Stack Overflow
Stack Overflow

Questions tagged [role-base-authorization]

170 questions
210
votes
12 answers

Role-based access control (RBAC) vs. Claims-based access control (CBAC) in ASP.NET MVC

What are the main benefits of using CBAC vs. RBAC? When is it better to use CBAC and when is it better to use RBAC? I'm trying to understand the general concepts of the CBAC model but the general idea is still not clear for me.
Mr. Pumpkin
  • 6,212
  • 6
  • 44
  • 60
16
votes
3 answers

How to make @PreAuthorize having higher precedence than @Valid or @Validated

I am using spring boot, and I have enabled the global method security in WebSecurityConfigurerAdapter by @EnableGlobalMethodSecurity(prePostEnabled = true, order = Ordered.HIGHEST_PRECEDENCE) And Below is my controller…
stevewho
  • 163
  • 1
  • 5
10
votes
1 answer

authorization in a SPA or client side app

So I've been trying to find out best practices on how to tackle authorization, not authentication, in a SPA app. Say I have a client side MVC (angular, vuejs, etc ..) with an api backend, how do we manage using authorizations for the app? For…
mghz
  • 377
  • 1
  • 12
9
votes
1 answer

React router v4 role base authorization

I am new to react world and added router v4 but not able to implement react role base authorization. Let me know if any source which make me go to proper way.
Rahul Shinde
  • 168
  • 3
  • 12
9
votes
2 answers

How to implement ACL / role based authorization with angular 2?

What is the best way to implement ACL / paper-based with angular 2? My scenario, in a nutshell, is this: The roles are dynamic and are based on the permissions that the client can configure that can also be dynamic. I need to prevent the user from…
fxcosta
  • 91
  • 2
  • 6
8
votes
1 answer

How to implement role-based Authorization for Python REST API?

The basic architecture of my application is React front-end consuming a RESTful API sitting on top of a polyglot storage layer. Front-end: React consuming APIs Back-end: Python Flask Authentication Auth0+OKTA Everything is working great. However, I…
Hecks Hells Moor
  • 81
  • 4
7
votes
1 answer

Allow only anonymous users via web.config authorization

I want to use authorization in the web.config to block access to SignUp.aspx to authenticated users. It cannot be accessed by user such as their roles is administrator and Guest.
user1861753
  • 91
  • 1
  • 3
  • 11
6
votes
2 answers

In Angular -> how to check if the user has permission using role-based access with the role save in the data base

I'm trying to make a role-based access for my app in angular, and I need some help because I'm newbie in angular ... First this is what I have in the route where I establish which roles can access it... from app-routing.module.ts { path:…
Raciel Brito Dorta
  • 65
  • 1
  • 1
  • 6
6
votes
1 answer

Entity-level access control in a hierarchical data scheme

I have a requirement for entity-level authorization that's frankly over my head. I'm hoping to get some guidance on this permission structure, how I might implement it in .NET 4.5, and if there are ways I could improve it. Here it goes: I have a…
jungos
  • 476
  • 5
  • 21
6
votes
1 answer

Multiple before_filter statements for correct_user and admin

I have a Group resource that I'm trying to set up with proper authorizations. The authorization logic I'm trying to implement is this: Only group members should be able to view their group. An admin can view any group, as well as take other…
pejmanjohn
  • 1,057
  • 3
  • 12
  • 26
5
votes
2 answers

Role based react-router

What is the best way to conditionally render routes in react-router based on user role. I have a case where not all roles have permission to view certain routes. And also I need to deal with subroutes. So if one of main routes is something like…
Ivan Rajkovača
  • 69
  • 1
  • 1
  • 3
5
votes
2 answers

Claims without roles?

I'm trying to understand ASP.NET Identity authentication and authorization mechanics. I understood what's a claim & what's a role. In almost every related blog post, or question on here it's advised to use claims and avoid roles. I'm confused at…
SherleyDev
  • 335
  • 5
  • 21
5
votes
6 answers

Where in the call stack should role checks be done?

In my typical app, the user clicks a button in an aspx page, invokes a C# business object, then runs a stored procedure. Should role checks be done at the top of the stack, the bottom of the stack or at every level? It seems that if a malicious…
MatthewMartin
  • 32,326
  • 33
  • 105
  • 164
4
votes
3 answers

Rails: Is there any way to build dynamic role based authorization in rails?

I am trying to achieve role-based authorization in Rails. What we require: Roles should be dynamic, we should able to create, edit, or delete roles. Permissions also should be dynamic. Findings: We can't use the pundit gem because its policies…
susie
  • 163
  • 2
  • 17
4
votes
1 answer

Keycloak authorization: Adding a Role to a domain object or an entity

I am new to the Keycloak framework and after writing my own solution painfully we are hoping to convert to KeyCloak. It seems to be a promising solution but unfortunately lacking self describing documentation. I have gone through the tutorials and…
Arash
  • 121
  • 3
1
2 3
11 12