authorization

问题 Is it possible to add an [Authorize(Roles="Admin")] (as an example) to an MVC3 Controller Method but ONLY in Release mode? The Test environment I have access to at the moment has no AD, but Live does - so I'd like to add the attribute only in release mode. EDIT: Problem when using #if using... using... using MyWebsite.Helpers; namespace MyWebsite.Controllers.Admin { #if !DEBUG [RedirectAuthorize(Roles = "Admin")] #endif [DatabaseDependant] public class AdminController : Controller { ... } As

问题 I work in Asp.Net Core WebApi project and created a role "admin" and add it to my user. But if I logged in as an admin, the first method will return "This is admin!" , but the second method returns an error 403 Forbidden. If I remove the Roles parameter from the Authorize attribute, everything will go fine. I do not understand why I can not access the second method because my user has an admin role. // Host/api/roles/getroles [Authorize] [HttpGet] public async Task<IEnumerable<string>>

问题 I'm following along Chapter 8 in Pro ASP .NET Web API Security by Badri L., trying to implement basic authentication for a web application that will be consumed by HTTP/JS clients. I've added the following Authentication Handler to my WebAPI project: public class AuthenticationHandler : DelegatingHandler { private const string SCHEME = "Basic"; protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken) { try {

问题 I have PicketLink installed and running on my web application, but it seems like I cannot protect resources like folders by group or role. The PicketLink AuthenticationFilter (org.picketlink.authentication.web.AuthenticationFilter) does not provide any way to say which url-pattern belongs to which group or role. How would I protect the admin directory so that only users in the admin group can access it? Right now, if you are logged in you can access everything. web.xml file: <filter> <filter

问题 I've been reading a lot lately about WEB API authentication mechanisms and I'm a little bit confused regarding how to implement my Web API authentication mechanism, I'm thinking on using Token based authentication but I'm not sure if it is the right choice. Basically my Web API will manage all the operations needed and it will store the users of my website as well the API users(in case they have to be separated). I want to support the following User can register on my website and apps using

问题 I am trying to use pkgcloud (node.js) openstack with bluemix object storage, but when I put all the requested parameters as on official page, it always returns 401. I tried using postman as described on bluemix and it works. 回答1: I created a package, which is able to to authorize it right. It is just a copy of pkgcloud, with a few fixes. EDIT: IT IS WORKING! The V2 supports was shot down by bluemix and it has only V3 support now, but I once again find the issues. Remember to use newest

问题 I'm currently attempting to use spotipy, a python3 module, to access and edit my personal Spotify premium account. I've followed the tutorial on https://github.com/plamere/spotipy/blob/master/docs/index.rst using the util.prompt_for_user_token method by entering the necessary parameters directly (username, client ID, secret ID, scope and redirect uri). Everything seems to be fine up to this part. My code (fillers for username, client id and client secret for security reasons) : code It opens

问题 I'm designing a RESTful Web app that will provide an authentication system for several other apps. The other apps will query this app through HTTP and get back XML describing authenticated users. The authentication app needs to keep track of which users are allowed to do what on which applications. I'm working out the DB schema. Below is my initial design. (Assume each table has an id column.) applications # The various client apps that will query this auth system. ------------ name users #

问题 I need secure Restfull services in the provider. I want that the user must have the authorization for use the REST service and I can generate use stadistic or simply dont allow call the REST services if isn´t a register developer. I have been thinking about that the user send the email and password in the URL (http://autor.derf.com/api/search/email?=dsdfd@gmail.com&passwd=dasffsdf;) but isnt very safe. Also I have read about oauth 2.0 but the documentation is very very bad for Java. Are there

问题 I'm creating a custom Role provider based on the ASP.NET Role provider. I have 3 tables. One for Users, one for Roles, one for UsersInRoles.The Users table has no password column because the users are authenticated with ActiveDirectory. That's my approach so far. I can't get the cusstom Role Provider to work, anyone has the same situation like me. How do you make a custom Role provider works with AD? 回答1: What I did: create a class which inherits from System.Web.Security.RoleProvider , and