Questions tagged [authorization]
Authorization is the module of an application that is responsible to manage user access to the application resources.
64 questions
3
votes
1
answer
128
views
.net api implementing oauth 2.0
I am trying to implement Oauth in my .net API with EntityFramework. I already completed the custom local authentication with JWT tokens and refresh tokens. I got a little bit confused as to how I ...
- 151
2
votes
2
answers
267
views
Permissions system in MERN app
I am working on a MERN stack app that is a CRM with a couple of modules. Now when the user sends x request to the server to do a supposed action (such as delete something), the server first checks if ...
2
votes
1
answer
185
views
Azure AD Role Based Authorization : Allow specific roles for all GET methods and another set of roles for POSTS
There is a need to authorize the Users based on their Roles, particularly a set of roles that should allow all GET operations and a second set that should allow all POST operations.
Eg:
All Get ...
- 189
1
vote
1
answer
988
views
ASP.NET Core Authorization handler that allows request from private IP ranges
In a docker compose solution, there are multiple ASP.NET Core projects. Each of them provide a service. Some of them can be accessed from internet (with REST APIs), some of them are for local docker ...
- 267
0
votes
1
answer
375
views
React code that controls user permissions
I have this code that controls the user permissions provided to a user. In my case, I constructed a simple example of CRUD. When the admin checks the boxes, it will grant the user access to perform ...
- 125
1
vote
1
answer
1k
views
Placing store and update logic in Laravel 8 form request
I want some opinions about my code that implements store and update for a Laravel 8 form request. The make function is for storing the data and the ...
4
votes
0
answers
159
views
Security of cookie based authorization Golang
I still write login system in Go(Golang) using cookies.But my system is still not secure enough.Can you review my code and provide some suggestions on how to improve the security?Previous question.
...
- 79
2
votes
1
answer
105
views
Role based permissions in Express.js
This is something I've done a few times, but I've found it to feel a bit error-prone with so many conditions, and am wondering if anyone can point me in the direction of a cleaner way. This is a PATCH ...
- 131
2
votes
1
answer
509
views
Cookie authorization Golang
I'm writing login system in Go(Golang) using cookies.I think it's isn't safe enough. Can you provide some suggestions on how to improve the security.
Main file:
...
- 79
4
votes
1
answer
111
views
Client side authorization when retrieving from server
I have an endpoint to retrieve the user's authorization based on Joseph Silber's Bouncer.
I have a global can() function. It creates a unique key based on the ...
- 149
2
votes
0
answers
205
views
ASP.Net Core WebAPI Authorization Policy for User or Admin [closed]
I have a controller that returns data about users. I want to set the authorization such that an admin can access this controller and retrieve data for any user, and a non-admin user can access the ...
- 129
8
votes
1
answer
853
views
TDD tests for every view and its permissions in a REST API
I am currently developing a Django Rest Framework API with TDD. I have 15 tests and counting for two views, which doesn't seem right to me. It takes me a lot of time to write the tests and a lot of ...
- 81
0
votes
2
answers
817
views
Servlet filter which detects if the authenticated user is a service account
My concern with this code is that I am forcing execution repeatedly through the same pathway for the sake of a readability that I'm not convinced by.
It's a servlet filter which detects if the ...
- 139
0
votes
2
answers
124
views
Authorization - Create and unlock a User
I just wrote this, but I am not realy happy with that. I think there is an easier way to do this. First I am checking if a user has an ID (from a portal we are using, it is in the header). After that ...
2
votes
0
answers
496
views
PHP Login Checker Stage
I have been working on my script which allows people to sign-up and login to my website. I was wondering if someone could review the code. It works but I can't help but feel it could be optimized.
...
- 131