sharepoint server: a membership provider has not been configured correctly. Check the web.config settings for this web application.

The SharePoint 2010 environment with forms-based authentication shows the following error that used to work when trying to access "FBA User Management" in the site configuration. I tried to restart the SharePoint and IIT timer services but it didn't help.

Error: "A membership provider was not configured correctly. Verify web.config settings for this web application."

Android: what are the best ways to give design feedback to mobile application developers?

First you should check with the developers and discover what works for them.

They could say whatever works for you, or they may have some specific requests, but it makes no sense to investigate a solution on your own just to find out that it doesn't fit the workflow.

The simplest method is request exports of flat screens and use any tool that allows annotations / marks eg Windows Paint, Mac Preview, Snagit, Photoshop.

However, managing all the different versions of the files can generate inefficiencies, which is a problem that design collaboration tools like ConceptShare Try to solve it. Conceptshare allows the loading of static images that can be commented by several collaborators and the software allows easy administration of asset versions.

Outlook web application: Exchange 2010-2016 coexistence: why does OWA perform a 301 redirect before logging in?

I have an Active Directory domain. We have two local mail servers: one that runs Exchange 2010 ( and another that runs Exchange 2016 ( My goal is to migrate from 2010 to 2016, but have them live together during the transition.

We have a firewall (pfSense) and allow access to OWA using NAT. I have a NAT rule that points to the Exchange 2010 server and one that points to Exchange 2016. From the outside, the IP for both servers looks the same (since both run from the same Internet connection), but there are two CNAME entries in external DNS, and NAT forwards two different ports.

Internally, everything works. If I go to I get the OWA 2016 login page. I can login. If the mailbox is in Exchange 2010, the OWA proxies and I get the OWA of 2010. Otherwise, I get the 2016 interface.

Externally, I have the following URLs: and This is where things get weird.

Let's say I visit I can see in the firewall logs that the client connects to the Exchange 2016 server. But then there is an immediate 301 redirect to, and I get the OWA login page for Exchange 2010, not Exchange 2016. This happens BEFORE you log in, so OWA doesn't know anything about where mailboxes live. The domain name ( remains the same, but I lose the forward port (8443) in the URL.

I can see that there is a redirection in the firewall and IIS logs, but I don't know what is causing it. I think that the external URIs in my virtual directories are configured correctly.

Does anyone know what could be happening here? Where should I look for troubleshooting information? I don't think the problem is the port forward, but I don't know how I would say it.

I will develop the web application javascript, nodejs, angularjs, mongodb for $ 10

I will develop the web application javascript, nodejs, angularjs, mongodb

Premium and professional developer for your web or application projects with:

  • HTML5 / CSS3
  • Javascript / jQuery / AJAX / Vue Js
  • Response design
  • PHP 5/7 / MySQL
  • Laravel
  • WordPress
  • Ear
  • Vutify

Quality work / unlimited reviews and quick response!

Since most of your projects require analysis, please send me a PM before buying… and do not worry I usually respond quickly (max. In one hour).

. (tagsToTranslate) web (t) develop (t) website (t) create (t) java (t) css

web application – Webhook sends Purchase Details to handle Purchases of a Third Pary service Are you sure?

TL / DR: if there is money involved, then you need a way to verify your webhook
proceedings. Your security keys, however, are probably fine,
although in the end that is a commercial decision that you must make.

Endpoint of private webhook

Your concerns about a private webhook endpoint are quite valid. In fact, this is one of the biggest dangers for webhook endpoints: you should verify that the person calling your endpoint is the person who is supposed to call the endpoint, and not an attacker. It is especially critical for online orders or anything that costs money. Some systems verify the call by providing an API call in which you return the request you received to the sender intended for verification (also known as a triple handshake), and some make it with cryptographic signatures. There are probably more ways to verify it, but verification is very important.

Obviously, you can and should keep your webhook endpoint a secret, but this is more like a "security through the dark" step, and neither is a super secure one. After all, any developer who has access to the code base can find out what the end point of the webhook is. It is also in trouble if its application code becomes public or accessible to an attacker, or if one of its own developers becomes an attacker. Since half of all data breaches begin internally, this is a very real concern.

Unfortunately, there is nothing you can do unless the provider gives you options. I would work hard with them to see if they have any options for webhook verification.

Filtered Purchase Key

Filtered purchase keys are dangerous but also more repairable. You must ensure that your keys are long enough so that they cannot be easily forced by brute force. That has the disadvantage that it makes it difficult to write in an application, so you could try to find a solution where users can enter the key in the application without having to
Write it down (QR codes, links, etc.).

Of course, email itself is not always the safest channel, but for most companies it is "secure enough." Inventing a new delivery mechanism for safer code delivery will likely cause more problems than you will solve.

Fortunately, the worst case scenario of a filtered application key is probably not too bad. After all, someone really bought the key, so if an attacker manages to intercept and use a single-use case key, the original buyer will probably contact you asking, "Why doesn't my key work ?! ". Assuming they can provide proof of purchase, it will be simple enough to revoke access to the application for the current user and grant it to the new user.

This creates the risk of someone using social engineering tactics to trick their staff into granting them the subscription of another person, and also runs the risk of grumpy customers. However, since the marginal cost to you sounds low (that is, it is relatively cheap for you to give someone else access to the system), the loss is low even if someone occasionally ends up with a free subscription.

That was a bit wandering, but the most important part is just the thought process. Security is not binary. It is not safe / insecure. It's just "safe enough." The more effort you put into security measures, the more likely you are to cause problems for your legitimate clients, and at some point it is more profitable to stop adding security layers and accept that an attacker can occasionally steal a subscription or two. As a result, the trick is not to make things safe, but safe enough.

Design – Approach to design the mobile application for an existing desktop optimized web application

When it comes to the mobile application, or the mobile version,
Initially it is worth choosing the form and technology.

Either the RWD version of the existing platform, a native application (IOS, Android) or non-native (Flutter, Native)

I like your thinking, when it comes to minimizing components Y information, because of his repeatability.

The fewer variables, the less components: easier management, less complexity.

I think problems may arise in details – since the logic is probably identical and in the context of the implementation only a change of style will be required (unless the IOS platform, Android)

Similarly all – 4 screens It may seem the same, but slightly different, so it can be problematic to determine the differences.
There is often the problem that what fits easily on the desktop is not necessarily easy to adapt to the mobile.

IOS application recommendation: listen to conferences

I am looking for an iOS application to play master class recordings, with the following specifications (in order of decreasing importance):

  1. Buttons for short rewind (5-10 seconds).

  2. Big buttons

  3. Possibility to upload audio with WiFi from a Mac.

  4. On the lock screen, multimedia buttons with short rewind instead of previous / next track.

  5. Last position saved on the track.

  6. Good design (?).

Any suggestions are really appreciated.

Thank you

Google AdSense ads.txt file – Exchange web application stack

Once Google AdSense approves a website for ads, they provide simple steps to enable ads on a site. Suppose I build an HTML site called My first step was to add some HTML code inside the head tag, something like:


Next, Google says to simply add an "ads.txt" file in the site's root-level domain. This file must contain some code provided by Google. For example:, pub-8906xxxxx, DIRECT, f08cxxxxx

Now I want the ads to appear and crawl in 2 subdomains of my site: and This is where Google’s orientation is poor. All they say is:

"You would add this line to your root ads.txt root file: subdomain ="

I'm worried about the syntax. Currently in my ads.txt file, I have the following, based on the Google guide:, pub-8906xxxxx, DIRECT, f08cxxxxx

Is this the right syntax, and is there a way to verify that a clicked ad will be posted? Note that all my subdomain HTML files are in the root directory.

Software installation: add fstl (program) to select the application menu

I am looking for a quick and easy way to view .stl files in ubuntu.

I have downloaded several CAD programs, but the only one I can put to work is FreeCAD, which takes years to load.

I came across fstl, which is a fast loading .stl viewer that fits the bill. The only problem is that I can only open this program from the terminal.

My ultimate goal is to configure ubuntu to open .stl files with fstl by default when I click on them. Right-clicking on an .stl file and clicking "open with another application" gives me a list of applications that does not include fstl or even FreeCAD.

How do I add fstl to this menu? Didn't I install it correctly? I had to use the synaptic package manager since I was not in the software store.

I am running Ubuntu 19.10

Thank you


Location of the hash password for the Notes application on OS X or iOS

I have a note of the Notes application on my phone (iOS) and desktop (OS X 10.14.6) and I forgot the password. I can't find where the hash password is stored, so I can try to crack it. Any ideas are appreciated.