Hello everyone, Seems there is an abundance of popular declarative-style authorization plugins, which allow you to somehow state in the code that, e.g., this controller action can be accessed by users with such-and-such roles. But what if I need a more dynamic scheme. I want to have an admin area, with a list of all authorizable actio...
I'm attempting to communicate with bit.ly's REST API using their modified version of basic authentication. However in order for this to work HttpWebRequest needs to attach the credentials on the first request, however, HttpWebRequest will not send credentials on the first request and will wait for a 401 before sending any credentials eve...
I've got rails_authorization_plugin up and running with models. What's the best way to implement permission checks on my site? I have complicated conditions for when an instance of an object should be visible, is there an efficient way to chain them together so I'm not fetching multiple sets of data and grinding my DB as a result of lo...
I want to update some file in a server, with an automated script and the target files on a different server. Haven't started yet, but I think there will be authorization and connection issues during the process. Any suggestion on how I could approach? Thank you ...
How would one go about creating a site that will log you into other sites and gather your data. For instance, how mint.com allows you to input all your online bank details and it gathers your data for viewing within Mint. If someone could point me in the direction with some keywords or any scripts, it would be much appreciated. ...
I am writing a web app using MVC and the first page will be a login screen. What is the best way to setup an authorization off of this first page to provide authorization for the entire session. The login information will be held in a database which will be half pulled from an HR db and an AD db. Thanks ...
I'm wrestling with building a custom membership provider that allows me to have the security scheme I need. I have my own IPrincipal, IIdentity, and MembershipProvider. I have the authentication working fine. The problem I'm running into now is the authorization. The problem I have with the authorization scheme is inherintly in the I...
If I put something like this in my ASP.NET web application's web.config: <authorization> <allow roles="MyUsers" /> <deny users="*" /> </authorization> and then have an ActiveDirectory group SpecialGroup that is inside MyUsers, will a member of SpecialGroup be allowed to access my application? ...
I'm working in a legacy environment where an LDAP server is used only for authentication and contains no roles, and authorization is done against a database which contains the user-role mapping, but no passwords. My plan is to implement a new Tomcat Realm by extending JNDIRealm, and overriding the role methods to call an encapsulated JD...
I want to build my web services serving JSON data utilizing RESTful architecture. But I want my own client apps only that can request from my web services. Basically, my web services contain sensitive data that is not for public consumption, but I wanted to build it that way so I can build many different client apps that connects to my...
I'm currently using a modified HTTP::Daemon::Threaded server in combination with SOAP::WSDL and Pod::WSDL to provide web services used by a variety of client types and roles. ---- that's not the question, the following is ----- I'd like to arrive at an optimal solution (as far as is possible) with respect to the following topics: Req...
Hi, This is one of this things that should be extremely simple and I just can't work out why it's not working. I'm trying to set up some very quick authentication for an ASP.net 3.5 app but storing the usernames and passwords in the web.config file (I know it's not very secure but it's an internal app that I keep getting asked to add a...
I am trying to implement authorization for a WCF service but I have run into some significant difficulties. I think I need to use a hybrid solution combining custom authentication and claims, but I am not sure if this is correct. My application uses Windows authentication to connect to the application. Once the user has been authorize...
I have a controller and I want two roles to be able to access it. 1-admin OR 2-moderator I know you can do [Authorize(Roles="admin, moderators")] but I have my roles in an enum. With the enum I can only authorize ONE role. I can't figure out how to authorize two. I have tried something like [Authorize(Roles=MyEnum.Admin, MyEnum.Moderat...
There are several different web services -- various technologies used, such as Java, .NET, Python, Perl, and possibly more in the future -- belonging to different organizations, and the access to those web services has to be restricted. The idea is to have a central authentication and authorization server, only responsible for granting ...
How to configure a wcf service hosted in IIS 7 to enable access for only defined users / groups to. Existing configuration: <authentication mode="Windows"/> <services> <service name="MyService.Test" behaviorConfiguration="MyService.TestBehavior"> <endpoint address="" binding="wsHttpBinding" contract="MyService.ITest"> <ide...
I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex. I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication. channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login(). What I ...
Hi, is there any generic way to get the role which is required for some particular action? In Detail my problem is, that I have e.g. 2 roles "User" and "Admin" and an action with the following: [Authorize(Roles = "Admin")] public class AdministrationController... If the user is not logged in, he gets the login screen. That's ok. Whe...
Hi, I want to get a "permanent" session, i.e. in my app i ask the user for permission for offline_access FB.Connect.showPermissionDialog("offline_access"); In the POST url I get the fb_sig_session_key, and I understand that all i need to do now is to use this fb_sig_session_key, and the user would not need to login with user/password...
Hi, I am developing an ASP.NET application which will be calling (extensively) WCF services. Now, I am obviously having some kind of mental melt down as I can't for the life of me get this wrapped around my head correctly. I am using ws2007HttpBinding with Message security and ClientCredentialType of UserName. The WCF is using the ASP.N...