Search Results

Search found 1408 results on 57 pages for 'declarative authorization'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 11/57 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • RIA Services: custom autorization

    - by Budda
    Here is a good example how to create custom autorization for RIA services: http://stackoverflow.com/questions/1195326/ria-services-how-can-i-create-custom-authentication In my case a silverlight-pages will be displayed as a part of HTML-content and user authorisation is already implemented on the server-side (ASP.NET Membership is not used). It is required to show on the silverlight pages different information for authorised and non-authorised users. Is there any possibility to track on the Silverlight side if user is already authorized on the server side (on the usual ASP.NET web-site)? Please adivse how to do this. Thank you in advance.

    Read the article

  • Display action-specific authorisation message for [Authorize] attribute

    - by FreshCode
    Is there a way to display an action-specific authorisation message for when an [Authorize] or [Authorize(Roles="Administrator")] attribute redirects the user to the sign-in page? Ideally, [Authorize(Roles="Administrator", Message="I'm sorry Dave. I'm afraid I can't let you do that.")] public ActionResult SomeAdminFunction() { // do admin stuff return View(); } As I understand it, attributes are not meant to add functionality, but this seems purely informational. One could do this inside the action, but it seems inelegant compared to the use of an attribute. Alternatively, if (!Request.IsAuthenticated) { if (!User.IsInRole("Administrator")) SetMessage("You need to be an administrator to destroy worlds."); // write message to session stack return RedirectToAction("SignIn", "Account"); } Is there an existing way to do this or do I need to override the [Authorize] attribute?

    Read the article

  • looking for a license key algorithm.

    - by giulio
    There are a lot of questions relating to license keys asked on stackoverflow. But they don't answer this question. Can anyone provide a simple license key algorithm that is technology independent and doesn't required a diploma in mathematics to understand ? The license key algorithm is similar to public key encryption. I just need something simple that can be implemented in any platform .Net/Java and uses simple data like characters. Preferably no byte translations required. So if a person presents a string, a complementary string can be generated that is the authorisation code. Below is a common scenario that it would be used for. Customer downloads s/w which generates a unique key upon initial startup/installation. S/w runs during trial period. At end of trial period an authorisation key is required. Customer goes to designated web-site, enters their code and get authorisation code to enable s/w, after paying :) Don't be afraid to describe your answer as though you're talking to a 5 yr old as I am not a mathemtician. Just need a decent basic algorithm, we're not launching nukes... NB: Please no philosophy on encryption nor who is Diffie-Hellman. I just need a basic solution.

    Read the article

  • if_attribute syntax problem on declarative_authorization

    - by Victor Martins
    I have an Organization that has_many Affiliations And a mission that has_one Organization So i can do this: m = Mission.first m.organization.affiliations A user also has_many affiliations so I can do: u = User.first u.affiliations In declarative_authorization I want a user to be able to manage a mission if he is affiliated to the organization of the mission. I'm trying this: has_permission_on :missions, :to => [:manage] do if_attribute [:affiliations, {:mission => :organization} ] => intersects_with { user.affiliations.type_admin } end But I get the error: [:affiliations, {:mission=>:organization}] is not a symbol What's wrong with the syntax?

    Read the article

  • Silverlight 4 race condition with DataGrid master details control

    - by Simon_Weaver
    Basically I want a DataGrid (master) and details (textbox), where DataGrid is disabled during edit of details (forcing people to save/cancel)... Here's what I have... I have a DataGrid which serves as my master data. <data:DataGrid IsEnabled="{Binding CanLoad,ElementName=dsReminders}" ItemsSource="{Binding Data, ElementName=dsReminders}" > Its data comes from a DomainDataSource: <riaControls:DomainDataSource Name="dsReminders" AutoLoad="True" ... I have a bound Textbox which is the 'details' (very simple right now). There are buttons (Save/Cancel) which should be enabled when user tries to edit the text. Unfortunately Silverlight doesn't support UpdateSourceTrigger=PropertyChanged so I have to raise an event: <TextBox Text="{Binding SelectedItem.AcknowledgedNote, Mode=TwoWay, UpdateSourceTrigger=Explicit, ElementName=gridReminders}" TextChanged="txtAcknowledgedNote_TextChanged"/> The event to handle this calls BindingExpression.UpdateSource to update the source immediately: private void txtAcknowledgedNote_TextChanged(object sender, TextChangedEventArgs e) { BindingExpression be = txtAcknowledgedNote.GetBindingExpression(TextBox.TextProperty); be.UpdateSource(); } IN other words - typing in the textbox causes CanLoad of the DomainDataSource to become False (because we're editing). This in turn disables the DataGrid (IsEnabled is bound to it) and enables 'Cancel' and 'Save' buttons. However I'm running up against a race condition if I move quickly through rows in the DataGrid (just clicking random rows). The TextChanged presumably is being called on the textbox and confusing the DomainDataSource which then thinks there's been a change. So how should I disable the DataGrid while editing without having the race condition? One obvious solution would be to use KeyDown events to trigger the call to UpdateSource but I always hate having to do that.

    Read the article

  • When are ASP.NET Expression Builders most useful?

    - by SkippyFire
    I saw an example of using Expression Builders, and creating your own Custom Expression Builder Classes here: http://aspnet.4guysfromrolla.com/articles/022509-1.aspx However, I fail to see the value in using this approach. It doesn't seem much easier than programmatically setting values in your code behind. As far as I can tell, the only thing you can do with them is set properties. Maybe they would be useful for setting defaults on certain controls? Can anyone shed light on where this ASP.NET feature becomes powerful?

    Read the article

  • looking for a license key algorithm.

    - by giulio
    There are alot of questions relating to license keys asked on stackoverflow. But they don't answer this question. Can anyone provide a simple license key algorithm that is technology independent and doesn't required a diploma in mathematics to understand ? The license key algorithm is similar to public key encryption. I just need something simple that can be implemented in any platform .Net/Java and uses simple data like characters. Written as Pseudo code is perfect. So if a person presents a string, a complementary string can be generated that is the authorisation code. Below is a common scenario that it would be used for. Customer downloads s/w which generates a unique key upon initial startup/installation. S/w runs during trial period. At end of trial period an authorisation key is required. Customer goes to designated web-site, enters their code and get authorisation code to enable s/w, after paying :) Don't be afraid to describe your answer as though you're talking to a 5 yr old as I am not a mathemtician.

    Read the article

  • AspNetMembership provider with WCF service

    - by Sly
    I'm trying to configure AspNetMembershipProvider to be used for authenticating in my WCF service that is using basicHttpBinding. I have following configuration: <system.serviceModel> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> <bindings> <basicHttpBinding> <binding name="basicSecureBinding"> <security mode="Message"></security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="MyApp.Services.ComputersServiceBehavior"> <serviceAuthorization roleProviderName="AspNetSqlRoleProvider" principalPermissionMode="UseAspNetRoles" /> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="AspNetSqlMembershipProvider"/> </serviceCredentials> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <services> <service behaviorConfiguration="MyApp.Services.ComputersServiceBehavior" name="MyApp.Services.ComputersService"> <endpoint binding="basicHttpBinding" contract="MyApp.Services.IComputersService" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> </system.serviceModel> Roles are enabled and membership provider is configured (its working for web site). But authentication process is not fired at all. There is no calles to data base during request, and when I try to set following attribute on method: [PrincipalPermission(SecurityAction.Demand, Authenticated = true)] public bool Test() { return true; } I'm getting access denied exception. Any thoughts how to fix it?

    Read the article

  • Rails Authentication

    - by Oluf Nielsen
    Hey, i need some help with rails, again! Last it was about Authlogic.. Well I'm gone a bit backward since.. I mean, Authlogic isn't a Authentcate system i like.. So now i wan't you guys to tell me what you think is the best! I going to use it to a project of mine. Where there has to be a few roles like Admin, User and Guest.. So might you guys can tell me what is good and what is bad..?

    Read the article

  • Secure Webservice (WCF) without storing credentials on consumer application

    - by Pai Gaudêncio
    Howdy folks, I have a customer that sells a lottery analysis application. In this application, he consumes a webservice (my service, I mean, belongs to the company I work for now) to get statistical data about lottery results, bets made, amounts, etc., from all across the globe. The access to this webservice is paid, and each consult costs X credits. Some people have disassembled this lottery application and found the api key/auth key used to access the paid webservice, and started to use it. I would like to prevent this from happening again, but I can't find a way to authenticate on the webservice without storing the auth. keys on the application. Does anyone have any ideas on how to accomplish such task? ps1.Can't ask for the users to input any kind of credentials. Has to be transparent for them (they shouldn't know what is happening). ps2. Can't use digital certificates for the same reason above, not to mention it's easy to retrieve them and we would fall into the original problem. Thanks in advance.

    Read the article

  • AuthorizationExecuteWithPrivileges and osascript failing

    - by cygnl7
    I'm attempting to execute an uninstaller (written in AppleScript) through AuthorizationExecuteWithPrivileges. I'm setting up my rights after creating an empty auth ref like so: char *tool = "/usr/bin/osascript"; AuthorizationItem items = {kAuthorizationRightExecute, strlen(tool), tool, 0}; AuthorizationRights rights = {sizeof(items)/sizeof(AuthorizationItem), &items}; AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize | kAuthorizationFlagInteractionAllowed; status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL); Later I call: status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, (char *const *)args, NULL); On Snow Leopard this works fine, but on Leopard I get the following in syslog.log: Apr 19 15:30:09 hostname /usr/bin/osascript[39226]: OpenScripting.framework - 'gdut' event blocked in process with mixed credentials (issetugid=0 uid=501 euid=0 gid=20 egid=20) Apr 19 15:30:12: --- last message repeated 1 time --- ... Apr 19 15:30:12 hostname [0x0-0x2e92e9].com.example.uninstaller[39219]: /var/folders/vm/vmkIi0nYG8mHMrllaXaTgk+++TI/-Tmp-/TestApp_tmpfiles/Uninstall.scpt: Apr 19 15:30:12 hostname [0x0-0x2e92e9].com.example.uninstaller[39219]: execution error: «constant afdmasup» doesn’t understand the «event earsffdr» message. (-1708) Am I going about this all wrong? I just want to run the equivalent of "sudo /usr/bin/osascript ..."

    Read the article

  • What are the real-world benefits of declarative-UI languages such as XAML and QML?

    - by Stu Mackellar
    I'm currently evaluating QtQuick (Qt User Interface Creation Kit) which will be released as part of Qt 4.7. QML is the JavaScript-based declarative language behind QtQuick. It seems to be a very powerful concept, but I'm wondering if anybody that's made extensive use of other, more mature declarative-UI languages like XAML in WPF or Silverlight can give any insight into the real-world benefits that can be gained from this style of programming. Various advantages are often cited: Speed of development Forces separation between presentation and logic Better integration between coders and designers UI changes don't require re-compilation Also, are there any downsides? A few potential areas of concern spring to mind: Execution speed Memory usage Added complexity Are there any other considerations that should be taken into account?

    Read the article

  • deny custom role

    - by kusanagi
    how can i deny access to call method. something like this [HandleError] [Authorize(Roles = "role1, role2")] public class AdminController : Controller { [Deny(Roles = "role2")] public ActionResult ResultPage(string message) { ViewData["message"] = message; return View(); } }

    Read the article

  • Integrating Apache Shiro with ASP.NET MVC

    - by Garry Shutler
    I'm looking at using Apache Shiro as a central authentication service for all our applications over a variety of platforms. It's hinted at that it can integrate with a variety of platforms which would be ideal for my purposes but I cannot find any examples of how this is achieved from .NET (ASP.NET MVC specifically if it makes any difference). Does anyone know where I can find an example of how to do this?

    Read the article

  • How to configure the roles in my tomcat application to work with JNDI(WIN AUTH)

    - by Itay Levin
    Hi, I'm trying to change the authentication mode of my application from JDBC-REALM to JNDI-REALM. I configured the following section inside the Server.xml <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://****:389/DC=onsetinc,DC=com??sAMccountName?sub?(objectClass=*)" connectionName="[email protected]" connectionPassword="password" userBase="CN=Users" referrals="follow" userSearch="(sAMAccountName={0})" userSubtree="true" roleBase="CN=Users" roleName="name" roleSubtree="true" roleSearch="(member={1})"/> I have also configured the web.xml under my appfolder to contain the following: <security-role> <role-name>Admin</role-name> </security-role> <security-role> <role-name>WaterlooUsers</role-name> </security-role> <security-constraint> <web-resource-collection> <web-resource-name>Tube</web-resource-name> <url-pattern>/ComposeMessage.jsp</url-pattern> <url-pattern>/PageStatus.jsp</url-pattern> <url-pattern>/UserStatus.jsp</url-pattern> <url-pattern>/SearchEC.jsp</url-pattern> <url-pattern>/SearchEC2.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsEC.jsp</url-pattern> <url-pattern>/SearchMessageStatus.jsp</url-pattern> <url-pattern>/SearchMessageStatisticsPager.jsp</url-pattern> <url-pattern>/SearchPageStatus.jsp</url-pattern> </web-resource-collection> <auth-constraint> <role-name>WaterlooUsers</role-name> </auth-constraint> </security-constraint> In my Active directory i have created a new group called WaterlooUsers It's distinguish name is : distinguishedName: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com It has a property member which contains the following user: member: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com (which is my user) My record on the active directory looks like that: sAMAccountName: itayL distinguishedName: CN=Itay Levin,CN=Users,DC=onsetinc,DC=com memberOf: CN=WaterlooUsers,CN=Users,DC=onsetinc,DC=com and when i get the popup for user/password i enter the username "ItayL" in the authentication message box (and my password) I have 2 questions: How do i configure correctly the roles parameters correctly in the Realm section in the server.xml to enable me to both authenticate and authorize both this group of users WaterlooUsers and also assign them to the appropriate role so that they can see all the relevant pages in my website. - currently it seems that all the Users in my domain are authenticated to the site but get the http-403 Error and can't access any of the pages in the site. I also want to be able to create 2 different set of roles in my site - which can both have access to the same pages - but will see different things on the page. (for instance adding some administrative ability to the admin) Hope it was clear enough and not too long. Thanks in advance, Itay

    Read the article

  • REST, caching, and authorizing with multiple user roles

    - by keithjgrant
    We have a system with multiple different levels of access--sometimes even for the same user as they switch between multiple roles. We're beginning a discussion on moving over to a RESTful implementation of things. I'm just starting to get my feet wet with the whole REST thing. So how do I go about limiting access to the correct records when they access a resource, particularly when taking caching into consideration? If user A access example.com/employees they would receive a different response than user B; user A may even receive a different response as he switches to a different role. To help facilitate caching, should the id of the role be somehow incorporated into the uri? Maybe something like example.com/employees/123 (which violates the rules of REST), or as some sort of subordinate resource like example.com/employees/role/123 (which seems silly, since role/### is going to be appended to URIs all over the place). I can help but think I'm missing something here.

    Read the article

  • Run AppleScript with Elevated Privileges from Objective C

    - by cygnl7
    I'm attempting to execute an uninstaller (written in AppleScript) through AuthorizationExecuteWithPrivileges. I'm setting up my rights after creating an empty auth ref like so: char *tool = "/usr/bin/osascript"; AuthorizationItem items = {kAuthorizationRightExecute, strlen(tool), tool, 0}; AuthorizationRights rights = {sizeof(items)/sizeof(AuthorizationItem), &items}; AuthorizationFlags flags = kAuthorizationFlagDefaults | kAuthorizationFlagExtendRights | kAuthorizationFlagPreAuthorize | kAuthorizationFlagInteractionAllowed; status = AuthorizationCopyRights(authorizationRef, &rights, NULL, flags, NULL); Later I call: status = AuthorizationExecuteWithPrivileges(authorizationRef, tool, kAuthorizationFlagDefaults, (char *const *)args, NULL); On Snow Leopard this works fine, but on Leopard I get the following in syslog.log: Apr 19 15:30:09 hostname /usr/bin/osascript[39226]: OpenScripting.framework - 'gdut' event blocked in process with mixed credentials (issetugid=0 uid=501 euid=0 gid=20 egid=20) Apr 19 15:30:12: --- last message repeated 1 time --- ... Apr 19 15:30:12 hostname [0x0-0x2e92e9].com.example.uninstaller[39219]: /var/folders/vm/vmkIi0nYG8mHMrllaXaTgk+++TI/-Tmp-/TestApp_tmpfiles/Uninstall.scpt: Apr 19 15:30:12 hostname [0x0-0x2e92e9].com.example.uninstaller[39219]: execution error: «constant afdmasup» doesn’t understand the «event earsffdr» message. (-1708) After researching this for a few hours my first guess is that Leopard somehow doesn't want to do what I'm doing because it knows it's in a setuid situation and blocks calls that ask about user-specific things in the applescript. Am I going about this all wrong? I just want to run the equivalent of "sudo /usr/bin/osascript ..." Edit: FWIW, the first line that causes the "execution error" is: set userAppSupportPath to (POSIX path of (path to application support folder from user domain)) However, even with an empty script (on run argv, end run and that's it) I still get the 'gdut' message.

    Read the article

  • Implementing Role based Helpers

    - by Cynics
    So my question is how would you implement your handwritten Helpers based on the role of current user. Would it be efficient to change the behaviour at request time? e.g. the Helper somehow figures out the role of user, and include the proper SubModule? module ApplicationHelper module LoggedInHelper # Some functions end module GuestHelper # The Same functions end # If User is Guest then include GuestHelper # If User is LoggedIn then include LoggedInHelper end Is it efficient this way? is it rails way? I've got a whole bunch of function that act like this, and I don't want to wrap every single one of them in an if statement def menu_actions if current_user.nil? # User is guest { "Log in" => link_to "Login", "/login" } else # User is Logged In { "Log out" => link_to "Logout", "/logout" } end end Thank you for your time and thoughts.

    Read the article

  • Can someone explain this block of ASP.NET MVC code to me, please?

    - by Pure.Krome
    Hi folks, this is the current code in ASP.NET MVC2 (RTM) System.Web.Mvc.AuthorizeAttribute class :- public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } if (this.AuthorizeCore(filterContext.HttpContext)) { HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache; cache.SetProxyMaxAge(new TimeSpan(0L)); cache.AddValidationCallback( new HttpCacheValidateHandler(this.CacheValidateHandler), null); } else { filterContext.Result = new HttpUnauthorizedResult(); } } so if i'm 'authorized' then do some caching stuff, otherwise throw a 401 Unauthorized response. Question: What does those 3 caching lines do? cheers :)

    Read the article

  • BetterAuthorizationSample weird???

    - by Nano8Blazex
    I have a quick, newbie question... I just started looking through authrozation services and Apple's BetterAuthorizationSample... for some reason, I just can't get the hang of it. For example... I deleted the HelperTool and InstallTool and SampleTool.c and all references, but why does the program seem to continue work like nothing happened at all even after a clean build? Even commenting out all the code in SampleTOol.c doesn't seem to affect the way the program runs? Thanks

    Read the article

  • acl9 and devise don't seem to work well together

    - by Nik
    I have a user model which is access controlled by ACL9 in userscontroller: ACL9 related stuff before_filter :load_user, :only = [:show] access_control do allow :owner, :of = :user, :to = [:show] end def load_user user = User.find(params[:id]) end in ApplicaitonController I have a rescue_from 'Acl9::AccessDenied', :with = :access_denied def access_denied authenticate_user! # a method from Devise end it is no problem to type in url for sign in page http://localhost:3000/users/sign_in but it is a problem when for example I type in the user page first, which I am to expect to be redirected to sign in page automatically thru the logic above http://localhost:3000/users/1 #= infinite redirect hell. it tries to redirect back to users/1 again(!?) instead of directing to users/sign_in Does anyone have an opinion as to what might be going wrong? Thanks!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >