authorization

I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex. I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication. channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false , until you call channelSet.login() . What I want to do: Check from Flex to know if a user is already in a session. If so, I want their username and roles. UPDATE I just thought I'd add details of the solution I used from brd6644 's answer below, so that this might be easier for someone else who looks this

For my actions that are going to interact with the User's account, I would like to create a "TheUser" object in addition to adding that object to "ViewData["TheUser"]" as soon as any action on my controller is called. If the User is logged in, it will grab the User's info from the database, if not, "TheUser" object will just be null. I tried accessing "User.Identity.Name" in the controller constructor, but it isn't created prior to any action being called. I was looking at custom authorization filters, but those wouldn't allow me to create the "TheUser" object and store it in the ViewData.

I'm working an a ASP.NET application (not using MVC) and need a User-Role-Permission based authorization scheeme, where pages and/or methods can demand the specific permission they require (instead of which role the user has). Is there a way to extend Forms Authentication (or building something) to solve this? If possible I would like to be able to use attributes: [RequirePermission("UserEdit")] public partial class EditUser : System.Web.UI.Page { } Perhaps even for methods: public class MyClass { ... [RequirePermission("UserEdit")] public void Save() { ... } } Is this possible? I found this

In the pyramid documentation, the Sqlalchemy Dispatch Tutorial uses dummy data in security.py . I needed to use mysql data so I implemented it like this: My Login Code @view_config(route_name='login', renderer='json',permission='view') def user_login(request): session = DBSession username = request.params['username'] password = request.params['password'] sha = hashlib.md5() sha.update(password) password = sha.digest().encode('hex') user = session.query(Users).filter(and_(Users.username==username,Users.password ==password)).count() if(user != 0): headers = remember(request, username) return

I am confused about how to create a good header for a simple Get request in Angular 5. This is what I need to do in Angular: This is what I have so far: getUserList(): Observable<UserList[]> { const headers = new Headers(); let tokenParse = JSON.parse(this.token) headers.append('Authorization', `Bearer ${tokenParse}`); const opts = new RequestOptions({ headers: headers }); console.log(JSON.stringify(opts)); const users = this.http.get<UserList[]>(this.mainUrl, opts) return users .catch(this.handleError.handleError); } This is the response in my console.log: {"method":null,"headers":{

I understood how to write Running OAuth 2.0 code for the client side. Using existing Authorization Server, like Google, seems to be not too complicated. Question is: How to implement my own Authorization Server? Since many companies have their own User/Privilege system, LDAP based (e.g. Active Directory), etc. - they must have their own Authorization Server. Is there a framework, libraries, etc. for that? Or do I have to write the code from scratch? The best reference is the OAuth 2.0 site . They list the available server libraries that you can use. Currently, the options are: Java Apache Oltu

I'm trying to authorize a users character to delete/update post. I was using policies to do so, but I could only pass one parameter to the policy function. If I pass more than the user and another variable, the variable isn't passed into the function. Models: User has many characters, a character can post multiple posts. So for authorization purposes, I would have to compare the post's character_id with the current character's id...- Per the docs , you can pass more multiples to the Gate Facade: Gate::define('delete-comment', function ($user, $post, $comment) { // }); But I couldn't find

I've created a new ASP.NET Web API and things are working well. I'm at the point now where I want to secure the API. I put the [Authorize] attribute above my base controller and it's working properly if I want to make API calls within the ASP.NET application itself. However, I'm wondering, what's the best practice for an external client that wants to make API calls and get past the authorization? Also, keeping in mind I have custom authentication logic. How should the client send over credentials? At what point do I process these credentials? Jos Vinke How should I send the client credentials?