Search Results

Search found 1208 results on 49 pages for 'proxied authorization'.

Page 7/49 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • ASP MVC C#: Is it possible to pass dynamic values into an attribute?

    - by wh0emPah
    Okay I'm very new to C# and i'm trying to create a little website using ASP MVC2. I want to create my own authorization attribute. but i need to pass some values if this is possible. For example: [CustomAuthorize(GroupID = Method Parameter?] public ActionResult DoSomething(int GroupID) { return View(""); } I want to authorize the access to a page. but it depends on the value passed to the controller. So the authorization depends on the groupID. Is this possible to achieve this in any way?. Thanks in advance.

    Read the article

  • How to handle authorization in the view layout

    - by mathk
    Authorize attribute are good to do some access control base on Action but suppose that I have some UI element in the layout that should note be output unless the user is authorize. I could possibly set some boolean in the ViewBag but that is not the good solution I guess. Somewhere in the Layout.cshtml: @if (ViewBag.IsAuthorized) { <li>@Html.ActionLink("Index", "Admin")</li> } Let me know if there is a better solution. Thanks.

    Read the article

  • authorization services question cocoa

    - by Marius
    Sorry for being a total beginner in cocoa and for asking the following stupid question, but it's too confusing for me to google it myself or maybe i'm just missing something. I need to run a shellscript with elevated privileges in cocoa. As i understand, "AuthorizationExecuteWithPrivileges" is the correct way to do it. So i've created an application and tried to use some code from one example i found online. The problem is ... if i understand it correctly ... there should be a Security framework in /System/Library/Frameworks that i have to import to the project, but ... it's not there. What am i missing here? Thank you.

    Read the article

  • CouchDB read authorization

    - by mdikici
    In couchdb website - technical overview - security and validation - http://couchdb.apache.org/docs/overview.html - it writes that (on reader access part) "To protect document contents, CouchDB documents can have a reader list. This is an optional list of reader-names allowed to read the document. When a reader list is used, protected documents are only viewable by listed users." I searched about how to use it but i found nothing. So is it actually used and if it is how? Thanks. -- Mustafa

    Read the article

  • Does Apache allow to authorize an HTTP request based on a result of a subrequest?

    - by Jan Wrobel
    I'm looking for an equivalent of nginx http auth request module but for Apache. For each incoming HTTP requests, the module sends a subrequests to authentication/authorization back-end. Th auth request carries a path and all headers of the original request. Based on the result of the auth request, the original requests is allowed (HTTP code 200), denied (HTTP code 403) or login is requested (HTTP code 401). Such a generic mechanism allows to build really flexible authentication and authorization schemes. Is something like this possible in Apache (likely with a help of some third party module)?

    Read the article

  • Setting custom HTTP request headers in an URL object doesn't work.

    - by Blagovest Buyukliev
    I am trying to fetch an image from an IP camera using HTTP. The camera requires HTTP basic authentication, so I have to add the corresponding request header: URL url = new URL("http://myipcam/snapshot.jpg"); URLConnection uc = url.openConnection(); uc.setRequestProperty("Authorization", "Basic " + new String(Base64.encode("user:pass".getBytes()))); // outputs "null" System.out.println(uc.getRequestProperty("Authorization")); I am later passing the url object to ImageIO.read(), and, as you can guess, I am getting an HTTP 401 Unauthorized, although user and pass are correct. What am I doing wrong? I've also tried new URL("http://user:pass@myipcam/snapshot.jpg"), but that doesn't work either.

    Read the article

  • Help with authorization and redirection decorator in python (pylons)

    - by ensnare
    I'm trying to write a simple decorator to check the authentication of a user, and to redirect to the login page if s/he is not authenticated: def authenticate(f): try: if user['authenticated'] is True: return f except: redirect_to(controller='login', action='index') class IndexController(BaseController): @authenticate def index(self): return render('/index.mako' ) But this approach doesn't work. When a user is authenticated, everything is fine. But when the user is not authenticated, redirect_to() doesn't work and I am given this error: HTTPFound: 302 Found Content-Type: text/html; charset=UTF-8 Content-Length: 0 location: /login Thank for your help!

    Read the article

  • User authorization in DB2

    - by Daziplqa
    Hi Folks, I am using win Vista, and I am trying to backup some Database under DB2. I am logged in using the Administrator user, and whenever I try to issue the backup command in the "command line processor", I get the following message: SQL1092N "ADMINISTRATOR" does not have the authority to perform the requested command. SQLSTATE=00000 BTW, I have created a username/password pair (db2admin) while installing the DB2 server. So, Will this problem will be get solved if I use the db2admin user? And how to connect to the server (local server BTW) using the db2admin user ?

    Read the article

  • ASP.NET MVC 2 Authorization Regex

    - by Hurricanepkt
    What i currently have is the following: namespace AzureCCCMVC.Controllers { [Authorize(Roles="Admin")] public class AdminController : Controller { //Stuff } } what I want to do is have roles for each client such as Roles { "DEMOAdmin", "GOOGAdmin" , "MSFTAdmin" } and be able to Authorize The Client name (from URL) and in that role I know I am doing a horrible job of explaining this... It is possible that I can have users that are users of several clients but only admin's of one ...

    Read the article

  • silverlight 3: long running wcf call triggers 401.1 (access denied)

    - by sympatric greg
    I have a wcf service consumed by a silverlight 3 control. The Silverlight client uses a basicHttpBindinging that is constructed at runtime from the control's initialization parameters like this: public static T GetServiceClient<T>(string serviceURL) { BasicHttpBinding binding = new BasicHttpBinding(Application.Current.Host.Source.Scheme.Equals("https", StringComparison.InvariantCultureIgnoreCase) ? BasicHttpSecurityMode.Transport : BasicHttpSecurityMode.None); binding.MaxReceivedMessageSize = int.MaxValue; binding.MaxBufferSize = int.MaxValue; binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; return (T)Activator.CreateInstance(typeof(T), new object[] { binding, new EndpointAddress(serviceURL)}); } The Service implements windows security. Calls were returning as expected until the result set increased to several thousand rows at which time HTTP 401.1 errors were received. The Service's HttpBinding defines closeTime, openTimeout, receiveTimeout and sendTimeOut of 10 minutes. If I limit the size of the resultset the call suceeds. Additional Observations from Fiddler: When Method2 is modified to return a smaller resultset (and avoid the problem), control initialization consists of 4 calls: Service1/Method1 -- result:401 Service1/Method1 -- result:401 (this time header includes element "Authorization: Negotiate TlRMTV..." Service1/Method1 -- result:200 Service1/Method2 -- result:200 (1.25 seconds) When Method2 is configured to return the larger resultset we get: Service1/Method1 -- result:401 Service1/Method1 -- result:401 (this time header includes element "Authorization: Negotiate TlRMTV..." Service1/Method1 -- result:200 Service1/Method2 -- result:401.1 (7.5 seconds) Service1/Method2 -- result:401.1 (15ms) Service1/Method2 -- result:401.1 (7.5 seconds)

    Read the article

  • Why is it not good to use $_SESSION in Restful Implementations?

    - by keisimone
    Original Question: i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i properly authenticate users without looking up database all the time to check for the user's roles? I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

    Read the article

  • i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i

    - by keisimone
    I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

    Read the article

  • DB access denied with ASP.Net MVC application after switching to windows authentication mode

    - by myotherme
    I have a MVC application that I am now trying to add authentication and authorization to. I want to allow users to get to the site and be automatically authenticated. So I set authentication mode="Windows" in the web.config, and enabled NTLM in the project options. The site now shows my domain name in the top right when I run it, but when I hit a action than needs DB access, it tells me access is denied for my user-name? What step am I missing?

    Read the article

  • All permissions with declarative_authorization

    - by pablorc
    Hi, I have a Rails application using Restful authentication and declarative authorization. I have some roles with an admin. Is there any method to have automatically granted all permissions to this role, instead of hardcode every controller in the authorization_rules? Something like: role :admin do has_permission_on :everything, :to => :manage end Or a uglier approach with introspection, maybe? Thanks in advance

    Read the article

  • IIS 7.5 Windows Authentication Not Working in Chrome

    - by Sam
    On a new installation of IIS 7.5 I have setup Windows Authentication on my Intranet. The providers I have used are 'NTLM' and negotiate in that order. This works fine in IE and Firefox but in chrome I get the following This web page is not available The web page at http://mysite.com/myintranet.php might be temporarily down or it may have moved permanently to a new web address. Error 338 (net::ERR_INVALID_AUTH_CREDENTIALS): Unknown error. I've tried looking online for a solution without any success. I'm running the latest version of Chrome 21.0.1180.60

    Read the article

  • Active Directory, Linux, and User Private Groups

    - by larsks
    We're in the process of moving from NIS on our Linux systems to binding everything to Active Directory. The NIS environment follows the common standard used by many Linux distributions that a user's primary group is a group of the same name as the user (and of which the user is typically the only member). I have been informed that in the Active Directory environment, you may not have a group name with the same name as a user (specifically, that no two AD security objects may have the same name). This would seem to complicate the process of moving our group definitions into AD. It looks like we could maintain the NIS group information in AD using only POSIX attributes (e.g., not an actual AD security object), but that seems like a suboptimal fix (because we do really want to have the same view of group membership in both the Unix and AD worlds). Have you moved a large legacy NIS environment into Active Directory? How did you handle this situation?

    Read the article

  • Set up FTP user with ProFTPD on Ubuntu

    - by kidrobot
    I want to set up a user "ftp" so they can upload and download files in my /home/httpd/mysite/public_html directory. All files in public_html are owned by user ftp and in group www-data so the ftp user looks like so: uid=108(ftp) gid=33(www-data) groups=33(www-data),65534(nogroup) When I try to connect via an FTP client I get 530 Login incorrect. ftp: Login failed. What do I need to uncomment/add to the proftpd.conf file to make this work?

    Read the article

  • Getting apache to use ldap group and filesystem group information

    - by Angelo
    We have an Apache server which serves out of a particular directory, and just supplies a listing of files. From this directory, each subdirectory is owned by a certain group of users (at the filesystem level). User groups are determined by a posixGroup in ldap. Is there any simple way I can tell Apache to authorize access based on filesystem permissions, just like if the users were to access the filesystem from a shell? I would like to be able to simply add users/groups/directories without having to add another Directory or Location directive in Apache's conf?

    Read the article

  • Facebook Chat through XMPP protocol on Pidgin Portable - Will not Authorize

    - by Sara Neff
    I heard you can use facebook chat on desktops now. Thats awsome! What i didn't hear is that it is a pain in the butt! Not awsome! I've followed six nearly identical sets of instructions from six different websides, including the one that facebook generates for you, to get facebook chat connected through Pidgin. Its the latest portable version, so from what i hear the plugin is out of the question. Whenever I go to try and connect i get a message saying "Not Authorized" and buttons to either modify the account info, or retry. NOTHING i have done has fixed this, and I can't find anything remotely usefull anywhere. I am running windows xp, and running pidgin (portable) off of a flash drive. Someone please tell me what i have to do. I read about authorizing the chat on my actual facebook page. I'd have tried that if i could find out how to do it, but if its there they hid it good. HELP?!

    Read the article

  • Grant Sharepoint Access to all employees

    - by Satish
    What's the easiest way to grant access to all the employees of our company to sharepoint portal. There are some general sites which all employees have read access. So Do I have to create an AD group for all employees and add to the site or is there some better way to manage this?

    Read the article

  • How to do a database backup in DB2 in Vista?

    - by Daziplqa
    How to do a database backup in DB2 in Vista? Whenever I issued this command (login in Vista as Administrator): restore database myDB from D: taken at 20081013134446 the command line processor return the following error message: SQL1092N "ADMINISTRATOR" does not have the authority to perform the requested command. SQLSTATE=00000 So, How can I solve this problem?

    Read the article

  • Subversion all or nothing access to repo tree

    - by Glader
    I'm having some problems setting up access to my Subversion repositories on a Linux server. The problem is that I can only seem to get an all-or-nothing structure going. Either everyone gets read access to everything or noone gets read or write access to anything. The setup: SVN repos are located in /www/svn/repoA,repoB,repoC... Repositories are served by Apache, with Locations defined in etc/httpd/conf.d/subversion.conf as: <Location /svn/repoA> DAV svn SVNPath /var/www/svn/repoA AuthType Basic AuthName "svn repo" AuthUserFile /var/www/svn/svn-auth.conf AuthzSVNAccessFile /var/www/svn/svn-access.conf Require valid-user </Location> <Location /svn/repoB> DAV svn SVNPath /var/www/svn/repoB AuthType Basic AuthName "svn repo" AuthUserFile /var/www/svn/svn-auth.conf AuthzSVNAccessFile /var/www/svn/svn-access.conf Require valid-user </Location> ... svn-access.conf is set up as: [/] * = [/repoA] * = userA = rw [/repoB] * = userB = rw But checking out URL/svn/repoA as userA results in Access Forbidded. Changing it to [/] * = userA = r [/repoA] * = userA = rw [/repoB] * = userB = rw gives userA read access to ALL repositories (including repoB) but only read access to repoA! so in order for userA to get read-write access to repoB i need to add [/] userA = rw which is mental. I also tried changing Require valid-user to Require user userA for repoA in subversion.conf, but that only gave me read access to it. I need a way to default deny everyone access to every repository, giving read/write access only when explicitly defined. Can anyone tell me what I'm doing wrong here? I have spent a couple of hours testing and googling but come up empty, so now I'm doing the post of shame.

    Read the article

  • How can I disable Kerberos authentication for only the root of my site?

    - by petRUShka
    I have Kerberos-based authentication and I want to disable it on only root url: http://mysite.com/. And I want it to continue to work fine on any other page like http://mysite.com/page1. I have such things in my .htaccess: AuthType Kerberos AuthName "Domain login" KrbAuthRealms DOMAIN.COM KrbMethodK5Passwd on Krb5KeyTab /etc/httpd/httpd.keytab require valid-user I want to turn it off only for root URL. As workaround it is possible to turn off using .htaccess in virtual host config. Unfortunately I don't know how to do it. Part of my vhost.conf: <Directory /home/user/www/current/public/> Options -MultiViews +FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> UPD. I'm using Apache/2.2.3 (Linux/SUSE) I tried to use such version of .htaccess: SetEnvIf Request_URI ^/$ rootdir=1 Allow from env=rootdir Satisfy Any AuthType Kerberos AuthName "Domain login" KrbAuthRealms DOMAIN.COM KrbMethodK5Passwd on Krb5KeyTab /etc/httpd/httpd.keytab require valid-user Unfortunately such config turn Kerberos AuthType for all URLs. I tried to place first 3 lines SetEnvIf Request_URI ^/$ rootdir=1 Allow from env=rootdir Satisfy Any after main block, but it didn't help me.

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >