I try to protect the call of a webcal address with a login. Basically it is clear to me how to protect a directory with .htaccess and basic authentication.
But what about the protocol "webcal" and parameters in the URL?
Specifically, I want to protect only this URL:
webcal://domainname.com/index.php?option=com_jevents&task=icals.export&format=ical&catids=0&years=0&pk=04575786497458993643754733455&i=215
Does anyone have any ideas? Thanks!
Related
I am trying to integrate my web application with slack using their OAuth APIs.
Our Web App has a # in its URL. - example.org/#/path
But Slack doesn't support Redirect URLs with a #. The part after the # is getting skipped.
What can I do to bypass the # and make the redirect URL work correctly?
I've had similar issues where not all auth servers support the # character but you want to use hash based routing in the web UI.
LOGOUT,
In my case I wanted a post logout redirect URL of #loggedout but AWS did not allow me to configure it. So instead I configured:
A post logout path of /logged out.html
This ran a simple script to change the hash fragment
LOGIN
For login redirect URIs you can store the hash fragment in session storage before the redirect and restore it afterwards, as in the startLogin and handleLoginResponse methods of this source file
I have multiple .NET projects that allow authenticated users to browse html files on another domain via iframe.
I'm struggling with securing these files so that no user can take the link from the iframe and share that link.
The projects are hosted on iis, and users are authenticated with a JWT token.
Any help is appreciated.
I'm afraid it is unavailable to prevent user from getting link from your iframe because they are always able to view the link via developer tool.
But you could create a URL rewrite rule to strict the src link can only be accessed from your website by checking HTTP_REFERR header.
If the referrer domain incorrect or null, then your rule will block it.
I am trying to access my drupal site and an authentication requirement pops up. It asks for a username and password and i don't have any login credentials associated with the site
When i try to cancel it displays a 401 authentication error
It seems your document root is password protected , you can find .htpasswd file your server, may be in your document root. remove that file also check your .htaccess file and update accordingly. thanks
That password protection is not part of the site it self, but provided by apache web server. It's mostly used for protecting staging servers, i.e. from search engines trying to index the pages. Basically in your site root you have ".htaccess" file which defines settings for apache server. Some of those settings are related to password protection and they should look like:
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
This code defines authentication and "AuthUserFile" parameter defines path to file where your pair of username/password is stored. Password is not plain text but it's encrypted (you have free online tools for encrypting htpasswd passwords).
So, you can see username in that ".htpasswd" file but you can't see the real password and if you want to keep using this protection and can't get the password from other sources you must generate new one to replace old one.
But if you just want to remove this password protection edit .htaccess file and remove this code related to authentication.
You have nice explanation including path to password encryption online service here:
http://www.htaccesstools.com/articles/password-protection/
I need to redirect a URL f.e. https//domain1.nl/sub1/sub2 (from an old exprired ssl certificate) to a new active domain f.e. https//domain2.de/sub1/sub2 with a new and active ssl certificate with php or htaccess rules.
is this possible without getting an security warning from the browsers?
Greeting
Jimbob
Both of these require server to send redirect which happens after the certificate is validated. So no.
Is it possible to do BOTH of these using a web.config file? If not, what would be the easiest way to achieve them on an IIS server.
Protect a web-accessible folder via HTTP auth
Allow access from a specific username/password AND a specific IP address
This is possible using .htaccess and .htpasswd on Apache, but I need an IIS equivalent if one exists.