authorization

问题 I'm wondering about the best way to structure authentication/authorization in my app. I want to have many company accounts, possibly using subdomains account has many users and users can only access records that were created by themselves or another user with the same account. The research I've done provides lots of mix n' match ideas for combining devise / cancan / authlogic in weird and wonderful ways, but I've yet to find anything which shows me the best way to restrict user access to data

问题 I am getting my feet wet working with the Pyramid framework (great framework), and I've come to the point of user authorization. I want to take advantage of the ACL to block users who are already logged in from visiting the registration page. Obviously, I could do this other ways, but I was wondering if there was any way to do this using tools in pyramid. I know that by adding permissions to a view, users who do not meet the criteria are shown a forbidden view. In my case, I simply want to re

问题 I have a long-running script using spotipy. After an hour (per the Spotify API), my access token expires. I am catching this successfully, but I don't know where to go from there in regards to actually refreshing the token. I am using the authorization code flow, not client credentials. Here's how I authorize: token = util.prompt_for_user_token(username,scope=scopes,client_id=client_id,client_secret=client_secret, redirect_uri=redirect_uri) sp = spotipy.Spotify(auth=token) All refresh

问题 Situation I have a Silverlight application that uses a WCF backend. Going forward we have moved to JS clients with WebAPI. I have a couple of WebAPI controllers that I would like to use from the Silverlight client and so have them loaded within the ASP.Net application that hosts the WCF services. This works fine from a "all services are available" point of view, however Authorization is being invoked multiple times for WCF calls; from OWIN and through WCF ServiceAuthorizationManager On the

问题 I've got sonarqube 6.5 with default configs. When sonar.forceAuthentication flag is set to false, I can create and analyse project through command given below. mvn sonar:sonar -Dsonar.host.url=https://mySonarHost/sonar -Dsonar.login=mySonarUserKey When I enable sonar.forceAuthentication parameter (sonar.forceAuthentication=true), I can't analyse project. I always get maven error: [ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.3.0.603:sonar (default-cli) on

问题 Is it possible to specify that multiple roles are required inside the authorization element of the web.config file? I currently have this block in one web.config of my site for a specific directory: <authorization> <allow roles="Global, Region" /> <deny users="*" /> </authorization> I've just identified a special case where a person with two lower-level permissions than Global and Region should also have access to this directory. Roughly, I want something like this: <authorization> <allow

问题 So Apex has "workspaces", which let you create users of three types - all of which are internal to the organization in nature. Also, there seems to be no way for a developer of an individual site on Apex to have "users" just for his site. Am I missing something? I need to be able to have external (business) users to be able to get access to just some features of the site, for example, accounting can only see pages A and B while executives can see A,B, and C. I need to have ability to have

问题 Trying to secure my ASP.NET Web API-2 using Basic Authentication but it is always ending up with error: 401/Unauthorized Authorization has been denied for this request. Below are my controller and ajax request code snippet alongside the request and response headers. BasicAuthenticationHandler.SendAsync always runs successfully up-till: return base.SendAsync(request, cancellationToken); Q: Then WHY it ends up as 401/unauthorized ? If I remove [Authorize] from the controller action then it

问题 I'm using devise for authentication, however I cant see and action filter for specifying actions that require the user to login, is this included in the devise gem? if not how could I create one, I kind of have an idea but since I'm new to rails I'd rather see a solution from a more experienced programmer first. 回答1: See the Devise Readme. class PostsController < ApplicationController respond_to :html # Tell Devise that the #destroy action is # special, and that the user must be #

问题 I have a asp.net mvc project and persistent is handled by repositories . Form authentication is used. Now I need implement authorization . For example , I need to ensure a manager user can only open his/her taskes and assign workers to the taskes. A worker will only see taskes that have been assigned to him/her. A super-moderator can edit everything. Is there any ready to use framework that allow me to define permissions ? I am in the process of evaluating Ayende Rhino Security . Where can I