role-based

Role-based security with Google App Engine and Python

隐身守侯 提交于 2020-01-13 10:34:26
问题 I would like to ask what is the common way for handling role-based security with Google App Engine, Python? In the app.yaml, there is the "login" section, but available values are only "admin" and "required". How do you normally handle role-based security? Create the model with two tables: Roles and UserRoles Import values for Roles table Manually add User to UserRoles Check if user is in the right Roles group Any other idea or any other method for role-based security, please let us know! 回答1

Why Claim based authentication instead of role based authentication

不羁的心 提交于 2019-12-21 07:14:39
问题 I am new to claim based authentication. I have gone throught several aricles and could not able to figure out the exact use of claim based authentication. Here are some doubts I have about claim based authentication. I would like to know what is the difference and advantages of claim based over role based authentication. Can we connect to Sql Server 2008 R2 using claim based authentication instead of ADFS? If, so how? Advantage of using claim based authentication in WCF? Can anyone provide me

right way to have role based custom auth query database on every request asp.net mvc

戏子无情 提交于 2019-12-19 09:47:13
问题 This may be a slightly ignorant question but Im new to mvc so Im sorry! I studied the nerd dinner auth model but In my app I have a complicated role based authentication. So What I do is this: void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e) { HttpCookie authCookie = HttpContext.Current.Request .Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { string encTicket = authCookie.Value; if (!String.IsNullOrEmpty(encTicket)) { FormsAuthenticationTicket

Is ASP.NET role based security a true role based access control system?

纵然是瞬间 提交于 2019-12-11 04:34:48
问题 From what i have read from this paper I understand that a role based access control system is one where users can be assigned to roles where roles specify permissions to perform operations on objects But in asp.net we do not specify "Operations on objects", what i mean here is that how can we specify "All users in Role R can perform a delete on object O" Where is the Object Part in ASP.Net 回答1: The security model is asp.net is pretty limited. In essence you only have control at the Role level

MVC 5 Role Based Authentication

余生长醉 提交于 2019-12-09 07:05:23
问题 I am trying to lock down our "admin" page to only admins using Asp.net Identity (we are building in MVC5). I can get [Authorize(Users="admin")] to work but can not get [Authorize(Roles="Admin")] to work. I have created the role in the dbo.AspNetRoles table and then associated the account in the AspNetUserRoles by pairing the user GUID to the ID in the aspnetroles table. I have seen in previous editions of MVC you have had to get into web.config to add some lines. Can anyone help point me in

Role Based Access Control (RBAC) - .Net Component [closed]

ε祈祈猫儿з 提交于 2019-12-06 00:26:22
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed last year . In my job we are trying to consolidate the Authentication of the application farm with Windows Identity Fundation (WIF) or some custom component based in Membership Provider. With this, we need to provide the developers (and final users) some component that can help us with the logic of managment views by Role

Role Based Access Control (RBAC) - .Net Component [closed]

不打扰是莪最后的温柔 提交于 2019-12-04 06:00:48
In my job we are trying to consolidate the Authentication of the application farm with Windows Identity Fundation (WIF) or some custom component based in Membership Provider. With this, we need to provide the developers (and final users) some component that can help us with the logic of managment views by Role (RBAC - Role Based Access Control). I couldn't find anything. That's the idea: A user 'admin' can view 'Home' and 'Administration' pages. Well, like a developer, i don't want to write code to do this profiling. To do this, i expect to work with a component, that encapsulates this

Asp.net Core Identity Use AspNetUserClaims or AspNetRoleClaims?

落花浮王杯 提交于 2019-12-03 15:41:30
问题 I am still confused about all this Identity stuff. First I am still confused the difference between Roles, Policies/Claims. From what I read roles is the old way of doing stuff and was kept for backward compatibility, so does that mean AspNetRoleClaims is part of this backward compatibility? I think I understand Claims and Policies when thinking of them individual, like policy is basically a set of rules that must pass and gives the ability to change rules without having to go through out all

MVC 5 Role Based Authentication

自闭症网瘾萝莉.ら 提交于 2019-12-03 08:59:19
I am trying to lock down our "admin" page to only admins using Asp.net Identity (we are building in MVC5). I can get [Authorize(Users="admin")] to work but can not get [Authorize(Roles="Admin")] to work. I have created the role in the dbo.AspNetRoles table and then associated the account in the AspNetUserRoles by pairing the user GUID to the ID in the aspnetroles table. I have seen in previous editions of MVC you have had to get into web.config to add some lines. Can anyone help point me in the right direction? Have you specified in the web.config that you are going to use roles? <roleManager

Role-based access control (RBAC) vs. Claims-based access control (CBAC) in ASP.NET MVC

血红的双手。 提交于 2019-11-27 10:00:53
What are the main benefits of using CBAC vs. RBAC ? When is it better to use CBAC and when is it better to use RBAC? I'm trying to understand the general concepts of the CBAC model but the general idea is still not clear for me. I will try to show how you can benefit from Claim Based Access Control in an ASP.NET MVC Context. When you are using Role based authentication, if you have an action for creating customer and you want that the people who are in 'Sale' role should be able to do that, then you write code like this: [Authorize(Roles="Sale")] public ActionResult CreateCustomer() { return
订阅 role-based