Explore

Some prerequisite information: dotnet version: 7.0.36 Now to my problem: I was working on my project which makes use of Angular in the frontend and C# in the backend. I have added Authorization and Authentication using JWT Bearer tokens. After receiving the token when i logged in, i created an Angular Interceptor that sends the token every time a request is sent. What confused...

I have an ASP.NET Core 8.0 Web API that is configured to authenticate with http-only JWT token. This is my code to create the authentication and authorization: builder.Services.AddAuthorizationBuilder() .AddPolicy("Bearer", new AuthorizationPolicyBuilder() .AddAuthenticationSchemes(JwtBearerDefaults.AuthenticationScheme‌​) .RequireAuthenticatedUser().Build()); builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddCookie(opt => { opt.Cookie.Name = Token.TokenKey; }) .AddJwtBearer(opt => { opt.RequireHttpsMetadata = false; opt.SaveToken = true; opt.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes("myKey")), ValidateIssuer =...

Meta Description (concise): Explore the journey of optimizing the widely used Role Based Access Control (RBAC) Casbin-CPP library, including a detailed analysis of runtime improvements and the impact on scalability and performance. This article delves into the runtime improvement of the Casbin-CPP library for Role Based Access Control (RBAC), highlighting the challenges faced, proposed solutions, and the successful integration of optimizations to enhance scalability...

I am generating API key similarly to Stripe where my key is {prefix}_{guid}_{suffix}. Prefix is a constant Guid is the "password" portion of the key Suffix is a random 4 character string that will be visible to the user Should the entire string {prefix}_{guid}_{suffix} be hashed or only {guid}? If only the guid should be hashed, is there any security concern with storing the...

I need the user of my app to be able to share the URL of a page with another team member. The URL would look something like this: https://my.app/home/team/as895bnkjer/documents/doc/abwnoi34jkl The app should check that the user opening the link is a member of the team. It also needs to load the team data into my BTeamRepository. But I need to do that before the...

i am learnding MERN stack with node and express. now i faced a problem with user update, i tested the API with POSTMAN, everything is running find, when i change user name and email, they were all woirking, but when i changed the passward, there is no error return, problem is when i login, the passward was NOT CHANGED, it can only login with...

2023 was a year that starkly revealed the consequences of inadequate cyber security. As businesses grow and vulnerabilities increase, it's essential to develop authorization systems that are both flexible and scalable. Traditional methods often embed authorization logic within an application's code, creating inconsistencies and challenges in monitoring and adjusting permissions.

I wanna create authentication and authorization for my web api in .net 8.0.0(which is important considering in 7.0.0 in another project i was able to use the bearer with the same methods as described below), and i wanted to use JWT Bearer token for this. I have a GetRequest which has an authorize attribute, so only authorized users can make a request, but it...