I am using ASP.NET MVC to build a web application. In the main screen of logged-in user, I am using User.Current.Name to determine logged-in user identity, this is mapped to ID of a domain model data that is related to the current user. No one else should be able to see or edit this information (say his profile). I am using membership a...
Hi folks, it's my first post, so be gentle! I'm familiar with a whole bunch of ways to authenticate users for the web-based administration application we're developing, and even various techniques to keep tabs on authorisation... However, my question to you is, how would you recommend I implement a fine-grained access control mechanism...
Hi, I am working on a ASP.NET web application. I have this well known issue: each user can belong to one or several roles (admin, public users), and each role can have one or several permissions (can edit, can delete, can upload, etc.) and vice versa. I want to do smth like this: [http://demo.sitefinity.com/Sitefinity/Admin/Modules.aspx...
I have scenario: There is an employee which is in role TeamDirector. There is another one which is normal employee. Team Director is sick so he use our app to set that normal employee has all rights of TeamDirector. This information is stored in DB. In our app I use Authorize att to check access to particular controller methods. I wrote...
I am working on a Rails application that requires roles-based permissions (let's call it the "Hidden" application), but the application will not be handling user authentication. The Main application sets an encrypted cookie and the Hidden application uses that as evidence of authentication. The Hidden application needs to implement a v...
How do I setup Account Registration, Login, etc in Grails when developing for the Google App Engine? Normally I would use the Acegi plugin but I've read that it doesn't work with Google App Engine. For reference, I'm using the Grails app-engine and gorm-jpa plugins. ...
in my asp.net web application using vs2005 i have enabled roles and memberships with form based authorization. my problem is i have my styles and javascripts in separate folders and i have put separate web.config files in that to allow all users and roles , its work fine with default page. but it is not working when i am accessing the ja...
Hi There, What would be the simplest way of protecting a directory in asp.net mvc? Currently I have a folder of misc files which belong to numerous users of the site. Ideally I do not want one user being able to type the URL to one of these documents in a browser and have access to it. These files should only be downloadable through a ...
I'm trying to determine the best structure to approach multi level user groups. Thus far I've created one object called "User" which i assumed could potentially be broken into different levels. Or should I simply create different tables for each user group? ...
Hello, Friends! I use Flex Builder 3 and SOAP WebService on the server side. I know how to do a basic authorization of the client app (using httpHeaders), but I can't solve the problem of how to kill the browser dialog box (username, password) when the client have done an incorrect authorization. I handle the faultEvent.FAULT event, bu...
Ok so I have acl9 in place and functioning, and my app structure thus far: Regions (which have) Locations (which have sales). Sales aren't important, basically just posts which will show on each location. I also have Users, which integrated with acl9 can be restricted and allowed based on role. What i need to to do is create companies...
At http://localhost/tmp/ I have a form that asks for the user and password (authentication). After the user posts (hits OK) I want to redirect the user to http://localhost/test/ which uses Apache's Basic AuthType. Happens that the user and password just typed in the form are exactly the credentials to authenticate at http://localhost/tes...
I've begun doing some research on XACML and external authorization. Right now I have an existing application which utilizies an RBAC model. However the implementation has a lot of shortcomings (roles can't be easily defined, roles are too coarsly grained). Is XACML a good alternative to look at? Are there any exisitng applications which...
Hi, I'm new to ASP.NET MVC and need abit of advice on how to implement the following. The site is a heavily used site with roughly 200 users internally (intranet). We use forms authentication hitting a SQL Server DB (not windows integrated). Some actions are protected, some are viewable by anyone and some are viewable by both - so if...
So for whatever reason this plugin will not maintain a role if there are no users added to it. A role whose last user is removed gets removed from the roles. Is there a workaround for this? ...
I'm new to Rails and I'm trying to create a standard CRUD rails application for displaying text posts. It's pretty similar to blog where I would like authenticated users to be able to edit and destroy posts while visitors to the site can just see and browse the existing posts. I would like to know what is the best way to manage this. So...
Hello there, I need help on securing my WCF Service so that only authorized users can make a call to service methods. The WCF Service is configured with wsHttpBinding and is hosted under Windows Service. The client application is an asp.net website. Also, the users making call to WCF service are already authorized by client applicati...
I current have the following attribute decorating one of the action method. [Authorize(Roles = "Admin")] public ActionResult DoAdminTask() { //Do something return View(); } Currently, only users in the Admin role can invoke this method, but this will change. Is there anyway I can store a list of authorised roles in a config file, ...
I have an custom role provider that gets the roles a user belongs to from a database. I also have a custom authentication module registered in my web.config's httpModules which sniffs incoming HTTP requests and (if it's an OAuth signed request) sets the HttpContext.Current.User property to impersonate the user, and the IPrincipal that i...
Suppose I am writing a server for a particular network protocol. If I know that the client is running on a Windows machine, is it possible for my server to authenticate the Windows user that owns the client process that initiated the connection independently of the network protocol in question? Rationale I actually wish to write an FTP...