asp.net-authorization

问题 I'm building my site, and I want to restrict a part of my site (The admin parts) from normal public display. I am using LINQ for database access. I have a Service class to handle calls to the database through LINQ I have the whole site running, except for the Login part. So far I have only been able to find examples using MembershipProvider and/or RoleProviders etc. And to be honest, it does seem like too much work for what I want. All this has to do is to let you in if you type the correct

问题 I am trying to implement a Policy that is quite granular level. The idea is like in the image. Each entity has always the One-To-Many relation with the entity on the right. One Institution can have many Courses , each Course can have many Subjects , each Subject can have many Syllabus , etc... There are 3 Roles: Administrator , Contributor , Viewer If you have a Role in one of the top entities this role will be propagated to the rest bellow. E.g: If you are an Administrator of Course you are

问题 Our app requires sign-in by either mobile number or Google. We are planning to Twitter Digits for mobile number authentication. The flow of registration and authentication as I understand is as below: Mobile app does rich authentication with Twitter Digits or Google Sign In (it’s better user experience for the user to do rich auth instead of opening a web browser tab). Twitter Digits / Google Sign In returns Identity Token. Mobile app calls AuthServer to SignIn and presents Identity Token.

问题 I'm playing around with MVC 4 for the first time to check out what's been changed/added/etc compared to MVC 3. To start off, I created a blank MVC 4 Web Application and started building from scratch. One of the first things that I noticed that is different in MVC 4 is the fact that the following web.config settings have no affect on the accessibility of the web pages: <configuration> <location path=""> <system.web> <authorization> <deny users="?"/> </authorization> </system.web> </location> .

问题 I'm trying to setup my authorization policy with a jwt based token for my apis. I have two controllers, used by separate apis. I need to make sure a user can only access the ones that he/she is allowed to use. So I figured I'd go with policy based authorization [Authorize(Policy = "API1")] [Route("api1/endpoint")] public class API1Controller : Controller { // my actions for api 1 } [Authorize(Policy = "API2")] [Route("api2/endpoint")] public class API2Controller : Controller { // my actions

问题 I am exposing an endpoint for integration with a 3rd party and their requirement is for me to authorize their requests to my endpoint based on a key passed in the body being posted. My code will then needs to validate that the passed key matches some predetermined value on my side. The incoming model will look something like this: public class RequestBase { public string ApiKey { get; set; } ... } Exploring the options for Authorization in ASP.NET Core I don't really see a match for what I am

问题 This is a followup to the question here, where the answer seems to refer to an overly-complicated and overly-specific (EF, which I'm not using - not even using an ORM). There has to be a more straightforward way around this common scenario than the smoke, mirrors, and sorcery hinted at in that answer. Note: I encased "context" in parenthesis because I'm not using EF, so it is not a literal "dbcontext" that I'm talking about here. So I got to wondering: Could I set a global variable for each

问题 I am trying to add a claim to an existing User, but the query I wrote (and am running in SSQL Management Studio) below doesn't work. Is the query wrong, or is this just not possible? update [test_MIM].[dbo].[AspNetUserClaims] set ClaimType = 'EmployeeNumber', ClaimValue = '1', --Id = f.Id, UserId = f.UserName from (select Id,UserName FROM [test_MIM].[dbo].[AspNetUsers] where UserName='abc@gmail.com') as f I commented out the Id column because when I included it the query failed (possibly

问题 Our site currently is setup to use windows authentication. The user security principal is automatically set when the request gets to our code and authorization to specific files is controlled with authorization elements in our web.config. We've now been mandated to install siteminder on our server to handle authentication. Because of this the user security principal is not automatically set and our code without modification doesn't know who the user is to determine authorization. I've

问题 I see there are 5 different Generate Token methods on ApplicationUserManager such as: manager. GenerateChangePhoneNumberToken () manager. GenerateEmailConfirmationToken () manager. GeneratePasswordResetToken () manager. GenerateTwoFactorToken () manager. GenerateUserToken () What is the point of GenerateUserToken when the other 4 exist? When would you only use GenerateUserToken and not any of the others? Can the UserToken from GenerateUserToken be used instead of the other 4 for all possible