authorization

问题 I\'m reading from several resources (books and SO answers) about authorization in WebApi. Suppose I want to add Custom Attribute which allows access only for Certain Users: Case #1 I\'ve seen this approach of overriding OnAuthorization , which sets response if something is wrong public class AllowOnlyCertainUsers : AuthorizeAttribute { public override void OnAuthorization(HttpActionContext actionContext) { if ( /*check if user OK or not*/) { actionContext.Response = new HttpResponseMessage

问题 I have an ASP.NET MVC project containing an AdminController class and giving me URls like these: http://example.com/admin/AddCustomer http://examle.com/Admin/ListCustomers I want to configure the server/app so that URIs containing /Admin are only accessible from the 192.168.0.0/24 network (i.e. our LAN) I\'d like to restrict this controller to only be accessible from certain IP addresses. Under WebForms, /admin/ was a physical folder that I could restrict in IIS... but with MVC, of course,

问题 This question already has answers here : ASP.NET MVC - How to show unauthorized error on login page? (7 answers) Closed 6 years ago . I\'m using a custom authorize attribute to authorize users\' access based on their permission levels. I need to redirect unauthorized users (eg. user tries to delete an invoice without Delete acess level) to access denied page. The custom attribute is working. But in a case of unauthorized user access, nothing shown in the browser. Contoller Code. public class

问题 I have a controller and I want two roles to be able to access it. 1-admin OR 2-moderator I know you can do [Authorize(Roles=\"admin, moderators\")] but I have my roles in an enum. With the enum I can only authorize ONE role. I can\'t figure out how to authorize two. I have tried something like [Authorize(Roles=MyEnum.Admin, MyEnum.Moderator)] but that wont compile. Someone once suggested this: [Authorize(Roles=MyEnum.Admin)] [Authorize(MyEnum.Moderator)] public ActionResult myAction() { } but

问题 In my ASP.NET MVC app, I have most controllers decorated with [Authorize(Roles=\"SomeGroup\")] When a user is not authorized to access something, they are sent to \"~/Login\" which is the Login action on my Account controller. How can I determine that a user has reached the login page because of not being authorized so that I can show an appropriate error? 回答1: You can look for the ?ReturnUrl= querystring value, or you can create your own authorization filter & set a field in TempData

问题 I\'ve managed to extend TokenAuthentication and I have a working model when using the request session to store my tokens, however when I attempt to pass Authorization as a header parameter as described here, I noticed that my Responses come back without the META variable HTTP_AUTHORIZATION. I also noticed that if I pass \"Authorization2\" as a header parameter that it is visible in the request: { \'_content_type\': \'\', \'accepted_media_type\': \'application/json\', \'_request\':

问题 I would like to generate POST request to a server which requires authentication. I tried to use the following method: private synchronized String CreateNewProductPOST (String urlString, String encodedString, String title, String content, Double price, String tags) { String data = \"product[title]=\" + URLEncoder.encode(title) + \"&product[content]=\" + URLEncoder.encode(content) + \"&product[price]=\" + URLEncoder.encode(price.toString()) + \"&tags=\" + tags; try { URL url = new URL(urlString

问题 I understand the usage of claims for things I would commonly refer to as \"roles\" or \"permissions\". I know that claims are more general, but from what I have seen in practice, it usually boils down to this: If user has this set of claims they can access certain areas, or perform certain functions. Imagine a wiki application. You might have a content_contributor claim that would allow a user to add content, a content_admin claim that would allow a user to remove content, and a modify_user

问题 I have set up a repository using SVN and uploaded projects. There are multiple users working on these projects. But, not everyone requires access to all projects. I want to set up user permissions for each project. How can I achieve this? 回答1: In your svn\repos\YourRepo\conf folder you will find two files, authz and passwd . These are the two you need to adjust. In the passwd file you need to add some usernames and passwords. I assume you have already done this since you have people using it:

问题 I have a controller in ASP.NET MVC that I\'ve restricted to the admin role: [Authorize(Roles = \"Admin\")] public class TestController : Controller { ... If a user who is not in the Admin role navigates to this controller they are greeted with a blank screen. What I would like to do is redirect them to View that says \"you need to be in the Admin role to be able to access this resource.\" One way of doing this that I\'ve thought of is to have a check in each action method on IsUserInRole()