authorization

Implementing custom login for ASP.NET MVC

梦想与她 提交于 2019-12-07 08:47:23
问题 I'm new to ASP.NET MVC and need abit of advice on how to implement the following. The site is a heavily used site with roughly 200 users internally (intranet). We use forms authentication hitting a SQL Server DB (not windows integrated). Some actions are protected, some are viewable by anyone and some are viewable by both - so if theres a logged in user they see their stuff from the DB, otherwise they see a temporary profile - much like StackOverflow. How would I go about implementing a

Why is OnAuthorization called twice in my custom AuthorizationFilterAttribute?

早过忘川 提交于 2019-12-07 06:26:00
问题 Why is OnAuthorization called twice for my straight forward AuthorizationFilterAttribute ? public class ApiAuthenticateAttribute : AuthorizationFilterAttribute { public void override OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { if(NotAuthorized()) throw new Exception(); } } First Call Stack Second Call Stack 回答1: The problem was with Ninject.Web.WebApi. For some reason it was registering the filter twice. Updating the package to latest (v 3.2.1) fixed the

How to do simple header authorization in .net core 2.0?

橙三吉。 提交于 2019-12-07 06:04:33
问题 I have been unable to find information on this particular issue after the 2.0 changes to .NET Core. I have cookie authorization like this: services.AddAuthentication("ExampleCookieAuthenticationScheme") .AddCookie("ExampleCookieAuthenticationScheme", options => { options.AccessDeniedPath = "/Account/Forbidden/"; options.LoginPath = "/Account/Login/"; }); For another part (of my controllers I would like to simply authorize based on a simple header. In the examples I've found, either I am

visiting users Facebook ID w/out authorization?

吃可爱长大的小学妹 提交于 2019-12-07 05:20:41
问题 I have a native (FBML) Facebook Application. I do not want to push the application visitors through the authorization process, however I do want to know their Facebook ID. Is it possible to find the visiting users Facebook ID without requiring them to "Authorize" my Application? 回答1: Before, I said it couldn't be done - but it can. http://developers.facebook.com/docs/authentication/canvas Read that, it's excellent. You need to decode the Base64 string and check the signature is correct, but

How do I make AuthorizeAttribute work with local Administrators group in ASP.NET MVC 3 intranet application?

放肆的年华 提交于 2019-12-07 03:33:57
问题 In this ASP.NET MVC 3 intranet application (created using MVC 3 Intranet Application template), where users are authenticated automatically against AD, I'm trying to restrict access to a controller to users in the local Administrators group. In order to achieve this, I've tried to apply AuthorizeAttribute like so: [Authorize(Roles = "Administrators")] public class ElmahController : Controller However, even though my AD user (the application reports the expected user has been authenticated) is

Add Role attribute to MVC3 methods only in Release mode?

走远了吗. 提交于 2019-12-07 03:05:28
Is it possible to add an [Authorize(Roles="Admin")] (as an example) to an MVC3 Controller Method but ONLY in Release mode? The Test environment I have access to at the moment has no AD, but Live does - so I'd like to add the attribute only in release mode. EDIT: Problem when using #if using... using... using MyWebsite.Helpers; namespace MyWebsite.Controllers.Admin { #if !DEBUG [RedirectAuthorize(Roles = "Admin")] #endif [DatabaseDependant] public class AdminController : Controller { ... } As soon as I add the #if then I get an error on using MyWebsite.Helpers; saying this cannot be found (and

Rails: Using CanCan to define multiple roles depending on instances of single Model?

与世无争的帅哥 提交于 2019-12-07 01:07:35
问题 I'm currently stuck on how to separate roles for CanCan depending on each condition that we want. In our application, there are many categories (such as math, english, history, etc.) and within each are many courses. Each user can have many different roles on each category. For example, John can be a "reader" for math, which means he can read all the courses that are in math. John can also be a "writer" for english, which means he can read all the courses in english, create a course within

REST, caching, and authorizing with multiple user roles

放肆的年华 提交于 2019-12-06 23:39:45
问题 We have a multi-tenant system with multiple different levels of access--sometimes even for the same user as they switch between multiple roles. We're beginning a discussion on moving over to a RESTful implementation of things. I'm just starting to get my feet wet with the whole REST thing. So how do I go about limiting access to the correct records when they access a resource, particularly when taking caching into consideration? If user A access example.com/employees they would receive a

Graphql @include with expression

為{幸葍}努か 提交于 2019-12-06 20:06:45
问题 I am implementing a query which should serve some fields in the response depending on user login status. To be specific, I want to get "pointRate" field only if $authenticationToken is passed & would want to avoid passing $authenticated in below query. The reason I want to avoid sending $authenticated is client can do mistake by sending $authenticated = true but $authenticationToken = null . query ToDoQuery($authenticationToken: String, $authenticated: Boolean!) { pointRate(accessToken:

OAuth2 “Invalid Grant” response from server

人盡茶涼 提交于 2019-12-06 19:01:23
问题 I ask my client to hit at this URL with his authorized gmail account with which he has created the google api project. https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=http://www.XXXXXXXX.com/oauth2callback&client_id=XXXXXX.apps.googleusercontent.com&state=profile&approval_prompt=force and then ask him to provide me the code parameter from the redirected URL http://www.XXXXXXXX.com
订阅 authorization