Questions tagged [authorization]

Authorization is the process of determining whether a user, program or device is allowed to access a protected resource in a particular way. Authorization is a key theme in computer security practices.

Authorization is distinct from authentication but the two are often used together.

In Role Based Access Control (RBAC), an authorization decision may be dependent upon the identity of the user - whether the user is a member of a given role or group. This usually requires that the authorization authority know and understand the users identity and their membership in various groups or roles.

In Attribute Based Access Control (ABAC), an authorization decision may be based upon attributes provided by a trusted authority. These attributes may be indirectly associated with the user making the access request, but the authorization decision can be made even if the authorization authority does not know or recognize the identity of the user. (See SAML claims and assertions)

Authorization is sometimes abbreviated as "AuthZ", while authentication is "AuthN".

8893 questions

votes

2 answers

Rails - Determining group membership after authenticating against an OpenLDAP server

I am maintaining a Rails app that uses Devise LDAP for authentication. I am migrating away from Active Directory towards OpenLDAP, which I have set up with the same structure. OpenLdap was installed using the apt-get packages slapd and ldap-utils on…

asked Jan 15 '13 at 22:12

Jimmy

5,541
1
19
21

votes

2 answers

Symfony2 - Dynamic Role Management

I'm working on a CRM which will feature advanced authorization and the management of users in groups that have a specific role in the system. Basically, what I'd like to do is this: Manage Dynamic Authorization for (Domain) Models / Controllers /…

php security symfony authorization user-management

asked Dec 12 '12 at 19:59

Simon

1,437
7
26
57

votes

1 answer

HttpContext.Current.Request.LogonUserIdentity.Groups returns different results

I'm trying to use MVC Authorize attribute on a particular controller in my MVC intranet application using Windows authentication. IIS 7.5 is set to use Windows Authentication only, and anonymous access is off in web.config. I am authenticated to…

asp.net-mvc active-directory authorization authorize-attribute

asked Dec 12 '12 at 13:46

DrewB

votes

2 answers

Google Maps Android v2 Authorization failure

I am testing the sample google code on an actual device having 2.3.6.I thought it might be the problem with the key ,so I created different key on a different account through Google's API Console.Still the same problem "Google Maps Android…

android authorization google-maps-api-2

asked Dec 07 '12 at 05:19

Sanket

votes

4 answers

Commit to VisualSVN fails auth rejected

I have trouble making commits to a subversion repository powered by VisualSVN server. I can checkout code and update, so the username and password I am using is correct. However, when I am trying to make a commit, I get consistent Authorization…

svn authentication authorization basic-authentication visualsvn-server

asked Dec 03 '12 at 05:58

user1871696

votes

0 answers

Trying to understand the lifetime of the AuthorizationContext object

I have a simple authorization setup that checks for certain configured active directory roles in a custom authorization policy (IAuthorizationPolicy) - and adds claims if those roles are possessed. On top of that, I have a subclass of…

.net wcf authorization wcf-security claims-based-identity

asked Aug 31 '09 at 19:56

McLovin247

votes

2 answers

Authorize with multiple action in CanCan

I am trying to understand a bit better the capabilities of CanCan when it comes to authorization. Imagine this controller action: def update if can? :action, Model or can? :resolve, Model or can? :authorize, AnotherModel # My Code here …

ruby-on-rails authorization cancan

asked Nov 14 '12 at 11:48

Tallmaris

7,485
3
25
57

votes

1 answer

Backbone restrict routes from user in permission based app

This is more of a request for pattern and discussion rather than a simple one-off question. I have a backbone app where user can be part of different roles. The routes are defined as usual: routes: "": "showHomePage" "import":…

backbone.js permissions authorization

asked Nov 13 '12 at 16:25

Tallmaris

7,485
3
25
57

votes

1 answer

Custom role based authorization (without membership)

I'm pretty new to MVC and developing an application with ASP.NET MVC 4. For authentication I'm using Windows Authentication with Active Directory in a domain. Next step is to authorize users (without using membership). Went through several articles…

c# asp.net-mvc-4 authorization

asked Nov 05 '12 at 06:28

chatura

4,057
4
17
19

votes

1 answer

How to authorize user in MediaWiki 1.19 without password?

In my plugin I have only username or email and I have to authorize that user. I found next issue, but it didn't work for me: class ApiPlugin extends ApiBase { public function execute() { $params =…

php authorization mediawiki session-cookies

asked Nov 03 '12 at 09:09

Reshat Belyalov

votes

1 answer

Want to look up an AD Group's SID without using samAccountName or DirectoryServices.AccountManagement

Question: In C#, is there a way to look up an Active Directory Group SID without using DirectoryServices.AccountManagement library or icky-ugly LDAP? [UPDATED] -- Why I'm asking: The [Authorize] attribute and the underlying…

c# asp.net-mvc authentication active-directory authorization

asked Oct 31 '12 at 20:50

one.beat.consumer

9,197
11
51
96

votes

0 answers

Jenkins + Crowd2 plugin: execute API from 3rd party application

Goal: I want do write an application that can trigger Jenkins jobs and itself also authenticates users against the Crowd server. The users must be in a separate crowd group to be authorized to act on Jenkins. Setup: I am using the Crowd2 plugin to…

authentication jenkins authorization atlassian-crowd

asked Oct 28 '12 at 12:35

try-catch-finally

6,720
6
37
64

votes

1 answer

MvcSiteMapProvider causing authorization issues with MVC4 website

I'm trying to implement MvcSiteMapProvider with my new MVC4 website, but I've run into something that I can't seem to fix. I setup authorization with Active Directory (no role provider currently), and everything was working as it should. When you…

asp.net-mvc authorization mvcsitemapprovider authorize-attribute

asked Oct 25 '12 at 19:04

trebuchetty

votes

1 answer

Tortoise Hg not detecting users created in SCM Manager (Mercurial)

I am a newbie to mercurial and SCM Manager. I installed SCM manger 1.20 for managing Mercurial repositories (OS - Windows 7) . I am using tortoise Hg at the client side .I am able to create users, repositories, groups and can give permissions to…

version-control mercurial authorization tortoisehg scmmanager

asked Oct 10 '12 at 10:34

Arjun

votes

1 answer

The correct way of the authentication and authorization of a JAX-WS Web Service?

I have trouble with implementing the authorization of a JAX-WS Web Service. I'm developing a Swing application that can be connected to a Java EE application via a JAX-WS web service. Users can log in to the server with the Swing application, and…

web-services glassfish authorization jax-ws

asked Oct 04 '12 at 14:43

matyig

Prev 1 2 3

…

100