Questions tagged [authorization]

Authorization is the process of determining whether a user, program or device is allowed to access a protected resource in a particular way. Authorization is a key theme in computer security practices.

Authorization is distinct from authentication but the two are often used together.

In Role Based Access Control (RBAC), an authorization decision may be dependent upon the identity of the user - whether the user is a member of a given role or group. This usually requires that the authorization authority know and understand the users identity and their membership in various groups or roles.

In Attribute Based Access Control (ABAC), an authorization decision may be based upon attributes provided by a trusted authority. These attributes may be indirectly associated with the user making the access request, but the authorization decision can be made even if the authorization authority does not know or recognize the identity of the user. (See SAML claims and assertions)

Authorization is sometimes abbreviated as "AuthZ", while authentication is "AuthN".

8893 questions

votes

5 answers

Restrict access to a specific controller by IP address in ASP.NET MVC Beta

I have an ASP.NET MVC project containing an AdminController class and giving me URls like these: http://example.com/admin/AddCustomer http://examle.com/Admin/ListCustomers I want to configure the server/app so that URIs containing /Admin are only…

asked Jan 23 '09 at 17:01

Dylan Beattie

50,029
31
120
189

votes

5 answers

Token Based Authentication in ASP.NET Core (refreshed)

I'm working with ASP.NET Core application. I'm trying to implement Token Based Authentication but can not figure out how to use new Security System. My scenario: A client requests a token. My server should authorize the user and return access_token…

c# authentication asp.net-web-api authorization asp.net-core

asked May 30 '15 at 13:03

Patryk Golebiowski

3,755
3
25
46

votes

4 answers

Multiple HTTP Authorization headers?

Is it possible to include multiple Authorization Headers in an HTTP message? Specifically, I would like to include one of Bearer token type (passing an OAuth access token) and one of Basic type (passing a base64 encoded username:password). GET…

http oauth authorization

asked Mar 26 '15 at 15:31

lewiada

1,077
1
9
13

votes

8 answers

Authorization header missing in PHP POST request

I'm currently trying to read the authorization header in a PHP script that I'm calling with a POST request. The Authorization header is populated with a token. It seems the Authorization header is somehow removed before it arrives at my PHP script.…

php apache http header authorization

asked Oct 20 '14 at 22:19

jimmy

3,481
3
16
27

votes

1 answer

How can I delegate JAAS authorization checks to Shiro?

I'm developing a server-side application that needs authentication and authorization based on objects. I like Shiro's simplicity, but for being compatible with JAAS, I wrote a LoginModule that uses Apache Shiro as the underlying mechanism. But my…

java authorization authentication jaas shiro

asked Apr 20 '11 at 20:13

Deniz Acay

1,304
1
11
21

votes

3 answers

React Router Authorization

What are the best practices for authorization checking prior to a component mounting? I use react-router 1.x Here are my routes React.render((

javascript reactjs authorization react-router

asked Oct 01 '15 at 23:18

theo

votes

4 answers

Authorization header missing in django rest_framework, is apache to blame?

I've managed to extend TokenAuthentication and I have a working model when using the request session to store my tokens, however when I attempt to pass Authorization as a header parameter as described here, I noticed that my Responses come back…

apache apache2 authorization mod-proxy django-rest-framework

asked Nov 14 '12 at 21:19

steve-gregory

7,036
7
34
47

votes

9 answers

How to generate access token using refresh token through google drive API?

I have completed steps of authorization and obtained access token and refresh token. What should I do next to generate access token using refresh token that I have stored through google drive API? I won't be able to use any sdk since I am working on…

authorization google-drive-api

asked May 17 '12 at 06:42

Niranja

1,111
2
15
19

votes

6 answers

User authentication and authorisation in ASP.NET MVC

What is the best method for user authorisation/authentication in ASP.NET MVC? I see there are really two approaches: Use the built-in ASP.NET authorisation system. Use a custom system with my own User, Permission, UserGroup tables etc. I'd prefer…

.net asp.net-mvc authentication authorization

asked Feb 07 '09 at 16:38

Neil Barnwell

38,622
28
141
213

votes

7 answers

How can we set authorization for a whole area in ASP.NET MVC?

I've an Admin area and I want only Admins to enter the area. I considered adding the Authorized attribute to every controller in the Admin area. Isn't there an elegant solution or is this feature not there in the framework itself? EDIT: I'm sorry, I…

asp.net asp.net-mvc-2 authorization asp.net-mvc-areas

asked Feb 23 '10 at 15:08

Abdulsattar Mohammed

8,916
12
49
66

votes

13 answers

Should unauthorized actions in the UI be hidden, disabled, or result in an error?

This is a perennial question for me that I've never really resolved so I'd like your input. If I have actions that I know a user will not be able to perform due to insufficient privileges or object state, should the UI elements for those actions be…

user-interface authorization

asked Dec 16 '08 at 16:56

tvanfosson

490,224
93
683
780

votes

5 answers

Accessing post or get parameters in custom authorization MVC4 Web Api

Is it possible to access post or get parameters via the HttpActionContext object? I have a set of sensors that loggs data to a web server that provides a REST api. I would like to introduce some sort of authentication/authorization by letting the…

.net asp.net-mvc-4 authorization asp.net-web-api

asked Oct 10 '12 at 10:27

olif

2,781
1
21
22

votes

2 answers

Difference between Passport and JWT?

I'm pretty new to Express/Node - I'm trying to figure out what the difference between Passport and JWT is but can't find a definitive answer? I know you can use one or the other for auth purposes in an application, or together with an npm package…

authentication express authorization

asked Apr 07 '17 at 23:10

AloeVeraForty

votes

2 answers

Extend AuthorizeAttribute Override AuthorizeCore or OnAuthorization

Using ASP.NET MVC I am creating a custom Authorize attribute to take care of some custom authorization logic. I have looked at a lot of examples and it is pretty straight forward but my question is which method is best to override, AuthorizeCore or…

asp.net-mvc asp.net-mvc-3 authorization action-filter

asked Jul 28 '11 at 14:31

Nick Olsen

6,151
9
51
74

votes

5 answers

ASP.NET MVC Forms Authentication + Authorize Attribute + Simple Roles

I'm trying to add simple Authentication and Authorization to an ASP.NET MVC application. I'm just trying to tack on some added functionality to the basic Forms Authentication (due to simplicity and custom database structure) Assuming this is my…

asp.net-mvc forms-authentication authorization

asked Sep 06 '09 at 06:43

Kevin

1,653
2
17
16

Prev 1 2

…

99 100 Next