Questions tagged [asp.net-authorization]

Authorization determines whether an identity should be granted access to a specific resource.

Authorization determines whether an identity should be granted access to a specific resource. In ASP.NET, there are two ways to authorize access to a given resource:

File authorization File authorization is performed by the FileAuthorizationModule. It checks the access control list (ACL) of the .aspx or .asmx handler file to determine whether a user should have access to the file. ACL permissions are verified for the user's Windows identity (if Windows authentication is enabled) or for the Windows identity of the ASP.NET process. For more information, see ASP.NET Impersonation.
URL authorization
URL authorization is performed by the UrlAuthorizationModule, which maps users and roles to URLs in ASP.NET applications. This module can be used to selectively allow or deny access to arbitrary parts of an application (typically directories) for specific users or roles.

365 questions

votes

2 answers

MVC Core How to force / set global authorization for all actions?

How to force / set global authorization for all actions in MVC Core ? I know how to register global filters - for example I have: Setup.cs services.AddMvc(options => { options.Filters.Add(new RequireHttpsAttribute()); }); and this works fine,…

asp.net-core-mvc authorize-attribute asp.net-authorization

asked Apr 04 '16 at 21:45

Lukasz Mk

5,995
2
22
38

votes

10 answers

How to specify root (/) location in web.config?

How does one specify root location in web.config to allow unauthenticated users access it? The root location is served by default.aspx, but users normally don't see default.aspx, they just see http://mysite.com/. So I've added

asp.net web-config asp.net-authorization

asked Feb 20 '12 at 08:19

Michael Entin

4,936
2
19
21

votes

1 answer

How can I implement Claims-Based Authorization with ASP.NET WebAPI without using Roles?

I have an ASP.Net WebAPI 2 Application that uses Claims. The claims are stored as two additional columns in a standard Identity2 AspNetUsers table: CREATE TABLE [dbo].[AspNetUsers] ( [Id] INT IDENTITY (1, 1) NOT…

asp.net asp.net-mvc asp.net-web-api asp.net-identity-2 asp.net-authorization

asked Nov 07 '14 at 16:47

user3568783

votes

1 answer

How to lock down paths in ASP.NET MVC?

I'm playing around with MVC 4 for the first time to check out what's been changed/added/etc compared to MVC 3. To start off, I created a blank MVC 4 Web Application and started building from scratch. One of the first things that I noticed that is…

asp.net-mvc web-config forms-authentication asp.net-authorization

asked Aug 01 '12 at 18:08

Jed

9,963
17
75
121

votes

3 answers

IdentityServer4 + Asp.Net Core Identity - Map Identity to application database user

I am trying to implement an IdentityServer4 with Asp.Net Core Identity. I want to use IdentityServer4 as centralized authentication/authorization point for APIs using always the same identity. So the idea is to store the Asp.Net Core Identity stuff…

asp.net-core identityserver4 asp.net-core-identity asp.net-authorization

asked Sep 04 '17 at 13:15

Jazjef

votes

1 answer

Url Authorization with MVC and ASP.NET Identity

I want to secure specific folders and resources in my application that are outside of the routes for my mvc application. I want these resources to only be available to authenticated users (which role is not of concequence as long as they are…

asp.net asp.net-mvc asp.net-identity-2 asp.net-authorization

asked Feb 27 '17 at 13:09

Igor

55,253
10
80
149

votes

2 answers

Dependency Injection on AuthorizationOptions Requirement in DotNet Core

I have a .NET core project and am trying to create a custom policy using AuthorizationOptions as shown in the documentation located here: ASP.NET.Core Authorization - Dependency Injection in requirement handlers The examples show setting up an…

dependency-injection asp.net-core autofac .net-core asp.net-authorization

asked Feb 23 '17 at 18:17

Pacificoder

1,201
2
14
27

votes

1 answer

Custom token location for JwtBearerMiddleware

We have a calling client requesting to our system that does not place the Bearer token in the standard place ('Authorization' header) I would like to create a custom handler that looks for the JWT in the correct place. Besides forking the…

.net asp.net-core jwt asp.net-authorization asp.net-core-middleware

asked Jan 31 '17 at 10:25

Lutando

4,689
17
37

votes

1 answer

Authorize user based on API-key supplied in request header in ASP.NET Core

I'm trying to rewrite some authorization I currently have for ASP.NET 4.6 in ASP.NET Core. I understand that Authorization has changed a bit, and I find it difficult to implement my very simple auth strategy in ASP.NET Core. My requirements: Every…

asp.net-core authorization asp.net-authorization asp.net-core-identity

asked Feb 06 '17 at 14:13

msk

votes

1 answer

ASP.NET MVC How to create a custom role provider

Being relatively new to ASP MVC, I'm unsure which would better suit my needs. I have built an intranet site using Windows authentication and I'm able to secure controllers and actions using the Active Directory roles,…

asp.net asp.net-mvc asp.net-mvc-5 windows-authentication asp.net-authorization

asked Jan 30 '17 at 16:33

Rapscallion

votes

3 answers

Prevent FormsAuthenticationModule of intercepting ASP.NET Web API responses

In ASP.NET the FormsAuthenticationModule intercepts any HTTP 401, and returns an HTTP 302 redirection to the login page. This is a pain for AJAX, since you ask for json and get the login page in html, but the status code is HTTP 200. What is the way…

asp.net forms-authentication asp.net-mvc-4 asp.net-web-api asp.net-authorization

asked Jun 18 '12 at 17:07

vtortola

32,045
25
144
246

votes

3 answers

Refit and authorization header

Currently, I am adding an authorization header to my request like this: File: SomeFile.cs public interface ITestApi { [Get("/api/test/{id}")] Task GetTest([Header("Authorization")] string authorization, int id); …

c# asp.net-authorization refit

asked Oct 19 '18 at 07:17

thd

1,793
6
28
44

votes

4 answers

Privilege Elevation in an MVC3 web application with Windows authentication

I have a requirement to implement user privilege elevation in an MVC3 web app, for both Forms and Windows authentication, but this question is critical for Windows auth. This is for a higher privileged user to give assistance to a lower privileged…

asp.net-mvc asp.net-mvc-3 asp.net-authorization

asked May 26 '12 at 09:41

ProfK

44,292
106
358
713

votes

1 answer

Clarifying Identity Authorization: using Claims as Roles, Roles and Claims or Role Claims

I'm starting with ASP.NET Identity's Claim authorization and I would like to clarify the way of proceeding with them if I need the "roles" concept in my app. Note: I'm really new with this, so all the concepts are flying in my head, please be kind,…

c# asp.net-core-mvc asp.net-identity asp.net-authorization

asked Sep 01 '17 at 09:27

MorgoZ

1,834
3
22
47

votes

2 answers

MVC 4 AuthorizeAttribute.HandleUnauthorizedRequest ViewResult - infinite loop

i've stepped through my code a million times and can't find a problem with my implementation.. in custom AuthorizeAttribute i overwrote 2 methods protected override bool AuthorizeCore(HttpContextBase httpContext) { if…

asp.net-mvc asp.net-mvc-4 asp.net-authorization

asked Nov 16 '13 at 00:02

Sonic Soul

21,043
31
118
190

2 3

…

24 25 Next