I am trying to create a custom authentication scheme in ASP.NET MVC using form authentication. The idea that I might have different areas on the site that will be managed - approver are and general user area, and these will use different login pages, and so forth. So this is what I want to happen. User access restricted page (right now...
Hi, i have a script that allows only authorised users to upload files to a certain folder. however i do not know how to prevent people from downloading freely without login. I need the solution in php. I have googled around but nothing straight forward as yet. currently in my document root i have a folder called admin and a subfol...
Hello everyone, I'm trying to understand JAAS and to use it to authenticate and give authorization for a user to access a method in a class. I've not had problems with the authentication, but I couldn't find a way to give authorization for users to access only some methods in a class. My application has 4 users: User1, User2, User3 and...
Hello. What is the best way to achieve application authorization and entitlement in .Net. Earlier AzMan use to be the standard way. With the advent of provider model, at least roles are taken care of but I am not sure about the authorization & entitlement. I am looking at the ability to define and access operation level permissions for r...
This question is with regards to oAuth. Does "resource owner" grant one token to a "client" with all the necessary access? or can the "resource owner" grant multiple tokens to the "clients" each with some access? The difference being upgrade the token's access? or just create another token with the added access? ...
I'm writing a small authorization systems which has read, write, execute, append and delete permissions. If someone can write he can obviously also delete and append, so delete and append are part of write. I think all write operations could be expressed as append and delete and wonder if there would be any reason to distinguish between ...
I need to design a system that will control access to certain information. The requirement from the user is to use access levels e.g. Level 1 - Support Level 2 - Manager Level 3 - Senior Manager Level 4 - Department Head etc. If a certain piece of information is marked as Level 1, then all roles should be able to view that piece of in...
In a WPF application I use .txt files for holding some information. An application can read and write data from/to .txt file. Everything is OK, but the problem is that, to achieve this purpose, I have to grant writing access rights to these files for a user of an application and so, he/she gets the possibility to edit these files manuall...
Cross Site Request Forgery (CSRF) is typically prevent with one of the following methods: Check referer - RESTful but unreliable insert token into form and store the token in the server session - not really RESTful cryptic one time URIs - not RESTful for the same reason as tokens send password manually for this request (not the cached ...
I am building a simple cms in which roles are set dynamically in the admin panel. therefore the existing way of authorizing a controller method - [[Authorize(Roles=”admin”)] for example, is no longer sufficient. The role - action relationship must be stored in the database, so that end users could could easily give/take permissions to ot...
Original Question: i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i properly authenticate users without looking up database all the time to check for the user's roles? I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic...
I have several pages or views in my application which are essentially the same for both authenticated users and anonymous users. I'd like to limit the insert/update/delete actions in formviews and gridviews to authenticated users only, and allow read access for both authed and anon users. I'm using the asp.net configuration system for ...
Hi, sorry for the stupid questions but there are just some things about WCF I cant get my head around. Would be greatful for some advice on the following.... At a very basic level is it correct that WCF uses either Binary (Net.Tcp), HTTP or MSMQ to transfer my message on the wire? However is it true that in all cases, regardless of how...
Since no one answered this question: What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET server? Let me ask it another way: How does WCF RIA Services handle authentication/authorization/security at a low level? e.g. how does the application on the server determine that the incoming http ...
Hi I want to add "Sharing documents" feature to my app, like in google documents service. As i see: User can: can list/view/create/edit/delete own documents share own document to everyone - its a public document share own document to another user with read-only access share own document to another user with read-write access view li...
All greetings Anyone can do their implementation Authorization system? Do not use the Membership API? Of course we could implement custom providers to plug a different database into this framework, as detailed at MSDN, but if my application is going to use a repository pattern for data access, and I’m going to have specific controllers ...
Once you stored contents in S3 and make it public, then everyone have access to it. Is there a way to let only authorized users have access to the content stored in S3? For example, I have a site that let people store their documents. The server stores these documents in S3 and I would like only the user who uploaded the document to have...
Howdy folks, I have a customer that sells a lottery analysis application. In this application, he consumes a webservice (my service, I mean, belongs to the company I work for now) to get statistical data about lottery results, bets made, amounts, etc., from all across the globe. The access to this webservice is paid, and each consult co...
When I try to login to my Outlook url to reach for my "Calendar" / "Agenda" my VS2008 .net throws the following exception: {System.Net.WebException: De externe server heeft een fout geretourneerd: (401) Niet gemachtigd. bij System.Net.HttpWebRequest.GetResponse() bij OutlookAPI._Default.Page_Load(Object sender, EventArgs e) in D:...
I have an ADO.NET Data Service that's supposed to provide read-only access to a somewhat complex database. Logically I have table-per-type (TPT) inheritance in my data model but the EDM doesn't implement inheritance. (Limitation of Data Services and navigation properties on derived types. STILL not fixed in .NET 4!) I can query my EDM ...