Search Results

Search found 11365 results on 455 pages for 'authorization basic'.

Page 3/455 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

• Get list of users belonging to a role using Authorization Manager (AzMan)

  - by Sam

  Using ASP.NET (C#) I have set up Authorization Manager to allow me to handle roles on a website. Added users to roles is simple Roles.AddUserToRole("DOMAIN\\UserName", "role"). However I want to list the users belonging to a role, but since they are stored as SID's, displaying them would not be that helpful. To get the users, I am thinking XML would have to be used, although is it possible to use COM Interop to both do that and get the user name? Either way, how can I get the users belonging to a role? The table to manage roles would basically be like this: Role User ---- ---- admin DOMAIN\UserName [delete] DOMAIN\UserName2 [delete] [add user text box] news DOMAIN\UserName3 [delete] [add user text box]

  Read the article

• ASP.Net MVC elegant UI and ModelBinder authorization

  - by SDReyes

  We know authorization stuff is a cross cutting concern, and we do anything we could to avoid merge business logic in our views. But I still not found an elegant way to filter UI components (e.g. widgets, form elements, tables, etc) using the current user roles without contaminate the view with business logic. same applies for model binding. Example Form: Product Creation Fields: Name Price Discount Roles: Role Administrator Is allowed to see and modify the Name field Is allowed to see and modify the Price field Is allowed to see and modify the Discount Role Administrator assistant Is allowed to see and modify the Name Is allowed to see and modify the Price Fields shown in each role are different, and model binding needs to ignore the discount field for 'Administrator assistant' role. How would you do it?

  Read the article

• declarative authorization and has_and_belongs_to_many

  - by Michael Balsiger

  Hi, I have a little problem with declarative-authorization. I have a User and Role Model with a has_and_belongs_to_many association. I've created a Role named :moderator in my authorization_rules.rb Is it possible that a User with the Role Moderator only gets the Users that have the Moderator Role assigned to it?? -- User.with_permissions_to(:index) I thought it would be possible like that: role :moderator do has_permission_on :users, :to => :index do if_attribute :roles => contains { ????? } end end I also created a named_scope in my User Model because I thought it would help... class User has_and_belongs_to_many :roles named_scope :by_role, lambda { |role| { :include => :roles, :conditions => {"roles.name" => role} } } end Does anyone knows if it's possible to do this with declarative_authorization? Thanks for your help!

  Read the article

• SVN Authorization

  - by Weslei

  I am trying to setup SVN authorization (authentication works fine already) and my AuthzSVNAccessFile looks like the following: [groups] todos = user1, user2 proj = user1 [/] @todos = r [/myproj] @proj = rw However, I can checkout the content of proj (as user1) but I can't commit to it... If i change the file changing to the following: [groups] todos = user1, user2 proj = user1 [/] @todos = rw [/myproj] @proj = rw I can successful commit... Anyone knows what's wrong with my access file? I am using SVN with SVNParentPath, to point to a folder containing multiple repositories. The errors it gives are: svn: Error: Server sent unexpected return value (403 Forbidden) in response to CHE CKOUT Thanks.

  Read the article

• Http post with basic authorization don't work in java

  - by glebreutov

  This code work without exceptions but post request does not work. What I do wrong? I use Java 1.6, JBoss 4.2.3 String xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + "<message><service id=\"210\"/><to>+"+phone+"</to>" + "<body content-type=\"text/plain\">"+message+"</body></message>"; String userPassword = "login:password"; URL url = new URL(ksGateUrl); URLConnection urlc = url.openConnection(); urlc.setDoOutput(true); urlc.setUseCaches(false); urlc.setAllowUserInteraction(false); urlc.setRequestProperty("Authorization", "Basic " + new sun.misc.BASE64Encoder().encode (userPassword.getBytes())); OutputStreamWriter wr = new OutputStreamWriter(urlc.getOutputStream(), "UTF-8"); wr.write(xml); wr.flush();

  Read the article

• User-customizable rails authorization

  - by neutrino

  Hello everyone, Seems there is an abundance of popular declarative-style authorization plugins, which allow you to somehow state in the code that, e.g., this controller action can be accessed by users with such-and-such roles. But what if I need a more dynamic scheme. I want to have an admin area, with a list of all authorizable actions and an ability to assign permissions on actions from the UI. I have ideas how to implement it from scratch, like to define a model corresponding to a controller and/or action and store the permissions via normal associations. Just wonder if there are any ready solutions to this. Thanks a lot

  Read the article

• Skipping authorization for certain methods

  - by mathee

  Per the Agile Development book, I have an Admin MVC that controls how users log in. In ApplicationController, I have a before_filter that checks for authorization. So, this will check that the user has logged in for every page. The problem is that I want everyone to be able to access the new method, for example, in Users (that is, anyone should be able to create a new user -- naturally! Only admin users should have access to the other methods in UsersController such as edit, etc.). What's the best way to do that?

  Read the article

• Apache, Tomcat 5 and problem with HTTP basic auth

  - by Juha Syrjälä

  I have setup a Tomcat with a webapp that uses http basic auth in some of its URLs. There is a Apache server in front of the Tomcat. I have setup Apache as a proxy like this (all traffic should go directly to tomcat): /etc/httpd/conf.d/proxy_ajp.conf: LoadModule proxy_ajp_module modules/mod_proxy_ajp.so ProxyPass / ajp://localhost:8009/ ProxyPassReverse / ajp://localhost:8009/ There is a webapp installed to root of Tomcat (ROOT.war), so I should be able to use http://localhost/ to access my webapp. But it is not working with http basic auth. The problem is that everything works until I try to access URL that are protected by the HTTP basic auth. URLs without authentication work just fine. When accessing this url via apache I am getting an error message from Apache. If I access the same URL directly from tomcat, everything works just fine. I am getting this to Apache error log: [Wed Sep 01 21:34:01 2010] [error] proxy: dialog to [::1]:8009 (localhost) failed access log looks like this: ::1 - - [01/Sep/2010:21:34:01 +0300] "GET /protected_path/ HTTP/1.0" 503 360 "-" "w3m/0.5.2" I am using: Fedora release 13 (Goddard) httpd-2.2.16-1.fc13.x86_64 tomcat5-5.5.27-7.4.fc12.noarch The basic auth is implemented in the webapp (not in Apache or Tomcat). The webapp is actually implemented in Scala/Lift, but that shouldn't matter. The auth works if I access the tomcat directly. Error message that I am getting from Apache. It is curious that the title is Unauthorized and not Internal error: Unauthorized The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/2.2.16 (Fedora) Server at my.server.name.com Port 80 It could be that Apache is seeing a some thing else than 200 OK response and thinks that it is an error when it actually should pass the received 401 Unauthorized response directly to browser. If this is the problem, how to fix it?

  Read the article

• Protect all XML-RPC calls with HTTP basic auth but one

  - by bodom_lx

  I set up a Django project for smartphone serving XML-RPC methods over HTTPS and using basic auth. All XML-RPC methods require username and password. I would like to implement a XML-RPC method to provide registration to the system. Obviously, this method should not require username and password. The following is the Apache conf section responsible for basic auth: <Location /RPC2> AuthType Basic AuthName "Login Required" Require valid-user AuthBasicProvider wsgi WSGIAuthUserScript /path/to/auth.wsgi </Location> This is my auth.wsgi: import os import sys sys.stdout = sys.stderr sys.path.append('/path/to/project') os.environ['DJANGO_SETTINGS_MODULE'] = 'project.settings' from django.contrib.auth.models import User from django import db def check_password(environ, user, password): """ Authenticates apache/mod_wsgi against Django's auth database. """ db.reset_queries() kwargs = {'username': user, 'is_active': True} try: # checks that the username is valid try: user = User.objects.get(**kwargs) except User.DoesNotExist: return None # verifies that the password is valid for the user if user.check_password(password): return True else: return False finally: db.connection.close() There are two dirty ways to achieve my aim with current situation: Have a dummy username/password to be used when trying to register to the system Have a separate Django/XML-RPC application on another URL (ie: /register) that is not protected by basic auth Both of them are very ugly, as I would also like to define a standard protocol to be used for services like mine (it's an open Dynamic Ridesharing Architecture) Is there a way to unprotect a single XML-RPC call (ie. a defined POST request) even if all XML-RPC calls over /RPC2 are protected?

  Read the article

• Protect all XML-RPC calls with HTTP basic auth but one

  - by bodom_lx

  I set up a Django project for smartphone serving XML-RPC methods over HTTPS and using basic auth. All XML-RPC methods require username and password. I would like to implement a XML-RPC method to provide registration to the system. Obviously, this method should not require username and password. The following is the Apache conf section responsible for basic auth: <Location /RPC2> AuthType Basic AuthName "Login Required" Require valid-user AuthBasicProvider wsgi WSGIAuthUserScript /path/to/auth.wsgi </Location> This is my auth.wsgi: import os import sys sys.stdout = sys.stderr sys.path.append('/path/to/project') os.environ['DJANGO_SETTINGS_MODULE'] = 'project.settings' from django.contrib.auth.models import User from django import db def check_password(environ, user, password): """ Authenticates apache/mod_wsgi against Django's auth database. """ db.reset_queries() kwargs = {'username': user, 'is_active': True} try: # checks that the username is valid try: user = User.objects.get(**kwargs) except User.DoesNotExist: return None # verifies that the password is valid for the user if user.check_password(password): return True else: return False finally: db.connection.close() There are two dirty ways to achieve my aim with current situation: Have a dummy username/password to be used when trying to register to the system Have a separate Django/XML-RPC application on another URL (ie: /register) that is not protected by basic auth Both of them are very ugly, as I would also like to define a standard protocol to be used for services like mine (it's an open Dynamic Ridesharing Architecture) Is there a way to unprotect a single XML-RPC call (ie. a defined POST request) even if all XML-RPC calls over /RPC2 are protected?

  Read the article

• Convert Spanned Dynamic disk to Basic Help needed.

  - by Mouradb

  Hello all, Here is my scenario; Windows 2008 server on a VM Two VM disks; Disk1 OS Basic Disk2 Data and an Installed Application. Basic Durng the weekend, I was playing with this VM, I wanted to add some space to the Disk2. Created a new disk (disk3), converted it to a Dynamic volum and added this to disk 2 (disk 2 also converted to Dynamic volume) and for some reason these now are spanned volumes. just like an IDOT, I haven't taken any snapshot of this before I've made the changes. My question, is there a way I can re-convert this again to Basic? I don't want to delete and recreate the disk volumes because of the application installed on the disk 2 Any solution or tips I can use?

  Read the article

• Does Basic User Authentication require 2-Phase communiation?

  - by RED SOFT ADAIR-StefanWoe

  My Application connects to the Internet to HTTP Services using boost::asio. Recently we added support for HTTP Proxys and Basic User Authentication. We implemented Basic User Authentication by just sending Authentication parameters with every HTTP call if a user configured a proxy in our program. Parameters are sent as described here: Authorization: Basic <base64 Encoded username:password> This works at least for one user and his proxy server. Other users report that their Proxy server replys with 407 Proxy Authentication Required My guess is that some proxy servers accept 1 one phase authentication and that others don't. I do not find any information that a 2 Phase communication is requested where the access always is denied for the first call by returning 407 and that only a second call is accepted. Our program yet does not retry the call if a 407 has been returned. Do we have to add this? I asked this question before on stackoverflow but did not get a sufficient answer.

  Read the article

• Converting dynamic to basic disk

  - by Josip Medved

  I converted basic disk to dynamic on my laptop. However, now I cannot install Windows 7 on another partition. I just get message that installing them on dynamic disk is not supported. Is there a way to convert dynamic disk to basic without losing data on already existing partition?

  Read the article

• Firefox in Ubuntu : how to automate basic authentication password confirm dialog

  - by golemwashere

  Hi, I have an Ubuntu workstation with Firefox always open on a (autorefreshing) web page protected by basic auth. At startup, I have autologin and automatic Firefox start on the page and I have saved the basic auth credentials. I'd like to confirm in some automated way the username/password dialog box which pops up on the first opening of the page, or I'd like to know if there's any hack to avoid this dialog box. I tried setting the homepage to http://username%3Apassword@myserver/mypage put that doesn't stop confirmation dialog boxes.

  Read the article

• RIA Services and Authorization

  This post digs deeper into the Book Club application from the perspective of the authorization feature of RIA Services. You can check out more information about the application via its associated table of contents post. The post covers how the out-of-box authorization rules can be applied, how custom rules that can be implemented, how custom rules can use additional bits of information in their implementation, and how client-side UI can be customized to account for authorization. The sample application...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

  Read the article

• if_attribute on declarative authorization

  - by Victor Martins

  I have a many-to-many relationship like this: A user has_many organizations through affiliations and vice-versa. I'm using declarative organizations and I only want a user to edit a particular organization if he is affiliated and the affiliationtype attribute of affiliation is a particular value. So affiliations has 3 columns , user_id, organization_id and affiliationtype_id I can do: o = Organization.find(:first) o.affiliatons[0].user and get the user now I wish to do this: has_permission_on [:organizations], :to => :edit do if_attribute (...) end That if_attribute should see if the current user is the organization.affiliation[?].user and if the organization.affiliation[?].affiliationtype_id = "3" I hope this is syntax issue ... I really need to get this working.

  Read the article

• Server authorization with MD5 and SQL.

  - by Charles

  I currently have a SQL database of passwords stored in MD5. The server needs to generate a unique key, then sends to the client. In the client, it will use the key as a salt then hash together with the password and send back to the server. The only problem is that the the SQL DB has the passwords in MD5 already. Therefore for this to work, I would have to MD5 the password client side, then MD5 it again with the salt. Am I doing this wrong, because it doesn't seem like a proper solution. Any information is appreciated.

  Read the article

• ASP.NET MVC authorization & permission to use model classes

  - by Tomek

  Hi, This is my first post here, so hello :) Okey, let's get to the point... I am writing my first app in ASP.NET MVC Framework and i have a problem with checking privileges to use instances of model classes (read, edit). Sample code looks like this: // Controller action [CustomAuthorize(Roles="Editor, Admin")] public ActionResult Stats(int id) { User user = userRepository.GetUser(id); if (user == null || !user.Activated || user.Removed) return View("NotFound"); else if (!user.IsCurrentSessionUserOwned) return View("NotAuthorized"); return View(user); } So far authorize attribute protects only controller actions, so my question is: how to make (custom) authorize attribute to check not only user role, usernames but also did i.e. resources instantiated in action methods (above: User class, but there are other ORM objects like News, Photos etc.) All of these object to check have their unique ID's, so user have own ID, News have their ID and UserID field referecned to Users table (i mean these objects are LINQ2SQL classes). How should i resolve that problem?

  Read the article

• rails declarative authorization, permit all actions for controller?

  - by SooDesuNe

  using the delcarative_authorization gem for rails, is there a shortcut to allow a role access to all controller actions? privileges do # default privilege hierarchies to facilitate RESTful Rails apps privilege :manage, :includes => [:create, :read, :update, :delete] end isn't sufficient, because I have more controlling methods than just CRUD in my controllers. Something like: role :foo do has_permission_on :bar, :to =>[:all] end would be perfect, but I'm not finding it in the docs.

  Read the article

• Facebook Graph API authorization problem

  - by kujawk

  If I load the following URL in Firefox and login to Facebook, I'm getting a page displaying "An invalid next or cancel parameter was specified." https://graph.facebook.com/oauth/authorize?client_id=c8caf78d724d142ee82334131ef5c9ce&redirect_uri=http://www.facebook.com/connect/login_success.html&type=user_agent&display=touch&scope=offline_access,publish_stream But if I change the display parameter to display=page I no longer get this error. Any ideas as to why?

  Read the article

• Custom membership provider via WCF authorization question

  - by Diego

  I've made a global authentication via WCF to use with the most of our systems, but found that load data via WCF not very so fast. What I need to do now is verify every time that the page is loading if the user has access granted to that page.... Its a good pratice to go back in WCF request this info for every page that the user access?This will not slow down my entire system?

  Read the article

• Performing centralized authorization for multiple applications

  - by Vaibhav

  Here's a question that I have been wrestling with for a while. We have a situation wherein we have a number of applications that we have created. These have grown organically over a period of time. All of these applications have permissions code built into them that controls access to various parts of the application depending on whether the currently logged in user has the necessary permissions or not. Alongside these applications is a utility application which allows an administrator to map users to permissions for all applications - the way it works is that every application has code which reads this external database of the said utility application to check if the currently logged in user has the necessary permission or not. Now, the question is this. Should the user-permissions mapping information reside in and be owned by the applications themselves, or is it okay to have this information reside within an external entity/DB (as in this case the utility application's database). Part of me thinks that application permissions are very specific to the application context itself, so shouldn't be separated from the application itself. But I am not sure. Any comments?

  Read the article

• Authorization security of ASP.NET Forms authentication

  - by Tomi

  I'm using Forms authentication in ASP.NET MVC website and I store user account login name in AuthCookie like this: FormsAuthentication.SetAuthCookie(account.Login, false); I want to ask if there is a possibility that user on client side will somehow manage to change his login name in AuthCookie and thus he will be for example impersonated as someone with higher privileges and authorized to do more actions than he is normally supposed to have. Also is it better to save in this cookie user account login name or user account ID number?

  Read the article

• ASP NET forms Authorization: how to reduce duration?

  - by eddo

  I've got a web page which is implementing cookie based ASPNET Forms Authentication. Once the user has logged in the page, he can edit some information using a form which is created using a partialview and returned to him as a dialog for editing. The action linked to the partial view is decorated as follows: [HttpGet] [OutputCache(Duration = 0, VaryByParam = "None")] [Authorize(Roles = "test")] public ActionResult changeTripInfo(int tripID, bool ovride=false) { ... } The problem i am experiencing is the latency between the request and the time when the dialog is shown to the user: time ranges between 800 and 1100 ms which is not justified by the complexity of the form. Investigating with Glimpse turns out that the time to process the AuthorizeAttribute (see snip) sums up to at least 650 ms which is troubling me. Looking at the Sql server log, the call which checks the user roles takes, as expected, virtually nothing (duration 0). How can I reduce this time? Am I missing some optimization?

  Read the article

• Tree structured resource Authorization

  - by user323883

  I have portfolio table with portoflio_id and parent_portfolio_id and I have user table now some users may have access to all portfolios, or selective portfolios or depending on group, everything under a portfolio tree. can someone suggest a good schema or any existing framework

  Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >