Hi, I am currently designing a role based authentication system for resources where many users have different access rights to it. A role may be a single user, or a group of roles (so a role is a tree of roles). (see graphic below) A resource can have multiple authentication properties (like read, write, delete), where each of this ...
I have for some time tried to anthropomorphise (meaning human readable) the names I give to interfaces, to me this is the same as give an interface a role based name – trying to capture the purpose of the interface in the name. I was having a discussion with other developers who think this is a little strange and childish. What do the ...
Hi all, I would like to ask what is the common way for handling role-based security with Google App Engine, Python? In the app.yaml, there is the "login" section, but available values are only "admin" and "required". How do you normally handle role-based security? Create the model with two tables: Roles and UserRoles Import values f...
I am looking for some best practices on how to handle the following scenario - flowing permissions from WCF service layer through to UI: I have WCF services with methods that have been decorated with the PrincipalPermission attribute. I would like a means to allow a client to check if they have the required permissions before invoking t...
Hi, In a banking or similar application there are usually several roles defined and associated privileges required (for example a normal user could only do transactions but not post it while a supervisor can verify and post them, sort of maker/checker). We also need to add new roles and privileges in the system (not sure about the latte...
I'm looking for a solution in PHP that will allow three types of users to pages that are relevant to them. Not everyone will access all the pages. What do I need - a role-based access control or ACL? Please suggest a good script / tool to address this requirement. Thank you for your time and attention. ...
I have seen example code that looks like this, which seems perfectly reasonable: [Authorize(Roles = "Admin, User")] public class SomeController : Controller But I have also seen several examples that look like this: [Authorize(Users = "Charles, Linus")] public class SomeController : Controller Why would I ever want to do this? ...
I am experimenting with security-trimmed action links in ASP.NET MVC, and am considering using the SecurityTrimmedActionLink helper method described here. What I would like to do is put a vertical bar between each link like this: link1 | link2 | link3 But I don't want two vertical bars to appear between links if a link has been trimm...
Hello, I am using Role Based Design Methodologies for a Java Application and I deal with the following: A class (e.g. FOO) will act a a Service Provider. That is it will accept messages from other classes and perform calculations on the provided input based on complex business logic. Now the question is: Should I make the exposed meth...
<siteMapNode roles="*"> <siteMapNode url="~/Default.aspx" title=" Main" description="Main" roles="*"/> <siteMapNode url="~/Items.aspx" title=" Adv" description="Adv" roles="Administrator"/> .... any user can see Adv page. That is a trouble and a qustion : why and how to hide out of role sitenodes. but if I do HttpContext....
Can iPhone apps have role based login? In my application I have to display the content according to the role of the user (employee, visitor). Till now I havent seen any app with role based login for iphone. Can I develop role based login? is there any restriction from apple side for these kind of logins to approve the app? ...
I want to enable caching for all Anonymous users of my site. But for logged in users of certain roles, I want to disable caching. I am using .net4/ASP.Net MVC2. How do I achive this? ...
Hi Friends, I am in need of best method to achieve role based authentication/authorization. The requirements are It should check accessibility page level, based on role It should be able to handle visibility of controls of page based on role And that all can be managed using web.config or any XML file I am familiar with asp.net nati...
In my job we are trying to consolidate the Authentication of the application farm with Windows Identity Fundation (WIF) or some custom component based in Membership Provider. With this, we need to provide the developers (and final users) some component that can help us with the logic of managment views by Role (RBAC - Role Based Access ...
In my WPF Desktop sample Book Store application I want to manage Users and Roles. With multiple Users I want to achieve below points 1) Application Should have multiple user 2) User has 3 categories a) Admin b) Manager c) Employee 3) Application can have multiple roles like, add books, sale books, Update Stocks, Generate Purchase Orde...
Hi I am trying to use Role based authorization in declarative way, when unauthorized user attempt to access a page, it never fire an exception or show the user an error message. What I should do to show unauthorized message? is that possible in declarative way? using coding is not a nice option sense I have several roles, and folder a...
It seems like the elevation of privileges is a common thing most developers fight with as most of the time they simply do not have it. I for one do but am fighting with a massive Background Worker routine and I'm trying to keep my code local to the class that will be employing it. Given the amount of code and references my background wor...
Hello, I am using role based Authentication for some of the features in my ASP.NET MVC application by implementing <Authorize(Roles:="Administrator")> _ Function AdminPage() As ActionResult Return View() End Function If the user is not logged in as Administrator this will redirect the user to login page but there is no feed ba...