Questions tagged [authorization]

1

votes
1

answer
173

Views

Where is the ClaimsIdentity information stored after calling AuthenticationManager.SignIn() using CookieAuthenticationProvider

We are using the Microsoft.Owin.Security.Cookies.CookieAuthenticationProvider in an ASP.Net MVC web application. The 'sign in' code uses a custom class that keeps track of authorization info (userRights in the example below). The code looks like this: string auth = JsonConvert.SerializeObject(userRi...
Louis Somers
0

votes
0

answer
5

Views

Plugin for authorization in header for wordpress api

I am creating WordPress api and i am getting error in my server { 'code': 'rest_cannot_create', 'message': 'Sorry, you are not allowed to create posts as this user.', 'data': { 'status': 401 } } but in my local machine its working fine . which plugin is used for authentication in WordPress api? i ha...
Emmie Andrew
0

votes
2

answer
11

Views

how to receive username with token by django rest authetication?

I am using django Django=2.1.7 and rest framework djangorestframework=3.9.2 This is my url for login path('rest-auth/login', include('rest_auth.urls')), When I enter username and password I got the token from rest API. But I want my user detail like name, id etc to show in my react components. Pleas...
imsaiful
1

votes
2

answer
65

Views

What is the best way to communicate authorization between a client and REST API?

I'm developing an application will use AngularJS for the front-end, communicating to a REST service on the backend, implemented as J2EE/Spring. The back-end services are secured through role-based authorization. In the front end of the application I would like to have the UI only allow users to per...
roxyblue
1

votes
1

answer
878

Views

Laravel 5.5/Angular JWT logout

I have an issue with logging out using JWT package. On Angular side I am removing the token from local storage and calling Laravel API: logout(): void { this.cacheHandler.clearCache(); return this.http.get(environment.apiUrl + 'logout') .toPromise() .then(response => { const responseData = response....
Norgul
1

votes
0

answer
1.1k

Views

Custom Validation of HTTP Authorization header in Spring boot

There are multiple REST APIs exposed in my spring boot application. Some of these APIs require Authorization and some doesn't. Authorization is being done using the HTTP Authorization header. Is there some way in Spring boot using Annotations or any other simpler way to do Authorization on few of th...
Vineet Singla
1

votes
1

answer
1.1k

Views

Laravel Passport APi - Implicit grant

I want to build a spa via angularjs and use laravel as a api for the spa. Reading trough the docs of laravel passport i discovered that i need to use the implicit grant for this purpose. But i am not really sure in how it should work from front to back. I just want to have the ability to log in a us...
Jules
1

votes
1

answer
107

Views

How to programatically accomplish url authorization in iis7 for an application?

I created a ftp site 'TestFtpSite' and an application with path '/LocalUser/demor'. Here is the configuration in ApplicationHost.config. After reading understanding-iis-url-authorization, I found that we can add location tag in ApplicationHost.config file to secure an application. But I couldn't fin...
Dream
1

votes
1

answer
32

Views

How to restrict users from logging in to website outside the company’s LAN

I have to create an application on MVC .Net where in some users can access the application from outside the company but others cannot. the users will be allocated roles and based on that either they are allowed or not allowed to access the web application from outside the company’s network. How ca...
Pooja Sharma
1

votes
0

answer
74

Views

Permission(ACL) middleware for Multer that acts based on multipart/form-data parameters

In my Express.js REST API, I'm using multer to upload images into server's static folder with diskStorage. I have wanted to build a generic file upload page for both users and admins. Detailed use case is as follows: choose a category from a drop-down list write an valid id in the form field, choos...
gokcand
1

votes
0

answer
303

Views

Distributed or Central Authorisation in Django Microservices

I'm building a Django rest framework based service which has some complicated permissions. So far, my microservices stack looks like this: /auth/ JWT authentication service /users/ - adding users, adding them to different services /new-service/ - needs authorization Users database is shared by auth...
Edward Williams
1

votes
0

answer
154

Views

Azure equivalent to Google Cloud IAP?

Cloud IAP works by verifying a user’s identity and determining if that user should be allowed to access the application. Is there anything like this on Microsoft Azure?
Jacob Krall
1

votes
1

answer
183

Views

config.xml getting replaced on jenkins restart

I want to disable security in jenkins. I stopped the service, edited $JENKINS_HOME/config.xml as given in https://wiki.jenkins.io/display/JENKINS/Disable+security and https://wiki.jenkins.io/display/JENKINS/Disable+security But whenever i restart, the content is getting replaced with initial value....
Sarath
1

votes
1

answer
790

Views

Role authorization in .net core 2.0 using Identity

I am using .net core 2.0 and trying to do authorization using asp identity in a mvc website. (Authentication is done using Google OAuth). Authentication is working fine i.e users can access controllers/views after logging in through google. But when I try adding a role('Admin') to a particular contr...
vicky99
1

votes
2

answer
118

Views

AuthzForce XACML Response is Indeterminate

I am exploring Authzforce XACML3.0 and I have been running into issues. I keep getting my responses as indeterminate. Below is my setup and the Exception trace which it throws. Any help is appreciated. Request File: Julius Hibbert 45 46 http://medico.com/record/patient/BartSimpson read Policy File:...
Nishant
1

votes
0

answer
63

Views

ReactJS security/obfuscation of constants and authed-only routes/scripts

I am developing a ReactJS app with PHP/Apache as a backend REST server. The app will have both public routes as well as private (admin-only) routes. On top of this, I will require to protect data such as Google Maps API premium client ID + secret so I do not want to include this in my app.js. Is the...
U4EA
1

votes
0

answer
112

Views

ASPNETCORE ConfigureServices does not run

I follow the Microsoft document to implement the policy-based authorization in my web service but the function 'ConfigureServices' does not run. Please let me know if I have something missing. Startup.cs using Microsoft.Owin; using Owin; using Microsoft.AspNetCore.Authorization; using Microsoft.Exte...
littlecodefarmer758
1

votes
1

answer
95

Views

IIS disable authentication in subfolder

In my web.config in application is: In web.config in app folder is: This working, but I want to give access to my_public folder for anonymous users. In my_public folder is site about.aspx. In web.config in my_public folder is: When user go to my_public/about.aspx always is redirect to app/login.as...
Łukasz Walkowiak
1

votes
0

answer
59

Views

Apple Watch Healthkit access inconsistent

I have two sets of [Apple Watch Series 2 / iPhone 7] combinations and, when I run the application I've written that reads the heart rate from the HealthKit, it runs perfectly on one but I get an 'Authorization request canceled' error on the other watch. I have no idea why. The iOS on the working iP...
hitlad
1

votes
1

answer
211

Views

PouchDB allows unauthorized users to create admins

I have a pouchdb (using their own server) installation running. If I do curl -X PUT 127.0.0.1:5984/_config/admins/anna -d ''secret'' I get {'error':'unauthorized','reason':'You are not a server admin.'} as expected. BUT, If I use the pouchdb-authentication plugin and run the following in the browse...
Andrey
1

votes
2

answer
38

Views

How and when the XACML engine execute obligations

I want to know all the steps for the execution of obligation by the XACML enforcement engine (PEP, PDP, PIP, PAP) and when the execution is triggered. example of obligation: Your medical record has been accessed by: thanks
A.Gh
1

votes
1

answer
177

Views

How to set username using createSignInIntentBuilder() with AuthUI.IdpConfig.PhoneBuilder()

I'm trying to make authorization for my app with phone number and username using createSignInIntentBuilder() startActivityForResult( AuthUI.getInstance() .createSignInIntentBuilder() .setAvailableProviders( Arrays.asList( new AuthUI.IdpConfig.PhoneBuilder().alsoAddUsername().build())) .setLogo(R.dra...
Alexander Boyarshinov
1

votes
0

answer
877

Views

Alternative to Response.Redirect in ASP.NET Core

I am working with middleware .net core web application, I am trying to redirect un authorized user /Account/Login, I am try to use following code which is not working fine. public async static void Athenticate(HttpContext context) { if (/*unauthorized user*/) { //destroy session Redirect user to log...
Saif
1

votes
1

answer
427

Views

Unauthorized 401 error while 'execute as me'

I am struggling with a web app I have deployed. When the site permission is available to 'all with the link', as the app is set to 'execute as me', a spreadsheet is properly removed from my drive and a new file created. If I restrict access to certain email addresses, the code no longer works. I t...
Glib
1

votes
1

answer
1.4k

Views

Use Authorize Attribute with Custom Claims based Authentication

I want to build my own authentication process using Claims based authentication in my ASP.net MVC project. I want to be able to use the Authorize attribute (including roles), for example [Authorize(Roles='admin')] and [Authorize(Roles='Frontenduser')] as I will have multiple types of users. I don't...
dan
1

votes
0

answer
153

Views

Flask-Dance OAuth with Custom OAuth provider

I m trying to use Flask-Dance OAuth with custom OAuth provider.I have integrated it successfully with mentioned service providers like github. But when I try to use authorise:github with OAuth using Custom Provider it does not get authorise, account_info.ok prints as false. What I want to do is usi...
Dheeraj
1

votes
0

answer
55

Views

Alfresco custom url access authorization

I want to know if there is a mechanism in Alfresco (share) to prevent some user to access some urls basing on custom config, or can I create a custom authentication level for Spring surf. If there is no manner in Alfresco, have you any suggestion to interpolate an external mecanism of Spring or othe...
Oussama Werfelli
1

votes
1

answer
880

Views

Asp.Net Core: order of execution of IAuthorizationFilter and Authentication Service

I'm implementing both authentication and authorization mechanisms in Asp.Net Core Web Api application. I use JWT for users authentication configured in: ConfigureServices(IServiceCollection services) { ... services.AddAuthentication(...).AddJwtBearer(...) ... } (similar to https://stackoverflow.com/...
Aviko
1

votes
2

answer
1.8k

Views

Using Authorization Header in Javascript

Im a total noob and I'm just beginning to learn about APIs. I'm trying to use the Yelp API and I cant seem to access it. According to the documentation, I'm supposed to: 'Put the API Key in the request header as 'Authorization: Bearer ' I'm not familiar with Authorizations and Not sure if I'm doing...
Ariel Solano
1

votes
0

answer
172

Views

Setting Authorization Bearer using Asynctask?

I am getting file not found exception with 405 status code when I try to pass Authorization Bearer using Asynctask and if I comment the line passing Authorization Bearer I am getting 403 with status code. below is my code. class getloantypes extends AsyncTask{ private String LOANURL= 'http://185.78...
Sunil P
1

votes
0

answer
292

Views

How to Create a Custom Authorization for Specific User in MVC 5?

I know there is so many discussion on that topic but still I can't get it right (as I am beginner in MVC). I want to check permission (Edit/Delete/Update) for each user from database. Here is my database structure for better understand of this scenario: User_MenuRole Table and User_MenuDetails I w...
Parvez
1

votes
1

answer
680

Views

Jersey REST client post with authorization

I am using Jersey 1.9 in my Java Spring MVC web application. I am trying to make a post request for which I have to set two header values - authorization and content type. I was able to successfully make the post using postman REST client. I have tried many solutions found online, but the response I...
Geo Thomas
1

votes
0

answer
278

Views

Spring multiple OAuth2 authorization servers with Eureka

I'm currently developing an application with a micro-service architecture back-end using Spring. We are using Zuul+Eureka for load balancing and service discovery and OAuth2 for authorization. Is it possible to route requests to the OAuth2 endpoints on the authorization server through zuul? We want...
J. Leander
1

votes
0

answer
172

Views

Using ionic 3 facebook login with spring backend

I do realise similiar questions have been asked, but I could not make it work with answers to them, please try and help my specific case. I am developing a hybrid mobile app with latest version of ionic. I want the users to log-in to the app with facebook and with facebook only - no other account c...
furry12
0

votes
2

answer
13

Views

Laravel custom login is failing for the first time with “route [login] not defined” error. Working fine in second attempt

I'm setting up my custom authentication system in my Laravel app. I've deleted all the default auth controllers and not using make::auth. And my auth is working properly. My main problem is that when I tried to log in for the first time, it's failing with 'Route [login] not defined' error, but in se...
1

votes
1

answer
9

Views

How to keep the user's session active without the user having to reauthorize my application every time [DocuSign API]?

I would like to ask the user to authorize my application only once and then be able to use his credentials to make DocuSign API call even when he is not connected to perform automatic operations. I am currently using Authorization Code Grant but how can i do to never ask the user to authorize my app...
Synergy
1

votes
1

answer
485

Views

Looks like I encountered an error (error #404) in mautic

recently install mautic 2.8.1, after setup api ,authorized it in auth2, after so many try it only gives output: Looks like I encountered an error (error #404). If I do it again, please report me to the system administrator! Do you have any idea, about this how to resolve this issue.
vinod bhandary
1

votes
0

answer
54

Views

AngularJS multiple resolve for different APIs but only call the APIs if the user is authorized which is checking another resolve

Look at sample code below, there is authorize function, first item in resolve, the problem is before my authorize function return response the other items like initData() and dashboardData() will start and try to fetch data, I want initData() and dashboardData() to start only after my checkAuthoriza...
Abeez
1

votes
0

answer
115

Views

Proper way to Authorize Ajax requests on Web API, originate from a MVC view of the same Project?

I have an MVC Application, which allows logged-in users to perform CRUD operations according to their Roles. I have handled authentication and authorization for the MVC App (with OWIN). I have Web APIs within the same project which are mostly used to handle delete requests(Ajax) originate from list...
Prasad De Silva
1

votes
1

answer
61

Views

asp.net Authorization rules not working as expected

There are two users; admin with systemAdmin role and not powerUser role powerUser with powerUser role and not systemAdmin role I have the following config in Web.config file located in Project\SystemAdmin directory: When testing with admin user with systemAdmin role; TestPowerUser.aspx can be viewed...
Teeracroptus

View additional questions