authorization

I'm trying to get into making Facebook apps but I'm having trouble getting authorization working in a redirect scheme inside the canvas. Using the javascript api, I got it working pretty easily in a popup scheme: $("#loginButton").click(function(e) { FB.login(function(response) { if (response.perms) { perms(); } }, {perms : 'publish_stream'}); But the popup should be an unnecessary extra click, because every other application I see requests the authorization before even showing you the landing page. Like this: http://i.imgur.com/yBGzL.png I figure they're simply using a redirect scheme. So I

I am trying to get an access token to use the Google Play Android Developer API, and I got this far using the Google API Java Client documentation example : HttpTransport HTTP_TRANSPORT = new NetHttpTransport(); JsonFactory JSON_FACTORY = new JacksonFactory(); GoogleCredential credential = new GoogleCredential.Builder() .setTransport(HTTP_TRANSPORT) .setJsonFactory(JSON_FACTORY) .setServiceAccountId("...gserviceaccount.com") .setServiceAccountScopes("https://www.googleapis.com/auth/androidpublisher") .setServiceAccountPrivateKeyFromP12File(keyFile) .build(); But how do I get the access token

I've an Admin area and I want only Admins to enter the area. I considered adding the Authorized attribute to every controller in the Admin area. Isn't there an elegant solution or is this feature not there in the framework itself? EDIT: I'm sorry, I should to have mentioned this before. I'm using a custom AuthorizedAttribute derived from AuthorizeAttribute. Web.config-based security should almost never be used in an MVC application. The reason for this is that multiple URLs can potentially hit a controller, and putting these checks in Web.config invariably misses something. Remember -

My understanding of ASP.NET MVC is that for authorizations I should use something like - public class IPAuthorize : AuthorizeAttribute { protected override bool AuthorizeCore(HttpContextBase httpContext) { //figure out if the ip is authorized //and return true or false } But in Web API, there is no AuthorizeCore(..) . There is OnAuthorization(..) and the general advice for MVC is not to use OnAuthorization(..) . What should I use for custom authorizations in Web API? I don't agree with Oppositional at all - Authorization is done in an authorization filter - that mean you derive from System.Web

When I set "Authorization" header with setHeader from HttpPost then hostname disappears from request and there is always error 400 (bad request) returned. Same code is working fine on pure java (without android) and when I remove setting "Authorization" header also on android it works fine, but I need authorization. This is a code (domain changed): HttpClient client = new DefaultHttpClient(); HttpPost post = new HttpPost("http://myhost.com/test.php"); post.setHeader("Accept", "application/json"); post.setHeader("User-Agent", "Apache-HttpClient/4.1 (java 1.5)"); post.setHeader("Host", "myhost

I'm creating an asp.net mvc application that has the concept of users. Each user is able to edit their own profile. For instance: PersonID=1 can edit their profile by going to http://localhost/person/edit/1 PersonID=2 can edit their profile by going to http://localhost/person/edit/2 Nothing particularly exciting there... However, I have run into a bit of trouble with the Authorization scheme. There are only two roles in the system right now, "Administrator" and "DefaultUser", but there will likely be more in the future. I can't use the regular Authorize attribute to specify Authorization

I would like to add Authorization to a controller, for multiple Roles at once. Normally that would look like this: [Authorize(Roles = "RoleA,RoleB,RoleC")] public async Task<ActionResult> Index() { } But I have stored my Roles in consts, since they might change or be extended at some point. public const RoleA = "RoleA"; public const RoleB = "RoleB"; public const RoleC = "RoleC"; I cannot do this, since the string must be known at compile time: [Authorize(Roles = string.join(",",RoleA,RoleB,RoleC)] public async Task<ActionResult> Index() { } Is there a way to circumvent the problem? I COULD

What is the best method for user authorisation/authentication in ASP.NET MVC? I see there are really two approaches: Use the built-in ASP.NET authorisation system. Use a custom system with my own User, Permission, UserGroup tables etc. I'd prefer the second option, because User is part of my domain model (and I have zero experience with ASP.NET's built-in stuff), but I'd really like to hear what people have been doing in this area. There is actually a third approach. The asp.net membership functionality is based on the provider model. You can write a custom provider, thus being able to provide

I am using Azure B2C authorization for my single app Azure functions. I allowing user to login with google account or with user name / password. In order to show login page I used msal library. Now I have a situation, where I want to show user the registration page directly, and not first the login page and then he have to click create new account. Is there a way to do it? with msal or a different library? Nope, but you can create a "Sign up policy" and link directly to that. 来源： https://stackoverflow.com/questions/45724207/b2c-open-registrar-form-instead-login-form