What is the best Authorization System for Mid-Large ASP.NET CORE Web Applications [closed] - asp.net-core

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 days ago.
Improve this question
I have already tried these paradigms below and faced some problems with them
1. As you know, Roe-Based authentication, the problem is it works by linking a set of privileges with a role and assigning a role to a given user. this is a limited approach because I cannot give a user only one or two privileges from another Role to give him more access.
2. I tried to link the privileges directly with users (query the privileges linked with the logged-in user in the controller and check if a user has a required privilege to let him access), but this solution cost many database calls.
3. I tried to reduce the DB calls by injecting the roles in the token but this will cost me a lot of Bandwidth
4. I tried to use other types of (authorization) such as policy-based and resource-based but they all force me to change the code every time the business requirements have to change.
so what is the recommended solution for this?

Related

How do I access Blackboard API with my username and password? [closed]

Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
trying to develop an application that takes data from a user's respective Blackboard account and display that information in a different way. I have been reading the blackboard API documentation and I guess I have to go to an administrator with an App ID in order for me to obtain this kind of access. What type of information should I provide the admin being as I don't even know what an App ID is, let alone provide it. I'm just a student trying to make my life easier by consolidating information that's already available to me on blackboard. I appreciate any guidance on the development process.
The documentation you'll likely want to start with is at https://docs.blackboard.com/ - of particular note is the REST / Getting Started section. See also the swagger docs for the API, which detail the needed entitlements for each API call.

How could I make a google verification box which register people into my web site? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
The image describes itself the objetive:
If someone doesn't understand, I want to create a register box which registers the g+ email into a database with the respective user's data.
It's called OAuth. Usually we use an external provider (such as Google, Facebook, Github, etc.) to identify the user, so you don't have to. The user don't have to give you his password, because you use access tokens to request the user's data from the provider's server:
You can read more and find implementations here.
On the image, you probably see the Google's OAuth2 service.

Advertising Identifier for iAd? [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
My app recently got rejected for using an Advertising Identifier, but not including the functionality for it.
The only ads I am using are iAds, so should I say select "yes" for the Advertising Identifier (IFDA) when uploading my app in iTunesConnect?
If I say no, how will they know to add the ads into my app?
No, if you are only using iAd you should not select yes to the Advertising Identifier (IFDA) on iTunesConnect.
An IFDA is a unique identifier for your users that allows for networks to trace what actions the user takes on your application. This, in turn, allows for much more targeted advertising, but takes away from the user's privacy.
You must tell Apple if you use an IFDA, and users must be able to opt-out of being traced using an IFDA. This is to protect users' privacy.
An IFDA is only used if you would like to provide more targeted advertisements to your users. Think of it as a UUID for your user, which is shared with other applications, and allows those applications to communicate about the users actions

One Universal Table [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Greeting,
So we have a backend admin desktop app (accessible by the company employees only) and a public frontend web app that's accessible by anyone and it allows user creation.
We have a Roles table and all users (employees and non-employees) have roles assigned to them; however all user are stored in one table.
Is it a good practice to store all users in one table as opposed to having two different tables one for the employees and the second for users that sign up through the webapp?
Your feedback is appreciated.
My first reaction is that this sounds like a bad architecture. My reaction is based on a simple reason: employees should be using backend systems that are behind a firewall. The public web system is not behind the firewall. Hence, they should have different provisioning for security.
Your ask about one table versus multiple tables for security. For a single application, you should have a single table. This could even be shared among multiple applications, but I would definitely distinguish between internal and public applications.
You don't say anything about how the roles might interact with each other, but I could see further confusion if, say, an employee is "admin" on the internal system but just a regular user on the public system.

Monitoring all the information of users using mvc 4 web api [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have a REST service based on mvc 4 and web api. I need to monitor all the users who are using my service (eg: user name , organization that user belongs to, how many hours he is accessing service and so). can you please provide best architecture for this. what is the best way to doing this?
You can use a custom HttpMessageHandler for doing authentication and track all the information you need about the user in a database. You will need some background processing of that data and doing some statistics about the usage of the API. About the message handler, a good start is the one provided in Thinktecture.IdentityModel library (You can customize it),
http://leastprivilege.com/2013/04/22/asp-net-web-api-security-the-thinktecture-identitymodel-authenticationhandler/