When I try to set a response header content disposition as attachmnent and give it a filename (consider abc.xlsx), then marklogic throws an exception message saying that privilege required to set response header. For the application, I set Authentication to application-level, because I cannot set it to basic or digest or anything else. So what is the list of probable alternatives? I want to prompt a download dialogue to the end user.
Go the admin UI and find the name of the user that your appserver is running as. By default, probably nobody. Then go to the security section in the admin UI, find the user, and give that user the privilege to set response headers. Alternatively, you could use a different user that already has that privilege (or you could create a new one).
Related
I have a PL/SQL application which has a log out button with following code being executed when log out button is clicked:
-- Open the HTTP header
owa_util.mime_header('text/html', FALSE, NULL);
-- Send a cookie to logout
owa_cookie.send('WDB_GATEWAY_LOGOUT', 'YES', path=>'/');
-- Close the HTTP header
owa_util.http_header_close;
-- Generate the page
htp.p('You have been logged off from the WEBSITE');
htp.p('click here to log in');
htp.p('<BR>bye');
It works perfect when using internet explorer, however when I use mozzila when I log back in I am still logged in as previous user. Has anyone else been in this situation? How can I make this work for mozilla as well?
I got this code from oracle documentation page:
https://docs.oracle.com/cd/B13789_01/server.101/b12303/secure.htm
Thanks in advance!
I've found it best to set and unset your own session cookie. Then use owa_custom to verify the cookie.
In the dad.config file add:
PlsqlAuthenticationMode CustomOwa
Then create a package in your schema: called owa_custom and add one function inside: owa_custom.authorize
owa_custom.authorize will be called before each web invocation. You can check your session cookie and if you want to allow the web call return true. To block, return false and the user will get a 403 forbidden.
Then if you like you can write a custom 403 forbidden page and redirect to your login page.
Just know that in 12C, mod_plsql is going away and you'll need to use the Oracle Rest Listener. The same functionality exists there. Things just have different names.
I have Asterisk server with Freeradius server on the same machine and trying to authenticate with Radius if a user can make a call or not but I am getting an error while calling that is:
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Is there something that I am missing in one of Radius files that I have to add?
The issue is that no module in the authorize section of your virtual server has taken responsibility for processing the request.
You should remove the contents of the authorize section, and list the following modules:
authorize {
pap
chap
mschap
digest
eap
}
You should then run the server in debug mode radiusd -X to see which module is taking responsibility for the request (you'll see one returns ok or updated where the others return noop). We'll call this the auth module
Once you've figured out which module will take responsibility for the request you'll need to provide a suitably hashed password.
Here are the password hashes that will work with the different modules.
pap - any
chap - Cleartext-Password, CHAP-Password
mschap - Cleartext-Password, NT-Password
digest - Cleartext-Password, Digest-HA1
eap - Depends on inner method (respond to this answer and I can give further guidance).
For testing you can put the password in a flat file local to the server. The module which deals with these flat files is the files module.
To add entries to the users file, first truncate /etc/raddb/users (alter for your installation).
Then add the following entry to the top:
<username> <password attr> := <password>
With values in <> replaced with the real values.
Remove the unused modules in authorize, and add the files module at the top.
authorize {
files
<auth module>
}
Then remove all the modules from authenticate and add the <auth module>
authenticate {
<auth module>
}
That should give you up and running. If no modules take responsibility for the request, please post the list of attributes in the request from the top of the debug output, and i'll help you identify it.
You need configure your radius to add missing headers
You can enabled full debug on radius server, it will show you all packets radius server get.
Freeradius allow add any header into packet on any stage, see doc.
I have created a BizTalk Application that uses a ReceivePort of Type: File, and in the orchestration I'm trying to get the message property 'FILE.Username' as below, but it's value is not set.
if (FILE.Username exists msgFile)
varUsername = msgFile(FILE.Username);
The ReceiveLocation is mapped to a shared folder and I have set the Authentication Credentials to a different user.
Anyone knows why the FILE.Username is not set with the username that I configured in the ReceiveLocation (actually the FILE.Username not even exists in the message properties) ?
Other Properties are set (like FILE.ReceivedFileName and FILE.FileCreationTime) and I can obtain their values normally.
Thanks in advanced.
The username supplied on receive location Authentication tab are stored in SSO database for security reasons. FILE.Username context property is only useful if you are using dynamic send port to send the file and wants to set the property in pipeline or orchestration, otherwise it won't be available in context.
I would like to get a list of meetings on the server however when i do a https://example.com/api/xml?action=report-bulk-objects&filter-type=meeting replacing the domain with my connect domain i get an access denied response. I am signed in to the connect work space and I am in the admin group. What could be the cause of this?
response:
<results>
<status code="no-access" subcode="denied"/>
</results>
This should work if you're in the admin group, logged in, and submitting the request from the same browser that's logged in. You might try adding the session parameter to your request ("&session=breez123abc456def")
The value of the parameter must be that of the BREEZESESSION cookie set by the Connect server on your authenticated session. One of several ways to discover that is with the common-info API method: https://connect.example.com/api/xml?action=common-info It'll be in the /results/common/cookie element.
If this still isn't working, check the debug.log on the server(s) for the failing request; there should be additional information there.
Trying to use use SharpSVN in an ASP.NET app. So far, it's been nothing but trouble. First, I kept getting permission errors on "lock" files (that don't exist), even though NETWORK SERVICE has full permissions on the directories. Finally in frustration I just granted Everyone full control. Now I get a new error:
OPTIONS of 'https://server/svn/repo': authorization failed: Could not authenticate to server: rejected Basic challenge (https://server)
This happens whether I have the DefaultCredentials set below or not:
using (SvnClient client = new SvnClient())
{
//client.Authentication.DefaultCredentials = new System.Net.NetworkCredential("user", "password");
client.LoadConfiguration(#"C:\users\myuser\AppData\Roaming\Subversion");
SvnUpdateResult result;
client.Update(workingdir, out result);
}
Any clues? I wish there was SOME documentation with this library, as it seems so useful.
The user you need to grant permission is most likely the ASPNET user, as that's the user the ASP.NET code runs as by default.
ASPNET user is a local account, preferably youd'd want to run this code in an Impersonate block, using a network account set up for this specific reason