authorization

I am building an app in PHP Lumen which returns a token upon login. I am not sure how to proceed beyond this. How am I supposed to maintain a session using these tokens? Specifically, how do I store the tokens on the client side if I am using reactjs or vanilla HTML/CSS/jQuery and send them in every request I make for the secure part of my web app? What I usually do is to keep the token in the local storage, this way I can persist the token even if the user leaves the site. localStorage.setItem('app-token', theTokenFromServer); Every time the user loads the page, the first thing I do is to

What I want to do is a two-level role check on an action handler. For example, Require that the users is in at least one of the following groups: SysAdmins, Managers AND in at least one of the following groups: HR, Payroll, Executive. Initial guess was that this might be the way to do this but I don't think it is: [Authorize(Role="SysAdmins,Managers")] [Authorize(Role="HR,Payroll,Executive")] public ActionResult SomeAction() { [...] } Do I need to role my own custom Attribute to take in Role1 and Role2 or something like that? Or is there an easier/better way to do this? You'll need your own

I'm building a MVC4 application for internal use in a corporate enviroment. I use windows authentication, which works fine, but I'm having troubles using Active Directory groups as roles for authorization. My Web.config looks like this: <authentication mode="Windows" /> <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider"> <providers> <clear /> <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" /> </providers> </roleManager> <authorization> <deny users="?" /> </authorization> When I use User authorization

This is my first post here, so hello :) Okay, let's get to the point... I am writing my first app in ASP.NET MVC Framework and i have a problem with checking privileges to use instances of model classes (read, edit). Sample code looks like this: // Controller action [CustomAuthorize(Roles="Editor, Admin")] public ActionResult Stats(int id) { User user = userRepository.GetUser(id); if (user == null || !user.Activated || user.Removed) return View("NotFound"); else if (!user.IsCurrentSessionUserOwned) return View("NotAuthorized"); return View(user); } So far authorize attribute protects only

I'm trying to stop requests on a route using the Authorize annotation, but I can't get it to work with Active Directory. Had anyone got this working yet? [HttpGet] [Authorize(Roles = "DOMAIN\\Group A")] [Route("/")] // GET: / public IActionResult Index() { return View(); } Note: I've also tried Authorize(Roles = @"DOMAIN\\Group A") Just to give some background, I'm running Windows, Visual Studio Pro 2015 (Update 3) Heres a bit from my project.json file: "dependencies": { "Microsoft.AspNetCore.Authorization": "1.0.0", "Microsoft.AspNetCore.Mvc": "1.0.0", "Microsoft.AspNetCore.Server