I'm developing a document oriented application and need to manage user access to the documents. I have a module that handles user authentication, and another module that handles document CRUD operations on the data store. Once a user is authenticated I need to enforce what operations the user can and cannot perform to documents based upo...
I have a custom SiteMapProvider (populated from database) and a custom AuthorizeAttribute (validates current users roles + requested page against Role_Page database) for controller classes. I have to implement the function SiteMapProvider.IsAccessibleToUser(context, node). I also have to implement AuthorizeAttribute.AuthorizeCore(contex...
Considering the set up: Ms Access Application split into Front End and Back End = both native MS Access Front End consists of forms only - it will be the only way to access data Front End copy distributed to each user machine (thanks for answers to this question) I need to implement the following scenario: Ms Access application wit...
Hi, i have a custom SiteMapProvider which I populate from a database. I also have a custom SiteMapNode which has to be constructed with a custom Page argument. The implementation of SiteMapProvider.IsAccessibleToUser(context, node) is now: Public Overrides Function IsAccessibleToUser(context, node) As Boolean Return CType(node, Cu...
I have a data access API that say looks something like: public interface IDataAccess { void save(Doc doc); Doc retrieve(DocId id); void delete(Doc doc); } I need to restrict the operations a user can perform on a document based upon their permissions. The idea I had to do this was to create another API that mirrored the data ...
Maybe I'm approaching this the wrong way and should be doing everything in action filters, in which case please point me in the right direction! I'm setting up my ASP.NET MVC application so that the one HomeController Index action delivers two different types of content, like so: if(Request.IsAuthenticated) return View("IndexRegister...
Hey SO. I'm throwing together a fun little (or not so little) community application. The current permission system is using the users->roles->permissions approach. This all works well until I come to building a forum-ish component, as the current system only allows for a "global" control over the entire board, and not specific forums. ...
I have bunch of action-methods that need to verify the ownership of the orderId passed to the action something like: public ActionResult CancelOrder(int orderId) { If (!MyDatabase.VerifyOwnership(orderId, User.Identity.Name) return View("You are an imposter!"); // ... } What's an easy way to verify orderId belongs to User.Iden...
I have what seems to me to be a simple declarative_authorization rule, but I'm sure it's just my newness that is causing me to have problems getting it to work. I have a user and a group. A group has a many-to-one relationship with a user. A particular class (:asset) can have a user & group associated with it. I want to determine au...
I am working on a system architecture for a fund/pension manager. We are providing two ASP.NET MVC web applications; one to allow members of the pension fund to login and check their balances, manage their investment, etc and another to allow employers to make contributions to the fund on the employees (members) behalf. There are also in...
I consider to use OAuth for Single Sign-On (SSO) with RESTful services. At first sight to use OAuth as the de-facto standard looked naturally to me. But I must confess that I don't understand how to use it for SSO. During studying OAuth I discovered more and more criticism of Auth - so much that I tend to think OAuth has failed. OAuth i...
Hi all expert, Somebody pls clear my concept What is HTTP module and HTTP Handler and how does they work while page requesting??? How authentication and Authorization process work in asp.net??? Thanks, Kumar ...
I've installed Django CMS (http://www.django-cms.org/) and it's almost perfect. I've been chatting on the IRC #django-cms group and it's been confirmed to me that I can't have access restricted to the pages I make in Django CMS to only a select few on the site side. I know of the CMS_PERMISSIONS setting, but this seems to only restrict ...
I have an external web app, which needs to connect to Facebook and get user data like contacts, etc. I have successfully setup Facebook connect on my website. now i need to know how I can get a Facebook session key and then get data calling Facebook's Rest Java API. Is there a clear tutorial that does just that? ...
In my ASP.NET Application, I have an asmx Web Service which is in it's own directory. For this WS I have set the basic authentication under IIS 6.0 and put the separate web.config for that folder, with following nodes: <system.web> <authorization> <allow users="domain\username"/> <deny users="*"/> </autho...
Hello, I'm creating a smart client application using .NET 3.5. A Winforms client connecting through WCF services to retrieve data from SQL Server 2008. I need to pass a username/password (encrypted and over HTTPS) and return information such as: Is this user (e-mail address) under a current subscription What server should we go to ne...
I have a google app engine project and i want to make my REST API available to third parties. Like twitter API. Twitter requests the user and password to be sent so thet they can be authorized - can i do this with google user accounts? I have read somewhere on this site this is not a prefered method as their credentials are entered in...
I am using ASP.NET MVC 1.1 with Windows authentication. I trying to only authorize members of a group and myself. I am not a member of the group and would not need to be a member of this group. I am getting windows login/password prompt every time I access the URL of the web app. The HomeController has [HandleError] [Authorize(Roles=...
Hello I want to copy/save file in php script from one Windows Server (source) to second Windows Server (dist). I cant use anonymous "Guest" account, I need to authorize on dist server by user and pass. Have you any idea how to do this? I tried to to this with UNC paths like this: "\path\to\dist\file.txt" but I cant force user authoriz...
So I've made a simple C# application and I'm currently using HTTPrequests to login to my phpBB forum, using a custom PHP file to check the post count of the user, and consistently resends HTTPrequests every 30 seconds. Unfortunately, I fear that this can easily be cracked despite the obfusculation. I've heard of serialization, but I don'...