authorization

We're beginning to design a whole bunch of new services to create (WCF, ADO.NET Data Services, possibly in the cloud at some point) and one question that pops up is what authentication and authorization scheme to use - there are quite a few! We basically need to be able to identify users (actual people, and "virtual" application/service users) on a wide variety of protocols - HTTP, HTTPS, TCP - and we need to assign them at least a bunch of roles / permission to see certain data and/or do certain operations. We definitely can't use Windows group membership alone - we have plenty of external

I need to authenticate a client when he sends a request to an API. The client has an API-token and I was thinking about using the standard Authorization header to send the token to the server. Normally this header is used for Basic and Digest authentication. But I don't know if I'm allowed to customize the value of this header and use a custom auth-scheme, e.g: Authorization: Token 1af538baa9045a84c0e889f672baf83ff24 Would you recommend this or not? Or is there an better approach to sending the token? You can create your own custom auth schemas that use the Authorization: header - for example,

The new ASP.NET 4.5 code has "re-parented" the ASP.NET RoleProvider to a ClaimsProvider. What I'm trying to figure out, is what would a "claims based" example of authorization look like (preferably in MVC4)? How does my Authorize attribute interact, or not, with this capability? The WebSecurity and Roles API havn't changed; there is no "DoesUserHaveClaim()" signature. Similarly, it is not clear how the Authorize attribute interacts with claims. Was this "claims authorization" feature intended primarily for OAuth? If so, how are claims forwarded to my application? A cookie? Or was this claims

I have a question about custom authorization in MVC. I have a site that I want to limit access to certain pages, depending on their group membership. Now I have seen tons of examples on how to do this if there is a single admin group and a single user group, for example, but not any examples for a third level. For example, only users of a company can view orders for their own company (and each company has its own admins, etc). These companies are stored in a DB. So I have seen ways to do custom authorization, overriding the AuthorizeCore method on the AuthorizeAttribute , but I don't know how

I have some created web forms and I need to check whether the user is authenticated or not, before displaying the other web forms. All the users can access Default.aspx and About.aspx pages. And I have three types of users namely- Admin,User and Super User . Also, I keep the authentication details in my own SQL server db. How can I do this? Thanks in advance! First establish membership and role provider. There is whole story about it. I will give a help here. Here is link to SqlMembershipProvider (one of the options you can take): http://msdn.microsoft.com/en-us/library/system.web.security

I'm trying to implement token authorization for Angular5 client and WebApi server application. I have managed to create WebApi part of the project in question and when I try to get the token via "POSTMAN" I get a good response: Postman request and server answer I'm trying to achieve the same with Angular5. This is my call from angular: login(user: string, pass: string) { let params = new HttpParams() .append('grant_type', 'password') .append('username', user) .append('password', pass); let headers = new HttpHeaders() .set('Content-Type', 'application/x-www-form-urlencoded'); return this._http

I am trying to add custom authorization in dropwizard but not able to successed. I have a custom authentication added for dropwizard by binding it to authFactory Authenticator ssoAuthenticator = createSSOAuthenticator(configuration.getSsoGrantClientConfiguration()); environment.jersey().register(AuthFactory.binder( new SSOTokenAuthFactory<SSOGrant>( ssoAuthenticator, SYSTEM_PREFIX, SSOGrant.class)) ); and adding a dynamicfeature for authorization environment.jersey().register(PermissionDynamicFeature.class); Below is the annotation created @Documented @Retention(java.lang.annotation