authorization

Here is my problem: I'm authorizing users on their roles, for 1 part. [Authorize(Roles = "Admin,...")] public class ModulesController : Controller { ..... } the Modules controller shows a list of modules which the user has right to. (there are a LOT of modules, but the user is only connected to a part of them). there are a load of things coupled to the modules, like questions, ... for example: the details view of the Modules controller. public ActionResult Details(int id) { var mod = (from p in _db.Modules where p.Mod_ID == id select p).First(); return accessible(mod); } [NonAction] public

I have struggled to make this work but did half the job. Actually I can only read messages from Gmail API, If I try to use the gmail.modify Scope I get an error: HttpAccessTokenRefreshError: unauthorized_client: Unauthorized client or scope in request. Here is my code: # init gmail api credentials_path = os.path.join(settings.PROJECT_DIR, 'settings/gmail_credential.json') scopes = ['https://www.googleapis.com/auth/gmail.readonly', 'https://www.googleapis.com/auth/gmail.modify'] credentials = ServiceAccountCredentials.from_json_keyfile_name(credentials_path, scopes=scopes) delegated_credentials

I have an ASP.NET (v2.0) web application that uses a reference to a SQL Server Reporting Services 208 R2 instance (using the ReportService2010.asmx service endpoint). The web application is hosted on ServerA and the Reporting Services instance is hosted on ServerB. ServerA is running Windows Server 2003 (IIS6) and ServerB is running Windows Server 2008 R2. The web application is configured to use Windows Authentication and impersonation is switched on. When I run the web application locally on ServerA (using a remote desktop connection) it works, but when I run from my desktop machine (Windows

I'm trying to restrict access to our RavenDB to only one user. After altering the settings to secure the DB, I can still access the RavenDB management studio and I'm not sure why. I'm running RavenDB as a windows service, and I'm using build 573. This is my Raven.Server.exe.config: <?xml version="1.0" encoding="utf-8" ?> <configuration> <appSettings> <add key="Raven/Port" value="*"/> <add key="Raven/DataDir" value="~\Data"/> <add key="Raven/AnonymousAccess" value="None"/> <!-- Settings are Get, All, None --> <add key="Raven/Authorization/Windows/RequiredUsers" value="FS-6103\PrestoDatabaseUser

I am very new to XACML. And I am using XACML to express policy. But I can't find any good examples except a few from the OASIS XACML Technical Committee . Ok, here is my question: I want to express policy using XACML. Users can access to the resources only if they satisfy the policy. The policy is an logical expression. For example: (not A1) and (A2 OR A3) and (2 of (A4, A5,A6)) 2 of (A4,A5,A6) refers that it is true only if 2 or more of A4,A5,A6 is true. "AllOf" and "AnyOf" can be used to express "AND" and "OR", but I don't know how to express "2 of (A4,A5,A6)" and "not A1". Thank you! Based