authorization

问题 I call the Magento API with the following Autherization as header, auth = "OAuth oauth_consumer_key=**********************,oauth_consumer_secret=****************,oauth_token=************,oauth_token_secret=**************,oauth_signature_method=HMAC-SHA1,oauth_timestamp=" + ConstantFunctions.GetTimeStamp() + ",oauth_nonce=" + ConstantFunctions.GetNonce() + ",oauth_signature=*******************) ; While I call the API, Getting error oauth_problem=signature_invalid .All other parameters validate

问题 I planned to use ASP.NET Identity 2.0 in an ASP.NET MVC application for authentication and authorization. Referring the below link JSON Web Token in ASP.NET Web API 2 using Owin I was able to create a access token(JWT) for the valid user i.e., When user Logs in to the application I will validate the user with name and password then I will issue a JSON web token for that valid user. Now, I read in some articles that we need to pass the bearer token in headers for every request to validate the

问题 This question was migrated from Software Engineering Stack Exchange because it can be answered on Stack Overflow. Migrated 8 years ago . I have written a REST web service in Netbean IDE using Jersey Framework and Java. For every request the user needs to provide a username and a password, I know that this authentication is not a best practice (using a curl command like: curl -u username:password -X PUT http://localhsot:8080/user ). Now I want to call a REST web service from an Android Class.

问题 I'm working with ASP.NET Core application. I'm trying to implement Token Based Authentication but can not figure out how to use new Security System. My scenario: A client requests a token. My server should authorize the user and return access_token which will be used by the client in following requests. Here are two great articles about implementing exactly what I need: Token Based Authentication using ASP.NET Web API 2, Owin, and Identity Using JSON Web tokens The problem is - it is not

问题 I'm trying to add simple Authentication and Authorization to an ASP.NET MVC application. I'm just trying to tack on some added functionality to the basic Forms Authentication (due to simplicity and custom database structure) Assuming this is my database structure: User: username password role (ideally some enum. Strings if need be. Currently, user only has ONE role, but this might change) High Level Problem: Given the above database structure, I would like to be able to do the following:

问题 In Spring Security we use the intercept-url tag to define the access for URLs as below: <intercept-url pattern="/**" access="ROLE_ADMIN" /> <intercept-url pattern="/student" access="ROLE_STUDENT" /> This is hard coded in applicationContext-security.xml . I want to read the access values from a database table instead. I have defined my own UserDetailsService and I read the roles for the logged in user from the database. How do I assign these roles to the URL patterns during runtime? 回答1: The

问题 I have migrated an ASP.NET Core 1.1 MVC project to ASP.NET Core 2.0 and now I note that requests to unauthorized sections of the application no longer result with a "401 Unauthorized" response but rather with a code exception leading to a response "500 internal server error". An example excerpt from the log file (John Smith is not authorized to acces the controller action he tried to access): 2018-01-02 19:58:23 [DBG] Request successfully matched the route with name '"modules"' and template '

问题 I have problem with having multiple OpenIdConnect authorization in .net core What I want to achieve: Imagine 2 openid providers OpenID-Main, OpenID-Special; both returns id tokens, roles etc. Now Imagine most of the times I want my user to log through OpenID-Main, which is simple: .AddOpenIdConnect("Main", "Main", options => { options.Authority = "OpenID-Main-url"; options.ClientId = "OpenID-Main-d"; options.ClientSecret = "OpenID-Main-secret"; //some other options } then i can just use

问题 We have a SL application and many users who use this system with different data and access roles. For example, each user can have some devices and each device will send its locations every 5 minutes to server. One approach is defining a User table in database and have many tables which connect an entity to a user Id, but this is not a good idea as that creates many tables between users and other entities. It will be a time consuming process to select user data or reporting, so I wanted to

问题 How do I specify that the AuthenticationScheme is Windows and check that the user is a member of an AD Group? When I specify the AuthenticationScheme , setting the Roles no longer works, why not? And how do I fix that? public class SomeController : Controller { //this works [Authorize(Roles = @"SOME.DOMAIN\SOME GROUP")] public IActionResult SomeAction(){ ... } //this works [Authorize(AuthenticationSchemes = "Windows")] //this doesn't work //[Authorize(Roles = @"SOME.DOMAIN\SOME GROUP",