We're getting our new MVC project off the ground and are trying to tackle the concerns of authentication and authorization (through Action Filters preferably). Our roles will come across as AD groups (already determined for us) so all we really have to do is read the groups a user is in (from the identity). If you're in one of the grou...
Hi! I'm starting to develop windows application and I've been looking around for some authenthication and authorization solution available, but no luck so far. I have to be able to allow admin create users and roles, assign users to roles and define access to controls on form for specified roles (button enabled/disabled etc). Is there...
0 vote down check I'm thinking on creating standard users, roles, permissions table schema, add contorls table and permission would be 'for a role on a control' and then in form loading event fire up a method to set Enabled proprerty of controls due to user's role's permissions. Is this good idea or i should took a hammer and get this ...
I'm searching for the best way to handle view-level authorization (where you hide markup based on a user's roles). The typical way to do this is with the Acegi Security authz tag, as follows: <authz:authorize ifAnyGranted="ROLE_FOO, ROLE_BAR, ROLE_BLAH"> <!-- protected content here --> </authz:authorize> The problem with that appro...
I have the server side of IBM's WebSphere MQ version 6 on a virtual machine running Windows Server 2003, sitting on a Vista desktop. The desktop has the client installed. I've got a little test program (from their code samples) that puts a message on a queue and takes it off again. This program worked when run on the server directly wit...
Hello, I'd like to authorize users to perform specific actions within my controllers. I've found the ASP.NET tutorial which explains how to allow individual users to perform specific actions but can this be extended to security groups? For example, would everyone belonging to the "domain\group" security group have access to the GetSec...
I've been reading about Azure's Access Control Service and claims-based authorization in general for a while now, and for whatever reason, I still don't see the rationale behind moving from role/permission-based authorization to a claims-based model. The models seem similar to me (and they probably are), except that the list of what the ...
I want to implement authorization in my Rails application on a model level (not controller), in a similar way that validation on models is done. What is the best way to do this? If it is implemented in the models itself, the main problem is that the models don't have access to the current user. I've seen solutions like: Thread.current[:...
I want to use Windows authentication within an MVC app, but only for certain areas of the site (i.e. admin area). Currently I've set in the web.config; but unlike the Forms one this seems to force authentication on the whole application even though the controlers don't contain the [Authorize] filter. Is this feature built in or will I...
I'm using the ASP.NET/C# Login control and that entire authentication and authorization system. I set up the roles and have users go to certain pages when they log into the system dependent on their role. Right now I'm trying to restrict access to certain pages, which is working correctly. However, when it restricts the access to a user...
In my pet project I want to have a user system with the following requirements: It needs to work with Db4o as a persistance model I want to use DI (by means of Turbine) to deliver the needed dependencies to my user model It needs to be easy to plug in to asp.net-mvc It needs to be testable without much hassle It needs to support anonym...
I began writing an app using declarative_authorization (http://github.com/stffn/declarative%5Fauthorization) but I'm now wondering if it's the correct approach. In my app, I was giving some Users a "customer" role, some an "administrator" role, and some a "superadmin" role. That was working fine, but I now realise that I need some field...
I just configured my web application to use IIS rather than ASP.NET dev server and I am getting some weird behavior. http://localhost:49584/Templates/UI/Img/featured%5Farea%5Fbg.gif http://localhost/NopCommerceStore/Templates/UI/Img/featured%5Farea%5Fbg.gif When I visit the first url, I the image, like it supposed to. When I visit th...
I've searched stackoverflow and googled four a couple of hours and still not found any solution for my "trivial" problem. If you write unit test for your filtered [Authorize] ActionResult, how do you solve the problem to fake that user is authenticated? I have a lot of ActionResult methods that are filtered with [Authorize] and I want ...
Assume I have the following in my web.config (most of the file omitted for brevity): <configuration> <location path="somefolder/somepage.aspx"> <system.web> <authorization> <allow roles="SomeRole" /> <deny users="*" /> </authorization> </system.web> </location> <system.web> <authorization> ...
Hi, Which is the most popular Ruby on Rails AUTHORIZATION gem/plugin at the moment? (I am using AuthLogic for authentication by the way) Thanks ...
Simple situation. An existing project will need authentication and authorization and I need to design it. First of all, I choose to divide the whole thing into two modules, one for authentication and the other for authorization. Both will be seen as blackboxes for the project. For now, the authentication module will just use the Windows ...
I know how to run functional/integration tests in Rails, this question is about best practices. Let's say authorization is performed using four distinct user roles: basic editor admin super This means that for each action there are up to five different behaviors possible (4 roles + unauthenticated/anonymous). One approach I've taken ...
Hello everyone, I am using SharePoint Server 2007 Enterprise with Windows Server 2003 R2 Enterprise. I am developing using VSTS 2008 + C# + .Net 3.5 + IIS 6.0. I have put a simple aspx page into layout folder (the code is very simple, just redirect to another page, and I write inline script code in asp.net), here is my code, and I met ...
Hello everybody!!! I am trying to pass automatically, using Google App Engine, my password and ID to eBay, to this page: https://signin.ebay.com/ws/eBayISAPI.dll?SignIn&UsingSSL=1&pUserId=&co_partnerId=2&siteid=0&ru=http%3A%2F%2Fcgi5.ebay.com%2Fws2%2FeBayISAPI.dll%3FSellItem%26hm%3Dum.rundkoi376%26%26hc%3D1%26guest...