Search Results

Search found 1408 results on 57 pages for 'declarative authorization'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 5/57 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Apache2 - mod_rewrite : RequestHeader and environment variables

    - by Guillaume
    I try to get the value of the request parameter "authorization" and to store it in the header "Authorization" of the request. The first rewrite rule works fine. In the second rewrite rule the value of $2 does not seem to be stored in the environement variable. As a consequence the request header "Authorization" is empty. Any idea ? Thanks. <VirtualHost *:8010> RewriteLog "/var/apache2/logs/rewrite.log" RewriteLogLevel 9 RewriteEngine On RewriteRule ^/(.*)&authorization=@(.*)@(.*) http://<ip>:<port>/$1&authorization=@$2@$3 [L,P] RewriteRule ^/(.*)&authorization=@(.*)@(.*) - [E=AUTHORIZATION:$2,NE] RequestHeader add "Authorization" "%{AUTHORIZATION}e" </VirtualHost> I need to handle several cases because sometimes parameters are in the path and sometines they are in the query. Depending on the user. This last case fails. The header value for AUTHORIZATION looks empty. # if the query string includes the authorization parameter RewriteCond %{QUERY_STRING} ^(.*)authorization=@(.*)@(.*)$ # keep the value of the parameter in the AUTHORIZATION variable and redirect RewriteRule ^/(.*) http://<ip>:<port>/ [E=AUTHORIZATION:%2,NE,L,P] # add the value of AUTHORIZATION in the header RequestHeader add "Authorization" "%{AUTHORIZATION}e"

    Read the article

  • How does WCF RIA Services handle authentication/authorization/security?

    - by Edward Tanguay
    Since no one answered this question: What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET server? Let me ask it another way: How does WCF RIA Services handle authentication/authorization/security at a low level? e.g. how does the application on the server determine that the incoming http request to change data is coming from a valid client and not from non-desirable source, e.g. a denial-of-service bot?

    Read the article

  • Authorization pop-up requested by http://localhost:51675 every time I run Firefox

    - by user10711
    Using Ubuntu 10.04. Whenever I run Firefox I get a pop up requesting authorisation. It says 'a user name and password are being requested by http://localhost:51675. The site says "server" I have tried all passwords I know and nothing is accepted. If I click 'cancel' it disappears but re-appears after about 5 minutes. This whole 'experience' is accompanied by a great deal of hard disc activity. Can anyone help with this?

    Read the article

  • How to keep views free of authorization logic in mvc?

    - by David Lay
    I have a view to display a list of items. The user can edit, delete or create new items, but according to their authorizations they may or may not be allowed to do some of this actions. I have the requirement to display only the actions which the current user is allowed to do, but I don't want to clutter the views with authorization if-else's Despise of being a very common requirement, I can't find a real satisfactory way of doing it. My best approach so far is to provide an overload to the Html.ActionLink extension method that takes the permission to ask for, but there are going to be more complex scenarios, like hiding entire blocks of html or switching a textbox for a label+hidden. Is there a better way to do this?

    Read the article

  • .NET Declarative Security: Why is SecurityAction.Deny impossible to work with?

    - by rally25rs
    I've been messing with this for about a day and a half now sifting through .NET reflector and MSDN docs, and can't figure anything out... As it stands in the .NET framework, you can demand that the current Principal belong to a role to be able to execute a method by marking a method like this: [PrincipalPermission(SecurityAction.Demand, Role = "CanEdit")] public void Save() { ... } I am working with an existing security model that already has a "ReadOnly" role defined, so I need to do exactly the opposite of above... block the Save() method if a user is in the "ReadOnly" role. No problem, right? just flip the SecurityAction to .Deny: [PrincipalPermission(SecurityAction.Deny, Role = "ReadOnly")] public void Save() { ... } Well, it turns out that this does nothing at all. The method still runs fine. It seems that the PrincipalPermissionAttribute defines: public override IPermission CreatePermission() But when the attribute is set to SecurityAction.Deny, this method is never called, so no IPermission object is ever created. Does anyone know of a way to get .Deny to work? I've been trying to make a custom secutiry attribute, but even that doesn't work. I tried to get tricky and do: public class MyPermissionAttribute : CodeAccessSecurityAttribute { private SecurityAction securityAction; public MyPermissionAttribute(SecurityAction action) : base(SecurityAction.Demand) { if (action != SecurityAction.Demand && action != SecurityAction.Deny) throw new ArgumentException("Unsupported SecurityAction. Only Demand and Deny are supported."); this.securityAction = action; } public override IPermission CreatePermission() { // do something based on the SecurityAction... } } Notice my attribute constructor always passes SecurityAction.Demand, which is the one action that would work previously. However, even in this case, the CreatePermission() method is still only called when the attribute is set to .Demand, and not .Deny! Maybe the runtime is actually checking the attribute instead of the SecurityAction passed to the CodeAccessSecurityAttribute constructor? I'm not sure what else to try here... anyone have any ideas? You wouldn't think it would be that hard to deny method access based on a role, instead of only demanding it. It really disturbed me that the default PrincipalPermission appears from within an IDE like it would be just fine doing a .Deny, and there is like a 1-liner in the MSDN docs that hint that it won't work. You would think the PrincipalPermissionAttribute constructor would throw an exception immediately if anything other that .Demand is specified, since that could create a big security hole! I never would have realized that .Deny does nothing at all if I hadn't been unit testing! Again, all this stems from having to deal with an existing security model that has a "ReadOnly" role that needs to be denied access, instead of doing it the other way around, where I cna just grant access to a role. Thanks for any help! Quick followup: I can actually make my custom attribute work by doing this: public class MyPermissionAttribute : CodeAccessSecurityAttribute { public SecurityAction SecurityAction { get; set; } public MyPermissionAttribute(SecurityAction action) : base(action) { } public override IPermission CreatePermission() { switch(this.SecurityAction) { ... } // check Demand or Deny } } And decorating the method: [MyPermission(SecurityAction.Demand, SecurityAction = SecurityAction.Deny, Role = "ReadOnly")] public void Save() { ... } But that is terribly ugly, since I'm specifying both Demand and Deny in the same attribute. But it does work... Another interesting note: My custom class extends CodeAccessSecurityAttribute, which in turn only extends SecurityAttribute. If I cnage my custom class to directly extend SecurityAttribute, then nothing at all works. So it seems the runtime is definately looking for only CodeAccessSecurityAttribute instances in the metadata, and does something funny with the SecurityAction specified, even if a custom constructor overrides it.

    Read the article

  • Declarative JDOQL vs Single-String JDOQL : performance

    - by DrDro
    When querying with JDOQL is there a performance difference between using the declarative version and the Single-String version: Example from the JDOQL doc: //Declarative JDOQL : Query q = pm.newQuery(org.jpox.Person.class, "lastName == \"Jones\" && age < age_limit"); q.declareParameters("double age_limit"); List results = (List)q.execute(20.0); //Single-String JDOQL : Query q = pm.newQuery("SELECT FROM org.jpox.Person WHERE lastName == \"Jones\"" + " && age < :age_limit PARAMETERS double age_limit"); List results = (List)q.execute(20.0); Other then performance, are there any reasons for which one is better to use then the other or is it just about the one with which we feel more comfortable.

    Read the article

  • XSL(like) declarative language as MVC view over strongtyped model?

    - by Martin Kool
    As a huge XSL fan, I am very happy to use xsl as the view in our proprietary MVC framework on ASP.NET. Objects in the model are serialized under the hood using .NET's xml serializer, and we use quite atomic xsl templates to declare how each object or property should transform. For example: <xsl:template match="/Article"> <html> <body> <div class="article"> <xsl:apply-templates /> </div> </body> </html> </xsl:template> <xsl:template match="Article/Title"> <h1> <xsl:apply-templates /> </h1> </xsl:template> <xsl:template match="@*|text()"> <xsl:copy /> </xsl:template> This mechanism allows us to quickly override default matching templates, like having a template matching on the last item in a list, or the selected one, etc. Also, xsl extension objects in .NET allow us just the bit of extra grip that we need. Common shared templates can be split up and included. However Even though I can ignore the verbosity downside of xsl (because Visual Studio schema intellisense + snippets really is slick, praise to the VS-team), the downside of not having intellisense over strongtyped objects in the model is really something that's bugging me. I've seen ASP.NET MVC + user controls in action and really starting to love it, but I wonder; Is there a way of getting some sort of intellisense over XML that we're iterating over, or do you know of a language that offers the freedom and declarativeness of XSL but has the strongtype/intellisense benefits of say webforms/usercontrols/asp.net.mvc-view? (I probably know the answer: "no", and I'll find myself using Phil Haack's utterly cool mvc shizzle soon...)

    Read the article

  • ASP.NET MVC2 Access-Control: How to do authorization dynamically?

    - by Shaharyar
    We're currently rewriting our organizations ASP.NET MVC application which has been written twice already. (Once MVC1, once MVC2). (Thank god it wasn't production ready and too mature back then). This time, anyhow, it's going to be the real deal because we'll be implementing more and more features as time passes and the testruns with MVC1 and MVC2 showed that we're ready to upscale. Until now we were using Controller and Action authorization with AuthorizeAttribute's. But that won't do it any longer because our views are supposed to show different results based on the logged in user. Use Case: Let's say you're a major of a city and you login to a federal managed software and you can only access and edit the citizens in your city. Where you are allowed to access those citizens via an entry in a specialized MajorHasRightsForCity table containing a MajorId and a CityId. What I thought of is something like this: Public ViewResult Edit(int cityId) { if(Access.UserCanEditCity(currentUser, cityId) { var currentCity = Db.Cities.Single(c => c.id == cityId); Return View(currentCity); } else { TempData["ErrorMessage"] = "Yo are not awesome enough to edit that shizzle!" Return View(); } The static class Access would do all kinds of checks and return either true or false from it's methods. This implies that I would need to change and edit all of my controllers every time I change something. (Which would be a pain, because all unit tests would need to be adjusted every time something changes..) Is doing something like that even allowed?

    Read the article

  • Authorization engine in java

    - by eltados
    In the course of my work i need to develop an authorization engine ( i'm already authenticated and i check access of a user to an action ) in order to store all the authorization logic inside a same place and be able to reuse it and i have created the mini library. http://github.com/eltados/canny what do you think about it? Is there any lightweight Authorization engine library i could have a look at?

    Read the article

  • SQLAlchemy: a better way for update with declarative?

    - by hadrien
    I am a SQLAlchemy noob. Let's say I have an user table in declarative mode: class User(Base): __tablename__ = 'user' id = Column(u'id', Integer(), primary_key=True) name = Column(u'name', String(50)) When I know user's id without object loaded into session, I update such user like this: ex = update(User.__table__).where(User.id==123).values(name=u"Bob Marley") Session.execute(ex) I dislike using User.__table__, should I stop worrying with that? Is there a better way to do this? Thanx!

    Read the article

  • How can we set authorization for a whole area in ASP.NET MVC?

    - by CodingTales
    I've an Admin area and I want only Admins to enter the area. I considered adding the Authorized attribute to every controller in the Admin area. Isn't there an elegant solution or is this feature not there in the framework itself? EDIT: I'm sorry, I should to have mentioned this before. I'm using a custom AuthorizedAttribute derived from AuthorizeAttribute.

    Read the article

  • Windows Workflow and sql script in declarative config like InRule

    - by Satish
    We have been using InRule for our Rule needs we have found that it does not scale well and so are investigating the Windows Work Flow. Within InRule we could configure pretty much have any task for example our sql scripts and stored procedures where all part of a separate rule config file, I am wondering if there is a similar functionality within windows work flow where I could just call a declarative task and pass it a bunch of parameters – This task should contain the sql script I would be executing , we should be able to change the script at runtime without recompilation to the WF code. Is this possible in Windows Work flow – How can I accomplish this within work flow. Additionally for sql execution within Work Flow, how does it get the connection string. Should it be passed from the calling program – is passing it as input parameter from the Calling app via the Dictionary object the best way or can the work flow code have visibility to my calling program app.config and get the connection string ?

    Read the article

  • "(401)Authorization Required" when making a web service call using Axis

    - by Arun P Johny
    Hi, I'm using apache axis to connect to my sugar crm instance. When I'm trying to connect to the instance it is throwing the following exception Exception in thread "main" AxisFault faultCode: {http://xml.apache.org/axis/}HTTP faultSubcode: faultString: (401)Authorization Required faultActor: faultNode: faultDetail: {}:return code: 401 &lt;!DOCTYPE HTML PUBLIC &quot;-//IETF//DTD HTML 2.0//EN&quot;&gt; &lt;html&gt;&lt;head&gt; &lt;title&gt;401 Authorization Required&lt;/title&gt; &lt;/head&gt;&lt;body&gt; &lt;h1&gt;Authorization Required&lt;/h1&gt; &lt;p&gt;This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.&lt;/p&gt; &lt;/body&gt;&lt;/html&gt; {http://xml.apache.org/axis/}HttpErrorCode:401 (401)Authorization Required at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744) at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at org.beanizer.sugarcrm.SugarsoapBindingStub.get_server_info(SugarsoapBindingStub.java:1115) at com.greytip.sugarcrm.GreytipCrm.main(GreytipCrm.java:42) This basically says that I do not have the authorization to the resource. The same code is working fine in my testing environment. Sugarsoap service = new SugarsoapLocator(); SugarsoapPortType port = service.getsugarsoapPort(new java.net.URL( SUGAR_CRM_LOCATION + "/soap.php")); System.out.println(port.get_server_info().getVersion()); User_auth userAuth = new User_auth(); userAuth.setUser_name("user_name"); MessageDigest md = MessageDigest.getInstance("MD5"); String password = getHexString(md.digest("password".getBytes())); userAuth.setPassword(password); // userAuth.setVersion("0.1"); Entry_value login = port.login(userAuth, "myAppName", null); String sessionID = login.getId(); Above code is used to connect to the Sugar CRM installation. here line "System.out.println(port.get_server_info().getVersion());" is throwing the exception. One difference I noticed between the test and production environment is when I used the soap url in the browser the production site pops up a 'Authentication Required' popup. When I gives my proxy username and password in this popup, it shows the soap request details. The same is applicable for the login url also. First it will ask for the 'Authentication' then it will take to the sugar crm login page? Is it a server security setting? If it is then how to set this user name and password using java in a web service call. The authentication required popup is same as the one which comes when we try to access the tomcat manager through a browser. Thanks

    Read the article

  • Truly declarative language?

    - by gjvdkamp
    Hi all, Does anyone know of a truly declarative language? The behaviour I'm looking for is kind of what Excel does, where I can define variables and formulas, and have the formula's result change when the input changes (without having set the answer again myself) The behaviour I'm looking for is best shown with this pseudo code: X = 10 // define and assign two variables Y = 20; Z = X + Y // declare a formula that uses these two variables X = 50 // change one of the input variables ?Z // asking for Z should now give 70 (50 + 20) I've tried this in a lot of languages like F#, python, matlab etc, but every time i try this they come up with 30 instead of 70. Wich is correct from an imperative point of view, but i'm looking for a more declerative behaviour if you know what i mean. And this is just a very simple calculation. When things get more difficult it should handle stuff like recursion and memoization automagically. The code below would obviously work in C# but it's just so much code for the job, i'm looking for something a bit more to the point without all that 'technical noise' class BlaBla{ public int X {get;set;} // this used to be even worse before 3.0 public int Y {get;set;} public int Z {get{return X + Y;}} } static void main(){ BlaBla bla = new BlaBla(); bla.X = 10; bla.Y = 20; // can't define anything here bla.X = 50; // bit pointless here but I'll do it anyway. Console.Writeline(bla.Z);// 70, hurray! } This just seems like so much code, curly braces and semicolons that add nothing. Is there a language/ application (apart from Exel) that does this? Maybe I'm no doing it right in the mentioned langauges, or I've completely missed an app that does just this. I prototyped a language/ application that does this (along with some other stuff) and am thinking of productizing it. I just can't believe it's not there yet. Don't want to waste my time. Thanks in advance, Gert-Jan

    Read the article

  • OfficeLive email settings - Authorization Failed

    - by serhio
    Is there anybody who tried creating emails with Microsoft's OfficeLive I wonder how to add a created office live e-mail to Outlook? By e.g. my LiveId is [email protected], password: pmegmailcom officeLive site: www.mysite.com, email: [email protected], password: pcontactmysitecom I do new mail account in Outlook: Your name: MySiteTeam; Email address: [email protected] Incoming mail server: pop3.live.com; Outgoing mail server: smtp.live.com User Name: [email protected]; Password: pmegmailcom My outgoing server requires authentication - Yes Use same settings as my incoming mail server - Yes Pop3 port: 995 (SSL - Yes), Smtp port: 587 (SSL - Yes) In fact, I follow the following office live forum moderators instructions. When testing finds POP3 server, finds SMTP server, does not pass authorization. What I do wrong?

    Read the article

  • IIS 7.5 Basic authorization issue

    - by Alsin
    When I log on using correct user name\password (I always copy-paste them) I get 401.1 error. User name and password are correct (user is created on server locally, not a domain one). I can run program as this user (runas /noprofile /user:tmp notepad.exe). Basic authorization's default domain is a server name, realm is empty. I've saved FailedReqLogFile. AUTH_BASIC_LOGON_FAILED shows ErrorCode="Logon failure: unknown user name or bad password. (0x8007052e)" and MODULE_SET_RESPONSE_ERROR_STATUS shows ModuleName="BasicAuthenticationModule", Notification="AUTHENTICATE_REQUEST", HttpStatus="401", HttpReason="Unauthorized", HttpSubStatus="1", ErrorCode="Logon failure: unknown user name or bad password. (0x8007052e)", ConfigExceptionInfo="" And one more thing - if I use my domain login\password it woks! Basic Authentications is only enabled authentication in application... Could you please suggest me how I can troubleshoot and fix this issue? Maybe somebody hit it before... Best regards, Alex UPDATE: I get 401.1 when I trying to access site from local host. I can actually access files from remote host.

    Read the article

  • .htaccess authorization requiring username/password for every resource

    - by webworm
    I am using Apache2 on Ubuntu and I have having some "weird" user authorization issues. I am using .htaccess to control access to my directories. I have many users and have grouped them into user groups which are defined in a "group" file. I then use .htaccess within each directory to define which users have access to the directory and which do not. Here is an example .htaccess file. AuthUserFile /var/local/.htpasswd AuthGroupFile /var/local/groups AuthName "Username and Password Required" AuthType Basic require group design admin Everything is working with one exception. I added a new user to one of my groups and though they can gain access to the directory they are prompted for a username and password for every resource (i.e. image, CSS). After a while I can just keep selecting "cancel" and I will get a page with just html with no images or CSS. I would think the browser would just cache the username/password. It seems to be working well for other users. Any thoughts?

    Read the article

  • .htaccess authorization requiring username/password for every resource

    - by webworm
    I am using Apache2 on Ubuntu and I have having some "weird" user authorization issues. I am using .htaccess to control access to my directories. I have many users and have grouped them into user groups which are defined in a "group" file. I then use .htaccess within each directory to define which users have access to the directory and which do not. Here is an example .htaccess file. AuthUserFile /var/local/.htpasswd AuthGroupFile /var/local/groups AuthName "Username and Password Required" AuthType Basic require group design admin Everything is working with one exception. I added a new user to one of my groups and though they can gain access to the directory they are prompted for a username and password for every resource (i.e. image, CSS). After a while I can just keep selecting "cancel" and I will get a page with just html with no images or CSS. I would think the browser would just cache the username/password. It seems to be working well for other users. Any thoughts?

    Read the article

  • Run both Authorize Filter and Action Filter on unauthenticated ASP.NET MVC request

    - by Bryan Migliorisi
    I have decorated my base controller with a couple of action filters. They work fine. One of those filters sets up the request - does things like set the culture based on the domain, etc. I also have a handful of actions that require authorization using the Authorize attribute. My problem is that when an user attempts to request a page they are not authorized to access, the authorization filter kicks in and redirects them to a page telling them that they cannot vie the page. The issue is that the action filters never run so the culture and other request data is never set. This effectively causes language to be wrong in the view and other data to be missing. I know that authorization filters run first but my question is this: How can I design this such that I can ensure that certain methods are always run before the view is returned, regardless of the authorization. Hope that makes sense.

    Read the article

  • calling wcf from asp.net mvc - authorization error

    - by niao
    Greetings, My asp.net mvc application calls WCF service. Everything is ok on my localhost (WinXP, IIS6). When I moved on production server where Win2008 Server and IIS7 are used my application gets authorization error while connecting to WCF service. ASP.NET MVC works ok but when it calls some methods on my WCF Service an error is thrown. The funny thing is that when I calls the same WCF Production service from the same ASP.NET MVC application hosted on my localhost it works ok. Can someone please help me with this. I think it's authorization problem which can be fixed on IIS7. Am I right?

    Read the article

  • How do I actually use Authorization Services?

    - by abrahamvegh
    I've been searching and experimenting for nearly four hours now, so I'm gonna just ask straight up: How can I correctly use the Authorization Services API to show the user a system-level authorization window, the same one you see when you click a lock icon in System Preferences? From what I can tell, there is no way to do it using Cocoa if you want to do it programmatically, and if your goal is to call an executable that normally needs to be called via sudo (in my case, /usr/bin/pmset) you're up a creek without a paddle. I challenge you, I implore you: Please, enlighten me. Thank you. :)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >