Hi, Does anyone who has experience with SFAuthorizationPluginView know how to identify between the user pressing "Cancel" and "Back". My problem is that SFButtonTypeCancel is identical to SFButtonTypeBack, hence a switch statement will fail at compile time, and an if statement will not recognize the difference. This is not a problem ...
My models are setup as Film :has_many :sections Section :belongs_to :film within my authorization_rules.rb I have role :author do has_permission_on :films, :to => [:edit. :update] do if_attribute :user => is {user} end end Which works fine when editing the film as their is a user_id field within film. Can I nest r...
I have a mixed WebForms/MVC application I'm trying to deploy to our staging environment, which is a fresh install of Server 2008 R2, with IIS 7.5. This application works fine while developing on anyone's local machine (via visual studio's web server), however when when it's hosted on the staging server we get the following error: HT...
I need help figuring out the best way to do this. Im using declarative authorization gem. I have 4 roles, admin, master, junior, subscriber. When it comes to new users: I want the admins to be able to create any kind of user they wish. But I also want masters to be able to create users with master, junior or subscriber roles. So wh...
I am building a project management app and I am not sure which is the best/correct authentication model to implement given I am new to Rails (and programming in general). Here is what I am trying to do. I want to be able to add a "client" to the application and then multiple projects to a client. I would like to be able to add users (t...
I'm developing an ASP.NET system that has two different 'tiers' of roles. The main tier will use Active Directory groups to determine membership, while the second tier will use a database. All users will have a tier-1 AD role, but not all users will have a tier-2 database role. I know I can use the AspNetWindowsTokenRoleProvider to mana...
Ok, suppose to have this db schema (relation): |User | (1-->n) |Customer | (1-->n) |Car | (1-->n) |Support | |--------| |---------| |-----| |-----------| |id | | user_id | |Brand| |Description| |username| |lastname | |PS | |Cost | |password| ...
Hey guys, I'm making a site and it needs to have user authentication. Currently, I'm using HTTP/Basic Auth for proof of concept/development, but this is not good in production for obvious reasons(ugly, insecure, can't read from mysql db, sucky). So, I know how to do some basic auth stuff, like getting in the username and password, salti...
I am using acl9 on top of authlogic on one of my projects. I like the approach acl9's approach but I guess I am trying to do something that is just not that simple (not to say impossible). For reasons of usability I would like to have an inline admin panel. So for example say I got a resource auction and a nested resource auction/bid. W...
I want to use standard authorization with forms. But all tables must be saved not in mdb file which used by default, but in Oracle. Would you please provide me information how to do this? Thanks! ...
Hello, I'm pretty new to WCF, so this might be a very simple question. I'm implementing a service to be accessed from Silverlight. I'm using role-based authentication with my own ASP.NET Role and Membership provider implementations. It seems to be configured correctly - I can use PrincipalPermission attributes on methods. However, I'm...
Just wanting to confirm the usage of the Nitrogen Authentication and Authorization API. The description of the API is: wf:user() -> User or 'undefined' Return the user value that was previously set by wf:user(User) wf:user(User) -> ok Set the user for the current session. wf:clear_user() -> ok Same as wf:user(undefined). wf:role(Role...
Hello All I am using MVC and Nhibernate in my application. How can i improve security of my application using proper authentication and authorization? Right now i am using asp.net mvc authentication. ...
Can someone explain "Authorizing Ownership"? I've been going through the Railscasts' - 7 Security tips, and was wondering how is the "current_user.projects.find" implemented? # projects_controller.rb def show @project = current_user.projects.find(params[:id]) end Thank you! ...
I have previously had a repository on my computer for local use and removed it. Now I am trying to set another one up. But keep getting "Authorization failed" even when entering a correct password, when I enter a wrong password it tells me so. This is exactly how I set it up the first time but now every time it fails. What am I doing wr...
Hi, I would lake to generate POST request to a server which requires authentication. I tried to use the following method: private synchronized String CreateNewProductPOST (String urlString, String encodedString, String title, String content, Double price, String tags) { String data = "product[title]=" + URLEncoder.encode(title) + ...
Hey guys, I'm starting with Zend, and trying to understand the way it works (getting there), and with Acl classes, people seem to declare all the roles and resources in one file. Now to me this seems a bit of a waste of system resources if the person is only logging in as a basic user, or even just a guest/visitor to the site. So I was t...
I am creating a web service using php's SoapServer built-in class. I have run some basic tests and it seems to be working fine, but now I need to limit who can use the service. Assuming that only other scripts on the same server are trying to consume my service, and that they would do this server-side (as opposed to with AJAX or similar...
I was asked to write a database and it's GUI frontend for some non-profit organization I am member of. The decision was to use .NET as I know C# fariy good and writing GUI is quite easy. I though of implementing local SQL Server database (as I worked earlier with MySQL) and connect to it via SqlClient interface. But then I discover some...
I have Membership, Profile and Role providers setup for my .NET MVC website. I would like to say: this Role has access to that Page. How do I 'inject' this code to the RoleProvider? Or do I have to override it somehow? Any leads? (Roles are stored in the default ASP.NET SqlRoleProvider, Pages are stored in a seperate SQL database). ...