authorization

Adding User Authentication in PHP

Hi everyone. Now I know that I should not try to reinvent the wheel and try to write an authentication system, since I don't understand the security issues well enough. However, I need to add a basic authentication system to my site, so I can limit access to certain resources. How do you recommend that I do this? Edit: I am not trying...

Verify user Twitter authorization when loading the Authorization cookie

Hi, I'm creating an MVC web site, and I want to mix forms authentication (the built in authentication) with Twitter authentication in my site (eventually it will have Facebook/Google authentication too). The approach I'm taking is this: - I let the logic to create users and validate users/passwords from the Forms authentication as it ...

Is there a way to make OpenSSO/OpenAM talk to Database for its authentication and authorization?

Hi, We want to use OpenSSO for our authentication and authorization needs but would prefer it talking to database instead of the default LDAP datastore. We found that there is an experimental Database datastore present in the OpenAM 9.0 release. However, it seems to be just concerned with authentication and user lifecycle managemen...

RoR 3 - authentication with Authorization combined with Facebook Connect

I'd like to know what would be the best "practise" to use: Authentication Authorization Facebook connect I have seen authlogic has an Facebook Connect plugin. But the roles (authorization) haven't been described there. How would i do this? ...

how to authorize linkedin api access in window application...

i am creating a window application in c#.. i want to search the profiles in linked in... so how can i use the authorization........? thanks, ...

WCF Authorization using IIS and ACLs

Hi guys, i'm trying to secure some WCF services. I'd like to use IIS or the Web.config todo all of the heavy lifting/configuration if possible. I don't want to embed anything in my code - thought I know that may not be feasible. If possible, I'd like to achieve this without having to resort to AspCompatibilityMode :( I'm using a custom...

Devise and swfupload authorization

i'm trying to verify in my controller whether user has sufficient rights to upload files or not. swfupload does a POST request with (according to documentation) cookie values passed directly in POST request. this makes before_filter :authenticate_user! unusable, user is not authorized correctly. as far as I know from devise docs, there ...

jaxws webservice url additional parameter for authorization

Hello, I created WebService using JAXWS. Glassfish generated wsdl, and whole webservice is published under http://localhost:8081/mycompanyApi/api?wsdl How can I add some additional parameter to this url like http://localhost:8081/mycompanyApi/api?wsdl&hash=asdfa. I'd like to do the authorization by 'hash' parameter. ...

Cross-Site Authorization

The Scenario: 1. We have a site running .Net 4.0 who's manage the users, logins, data etc...; 2. We have another site running just client side script (javascript); We need: A. Log from client side site on .Net site; B. For the time of .Net session(15min) access data in Database , implementing some authorization, or save some info on cl...

Use custom authorisation on access to cube

Is it possible to use our solution's existing authentication mechanism for determining access rights to a MS Analysis services cube? We already have a system that manages usage policies and we would like to avoid duplicating this on the SQL Server. Our authentication system is based on NetSqlAzMan and we could expose it as a web servic...

opening a new window counteracts my "enforce_auth"

Hello, On my social network. There are "home" links that take you to the appropriate index if you are signed in or out. There is a "index.php", that if you are browsing the site signed out, it takes you there, and if signed in, and hit "home" it takes you to "index_signedIn.php" This is working fine for me. The problem is, when I close ...

authorization stringtemplate

it doesn`t working web.xml <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/jshop-servlet.xml, /WEB-INF/applicationContext-security.xml </param-value> ...

whats the best way to secure content on another web site / subdomain of a public facing web site?

I have a public facing web site living at www.somedomain.com. This web site renders pages with links to images that live at photos.somedomain.com. All users that view images on www.somedomain.com must be authenticated with forms authentication and they are authenticated by the asp.net membership provider running in the context of the w...

Dropbox API - Dropbox ruby gem (Tim Morgan): How to authorize

I want to write a ruby app for personal use that access my personal dropbox through their API. I'm using Tim Morgan gem 'dropbox' version 1.1.1 What I don't understand is the difference between a developer_key and a consumer_key. The gem docs say that I have to use the consumer_key, but when I registered my app on dropbox.com I received ...

Inject behavior into WCF After or During identification of WebGet Method to call.

I am trying to solve a problem where i have a WCF system that i have built a custom Host, Factory host, instance providers and service behaviors to do authentication and dependency injection. However I have come up with a problem at the authorisation level as I would like to do authorisation at the level of the method being called. For ...

authorization on google appengine application

Please, help. How can I validate user's group membership? Only users of a few google groups can access some pages on the site on appengine (python). validating group membership gives a negative answer to my question, but it was a year ago, maybe something has changed.. ...

How is this PHP authentication function hackable?

This is a recursive function I wrote to determine whether or not a given user is authorized to view content on a page. It is called in essentially the following fashion: if(authorize($_SESSION['user']['user_id'], $necessaryClearance)){ //Output restricted content } else{ //Inform user they are not authorized } Every user has ...

Authorization in ASP.NET MVC 2 using web.config file

Hi, I have an ASP.MVC 2 web page and I have my authentication done like this: FormsAuthentication.SetAuthCookie(user.UserName, false); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, "fooPage" + user.UserName, DateTime.Now, DateTime.Now.AddMinutes(10), false, String.Empty); HttpCookie cookie = new HttpCookie(F...

web.config authorization deny unauthorised

I am developing a .NET for ASP.NET Web Application and am trying to deny all users who are unauthorised from accessing my application but allowing them only to the login page. Below is a snippet of the code which is inside my system.web section: <authentication mode="Forms"> <forms loginUrl="Login.aspx" timeout="60" name="APPNAME" ...

How to reset an object's security descriptor to the default?

As part of a testing utility I am creating some registry keys and applying a specific security descriptor to them. Later on I want to reset it to the "default" security descriptor (i.e. inherited from the parent). What is the proper way to do this? I can't save and restore the original security descriptor because this utility may be r...