.NET exceptions I can throw for Not Authorized or Not Authenticated
You could also use UnauthorizedAccessException for authorization violations
authorization
MongoDB “root” user
The best superuser role would be the root.The Syntax is: use admin db.createUser( { user: “root”, pwd: “password”, roles: [ “root” ] }) For more details look at built-in roles.
Authorization header missing in PHP POST request
Somehow, the Authorization header was stripped away. By adding the following lines in my .htaccess, I was able to get it to work. RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule .* – [e=HTTP_AUTHORIZATION:%1]
HttpClient single instance with different authentication headers
If your headers are usually going to be the same then you can set the DefaultRequestHeaders. But you don’t need to use that property to specify headers. As you’ve determined, that just wouldn’t work if you’re going to have multiple threads using the same client. Changes to the default headers made on one thread would … Read more
Authorize Attribute with Multiple Roles
Try to create custom authorize attribute like this. public class AuthorizeRolesAttribute : AuthorizeAttribute { public AuthorizeRolesAttribute(params string[] roles) : base() { Roles = string.Join(“,”, roles); } } Assuming your roles will be the same for multiple controllers, create a helper class: public static class Role { public const string Administrator = “Administrator”; public const string … Read more
How to send custom headers with requests in Swagger UI?
You can add a header parameter to your request, and Swagger-UI will show it as an editable text box: swagger: “2.0” info: version: 1.0.0 title: TaxBlaster host: taxblaster.com basePath: /api schemes: – http paths: /taxFilings/{id}: get: parameters: – name: id in: path description: ID of the requested TaxFiling required: true type: string – name: auth … Read more
Custom Authorization in Asp.net WebApi – what a mess?
Which methods should I use : IsAuthorized or OnAuthorization ? ( or when to use which) You will extend AuthorizationFilterAttribute if your authorization logic is not dependent on the identity established and roles. For user related authorization, you will extend and use AuthorizeAttribute. For the former case, you will override OnAuthorization. For the latter case, … Read more
ASP.NET MVC 4 Custom Authorize Attribute with Permission Codes (without roles)
I could do this with a custom attribute as follows. [AuthorizeUser(AccessLevel = “Create”)] public ActionResult CreateNewInvoice() { //… return View(); } Custom Attribute class as follows. public class AuthorizeUserAttribute : AuthorizeAttribute { // Custom property public string AccessLevel { get; set; } protected override bool AuthorizeCore(HttpContextBase httpContext) { var isAuthorized = base.AuthorizeCore(httpContext); if (!isAuthorized) { … Read more
Custom HTTP Authorization Header
The format defined in RFC2617 is credentials = auth-scheme #auth-param. So, in agreeing with fumanchu, I think the corrected authorization scheme would look like Authorization: FIRE-TOKEN apikey=”0PN5J17HBGZHT7JJ3X82″, hash=”frJIUN8DYpKDtOLCwo//yllqDzg=” Where FIRE-TOKEN is the scheme and the two key-value pairs are the auth parameters. Though I believe the quotes are optional (from Apendix B of p7-auth-19)… auth-param … Read more
Python requests library how to pass Authorization header with single token
In python: (‘<MY_TOKEN>’) is equivalent to ‘<MY_TOKEN>’ And requests interprets (‘TOK’, ‘<MY_TOKEN>’) As you wanting requests to use Basic Authentication and craft an authorization header like so: ‘VE9LOjxNWV9UT0tFTj4K’ Which is the base64 representation of ‘TOK:<MY_TOKEN>’ To pass your own header you pass in a dictionary like so: r = requests.get(‘<MY_URI>’, headers={‘Authorization’: ‘TOK:<MY_TOKEN>’})