It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
SO is using multiple ways for user to get logged in, like using emails addresses from gmail, yahoo, facebook, stackexchange and open ID.
User might can use e.g; gmail and enjoy SO for few days and then due to any or some reason (I assume, he forgot actual way), he starts using facebook. Now SO will have multiple records for same user. Is there any way, sites can recognize there old members ?
Its just a confusion, I am curious about the concept. Like one way to register and login would be enough and would help to keep member's SINGLE record for the life. I would prefer site's own registration and login forms.
You cannot recognize a user when "logged in" using different ways. Unless you ask the user to link the different ways to ONE user profile. StackExchange makes this possible, you can simply add another OpenID identity to your user.
As soon as you enable user authentication through OpenID or OAuth for your service you WILL have this challenge and can either choose to solve it by enabling "linking" of identities to a user artifact, or you can choose to ignore it.
Are you confused about the benefits of OpenID?
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I need to have single-sign-on and central authentication for 3 of my customer projects(separated rails application under different subdomains). And also I need to manage authorizations with several roles.
This is the first time I am going to manage a SSO, I see that it looks possible to use ruby-cas-server/ruby-cas-client with devise to achieve central authentication & SSO. And I am thinking to manage authorizations with roles using CanCan.
The landscope I am thinking will be: there will be a central rails app as the User management, administrator will CRUD users and manage authorizations there. CAS server will do the authentication against the DB of the central user management system. Satellite rails applications will use CAS server for authentication.
I want to ask, is this possible to get the authorization info in the satellite system using CanCan? Is there anyone who've done that? and Is there any better/easier solution to achieved all this?
Thanks a lot.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I'm making a game in C# and was wondering how to authenticate a user. I want it to be similar to minecraft where user makes an account and can pay to make their account premium. People on the team know most languages, so that isn't a limitation. We have a fairly large budget so that isn't a limitation either.
How would I go about doing this?
If you know how to do this and you want to be part of the team just post a comment.
Thanks
Just within the .NET framework you have multiple options. You could allow impersonation for anonymous access to certain parts of the site and maintain different users for paid accounts (doesn't need to be an AD/whatever user per paid account).
If you don't want to use AD user per account etc. you could write an identity service which passes back a token, allowing your game/site to log the person on as a certain user. If you want claims based identity, you could use the WIF SDK.
If you're happy with AD based basic authentication per user, that's pretty simple. You could pull the user's principles from AD to see if they are in the paid for group etc.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 10 years ago.
I need to build a web application that sends a free SMS to its users. Now the problem is That I have no clue as to where do I get a free API to get this to work and how? Can someone help?
I believe most of the 'free' APIs make their money with ads embedded in your messages or sent along as a separate message. Additionally, the messages will likely come from a shared short code. If you're okay with those limitations, as #anirvan commented, google is your friend - here's just one example. Unlikely that you'll get wide international support (if that's something you need).
You could also try the email to SMS route, as many carriers will accept email to a unique address and forward that to the user. Again, google can help in finding those mappings. Note that the messages may not be in a desirable format, and if you do this with any volume, you may incur the wrath of the carriers.
There's also low cost APIs - certainly not free - but perhaps worth considering depending on your use case. Here are a few:
Nexmo
Twilio
Tropo
If cost is your main concern, I think you'll find Nexmo has the most competitive prices.
Disclosure: I'm a developer evangelist for Nexmo.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
Most of us, have google account and usually,it sets to sign in automatically, when you enter to google homepage.
So if you are a webmaster and add your sites in google webmaster, be aware of something wrong in google search engine.
let suppose you have mysite.com and added it to google webmaster tools.
and your main keyword for finding your site is 'mykey'.
if you were logged in google and type 'mykey' in google search box, the page rank google shows for the 'mysite.com' is totally incorrect.
Google shows your page in one of the top pages (even in first poage or first place!) by mistake.
but if you log off your account and try again in search box, it will show you correct position of your site in ranking.
Let me know if it is a bug or natural way google works?
Please visit this site. It clearly explains how signed-in personalization of your search results work, and also how you can disable it (which is by disabling web history). Anyway, it is certainly not a bug.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 12 years ago.
What would be the deepest possible level of user rights in a web/desktop application?
Is it defining the buttons on a form, columns/rows/cells of the datagrid, or table rows in the DB?
What are the possible ways of maintaining that structure?
How to limit/restrict specific cell of a datagrid per user?
If by deepest you mean "most granular, lowest level type of security possible", then I would speculate that code access security would be the the lowest level of security possible. If by deepest you're referring to standard end-user security rights, then the answer to that is, it completely depends on the application. User permissions are usually more granular than user roles for most applications. Permissions are normally assigned to roles. But application developers can create any security access scheme that they wish.
Many applications implement various forms of data access security. For example, Ebay ensures that only you can view and edit your credit card data.
For your extremely broad question of "how to limit/restrict specific cell of a datagrid per user", there are many programmatic approaches that you can take to implement data access security. The more specific your questions are, the more specific answers can be.
I think you're in trouble if your authorization model goes down to the button or grid level on a UI.
I can see where different users have different authorizations (e.g., admins with write access versus users with read-only), but it should be at a higher level than buttons and grid cells.
This is hard to answer because you have asked many questions with varying complexity.
Users may have rights to do anything you want to allow them to do. read only is an option - like on static web pages. if it is a database question, then table visibility comes next, then rows within that table, then finally attributes on those rows. each layer can get a variety of privilege: DELETE INSERT UPDATE SELECT or ALTER.
You are then free to think up additional functionality for your site, like the UI, and assign whatever privieges you want to that layer. like pick my layout preferences, all the way down to drag and drop my own widget set.
totally up to you.