authorization

I want to build my web services serving JSON data utilizing RESTful architecture. But I want my own client apps only that can request from my web services. Basically, my web services contain sensitive data that is not for public consumption, but I wanted to build it that way so I can build many different client apps that connects to my web service. Would appreciate any ideas for this, thanks. The fact that it's RESTful or uses JSON isn't a relevant factor when it comes to securing a web service. Any web service would need to be secured in the same manner. There are a few things you should do:

Why is OnAuthorization called twice for my straight forward AuthorizationFilterAttribute ? public class ApiAuthenticateAttribute : AuthorizationFilterAttribute { public void override OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { if(NotAuthorized()) throw new Exception(); } } First Call Stack Second Call Stack The problem was with Ninject.Web.WebApi. For some reason it was registering the filter twice. Updating the package to latest (v 3.2.1) fixed the issue. I had registered the AuthorizeAttribute in the WebAPIconfig.cs: public static void Register

I've been working on a way of integrating SignalR Authorization Attributes with a custom authorization provider (called MVCAuthorization) I went down a few rabbit holes of trying to recreate an Authorization provider for hubs specifically, but that turned out to be far too complicated. So I was wondering, how I can integrate my existing Controller and Action Authorization with my SignalR Hubs and methods? DrSammyD I figured out that you can retrieve an IAuthorization provider. If you treat you hub as a controller, and your methods as your actions, all you have to do is create a SignalR

I have a native (FBML) Facebook Application. I do not want to push the application visitors through the authorization process, however I do want to know their Facebook ID. Is it possible to find the visiting users Facebook ID without requiring them to "Authorize" my Application? Before, I said it couldn't be done - but it can. http://developers.facebook.com/docs/authentication/canvas Read that, it's excellent. You need to decode the Base64 string and check the signature is correct, but other than that it gets you the user id among other stuff (like a temporary access token for graph.facebook

I have been unable to find information on this particular issue after the 2.0 changes to .NET Core. I have cookie authorization like this: services.AddAuthentication("ExampleCookieAuthenticationScheme") .AddCookie("ExampleCookieAuthenticationScheme", options => { options.AccessDeniedPath = "/Account/Forbidden/"; options.LoginPath = "/Account/Login/"; }); For another part (of my controllers I would like to simply authorize based on a simple header. In the examples I've found, either I am unable to get the headers, or they have been made only for facebook, google, cookies etc. How do I add an

Scenario: I have web deployed ASP.NET-MVC 5 application with individual user accounts: Identity 2.x. Every user has an e-mail and password to log in the web application via browser, this means that user can log via any device with internet browser. I would like to enable user logging on condition that he uses exactly the same PC class machine every time he logs in. I can politely ask user to run any desktop .NET(.exe) application if necessary. I can also ask user to use Chrome browser if the plugin is necessary to achieve this. Literally I can assume anything. The solution might be very

I want to modify my django user model to allow phone or email registration / login. Using USERNAME_FIELD = 'identifier' If the user registers with phone number, the identifier will be its phone number, or email, vice versa. (If anyone think I should just assign some number as the identifier, let me know.) Here is my accounts.models: from django.db import models from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, BaseUserManager from phonenumber_field.modelfields import PhoneNumberField class UserManager(BaseUserManager): def create_user(self, email, phone, password, *

In this ASP.NET MVC 3 intranet application (created using MVC 3 Intranet Application template), where users are authenticated automatically against AD, I'm trying to restrict access to a controller to users in the local Administrators group. In order to achieve this, I've tried to apply AuthorizeAttribute like so: [Authorize(Roles = "Administrators")] public class ElmahController : Controller However, even though my AD user (the application reports the expected user has been authenticated) is in the local Administrators group, I cannot gain access to the controller when AuthorizeAttribute is

I'm trying to implement Pyramid's Security features in my website but I'm having some trouble figuring out how to use it. I've been reading over this tutorial and this example , as well as the Pyramid docs, and I can't figure out how to implement an authorization policy for single page IDs. For example, I have the following URL scheme: /pages /pages/12 /pages obviously lists the available pages and /pages/:id is where you can read/comment on the page. The documentation/examples I've read have shown that you can implement group level ACS's by providing a groupfinder callback with a list of

I'm trying to authenticate users with a JAX-RS filter what seems to work so far. This is the filter where I'm setting a new SecurityContext: @Provider public class AuthenticationFilter implements ContainerRequestFilter { @Override public void filter(final ContainerRequestContext requestContext) throws IOException { requestContext.setSecurityContext(new SecurityContext() { @Override public Principal getUserPrincipal() { return new Principal() { @Override public String getName() { return "Joe"; } }; } @Override public boolean isUserInRole(String string) { return false; } @Override public boolean