authorization

Working on a REST framework that will support multiple hypermedia types and authentication. One thing I'm not really sure how to handle are sensitive values in the resources. For instance, if I were to include user management in the API, I would need a way to expose to the client that there was a field for the password, but not show the actual password hash. Same thing with a credit card. If I don't, it would violate the hypermedia constraint as knowledge of the fields would become out of band, and make my HATEOAS broken. Here's an actual use case that I've encountered: The project is a

I've got a bit of an auth problem with with TeamCity when running a command line build. It's related to an existing question about executing an svn checkout command but I want to ask it explicitly here: Why is it that when the TeamCity build agent service is configured to run under a specific Active Directory account and not the local system account, when I execute this command: echo "%username%" I get this build output: [20:52:04]: C:\TeamCity\buildAgent\work\b67560ceb299718c>echo "SYSTEM" [20:52:04]: "SYSTEM" This is really playing havoc with my attempts to execute commands under the

In my application a role has several permissions. And I want users to have access to actions dependent on permission, not the role. So suppose: Admin has perm1, perm2, perm3, SuperAdmin has all the permissons that admin has + perm4 and perm5. Also, there are some minor guys also who have perm1, perm3, perm6, perm7. I want to do the following: I want action to be accessible by guy who has suppose perm3 or perm4. those two permissions are from two different roles. but beside perm3 Admin has perm1 and perm2, this action will be also accessible by minor guys who have perm3 (its not obligatory to

We currently have problems with directories that contain blanks and are part of rules in the svn auth file. So we want to have path based authorization, and have a file that contains the following: [/] * = rw [/junk of me] * = me = rw When I clear the authentication data and checkout the root of my repository as me , I see the root directory and the sub-directory junk of me . When I add a file inside of junk of me , and try it to commit as another user, I am allowed to do that. It looks like the rule for junk of me does not work at all. I have tried the following variations, but had no

I have several pages or views in my application which are essentially the same for both authenticated users and anonymous users. I'd like to limit the insert/update/delete actions in formviews and gridviews to authenticated users only, and allow read access for both authed and anon users. I'm using the asp.net configuration system for handling authentication and roles. This system limits access based on path so I've been creating duplicate pages for authed and anon paths. The solution that comes to mind immediately is to check roles in the appropriate event handlers, limiting what possible