Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
I am developing a web scraping project which requires for me to send requests to certain pages of a website. As it stands, from what I can see using my web debugger, I have to send requests to the home page of the site in order to get a response with certain cookies which I would need to access other parts of the site. This is necessary for me currently because I would have to manually add cookies from the response headers which can be a pain.
Any help would be appreciated.
You'll want to specify a cookie "jar" for your http client, which will provide a persistent cookie location that will be sent by client requests and updated based on cookie headers in the response:
https://golang.org/pkg/net/http/cookiejar/#example_New
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
I registered my application on Uber Developer Dashboard (server Asp.NET application). In the Auth tab of Dashboard I found the parameters for authorization: Client ID, Client Secret. Using OAuth2 I successfully received authorization code in ASP.Net MVC Controller in VS2017 by redirect link.
I use Uber C# SDK (https://github.com/timothyclifford/uber-csharp-sdk)
and run applications on localhost use ngrok. When I try to request an access token, then I get an error. In Visual Studio displayed status
"Waiting for Activation"
VS status error
If you make a request through Postman, then I get this answer
Postman error
In Dashboard I see two message:
Message 1 :
"Please reach out to your Uber Business Development representative for
server token access."
Message 2 :
"Your application currently does not have access to any scopes. Please
contact your Uber Business Development representative or Uber point of
contact to request access."
Dashboard
I can assume that the problem is related to the scopes, but I don’t understand how to specify this scopes. I do not need to make requests on behalf of the user, I want make requests from the application account. Also now I can't fill the fields redirect URI and a privacy policy URL in the Settings tab because the project is under development
How do I set up an application account to get a token? Maybe I'm making a wrong request?
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
i have register page in ionic that communicating with wordpress rest api, for register new user by api it needs admin access
for admin access i should post admin user and pass then by admin revised token send registration user request
but i want ask about secure of this method, when sending admin user pass through the app can it sniffed ?
i think in this method admin user pass can easily sniff
i'm not test it but i'm not sure about security sending admin data
please guide about it
Ionic is a client-side framework. Anything stored on or sent from/to the client is known to the user, and you can do nothing about this apart from making it somewhat harder. The user can be assumed to have full control of the client device, be it a pc, a mobile phone or whatever else.
So for you design to work and based on your description, you have to store the Wordpress admin username and password on the client. This is clearly insecure, your users will be able to extract it from the Ionic app itself, or even easier, when it gets sent to the server, as you correctly discovered.
The solution is to have a server-side component that will hold the Wordpress credentials for you, and your Ionic app would talk to your server only. This would effectively mitigate the Wordpress admin credentials issue, but you need another server.
Also note that using such a server, anybody will still be able to act like your Ionic app, and register users in Wordpress. You should not assume that it's only your Ionic client that can do this, because as stated above, anything known to the client is known to the user, who can create arbitrary requests, indistinguishable from your Ionic client requests. But with this new server in the design, at least the Wordpress admin credentials will not be disclosed, and any functionality not exposed by your server will not be available to endusers.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
I am just leatning in crypting for my application to encrypt web.config asp.net. I have encrypted my web.config file using AES. When I run my application db got connected.
I just wan to know how sql able to read encrypted connection string?
"When the page is requested, the .NET Framework decrypts the connection string information and makes it available to your application."
https://msdn.microsoft.com/en-us/library/hh8x3tas(v=vs.100)
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
Scenario:
IIS ARR front-end is distributing load to n. IIS app servers running MVC 6.
Multiple domains point to the ARR
Using MS Identity authentication
All Appservers serve the same application with slight branding/content changes depending on which domain was used to access the site. We'll call each variation a "portal".
Can you verify the following assumption?
Identity auth tickets appear to work out of the box for this scenario.
Specifically, If a user logs into the site under "www.foo.com" and then hits the same site using "www.bar.com" that they will not appear to be authenticated at bar.com (even though they are technically hitting the same application, on the same or different App server).
Are there any gotchas with this?
Can you check this architectural decision?
We've linked in a MVC 6 middleware component to inspect the domain of each request to set a "portalID" variable in the HTTP context's Request object. The component just checks the domain name against a Hashtable and sets the appropriate portal ID for the request.
Variable content is rendered using partial views and the new view components. All variable content (like header image references, text, etc) is stored in a database and IMemoryCached cached and varied by portalID
When a user registers, the registration method tags the user with their PortalID (we only have one user DB for all "portals", but want to keep the users segmented).
Is this a reasonable way to implement this scenario, given the new MVC 6 framework?
Can you think of any gotchas with this implementation?
In regards to authentication, auth tickets (cookie-based authentication) are per domain so you'll have no problems with a user accessing Portal A when only logged into Portal B. You can implement so that can be authenticated across multiple sub-domains, but that's a non-default scenario and only applies to sub-domains, not to entirely different domains. In fact, prove it to yourself by logging into one of your portals and seeing the authentication ticket in your cookie collection. Then go to another domain/portal and view your cookie collection: your auth cookie won't be there (applies to any cookie).
I've implemented scenarios like this many times without issues (one app, many different "sites" with caching/differing views/etc.) albeit Forms Authentication ones, but the principal still applies.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
How does Shibboleth guarantee that 3rd parties do noet get access to user attributes contained in SAML 2.0 assertion exchanged between IdP and SP?
Is it correct that all user attributes are encrypted when transferred from IdP to SP? Are the user attributes encrypted with a symmetric key which is also included in the assertion but encrypted with the public key of the SP?
I doubt that Shibboleth does anything to guarantee that user attributes are encrypted. Per the SAML 2.0 spec (pdf):
Message confidentiality of both SAML requests and SAML responses is OPTIONAL and depends on the environment of use.
However, SAML 2.0 does permit the use of message-level confidentiality guarantees (pdf), including XMLEnc and XMLSig (both of which Shibboleth supports) as well as custom profile or attribute types which may support other modes of message-level confidentiality.