I have a site which is running in ASP.NET 4.0, on Windows 7 Ultimate. It is using FormsAuthentication, with a nice little logon page, all of which is fine so far as logging in and authenticating. What is NOT working okay though is directory authorization overriding in sub-directories. I want both authenticated and non-authenticated u...
I have a problem using windows authentication and the authorization-tag in web.config for my asp.net application. When I host the application in IIS (both in IIS 6 and IIS 7) the authorization-tag is ignored. When I run the application in asp.net development server that comes with visual studio 2010, it works perfect. Why will it not w...
I made a toy Silverlight application. It gets some arbitrary XML from a domain service and stuffs it in a datagrid. What I'd like to do is implement access control for the service and the Silverlight control. For example, I'd like to allow access only to logged-in users, while denying access to anonymous users. With forms authenticat...
I have a web site that's set up as a facebook application. When new users access the web site and click the login button, the "Authorize this application" popup appears and after authorizing the application instead of closing, the popup reloads the whole site insite itself. Has anyone experienced this kind of problems before? ...
I'd like to stick with the attribute as it is simple. Apparently VS2010 development server supports HTTPS as it worked without problem which was nice. I followed the login link, was redirected to 443 and presented with a cert. I entered my credentials and submitted. Then I was redirected to standard port 80 instead of the static port I...
I am looking into creating an Public API so that we can open up some functions to our clients to develop against. I am sure that there are some good frameworks out there, I am just not sure where to start looking. There are 2 things that this framework would need to achieve. The Ability to approve/deny developers against the API. Th...
Let's assume I must have user's sensitive data that was optionally encoded on the client side. Encryption (optional) should be done with user's passphrase. User login (optional) should be done with user's password. Notes: plain-text password is not stored on the server or transfered over the network. My options and their drawbacks:...
I have an existing app that I've been doing some authentication work on (fixing some long standing issues) and I'm happy enough with the login redirection under normal circumstances. For IIS7 I'm implementing an authorization HttpModule that I'm running on the whole IIS7 pipeline. This works great but I'd like to get some subdirectories...
Hi guys, Assume we have two groups "Admins" and "Users". Admins are able to use any operation available in the service but the users can only use some of them. Should I add the "Admins" group to every single operation or if I just write it on top of the class will do the trick? Thanks. ...
What is the best way (for a .Net 4 project) to implement authorization in the business layer. Simply I want to check whether a certain identity can access a certain action/resource. I've tried to look this up in Patterns & Practices, but haven't found anything useful yet. And what about PrincipalPermission of ASP.Net 2.0? Is this still...
I'm looking to build an application that handles authentication and authorization for a variety of smaller apps that may or may not be rails applications (e.g. some with sinatra, some with non-ruby frameworks, etc). These applications will be on separate domains. Can I do this with Authlogic? I do not want to setup a rails application f...
Hello All, I am concerned on how to implement security measures may it be Authentication or Authorization.. How can these be implemented.. if you have any thoughts or links that you can share with regards to WCF REST 4.0 Security and if you've implemented it also the better. because ive been trying to find out on this topic all i find i...
My situation: I'm running a C# testing program which allows me to configure certain browser "steps", like going to an URL or clicking on a button. There's also the posibility to enter a domain, username and password. When running the program it will invoke another program* with the (if entered) username and password. This new program wi...
I'm working on a solution to part of my companys site that is done in 2 different languages. My part of the project is in ASP.NET, and the login portal is in a different language. We pass authentication credentials by storing login information in the database on the portal page and then sending a corresponding token to the URL in the ...
On my rails app I have implemented AuthLogic and CanCan. However when trying to figure out if the user can manage an article (checks if he is owner through the article.user_id) with CanCan I am running into issues. This should be straight forward I don't know what I'm doing wrong. User has_many Articles class Ability include CanCa...
hi, im trying to understand how to implement my own authentication and authorization machinery for my GAE app. does anyone already implemented something like that and maybe can give me some advice? what i need is grant access on certain sections to specific users and restrict the access to others. i looked at repoze.who and reapoze.wh...
I was checking the TitusLabs product for sharepoint which basically lets you to give permissions to sharepoing documents using metadata. For example: you can have document ,you can give metadata to this document: Secret. Now only people belongs to the group Secret can access to this document. How do they do this? How do you hook into sha...
I am currently hard coding the authorized roles in the filter in my MVC applications like so: [Authorize(Roles = "Administrator,Manager")] I'd like to eventually have a way to map the roles to each controller, so that the site admin can handle assigning what roles can perform each set of actions. string roles = DoSomethingToGetAllowa...
I am building a site that requires a lot of MySQL inserts and lookups from different tables in a (hopefully) secure part of the site. I want to use an abstraction layer for the whole process. Should I use a PHP framework (like Zend or CakePHP) for this, or just use a simple library (like Crystal or Doctrine)? I would also like to make s...
I would like to know if I can hook in a custom authorization support in apache2 webserver. What I want to do is, based on the user logged in, I want to disable few HTML pages being served to UI. The logic to check permissions to static resources (html, css, js etc) for a given user is little complex so I cant use the already available au...