I have a view to display a list of items. The user can edit, delete or create new items, but according to their authorizations they may or may not be allowed to do some of this actions. I have the requirement to display only the actions which the current user is allowed to do, but I don't want to clutter the views with authorization if...
Here's a question that I have been wrestling with for a while. We have a situation wherein we have a number of applications that we have created. These have grown organically over a period of time. All of these applications have permissions code built into them that controls access to various parts of the application depending on whethe...
We have an organization with several hundred internal users in Active Directory. We have some of our computer systems integrated with AD but have many disparate web applications scattered through the organization that have separate authentication and authorization mechanisms. In addition, we have about 60K external users who will event...
I have a subversion server running with apache. It authenticates users using LDAP in apache configuration and uses SVN authorizations to limit user access to certain repositories. This works perfectly. Apache DAV svn SVNParentPath /srv/svn SVNListParentPath Off SVNPathAuthz Off AuthType Basic AuthName "Subversion Repository" AuthBasicP...
We know that authorization's stuff is a cross cutting concern, and we do anything we could to avoid merge business logic in our views. But I still not find an elegant way to filter UI components (e.g. widgets, form elements, tables, etc) using the current user roles without contaminate the view with business logic. same applies for mode...
Is it possible to specify that multiple roles are required inside the authorization element of the web.config file? I currently have this block in one web.config of my site for a specific directory: <authorization> <allow roles="Global, Region" /> <deny users="*" /> </authorization> I've just identified a special case where ...
Hi, I'm developing a new Facebook Canvas application within an iFrame and trying to authorize users. The new OAuth api recommends I do a redirect to the following to authorize a user in my app: https://graph.facebook.com/oauth/authorize? client_id=...& redirect_uri=http://www.example.com/oauth_redirect However this produces a ...
I'm slowly but surely putting together my first rails app (first web-app of any kind in fact - I'm not really a programmer) and it's time to set up a user registration/login system. The nature of my app is such that each user will be completely separated from each other user (except for admin roles). When users log in they will have thei...
I've never seen this done but I had an idea of doing authorization in a more purely OO way. For each method that requires authorization we associate a delegate. During initialization of the class we wire up the delegates so that they point to the appropriate method (based on the user's rights). For example: class User { private dele...
In the course of my work i need to develop an authorization engine ( i'm already authenticated and i check access of a user to an action ) in order to store all the authorization logic inside a same place and be able to reuse it and i have created the mini library. http://github.com/eltados/canny what do you think about it? Is there ...
Basically I want a DataGrid (master) and details (textbox), where DataGrid is disabled during edit of details (forcing people to save/cancel)... Here's what I have... I have a DataGrid which serves as my master data. <data:DataGrid IsEnabled="{Binding CanLoad,ElementName=dsReminders}" ItemsSource="{Binding Data, Element...
Dear programmers! Today I have faced a serious problem, that I don't know how to approach. I'm trying to implement an authorization service, using SSPI/Kerberos. I'm testing it on my local computer. When I implement server size as a windows service application, authorization process is cycling, i.e. function InitializeSecurityContext i...
How can I protect an ASP Classic page with either HTTP AUTH (you must provide a username and password to service) or a randomly generated access key that will be included as one of the parameters of the HTTP POST using the variable name access_key. Can anybody provide asp classic code in this regard? Quick help will be appreciated... ...
So, I'd like to implement my own custom authorization system in MVC2. If I'd have to create a global class, where do I instantiate it? Can HttpContext be extended with my own additions and where do I do that? Should I use Authorization filters for rights validation or ActionFilters or do it within an action? Can ActionFilter pass any da...
Okay I'm very new to C# and i'm trying to create a little website using ASP MVC2. I want to create my own authorization attribute. but i need to pass some values if this is possible. For example: [CustomAuthorize(GroupID = Method Parameter?] public ActionResult DoSomething(int GroupID) { return View(""); } I ...
Hi, I'm trying to change the authentication mode of my application from JDBC-REALM to JNDI-REALM. I configured the following section inside the Server.xml <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://****:389/DC=onsetinc,DC=com??sAMccountName?sub?(objectClass=*)" connectionName="user...
I have an application that prints the contents of a URL (to a physical printer) at a certain point. I want this to happen automatically and without further user input. I am using SWT to load the URL into an SWT browser (that works int he background only - it is not visible) and print. The sole problem at this point is that the server wan...
We are using security exits in WebsphereMQ 6.0 to provide security in java clients connecting to MQ and MQ - MQ connectivity. We use security exits to provide secure way to connect to Queue managers , Queue , channel. IS there any change in security mechanism in latest version so that we can completely avoid using security exits ? Thi...
Hello, I want to understand the logic of authorization,cookies,users logins,sessions..Do you know any source that explain and teach me about it. If it could give any examples it would be great. I mostly use php,jsp but it would be no problem if you give answer related other languages. ...
Hi guys, I've managed to create a a new user from a servlet using VMM. The problem I now have is in allocating a role to the user. Does anyone know how I could make give the new user a websphere monitor role from within the servlet ? cheers, Trevor ...