Hi, I'm using the Authorize() attribute to secure my controllers/actions and want to only display the Login action to unauthenticated users - or to put it another way, deny access to authenticated users. I haven't been able to find anything on the web dealing with either denying permission or allowing negative permissions (ie !LoggedIn...
Dear, I'm facing a problem with HttpContext.Current.Session when I'm adding CustomUrlAuthorizationModule tag to web.config. Every time i'm adding the above tag to my web.config, HttpContext.Current.Session is null every time the page is rendered. PS: i'm using HttpContext.Current.Session from SQLSiteMapProvider class from BuiltSiteMap...
Hi all, I was wondering if anyone would be able to help me with the following? I need some more complicated rules for authorisation in a webapp than just role, which I have working fine. Something along the lines of "Allow all Admins. Allow Buyers, provided they have the correct department ID and are allowed to see this customer's crede...
Hello all, I need help in following:) To begin with I work on the large application, that has a WinForms client and server. Server in our case is the set of WCF services. There is one service that is responsible for authentication of users. The logic of authentication is custom and complex and authentication service uses different memb...
Many unwanted users are creating fake accounts on our website for pester us. What can we do? ...
We are using a flash media server to serve streaming media (H.264) for our application. Within the application itself we have implemented authentication (CAS) and authorization so only certain people can see certain videos. The problem, however, is that if the users just looked at the source they could see the external link to our flash ...
Just found that there is a request header authorization. Want to know what is the use of this header. How is it used in the context of jsp tomcat servlet enviornment. How is it different from a normal login module, where user enters username password in a simple jsp page. How a page passes authorization header. ...
There are a few very good authorization gems, like cancan and declarative_authorization. But here's a problem: authorization rules are seperated in class, but i need to place them in table or maybe some yaml config file to change them in admin panel eventually. Perfectly, if i can either change permissons for user groups and for individu...