asp.net - Is there any way for a User in SignalR to know in which group he belongs to from the client side? -


note: security related question.

i putting users in groups, name moderately sensitive (database object ids).

i sending messages groups server side, never client (that's why putting db object ids in group's names not problem me).

from understanding, assuming signalr managing groups deep inside core, , communicate each connections, not sure.

so questions are:

does groups name hidden client?

or possible user (from client side), discover in group(s) belongs to? (and potentially discover sensitive data if developer assuming groups names hidden/inaccessible)

group names exposed if passed them client.

from server side, signalr has no api maintain or expose this. can maintain own group names, exposure come own doing.

as far security goes, should handled outside of signalr.

you can check out using roles if need restrict on specific methods such (link): [authorize(roles = "admin")] public class adminauthhub : hub { }


Comments

Post a Comment

Popular posts from this blog

python - Selenium remoteWebDriver (& SauceLabs) Firefox moseMoveTo action exception -

while performing simple hover test on firefox through selenium (3.4.0) python bindings (3.4.3) using of available os in saucelabs (except linux, latest available firefox version old), performing following actionchain: hover = actionchains(driver) hover.move_to_element(elm_men_menu).perform() it throws following error: taceback: file [...] in testhover hover.perform() file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/common/action_chains.py", line 80, in perform action() file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/common/action_chains.py", line 290, in <lambda> command.move_to, {'element': to_element.id})) file "/usr/local/lib/python2.7/dist-packages/selenium/webdriver/remote/webdriver.py", line 256, in execute self.error_handler.check_response(response) file "/usr/local/lib/python2.7/...
Read more

html - How to custom Bootstrap grid height? -

why bootstrap grid has height 591.067 ? did height came ? .main-post { padding: 20px; background-color: #fff; border: 1px solid #d8d8d8; margin-bottom: 100px; } .main-post .post-categories { margin-bottom: 10px } .main-post h3 { margin: 0 0 10px; color: #777; letter-spacing: -1px; font-weight: bold } .main-post .post-author, .main-post .post-date, .main-post .post-comments { font-size: 12px } .main-post img { display: block; margin: 10px 0; } .main-post .post-summary { line-height: 1.7; color: #888 } .main-post { color: #999 } <div class="col-sm-6"> <div class="main-post"> <h3 class="post-title"> <a href="#"> post title </a> </...
Read more

angular - Copying node modules to wwwroot AspNetCore -

i working on aspnet core web application angular 2. since angular 2 requires node modules, install dependencies using package.json. creates folder in solution level. since aspnetcore application reference can access wwwroot folder each , every time tend copy node modules folder manually wwwroot folder. approach should fine long not adding new dependency. if keep on adding new packages painful copy manually every time. solution ? i wouldn't copy node_modules wwwroot folder, because contains lot of stuff you'll never need. copy needed stuff wwwroot . best way so, using webpack. wrote lines in posts: http://asp.net-hacker.rocks/2016/09/19/aspnetcore-and-angular2-using-dotnetcli-and-vscode.html http://asp.net-hacker.rocks/2016/09/19/aspnetcore-and-angular2-using-dotnetcli-and-vscode.html this posts using angular2, , outdated, concepts of using webpack still same. option use grunt or gulp copy needed javascript files wwwroot : http://asp.net-hacker.rock...
Read more