Search Results

Search found 1424 results on 57 pages for 'roles'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 48/57 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

  • AspNetMembership provider with WCF service

    - by Sly
    I'm trying to configure AspNetMembershipProvider to be used for authenticating in my WCF service that is using basicHttpBinding. I have following configuration: <system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> <bindings> <basicHttpBinding> <binding name="basicSecureBinding"> <security mode="Message"></security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="MyApp.Services.ComputersServiceBehavior"> <serviceAuthorization roleProviderName="AspNetSqlRoleProvider" principalPermissionMode="UseAspNetRoles" /> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="AspNetSqlMembershipProvider"/> </serviceCredentials> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <services> <service behaviorConfiguration="MyApp.Services.ComputersServiceBehavior" name="MyApp.Services.ComputersService"> <endpoint binding="basicHttpBinding" contract="MyApp.Services.IComputersService" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> </system.serviceModel> Roles are enabled and membership provider is configured (its working for web site). But authentication process is not fired at all. There is no calles to data base during request, and when I try to set following attribute on method: [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] public bool Test() { return true; } I'm getting access denied exception. Any thoughts how to fix it?

    Read the article

  • Starting a new business with former colleagues, advice needed

    - by Sparafusile
    I was recently contacted by a former boss of mine who is thinking of starting a new business. The business will be online only it will by my job to design, build, and maintain the software going into it. I will also have to maintain the server it's running on, being the only technical person on the team. I will be one of four members of the business, the other three being the actual business know-hows and salesmen. The other three are shouldering the cost of getting the business going (incorporation, attorney fees, etc) and we will be splitting the cost of the server. I have no business knowledge at all, and don't want any part of it, I am only interested in the technical aspects. Now that we are finalizing our plans, determining roles, and getting ready to start actual work, we have come to the point where we have to determine what percentage stake each of us has. Since I have never done anything like this before, or met anyone that has, I don't know what I should expect. Can anyone give me some pointers on what to ask for in this deal?

    Read the article

  • (rsErrorOpeningConnection) Could not obtain information about Windows NT group/user

    - by ChelleATL
    I am trying to deploy a report to the Reporting Services Server but keep running up against this error: An error occurred during client rendering. An error has occurred during report processing. (rsProcessingAborted) Cannot create a connection to data source 'dataSource1'. (rsErrorOpeningConnection) Could not obtain information about Windows NT group/user 'DOMAIN\useradmin', error code 0x5. Here’s my situation: Everything is being ran using DOMAIN\useradmin and the report is using a remote database. Reporting Services and SQL Server are both ran under DOMAIN\useradmin. DOMAIN\useradmin is a windows AD login and is part of the server machine Administrators group. My test report is using a data source model that in turn is using a data source that is connection to a database on a different SQL Server. The data source is using “Credentials stored securely in the report server” with the options “Use as Windows credentials when connecting to the data source” and “Impersonate the authenticated user after a connection has been made to the data source.” I am using the credentials of DOMAIN\useradmin that is the db owner of the remote database. DOMAIN\useradmin is assigned the roles, System Administrator, System User and Browser, Content Manager, My Reports, Publisher, Report Builder. So if everything is being run under an über AD account, why I am getting this Could not obtain information about Windows NT group/user 'DOMAIN\useradmin' error? Under normal circumstances , an AD login with Publisher permissions will developing reports using a datasource model created by DOMAIN\useradmin but using one of the remote database’s users which is mapped from yet another AD login. I ran the following statements and non errors were returned: use master go xp_grantlogin 'DOMAIN\useradmin' go xp_logininfo 'DOMAIN\useradmin' go

    Read the article

  • Problem with grails web app running in production: "No such property: save for class: JsecRole"

    - by Sarah Boyd
    I've got a grails 1.1 web app running great in development but when I try and run it in production with an sqlserver database it crashes in a weird way. The relevant part of my datasource.groovy is as follows: environments { development { dataSource { dbCreate = "create-drop" // one of 'create', 'create-drop','update' url = "jdbc:hsqldb:mem:devDB" } } test { dataSource { dbCreate = "update" url = "jdbc:hsqldb:mem:testDb" } } production { dataSource { dbCreate = "update" driverClassName = "com.microsoft.sqlserver.jdbc.SQLServerDriver" endUsername = "sa" password = "pw4db" url = "jdbc:sqlserver://localhost:1433;databaseName=ReleasePlanner;selectMethod=cursor" The error message I receive is: Message: No such property: save for class: JsecRole Caused by: groovy.lang.MissingPropertyException: No such property: save for class: JsecRole Class: ProjectController At Line: [28] Code Snippet: 27: println "###about to create project roles" 28: userManagerService.createProjectRoles(project) 29: userManagerService.addUserToProject(session.user.id.toString(), project, 'owner') } } } The stacktrace is as follows: org.codehaus.groovy.runtime.InvokerInvocationException: groovy.lang.MissingPropertyException: No such property: save for class: JsecRole at org.jsecurity.web.servlet.JSecurityFilter.doFilterInternal(JSecurityFilter.java:382) at org.jsecurity.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:180) Caused by: groovy.lang.MissingPropertyException: No such property: save for class: JsecRole at UserManagerService.createProjectRoles(UserManagerService.groovy:9) at UserManagerService$$FastClassByCGLIB$$6fa73713.invoke(<generated>) at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149) at UserManagerService$$EnhancerByCGLIB$$fcf60984.createProjectRoles(<generated>) at UserManagerService$createProjectRoles.call(Unknown Source) at ProjectController$_closure4.doCall(ProjectController.groovy:28) at ProjectController$_closure4.doCall(ProjectController.groovy) ... 2 more Any help is appreciated. Thanks Sarah

    Read the article

  • C# - Which is more efficient and thread safe? static or instant classes?

    - by Soni Ali
    Consider the following two scenarios: //Data Contract public class MyValue { } Scenario 1: Using a static helper class. public class Broker { private string[] _userRoles; public Broker(string[] userRoles) { this._userRoles = userRoles; } public MyValue[] GetValues() { return BrokerHelper.GetValues(this._userRoles); } } static class BrokerHelper { static Dictionary<string, MyValue> _values = new Dictionary<string, MyValue>(); public static MyValue[] GetValues(string[] rolesAllowed) { return FilterForRoles(_values, rolesAllowed); } } Scenario 2: Using an instance class. public class Broker { private BrokerService _service; public Broker(params string[] userRoles) { this._service = new BrokerService(userRoles); } public MyValue[] GetValues() { return _service.GetValues(); } } class BrokerService { private Dictionary<string, MyValue> _values; private string[] _userRoles; public BrokerService(string[] userRoles) { this._userRoles = userRoles; this._values = new Dictionary<string, MyValue>(); } public MyValue[] GetValues() { return FilterForRoles(_values, _userRoles); } } Which of the [Broker] scenarios will scale best if used in a web environment with about 100 different roles and over a thousand users. NOTE: Feel free to sugest any alternative approach.

    Read the article

  • Career Plan: The one year plan. The three year plan.

    - by drelihan
    Hi Folks, I work as a developer however I only recently began developing full time having worked for 5 years in various roles. When it comes to career planning I think I pretty much agree with The Journeyman to Craftsman model coined in The Pragmatic Probrammer and used by Bob Martin. I see myself as a journeyman and I won't call myself a "good" (for want of a better word) until I re-evaluate my skills in 5 years time. However, as part of our careers we are encouraged to make one and three year plan with specific goals that we should hit. Unfortunately, my goal is this: Write clean code that solves a problem and is easy to maintain. From a technology point of view I want to know C++ and .net programming inside out(C#, WCF etc..) But that's it. That's my plan. Is this enough? So although there's a great discussion on what people should do with their career: http://stackoverflow.com/questions/11313/career-planning-any-tips My question is this: What's your one year plan? What's your three year plan? And am I being naive with my career? Thanks,

    Read the article

  • Internal bug tracking tickets - Redmine, Trac, or JIRA

    - by Tai Squared
    I've been looking at setting up Redmine, Trac, or JIRA to track issues. I want to be able to have my development team create internal tickets that are never seen by clients, while clients can create/edit tickets that are seen by the internal team. From the Trac documentation, you can set permissions to create or view tickets, but it doesn't seem to allow for viewing only certain tickets. It may be possible with Trac Fine Grained Permissions, but doesn't appear so. The Redmine documentation mentions: Define your own roles and set their permissions in a click but doesn't appear to have the level of granularity. From the JIRA documentation: At the moment JIRA is only able to support security at a project level or issue level. Currently there is no field level security available. According to this question, Redmine doesn't support internal tickets, so you would have to use multiple projects. I don't want a situation where I would have to create multiple projects - one internal, one external and have the external tickets brought into the internal repository. It seems as this would lead to unnecessary overhead and inevitably, the projects wouldn't be in sync. Is there any way with any of these products (possibly through a plug-in if not in the core product itself) to specify these permissions, or simplify having two projects with different users and permissions that must still share information?

    Read the article

  • Approach for replacing forms authentication in .NET application

    - by Ash Machine
    My question is about an approach, and I am looking for tips or links to help me develop a solution. I have an .NET 4.0 web forms application that works with Forms authentication using the aspnetdb SQL database of users and passwords. A new feature for the application is a new authentication mechanism using single sign on to allow access for thousands of new users. Essentially, when the user logs in through the new single-sign-on method, I will be able to identify them as legitimate users with a role. So I will have something like HttpContext.Current.Session["email_of_authenticated_user"] (their identity) and HttpContext.Current.Session["role_of_authenticated_user"] (their role). Importantly, I don't necessarily want to maintain these users and roles redundantly in the aspnetdb database which will be retired, but I do want to use the session objects above to allow the user to pass through the application as if they were in passing through with forms authentication. I don't think CustomRoleProviders or CustomMemberProviders are helpful since they do not allow for creating session-level users. So my question is how to use the session level user and role that I do have to "mimic" all the forms authentication goodness like enforcing: [System.Security.Permissions.PrincipalPermission(System.Security.Permissions.SecurityAction.Demand, Role = "Student")] or <authorization> <allow users="wilma, barney" /> </authorization> Thanks for any pointers.

    Read the article

  • Codeplex/Sourceforge for internal use

    - by Josh
    I'm looking for a free/open source collaborative project manager that can be deployed internally in my workplace that would act similar to Codeplex or Sourceforge. Does anyone know of something like this, and if so do you have experience with it. Requirements: Open Source or Free Locally Deployable Has the same types of features found in Sourceforge / Codeplex Issue/Feature Tracking Community Interaction (ie. Voting, Roles, etc.) SCM Integration (Optional) .NET/Windows Friendly (Optional) Every business ends up having internal utilities, and domain specific apps that developers create to make life easier. Given the input of the internal developer community they have the potential to become much better (can you say GMail...), and I would simply like to foster such an environment internally by providing an easy place for that interaction to take place. UPDATE: So I like what I am seeing in both Trac and GForge, but both are heavily geared towards UNIX/Subversion environments. I should have specified this, but we are a MS shop from top to bottom. How practical do you think it is going to be to try and use these in a MS .NET environment? Would that be like trying to shove a square peg through a round hole?

    Read the article

  • How is unautenticated site navigation handled in ASP.NET?

    - by Code Sherpa
    Hi. I am wondering how to do the following... I have a registration system. When the user successfully registers, he is then led down a series of data gathering pages (for his profile) and then, finally, ends on his profile's home page where he can start to use the site. All this happens without ever logging into the system so, he is unauthenticated and unconfirmed. My question is, how does this happen? How can I allow my user to be unauthenticated (and unconfirmed, but this I understand) and use all aspects of the Web site? The way I have things set up right now, my code should be doing this: case CreateProfileStatus.Success: //FormsAuthentication.SetAuthCookie(userName, false); Response.Redirect("NextPage.aspx", false); break; but, I am being redirected to the login page after registration which is not the result I want. This is what the relevant nodes in my web.config look like: <authentication mode="Forms"> <forms name=".AuthCookie" loginUrl="default.aspx" protection="All"/> </authentication> <authorization> <deny users="?"/> <allow roles="Administrators" /> </authorization> <anonymousIdentification enabled="true" cookieName=".ASPXANONYMOUS" cookieTimeout="100000" cookiePath="/" cookieRequireSSL="false" cookieSlidingExpiration="true" cookieProtection="Encryption" cookieless="UseCookies" domain="" /> When the user logs out after the registration and initial interaction with the site he will be required to log in upon return. At this point he must be authenticated but does not need to be confirmed for a period of time. Eventually, he will be reminded. So, how is this done? Thanks in advance.

    Read the article

  • Using Client Application Services in windows forms not working

    - by Nickson
    i am trying to implement asp.net membership, profile and role based security in a windows application by configuring client Application Services for my windows forms application. I have followed both these articles http://www.dotnetbips.com/articles/e863aa3c-0dd6-468d-bd35-120a334c5030.aspx and http://msdn.microsoft.com/en-us/library/bb546195.aspx step-by-step but for some reason i can't get the authentication working. I have a deployed intranet asp.net website which is already using an asp.net membership database for authentication and want to use that same database for authenitcation in my windows forms application. The site URL is http://myServer_Name:My_Port and i am specifying that URL as the both the Authentication service location and Roles service location in the windows application services property tab. But in the windows application login form, when i say Dim msg As String = "Welcome " If Not Membership.ValidateUser(UsernameTextBox.Text), PasswordTextBox.Text)) Then MessageBox.Show("Invalid User ID or Password!") Else msg = msg + UsernameTextBox.Text End If i get my "Invalid User ID or Password!" message even when i supply a valid user name with the corresponding password. i am able to login with the same credentials from the asp.net site. How can i test if the Authentication service location is being reached from the windows application?? Or what other information can i provide here such that one is able to help me get this working??

    Read the article

  • Rails Heroku Migrate Unknown Error

    - by Ryan Max
    Hello. I am trying to get my app up and running on heroku. However once I go to migrate I get the following error: $ heroku rake db:migrate rake aborted! An error has occurred, this and all later migrations canceled: 530 5.7.0 Must issue a STARTTLS command first. bv42sm676794ibb.5 (See full trace by running task with --trace) (in /disk1/home/slugs/155328_f2d3c00_845e/mnt) == BortMigration: migrating ================================================= -- create_table(:sessions) -> 0.1366s -- add_index(:sessions, :session_id) -> 0.0759s -- add_index(:sessions, :updated_at) -> 0.0393s -- create_table(:open_id_authentication_associations, {:force=>true}) -> 0.0611s -- create_table(:open_id_authentication_nonces, {:force=>true}) -> 0.0298s -- create_table(:users) -> 0.0222s -- add_index(:users, :login, {:unique=>true}) -> 0.0068s -- create_table(:passwords) -> 0.0123s -- create_table(:roles) -> 0.0119s -- create_table(:roles_users, {:id=>false}) -> 0.0029s I'm not sure exactly what it means. Or really what it means at all. Could it have to do with my Bort installation? I did remove all the open-id stuff from it. But I never had any problems with my migrations locally. Additionally on Bort the Restful Authentication uses my gmail stmp to send confirmation emails...all the searches on google i do on STARTTLS have to do with stmp. Can someone point me in the right direction?

    Read the article

  • Why is it not good to use $_SESSION in Restful Implementations?

    - by keisimone
    Original Question: i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i properly authenticate users without looking up database all the time to check for the user's roles? I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

    Read the article

  • StorageClientException: The specified message does not exist?

    - by Aaron
    I have a simple video encoding worker role that pulls messages from a queue encodes a video then uploads the video to storage. Everything seems to be working but occasionally when deleting the message after I am done encoding and uploading I get a "StorageClientException: The specified message does not exist." Although the video is processed, I believe the message is reappearing in the queue because it's not being deleted correctly. Is it possible that another instance of the Worker role is processing and deleting the message? Doesn't the GetMessage() prevent other worker roles from picking up the same message? Am I doing something wrong in the setup of my queue? What could be causing this message to not be found on delete? some code... //onStart() queue setup var queueStorage = _storageAccount.CreateCloudQueueClient(); _queue = queueStorage.GetQueueReference(QueueReference); queueStorage.RetryPolicy = RetryPolicies.Retry(5, new TimeSpan(0, 5, 0)); _queue.CreateIfNotExist(); public override void Run() { while (true) { try { var msg = _queue.GetMessage(new TimeSpan(0, 5, 0)); if (msg != null) { EncodeIt(msg); PostIt(msg); _queue.DeleteMessage(msg); } else { Thread.Sleep(WaitTime); } } catch (StorageClientException exception) { BlobTrace.Write(exception.ToString()); Thread.Sleep(WaitTime); } } }

    Read the article

  • How do I get ASP.NET login status controls to display a Log In option?

    - by Greg McNulty
    I have the following log in status controls on the top of my master page. It displays the logged in as, manager log in, and Log out options. However, when a user is not logged in, there is nothing displayed there. When the user is NOT logged in, is there a way to display a "Login" text link that takes you to the log in page and then "disappears" once the user is logged in? Any help is appreciated. Thanks! <asp:LoginName ID="LoginName1" runat="server" FormatString="Logged in as {0}" ForeColor="Aqua" /> <asp:LoginView ID="LoginView1" runat="server"> <RoleGroups> <asp:RoleGroup Roles="Managers"> <ContentTemplate> <asp:HyperLink ID="HyperLink1" runat="server" NavigateUrl="~/Management/management.aspx">Manage Site</asp:HyperLink> or <asp:LoginStatus id="LoginStatus1" runat="server" /> </ContentTemplate> </asp:RoleGroup> </RoleGroups> <LoggedInTemplate> (<asp:LoginStatus id="LoginStatus1" runat="server" />) </LoggedInTemplate> </asp:LoginView> ASP.NET 3.5 VWD 2008 C#

    Read the article

  • How does MVC ViewData work?

    - by Matt
    I am toying around with an MVC application just to learn the technology. I am mocking up a check register application that keeps track of a checking account, what has cleared the bank and what has not. I am using EF for my model and everything seems to be working correctly insofar as Edit, Create, etc. However, I have a couple of totals at the top. One to show the bank's balance and another to show the actual balance. It works most of the time but when I do Edit's it does not always accurately reflect the new total and I need it to update everytime a change is made (i.e when something clears the bank): [Authorize(Roles = "admin, checkUser")] public ActionResult Index() { var resultSet = from myChecking in chk.tblCheckings orderby myChecking.id descending select myChecking; ViewData.Model = resultSet.Take(45).ToList(); //for balances var actualBalance = from theChecking in chk.tblCheckings select theChecking.deposit - theChecking.withdrawal; var bankBalance = from theChecking in chk.tblCheckings where theChecking.cleared == true select theChecking.deposit - theChecking.withdrawal; //get bank balance ViewData["bankBalance"] = bankBalance.Sum(); //get actual balance ViewData["actualBalance"] = actualBalance.Sum(); return View(); } I am showing the actual and other balance in the Index view as follows: <td colspan="9" style="text-align: center; font-size: 11pt; color: white;"> <%= string.Format("Bank Balance: {0:c}", ViewData["bankBalance"]) %> ------ <%= string.Format("Actual Balance: {0:c}", ViewData["actualBalance"]) %> </td>

    Read the article

  • How do I authenticate regarding EJB3 Container ?

    - by FMR
    I have my business classes protected by EJB3 security annotations, now I would like to call these methods from a Spring controller, how do I do it? edit I will add some information about my setup, I'm using Tomcat for the webcontainer and OpenEJB for embedding EJB into tomcat. I did not settle on any version of spring so it's more or less open to suggestions. edit current setup works this way : I have a login form + controller that puts a User pojo inside SessionContext. Each time someone access a secured part of the site, the application checks for the User pojo, if it's there check roles and then show the page, if it's not show a appropriate message or redirect to login page. Now the bussiness calls are made thanks to a call method inside User which bypass a probable security context which is a remix of this code found in openejb security examples : Caller managerBean = (Caller) context.lookup("ManagerBeanLocal"); managerBean.call(new Callable() { public Object call() throws Exception { Movies movies = (Movies) context.lookup("MoviesLocal"); movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992)); movies.addMovie(new Movie("Joel Coen", "Fargo", 1996)); movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998)); List<Movie> list = movies.getMovies(); assertEquals("List.size()", 3, list.size()); for (Movie movie : list) { movies.deleteMovie(movie); } assertEquals("Movies.getMovies()", 0, movies.getMovies().size()); return null; } });

    Read the article

  • Design for a Debate club assignment application

    - by Amir Rachum
    Hi all, For my university's debate club, I was asked to create an application to assign debate sessions and I'm having some difficulties as to come up with a good design for it. I will do it in Java. Here's what's needed: What you need to know about BP debates: There are four teams of 2 debaters each and a judge. The four groups are assigned a specific position: gov1, gov2, op1, op2. There is no significance to the order within a team. The goal of the application is to get as input the debaters who are present (for example, if there are 20 people, we will hold 2 debates) and assign them to teams and roles with regards to the history of each debater so that: Each debater should debate with (be on the same team) as many people as possible. Each debater should uniformly debate in different positions. The debate should be fair - debaters have different levels of experience and this should be as even as possible - i.e., there shouldn't be a team of two very experienced debaters and a team of junior debaters. There should be an option for the user to restrict the assignment in various ways, such as: Specifying that two people should debate together, in a specific position or not. Specifying that a single debater should be in a specific position, regardless of the partner. etc... If anyone can try to give me some pointers for a design for this application, I'll be so thankful! Also, I've never implemented a GUI before, so I'd appreciate some pointers on that as well, but it's not the major issue right now.

    Read the article

  • Enabling new admin action(button sales_order/view) in ACL

    - by latvian
    Hi, We created new action similar to 'hold', 'ship' and others in the 'sales_order/view' admin section that can be triggered by clicking at the button. Afterward, we added our new action to the ACL with the following code in config.xml: <acl> <resources> <admin> <children> <sales> <children> <order> <children> <actions translate="title"> <title>Actions</title> <children> <shipNew translate="title"><title>Ship Ups</title></shipNew> </children> </actions> </children> <sort_order>10</sort_order> </order> </children> </sales> </children> </admin> </resources> </acl> ACL functionality works, however, in the 'Resources Tree'(System/Permissions/Roles/Role Resources) our new action does never show up as selected(checked) even thou it is allowed for particular Role. I can see that from table 'admin_rule' with resource id for our new action that it is allowed, so it needs to be selected, but it is not. When trying to solve this issue i looked into the template(permissions/rolesedit.phtml) and I found that the 'resource tree' is draw with Javascript...thats where i got stock due to my limited knowledge in Javascript. Why the resource tree does not display our new ACL entry correctly, that is the check box is never checked? Thank You for helping margots

    Read the article

  • ACL architechture for a Software As a service in Sprgin 3.0

    - by geoaxis
    I am making a software as a service using Spring 3.0 (Spring MVC, Spring Security, Spring Roo, Hibernate) I have to come up with a flexible access control list mechanism.I have three different kinds of users System (who can do any thing to the system, includes admin and internal daemons) Operations (who can add and delete users, organizations, and do maintenance work on behalf of users and organizations) End Users (they belong to one or more organization, for each organization, the user can have one or more roles, like being organization admin, or organization read-only member) (role like orgadmin can also add users for that organization) Now my question is, how should i model the entity of User? If I just take the End User, it can belong to one or more organizations, so each user can contain a set of references to its organizations. But how do we model the users role for each organization, So for example User UX belongs to organizations og1, og2 and og3, and for og1 he is both orgadmin, and org-read-only-user, where as for og2 he is only orgadmin and for og3 he is only org-read-only-user I have the possibility of making each user belong to one organization alone, but that's making the system bounded and I don't like that idea (although i would still satisfy the requirement) If you have a better extensible ACL architecture, please suggest it. Since its a software as a service, one would expect that alot of different organizations would be part if the same system. I had one concern that it is not a good idea to keep og1 and og2 data on the same DB (if og1 decides to spawn a 100 reports on the system, og2 should not suffer) But that is some thing advanced for now and is not directly related to ACL but to the physical distribution of data and setup of services based on those ACLs This is a community Wiki question, please correct any thing which you wish to do so. Thanks

    Read the article

  • Domain model: should things like Logging, Audit, Persistence be in it

    - by hom.tanks
    I'm having a hard time convincing our architect that a Domain model should only have the essential elements of the business domain on it. Things like the fact that a class is persistable, that it needs logging and auditing and that it has a RESTful URI should not drive the domain model. They can be added later on, by using interfaces. Ours is a healthcare information management system. At the very coarse level, its a system where users login and access their healthcare information. They can share this information with others and be custodian for others' information (think Roles). But because of a few sound bytes that caught on early like "Everything should be a REST resource" the model now has a top level class called Resource that every other class extends from. I'm trying to make him see that the domain model should have well defined concepts like User Account, HealthDocument, UserRole etc which are distinct entities of the business , with specific associations between them. Clubbing everything under Resource class lets our model be inflexible besides being potentially incorrect. But he wants me to show him why its a bad idea to do it his way. I don't know how to articulate that properly but all my OO instincts tell me that its just not right. Any thoughts?

    Read the article

  • IIS Restrict Access to Directory for table of users

    - by Dave
    I am trying to restrict access to files in a directory and it's sub directories based user rights. My user rights are stored in an MS SQL database in a custom format, however it is easy to query the list of users with rights to this directory. I need to know how to apply this to a web config on the server to authenticate against a query of a database table to determine if the username is authenticated and allowed to view the file. Of course if they are not they should be blocked / given a 404. I am using IIS and ASP.Net MVC3 with a form based security as opposed to the built in roles and responsibilities that was custom made for us and that works great. There are over 10k users tied to this non-Active Directory authentication so I am not planning to change my authentication type so please don't go there. It is not my decision on the choice of platform, or I would have gone with a LAMP server and been done with this. Edit 11-13-2012 @ 8:57a: In the web config can you put the result of an SQL query?

    Read the article

  • ASP.NET Webforms site using HTTPCookie with 100 year timeout times out after 20 minutes

    - by Rob
    I have a site that is using Forms Auth. The client does not want the site session to expire at all for users. In the login page codebehind, the following code is used: // user passed validation FormsAuthentication.Initialize(); // grab the user's roles out of the database String strRole = AssignRoles(UserName.Text); // creates forms auth ticket with expiration date of 100 years from now and make it persistent FormsAuthenticationTicket fat = new FormsAuthenticationTicket(1, UserName.Text, DateTime.Now, DateTime.Now.AddYears(100), true, strRole, FormsAuthentication.FormsCookiePath); // create a cookie and throw the ticket in there, set expiration date to 100 years from now HttpCookie cookie = new HttpCookie(FormsAuthentication.FormsCookieName, FormsAuthentication.Encrypt(fat)) { Expires = DateTime.Now.AddYears(100) }; // add the cookie to the response queue Response.Cookies.Add(cookie); Response.Redirect(FormsAuthentication.GetRedirectUrl(UserName.Text, false)); The web.config file auth section looks like this: <authentication mode="Forms"> <forms name="APLOnlineCompliance" loginUrl="~/Login.aspx" defaultUrl="~/Course/CourseViewer.aspx" /> </authentication> When I log into the site I do see the cookie correctly being sent to the browser and passed back up: However, when I walk away for 20 minutes or so, come back and try to do anything on the site, the login window reappears. This solution was working for a while on our servers - now it's back. The problem doesn't occur on my local dev box running Cassini in VS2008. Any ideas on how to fix this?

    Read the article

  • hiding buttons in master page

    - by pankaj
    Hi, I am working on an app where i am having some linkbuttons in master page. I want to display them depending upon the authorization given to them once they logs in. I have initially made all of them visible false and then i am checking the authorisation in the aspx.cs class of master page. I make the link button visible depending upon the right granted to the user. But it is making all the link buttons visible. Instead it should only make two of them visible and rest should be hidden. Following is my code from MasterPage.aspx.cs: ArrayList arrlstUserRoles = new ArrayList(); arrlstUserRoles = (ArrayList)Session["Roles"]; for (int j = 0; j < arrlstUserRoles.Count; j++) { if (int.Parse(arrlstUserRoles[j].ToString()) == 1) { lbtnRetailer.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 2) { lbtnCategory.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 3) { lbtnCouponTemplate.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 4) { //lbtnStoreManagement.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 5) { lbtnStoreManagement.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 6) { lbtnContentManagement.Visible = true; } else if (int.Parse(arrlstUserRoles[j].ToString()) == 7) { //lbtnStoreManagement.Visible = true; } }

    Read the article

  • Membership.Updateuser not really updating the database.

    - by Shimrod
    Hi everybody, I'm currently working on a membership system for my web application, which is based on forms authentication from the framework. I created some users with the integrated tool, and the login is perfectly working. But now what I want to do is to give administrator the capability to create, modify, delete users. So here is what I've got right now: Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Dim muc As MembershipUserCollection = Membership.GetAllUsers() ComboBox1.DataSource = muc ComboBox1.DataValueField = "UserName" ComboBox1.DataTextField = "UserName" ComboBox1.DataBind() End Sub Protected Sub ComboBox1_SelectedIndexChanged(ByVal sender As Object, ByVal e As EventArgs) Handles ComboBox1.SelectedIndexChanged Dim userName As String = ComboBox1.SelectedValue Dim mu As MembershipUser = Membership.GetUser(userName) Dim userRoles As String() = Roles.GetRolesForUser(userName) tbComments.Text = mu.Comment tbEmail.Text = mu.Email lblUserName.Text = mu.UserName End Sub Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button1.Click Dim userName As String = ComboBox1.SelectedValue Dim mu As MembershipUser = Membership.GetUser(userName) If Not mu Is Nothing Then Try mu.Comment = tbComments.Text Membership.UpdateUser(mu) mu.Email = tbEmail.Text Membership.UpdateUser(mu) mu.IsApproved = True Membership.UpdateUser(mu) mu = Nothing Catch ex As Exception Console.WriteLine(ex.ToString()) End Try End If DetailPanel.Visible = False End Sub The problem is that the record doesn't seem to be updated in the database. I made the multiple calls to Membership.UpdateUser after reading this blog entry, but it didn't change anything. A strange think I noticed while debugging, is that when I enter the Button1_Click method, Membership.GetUser(userName) returns me values from my precedent attempt ! I don't really understand what I'm missing. Does someone have a clue ? Thanks in advance !

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >