c#,asp.net,asp.net-web-api,asp.net-authorization
You cannot do the OR directly because of the way the authorization attributes work: they "cut" the pipeline if the authorization fails, so, if the first one fails it will stop the pipeline, and the other won't have the chance to be executed. You need to implement your own authorization...
asp.net-mvc,security,claims-based-identity,asp.net-authorization
It's called object-level authorization (aka object-level security, aka fine-grained authorization, etc.). Basically, permissions are based on "ownership" of objects, or perhaps better put in this scenario, being owned by an object. You would need to set up a many-to-many relationship between stores and employees, with payload of a role/grant. For...
asp.net,asp.net-authorization,asp.net-authentication,custom-authentication
by default it inhirits the Roles property from the base Authorize class so you can get the roles directly by using the Roles property For Example if (HttpContext.Current.User.Identity.IsAuthenticated && HttpContext.Current.User.IsInRole(Roles)) { return true; } or you create new properties belong to your custom Authorization attribute and use them....
asp.net-mvc,asp.net-mvc-4,authentication,asp.net-authorization,asp.net-authentication
Integrated Windows Authentication uses Negotiate (Kerberos) or NTLM authentication work the same way that Basic Authentication works. When you send an initial request, the server responds with a 400 not authorized response. The browser sees the accepted types of authentication, and prompts the user for the username/password, or if it...
owin,asp.net-identity-2,asp.net-authorization
When user logs in and you compare the hash of username, you can add their real username as a claim to the identity. This is serialised into cookie and available with the user on every request, but not persisted in a DB: public async Task SignIn(string userName, string password, bool...