authorize

问题 My website uses MVC ASP.NET and Entity Framework user roles. The website also requires SSL for every page access by design. Thus, call the site example.com which can only be accessed as "https://example.com" or "https://www.example.com". Port 80 is configured to never respond. All pages work fine, except a main page link which can only be accessed when a user is already logged in. If the user is not logged in yet, moving the cursor over the link shows an https:... prefix is assumed to that

问题 I am fairly new to .net and I am trying to create a restfull service where you can authenticate via OAuth2 to a service like facebook and also be able to login with a "normal account". The SPA template from VS2013 allowed me to do this quickly and easily and I am very happy with it. Right now I am facing a different problem. I can't seem to find a way to separate access for these different types of logins. For example, I want to allow only users from the oauth authentication method to access

问题 I have a page that needs to be secured. I add [Authorize] attribute to that action method. if you are not logged in, you will be redirect to the login page everytime you visit that secure page. it works except I rename logon action to login , but applicaiton still redirects user to logon action. its no long there, I rename it, how do I fix it? 回答1: In your Web.config file change the forms loginUrl. <authentication mode="Forms"> <forms loginUrl="~/Controller/Action" /> </authentication> 回答2:

问题 I use Payum stable version 0.13 and Zend framework v2 for make payments via AuthorizeNet. My code for test: $storage = $this->getServiceLocator() ->get('payum') ->getStorage('LowbiddoPayment\Entity\AgreementDetails'); $details = $storage->create(); $details['currency'] = 'USD'; $details['amount'] = 100; $details['card_num'] = new SensitiveValue('4111111111111111'); $details['exp_date'] = new SensitiveValue('10/16'); $details['description'] = 'Test'; $storage->update($details); $this-

问题 I need to deliver custom "not authorized" message in different languages, instead of the default "Authorization has been denied for this request". I'm using Owin as authentication and the [Authorize] attribute for ApiControllers/methods. I know that this could be done with a custom autorization filter, but it seems an overkill situation just to change the message sent to the client. Is there a simpler way of changing the message or should I stick to a custom authorize filter? Thanks 回答1:

问题 I'm learning MVC4 right now, and I am following the Pro ASP NET MVC4 4th edition book to create a Sports Store project. I have always developed in webforms, and I am trying to figure out how the forms authentication is working in MVC4. Here is what I have achieved: Web.Config <authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2880"/> </authentication> AccountController login Action: [HttpPost] public ActionResult Login(LoginViewModel model, string returnUrl) { if

问题 i'm working on asp.net core and i don't understand some things. for example in mvc.net 5 we can filter and authorize action with create class from AuthorizeAttribute and set attribute to actions like this: public class AdminAuthorize : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (filterContext.Result is HttpUnauthorizedResult) filterContext.Result = new RedirectResult("/Admin/Account/Login"); } } but

问题 I've been trying to think this answer through and can't find a good solution on how to properly do this. I've read over these articles : http://schotime.net/blog/index.php/2009/02/17/custom-authorization-with-aspnet-mvc/ http://geekswithblogs.net/brians/archive/2010/07/08/implementing-a-custom-asp.net-mvc-authorization-filter.aspx ASP.NET MVC custom authorization http://davidhayden.com/blog/dave/archive/2009/04/09/CustomAuthorizationASPNETMVCFrameworkAuthorizeAttribute.aspx Custom Authorize

问题 I am trying to give some custom roles within spree specific permissions. Cant find this answer anywhere role_ability.rb class RoleAbility include CanCan::Ability def initialize(user) user || User.new # for guest if user.has_role? "admin" can :manage, :all elsif user.has_role? "retailer" can :manage, Product else can :read, :all end end end I thought this might be a popular idea, of letting a user with role 'manager' manage only products and other certain Models... if I change elsif user.has

问题 Somewhere along the way in the past few weeks, the authorize Facebook call in iOS fails with a "Page Not Found". This happens for any user that has not installed the app or if the app's permissions have changed and the user must approve the additional permissions. This happens whether the Facebook app handles the user authentication or Safari or the popup dialog. All redirect to a "Page Not Found" page. Digging through the debugger, I found the initial URL request to be (app id replaces "[app