Extending authentication

[KevinH]

for example accept pre-auth from only 1 ip address, and deny access from anywhere else?

Isn't that what firewalls are for?

[schemers]

yeah, you really have to protect the pre-auth key, not much way around it. We could look at adding a config option such that the pre-auth is only allowed from a set set of IPs, but if someone can break into the machine holding the pre-auth key, you probably have bigger things to worry about

[msca]

hoops you are right

But the preauth process is using the same port as users do...?
I cant block that.

I think iam a bit in shadow, may you plese describe what do you think?

[KevinH]

You said block IP's. It's trivial in most firewalls to block an IP address. I think Roland's point is the best. Don't give access to your pre-auth key.

[Martinchin2289]

This works perfect for me!! thanks! however

I would like to pass some extra parameters to the login page like skin and turn gzip off for explorer. Is there any workarround?

thanks

martin

[cr@in-tuition.net]

hey guys,

I may be missing the point a little but the preauth shows that you can use SOAP as well as the URL interface but I can't quite see why you need the preauth mechanism if you have access to the SOAP AuthRequest which would return a valid AUTH token as the original scenario was that of a user who would already have logged in with the correct username/password.

[Restless]

Close but not quite there...

I'm trying to employ the single sign on method described in the preauth.txt sample, but I need to do it using .Net. I've managed to create the parameter string, but I'm getting errors re: the time stamp being too old.


How do you calculate the timestamp in millisecond? Sounds like others have just copied and pasted the java code into their applications and its worked. But how is that? Their current timestamp would be different, right? From the example, it looks like the timestamp is hardcoded to 1135280708088, but how is that possible. Maybe I don't understand the concept of the timestamp.

I'm calculating is as follows:

timestamp = DateTime.Now.Hour * 60 * 60 * 1000 + DateTime.Now.Minute * 60 * 1000 + DateTime.Now.Second * 1000 + DateTime.Now.Millisecond

I must be missing something. Help!!!

[schemers]

Time stamp is the current time in msecs:

System.currentTimeMillis()

It is used to prevent an old preauth request (older then 5 minutes, IIRC) from being re-used.

[Restless]

Time stamp is the current time in msecs:

System.currentTimeMillis()

It is used to prevent an old preauth request (older then 5 minutes, IIRC) from being re-used.

Sorry, I wasn't very clear. I'm trying to this in VB.net, not Java.net. I've also tried the whole datetime.now.ticks but that appears to give me the number of msecs since 01/01/01.

Any additional help would be greatly apprecaited as I continue to spin my wheels on this.

Thanks!

[schemers]

Not familiar with VB.net, but in Java it is defined as:

the difference, measured in milliseconds, between the current time and midnight, January 1, 1970 UTC.

I did a quick search for "utc 1970 vb.net" and found a number of hits. It sounds like .ticks in .NET is defined as:

In .NET, DateTime.Ticks is the 100-nanosecond intervals that have
elapsed since 12:00 A.M., January 1, 0001

So one suggestion was to construct a date object for January 1, 1970, then subtract it from now. This is a C# snippet:

Al Pascual : Code Snip Collection "c# datetime utc date to javascript millisecond representation "

Code:

public double MilliTimeStamp(DateTime TheDate)
        {
            DateTime d1 = new DateTime(1970, 1, 1);
            DateTime d2 = TheDate.ToUniversalTime();
            TimeSpan ts = new TimeSpan(d2.Ticks - d1.Ticks);

            return ts.TotalMilliseconds;
        }