authorization | 易学教程

WCF username without certificate

阅读更多关于 WCF username without certificate

问题 I'm working on a project where I need the following. WCF service on the server side (.NET 3.5) WPF client for the client side (.NET 3.0) I have an existing application that I have to use the authentication and authorization from (on the server side). I also need to store some metadata about the user in the WCF Service's Thread Principal (a site object). I do this so that I can get at it in the WCF service if I absolutely have to; some business logic may require it. So my plan was to do the

React Router Authorization

阅读更多关于 React Router Authorization

问题 What are the best practices for authorization checking prior to a component mounting? I use react-router 1.x Here are my routes React.render(( <Router history={History.createHistory()}> <Route path="/" component={Dashboard}></Route> <Route path="/login" component={LoginForm}></Route> </Router> ), document.body); Here is my Dashboard component: var Dashboard = React.createClass({ componentWillMount: function () { // I want to check authorization here // If the user is not authorized they

How to send custom headers with requests in Swagger UI?

阅读更多关于 How to send custom headers with requests in Swagger UI?

问题 I have some endpoints in the API - /user/login , /products . In Swagger UI I post email and password to /user/login and as a response I receive a token string. Then, I can copy the token from the response and want to use it as Authorization header value in requests to all urls if it's present, and to /products as an example. Should I create a text input manually somewhere on the Swagger UI page, then put the token there and somehow inject in the requests or are there tools to manage it in a

Divert to alternate homepage if user is not logged in using UI-Router & AngularJS

阅读更多关于 Divert to alternate homepage if user is not logged in using UI-Router & AngularJS

问题 I would like to have two home pages, the first would be for users who have not logged in and the second for users that are logged in. This is my current set up: .config(function ($stateProvider, $urlRouterProvider, $locationProvider, $httpProvider) { $urlRouterProvider .otherwise('/'); $locationProvider.html5Mode(true); $httpProvider.interceptors.push('authInterceptor'); }) .factory('authInterceptor', function ($rootScope, $q, $cookieStore, $location) { return { // Add authorization token to

Configuring Fiddler to use company network's proxy?

阅读更多关于 Configuring Fiddler to use company network's proxy?

I'm trying to get Fiddler to work with my company's proxy. Every external request is returning 407. So far I've tried adding oSession.oRequest["Proxy-Authorization"] = "YOURCREDENTIALS"; to the customized rules where I used my USERNAME:PASSWORD in base64. Still no luck. Any ideas? Thanks. mono68 Note: There is an answer with a higher voting available. Because of SO sorting it is below the accepted answer. I had the same problem, too, and solved it like this: Started Fiddler with it's standard configuration. Started IE and made a HTTP-request to an external web-site. The proxy authorization

Which authentication strategy should I use for my API?

阅读更多关于 Which authentication strategy should I use for my API?

问题 I have a client-side angular-js application. And I have a server-side nodejs API. The client-side and the server-side application are located on different domains. The client-side use API for getting or posting some data. Also the client-side needs to get images from the server-side and show them in a browser. I use passport nodejs module for the authentication. I don't know which authentication strategy is better for me. I think that there are two types of authentication strategies: token

Extend AuthorizeAttribute Override AuthorizeCore or OnAuthorization

阅读更多关于 Extend AuthorizeAttribute Override AuthorizeCore or OnAuthorization

Using ASP.NET MVC I am creating a custom Authorize attribute to take care of some custom authorization logic. I have looked at a lot of examples and it is pretty straight forward but my question is which method is best to override, AuthorizeCore or OnAuthorization? I have seen many examples overriding one or the other. Is there a difference? The clue is in the return types: AuthorizeCore returns a boolean - it is decision making code. This should be limited to looking at the user's identity and testing which roles they are in etc. etc. Basically it should answer the question: Do I want this

How to generate access token using refresh token through google drive API?

阅读更多关于 How to generate access token using refresh token through google drive API?

I have completed steps of authorization and obtained access token and refresh token. What should I do next to generate access token using refresh token that I have stored through google drive API? I won't be able to use any sdk since I am working on Force.com so please suggest the way to implement it directly through the API. If you want to implement that yourself, the OAuth 2.0 flow for Web Server Applications is documented at https://developers.google.com/accounts/docs/OAuth2WebServer , in particular you should check the section about using a refresh token: https://developers.google.com

Authentication through web.config not authenticating in ASP.net 3.5

阅读更多关于 Authentication through web.config not authenticating in ASP.net 3.5

问题 This is one of this things that should be extremely simple and I just can't work out why it's not working. I'm trying to set up some very quick authentication for an ASP.net 3.5 app but storing the usernames and passwords in the web.config file (I know it's not very secure but it's an internal app that I keep getting asked to add and remove logins for so this is the quickest way to do it). So, the relevant config section looks like this: <authentication mode="Forms"> <forms loginUrl="~/login

How to do role based authorization for asp.net mvc 4 web api

阅读更多关于 How to do role based authorization for asp.net mvc 4 web api

I am trying to make a secure asp.net web api. For that I have followed the below link MessageHandler for token So now each and every api request needs a token which I am supplying in the request header as below for example public class TestController : Controller { public string GetProducts() { Uri myUri = new Uri("http://localhost:420420/api/products"); WebRequest myWebRequest = WebRequest.Create(myUri); myWebRequest.Method = "GET"; myWebRequest.ContentType = "application/json"; myWebRequest.Headers.Add("Authorization-Token", RSAClass.accessToken); using (WebResponse response = myWebRequest