IPS and Advanced Firewall rules that seemed to be tthwarting some traffic, the iphones would then try the default gateway and be blocked at the FW. 
  I disabled the IPS and the Advanced Firewall Settings on the wifi as they are redundant to our main IPS and firewall that all traffic flows through anyway.  I will tune it later, but when the CEO is demanding a fix "**** the security, full speed ahead"
  Created some rues on the firewall to allow...
  - IMAP-SSL (port993) outbound
  - SMTPS (port 465) to yahoo servers outbound
  - tcp port 587 to yahoo servers outbound
  - https to akamai servers
  Most http and https goes through the proxy as it should, BUT...
  It seems that the akamai traffic allways ignores the wifi proxy settings and just heads straight for the default gateway.  I suspect there is a bug in the icloud app? 
  Hope this helps someone else.
  -Bo

• Create a Web Service for Exchange with form based authentication ?

  I want to create a Web Service in Apex that can create appointments in my exchange calendar. Exchange is offering web services for that.
  When i try to create the web service reference in Apex i provide the URL and my Exchange login, but it is failing.
  The exchange guys told me, that there is a ISA Server running where i need to authenticate through a form.
  Does anyone know, how i can implement a webservice in Apex, when the access to the wsdl url needs login through a form ?
  Or : what other types of authentication does Apex know ? What possibilities do i have ?
  Thanks for answers.
  Bernd

  Hi
  Presume you've already found this information, but in case not ....
  Exchange 2007 provides out of the box web services, see
  http://msdn.microsoft.com/en-us/library/bb408417.aspx
  As a disclaimer - neither myself of the team I work with have tried to use these web services within APEX.
  Regards
  Chris

• Retrieving results for comparison in form based authentication with entitie

  Hi,Im developing an application using EJB3.0 and at the moment im working on a module involving user authentication.I work with the sun java system appserver 9.1 and netbeans 5.5.2 using the default toplink as the persistent provider.I have problems performing user based authentication.where am at is at shown below.I used a SLSB facade design pattern and created an entity from an existing database I built solely for the application (table name user_table). This is the code I have currently:
  Entity
  * UserTable.java
  * Created on 31 March 2008, 16:06
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  package Entities;
  import java.io.Serializable;
  import javax.persistence.Column;
  import javax.persistence.Entity;
  import javax.persistence.Id;
  import javax.persistence.Table;
  * Entity class UserTable
  * @author Ayo
  @Entity
  @Table(name = "user_table")
  public class UserTable implements Serializable {
  @Id
  @Column(name = "user_id", nullable = false)
  private Integer userId;
  @Column(name = "username")
  private String username;
  @Column(name = "password")
  private String password;
  @Column(name = "user_type")
  private String userType;
  @Column(name = "access_level")
  private String accessLevel;
  @Column(name = "staff_id")
  private Integer staffId;
  @Column(name = "staff_type", nullable = false)
  private String staffType;
  @Column(name = "time_created")
  private String timeCreated;
  @Column(name = "time_modified")
  private String timeModified;
  @Column(name = "time_logged_in")
  private String timeLoggedIn;
  @Column(name = "time_logged_out")
  private String timeLoggedOut;
  @Column(name = "created_by")
  private String createdBy;
  /** Creates a new instance of UserTable */
  public UserTable() {
  * Creates a new instance of UserTable with the specified values.
  * @param userId the userId of the UserTable
  public UserTable(Integer userId) {
  this.userId = userId;
  * Creates a new instance of UserTable with the specified values.
  * @param userId the userId of the UserTable
  * @param staffType the staffType of the UserTable
  public UserTable(Integer userId, String staffType) {
  this.userId = userId;
  this.staffType = staffType;
  * Gets the userId of this UserTable.
  * @return the userId
  public Integer getUserId() {
  return this.userId;
  * Sets the userId of this UserTable to the specified value.
  * @param userId the new userId
  public void setUserId(Integer userId) {
  this.userId = userId;
  * Gets the username of this UserTable.
  * @return the username
  public String getUsername() {
  return this.username;
  * Sets the username of this UserTable to the specified value.
  * @param username the new username
  public void setUsername(String username) {
  this.username=username;
  * Gets the password of this UserTable.
  * @return the password
  public String getPassword() {
  return this.password;
  * Sets the password of this UserTable to the specified value.
  * @param password the new password
  public void setPassword(String password) {
  this.password=password;
  * Gets the userType of this UserTable.
  * @return the userType
  public String getUserType() {
  return this.userType;
  * Sets the userType of this UserTable to the specified value.
  * @param userType the new userType
  public void setUserType(String userType) {
  this.userType = userType;
  * Gets the accessLevel of this UserTable.
  * @return the accessLevel
  public String getAccessLevel() {
  return this.accessLevel;
  * Sets the accessLevel of this UserTable to the specified value.
  * @param accessLevel the new accessLevel
  public void setAccessLevel(String accessLevel) {
  this.accessLevel = accessLevel;
  * Gets the staffId of this UserTable.
  * @return the staffId
  public Integer getStaffId() {
  return this.staffId;
  * Sets the staffId of this UserTable to the specified value.
  * @param staffId the new staffId
  public void setStaffId(Integer staffId) {
  this.staffId = staffId;
  * Gets the staffType of this UserTable.
  * @return the staffType
  public String getStaffType() {
  return this.staffType;
  * Sets the staffType of this UserTable to the specified value.
  * @param staffType the new staffType
  public void setStaffType(String staffType) {
  this.staffType = staffType;
  * Gets the timeCreated of this UserTable.
  * @return the timeCreated
  public String getTimeCreated() {
  return this.timeCreated;
  * Sets the timeCreated of this UserTable to the specified value.
  * @param timeCreated the new timeCreated
  public void setTimeCreated(String timeCreated) {
  this.timeCreated = timeCreated;
  * Gets the timeModified of this UserTable.
  * @return the timeModified
  public String getTimeModified() {
  return this.timeModified;
  * Sets the timeModified of this UserTable to the specified value.
  * @param timeModified the new timeModified
  public void setTimeModified(String timeModified) {
  this.timeModified = timeModified;
  * Gets the timeLoggedIn of this UserTable.
  * @return the timeLoggedIn
  public String getTimeLoggedIn() {
  return this.timeLoggedIn;
  * Sets the timeLoggedIn of this UserTable to the specified value.
  * @param timeLoggedIn the new timeLoggedIn
  public void setTimeLoggedIn(String timeLoggedIn) {
  this.timeLoggedIn = timeLoggedIn;
  * Gets the timeLoggedOut of this UserTable.
  * @return the timeLoggedOut
  public String getTimeLoggedOut() {
  return this.timeLoggedOut;
  * Sets the timeLoggedOut of this UserTable to the specified value.
  * @param timeLoggedOut the new timeLoggedOut
  public void setTimeLoggedOut(String timeLoggedOut) {
  this.timeLoggedOut = timeLoggedOut;
  * Gets the createdBy of this UserTable.
  * @return the createdBy
  public String getCreatedBy() {
  return this.createdBy;
  * Sets the createdBy of this UserTable to the specified value.
  * @param createdBy the new createdBy
  public void setCreatedBy(String createdBy) {
  this.createdBy = createdBy;
  * Returns a hash code value for the object. This implementation computes
  * a hash code value based on the id fields in this object.
  * @return a hash code value for this object.
  @Override
  public int hashCode() {
  int hash = 0;
  hash += (this.userId != null ? this.userId.hashCode() : 0);
  return hash;
  * Determines whether another object is equal to this UserTable. The result is
  * <code>true</code> if and only if the argument is not null and is a UserTable object that
  * has the same id field values as this object.
  * @param object the reference object with which to compare
  * @return <code>true</code> if this object is the same as the argument;
  * <code>false</code> otherwise.
  @Override
  public boolean equals(Object object) {
  // TODO: Warning - this method won't work in the case the id fields are not set
  if (!(object instanceof UserTable)) {
  return false;
  UserTable other = (UserTable)object;
  if (this.userId != other.userId && (this.userId == null || !this.userId.equals(other.userId))) return false;
  return true;
  * Returns a string representation of the object. This implementation constructs
  * that representation based on the id fields.
  * @return a string representation of the object.
  @Override
  public String toString() {
  return "Entities.UserTable[userId=" + userId + "]";
  SLSB
  * UserTableFacade.java
  * Created on 31 March 2008, 16:07
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  package Entities;
  import java.util.*;
  import javax.ejb.Stateless;
  import javax.persistence.EntityManager;
  import javax.persistence.PersistenceContext;
  * @author Ayo
  @Stateless
  public class UserTableFacade implements UserTableFacadeLocal {
  @PersistenceContext
  private EntityManager em;
  /** Creates a new instance of UserTableFacade */
  public UserTableFacade() {
  public void create(UserTable userTable) {
  em.persist(userTable);
  public void edit(UserTable userTable) {
  em.merge(userTable);
  public void destroy(UserTable userTable) {
  em.merge(userTable);
  em.remove(userTable);
  public List findAll() {
  return em.createQuery("select Object(o)from UserTable as o").getResultList();
  local interface
  * UserTableFacadeLocal.java
  * Created on 31 March 2008, 16:07
  * To change this template, choose Tools | Template Manager
  * and open the template in the editor.
  package Entities;
  import java.util.*;
  import javax.ejb.Local;
  * @author Ayo
  @Local
  public interface UserTableFacadeLocal {
  void create(UserTable userTable);
  void edit(UserTable userTable);
  void destroy(UserTable userTable);
  List findAll();
  controller servlet
  * userCheck.java
  * Created on 15 March 2008, 22:41
  package servlets;
  import Entities.UserTable;
  import Entities.UserTableFacadeLocal;
  import Entities.userValidationBean;
  import Entities.userValidationRemote;
  import java.io.*;
  import java.util.Iterator;
  import java.util.List;
  import java.util.Collection;
  import javax.servlet.*;
  import javax.servlet.http.*;
  import javax.ejb.*;
  * @author Ayo
  * @version
  public class userCheck extends HttpServlet {
  @EJB
  private UserTableFacadeLocal userTableFacade;
  UserTable u;
  String userFellow;
  String pass;
  String username,password;
  /** Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
  * @param request servlet request
  * @param response servlet response
  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  /*con=null;
  ps=null;
  rs=null;
  s=null;
  */response.setContentType("text/html;charset=UTF-8");
  PrintWriter out = response.getWriter();
  username=request.getParameter("username");
  password=request.getParameter("password");
  if(username==""||password=="")
  showError("<b><font color=\"red\">Please fill in the required blanks.</font></b>",request,response);
  else
  List user=userTableFacade.findAll();
  for(Iterator it=user.iterator();it.hasNext();)
  u=(UserTable)it.next();
  userFellow= u.getUsername();
  pass=u.getPassword();
  //out.println(" <b>"+elem.getTitle()+" </b><br />");
  //out.println(elem.getBody()+"<br /> ");
  //I used the following two lines to determing if im actually accessing the database and retrieving results, and I get all records in the table(usernames and passwords).
  //BUT I NEED A SPECIFIC RECORD TO MATCH THE USERNAME AND PASSWORD FROM THE FORM AND IF IT DOES NOT MATCH,I REDIRECT TO THE ERROR PAGE.THAT'S WHERE IM STUCK.
  out.println(userFellow);
  out.println(pass);
  /* if(username.equals(userFellow)&&password.equals(pass))
  RequestDispatcher d=request.getRequestDispatcher("blah.jsp");
  d.forward(request,response);
  else
  showError("<b><font color=\"red\">Invalid Login details!</font></b>",request,response);
  private void showError(String errorMsg,HttpServletRequest request,HttpServletResponse response)throws ServletException,IOException
  request.setAttribute("error_msg",errorMsg);
  RequestDispatcher dispatcher=request.getRequestDispatcher("admin_error.jsp");
  dispatcher.forward(request,response);
  // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
  /** Handles the HTTP <code>GET</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Handles the HTTP <code>POST</code> method.
  * @param request servlet request
  * @param response servlet response
  protected void doPost(HttpServletRequest request, HttpServletResponse response)
  throws ServletException, IOException {
  processRequest(request, response);
  /** Returns a short description of the servlet.
  public String getServletInfo() {
  return "Short description";
  // </editor-fold>
  I NEED HELP.ive been on this for 5 days and i cant seem to get a solution. I tried creating a method (private Collection findByUsername()) and(private Collection
  findByPassword()) in the local interface that would supposedly return records based on input from the form but I got a null pointer and an ejb exception saying
  unknown find method or something, as in ,or an error message that said i cant search records by name or something.I dont know. Or is it the query that is not
  specific enough. I didnt seem to get the syntax right when i was trying to search by username and password.Please someone help me.
  Ayo.

  Hey everyone,
  Is the question I posted that hard?
  I even tried to just load a HTML <img src="picture.jpg"/> tag
  on the login.jsp and even this won't show.
  I'm thinking that the container, with the security mechanism, is blocking
  styles and images???
  Anyone...please help.
  -Yuri

• User Certificate based Authentication Using Anyconnect (DTLS)

  Hello,
  I believe it is possible to set up an ASA to enforce the need for anyconnect users to have a USER certficate installed on their machine before the VPN grants them access.  However, I`ve been trying to get this to work but I`m always allowed to connect with only a password.  Would appreciate any guidance on how to get this working with user based certificate authenitcation.  Are there any documents around specific to the full process of setting up anyconnect with user certfificate authentication??
  Thank you

  Hi,
  I don’t believe that this functionality exists at this time on the ISA.
  http://www.cisco.com/en/US/docs/security/small_business_security/isa500/administration/guide/ISA500_AG_OL-23370.pdf
  From the admin guide for the ISA.  “According to the user authentication settings specified on the security appliance, the SSL VPN users can be authenticated by the local database or external AAA server (such as Active Directory, LDAP, or RADIUS). For information on configuring the user authentication settings, see Configuring User Authentication Settings, page 346.
  Thanks,
  Jason Nickle

• SharePoint 2013 web service: Error while sending claim based authentication request (The corresponding SID in the domain is not part of the intended account type)

  We are using .asmx services for SharePoint features such as comments, and rating.
  Service
  Feature   used
  http://<<hostname>>/_vti_bin/socialdataservice.asmx
  Commenting, Rating
  http://<<hostname>>/_vti_bin/UserProfileService.asmx
  For out of box workflows
  In SharePoint 2013,
  SharePoint – 80  web application is on claims based mode and user is logging in with windows authentication. With logged-in client context used to call SharePoint's default web service, we are getting below error message from
  web service (Social data and user profile services).
  Server was unable to process request. ---> The corresponding SID in the domain is not part of the intended account type.
  When the service is accessed using console application with Visual Studio credentials (logged in user), we are able to access the service. Below is the code snippet
  using   (SocialDataService
  service = new  
  SocialDataService())
                    service.Credentials =
  CredentialCache.DefaultCredentials;
  SocialCommentDetail detail =   service.AddComment("<<url>>",
    "Test Comment",
  null,  
  null);
  Are SharePoint 2013 web services not supporting request coming with claim based authentication web application?
  Thanks, Pratik Agrawal (MAQ Software)

  While this applies to 2010, I believe the same is true with 2013:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/925e5f46-317f-46d3-bc55-c67f07eb2372/call-sharepoint-web-services-using-claimbased-authentication?forum=sharepointgeneralprevious
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.