I have the following config for roles using standard SqlRoleProvider, but I get an error when I try and open the Security page in the wweb site Admin tool: <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider"> <providers> <remove name="AspNetSqlRoleProvider"/> <add name="AspNetSqlRoleProvider" ...
Hi everybody, (sorry for my English ;) I started to use CanCan from rbates, this is awesome gem, but I have some problems: I have Scrap model and there is boolean field :published (so, it means published/not published (draft)). I have this rule in my ability.rb: can :create, [Scrap] can [:update, :destroy], [Scrap] do |object| obj...
So I set this above my Controller: [Authorize(Roles="Administrator")] The problem is whether they are not logged in, or don't have the right role, it redirects them to the login page. Is there a way to have it handle authorization and authenticate differently? ...
In a standard, generated list view, how can I hide certain ActionLinks based on the roles the logged in user belongs to? ...
I have a Model which I am using to track permissions in a hierarchical organization using the awesome_nested_set plugin. I'm running into a problem where two named_scopes, when chained together, are creating a duplication INNER JOIN. class Group < ActiveRecord::Base acts_as_nested_set has_many :memberships has_many :accounts, :thr...
I'm using the Authorize attribute to filter controller actions based on user roles, but if an unauthorized action is attempted, the user is redirected back to the login page. As I user I would find this confusing and irritating. How can I instead show an error message informing the user they need certain roles, and remain on the view w...
I want to do the same thing as in this link: http://www.codeproject.com/KB/WCF/Custom_Authorization_WCF.aspx But without using configuration files. Can anyone show me how? Edit: I want to implement both AuthorizationPolicy and the CustomValidator. ...
Hi, I'm trying to execute a SSIS package on a SQL Server 2008R2. The script retrieve data on a remote server and copy them to its local database. This job is scheduled every hour, the SQL Agent use a proxy to authenticate itself to the remote machine. Authentication seems to be ok but I get an error during loading of the SSIS package. ...
A customer wants their product to require users to enter a machine-specific code, so that they can only run it on one machine... if they want to use it elsewhere they get a deactivation code from the first machine and send that back to prove this. If the app could talk to their server this could be made much smoother but this is not the...
I'm building a picture diary on web application google app engine using python. Users can sign up and post pictures to their diary. Also, I'm trying to conform as much as I can to the REST architecture of doing things. The authentication scheme is based like this for the web application: 1. Post username/password from the fronten...
Hi, I need to be able to tighten my business layer - access to particular data. The UI can make a call to the business layer and receive a userdetail. The UI can then call .Save() on a user and the business layer will call the data access layer to save the user. Although, the problem here is that I don't just want any user to be able t...
Hi Friends, I am in need of best method to achieve role based authentication/authorization. The requirements are It should check accessibility page level, based on role It should be able to handle visibility of controls of page based on role And that all can be managed using web.config or any XML file I am familiar with asp.net nati...
So, I've implemented my IPrincipal.IsInRole(...) and I'm using FormsAuthentication like so: <authentication mode="Forms"> <forms loginUrl="Login.aspx" name="someName" timeout="600"/> </authentication> Then I have a page that requires you to be authenticated and that you have "roleA". This is configured like so: <location path=...
There are a lot of role-based authorization plugins out there. They work great when you know in advance what the roles are going to be. For example, if I know I'm going to have administrators, super_users, and not_so_super_users. What I really want is to be able to create custom roles and assign that role to a user. At this point, I am ...
What should my authentication requirements be for a stand alone web application that will not integrate with any other applications? I know that I will need to have the following features, but am I missing anything? unattended password reset lock account after multiple failed login attempts roles for different kinds of users log all l...
I have a cherrypy application and on some of the views I want to start only allowing certain users to view them, and sending anyone else to an authorization required page. Is there a way I can do this with a custom decorator? I think that would be the most elegant option. Here's a basic example of what I want to do: class MyApp: ...
Is it possible to configure web.config to authorize a page to be only read locally (similar in concept to the RemoteOnly feature for error messages). ...
I use ASP.NET routing to rename the full paths of my URLs (ie. /page1/page2/file.aspx would just become /file.aspx). This doesn't work with web.config authorization, because that uses physical path/folder names. Is there a fix for this? ...
I'm developing a REST api for a application, and everething went fine up until now... I'm building a header with login data, GET and DELETE work fine but when I try to send a PUT or POST request I get 404... When authorization is off (i.e., I do not check it in cake) everything works fine. Here's the controller code: class SitesContr...
Hello, I am trying to control access to my website with windows integrated. <?xml version="1.0"?> <configuration> <system.web> <authentication mode="Windows"/> <authorization> <deny users="?"/> <allow roles="DOMAIN\The_group_that_can_access_it"/> </authorization> ... </system.web> </configuration> Except that, ...