1
голосов
3ответов
432 просмотров

HTTP Preauthorization

At http://localhost/tmp/ I have a form that asks for the user and password (authentication). After the user posts (hits OK) I want to redirect the user to http://localhost/test/ which uses Apache's Basic AuthType. Happens that the user and password just typed in the form are exactly the credentia...

0
голосов
1ответов
69 просмотров

advice for structure and user access

Ok so I have acl9 in place and functioning, and my app structure thus far: Regions (which have) Locations (which have sales). Sales aren't important, basically just posts which will show on each location. I also have Users, which integrated with acl9 can be restricted and allowed based on role....

1
голосов
3ответов
907 просмотров

multi level user groups

I'm trying to determine the best structure to approach multi level user groups. Thus far I've created one object called "User" which i assumed could potentially be broken into different levels. Or should I simply create different tables for each user group?

2
голосов
2ответов
808 просмотров

How do I protect a directory in asp.net MVC?

What would be the simplest way of protecting a directory in asp.net mvc? Currently I have a folder of misc files which belong to numerous users of the site. Ideally I do not want one user being able to type the URL to one of these documents in a browser and have access to it. These files should ...

0
голосов
1ответов
85 просмотров

authorization issue in asp.net 2

in my asp.net web application using vs2005 i have enabled roles and memberships with form based authorization. my problem is i have my styles and javascripts in separate folders and i have put separate web.config files in that to allow all users and roles , its work fine with default page. but it...

2
голосов
3ответов
662 просмотров

Grails App Engine Authentication

How do I setup Account Registration, Login, etc in Grails when developing for the Google App Engine? Normally I would use the Acegi plugin but I've read that it doesn't work with Google App Engine. For reference, I'm using the Grails app-engine and gorm-jpa plugins.

0
голосов
1ответов
431 просмотров

Delegate pattern for Rails remote database?

I am working on a Rails application that requires roles-based permissions (let's call it the "Hidden" application), but the application will not be handling user authentication. The Main application sets an encrypted cookie and the Hidden application uses that as evidence of authentication. The...

2
голосов
2ответов
3982 просмотров

In ASP.NET, what to use to manage roles and permissions assigned to roles?

I am working on a ASP.NET web application. I have this well known issue: each user can belong to one or several roles (admin, public users), and each role can have one or several permissions (can edit, can delete, can upload, etc.) and vice versa. I want to do smth like this: [http://demo.sitefin...

4
голосов
4ответов
1729 просмотров

Fine-grained access control

I'm familiar with a whole bunch of ways to authenticate users for the web-based administration application we're developing, and even various techniques to keep tabs on authorisation... However, my question to you is, how would you recommend I implement a fine-grained access control mechanism th...

0
голосов
2ответов
660 просмотров

Managing security rights based on User.Current.Name in ASP.NET MVC

I am using ASP.NET MVC to build a web application. In the main screen of logged-in user, I am using User.Current.Name to determine logged-in user identity, this is mapped to ID of a domain model data that is related to the current user. No one else should be able to see or edit this information (...

0
голосов
2ответов
189 просмотров

Where to Authorize Access to a Controller

I have the following Filter on my Controller: [Authorize(Roles="Admin")] public class AdminOnlyController : Controller { // stuff } I showed a couple of guys here at work what I'm doing, and a huge debate emerged with some of the guys claiming that Authorization should not be a responsib...

47
голосов
7ответов
35789 просмотров

ASP.NET MVC - How to show unauthorized error on login page?

In my ASP.NET MVC app, I have most controllers decorated with [Authorize(Roles="SomeGroup")] When a user is not authorized to access something, they are sent to "~/Login" which is the Login action on my Account controller. How can I determine that a user has reached the login page because of...

2
голосов
5ответов
1034 просмотров

paypal returnurl is loggedin page

I have a question about using paypal on a page where the user is logged into It is with php How can you have the user still authorised for that page if paypal is redirecting back to that page. I read something about giving the session_id to the custom variable with PDT What about, if you have ...

0
голосов
1ответов
435 просмотров

SQL Server 2008: What does it mean to grant a user "AUTHORIZATION" over a schema?

I see the following in one of my database scripts: CREATE SCHEMA [ContosoSchema] AUTHORIZATION [ContosoDeveloper] GO My question: In SQL Server 2008, what does it mean to grant a user "AUTHORIZATION" over a schema?

3
голосов
3ответов
2032 просмотров

rails: put and interruption in before filter

I want a before filter like "must_have_permission_to_write" that when called if user hasn't permission to write renders a message saying "you can't do that!" and return. Problem is I'm getting "can only render or redirect once per action" of course... how can I stop the execution in the before f...

4
голосов
1ответов
2654 просмотров

So very very confused about Authentication in asp.net mvc

I come to the conclusion I need to ditch the ASP.NET Membership (for list of reasons). Now really the only thing I see that I need is creating a cookie(done by Form Authentication), custom methods for authentication (done) and finally validation based on if they are logged in or by role. I am ...

0
голосов
1ответов
284 просмотров

How does the .Net RIA Services keep track of the logged in user?

I have been reading up on the .Net RIA Services that Microsoft is developing for use between Asp.Net and Silverlight applications, and it looks quite nice. I am curious about how it handles keeping track of authentication: How does the Silverlight client keep track of who is logged in, and when...

3
голосов
1ответов
223 просмотров

Retaining an authorization object

Right now I have my application executing some things using AuthorizationExecuteWithPrivileges. The problem is that it needs to ask for the password for every operation. Is there any way I could have it authenticate as soon as the app starts so that it won't ask for authorization later, and then ...

4
голосов
4ответов
2114 просмотров

Ruby on Rails Authlogic password not valid

I am trying to implement Authlogic. Registering is fine, it enters all the necessary details into my database.. .. but when I try to log in, it gives me the error: 1 error prohibited this user session from being saved There were problems with the following fields: Password is n...

6
голосов
2ответов
2512 просмотров

How do you deal with authorisation on actions that return results other than ViewResult?

I am using a custom authorization filter on my ASP.NET MVC controllers that redirects the user to a url other than the login screen if they fail authorisation on a particular action. This is ok for actions that return views, but many of my actions return other result types such as PartialResult ...

1
голосов
3ответов
1386 просмотров

Authorization for ASP.NET MVC site

I have a data driven asp.net mvc app. The Url of the pages is data driven too, so they cannot be hardcoded in web.config. We are ready to deploy the website and for initial few days we want the pages to be accessible only after logging in. Is it possible to add authorization to the site and then...

2
голосов
1ответов
342 просмотров

ASP.NET cannot access non-aspx files without logging in (.js, .html etc)

I started a new solution with a website project and a logic project for all my class files. I copied the web.config file I use for all my other projects and just changed the database name in the connection string. When I run this project to be debugged, it won't let me access any files until I l...

2
голосов
4ответов
2330 просмотров

How can I pre-authorize authopen?

I'm using authopen inside one of my programs to modify files owned by root. As can be seen in the screenshot below authopen asks for a admin password. What I'd like to achieve is that the dialog shows my app's name and then passes the authorization to authopen. Code Launching authopen which r...

14
голосов
4ответов
6669 просмотров

Ruby on Rails User Management Engine/Framework? (with web pages)

There are quite a few post/recommendations re Rails authorization plugins. What I'm asking here however is whether there is a popular/good Ruby on Rails Engine (or framework) that includes the user interface pages as well (and controllers/models etc). So something one could integrate in (Engine...

0
голосов
2ответов
381 просмотров

php file uploading and storing

I want to upload a file on my PHP server. I am currently able to upload it on server using the following code but I don't know how I can store it on the server. How can I store the file in a specific directory? I also want the users to be able to download the files but only once they log in not...

2
голосов
3ответов
2198 просмотров

strange IIS authorization issue for administrator

I am using VSTS 2008 + C# + .Net 3.5 + IIS 6.0 + Windows Server 2003 Enterprise x64 SP2 + ASP.Net. I am using anynomous authentication + Windows authentication mode in IIS web site, and I map the user identity to mycorp\george in anynomous account and also use mycorp/george to run IIS worker proc...

1
голосов
4ответов
618 просмотров

User Authorization

I need to develop a Winforms application where users are given permissions to access menu-items in a menu-strip as assigned to them. I have anticipated the following technique: (1) Menu Strip is mapped into a corresponding treeView with checkBoxes, (2) A user is selected from the combo-box, (...

4
голосов
4ответов
3174 просмотров

Authlogic and Roles

I am developing an application which users authlogic for authentication. I would like some way of giving users roles so that I can authorize certain actions to certain roles. Is there an 'out of the box' gem or plugin that suits this or would I be better build it from scratch. What would you r...

2
голосов
2ответов
1630 просмотров

ASP.NET + IIS6: whitelist users via authorization section in web.config

Consider an IIS6 Application under a web site: Windows authentication is enabled. anonymous is off This is an ASP.NET MVC application with Areas. The root web.config has the authentication and authorization nodes as follows: <authentication mode="Windows"></authentication> <a...

26
голосов
2ответов
35046 просмотров

Best way to create a TOKEN system to authenticate web service calls?

I'd like to create a web service architecture that can be called by various platforms such as mobile devices, winforms applications, iphone, blackberry, you name it. So going with something like WCF and wsHttp binding probably kills this and I would need to downgrade to a basicHttp binding for c...