authorization | 易学教程

AuthorizeAttribute with Roles but not hard-coding the Role values

阅读更多关于 AuthorizeAttribute with Roles but not hard-coding the Role values

问题 Is it possible to add the Roles but not hard-coding the values like: [Authorize(Roles="members, admin")] I would like to retrieve these roles from a database or configuration file where I wouldn't need to rebuild the application if I needed to add/remove Roles for a Controller Action. I know with the enums it can be done... http://www.vivienchevallier.com/Articles/create-a-custom-authorizeattribute-that-accepts-parameters-of-type-enum but even this is still not flexible enough for my needs;

Google Maps Android API Authorization failure - has this service changed in the last few months?

阅读更多关于 Google Maps Android API Authorization failure - has this service changed in the last few months?

问题 I have coded a Xamarin Google Apps V2 application. The device I am deploying to has Google Play Services installed. The application has all been setup correctly in the API console and I have had this application working before, months ago. Currently, when the application is deployed to my device, I am getting the following errors in the Application output: [Google Maps Android API] Authorization failure. Please see https://developers.google.com/maps/documentation/android/start for how to

ASP MVC C#: Is it possible to pass dynamic values into an attribute?

阅读更多关于 ASP MVC C#: Is it possible to pass dynamic values into an attribute?

Okay I'm very new to C# and i'm trying to create a little website using ASP MVC2. I want to create my own authorization attribute. but i need to pass some values if this is possible. For example: [CustomAuthorize(GroupID = Method Parameter?] public ActionResult DoSomething(int GroupID) { return View(""); } I want to authorize the access to a page. but it depends on the value passed to the controller. So the authorization depends on the groupID. Is this possible to achieve this in any way?. Thanks in advance. Use the value provider: public class CustomAuthorizeAttribute : FilterAttribute,

WCF Service authorization patterns

阅读更多关于 WCF Service authorization patterns

问题 I'm implementing a secure WCF service. Authentication is done using username / password or Windows credentials. The service is hosted in a Windows Service process. Now, I'm trying to find out the best way to implement authorization for each service operation. For example, consider the following method: public EntityInfo GetEntityInfo(string entityId); As you may know, in WCF, there is an OperationContext object from which you can retrieve the security credentials passed in by the caller

net/http.rb:560:in `initialize': getaddrinfo: Name or service not known (SocketError)

阅读更多关于 net/http.rb:560:in `initialize': getaddrinfo: Name or service not known (SocketError)

@@timestamp = nil def generate_oauth_url @@timestamp = timestamp url = CONNECT_URL + REQUEST_TOKEN_PATH + "&oauth_callback=#{OAUTH_CALLBACK}&oauth_consumer_key=#{OAUTH_CONSUMER_KEY}&oauth_nonce=#{NONCE} &oauth_signature_method=#{OAUTH_SIGNATURE_METHOD}&oauth_timestamp=#{@@timestamp}&oauth_version=#{OAUTH_VERSION}" puts url url end def sign(url) Base64.encode64(HMAC::SHA1.digest((NONCE + url), OAUTH_CONSUMER_SECRET)).strip end def get_request_token url = generate_oauth_url signed_url = sign(url) request = Net::HTTP.new((CONNECT_URL + REQUEST_TOKEN_PATH),80) puts request.inspect headers = {

How to Show or hide controls based on roles - ASP.NET MVC 4 Razor

阅读更多关于 How to Show or hide controls based on roles - ASP.NET MVC 4 Razor

问题 I m working on ASP.NET MVC 4 application.I have a dashboard and my users groups will be based on Windows Domain So I am using WIndows Authentication for authenticating users. I created sample applications which uses custom authentication by overrides functions AuthorizeAttribute, ActionFilterAttribute . Is this a good approach ? Which attribute is best used for authentication ? I have a dashboard. So I need to show or hide the controls based on roles. Suppose if there is 3 grids(table), If

Why is onAuthorization executing before authentication?

阅读更多关于 Why is onAuthorization executing before authentication?

问题 I'm trying to do some custom authorization so I created a controller overriding the OnAuthorization method. I also applied the Authorize attribute to this controller. The question is why is the OnAuthorization method called BEFORE the basic forms authentication process? I would like to authorize the user after he is authenticated. Am I missing something? Here is the code: [Authorize] public class AuthorizationController : Controller { protected override void OnAuthorization

Rails 4 user roles and permissions

阅读更多关于 Rails 4 user roles and permissions

问题 I am writing a rails application for an organization. Every user may have 1 or more roles and can only access certain controller actions depending on those roles. For example, only admins can create, destroy and update certain fields of User s. Also, there are Team s which each have a team leader , and only the team leader can update certain information about the Team (like the member list, for example). However, Admins are the one who assign the team leader in the first place. The specific

Authorize current user against controller and action name in ASP.NET MVC 3

阅读更多关于 Authorize current user against controller and action name in ASP.NET MVC 3

I need to create a customized authorization in ASP.NET MVC 3. Inside the app, authorization is defined in 5 tables: users, groups, usergroups, rights, grouprights. A user can belong to several groups, and each right can be assigned to several groups too. Each controller action is assigned a RightID. The built in authorization can't accomodate this setup, so I tried to create a customized AuthorizeAttribute. When overriding AuthorizeCore, I realized I don't have access to controller name and action name. Can I somehow ask the router to parse the Request.RawUrl inside AuthorizeCore to get

Custom authorization attribute not working in WebAPI

阅读更多关于 Custom authorization attribute not working in WebAPI

public class CustomAuthorizeAttribute : AuthorizationFilterAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { return true;// if my current user is authorised } } Above is my CustomAuthorizeAttribute Class and [CustomAuthorize] // both [CustomAuthorize] and [CustomAuthorizeAttribute ] I tried public class ProfileController : ApiController { //My Code.. } When I'm calling http://localhost:1142/api/Profile It is not firing CustomAuthorizeAttribute More over My FilterConfig class is look like below public class FilterConfig { public static void RegisterGlobalFilters