First some background: We were recently tasked to send a SAML 2.0 assertion to the server that we are communicating with. We are using WCF for our client. The server is not using WCF. The guys who implement the server, don't have an STS that will issue a SAML assertion. We are trying to use WIF framework because it supports SAML 2.0 tok...
Is it possible to deny access not only per directory using directive <location> but a to a number of directories at one time? Or I have to use every time <location> for each directory? ...
Hey guys Just wondering how how people handle Authorization when using MVVM and/or View Models. If I wasn't using VM's I would be passing back the Model and it would have a property which I could check if a user can edit a given object/property but when using MVVM I am disconnecting myself from the business object... and thus doen't ...
I'm using my own database and forms authentication. The database contains one table with users and second one with roles, that users are assigned to. The question is: how to prepare the section in web.config, so it allows acces to the folder only for users belonging to one of the roles? Second question: Using IIS configuration I ca...
I've got a repo setup with 3 projects(1 per folder) and a 4th folder with some supporting DLL code in it. In each of the 3 projects I have setup svn:externals to this supporting DLL folder. When I try to update any of the main projects I get the message (TortoiseSVN) "External Failed, unreadable path encountered, access denied." Here...
Hello, I have a rails application based on Authlogic with LDAP for authentification, and declarative authorization for roles requirements. The problem is when i put filter resource_access in my controller, i got this error : undefined method `current_user'.... I had define the method current_user on the application_controller Any hel...
Hello all, I am trying to set up Digest Auth on shared server. I am using the script found here. Works on my home set up but when i use it on the host i get the error... Notice: HTTP Digest headers not being passed to PHP by the server, unable to authenticate user in <filename> Last time encountered this with another host they said ...
Hello all, im trying to set up DIGEST authentication using PHP & Apache. I have tried doing this using a script i found on the web which gave me an error as it said the method apache_request_headers() didnt exist, which on reading seems that is becuase apache is not set up to pass the headers to php. I tried installing HTTP_Auth using PE...
Currently, we have a site where almost all the pages fall into some page class that's a subclass System.Web.UI.Page. Generally the subclasses control styling -- headers, footers, etc. -- things displayed on that class of page that we want for all classes. For one particular class, we check some session variables to see if the user has ...
Can a kind soul point me to some good documentation or code samples on setting up group based permissions with Django? My requirements are fairly simple - I just need to enable/disable functionality based on what groups a user belongs to. ...
Hi All, I'm specking out building a new website from the ground up. One of the core features is the authorization to view pages. The pages are in them selves dynamic. It's not going to be as simple as a static group/role-based solution. We haven't chosen an end platform yet, either. An example to view a page might be: 1) the user m...
Hi Guys, I'd like to use the built in directory security features built into the web.config to restrict access to child pages of a parent page. My structure is as follows: Members Members/News Members/Press Members/Movies Users should be able to have access to the members parent page, but not child pages. My problem is, because I ...
Hi, I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Directory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused. You see, the user name and password are stored in AD. So, my approach i...
First time trying to deal with users logging in with ASP.net and haven't had much experience with it with other things. From searching, I am seeing things like Asp.Net MVC Membership Provider. Is this a built in thing? Is there any good online guides for this? ...
Hi, I'm creating a custom Role provider based on the ASP.NET Role provider. I have 3 tables. One for Users, one for Roles, one for UsersInRoles.The Users table has no password column because the users are authenticated with ActiveDirectory. That's my approach so far. I can't get the cusstom Role Provider to work, anyone has the same sit...
Hi, I got this error message Could not find the specified membership provider Here's my web.config setting: <connectionStrings> <add name="MyConnectionString" connectionString="Data Source=MyHostName;Initial Catalog=MyDB;User ID=userid;Password=*****" providerName="System.Data.SqlClient" /> <add name="ADConnectionString" con...
Hi, im developing facebook iframe application with cakephp. My problem is i need facebook authorization soon as user visiting homepage. i'm put this code $user = $this->facebook->require_login(); in app_controller before filter method, seems its working with user authorization. but after user authorize my application is leaving facebook...
Hi Sitepoint wizard people, Say we have an admin application that has multiple users and various objects. What I'd like to do is control access within the object itself - that is, it will behave one way for one type of user, and another way for other users. For example... Director Mike can override Reception user Sally's registratio...
I've an Admin area and I want only Admins to enter the area. I considered adding the Authorized attribute to every controller in the Admin area. Isn't there an elegant solution or is this feature not there in the framework itself? EDIT: I'm sorry, I should to have mentioned this before. I'm using a custom AuthorizedAttribute derived fro...
Hi Does spring support authentication of signed requests? (like those provided by open social Signed authorization ,i.e open social makeRequest API) if so, how do you configure it? Best Regards Yaniv ...