authorization

I would like to generate a 401 page if the user does not have the right permission. The user requests a url and is redirected to the login page (I have deny all anonymous in web.config). The user logs in successfully and is redirected to the original url. However, upon permission check, it is determined that the user does not have the required permission, so I would like to generate a 401. But Forms Authentication always handles 401 and redirects the user to the login page. To me, this isn't correct. The user has already authenticated , the user just does not have the proper authorization . In

I want to make a user login system for the purpose of learning. I have several questions. I did some research and found that the proper way of implementing a user login system is to store the user name/id and the encrypted/hashed version of the password in the database. When a user logs in, the password is encrypted client side (MD5, SHA-1 etc.) and sent to the server where it is compared with the one in database. If they match, the user log in successfully. This implementation prevents DBAs or programmers seeing the cleartext of the password in the database. It can also prevent hackers

I am having a problem setting the Authorize attribute Role value from a variable. The error message says it requires a const variable. When I create a const type variable it works fine but I am trying to load the value from the Web.Config file or anything else that will allow the end user to set this. I'm using integrated Windows authentication since this is an intranet only application. Is there a way to check the users role from a controller? I will use this in an if statement to authenticate instead of an attribute. [Authorize(Roles = Config.GMPUser)] public ActionResult Index() { return

in the blow code, whats is transport and jsonFactory ? (I do not understand) https://developers.google.com/identity/sign-in/android/backend-auth#using-a-google-api-client-library import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken; import com.google.api.client.googleapis.auth.oauth2.GoogleIdToken.Payload; import com.google.api.client.googleapis.auth.oauth2.GoogleIdTokenVerifier; ... GoogleIdTokenVerifier verifier = new GoogleIdTokenVerifier.Builder(transport /**Here**/, jsonFactory /**Here**/) .setAudience(Arrays.asList(CLIENT_ID)) // If you retrieved the token on Android using

How do I set up the basic authorization using 64 encoded credentials ? I tried below the two commands but of no use , please suggest. curl -i -H 'Accept:application/json' Authorization:Basic <username:password> http://example.com curl -i -H 'Accept:application/json' Authorization:Basic.base64_encode(username:password) http://example.com Sabuj Hassan Use the -H header again before the Authorization:Basic things. So it will be curl -i \ -H 'Accept:application/json' \ -H 'Authorization:Basic username:password' \ http://example.com How do I set up the basic authorization? All you need to do is use

I have a simple login / access control system to secure some restricted pages, but within these pages there are links that need to be secure, i.e. Word documents. Therefore if I keep these resources within the webroot they could accessible via a URL. What is the best method to secure these resources that are within the restricted page. I know I could password protect the folder but the user would then be challenged twice, one for the restricted page and then for the resource link. Any advice ? You have a few options here, depending on your use-case. Use PHP to serve the file. Basically, either