How to configure phabricator to support anonymous http?
I follow the official guide, it seems use http for repositories hosting required
diffusion.allow-http-auth is enabled,
But I want to enable anonymous http, how to do that?
Based on what you're asking I'm assuming public access versus user access.
Link
Otherwise I don't think it's possible for security purposes.
It is more than a year since the question was posted, but here is the answer if someone bumps into this:
For HTTP repository access you need to enable diffusion.allow-http-auth as you did.
For general anonymous access to Phabricator you need to enable policy.allow-public, as mentioned in the Answer #Jorden linked to.
Now for specific repository public access (Anonymous), you need to set the Visible policy for the repository to Public (No login required).
Hope this helps
Related
Is it possible to restrict access to a resource (i.e. index.html) depending on whether the user is logged in or not? Maybe something like .htaccess?
No. Firebase hosting doesn't implement access control to static resources.
Also see the discussion in the comments of this question: Firebase route security without AngularFire
There's new info on this:
https://firebase.google.com/docs/hosting/functions
(example:
https://github.com/firebase/functions-samples/tree/master/authorized-https-endpoint )
You should be able to use a Cloud Function to restrict access to content (which is server-side authenticated and generated).
I've trying to find the answer but after reading a bunch of documentation I think it's not possible, but I would be a nice feature. The problem is I want anyone to access the cached repositories but I don't want them to access the web user interface.
The only way I have figured out is tweaking the nginx configuration to allow access only to certain endpoints like raw repository view. Anyway it has some problems which I've not totally resolved.
You could set up a SAML SSO redirect that forces a user to login, and if they fail they are not redirected back to the Artifactory instance. That's the only way I know of that won't let users even look at the front page of Artifactory.
They would get caught on step 3 after an automatic redirect: SAML SSO Login Process
The obvious downside with this is that you need to have a SAML SSO setup in the first place.
I have authenticated using Siteminder & I have obtained accessToken.
Now there is another application that comes under the scope of same application.
I want to use Alfresco there without any need of further sign-up. Basically I want to implement single sign on.
I don't know Siteminder, but sso is possible in alfresco.
You'll have to look at how the authentication subsystem work. You'll find the configuration under alfresco.war\WEB-INF\classes\alfresco\subsystems\Authentication\ you can redefine them under /shared/classes/alfresco/extension/subsystems/Authentication/
Things exist for:
alfrescoNtlm (alfresco's own mechanism)
kerberos
ldap
ldap-ad
passtrhu
external <- this on is a good candidate for you
With external you can tell aflresco to trust what comes from an url. You'll find information here http://docs.alfresco.com/5.0/concepts/auth-external-intro.html or there http://smasue.github.io/alfresco-external-sso
I hope this helps
I have asp.net Web services, and I use them in my site using JS ajax calls.
I would like to set up a security mechanism (of any type) that will allow only users surfing the site to call them, and not just anyone requesting from those webservices.
How can I do that?
Thanks
Have a look at Building Secure Web Services.
A simple way will be to know the IP address of your site and then check whether its same as
HttpContext.Current.Request.UserHostAddress
Allow access only if both matches.
You can use ASP.NET Authentication.For more on authentication in webservirce check this
I have implemented security to my Webservices with Web Service Enhancements 3.0. There are many basic examples on the net that you can check out. But basically you want every Method to be called through a Post instead of a Get, and you would send a SOAPHeader with every HTTP call. The service/method checks the SOAPHeader validates and returns valid content only if the user is authenticated/valid.
Good luck!
I am writing a web application that works with exchange, and so needs to impersonate an account that has admin rihgts to Exchange. This account is specified by the user on setup. What is the best way to get impersonation to use this account, obviously hard-coding this into the web.config won't work as it needs to be able to change, but I'm not sure of the best way to do it.
Also, I actually only need to run as this administrative user for 1 class, is it possible to only impersonate for some methods?
I posted an answer on using impersonation to access a network file share, but it should work for you as well. It includes source for a c# class that can be used to manage the begin/end of impersonation and can be used by any class or method.
The source provided does assume that you are storing the username and password in the web.config.
See the original question and answer for more details.
The way I've done this in the past is to use LogonUser. The links below provide some guidance on how to go about this.
http://blogs.msdn.com/shawnfa/archive/2005/03/21/400088.aspx
http://www.guidanceshare.com/wiki/ASP.NET_2.0_Security_Guidelines_-_Impersonation/Delegation
You might also want to consider whether you can use Exchange impersonation and have your application run under a fixed identity that can impersonate in Exchange via Exchange Web Services.
You could do it as above, but in this scenario what's wrong with just modifying the web.config during your setup process?
In addition to LogonUser as others have noted, or the WindowsImpersonationContext class, you might also consider separating out the privileged code. For instance, running as an Enterprise Services object (running under COM+). This would allow you to have the OS manage the credentials, PLUS you have a builtin trust boundary around the privileged code.
Of course you would need to implement limits on who can call this object, but that's easily configurable...