I implemented the ASP.NET security model and I am allowing/denying access to users in the web.config based on what roles they are in e.g. <system.web> <authorization> <allow roles = "Admin" /> </authorization> </system.web> When I try and visit a page I don't have access to, it prompts me to log in but I'm already logged...
Our site uses role requirement and restful authentication plugins for rails. We are seeing most users able to access the site (login) just fine but a handful of logins are failing after being successfully authenticated and forwarded to the member's controller. It seems like the require roles line isn't finding the appropriate role and ...
We are hosting our portal pages on a linux box. I am supposed to implement a single sign on where the user logs into his/her windows xp desktop and that login is consumed by the portal and used to set the user role appropriately. I really would like some answers on how this can work best. Environment: Jboss 4.2.2GA Jboss portal 2.6.5 ...
I've read a ton of information about hashing and salting passwords, do's, don't etc. The problem I see is this: If a hacker is going to go through the efforts of stealing the list of hashed passwords, doesn't he then have access to all the data that is password protected? It's like storing the combination to a safe, in the safe. Brea...
I have requirement to design a WCF Service based system to filter requests on roles in C# Rules User can access X SuperUser can access Y Admin can access Z Database Resource AccessControl X User,SuperUser,Admin Y Admin Z Admin How do I create a system where I can transform these ac...
Hi, I'm currently trying out the JDBCRealm in Glasshfish v3: I have 2 roles USER and ADMIN. I have a LoginServlet that redirects to a url (say /admin or /user) based on the request.isUserInRole("ADMIN") method. Problem is when a ADMIN is logged in it returns true, so gets redirected to /admin but he can also access the /user. When a U...
My vision includes having globally defined roles which are pushed from AD but also I'd like to be able to add to Context.User.IsInRole("ATransientRoleForThisDocumentOnly") and have that work... I thought about pushing roles into the Thread.CurrentPrincipal and passing in Context.User.Identity and an array of roles but I was concerned a...
I have a web project GUI.. I was first working with administrator only. So when the administrator logs in with his username and password i use forms authentication to redirect him to the default page "Default.aspx". But now i have to work with Guests also... and on login check the role if it is of a guest then redirect him to a gues...
Perhaps put a different way, how do I set up a default security role for newly registered users in Grails using teh ACEGI plug-in? I have followed the acegi/grails tutorial here and am using controller annotations - although I haven't secured anything yet. I added a second role called WEB_USER and have successfully added a User to that...
I'm developing a custom plugin in PHP so existing plugins are not usable. What I want to achieve is that I want to display different url within a post for some users . For users that are registered in wordpress, contacted me and are 'approved'. I want to set up this extra user profile field so I can use this field in a condition. So gues...
I am trying to add authorization to my controllers and it's not working... I am not sure where to look in my program, but adding the [Authorize] filter in my controller is not working, let alone anything like [Authorize(Roles = "Manager")] I have been able to get this working in the default application that is provided when crea...
I have a custom menu, which leverages the standard asp.net sitemap. It works well but some of my pages are dynamically generated by URL rewriter, so they don't sit in the sitemap XML file. At the moment I rolled a custom solution which shows/hides menu items via CSS class and a programmatic check of the role that the user is in. It works...
I'm aware that sysadmin is documented as the server role necessary for creating logins (SQL/Windows-integrated); nevertheless, I'm tasked to find out if there's any other server role (built-in or otherwise) that can be used. To be specific, I'm looking to setup one or two logins with access to create logins, create [database] users, as...
So, I'd like to implement my own custom authorization system in MVC2. If I'd have to create a global class, where do I instantiate it? Can HttpContext be extended with my own additions and where do I do that? Should I use Authorization filters for rights validation or ActionFilters or do it within an action? Can ActionFilter pass any da...
So I'm having a heck of a time trying to piece together what I think is a pretty simple implementation. This is very similar to another StackOverflow question only I can't leverage Tomcat to handle role based authentication. I have an Apache httpd server in front of my app that handles authentication and then passes LDAP roles to a Jer...
In my WPF Desktop sample Book Store application I want to manage Users and Roles. With multiple Users I want to achieve below points 1) Application Should have multiple user 2) User has 3 categories a) Admin b) Manager c) Employee 3) Application can have multiple roles like, add books, sale books, Update Stocks, Generate Purchase Orde...
A precursor: I've worked now in two enviroments with conflicting principals on this. I am outlining the competing ideas and would like to know which is 'correct' given the scenario described. Scenario: Multiple applications exist on our intranet. We are implementing OpenSSO with LDAP as our authentication control and user directory. The...
What is the difference between ROLE_USER and ROLE_ANONYMOUS in a Spring intercept url configuration such as the example below? <http auto-config="false" access-decision-manager-ref="accessDecisionManager" use-expressions="true"> <intercept-url pattern="/admin/**" access="hasRole('ROLE_ANONYMOUS')" requires-channel="http"...
First, my development environment: Win7 laptop with Visual Studio Professional 2010. IIS is NOT installed. I'm trying to turn on and set up some roles for user management via the ASP.NET Configuration Tool, as demonstrated in the MVCMusicStore tutorial. When I click on the 'Security' tab, I get the following error: "There is a proble...
I'm implementing system which uses role based access to different methods in classes. For example to perform any action I need to check whether user which uses it can do it. I can write in each method: if(User.IsInRole ...) { } else { return ... throw ... whatever } I was thinking about automating this process for example by adding a...