I have an MVC2 site that now allows access to it via windows authentication and uses ASP.net Role provider to provide authorization. I am trying to come up with a way for the site to allow the user access to the site if his username is a member of certain groups so I won't have to sign up user in sql, but just sign up a group with access. Anybody have any idea how to do this? Is there a quick and dirty way? So far in my internet perusals I haven't found a quick and dirty way to do this? Any help would be great.
Thanks
Looking up Role/Group information for a User
ASP.NET provides a useful “Role Management” capability, which allows developers to map users into logical “Roles” that can then be used to better control end-user capabilities and authorization access. For example, as a developer I could create a role called “managers” for my web application, and then limit access to portions of the site to only those users within the “managers” role (note: I will be posting additional recipes in the future that discuss how to fully use the Role Management authorization and capabilities features more).
When using Windows Authentication, ASP.NET allows developers to create and populate roles from multiple sources. For example, a developer could setup the built-in ASP.NET 2.0 SqlRoleProvider to map Windows users to custom application roles that are store within a database. This approach is very useful for scenarios where there might be application-specific role mappings that don’t make sense to push into a centralized Active Directory tree/store.
ASP.NET also makes it easy to access central Windows and Active Directory group mappings from within an application as well. For example, if there is a Windows group on the Active Directory network called “DOMAIN\managers”, an ASP.NET application could lookup whether the current Windows authenticated user visiting the ASP.NET site belongs to this group by writing code like this:
If User.IsInRole("DOMAIN\managers") Then
Label1.Text = User.Identity.Name & " is a manager"
Else
Label1.Text = User.Identity.Name & " is not a manager"
End If
Note that the role/group look-up is done via the “User.IsInRole(rolename)” method that is a peer of the User.Identity.Name property.
src
http://weblogs.asp.net/scottgu/archive/2006/07/12/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application.aspx
Related
I am learning SSO, so familiar with basic concepts.
I have a web application(Ruby on rails), where users are saved in Postgre DB (in AWS).
The users want to log in to another service(Rollbar) using the same user credential that they use in our application. In other words, I want to move the application's user information to an identity provider, so that the users can log in with the same credentials to the application and Rollbar using SSO.
One option I thought of is to move the users to Google workspace or Azure AD, but that is too much as I am not looking for any additional features
I did see services like Auth0 and Okta - just wondering whether I am going in the right direction
Any service name or links to documentation is appreciated
I have developed a web application with following architecture:
Frontend : Angular 6
Backend : Java REST APIs with Springboot
I want to add authentication and authorization to it. For that I'm looking for some open source application (e.g. KeyCloak, Gluu etc.). I would like to know in which tool the below scenarios are supported.
There will be predefined set of Activities on UI (e.g. Add, Edit,
Delete etc)
There will be predefined Access Levels (e.g. Read, Write, No Access)
I should be able to create Roles, then assign activities and access levels to those roles and assign those roles to user.
Can you please help me to find out a tool which supports my above scenario?
I tried something for KeyCloak, but i couldn't find a way to add activities, access levels and map roles to it. I think everything there is governed by Role only.
I just realized that I need Activity based authorization and not Role based authorization. Please help me find some tool for that.
I'm not sure what is meant by activity based authorization but i suspect you actually mean permission based authorization, in example: Grant permissions to users to perform certain actions.
Shiro offers you permissions and role based authorization out of the box.
You can create roles, add permissions to these roles and assign them to a user. Supported are implicit and explicit roles, whereas one role can hold any number of permissions. You can even work with wildcards and group the permissions.
For more information you should take a look at the official Shiro entry and especially the web documentation for your project in particular. Shiro offers full support for Spring-Boot applications, you can find a HowTo here.
Shiro fully supports your described scenario.
I'm trying to look at ways of controlling ACL for REST URIs.
What I'm looking for is
Define a user
Define a role
Define an organization (User owns the org)
Now i would like to dynamically restrict/allow access to resources( REST URI) for authorized users only usin the platforms API.
I know some of the commercial products have such feautres. I'm looking for a (Apache/MIT/BSD/LGPL) licensed open source product which does this.
I've looked at Apache Syncope.It does what i need except for the requirement to control access to RESt URIs. It only treats LDAP and DB connections as resoureces and not REST URIs.
Need to figure out a solution or a tool which would do all this for me.
I'm trying to switch my site from the asp.net membership sql provider to using facebook connect to do OAuth single signon. I'd like to keep using the role provider as it makes it pretty easy secure sections of my site by flagging the controller class or controller methods with the Authorize(Roles="...") attribute. The site isn't live yet so I'll be completely ditching the Asp.net membership provider if I can. (keeping the roles and profile provider)
I've got the facebook connect logging the user in and I can get his info. But how do I associate that with a role?
I'd like the system to automatically add a new user to the "SuperHero" role after he authenticates and authorizes my app.
Am I on track here? Is there a better way to handle roles when using OAuth2? I'd like to add other OAuth providers later.
An alternate approach would be to keep the asp membership, then when I user logs in through facebook connect, I could find his record and sign him in with aspmembership. But that seems sloppy.
Some sample code would be great and I'd think others would find it helpful too.
thx,
Dan
The easiest way to do this ime is to actually implement a FacebookMembershipProvider for yourself. That way it ties in to all the other providers naturally. The main downsides are a) a lot of code b/c Membership is a fat interface, and b) some cruft b/c it assumes you'll be doing passwords, etc, which obviously you don't need for OAuth.
I am a Zend developer and I have developed one application without an admin panel. Now I want to develop an admin panel for that, so how can I develop it from the start?
What do I have to write for the redirect to the admin panel like "http://localhost/zend/public"?
How do I add an admin controller or module?
Layout of admin.
Where do I put an admin folder or what do I change in Bootstrap?
Well there are many ways. It depends on what sort of admin interface you actually need.
But usually:
1) You should have a separate module for the admin interface. That implies module based MVC structure.
2) You will want to use Zend_Acl to define user access list. I.e. create roles (for instance: guest, user, moderator, admin) and define what modules/controllers/actions they should have or should not have access to.
3) Use Zend_Auth to authenticate users.
4) Probably propagate the user information through session using Zend_Session and Zend_Session_Namespace.
5) Do at least basic security measures (prepared statements against SQL injections and $this->view->escape against XSS, possibly use CSRF token for all forms). If it is a commercial application, get a certificate.