According to the official wiki of Azure DevOps REST API, we have abilities to check Permissions for users using security namespaces.
We have an endpoint to check permissions:
Permissions - Has Permissions
And we have the list of predefined namespaces:
Security Namespaces - Query
Is it possible to add your own security namespaces?
Is it possible to add your own security namespaces?
I am afraid that there is no such method could create own security namespaces.
The security namespace in the organization is fixed and cannot be changed.
Therefore, it is not possible to add custom security namespaces.
For more detailed about the security namespaces, you can refer to this doc: Security namespace and permission reference for Azure DevOps
This doc lists all security namespaces lists.
Related
Is there any way to configure a .NET core Razor Pages app to have no authentication required for the root directory, basic uid/password authentication for one subdirectory, and Azure B2C for different subdirectory:
/
/basicauth
/aadb2c
I have seen one for basic uid/password which sets the startup.cs looking like this:
services.AddMvc().AddRazorPagesOptions(options => {
options.Conventions.AuthorizeFolder("/admin");
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
...and in a ones for Azure b2c looks which protect the whole app. Judging by the services configuration above, it looks like only one type of Authorization can be used. Is that correct?
As PranavSingh said: it is possible to support multiple auth on whole app then restricting access on resources/folders based on roles or auth.
Besides, you could try to use different Authentication Schemes, then, in the page, using [Authorize] attribute and assign the schemes,
Reference:
Multiple authentication methods in asp.Net core 2.2,
ASP.NET Core: Supporting multiple Authorization
Use multiple authentication schemes.
I want to use WSO2 as a centralized authentication solution for all my clients.
I'm trying to setup this scenario:
Each client as Dev, QA and Prod Environments.
Some users should be able to log in into different environment.
So far, as with oAuth2 I could setup an app id for each environment, and allow or deny authentication per application.
With WSO2, I've been trying to setup some type of differentiated identity vaults, or specify this type of relationship, but unfortuantely, documentation hasn't been quite illustrative about how things are done.
Documentation talks about SSO but with SSO you have several IDP, in this scenario I want WSO2 IS 5.9.0 to BE the identity provider for all my infrastructure...
MultiTenancy create an IDP for each tenant automatically.
The only thing needed is to login with the credentials setup when adding the tenant, and WSO2 would handle the rest.
Yes is THAT simple!
If you don't want to create a multitenant installation, you may configure a service provider for each environment and also a different userstore for each environment with different credentials and set service providers up with adaptative authentication requesting only authenticated against the matching userstore.
It is explained in this documentation of WSO2: https://docs.wso2.com/display/IS570/Configuring+User+Store-Based+Adaptive+Authentication
You may also do it the same, based on the user's role with adaptative authentication if you don't want to create different userstores.
I have noticed that some built-in Azure policies use "Microsoft.Security/complianceResults" for auditing. For example, the "The NSGs rules for web applications on IaaS should be hardened" is using "unprotectedWebApplication" from "Microsoft.Security/complianceResults".
Where can I find the compliance rules available in "Microsoft.Security/complianceResults"?
Can I use this to define my own policy rules?
The only field aliases that I can find for compliance results is Microsoft.Security/complianceResults/resourceStatus. You can use that to check the resource status for the type compliance Results. To see the rules that I had, I used the vs code extension by policy because it breaks down the resources and you can see the alias. If you want to see all the available rules, it would be through Azure Security center.
In my API documentation, I would like to define the security necessary for each API endpoint. The project has defined roles and permissions that determine which users can access the APIs. What is the best way in Swagger to document this information? Is there a best practice or recommendation on how to show this detail?
This what I tried out using securityDefinitions and a self-defined variable for the roles, but that information (x-role-names) didn't get copied over into the documentation when I ran it through swagger2markup or using swagger-ui.
"securityDefinitions": {
"baseUserSecurity": {
"type": "basic",
"x-role-names": "test"
}
}
What's the best way to document the role and permission information per endpoint?
If your API uses oAuth authentication, you can use scopes for this. There is no standard way to represent roles in Swagger/OpenApi against basic authentication, so you are left using vendor-extensions (which the tools such as Swagger-UI or swagger2markup have no way of interpreting, as you have found), or including the information as text in summary or description properties.
You could define multiple securityDefinitions all of type basic and use one per role but this is a bit of a hack.
See also this issue https://github.com/OAI/OpenAPI-Specification/issues/1366 for a proposal to widen the use of scopes to other security schemes.
I'm using spring-security-core and spring-security-ui plugins.
I'd like to use annotation-driven access management.
After I installed ui plugin for managing users I faced with the problem when those pages are unsecured. I know how to restrict access to those pages only with UrlMap. But if I use map then annotations don't get taken into account.
So actually there are 2 questions:
1) How to restrict access to spring-security-ui pages/controller?
2) Is it possible to use both annotation based and UrlMap security configuration?
See section "5.1 Defining Secured Annotations" in the docs where it describes the controllerAnnotations.staticRules property. This is very similar to the URL map approach and lets you define access rules on static resources, controllers from other plugins, and other URLs that you can't (or shouldn't) annotate.