authorization

I was following this series about Mobile Services and I am using examples in latest tutorial. Now I want to impelement registering and login in Windows Phone for example. I changed to Insert permission to anyone with application key and I can Insert new user by this code: await accountTable.InsertAsync(new accounts() { Username = "admin", Password = "mypassword" }); But I don't know how can I now check for login user? How to get token? The post you referred was written at the end of last year, when there was no support for custom APIs on Azure Mobile Services - the only place where you could

I come from 5 years of experience with ASP.NET Web Forms, and I'm new to ASP.NET MVC. I'm now trying to learn MVC with some tutorials, video tutorials, and books. I'm using Visual Studio 2012 and the brand new ASP.NET MVC 4 to build a little web application to manage my portfolio of mutual funds. This should let me get inside the new pattern and learn lots of new things... My application should also let some other friends to do the same. So it has to manage different users' portfolios . I've built a little DB with Entity Framework Code First, so I have some basic models: Fund, Portfolio, Share

How to handle Authorization in GraphQL servers? Shall I pass the JWT token in the Authentication header of every requests and check for the authorized user after resolve() and check for the role of user on every query and mutation Introduction First of all, a common approach for authentication as you state is using a signed JWT that contains the id of the user making the request. Now let's have a look at the different parameters we can use when considering the authorization of a given request. who is making the request? determined by the user id mentioned above. More information about the

I have an existing API that has No Authentication. It`s a public Web API which several clients use by making simple requests. Now, there is the need to authorize access to a certain method. Is there any way to do this, keeping the rest of the controllers and respective methods "open" for the clients that already use this Web API? How can i identify if the request has permissions to access this "protected" method? What you'll need to do is add an [Authorize] attribute to the methods you want to protect optionally using the overload that accepts one or more role names that the calling user must

I used the resource based authorization pattern in .NET Core 2.1 as described here . The only problem that I have is I have no idea on how to test my AuthorizationHandler cleanly. Anyone here did something like that already? AuthorizationHandler sample (from the above link): public class DocumentAuthorizationHandler : AuthorizationHandler<SameAuthorRequirement, Document> { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SameAuthorRequirement requirement, Document resource) { if (context.User.Identity?.Name == resource.Author) { context.Succeed(requirement);

I am writing with respect to https://github.com/elabs/pundit#scopes I am under the impression that authorization should answer the question Are you allowed access to this resource? , i.e. a true / false answer. This is the case with all actions except index , which, according to Pundit's docs, should return different ActiveRecord::Relation 's depending on who is asking. For example, an admin gets scope.all , while a regular user gets scope.where(:published => true) . app/policies/post_policy.rb class Scope < Struct.new(:user, :scope) def resolve if user.admin? scope.all else scope.where(

Is There one way to make a [Authorize] attibute be ignored in one action in a controller class that has a Authorize attribute? [Authorize] public class MyController : Controller { [Authorize(Users="?")]//I tried to do that and with "*", but unsuccessfuly, public ActionResult PublicMethod() { //some code } public ActionResult PrivateMethod() { //some code } } Just the PrivateMethod() should have authentication required, but it has been required too. PS: I wouldn't like to make my custom authorize filter. []'s vladimir By default it's impossible - if you set [Authorize] for controller then only