authorization

So this may sound a dumb question, but how do I show a link only for an admin user? Suppose an ordinary user sees the following links: Home / About / Contact And an admin user sees the following links: Home / About / Contact / Admin I tried restricting in the controller and linking the controller on the menu. But it still shows the link for everyone, just doesn't allow access to anyone but admin Can the views be overloaded? Depending on what sort of Membership/User provider you are using, you should just be able to check directly from the View if the user is logged in and in the specific role.

I'm trying to communicate with a self-hosted WebAPI client using HttpClient . The client is created with the following code: HttpClientHandler clientHandler = new HttpClientHandler() { UseDefaultCredentials = true, PreAuthenticate = true }; var client = new HttpClient(clientHandler); on the server side we set: HttpListener listener = (HttpListener)app.Properties[typeof(HttpListener).FullName]; listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication; in the Startup file. The problem is that I get two (or one after preauthentication) 401 errors before the request

I need to authorize a Controller in my ASP.NET MVC application to users which have two roles. I am using Authorize attribute like this: [Authorize(Roles = "Producer, Editor")] But this allows Producers and Editors to the controller. I want only to allow users having both roles, not just one of them. How could i achive this? As the question states, when multiple roles are given in a single Authorize() call they are applied such that if the user belongs to any of the roles listed they will be granted access; like a logical OR operator. Alternatively, to achieve the effect of a logical AND

I am using devise as my authentication solution and now i am thinking about authorization. In my project I (the admin) is the only person authorized to create account for others. I wonder if there is a way to do it without to much hack. In fact, Devise doesn't allow user to access to the signup page if he is already logged in. Thanks for your advice on it! You can try the rails_admin gem in conjunction with Devise to handle any admin-specific tasks. You'll need to add more code to set it up, but at least you avoid hacking around the solution in terms of changing your interactions with Devise.

I need a very granular authorization system that works seamlessly with Authlogic . I've tried these gems/plugins so far: Lockdown rails _ authorization _ plugin ACL9 I've also looked at, but not tried implementing: Padlock I've searched around for a good tutorial detailing how to set up any of these with Authlogic in a way that makes sense (only the Lockdown doc seems to outline how to set this up with Authlogic), but have come up with next to nothing. The only one of these that made the remotest sense to me was the documentation for Lockdown, but I don't think that package will work for me

Is it possible to use @RolesAllowed annotation on a JAX-WS webservice and if so how? I have a webservice on glassfish 3.1.1 using Basic Authentication but restrictions expressed using @RolesAllowed are ignored. The role information should be available, as I can access it like this: @Resource WebServiceContext wsContext; if (wsContext.isUserInRole("READ")) log.info("Role: READ"); I get the expected role but still all methods are accessible, even if @RolesAllowed is set to different role. @DenyAll is not working as well. If these annotations are not supported, is it possible to use deployment

I'm building a picture diary on web application google app engine using python. Users can sign up and post pictures to their diary. Also, I'm trying to conform as much as I can to the REST architecture of doing things. The authentication scheme is based like this for the web application: 1. Post username/password from the frontend 2. Backend sets up a cookie if authentication is successful 3. The rest of the AJAX calls made are authenticated using this cookie. Is there any way to conform to REST without using cookies ? Now, I'm also building an android application where users can sign in and