Hi I need to restric access to my admin folder to certain people. Those with no authentication ticket should be redirectered to a "not allowed page". How do I identify all pages in my admin folder. I have so far but is it OK? If url.Contains("/admin") Then 'If authentication ticket incorrect then `Response.Redirect("~/notallo...
Hi, I'm looking for the simplest way to implement row-level authorization in Entity Framework 4. Something like odata's query / change interceptors would be great. This two-year-old msdn forum thread mentions that it was on the team's to-do list at that time. Has this been implemented by now? I could not find anything anything related...
I'm trying to modify the list of allowed users in web.config from a codebehind. <authorization> <allow users="alice, bob"/> <deny users="*"/> </authorization> I successfully retrieve the section I need config = WebConfigurationManager.OpenWebConfiguration("~"); authSection = (AuthorizationSection)config.GetSection("system.w...
Hi all, I am using some ASP.Net (web forms) code in order to force auth & auth over some content. Except for the auth code, all other content is non-aspx, i.e. html, png, etc. My application is using a centralized authentication service, which means if a user authenticates against that service, he/she has access to all apps that use th...
Hi, does anybody knows about Java/C# database independent authorization library. This library should support read, write, delete, insert actions across company organizational structure. Something like this: - user can see all documents - user can enter new document assigned to his unit - user can change all documents assig...
Hi, I have a several part question regarding authorization. I have a WPF ClickOnce application. It talks to a few WCF Services. Users will be on the VPN or domain authenticated. If a user in on the VPN, the application will prompt for credentials and impersonate using those credentials. I'm authenticating users using System.Director...
Hello, I am working on a browser based application that will have many users. The catch is that every user should have their own customized login page, but the actual application is the same for everyone, and needs to be in a central location. The login page is static. That is, if we have a user that requires a separate login, we will...
I'm contemplating how I should implement authorization and authentication with ASP.NET and MVC2. Lets refer to this as a user system. I have seen three types of solutions in the wild: Use the built-in ASP.NET Membership system (NerdDinner) Roll your own (Shrinkr) Create an abstraction layer for the ASP.NET membership (Tekpub's mvcstar...
Hello, i'm using AuthorizationExecuteWithPrivileges to run a shell script with elevated privileges. After some time i am required to reauthorize again in order for this to work. Is there a way to set a custom (veeery long) timeout on the authorization so that i would only get a password dialog for my application once and would be able to...
Is there a elegant way to require all actions to require [Authorize] without having to use an AOP framework or similar? It seems to easy too forget to put the attribute on all controllers. I guess creating a base controller also can solve this, but again.. It's possible to forget to inherit from this one. ...
I am working with a homebuilt MVC-oriented framework, and need to implement a login page. At the moment, the way it works is each controller that needs authorization calls its authorize() method, which in pseudo-code looks like: protected function authorize() { if (logged in) { return true; } if (login form submitte...
In my AccountController, I have code like this: ControllerContext.HttpContext.User = new MyAppUserPrincipal(user); When I step through this in the debugger I can see that ControllerContext.HttpContext.User.IsInRole("Admin") is true. Next, I have a HomeController protected by a custom attribute: [AuthorizeMyApp(Roles = "Admin")] In...
I am developing a web app that will be working with other companies web apps. Part of the desired user experience is that users on our web application will be able to log into our app, and be able to visit our parters' web applications. Accounts will be automatically created for the users on our partners' sites. We'd like them to be able...
I found there are 2 types of authentication mechanism in JSF. JASS Container managed (please correct if I am wrong) I tried searching for a better tutorial that guide to learn any of those method. Unfortunately I was ended up in many of uncompleted lessons. Can any one provide me a solid tutorial or any guide where I can catch the r...
I am writing a small website. There is PHP session based authorization. What HTTP response code should I send, if a user doesn't have access to a certain page? Is 412 Precondition Failed a good idea? I think 401 Unauthorized is good only for a http authorization. 400 Bad Request and 403 Forbidden looks too general. ...
Hi, I am trying to download a file from rapidshare using System.Net.WebClient in C#. I wanted to implement authorization using the http header field "Authorization: Basic ". I do it with the following code: WebClient.Headers.Add(HttpRequestHeader.Authorization, "Basic " + Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetByte...
I have an OS X Python application that uses wxPython for it's GUI controls. I'm looking to prompt the user for administrative rights (akin to using the Authorization Service API in Objective-C) before starting a network service. The closest library I have found is Bob Ippolito's Authorization library but it is fairly outdated and has co...
I'd like to display a single form in which each user can edit different fields. Currently, the code looks like this: <% if can? :update, item %> ` <%= f.text_field :title %> <% else %> <%=h f.object.title %> <% end %> I can package this in a series of helpers (one for each field type) but I also have to check in the controller wh...
I am creating an application for a video gallery, where I have different types of cds like audio, video, songs, movies etc. I need to give users access to only some of the cds types, for example only songs and movies. How can i achieve this in ASP.NET MVC? ...
How do I access the default SqlProvider in a DAL? I've only ever done this before from webforms. ...