Search Results

Search found 1208 results on 49 pages for 'proxied authorization'.

Page 2/49 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Is there a recommended approach for using SQL Server as an Authorization store and extending AD properties using .Net? [closed]

    - by Jim
    We are going to be using SQL Server as an authorization store for our .Net windows services and WCF services as well as storing additional metadata about users and groups to extend the AD properties. Doing this will make this self service and not require IT to change anything for our department (for users or groups). What if any are the existing recommended stategies or technologies that do this function?

    Read the article

  • OEG11gR2 integration with OES11gR2 Authorization with condition

    - by pgoutin
    Introduction This OES use-case has been defined originally by Subbu Devulapalli (http://accessmanagement.wordpress.com/).  Based on this OES museum use-case, I have developed the OEG11gR2 policy able to deal with the OES authorization with condition. From an OEG point of view, the way to deal with OES condition is to provide with the OES request some Environmental / Context Attributes.   Museum Use-Case  All painting in the museum have security sensors, an alarm goes off when a person comes too close a painting. The employee designated for maintenance needs to use their ID and disable the alarm before maintenance. You are the Security Administrator for the museum and you have been tasked with creating authorization policies to manage authorization for different paintings. Your first task is to understand how paintings are organized. Asking around, you are surprised to see that there isno formal process in place, so you need to start from scratch. the museum tracks the following attributes for each painting 1. Name of the work 2. Painter 3. Condition (good/poor) 4. Cost You compile the list of paintings  Name of Painting  Painter  Paint Condition  Cost  Mona Lisa  Leonardo da Vinci  Good  100  Magi  Leonardo da Vinci  Poor  40  Starry Night  Vincent Van Gogh  Poor  75  Still Life  Vincent Van Gogh  Good  25 Being a software geek who doesn’t (yet) understand art, you feel that price(or insurance price) of a painting is the most important criteria. So you feel that based on years-of-experience employees can be tasked with maintaining different paintings. You decide that paintings worth over 50 cost should be only handled by employees with over 20 years of experience and employees with less than 10 years of experience should not handle any painting. Lets us start with policy modeling. All paintings have a common set of attributes and actions, so it will be good to have them under a single Resource Type. Based on this resource type we will create the actual resources. So our high level model is: 1) Resource Type: Painting which has action manage and the following four attributes a) Name of the work b) Painter c) Condition (good/poor) d) Cost 2) To keep things simple lets use painting name for Resource name (in real world you will try to use some identifier which is unique, because in future we may end up with more than one painting which has the same name.) 3) Create Resources based on the previous table 4) Create an identity attribute Experience (Integer) 5) Create the following authorization policies a) Allow employees with over 20 years experience to access all paintings b) Allow employees with 10 – 20 years of experience to access painting which cost less than 50 c) Deny access to all paintings for employees with less than 10 year of experience OES Authorization Configuration We do need to create 2 authorization policies with specific conditions a) Allow employees with over 20 years experience to access all paintings b) Allow employees with 10 – 20 years of experience to access painting which cost less than 50 c) Deny access to all paintings for employees with less than 10 year of experience We don’t need an explicit policy for Deny access to all paintings for employees with less than 10 year of experience, because Oracle Entitlements Server will automatically deny if there is no matching policy. OEG Policy The OEG policy looks like the following The 11g Authorization filter configuration is similar to :  The ${PAINTING_NAME} and ${USER_EXPERIENCE} variables are initialized by the "Retrieve from the HTTP header" filters for testing purpose. That's to say, under Service Explorer, we need to provide 2 attributes "Experience" & "Painting" following the OES 11g Authorization filter described above.

    Read the article

  • Custom fine-grained claims based authorization system in ASP.NET MVC - wheres and hows

    - by BuzzBubba
    So, I'd like to implement my own custom authorization system in MVC2. If I'd have to create a global class, where do I instantiate it? Can HttpContext be extended with my own additions and where do I do that? Should I use Authorization filters for rights validation or ActionFilters or do it within an action? Can ActionFilter pass any data to the action itself? Previously (in WebForms) I was using a Session object where I would put a serialized object containing essential user data (account id and a list of roles and rights) and I'd extend my own Page class.

    Read the article

  • Rails authorization plugins

    - by jacklin
    We are evaluating plugins for Authorization in Rails. The two at the top of our list are cancan and declarative_authorization. I would like to get some feedback from anyone currently using either of these plugins. The problem we are going to face with any authorization plugin is that we have a database per customer model and will need to modify the plugin to work within that model. Because of this fact I'm interested in hearing from anyone who has had to tweak the plugins at all as well. I'm just starting to look around at the code. It seems like cancan might be a little easier to customize. Any thoughts?

    Read the article

  • Token based Authentication for WCF HTTP/REST Services: Authorization

    - by Your DisplayName here!
    In the previous post I showed how token based authentication can be implemented for WCF HTTP based services. Authentication is the process of finding out who the user is – this includes anonymous users. Then it is up to the service to decide under which circumstances the client has access to the service as a whole or individual operations. This is called authorization. By default – my framework does not allow anonymous users and will deny access right in the service authorization manager. You can however turn anonymous access on – that means technically, that instead of denying access, an anonymous principal is placed on Thread.CurrentPrincipal. You can flip that switch in the configuration class that you can pass into the service host/factory. var configuration = new WebTokenWebServiceHostConfiguration {     AllowAnonymousAccess = true }; But this is not enough, in addition you also need to decorate the individual operations to allow anonymous access as well, e.g.: [AllowAnonymousAccess] public string GetInfo() {     ... } Inside these operations you might have an authenticated or an anonymous principal on Thread.CurrentPrincipal, and it is up to your code to decide what to do. Side note: Being a security guy, I like this opt-in approach to anonymous access much better that all those opt-out approaches out there (like the Authorize attribute – or this.). Claims-based Authorization Since there is a ClaimsPrincipal available, you can use the standard WIF claims authorization manager infrastructure – either declaratively via ClaimsPrincipalPermission or programmatically (see also here). [ClaimsPrincipalPermission(SecurityAction.Demand,     Resource = "Claims",     Operation = "View")] public ViewClaims GetClientIdentity() {     return new ServiceLogic().GetClaims(); }   In addition you can also turn off per-request authorization (see here for background) via the config and just use the “domain specific” instrumentation. While the code is not 100% done – you can download the current solution here. HTH (Wanna learn more about federation, WIF, claims, tokens etc.? Click here.)

    Read the article

  • web.config + asp.net MVC + location > system.web > authorization + Integrated Security

    - by vdh_ant
    Hi guys I have an ASP.Net MVC app using Integrated Security that I need to be able grant open access to a specific route. The route in question is '~/Agreements/Upload' and the config I have setup looks like this: <configuration> ... <location path="~/Agreements/Upload"> <system.web> <authorization> <allow users="*"/> </authorization> </system.web> </location> ... </configuration> I have tried a few things and nothing has worked thus far. In IIS under Directory Security Authentication Methods I only have "Integrated Windows Authentication" selected. Now this could be part of my problem (as even though IIS allows the above IIS doesn't). But if that's the case how do I configure it so that Integrated Security works but allows people who aren't authenticated to access the given route. Cheers Anthony

    Read the article

  • Authorization and authenthication for WinForm application

    - by Adrian
    Hi! I'm starting to develop windows application and I've been looking around for some authenthication and authorization solution available, but no luck so far. I have to be able to allow admin create users and roles, assign users to roles and define access to controls on form for specified roles (button enabled/disabled etc). Is there any solution out there or maybe someone could give me short description of solution he's using? Adrian

    Read the article

  • Download HTML content that require authorization?

    - by NVA
    I use WebClient from System.Net Namespace of Visual Studio 2008 to download the HTML content. It done well with normal website but with some 4rum that require authorization such as warez-bb.org, it always return the HTML of the login page. I wonder if there is a way to send the username and password to the WebClient?

    Read the article

  • Rails object based permission/authorization engine?

    - by Vlad
    Hi I want to add "Sharing documents" feature to my app, like in google documents service. As i see: User can: can list/view/create/edit/delete own documents share own document to everyone - its a public document share own document to another user with read-only access share own document to another user with read-write access view list of own documents and users to whom he gave permission to read and write view list of foreign documents view/edit foreign document with read/write permissions Please tell me, which permission/authorization solution is preffered for my task?

    Read the article

  • Get list of users belonging to a role using Authorization Manager (AzMan)

    - by Sam
    Using ASP.NET (C#) I have set up Authorization Manager to allow me to handle roles on a website. Added users to roles is simple Roles.AddUserToRole("DOMAIN\\UserName", "role"). However I want to list the users belonging to a role, but since they are stored as SID's, displaying them would not be that helpful. To get the users, I am thinking XML would have to be used, although is it possible to use COM Interop to both do that and get the user name? Either way, how can I get the users belonging to a role? The table to manage roles would basically be like this: Role User ---- ---- admin DOMAIN\UserName [delete] DOMAIN\UserName2 [delete] [add user text box] news DOMAIN\UserName3 [delete] [add user text box]

    Read the article

  • ASP.Net MVC elegant UI and ModelBinder authorization

    - by SDReyes
    We know authorization stuff is a cross cutting concern, and we do anything we could to avoid merge business logic in our views. But I still not found an elegant way to filter UI components (e.g. widgets, form elements, tables, etc) using the current user roles without contaminate the view with business logic. same applies for model binding. Example Form: Product Creation Fields: Name Price Discount Roles: Role Administrator Is allowed to see and modify the Name field Is allowed to see and modify the Price field Is allowed to see and modify the Discount Role Administrator assistant Is allowed to see and modify the Name Is allowed to see and modify the Price Fields shown in each role are different, and model binding needs to ignore the discount field for 'Administrator assistant' role. How would you do it?

    Read the article

  • declarative authorization and has_and_belongs_to_many

    - by Michael Balsiger
    Hi, I have a little problem with declarative-authorization. I have a User and Role Model with a has_and_belongs_to_many association. I've created a Role named :moderator in my authorization_rules.rb Is it possible that a User with the Role Moderator only gets the Users that have the Moderator Role assigned to it?? -- User.with_permissions_to(:index) I thought it would be possible like that: role :moderator do has_permission_on :users, :to => :index do if_attribute :roles => contains { ????? } end end I also created a named_scope in my User Model because I thought it would help... class User has_and_belongs_to_many :roles named_scope :by_role, lambda { |role| { :include => :roles, :conditions => {"roles.name" => role} } } end Does anyone knows if it's possible to do this with declarative_authorization? Thanks for your help!

    Read the article

  • SVN Authorization

    - by Weslei
    I am trying to setup SVN authorization (authentication works fine already) and my AuthzSVNAccessFile looks like the following: [groups] todos = user1, user2 proj = user1 [/] @todos = r [/myproj] @proj = rw However, I can checkout the content of proj (as user1) but I can't commit to it... If i change the file changing to the following: [groups] todos = user1, user2 proj = user1 [/] @todos = rw [/myproj] @proj = rw I can successful commit... Anyone knows what's wrong with my access file? I am using SVN with SVNParentPath, to point to a folder containing multiple repositories. The errors it gives are: svn: Error: Server sent unexpected return value (403 Forbidden) in response to CHE CKOUT Thanks.

    Read the article

  • Http post with basic authorization don't work in java

    - by glebreutov
    This code work without exceptions but post request does not work. What I do wrong? I use Java 1.6, JBoss 4.2.3 String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + "<message><service id=\"210\"/><to>+"+phone+"</to>" + "<body content-type=\"text/plain\">"+message+"</body></message>"; String userPassword = "login:password"; URL url = new URL(ksGateUrl); URLConnection urlc = url.openConnection(); urlc.setDoOutput(true); urlc.setUseCaches(false); urlc.setAllowUserInteraction(false); urlc.setRequestProperty("Authorization", "Basic " + new sun.misc.BASE64Encoder().encode (userPassword.getBytes())); OutputStreamWriter wr = new OutputStreamWriter(urlc.getOutputStream(), "UTF-8"); wr.write(xml); wr.flush();

    Read the article

  • User-customizable rails authorization

    - by neutrino
    Hello everyone, Seems there is an abundance of popular declarative-style authorization plugins, which allow you to somehow state in the code that, e.g., this controller action can be accessed by users with such-and-such roles. But what if I need a more dynamic scheme. I want to have an admin area, with a list of all authorizable actions and an ability to assign permissions on actions from the UI. I have ideas how to implement it from scratch, like to define a model corresponding to a controller and/or action and store the permissions via normal associations. Just wonder if there are any ready solutions to this. Thanks a lot

    Read the article

  • Skipping authorization for certain methods

    - by mathee
    Per the Agile Development book, I have an Admin MVC that controls how users log in. In ApplicationController, I have a before_filter that checks for authorization. So, this will check that the user has logged in for every page. The problem is that I want everyone to be able to access the new method, for example, in Users (that is, anyone should be able to create a new user -- naturally! Only admin users should have access to the other methods in UsersController such as edit, etc.). What's the best way to do that?

    Read the article

  • eXist-db: can't start webstart client on a closed port, reverse proxied via apache

    - by rvdb
    I am configuring an Apache HTTP server so it reverse proxies requests starting with /app/ to an eXist-db instance running in a Tomcat server, on port 8082. This port has been closed in the firewall and is inaccessible to the outer world. Following the eXist documentation, I have following rules in place in my httpd.conf file: ProxyPass /apps/ http://localhost:8082/ ProxyPassReverse /apps/ http://localhost:8082/ ProxyPassReverseCookiePath /apps/ / All goes well for requests to e.g. 'http://mydomain/apps/exist/index.xml'. Yet, the webstart client (accessible at 'http://localhost:8082/exist/webstart/exist.jnlp' on the web server) doesn't work behind the proxy. While 'http://mydomain/apps/exist/webstart/exist.jnlp' does generate a valid exist.jnlp file, that file can't be executed. The reason seems quite obvious: apparently, the eXist-db instance generating the exist.jnlp file only sees the proxied request as: 'http://localhost:8082/exist/webstart/exist.jnlp'. Yet, since the exist.jnlp file is executed on the client, that reference is meaningless (unless the client computer happens to have an eXist-db instance running on that port). Executing the exist.jnlp file hence fails with a 'connection refused' error. Yet, there's no problem at all connecting a local eXist-db Java client to the proxied eXist instance with the URL xmldb:exist://mydomain/apps/exist/xmlrpc. The problem lies in generating the webstart exist.jnlp file, which seems to need access to a publicly accessible URL. However, opening port 8082 and replacing the Proxy references to 'http://localhost:8082' with 'http://mydomain:8082' IMO rather destroys the point of reverse proxying. Do others have had success reverse proxying eXist-db on a closed port behind Apache? Are there perhaps some Proxy configuration settings I have overlooked (I'm no expert at all) that can make eXist see the original request instead of the proxied one? Kind regards, Ron

    Read the article

  • RIA Services and Authorization

    This post digs deeper into the Book Club application from the perspective of the authorization feature of RIA Services. You can check out more information about the application via its associated table of contents post. The post covers how the out-of-box authorization rules can be applied, how custom rules that can be implemented, how custom rules can use additional bits of information in their implementation, and how client-side UI can be customized to account for authorization. The sample application...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • if_attribute on declarative authorization

    - by Victor Martins
    I have a many-to-many relationship like this: A user has_many organizations through affiliations and vice-versa. I'm using declarative organizations and I only want a user to edit a particular organization if he is affiliated and the affiliationtype attribute of affiliation is a particular value. So affiliations has 3 columns , user_id, organization_id and affiliationtype_id I can do: o = Organization.find(:first) o.affiliatons[0].user and get the user now I wish to do this: has_permission_on [:organizations], :to => :edit do if_attribute (...) end That if_attribute should see if the current user is the organization.affiliation[?].user and if the organization.affiliation[?].affiliationtype_id = "3" I hope this is syntax issue ... I really need to get this working.

    Read the article

  • Server authorization with MD5 and SQL.

    - by Charles
    I currently have a SQL database of passwords stored in MD5. The server needs to generate a unique key, then sends to the client. In the client, it will use the key as a salt then hash together with the password and send back to the server. The only problem is that the the SQL DB has the passwords in MD5 already. Therefore for this to work, I would have to MD5 the password client side, then MD5 it again with the salt. Am I doing this wrong, because it doesn't seem like a proper solution. Any information is appreciated.

    Read the article

  • ASP.NET MVC authorization & permission to use model classes

    - by Tomek
    Hi, This is my first post here, so hello :) Okey, let's get to the point... I am writing my first app in ASP.NET MVC Framework and i have a problem with checking privileges to use instances of model classes (read, edit). Sample code looks like this: // Controller action [CustomAuthorize(Roles="Editor, Admin")] public ActionResult Stats(int id) { User user = userRepository.GetUser(id); if (user == null || !user.Activated || user.Removed) return View("NotFound"); else if (!user.IsCurrentSessionUserOwned) return View("NotAuthorized"); return View(user); } So far authorize attribute protects only controller actions, so my question is: how to make (custom) authorize attribute to check not only user role, usernames but also did i.e. resources instantiated in action methods (above: User class, but there are other ORM objects like News, Photos etc.) All of these object to check have their unique ID's, so user have own ID, News have their ID and UserID field referecned to Users table (i mean these objects are LINQ2SQL classes). How should i resolve that problem?

    Read the article

  • rails declarative authorization, permit all actions for controller?

    - by SooDesuNe
    using the delcarative_authorization gem for rails, is there a shortcut to allow a role access to all controller actions? privileges do # default privilege hierarchies to facilitate RESTful Rails apps privilege :manage, :includes => [:create, :read, :update, :delete] end isn't sufficient, because I have more controlling methods than just CRUD in my controllers. Something like: role :foo do has_permission_on :bar, :to =>[:all] end would be perfect, but I'm not finding it in the docs.

    Read the article

  • Facebook Graph API authorization problem

    - by kujawk
    If I load the following URL in Firefox and login to Facebook, I'm getting a page displaying "An invalid next or cancel parameter was specified." https://graph.facebook.com/oauth/authorize?client_id=c8caf78d724d142ee82334131ef5c9ce&redirect_uri=http://www.facebook.com/connect/login_success.html&type=user_agent&display=touch&scope=offline_access,publish_stream But if I change the display parameter to display=page I no longer get this error. Any ideas as to why?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >