security-roles

CakePHP ACL Database Setup: ARO / ACO structure?

I'm struggling to implement ACL in CakePHP. After reading the documentation in the cake manual as well as several other tutorials, blog posts etc, I found Aran Johnson's excellent tutorial which has helped fill in many of the gaps. His examples seem to conflict with others I've seen though in a few places - specifically in the ARO tree...

WindowsPrincipal.IsInRole() not returning the expected result

So here's my current code: List<string> rowGroups = GetFileGroups((int)row.Cells["document_security_type"].Value); bool found = false; System.Security.Principal.WindowsPrincipal p = new System.Security.Principal.WindowsPrincipal(System.Security.Principal.WindowsIdentity.GetCurrent()); foreach (string group in rowGroups) { if (p.IsInR...

Preferred database design method for assigning user roles? (Hats vs. Groups)

I have medium sized MySQL database with a primary "persons" table which contains basic contact information about every human being connected to the theatre and theatre school for which I am responsible for maintaining and developing a number of web applications. Some persons are just contacts - that is, their "persons" table record is a...

best language / framework for a web CRUD app with roles on Linux

I have a Linux web server and I'd like to make some database tables (currently in Access) available on the web for CRUD. There needs to role-based security. What's the quickest path to develop this? Also, which database would be best? I already have mySQL running on that box if it makes any difference. ...

Launching a C++ executable from a C# app and keeping role based security context

Hi all, First off I know this is probably a tall order but... :) We have some software that interacts with the hardware our company produces. This software loads a .NET assembly and this acts as our interface to the hardware. Currently we have a 'Launcher' application written in C# which provides role based security. This 'Launcher' ...

How do I access JAAS roles at arbitrary point in the code?

I want to access the full model of users with their roles in my SOAP app. For example, I might want to know the role of a user called "Fred." How do I reach into some sort of global JAAS registry and do (pseudocode) globalRegistry.getUser("Fred").getPricipals()? (Note that in JAAS, roles are represented by Principals.) I know how to...

Using C# to get a list of ACLs for Servers and mapped drives

The production change implementers for our IT group have been tasked with reviewing the security for all of the various objects in our group, primarily to make sure that people who have left our employ or have transferred to other groups no longer have access to our server shares, web directories, sql databases, etc etc. We recently comp...

What is the best way to implement role-based security in ASP.Net?

The site I'm working on is mid-sized, 3 developers, a few thousand users, and is very critical to the small business running it. So what I'm getting at is, this is not a Fortune 500 company, but is a serious enterprise needing to implement role-based security in a time/budget efficent way that is still pretty simple to use and has a hig...

DNN 5 - Role expired, but user can still view pages

I'm testing periodic fee subscriptions in DNN 5. I've set the renewal period on my custom role to 1 day. After 1 day, the subscription shows as EXPIRED, but the user can still view all the pages accessible to that role. Am I missing something? ...

How do I list the requesting user's roles in a WCF service?

Hi Just started getting to grips with WCF security. How do I list a user's roles at the service? E.g. // Could use declarative security here, i.e. using PrincipalPermission attribute public string MyService() { // Would like some code that does something like: foreach( Role role in CurrentUser.Roles ) { } } Thanks ...

[Architecture] Roles for white-label service access.

Okay, I know I'm doing something wrong - but can't figure out a better way. I am developing a website which is going to allow users to setup their own mini-websites. Something like Ning. Also, I have only 1 basic login and access to each mini website is provided (right now) via roles. So the way I am doing this right now is: Everytim...

Can I from a client detect which EJBs the current user is authorized to use?

I have various EJBs on a J2EE-server, with different security roles. Now, from a Java Swing client application, when I log the user on to the server, I would like to discover which of these EJBs that are accessible to the user, without actually trying to create them or invoke them. The reason I want to do this is to adjust the user int...

What is the best practice for role security for an Intratnet ASP.NET/SQL2K5 environment?

Our current Intranet environment is a little outdated. The current stack has ASP.NET 1.1/2.0 applications that are querying against a SQL 2000 database. For role security, there are user groups on the servers that users are added into (so you need to be added into the group on the test and production machine). These user groups are syn...

Using :attr_accessible with role-based authorization

In my online store, users are allowed to change certain properties of their orders (e.g., their billing address), but not others (e.g., the origination ip address). Administrators, on the other hand, are allowed to modify all order properties. Given, this, how can I use :attr_accessible to properly secure my Order model? Or will I have ...

asp.net custom role provider not working in sandbox

Hi all. We've build a custom role provider and it was working fine locally, running Cassini. However, once we put our code in our sandbox environment, it stopped working. We've put debug statement in the custom role provider's code and it seems like that the custom code is not even getting execute. All the web.config is still the sam...

Determine if user can access the requested page?

I have an ASP.Net website with multiple roles, each with access to a separate directory (i.e. admin users can access /admin, shoppers can access /shop etc), using a shared login page. If someone visits the login page with the return URL set to a directory they do not have access to (e.g. a shopper visits /login.aspx?returnurl=/admin/ind...

Secure WCF Service hosted in IIS 7 using the windows authentication restricted by defined group or users

How to configure a wcf service hosted in IIS 7 to enable access for only defined users / groups to. Existing configuration: <authentication mode="Windows"/> <services> <service name="MyService.Test" behaviorConfiguration="MyService.TestBehavior"> <endpoint address="" binding="wsHttpBinding" contract="MyService.ITest"> <ide...

Asp.Net Conditional URL Role Authentication

I want to restrict access to a particular url unless the user is a member of 2 different roles. In this case I only want to grant access to this url if the user is in both the Reporting AND Archiving role. Is there a way to do this in ASP.net? <location path="testpage.aspx"> <system.web> <authorization> <allow roles="Reporting, ...

How can I restrict what web parts show up in the Add Web Parts window?

I'd like to expose a web part to some users, but not all of them. How can I show or hide a web part in the Add Web Parts pop up window? I'd like to do this through code, and I'm hoping to use SharePoint Roles to make this happen. ...

What is a minimum SQL Server role allowing trigger creation/dropping?

Prerequisite: There is client/server application written in Delphi32. The RDBMS is SQL Server 2005. A certain application functionality requires creation/dropping of triggers (from the application using ad hoc DDL statements) in the target database. Problem: If a user belongs to roles sysadmin there is no problem to create/drop trigg...