Search Results

Search found 367 results on 15 pages for 'authorize'.

Page 3/15 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How to get HandleUnauthorizedRequest to return correct url?

    - by Jova
    I'm writing a custom AuthorizeAttribute which should redirect unauthorized users to the login page. My HandleUnauthorizedRequest method looks like this, protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { RouteValueDictionary returnRoute = new RouteValueDictionary(); returnRoute["controller"] = "Account"; returnRoute["action"] = "Login"; returnRoute["returnUrl"] = filterContext.HttpContext.Request.Url.AbsolutePath; filterContext.Result = new RedirectToRouteResult(returnRoute); } Unfortunately it's not working properly as the returning url looks like this, www.mydomain.com/?controller=Account&action=Login&returnUrl=%2FUser%2FEditProfile%2FUsername What is the reason for this and how do I correct it?

    Read the article

  • How to use Custom AuthorizeAttribute for controller utilizing parameter value?

    - by RSolberg
    I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code. public ActionResult Entity(string entityCode) { if (CurrentUser.VerifyEntityPermission(entityCode)) { //populate viewModel... return View(viewModel); } return RedirectToAction("NoAccessToEntity", "Error"); } I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible? [EntityAuthRequired] public ActionResult Entity(string entityCode) { //populate viewModel... return View(viewModel); }

    Read the article

  • How should i organize authority code?

    - by acidzombie24
    I have users that fall into the following Not logged in Not Verified Verified Moderator Admin All code that only admin and moderators can access (like banning) is in ModeratorUser which inherits from verified which inherits from BaseUser. Some pages are accessible to all users such as public profiles. If a user is logged in he can leave a comment. To check this i use if (IsVerifiedUser). Now here is the problem. To avoid problems if a user is banned he is not recognized as a verified user. However in the rare case i need to know if he is verified i can use usertype & Verified. Should i not be doing this? I have a bunch of code in my VerifiedUser class and find i am moving tons of it to BaseUser. Is this something i help because a not logged in user can access the page? Should i handle the ban user in a different way and allow IsVerifiedUser to be true even if the user is banned?

    Read the article

  • Should a user authorize each time i need an access token?

    - by user259349
    In the facebook authentication guide, i am suppose to: Get the user to authorize my application, by redirecting them to authorize uri. Get my access token from facebook by hitting the /outh/accesstoken uri. Lets just say, that for whatever reason, this token is no longer valid. Do i need to perform step #1, or can i hit the /outh/accesstoken uri again?

    Read the article

  • Why does Facebook Chat through XMPP protocol on Pidgin Portable not authorize?

    - by Sara Neff
    I heard you can use facebook chat on desktops now. Thats awsome! What i didn't hear is that it is a pain in the butt! Not awsome! I've followed six nearly identical sets of instructions from six different websides, including the one that facebook generates for you, to get facebook chat connected through Pidgin. Its the latest portable version, so from what i hear the plugin is out of the question. Whenever I go to try and connect i get a message saying "Not Authorized" and buttons to either modify the account info, or retry. NOTHING i have done has fixed this, and I can't find anything remotely usefull anywhere. I am running windows xp, and running pidgin (portable) off of a flash drive. Someone please tell me what i have to do. I read about authorizing the chat on my actual facebook page. I'd have tried that if i could find out how to do it, but if its there they hid it good. HELP?!

    Read the article

  • Can vCenter 4 authenticate and authorize against a virtual directory server??

    - by iforeman
    Hi I am looking into Identity managment in our environment. We currently use Active Directory and Sun's Enterprise Directory server (6.3). I was wondering if I used the Virtual Directory Server of the Enterprise Directory server, would we be able to point the vCenter clients to this Directory service for authentication and authorization rather than at the AD source. The reason for this is that we have more users we want to add to the management role of this server but not all are in AD, a fair number are in the Sun LDAP v3. directory. Thanks in advance Ian

    Read the article

  • RuntimeBinderException with dynamic in C# 4.0

    - by Terence Lewis
    I have an interface: public abstract class Authorizer<T> where T : RequiresAuthorization { public AuthorizationStatus Authorize(T record) { // Perform authorization specific stuff // and then hand off to an abstract method to handle T-specific stuff // that should happen when authorization is successful } } Then, I have a bunch of different classes which all implement RequiresAuthorization, and correspondingly, an Authorizer<T> for each of them (each business object in my domain requires different logic to execute once the record has been authorized). I'm also using a UnityContainer, in which I register various Authorizer<T>'s. I then have some code as follows to find the right record out of the database and authorize it: void Authorize(RequiresAuthorization item) { var dbItem = ChildContainer.Resolve<IAuthorizationRepository>() .RetrieveRequiresAuthorizationById(item.Id); var authorizerType = type.GetType(String.Format("Foo.Authorizer`1[[{0}]], Foo", dbItem.GetType().AssemblyQualifiedName)); dynamic authorizer = ChildContainer.Resolve(type) as dynamic; authorizer.Authorize(dbItem); } Basically, I'm using the Id on the object to retrieve it out of the database. In the background NHibernate takes care of figuring out what type of RequiresAuthorization it is. I then want to find the right Authorizer for it (I don't know at compile time what implementation of Authorizer<T> I need, so I've got a little bit of reflection to get the fully qualified type). To accomplish this, I use the non-generic overload of UnityContainer's Resolve method to look up the correct authorizer from configuration. Finally, I want to call Authorize on the authorizer, passing through the object I've gotten back from NHibernate. Now, for the problem: In Beta2 of VS2010 the above code works perfectly. On RC and RTM, as soon as I make the Authorize() call, I get a RuntimeBinderException saying "The best overloaded method match for 'Foo.Authorizer<Bar>.Authorize(Bar)' has some invalid arguments". When I inspect the authorizer in the debugger, it's the correct type. When I call GetType().GetMethods() on it, I can see the Authorize method which takes a Bar. If I do GetType() on dbItem it is a Bar. Because this worked in Beta2 and not in RC, I assumed it was a regression (it seems like it should work) and I delayed sorting it out until after I'd had a chance to test it on the RTM version of C# 4.0. Now I've done that and the problem still persists. Does anybody have any suggestions to make this work? Thanks Terence

    Read the article

  • Why is ASP.NET MVC Authorize attribute throwing a null reference exception?

    - by robertz
    I had a working asp.net mvc application running on my local IIS 7 web server, but now I'm getting errors whenever I request a page that requires authorization. I'm using standard forms authentication with asp.net membership. Here's the error: Stack Trace: [NullReferenceException: Object reference not set to an instance of an object.] System.Web.Mvc.AuthorizeAttribute.AuthorizeCore(HttpContextBase httpContext) +31 System.Web.Mvc.AuthorizeAttribute.OnAuthorization(AuthorizationContext filterContext) +38 System.Web.Mvc.ControllerActionInvoker.InvokeAuthorizationFilters(ControllerContext controllerContext, IList`1 filters, ActionDescriptor actionDescriptor) +103 System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +345...

    Read the article

  • Does Apache allow to authorize an HTTP request based on a result of a subrequest?

    - by Jan Wrobel
    I'm looking for an equivalent of nginx http auth request module but for Apache. For each incoming HTTP requests, the module sends a subrequests to authentication/authorization back-end. Th auth request carries a path and all headers of the original request. Based on the result of the auth request, the original requests is allowed (HTTP code 200), denied (HTTP code 403) or login is requested (HTTP code 401). Such a generic mechanism allows to build really flexible authentication and authorization schemes. Is something like this possible in Apache (likely with a help of some third party module)?

    Read the article

  • Collection, which method is used to authorize an add of an element ?

    - by Duke Vador
    We find a lot of concrete subclasses under Collection. While trying to add an element in a concrete collection, this collection will use a method to determine if it can accept to store the element (and eventually that this element is not already in the collection). It could use equals(), hashCode() or compareTo() of the element. Is it possible to find a summary about which method is used by each implementation of Collection ? Thanks a lot for your answers.

    Read the article

  • Looking for a modern payment processor which accepts adult sites

    - by JakeRow123
    I love how easy authorize.net is to use, but they don't accept adult sites. I am lanching an adult site soon but I can't find any good credit card processors I can use. Most sites use CCbill or Epoch but they are both terrible since the customer is redirected to their external site which also has an ancient 1990's look. It's not like authorize.net's API that you can query and get the result back as to whether the payment went through or not. This makes authorize.net blend seamlessly with the product. But since adult sites are against their TOS and also paypals, what is a good alternative? I am looking for one that won't redirect the user from my site, is big enough to be reliable and trustworthy and has fairly low rates. Any help is appreciated!

    Read the article

  • Watch Netflix Instant Movies in Boxee

    - by DigitalGeekery
    Boxee is multi-platform Media PC application with a host of media applications. One of which is the popular Movie service, Netflix. Today we’ll show you how to get setup to watch Netflix Instant streaming video in Boxee. Note: Nexflix requires Microsoft Silverlight which unfortunately means Boxee users running Linux out of luck. What You’ll Need A Netflix account Authorize your Netflix account with Boxee Install Microsoft Silverlight Authorize Your Netflix Account First, we need to authorize our Netflix account with Boxee. (See link below). Type in your Boxee username and password and click “Login.”  When prompted, click “Authorize.”   Click “Yes, Link This Account.”    Install Silverlight If you don’t already have Silverlight installed, you’ll need to do so. See the download link at the end of the article.   Log into Boxee Now we’re ready to log into Boxee. Once logged in, click on “Apps” on the Home screen.   From the My Apps screen click on Netflix. Then click “Start.” Click “Yes” to enable the cookie.   Now you’ll enter the Netflix App. From here, you can browse your Instant Queue, Recommendations, New Arrivals, Browse Genre, or Search for available titles.   Click on a selection you’d like to watch. From here, you can Play, Rate, or even add the title to your regular Netflix Queue.   With a remote or the on-screen controls you can pause, stop, play, and skip forward or back through the video.   Now you’re all set to enjoy the Netflix Instant library with Boxee. Netflix Instant is one of many great Apps included with Boxee. While the current available selection isn’t exactly overwhelming, most subscribers will likely find enough to keep themselves entertained in between DVD deliveries. Haven’t tried Boxee yet? Check out our article on getting started with Boxee. Links Authorize your Netflix account with Boxee Install Microsoft Silverlight Similar Articles Productive Geek Tips Using Netflix Watchnow in Windows Vista Media Center (Gmedia)Find Movies and TV Based on your Mood with JinniGetting Started with BoxeeQuickly Find Movies to Watch at Hello MoviesIntegrate Boxee with Media Center in Windows 7 TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 PCmover Professional Change DNS servers on the fly with DNS Jumper Live PDF Searches PDF Files and Ebooks Converting Mp4 to Mp3 Easily Use Quick Translator to Translate Text in 50 Languages (Firefox) Get Better Windows Search With UltraSearch Scan News With NY Times Article Skimmer

    Read the article

  • Authorizing sections of a view in MVC

    - by Duk
    I was wondering if it's possible to authorize parts of a view inside the view. For example, I understand how to authorize the entire controller in this method <HandleError()> _ Public Class HomeController Inherits System.Web.Mvc.Controller Function Index() Return View() End Function <Authorize(Roles:="Administrators")> _ Function AdministratorSecrets() Return View() End Function End Class But what Id like to do is have it so if the admin is logged in, they can see additional links in my navigation. Something along the lines of <ul id="menu"> <li><%= Html.ActionLink("Home", "Index", "Home")%></li> <li><%= Html.ActionLink("About", "About", "Home")%></li> <Authorize(Roles:="Administrators")> _ <li><%= Html.ActionLink("Admin", "Admin", "Home")%></li> </ul> Obviously that won't work, but it gives an idea of what I'm trying to accomplish. Any ideas?

    Read the article

  • Problems with GData Request Token

    - by Dan Delgado
    We have successfully used GData libraries to access a user's Google Docs. But we encountered problems when many users log in to our site and authorize our web app at the same time or successively. Here's what happens: First user successful logs in, authorizes our web app via OAuth and is able to add rubric (or google spreadsheet). Second user, immediately after first user adds a rubric, successfully logs in then webapp fails on authorize (Token not given. I tried to log it.) Third user fails on login. Fourth user was able to log in, authorize via OAuth, and create rubrics successfully. Fifth user was able to log in but like the second user, gets an invalid token on authorize (Token not given.) And the list goes on. Results were unpredicatable. Below is an excerpt of the stack trace we get when the fail scenario happens: Nested in org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.NullPointerException: java.lang.NullPointerException at com.google.gdata.client.authn.oauth.OAuthUtil.normalizeParameters(OAuthUtil.java:158) at com.google.gdata.client.authn.oauth.OAuthUtil.getSignatureBaseString(OAuthUtil.java:81) at com.google.gdata.client.authn.oauth.OAuthHelper.addCommonRequestParameters(OAuthHelper.java:649) at com.google.gdata.client.authn.oauth.OAuthHelper.getOAuthUrl(OAuthHelper.java:592) at com.google.gdata.client.authn.oauth.OAuthHelper.getUnauthorizedRequestToken(OAuthHelper.java:276) at com.projectrix.controller.OAuthController.authorize(OAuthController.java:59) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Method.java:40) Help!

    Read the article

  • Scope of Constants in Ruby Modules

    - by user204078
    I'm having a little problem with constant scope in mixin modules. Let's say I have something like this module Auth USER_KEY = "user" unless defined? USER_KEY def authorize user_id = session[USER_KEY] def end The USER_KEY constant should default to "user" unless it's already defined. Now I might mix this into a couple of places, but in one of those places the USER_KEY needs to be different, so we might have something like this class ApplicationController < ActionController::Base USER_KEY = "my_user" include Auth def test_auth authorize end end I would expect that USER_KEY would be "my_user" when used in authorize, since it's already defined, but it's still "user", taken from the modules definition of USER_KEY. Anyone have any idea how to get authorize to use the classes version of USER_KEY?

    Read the article

  • Is it okay to just add a page or two PHP page to add some functionality to a Drupal site?

    - by Zaemz
    I'm not familiar with Drupal, really. I can dig around the admin interface and navigate the directories and find the files that I need to just fine as well. What I'm really not familiar with is adding modules or extending modules. The site currently takes an order and sets up recurring payments through Ubercart and uses Authorize.net as a gateway. Right now, when a payment fails, a single e-mail gets sent out to the admin. We'd like to extend it to send an e-mail to the user and let them change their payment information through another page on the site. Authorize has a service called Silent Post URL that basically just posts a carbon copy in XML to whatever URL you give it. We'd like to accept that XML, deserialize it, parse the data, send a notice to the user and give them the page for updating their information. So, I guess it'll be two PHP pages. One for the XML API call from Authorize.net, and then one for the page for the users' to update their payment information. Could I just create two simple pages each handling their own tasks, or should I check out properly extending a module? If it's appropriate for me to write up the pages and not have to hook them into the module, what would be the best way to handle setting up what needs to get done? (The most experience I've had with extending a PHP site has been hacking away at someone else' poorly constructed, custom framework, so if anyone has any good resources perhaps on PHP best practices that they could share through a PM or a comment, I'd appreciate It) (Also, I'm still getting the hang of Stack Exchange, so if this isn't appropriate please let me know. I'll delete it.)

    Read the article

  • Configuring dhcp module in FreeRadius (3.0.2 - Centos 6.5)

    - by mixja
    I am using the REST module to authorise a DHCP request. I would like to send an explicit DHCP NAK if the authorisation fails, however the DHCP module seems to return immediately if there is a failure and just ignores the DHCP request without any response. Here is my DHCP module configuration - if rest.authorize is successful, the if (ok) control block is hit, but if rest.authorize fails the if (fail) is never hit. dhcp DHCP-Discover { rest.authorize if (fail) { update reply { DHCP-Message-Type = DHCP-Nak } } if (ok) { update reply { DHCP-Message-Type = DHCP-Offer } update reply { DHCP-Domain-Name-Server = x.x.x.x DHCP-Domain-Name-Server = x.x.x.x DHCP-Subnet-Mask = 255.255.255.0 DHCP-Router-Address = x.x.x.x DHCP-IP-Address-Lease-Time = 3600 DHCP-DHCP-Server-Identifier = x.x.x.x } mac2ip } } Below is the output after a 401 Unauthorized is received. I am wanting to achieve a temporary block on DHCP for a specified (small) period of time. However the FreeRADIUS behaviour is to ignore duplicate requests for same DHCP transaction, meaning DHCP on client is blocked until it begins a new transaction. If a DHCP NAK can be sent, the DHCP client will initiate a new transaction after each NAK (i.e. DHCP Discover), meaning FreeRADIUS will process each DHCP Discover from the client, and the block will be removed much closer to the desired block time. Tue Jun 3 03:00:57 2014 : Debug: (3) rest : Sending HTTP GET to "http://xxxxxx//api/v1/dhcp/80%3Aea%3A96%3A2a%3Ab6%3Aaa" Tue Jun 3 03:00:57 2014 : Debug: (3) rest : Processing response header Tue Jun 3 03:00:57 2014 : Debug: (3) rest : Status : 401 (Unauthorized) Tue Jun 3 03:00:57 2014 : Debug: (3) rest : Skipping attribute processing, no body data received Tue Jun 3 03:00:57 2014 : Debug: rlm_rest (rest): Released connection (4) Tue Jun 3 03:00:57 2014 : Debug: (3) modsingle[authorize]: returned from rest (rlm_rest) for request 3 Tue Jun 3 03:00:57 2014 : Debug: (3) [rest.authorize] = fail Tue Jun 3 03:00:57 2014 : Debug: (3) } # dhcp DHCP-Discover = fail Tue Jun 3 03:00:57 2014 : Debug: (3) Finished request 3. Tue Jun 3 03:00:57 2014 : Debug: Waking up in 0.2 seconds. Tue Jun 3 03:00:58 2014 : Debug: Waking up in 4.6 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:00:59 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:00:59 2014 : Debug: Waking up in 2.9 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:01:02 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:01:02 2014 : Debug: Waking up in 0.4 seconds. Tue Jun 3 03:01:02 2014 : Debug: (2) Cleaning up request packet ID 2064626397 with timestamp +56 Tue Jun 3 03:01:02 2014 : Debug: Waking up in 1999991.0 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:01:06 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:01:06 2014 : Debug: Waking up in 3999983.1 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:01:15 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:01:15 2014 : Debug: Waking up in 7999966.3 seconds. Received DHCP-Discover of id 7b0fb2de from 172.19.0.9:67 to 172.19.0.12:67 Tue Jun 3 03:01:23 2014 : Debug: (3) No reply. Ignoring retransmit. Tue Jun 3 03:01:23 2014 : Debug: Waking up in 15999942.1 seconds.

    Read the article

  • Redirection fails in IE but is fine with Firefox

    - by Bob
    I use an <Authorize> attribute in ASP.NET MVC to secure a controller. My page loads portions of its content via AJAX. Here's a problem I have with IE8, but not Firefox 3.6: Sign in as user JohnDoe and navigate to http://www.example.com/AjaxPage. Everything works fine. AjaxPage is protected with the <Authorize> attribute. Sign out, which redirects me to http://www.example.com. That page doesn't use <Authorize>. Navigate to http://www.example.com/AjaxPage without signing in again. I should be redirected to the Sign In page since that controller has the <Authorize> attribute. Step 3 works with Firefox, but IE8 displays the non-Ajax portion of http://www.example.com/AjaxPage and then never loads the Ajax content. I'm surprised any content is displayed at all since I should be redirected to the Sign In page. My code redirects to the login page with: Return Redirect("https://login.live.com/wlogin.srf?appid=MY-APP-ID&alg=wsignin1.0") Why does Firefox handle this redirection, but IE doesn't? Since it works the first time (Step 1 above), is there a cache issue?

    Read the article

  • Redirection fails in IE but is fine with Firefox

    - by Bob
    I use an <Authorize> attribute in ASP.NET MVC to secure a controller. My page loads portions of its content via AJAX. Here's a problem I have with IE8, but not Firefox 3.6: Sign in as user JohnDoe and navigate to http://www.example.com/AjaxPage. Everything works fine. AjaxPage is protected with the <Authorize> attribute. Sign out, which redirects me to http://www.example.com. That page doesn't use <Authorize>. Navigate to http://www.example.com/AjaxPage without signing in again. I should be redirected to the Sign In page since that controller has the <Authorize> attribute. Step 3 works with Firefox, but IE8 displays the non-Ajax portion of http://www.example.com/AjaxPage and then never loads the Ajax content. I'm surprised any content is displayed at all since I should be redirected to the Sign In page. My code redirects to the login page with: Return Redirect("https://login.live.com/wlogin.srf?appid=MY-APP-ID&alg=wsignin1.0") Why does Firefox handle this redirection, but IE doesn't? Since it works the first time (Step 1 above), is there a cache issue? EDIT: I used Fiddler to see if AjaxPage was being cached, but it appears not to be. I assume if it were cached, I'd get an HTTP Status Code 200 back. I may simply misunderstand this though.

    Read the article

  • Facebook Canvas iFrame App - Authorizing users with new OAuth protocol

    - by Rick
    Hi, I'm developing a new Facebook Canvas application within an iFrame and trying to authorize users. The new OAuth api recommends I do a redirect to the following to authorize a user in my app: https://graph.facebook.com/oauth/authorize? client_id=...& redirect_uri=http://www.example.com/oauth_redirect However this produces a weird problem where a full Facebook page requesting permissions from the user is rendered within the iFrame itself (i.e. facebook within Facebook). Does anyone know how to solve this with the new OAuth API as I don't want to start using old REST API methods. Thanks, Rick

    Read the article

  • Why do users have to enter a 7-digit twitter PIN to grant my application access?

    - by Tony
    I am implementing some ruby on rails code tweet stuff for my users. I am creating the proper oauth link...something like http://twitter.com/oauth/authorize?oauth_token=y2RkuftYAEkbEuIF7zKMuzWN30O2XxM8U9j0egtzKv But after my test account grants access to twitter, it pulls up a page saying "You've successfully granted access to . Simply return to and enter the following PIN to complete the process. 1234567" I have no idea where the user should enter this PIN and why they have to do that. I don't think this should be a necessary step. Twitter should be redirecting the user to the callback URL I provided in the application settings. Does anyone know why this is happening? UPDATE I found this article that states I need to send my users to this URL (note "authenticate" instead of "authorize"): http://twitter.com/oauth/authenticate?oauth_token=y2RkuftYAEkbEuIF7zKMuzWN30O2XxM8U9j0egtzKv I made the change but Twitter redirects the user to the authorize path after he clicks "Allow" which then gives him the 7 digit PIN again!

    Read the article

  • Routing Business Branches: Granular access control in ASP.NET MVC

    - by FreshCode
    How should ASP.NET MVC routes be structured to allow granular role-based access control to business branches? Every business entity is related to a branch, either by itself or via its parent entities. Is there an elegant way to authorize actions based on user-roles for any number of branches? 1. {branch} in route? {branch}/{controller}/{action}/{id} Action: [Authorize(Roles="Technician")] public ActionResult BusinessWidgetAction(BusinessObject obj) { // Authorize will test if User has Technician role in branch context // ... } 2. Retrieve branch from business entity? {controller}/{action}/{id} Action: public ActionResult BusinessWidgetAction(BusinessObject obj) { if (!User.HasAccessTo("WidgetAction", obj.Branch)) throw new HttpException(403, "No soup for you!"); // or redirect // ... } 3. Or is there a better way?

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >