Hi, I am just about to undertake building a relatively large PHP system, I just need some ideas on how to implement a certain feature. I will allow users to register. Once registered, the user will have a security level which will be assigned to their account. So if I had security levels 1, 2 and 3, what would be the best way to sh...
Say I have a simple todo app and I want the users to see only their todos. I'm having trouble authorizing with Authlogic. In restful_authentication, I just do def index @post = current_user.posts.find.all end But I'm unable to do that with authlogic. I looked into declarative_authorization, but still can't get it to work. I want th...
I am trying to add authorization to my controllers and it's not working... I am not sure where to look in my program, but adding the [Authorize] filter in my controller is not working, let alone anything like [Authorize(Roles = "Manager")] I have been able to get this working in the default application that is provided when crea...
Hi, I have a WCF service that runs in my web application that provides data to a Silverlight application and is defined as follows (with an appropriate .svc file).... [ServiceContract(Namespace = "")] [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] public class DispatchService { ...
I'm using forms authentication in my C# based web site, with the authentication defined in web.config files in the various folders/sub-folders. I want to write a generic administration menu system, that lists all of the admin pages that the use is authorized to open. As I add pages, I want them to automatically show up in the menu. So......
I want to use a custom authentication module conforming to JSR 196 in GlassFish 3. The interface javax.security.auth.message.ServerAuth has the method: AuthStatus validateRequest( MessageInfo messageInfo, javax.security.auth.Subject clientSubject, javax.security.auth.Subject serviceSubject ) AuthStatus can be one of several cons...
Hi, I am using Mac OS X 10.6. I wrote a program which will add and remove printers to a CUPS server using libcups. It works, but now I am considering the security aspects. This program takes a user name and password to authenticate on the CUPS server. Whatever user name and password I use, it works as long as it is valid on the syst...
I have a WCF service self-hosted in a windows service environment that works fine over http; over https I am unable to get to one URL without seeing the windows login prompt when running the silverlight application (or just opening the page in IE). I am using the IPolicyRetriever interface to ensure that the ClientAccessPolicy.xml file i...
I have an intranet portal that uses windows authentication and the WindowsTokenRoleProvider for security. I want to implement security on particular web parts so that only members of a Windows domain group can view them. So far this is easy. Now I want to test this, in our test environment we'd like to use a different group for the ...
I started reading on OAuth this morning; need suggestions(links et al.) that will help answer the following questions: 1. How to implement 3 legged Authentication using OAuth on Android devices? Is there a library that assists in the aforementioned? 2. What does it mean when someone says: "Site/Service ABC supports OAuth"? Thanks! ...
Hi All, I am wondering if anyone has an idea on how did twitbird developers use oauth for allowing the user to authorize their app ?(they say that they did use OAuth) when I was trying their app they used the username and password directly without redirection to twitter. I searched for a solutions and there is no obvious answer becaus...
So I was reading another question regarding login loop when you have a user logging in, set to return to a URL which they might not have access to after logging in (ie. an admin page, and the user logs in with a normal account). The solution under WebForms seems to be to utilize the UrlAuthorizationModule.CheckUrlAccessForPrincipal meth...
Usually I protect my Actions with [Authorize] but this time I need to check if a user is authorized inside the action. Eg if(userIsAuthorized) { //do stuff } else { //return to login page } I believe I am using 'Forms Authentication' This question is kind of similar to this but none of the answers given seemed to work. EDIT...
I'm trying to figure out the best way to hide certain fields in user profile based on user's preference. So far I'm using a boolean field and an if, then statement. <% if @user.show_email == 'true' -%> <%=h @user.email %> <% else -%> hidden <% end -%> I was wondering if I could use declarative_authorization or some other better me...
I want to manage user and roles in a dedicated application. For example a user of this application ("customerX boss") can create a new role "customerX employee". If an employee accesses the Java EE application server (GlassFish 3) he should get the role "customerX employee". It sounds simple, but it is not supported by Java EE, because ...
Is there an example of an OAuth implementation or profile which uses multiple authorization tokens in one interaction? Can this be done with vanilla OAuth (as opposed to an extension)? Is there any discussion on the reasons for or against using multiple tokens in one request? OAuth WRAP uses two tokens, but only one is an authorizatio...
Some users are committing svn deletes by mistake, and I would like to restrict these accidental deletes, while retaining read/write permissions. Of course, they could overwrite files with zeros, but that doesn't accidentally. I did some googling and found there was a python file that claimed to do this, but as svn has changed sites, the ...
For Java web app development on GAE, I would like to add users androles management. Is there a basic Java library which provides role management (maybe based on annotations) which I could use as a foundation? ...
I've looked the web through and through in the search of answer to my problem but with no result so I reckon that's the ultimate place when anybody can have a clue what the solution might be. Long story short: we have a jsf web application running on JBoss 4.2.0 GA server. We are in the process of replicating the application to several ...
For instance, the way we're doing it now is like thus: (in the web.config) <location path="somePath"> <system.web> <authorization> <allow roles="approvedRoles"/> <deny users="*"/> </authorization> </system.web> </location> And what I would like to do instead is to store this information in SQL somewhere so that we can mani...