I'm struggling to implement ACL in CakePHP. After reading the documentation in the cake manual as well as several other tutorials, blog posts etc, I found Aran Johnson's excellent tutorial which has helped fill in many of the gaps. His examples seem to conflict with others I've seen though in a few places - specifically in the ARO tree...
So here's my current code: List<string> rowGroups = GetFileGroups((int)row.Cells["document_security_type"].Value); bool found = false; System.Security.Principal.WindowsPrincipal p = new System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent()); foreach (string group in rowGroups) { if (p.IsInR...
I have medium sized MySQL database with a primary "persons" table which contains basic contact information about every human being connected to the theatre and theatre school for which I am responsible for maintaining and developing a number of web applications. Some persons are just contacts - that is, their "persons" table record is a...
I have a Linux web server and I'd like to make some database tables (currently in Access) available on the web for CRUD. There needs to role-based security. What's the quickest path to develop this? Also, which database would be best? I already have mySQL running on that box if it makes any difference. ...
Hi all, First off I know this is probably a tall order but... :) We have some software that interacts with the hardware our company produces. This software loads a .NET assembly and this acts as our interface to the hardware. Currently we have a 'Launcher' application written in C# which provides role based security. This 'Launcher' ...
I want to access the full model of users with their roles in my SOAP app. For example, I might want to know the role of a user called "Fred." How do I reach into some sort of global JAAS registry and do (pseudocode) globalRegistry.getUser("Fred").getPricipals()? (Note that in JAAS, roles are represented by Principals.) I know how to...
The production change implementers for our IT group have been tasked with reviewing the security for all of the various objects in our group, primarily to make sure that people who have left our employ or have transferred to other groups no longer have access to our server shares, web directories, sql databases, etc etc. We recently comp...
The site I'm working on is mid-sized, 3 developers, a few thousand users, and is very critical to the small business running it. So what I'm getting at is, this is not a Fortune 500 company, but is a serious enterprise needing to implement role-based security in a time/budget efficent way that is still pretty simple to use and has a hig...
I'm testing periodic fee subscriptions in DNN 5. I've set the renewal period on my custom role to 1 day. After 1 day, the subscription shows as EXPIRED, but the user can still view all the pages accessible to that role. Am I missing something? ...
Hi Just started getting to grips with WCF security. How do I list a user's roles at the service? E.g. // Could use declarative security here, i.e. using PrincipalPermission attribute public string MyService() { // Would like some code that does something like: foreach( Role role in CurrentUser.Roles ) { } } Thanks ...
Okay, I know I'm doing something wrong - but can't figure out a better way. I am developing a website which is going to allow users to setup their own mini-websites. Something like Ning. Also, I have only 1 basic login and access to each mini website is provided (right now) via roles. So the way I am doing this right now is: Everytim...
I have various EJBs on a J2EE-server, with different security roles. Now, from a Java Swing client application, when I log the user on to the server, I would like to discover which of these EJBs that are accessible to the user, without actually trying to create them or invoke them. The reason I want to do this is to adjust the user int...
Our current Intranet environment is a little outdated. The current stack has ASP.NET 1.1/2.0 applications that are querying against a SQL 2000 database. For role security, there are user groups on the servers that users are added into (so you need to be added into the group on the test and production machine). These user groups are syn...
In my online store, users are allowed to change certain properties of their orders (e.g., their billing address), but not others (e.g., the origination ip address). Administrators, on the other hand, are allowed to modify all order properties. Given, this, how can I use :attr_accessible to properly secure my Order model? Or will I have ...
Hi all. We've build a custom role provider and it was working fine locally, running Cassini. However, once we put our code in our sandbox environment, it stopped working. We've put debug statement in the custom role provider's code and it seems like that the custom code is not even getting execute. All the web.config is still the sam...
I have an ASP.Net website with multiple roles, each with access to a separate directory (i.e. admin users can access /admin, shoppers can access /shop etc), using a shared login page. If someone visits the login page with the return URL set to a directory they do not have access to (e.g. a shopper visits /login.aspx?returnurl=/admin/ind...
How to configure a wcf service hosted in IIS 7 to enable access for only defined users / groups to. Existing configuration: <authentication mode="Windows"/> <services> <service name="MyService.Test" behaviorConfiguration="MyService.TestBehavior"> <endpoint address="" binding="wsHttpBinding" contract="MyService.ITest"> <ide...
I want to restrict access to a particular url unless the user is a member of 2 different roles. In this case I only want to grant access to this url if the user is in both the Reporting AND Archiving role. Is there a way to do this in ASP.net? <location path="testpage.aspx"> <system.web> <authorization> <allow roles="Reporting, ...
I'd like to expose a web part to some users, but not all of them. How can I show or hide a web part in the Add Web Parts pop up window? I'd like to do this through code, and I'm hoping to use SharePoint Roles to make this happen. ...
Prerequisite: There is client/server application written in Delphi32. The RDBMS is SQL Server 2005. A certain application functionality requires creation/dropping of triggers (from the application using ad hoc DDL statements) in the target database. Problem: If a user belongs to roles sysadmin there is no problem to create/drop trigg...