Authorization is the module of an application that is responsible to manage user access to the application resources.
1
vote
0answers
54 views
Claims authorization service usage
I'm doing an AuthorizationService. I'm not sure how to do the usage interface of this service, so that it's practical and handy. It doesn't necessarily has to be an ...
2
votes
1answer
85 views
Fluent API of a RBAC implementation - follow-up
In the past I posted a question that tried to implement a nice API to support RBAC authorization to resources. And due to the epoch and probably to the bount it was moderatly well received by the ...
6
votes
1answer
82 views
Simple authorization module with Rails
I created a simple Authorization module with Rails. I found that there are other authorization systems, such as CanCanCan, but they grant permissions at Model level and, for this particular website I ...
1
vote
1answer
129 views
Another PHP login handler
I wrote this class to handle login sessions for a framework I'm writing for educational purposes.
My major areas of concern:
Style
I know my style is a little contrary to most coding conventions. ...
5
votes
1answer
402 views
MVC app to associate users with roles
I'm a beginner to web programming and just started a MVC project from scratch. Because this will become a large project eventually, I would like to make sure that I'm doing things kind of right from ...
1
vote
1answer
42 views
Checking whether users have a role that allows them to index sheets
Is there any DRYer way to write this method ? or is it better to keep it this way for better reader understanding ...
Each role has a list of authorised activities for a specific resource ( in this ...
6
votes
1answer
113 views
MVC4 approach to checking authorization after POST
I have a very simple form that is designed to update account expiration dates. I'm currently creating a View Model and sending that to the form, however, I still have to pass along a GUID so I know ...
2
votes
2answers
320 views
Checking for user permissions
The idea here is we have Roles, Permissions, and a table called PermissionRoles that connect the two. So a Permissions can be in many Roles, and many Permissions can have the same Role. So what the ...
3
votes
2answers
150 views
Single MySQLI query to check for admin privileges
I have this script on top of all pages to check if user is admin otherwise we kick him. The problem is that I don't know if I am using double resources with a double query and results. Can I make this ...
2
votes
1answer
336 views
Approach to MVC 4 windows group security to enable/disable controls in view
There are 3 window groups to add users and the application uses MVC 4. Here's my approach to add security attributes to my controllers and pass user's role to the view in order to enable/disable ...
4
votes
2answers
73 views
3
votes
1answer
49 views
Returning preferences
I have a function that returns some preferences, but first I have to do some checks to see whether the user is authorised to read them. I'm still not happy with the result (the match is a bit ugly).
...
4
votes
1answer
520 views
PHP login script security check
I made an admin login script for my own CMS website that I'm making in Code Igniter 2.2.1 and I'd like to know what are the potential threats or some holes that I might have left open.
This is how it ...
4
votes
2answers
158 views
Allow certain IP addresses to run a C++ program
I coded an executable program (.exe) that I only want run either from my home computer, our main server, or people in our development team.
I have coded logic that will only allow the program to be ...
5
votes
2answers
58 views
Activity-based permission checking
I threw together this Python function to check if a User has a certain Permission.
First of all, Permissions have this kind of format: ...
10
votes
2answers
240 views
14
votes
8answers
394 views
Create a new Member
I was tasked with member creation on a site that was already developed for Active Directory, so the log in functionality was there and most of the site was all ready to go (after minor major tweaks).
...
3
votes
1answer
211 views
Is there currently anything wrong with my custom authentication and authorization?
I have my reasons not to use the ASP.NET membership. Though this causes me some issues. I read about a thousand articles on ASP.NET MVC custom authentication and I've found that almost all of them are ...
3
votes
2answers
96 views
Iteration of password hashing in PHP - follow-up
This is a follow-up question to Iteration of password hashing in PHP
I've gone trough a lot of documentations and stuff to get a feel for this hashing jungle, and done some adjustments to my code ...
1
vote
0answers
310 views
Rails Controller vs Service Object for Application Logic
I have a #change_account action in the accounts controller that verifies if the user has access to the requested account prior to changing the current_account which happens via setting the ...
6
votes
2answers
622 views
Attempting to utilize OOP with a user-management class
Originally, this isn't how I would have done this at all. I was told by someone I know who is a programmer that I needed to include several functions: one for removing and adding users, one for ...
2
votes
1answer
42 views
Admin page select
This is a follow up question to: Admin page select function
Here, index.php does the following:
Checks for a login status using sessions and a cookie
If logged ...
8
votes
2answers
2k views
Feature-based authorization
Feature-based authorization
It seems to me that if you rely on roles to authorize a web application it makes it very difficult to render UI or code based on a set of features. This means that each ...
10
votes
1answer
1k views
Fluent API of a Role based access control implementation
I am trying to provide a fluent API for authorization based on roles.
As you will see I separated my implementation in two related Interfaces the Session and the Query. The session provides all roles, ...
3
votes
4answers
358 views
Building an ACL based on permission level
I'm building a symfony project and at some point I've come up with a switch case to manage the acl rights. I would prefer using a dynamic access to the constant but havn't find a good solution. I've ...
6
votes
1answer
203 views
PBKDF2 authorization
I've discovered that using hashed passwords with salts is a much better idea than MD5/SHA256, so I'm not hashing them with PBKDF2. However, I'm wondering if this is a correct approach to authorizing ...
7
votes
2answers
2k views
Custom Authentication Attribute
I was trying to find a way to redirect to different pages on authorization and authentication failure. I found this to be a possible solution.
However, I ended with a different solution by myself. It ...
10
votes
1answer
36k views
Custom Authentication, Authorization, and Roles implementation
I've got an MVC site, using FormsAuthentication and custom service classes for Authentication, ...
17
votes
3answers
4k views
Administration Elevation
I'm looking into Administration Elevation and I've come up with a solution that seems like it's perfectly sane, but I'm still in the dark about the professional methods to accomplish this.
Is there a ...
