Search Results

Search found 1408 results on 57 pages for 'declarative authorization'.

Page 7/57 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • SVN Authentication and authorization

    - by vijay.shad
    Hi, I have created a multi module maven project. Now I have shared the project with a internal SVN repository. Now I want to give authorization to user based on the module user is owner of. So if a user does not have right to a project; he/she will not be able to checkout the project form svn repository. But he/she will get a source release(sources.jar file) form maven repository for that project; if wanted. What should i do go get this done? My svn reposiroty is created by TortoiseSVN 1.6.6.

    Read the article

  • UrlHelper and ViewContext inside an Authorization Attribute

    - by DM
    I have a scenario that I haven't been able to solve: I'm toying around with creating my own custom authorization attribute for mvc. The main bit of functionality I would like to add is to have the ability to change where the user gets redirected if they are not in a certain role. I don't mind that the system sends them back to the login page if they're not authenticated, but I would like to choose where to send them if they are authenticated but not allowed to access that action method. Here's is what I would like to do: public class CustomAuthorizeAttribute : AuthorizeAttribute { public string Action; public string Controller; protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { // if User is authenticated but not in the correct role string url = Url.Action(this.Action, this.Controller); httpContext.Response.Redirect(url); } } And as an added bonus I would like to have access to ViewContext and TempData before I do the redirect. Any thoughts on how I could get instantiate a UrlHelper and ViewContext in the attribute?

    Read the article

  • net/http.rb:560:in `initialize': getaddrinfo: Name or service not known (SocketError)

    - by Sid
    ` @@timestamp = nil def generate_oauth_url @@timestamp = timestamp url = CONNECT_URL + REQUEST_TOKEN_PATH + "&oauth_callback=#{OAUTH_CALLBACK}&oauth_consumer_key=#{OAUTH_CONSUMER_KEY}&oauth_nonce=#{NONCE} &oauth_signature_method=#{OAUTH_SIGNATURE_METHOD}&oauth_timestamp=#{@@timestamp}&oauth_version=#{OAUTH_VERSION}" puts url url end def sign(url) Base64.encode64(HMAC::SHA1.digest((NONCE + url), OAUTH_CONSUMER_SECRET)).strip end def get_request_token url = generate_oauth_url signed_url = sign(url) request = Net::HTTP.new((CONNECT_URL + REQUEST_TOKEN_PATH),80) puts request.inspect headers = { "Authorization" => "Authorization: OAuth oauth_nonce = #{NONCE}, oauth_callback = #{OAUTH_CALLBACK}, oauth_signature_meth od = #{OAUTH_SIGNATURE_METHOD}, oauth_timestamp=#{@@timestamp}, oauth_consumer_key = #{OAUTH_CONSUMER_KEY}, oauth_signature = #{signed_url}, oauth_versio n = #{OAUTH_VERSION}" } request.post(url, nil,headers) end def timestamp Time.now.to_i end ` I am trying to do what oauth does in an attempt to understand how to use the Authorization headers. I am also getting the following error. I am trying to connect to the linkedin API. /usr/lib/ruby/1.8/net/http.rb:560:in 'initialize': getaddrinfo: Name or service not known (SocketError) I would really appreciate it if someone could nudge me in the right direction.

    Read the article

  • ASP.Net MVC 2 Forms Authentication cookieless = "UseUri" while submit authorization fails

    - by rintoantony
    hi, I just started working with ASP.Net MVC 2. I created a new ASP.Net MVC application and created one vehicle controler with a database table connected with LINQ. Then created forms authentication mechanism for the application and tried to use the uri instead of cookies it was working smoothly but when i submit the form by creating a "Create" view from the controler using the utility it just dont work. The autherization got failed and asking to enter the user name and password again.I had created the authorization mechanism by adding Authorise attribute to the Controller so as to get authorized for all the actions. namespace MVCNEW.Controllers { [Authorize] public class VehicleController : Controller { But if i use the cookies instead of uri it works fine. Thanks in advance...

    Read the article

  • How to make .NET WebForm Routing work with Authorization

    - by jakmas
    I have routes that are being registered from the database into an asp.net website (non MVC). The routes register fine, they all work when I am logged in. What I am trying to do is create a landing page based on some route data: Page is [site]/landing/dell The route looks like: "landing/{client}" and it routes to my page Login.aspx, in there I get the client out of the route, then display some custom brand data based on the value. In my web.config, I have my authentication mode set to forms, with my loginUrl = "Login.aspx" When the user does not have the authorization cookie, it redirects the user to: [site]/Login.aspx?ReturnUrl=%2flanding%2fdell instead of keeping the route url, and displaying the correct data. The IIS server actually does not even process the route at all, just sends the user to the Login.aspx page. I have tried several additions to my web.config: etc, and many variations, but nothing seems to work. Ideas anyone? I assume this is a common issue, and it is just not well documented.

    Read the article

  • extra AuthorizationRule in web.config AuthorizationSection

    - by H07R0D
    I'm trying to modify the list of allowed users in web.config from a codebehind. <authorization> <allow users="alice, bob"/> <deny users="*"/> </authorization> I successfully retrieve the section I need config = WebConfigurationManager.OpenWebConfiguration("~"); authSection = (AuthorizationSection)config.GetSection("system.web/authorization"); When I iterate looking for the allow rule, I get two of them. foreach (AuthorizationRule rule in authSection.Rules) { if (rule.Action == AuthorizationRuleAction.Allow) { // manage the Users StringCollection } } The first item I get has 'alice' and 'bob' in the Users collection. The SECOND item I get has * Where is this second entry coming from? This is an Allow Rule, not a Deny rule. I could understand the * from a Deny rule. Is there some extra inheritance I'm not aware of?

    Read the article

  • Should we develop a custom membership provider in this case?

    - by Allen
    I'll be adding a bounty to this, probably 200, more if you guys think its appropriate. I wont accept an answer until I can add a bounty so feel free to go ahead and answer now Summary Long story short, we've been tasked with gutting the authentication and authorization parts of a fairly old and bloated asp.net application that previously had all of these components written from scratch. Since our application isn't a typical one, and none of us have experience in asp.net's built in membership provider stuff, we're not sure if we should roll our own authentication and authorization again or if we should try to work within the asp.net membership provider mindset and develop our own membership provider. Our Application We have a fairly old asp.net application that gets installed at customer locations to service clients on a LAN. Admins create users (users do not sign up) and depending on the install, we may have the software integrated with LDAP. Currently, the LDAP integration bulk-imports the users to our database and when they login, it authenticates against LDAP so we dont have to manage their passwords. Nothing amazing there. Admins can assign users to 1 group and they can change the authorization of that group to manage access to various parts of the software. Groups are maintained by Admins (web based UI) and as said earlier, granted / denied permissions to certain functionality within the application. All this was completely written from the ground up without using any of the built in .net authorization or authentication. We literally have IsLoggedIn() methods that check for login and redirect to our login page if they aren't. Our Rewrite We've been tasked to integrate more tightly with LDAP, they want us to tie groups in our application to groups (or whatever types of containers that LDAP uses) in LDAP so that when a customer opt's to use our LDAP integration, they dont have to manage their users in LDAP AND in our application. The new way, they will simply create users in LDAP, add them to Groups in LDAP and our application will see that they belong to the appropriate LDAP group and authenticate and authorize them. In addition, we've been granted the go ahead to completely rip out the User authentication and authorization code and completely re-do it. Our Problem The problem is that none of us have any experience with asp.net membership provider functionality. The little bit of exposure I have to it makes me worry that it was not intended to be used for an application such as ours. Though, developing our own ASP.NET Membership Provider and Role Manager sounds like it would be a great experience and most likely the appropriate thing to do. Basically, I'm looking for advice, should we be using the ASP.NET Membership provider & Role Management API or should we continue to roll our own? I know this decision will be influenced by our requirements so I'm going over them below Our Requirements Just a quick n dirty list Maintain the ability to have a db of users and authenticate them and give admins (only, not users) the ability to CRUD users Allow the site to integrate with LDAP, when this is chosen, they don't want any users stored in the DB, only the relationship between Groups as they exist in our app / db and the Groups/Containers as they exist in LDAP. .net 3.5 is being used (mix of asp.net webforms and asp.net mvc) Has to work in ASP.NET and ASP.NET MVC (shouldn't be a problem I'm guessing) This can't be user centric, administrators need to be the only ones that CRUD (or import via ldap) users and groups We have to be able to Auth via LDAP when its configured to do so I always try to monitor my questions closely so feel free to ask for more info. Also, as a general summary of what I'm looking for in an answer is just. "You should/shouldn't use xyz, here's why". Links regarding asp.net membership provider and role management stuff are very welcome, most of the stuff I'm finding is 5+ years old. Edit: Added some stuff to "Our Rewrite"

    Read the article

  • git pull gives error: 401 Authorization Required while accessing https://git.foo.com/bar.git

    - by spuder
    My macbook pro is able to clone/push/pull from the company git server. My cent 6.3 vm gets a 401 error git clone https://git.acme.com/git/torque-setup "error: The requested URL returned error: 401 Authorization Required while accessing https://git.acme.com/git/torque-setup/info/refs As a work around, I've tried creating a folder, with an empty repository, then setting the remote to the company server. I get the same error when trying a git pull The remotes are identical between the machines MacBook Pro (working) git --version git version 1.7.10.2 (Apple Git-33) git remote -v origin https://git.acme.com/git/torque-setup (fetch) origin https://git.acme.com/git/torque-setup (push) Cent 6.3 (not working) yum install -y git git --version git version 1.7.1 git remote -v origin https://git.acme.com/git/torque-setup (fetch) origin https://git.acme.com/git/torque-setup (push) The git server only allows https. Not git or ssh connections. Why is the macbook pro able to do a git pull, while the cent os machine can't? Solution Update 2013-5-15 As jku mentioned, the culprit is the old version of git installed on the cent box. Unfortunately, 1.7.1 is what you get when you run yum install git The work around is to manually install a newer version of git, or simply add the username to the repo git clone https://[email protected]/git/torque-setup

    Read the article

  • Cannot add Authorization field to HttpsUrlConnection in order to complete Basic authentication

    - by ES
    Hi, I'm using the Sun API HttpsURLConnection class, and have been trying for a day now to get it to send a simple request: URL url = new URL("https://thirdpartyserver.com/somelocation"); connection = (HttpsURLConnection)url.openConnection(); connection.setDoOutput(true); connection.setRequestMethod("POST"); if (doAuthorization) { Base64Converter converter = new Base64Converter(); connection.setRequestProperty("Authorization", "Basic " + converter.encode("username:password")); } OutputStreamWriter writer = new OutputStreamWriter(connection.getOutputStream()); writer.write("param1=100&param2=hello"); writer.flush(); writer.close(); I keep getting 401 from the third part server. When I look at the connection through the debugger, the method shows up as GET even though I set it to POST; the collection of request properties shows up as null. If I print the values out, the method shows up as POST, but the request parameters collection is still empty. I would love to be able to print the request and understand what's going on, but I could not figure out how to print the content of an output buffer. Any ideas? Thanks! ES

    Read the article

  • Uploading to google Docs - Unknown authorization header Error 401 - PLease Help

    - by Ali
    Hi guys I'm trying to upload a document to google docs but I'm getting an error namely an Unknown authorization header Error 401 to be exact.. I'm developing for google apps marketplace here - my code for uploading is: $client = getGoogleClient(); $docs = new Zend_Gdata_Docs($client); uploadDocument($docs, true, $FILES['file']['name'], $FILES['file']['tmp_name']); function getGoogleClient() { $options = array( 'requestScheme' => Zend_Oauth::REQUEST_SCHEME_HEADER, 'version' => '1.0', 'signatureMethod' => 'HMAC-SHA1', 'consumerKey' => $CONSUMER_KEY, 'consumerSecret' => $CONSUMER_SECRET ); $consumer = new Zend_Oauth_Consumer($options); $token = new Zend_Oauth_Token_Access(); $httpClient = $token->getHttpClient($options); return $httpClient; } function uploadDocument($docs, $html, $originalFileName, $temporaryFileLocation) { $fileToUpload = $originalFileName; if ($temporaryFileLocation) { $fileToUpload = $temporaryFileLocation; } $newDocumentEntry = $docs->uploadFile($fileToUpload, $originalFileName, null, Zend_Gdata_Docs::DOCUMENTS_LIST_FEED_URI); // this function never executes completely I get the error $alternateLink = ''; foreach ($newDocumentEntry->link as $link) { if ($link->getRel() === 'alternate') { $alternateLink = $link->getHref(); } } return $alternateLink; } ANy ideas ?

    Read the article

  • Visual Studio 2005 - OleDbConnection throws "Invalid authorization specification" in Form Designer,

    - by Jason Dagit
    I have a form with an OleDbConnection object on it. This form fails to load in the Form Designer with the message: One or more errors encountered while loading the designer. The errors are listed below. Some errors can be fixed by rebuilding your project, while others may require code changes. Invalid authorization specification at ADODB.ConnectionClass.Open(String ConnectionString, String UserID, String Password, Int32 Options) ... (stack trace continues into user code) I've tracked this down to the OleDbConnection string. If I hardcode in the server IP, username/password/dbinstance into the constructor of the GUI form then the form will load in the designer. At run-time it is not an issue because we require the user to provide the login details. The question: Is it possible to use the OleDbConnection and the Form designer without supplying the database credentials in the source code of the form? For example, is there a property of the OleDbConnection or Form that I can set so that it doesn't need to access the database during Form design? My concern is that if we ever move the database server or change the login that the code will stop working in the designer.

    Read the article

  • How can I limit asp.net control actions based on user role?

    - by Duke
    I have several pages or views in my application which are essentially the same for both authenticated users and anonymous users. I'd like to limit the insert/update/delete actions in formviews and gridviews to authenticated users only, and allow read access for both authed and anon users. I'm using the asp.net configuration system for handling authentication and roles. This system limits access based on path so I've been creating duplicate pages for authed and anon paths. The solution that comes to mind immediately is to check roles in the appropriate event handlers, limiting what possible actions are displayed (insert/update/delete buttons) and also limiting what actions are performed (for users that may know how to perform an action in the absence of a button.) However, this solution doesn't eliminate duplication - I'd be duplicating security code on a series of pages rather than duplicating pages and limiting access based on path; the latter would be significantly less complicated. I could always build some controls that offered role-based configuration, but I don't think I have time for that kind of commitment right now. Is there a relatively easy way to do this (do such controls exist?) or should I just stick to path-based access and duplicate pages? Does it even make sense to use two methods of authorization? There are still some pages which are strictly for either role so I'll be making use of path-based authorization anyway. Finally, would using something other than path-based authorization be contrary to typical asp.net design practices, at least in the context of using the asp.net configuration system?

    Read the article

  • declarative_authorization permissions on roles

    - by William
    Hey all, I'm trying to add authorization to a rather large app that already exists, but I have to obfuscate the details a bit. Here's the background: In our app we have a number or roles that are hierarchical, roughly like this: BasicUser -> SuperUser -> Admin -> SuperAdmin For authorization each User model instance has an attribute 'role' which corresponds to the above. We have a RESTful controller "Users" that is namespaced under Backoffice. So in short it's Backoffice::UsersController. class Backoffice::UsersController < ApplicationController filter_access_to :all #... RESTful actions + some others end So here's the problem: We want users to be able to give permissions for users to edit users but ONLY if they have a 'smaller' role than they currently have. I've created the following in authorization_rules.rb authorization do role :basic_user do has_permission_on :backoffice_users, :to => :index end role :super_user do includes :basic_user has_permission_on :backoffice_users, :to => :edit do if_attribute :role => is_in { %w(basic_user) } end end role :admin do includes :super_user end role :super_admin do includes :admin end end And unfortunately that's as far as I got, the rule doesn't seem to get applied. If I comment the rule out, nobody can edit If I leave the rule in you can edit everybody I've also tried a couple of variations on the if_attribute: if_attribute :role => is { 'basic_user' } if_attribute :role => 'basic_user' and they get the same effect. Does anybody have any suggestions?

    Read the article

  • Windows file server access control by device

    - by Ori Shavit
    I'm trying to build a system where access to certain resources (file shares) in Windows Server, is limited not only by the username (in a Active Directory domain), but also by the client machine. So far, I haven't found a good way to do this; adding the computer account to the DACL is apparently not the way to do it. Windows Server 2012 supports this with Dynamic Access Control, but this method requires all clients to be Windows 8, it seems, with no way to use this with Windows 7 clients. Is there a supported way to do this? (or alternatively, add support for device authorization with Windows 7).

    Read the article

  • Granting access to authzTo attribute

    - by bemace
    I'm trying to grant certain accounts auth access to their authzTo attribute in order to allow proxied authorization. I tried adding this ldif: dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcAccess olcAccess: {1}to authzTo by dn.children="ou=Special Accounts,dc=example,dc=com" auth - using the command ldapadd -f perm.ldif -D "cn=admin,cn=config" -W but got this error: modifying entry "olcDatabase={-1}frontend,cn=config" ldap_modify: Other (e.g., implementation specific) error (80) additional info: <olcAccess> handler exited with 1 using verbose output and turning up the debug level haven't given me any more clues. Can anyone see what I'm doing wrong?

    Read the article

  • Join ActiveDirectory (Win 2k8R2) to OpenDirectory(Snow Leopard)

    - by Tom O'Connor
    The vast majority of questions and so on regarding the interoperability of Active and Open directories involves getting Mac clients to see an AD and auth against it. What we'd like to do is get a Windows 7 workstation to auth completely against Open Directory. We tried setting it up as an NT4 type PDC, and that doesn't work satisfactorily. We tried using pGina and the LDAP backend, which allows Authentication, but has no support for Authorization, and as a result, if we mount an NFS Share, the user has the rights to do anything they damn well please. Not ideal for security (Totally bloody unacceptable, actually). We tried using a Samba server (newer version than on the Open Directory Server) as an intermediate, so that it knows about the LDAP server on the OD Server, but uses Samba 4 instead of v3. That didn't work either. We could login, but couldn't mount, and if we did, we had the same rights as with pGina. If we right-click the mounted drive in Windows, and have a look at NFS UID, it returns -2, not the correct (mapped) UID. So the final plan I've got is to use an Active Directory, inside a Windows 2008R2 Virtual Machine. What I want to achieve is to have the Active Directory sync it's user data from OpenDirectory (read-only would be fine). That way, we'd have the ability to connect Windows 7 clients to a "virtual domain" which would actually just grab information from OD's LDAP. All the information I've found is about how to go the other way. Does anyone know how we can do this?

    Read the article

  • Active Directory problems while trying to perfom compare operation

    - by Alex
    I have CentOs 5.5 with Apache 2.2 and SVN installed. Also I have Windows 2003 R2 with Active Directory. I'm trying to authorize users via AD so each user have access to repo if he is a member of corespondent group in AD. Here is my apache config: LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so LDAPVerifyServerCert off ServerName svn.mydomain.com DocumentRoot /var/www/svn.mydomain.com/htdocs RewriteEngine On [Location /] AuthType basic AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL ldaps://comp1.mydomain.com:636/DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=*) AuthLDAPBindDN [email protected] AuthLDAPBindPassword binduserpassword [/Location] [Location /repos/test] DAV svn SVNPath /var/svn/repos/test AuthName "SVN repository for test" Require ldap-group CN=test,CN=ProjectGroups,DC=mydomain,DC=com [/Location] When I'm using "Require valid-user" everything goes fine, "Require ldap-user" also works. But as soon as I use "Require ldap-group" authorization fails. Trere are no errors in apache logs, but Active Directory shows folowing error: Event Type: Information Event Source: NTDS LDAP Event Category: LDAP Interface Event ID: 1138 Date: 10/9/2010 Time: 1:28:52 PM User: MYDOMAIN\binduser Computer: COMP1 Description: Internal event: Function ldap_compare entered. Event Type: Error Event Source: NTDS General Event Category: Internal Processing Event ID: 1481 Date: 10/9/2010 Time: 1:28:52 PM User: MYDOMAIN\binduser Computer: COMP1 Description: Internal error: The operation on the object failed. Additional Data Error value: 2 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=mydomain,DC=com' I'm confused by this problem. What I'm doing wrong?

    Read the article

  • Ruby on rails: Image downloads with Authentication/Authorization/Time outs

    - by ak1dnar
    Hi Guys, I'm having few doubts on implementing file downloads. I'm creating an app where I use attachment_fu with Amazon s3 to upload files. Things are working pretty well so far on uploading side. Now its the time to start the file downloads. Here is what I need, a logged in user search and browse for Images and they should able to add the files in to a download basket (Let's say its a Download Shopping Cart). Finally the user should be able to download these file(s) from S3 probably as a zipped file. Is there any plugin/gem where I can use for this?

    Read the article

  • Twitter oauth authorization in a pop-up instead of in main browser window

    - by niyogi
    I feel incredibly stupid for even asking this since the answer might already be under my nose but here it goes: TweetMeme has a Re-tweet twitter widget that publishers can place on their blogs. When a user clicks on the widget, it pops open a window which allows the user to authenticate themselves with twitter and then re-tweet. This seems to use some special Twitter oauth popup form factor - unless there is something fancier happening under the surface to authenticate the user. The pop-up window looks like this: http://twitpic.com/1kepcr I'd rather handle an authentication via a pop-up rather than send the user to a brand new page (for the app I'm working on) and they seem to have the most graceful solution. Thoughts on how they did this?

    Read the article

  • Facebook Graph API - authorization types?

    - by Alex Cook
    I'm struggling with the new Facebook Graph API, perhaps someone here can help. Here is what I want to do: provide a ‘login w/ FB’ button, throw to /authorize, get a code, throw to /access_token, get an access_token, and be able to hit https://graph.facebook.com/me for info about the user. When I try to use type=client_cred in the /authorize call, I get an access_token that lets me hit URLs with userIDs or names, but not /me. I receive an error stating I need a valid token. If I can't hit /me, how do I figure out who the current user is? What exactly should I use in the type param if I want a website to access a users data? I've seen posts with type=web_server, etc, but I can't seem to find a sure fire way to do, what I think, is pretty simple... Thanks ahead of time for any help thats provided...

    Read the article

  • Setting up sendgrid for rails..returning Authorization error

    - by Trip
    The emails now send from my local, but do not send from my box. I am returned this error. Anyone know what this might be? Net::SMTPAuthenticationError (535 5.7.8 Error: authentication failed: authentication failure ): My environments/production.rb ActionMailer::Base.delivery_method = :smtp ActionMailer::Base.smtp_settings = { :address => "smtp.sendgrid.net", :port => '25', :domain => "mydomain.com", :authentication => :plain, :user_name => "[email protected]", :password => "password1234" } /etc/ssmtp/ssmtp.conf : root=postmaster mailhub=smtp.sendgrid.net [email protected] AuthPass=password1234 AuthMethod=LOGIN rewriteDomain=mydomain.com FromLineOverride=YES UseSTARTTLS=NO

    Read the article

  • Facebook Developer Toolkit doesn't redirect after authorization

    - by Mika Kolari
    I have a small facebook test app (iframe) based on sample http://blogs.claritycon.com/blogs/kevin_marshall/archive/2009/10/06/facebook-developer-toolkit-3-0-asp-net-mvc-sample.aspx public class HomeController : Controller { public ActionResult Index() { var api = this.GetApi(); var userId = api.Session.UserId; return View(); } // redirects to Index // which doesn't redirect back here [FacebookAuthorization(IsFbml = false)] public ActionResult About() { var api = this.GetApi(); // goes here without FacebookAuthorization // but userId = 0 var userId = api.Session.UserId; return View(); } } When I try to go to 'About' page, FacebookAuthorizationAttribute redirects to 'Index' for authentication. The problem is, it never redirects back to 'About'. What am I doing wrong here?

    Read the article

  • Securing Files over Web: Fine Grained Authorization Based File Access

    - by Nishant
    I have a system where employees can upload files. There are three ways Upload to my account in public, private or protected mode Upload to department account in public, private or protected mode Upload to organization account in public, private or protected mode where public is visible to anyone, private to the group or person only and protected to anyone in the organization. All the files for an organization are stored in a directory say, /files/<organizationId>/, on file server like files +-- 234809 | +img1.jpg | +doc1.pdf +-- 808234 | +doc2.pdf I am storing file-path and privacy level in DB. So, I can control whether to show link to a file URL to an user -- on a given page. The problem is, I do not have any control over file's URL... so, if some one types the URL to img1.jpg in his browser's address bar, there is no way to know whether a logged in user is eligible to see img1.jpg. Any suggestion? Thanks Nishant

    Read the article

  • NAnt authorization access issue

    - by Luís Custódio
    I'm having a problem trying to move a file through my network, I want to transfer the release from my continuos integration virtual machine to the host of this VM. but i get this: System.UnauthorizedAccessException: Access to the path '\\192.168.0.36\E$\WebApps\MyProgram' is denied. at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, DirectorySecurity dirSecurity) at System.IO.Directory.CreateDirectory(String path, DirectorySecurity directorySecurity) at NAnt.Core.Tasks.MoveTask.DoFileOperations() at NAnt.Core.Tasks.CopyTask.ExecuteTask() at NAnt.Core.Task.Execute() at NAnt.Core.Target.Execute() at NAnt.Core.Project.Execute(String targetName, Boolean forceDependencies) at NAnt.Core.Project.Execute() at NAnt.Core.Project.Run() I'm trying to transfer from a Windows Server 2003 R2 to a Windows Server 2008 R2.

    Read the article

  • Rails user authorization

    - by Zachary
    I am currently building a Rails app, and trying to figure out the best way to authenticate that a user owns whatever data object they are trying to edit. I already have an authentication system in place (restful-authentication), and I'm using a simple before_filter to make sure a user is logged in before they can reach certain areas of the website. However, I'm not sure the best way to handle a user trying to edit a specific piece of data - for example lets say users on my site can own Books, and they can edit the properties of the book (title, author, pages, etc), but they should only be able to do this for Books that -they- own. In my 'edit' method on the books controller I would have a find that only retrieved books owned by the current_user. However, if another user knew the id of the book, they could type in http://website.com/book/7/edit , and the controller would verify that they are logged in, then show the edit page for that book (seems to bypass the controller). What is the best way to handle this? Is it more of a Rails convention routing issue that I don't understand (being able to go straight to the edit page), or should I be adding in a before_find, before_save, before_update, etc callbacks to my model?

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >