I have a route
routes.MapPageRoute("clientOrder", "Contract/{contractId}/Orders",
"~/ContractOrders.aspx");
The idea is to authorize user to allow access to a certain set of contracts.
For instance user1 has access to pages Contract/001/Orders and Contract/002/Orders
user2 has access only to Contract/003/Orders, etc.
I'm using Forms Authentication and trying restrict access with
CheckUrlAccessForPrinсipal but it checks only physical access to the page not logical.
I tried to check access in Global.asax in Application_AuthorizeRequest but
Request.RequestContext.RouteData there is allways empty so I don't know the requested contractId. I can parse it manually from HttpRequest object. But it is a very dummy and unraliable solution.
Please advice
I believe that the only way is to add some code to check the contractId at the ContractOrders.aspx page level and if the Id doesn't pass the autorization, you manually redirect somewhere to indicate that the access is not granted.
The built-in mechanism always works at the physical level with route maps, so no matter how your route looks like, the engine always checks the access to the resource the route is mapped to, not the route itself.
Related
Can I set a hardcoded permission id as a method attribute for example:
[WebMethod]
["PermissionId=8"]
function myWebMethod(){
}
and then have the client credentials that I will later on map to a user and check hos permissions?
I want to avoid adding token or credentials to each method
I want to integrate Google's Oauth2 in my symfony-1.4 CRM. I have successfully implemented this, I have extended sfGuardAuth in my own module, and now mysfGuardAuth is being used for siging and signout. Is there where I handle Google's Oauth2 with 2 extra actions:
executeCkeckGoogleAccess();
executeOauth();
The problem is to checkout if Google's token is still a valid one, I have to redirect in each action of everymodule to the action checkGoogleAccess in mysfGuardAuth module.
What I want is to check this in an implicit way in the same place where symfony, or sfGuard or whatever checks for the right perms or credentials before executing or not executing the requested action.
I only want to write the code once.
Thank you.
After some research this is how sfGuard checks everything.
When you make a request to a module action, before the action is executed, a new sfContext is dispached.
The sfContext gets the user that extends sfGuardUser and has some methods that are executed. There is where perms, session status and everithing else is checked
The user must be configured in apps/yourApp/lib
By default is apps/yourApp/lib/myUser which extends sfGuardUser. The most apropiate way to achieve this is to create a new user class like: apps/yourApp/lib/yourAppUser which extends aswell sfGuardUser, and there extend the methods initialize and/or shutdown with the functionality you want.
By this way I have achieved to get Google's Oauth2 working in my app.
I hope this is usefull for more people.
UPDATE
All described above is true, but if you want to check something always before an action execution you must use filters instead of whats described before.
Filters are executed before each action, so there you can checkout whatever you need having access to the current context, and set up new attributes for the user. In my case I wanna check if the requested action needs a google token, if true, then Another filter will check if the user has alraedy a valid token, in that case, nothing happens, otherwise, the user is redirected to the module/action which handles google token requests.
Comunication between diferent filters, actions and requests are handled via user attributes.
the user is an object of the clas myOwnUser which extends sfGuardSecurityUser, there the function signOut is extended in order to delete all attributes saved in "myOwnNamespace"
I'm coding an ASP.NET website that works with facebook.
To make my own life easier, I've decided to work with the facebook C# SDK.
At this point, I've already obtained a valid access token, thus I've authorised correctly.
(I have done this through server-side C# code, not via the JavaScript SDK)
I now want to store this access token in the current FacebookWebContext, so that I can use it through the whole website.
However, when I try to write the value in FacebookWebContext.Current.AccessToken, I get the following error:
Property or indexer FacebookWebContext.Current.AccessToken cannot be assigned to -- it is read only
Now, I could try to create a new FacebookWebContext, and set this one as the current one, but the constructor doesn't accept an access token.
How do I put my access token in the current facebook web context?
It should already have the value when you do : FacebookWebContext.Current.AccessToken
Is it empty?
When I set up wildcard application maps so that asp.net handles requests (setting executable path to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll) LOGON_USER is blank when I access a page via site.com/directory/ - site.com/directory/default.aspx returns the correct LOGON_USER value.
How can I fix this without needing to take off application maps?
Simple test:
<%# Request.ServerVariables["LOGON_USER"] %>
Results in DOMAIN\UserName when application maps not set up, but a blank string when they are.
Edit:
The site uses Forms authentication for administration, but I need to do LDAP queries based on the currently logged in user (and to search Active Directory) - anonymous access is turned off and Windows Integrated Authentication turned on.
I've never seen that before, and I almost always wildcard map, but is there any reason you're not using Request.User (or the Page's User helper property) instead of the string-based variable? I'm not sure if that'll help, but it is at least more safe from typoes.
How would I generate a proper URL for an MVC application to be included in an e-mail?
This is for my registration system which is separate from my controller/action. Basically, I want to send an email verification to fire an Action on a Controller. I don't want to hardcode the URL in, I would want something like the Url property on the Views.
In your Controller, the UrlHelper is just called "Url" - so:
void Index() {
string s = this.Url.Action("Index", "Controller");
}
The "this" is unnecessary, but it tells you where this Url variable comes from
I used:
Html.BuildUrlFromExpression<AccountController>(c=>c.Confirm(Model.confirmedGUID.Value))
It is part of the HTMLHelper (I think in the MVC Futures) so you may have to pass an instance of the HTMLHelper to your service layer, not sure. I use this directly in my view which renders to an email. That gives you the absolute URL and then I store the domain (http://www.mysite.com) in the config file and append it before the URL.
You should probably make the URL part of the configuration of your application.
I know you can do stuff with e.g. the Server property on your web application, but the application will never know if its IP or domain name is reachable from the outside as it might be hidden behind a proxy or a load balancer.
If I'm reading the question correctly, you need to controller/action outside the MVC code. If so, you will need to simply configure the URL in Application Configuration or some such place, unless you have access to the controller classes and use reflection to get the names.