c # – ASP.Net Core WebAPI Authorization Policy for User or Administrator

I have a controller that returns data on users. I want to set the authorization so that an administrator can access this controller and retrieve data for any user, and that a non-administrator user can access the controller and retrieve data for himself.

I have excluded to use (Authorize (Roles = "Admin")) because it means that users can not get their own data. I've therefore inserted the following logic in the controller action:

var userId = _httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.Name).Value;
var roles = _httpContextAccessor.HttpContext.User.FindAll(ClaimTypes.Role);

var query = roles.Select(r => r.Value).Contains("Admin");

Customer customer =await _context.Customers.FindAsync(id);

if (!(customer.EmailAddress == userId || query))
 return Unauthorized();

This is roughly equivalent to this Stack Overflow response, but for ASP.Net Core rather than MVC.

My question is: is there a way to do that with an authorization policy? The addition of the RequireRole verification is simple and is covered in Microsoft's documentation as well as in countless blogs, but I have not found nor found a way to use a strategy for verify that the data that the user is trying to access is theirs.

I'm sure this is not a rare requirement, is there a way to do that, or is what I'm doing right now? The only other approach I could think of was to have two separate endpoints, but both options seem inelegant.

2013 – Error Processing Policy Updates

I saw an error event with event ID 7997 in the event log. The task category is Information Policy Management.

Error processing strategy updates for site http: // site for list list of names.

Error: System.NullReferenceException: Object Reference Not Defined on a
instance of an object.
at Microsoft.Office.RecordsManagement.InformationPolicy.ListPolicySettings.get_UseListPolicy ()
at
Microsoft.Office.RecordsManagement.InformationPolicy.Policy. <> C__DisplayClass5. <> C__DisplayClass7.b__1 (SPList
list) to
Microsoft.Office.Server.Utilities.ContentIterator.ProcessLists (SPListCollection
lists, ListProcessor listProcessor, ListProcessorErrorCallout
errorCallout)

listing list of names is part of the custom feature.

Initial analysis points to Information Management Policy Timer employment.

What could be the cause of this error?

Active Directory – What's wrong with my file permissions for Group Policy Software deployment?

I'm trying to deploy Google Chrome Enterprise via Group Policy. As a result of Google's guide, I created a GPO, linked it to an organizational unit, and imported the ADX file with the rules (which unfold properly). I have created a folder on a file server with the msi installer. Permissions are set so that the computers in the domain have read and execute permissions. The software installation policy is set under Computer Configuration so that it is deployed on specific computers.

According to what I understood, if the software installation policy is set in the computer configuration, the Domain Computers account must have an authorization from read / execute because the software will be installed before a domain user account is connected. I've enabled MSI logging and I get it. in the log file:

MSI (s) (CC: 1C) (11: 37: 40: 405): SOURCEMGMT: Media enabled only if the package is secure.
MSI (s) (CC: 1C) (11: 37: 40: 405): SOURCEMGMT: Supplier search for product {b5fd80c4-8da4-3815-958f-d6e4afb1c5d0}
MSI (s) (CC: 1C) (11: 37: 40: 405): SOURCEMGMT: Addition of {b5fd80c4-8da4-3815-958f-d6e4afb1c5d0}; to a list of potential providers (pcode; disk; relpath).
MSI (s) (CC: 1C) (11: 37: 40: 405): SOURCEMGMT: Product verification in progress {b5fd80c4-8da4-3815-958f-d6e4afb1c5d0}
MSI (s) (CC: 1C) (11: 37: 40: 405): SOURCEMGMT: Support is enabled for the product.
MSI (s) (CC: 1C) (11: 37: 40: 405): SOURCEMGMT: Attempt to use LastUsedSource from the source list.
MSI (s) (CC: 1C) (11: 37: 40: 405): SOURCEMGMT: Processing the net source list.
MSI (s) (CC: 1C) (11: 37: 40: 405): SOURCEMGMT: attempt to source (server) (share) IT Software GroupPolicyDeploy.
MSI (s) (CC: 1C) (11: 37: 40: 405): Note: 1: 1402 2: HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer 3: 2
MSI (s) (CC: 1C) (11: 37: 40: 438): Note: 1: 2303 2: 5 3: (server) (share)
MSI (s) (CC: 1C) (11: 37: 40: 455): Note: 1: 2303 2: 5 3: (server) (share)
MSI (s) (CC: 1C) (11: 37: 40: 455): Note: 1: 2303 2: 5 3: (server) (share)
MSI (s) (CC: 1C) (11: 37: 40: 455): Note: 1: 1325 2: GroupPolicyDeploy
MSI (s) (CC: 1C) (11: 37: 40: 455): ConnectToSource: CreatePath / CreateFilePath failed with: -2147483648 1325 -2147483648
MSI (s) (CC: 1C) (11: 37: 40: 455): ConnectToSource (con't; t): CreatePath / CreateFilePath failed with: -2147483648 -2147483648
MSI (s) (CC: 1C) (11: 37: 40: 455): SOURCEMGMT: network source & # 39; (server) (share) IT Software GroupPolicyDeploy & # 39; is not valid.
MSI (s) (CC: 1C) (11: 37: 40: 455): Note: 1: 1706 2: -2147483647 3: GoogleChromeStandaloneEnterprise64.msi
MSI (s) (CC: 1C) (11: 37: 40: 455): SOURCEMGMT: list of processing media sources.
MSI (s) (CC: 1C) (11: 37: 40: 455): Note: 1: 2203 2: 3: -2147287037.
MSI (s) (CC: 1C) (11: 37: 40: 455): SOURCEMGMT: The source is not valid because of a missing / unreachable packet.
MSI (s) (CC: 1C) (11: 37: 40: 455): Note: 1: 1706 2: -2147483647 3: GoogleChromeStandaloneEnterprise64.msi
MSI (s) (CC: 1C) (11: 37: 40: 455): SOURCEMGMT: list of URL sources for processing.
MSI (s) (CC: 1C) (11: 37: 40: 455): Note: 1: 1402 2: UNKNOWN URL 3: 2
MSI (s) (CC: 1C) (11: 37: 40: 455): Note: 1: 1706 2: -2147483647 3: GoogleChromeStandaloneEnterprise64.msi
MSI (s) (CC: 1C) (11: 37: 40: 455): Note: 1: 1706 2: 3: GoogleChromeStandaloneEnterprise64.msi
MSI (s) (CC: 1C) (11: 37: 40: 455): SOURCEMGMT: Failed to resolve the source.

Group Policy Settings for Proxy, Two Policies Not Applying

I have an interesting one with which I need help and that I can not understand.

We have a proxy to which we refer each via a group policy that edits the registry. (this was configured before I started working, so I guess it just works correctly)

We are replacing proxies with a new firewall that we have in place, and I want to disable the proxy settings for some test users to ensure that the new proxy rules work properly.

I found the policy that sets the proxy. copied to a new organizational unit and changed the "EnableProxy" from 1 to 0, assuming it would disable the proxy settings for that user.

However, when I logged in as a test user, I found that the proxy was still on,

I then ran reports on results on group policies and found that my new strategy was applied and that the old one was blocked (Access denied (security filtering))

And I could see that the registry change indicated that this was happening in the report, but when I did a registry check, the value was always 1.

I then tried several things, like deleting registry values, updating / replacing them, etc., and nothing seemed to work.

so I give back to the user its old proxy policy to try to start again, then the proxy is disabled, even if the GP report says that it sets the register to 1, it says 0.

This is the same policy that worked before changing the user group, and I have not changed any settings in this policy.

I do not know where to go from now, because the policies do not behave as I wanted.

Does anyone have any ideas on what I can to try to understand what's going on

Notes: I am limited to running a few scripts because it must be tested on a standard user, who has restricted permissions, because domain administrators bypass the proxy so we do not use it not the strategies I was trying to fix.
We also use a dual server RDS environment, so you do not know if it changes anything?

Group Policy – Advanced PDF File Associations on the Domain

I have a complex setup for which I have trouble putting myself to work. Microsoft is so aggressive for processing default PDF files to Edge. Edge poses many challenges to our organization when working with PDF files and is one of the biggest problems in our help desk. We must prevent Edge from becoming the default.

I understand how to configure a default file association with the help of a GPO and an XML file. However, I have to define the following programs:

PDF by default: Adobe Reader DC
-If the user has Nitro PDF installed, Nitro PDF by default
-If the user has Acrobat Pro 2015/2017 installed, Acrobat Pro by default

I've planned to use a batch file to do this, using DISM and setting the default application association, but the settings do not seem to be and Windows defaults are delivered to Edge because Windows 10 now uses an API and a hash to make sure that the third group applications do not change the default values ​​without the permission of the client. # 39; user.

I know that I can use GPOs to set the default application association. However, with some users needing Nitro PDF and others, from Acrobat Pro, I'm not sure how best to replace the default associations for our users. Ideas?

json – Azure Security Policy for Azure Analysis Service

I'm working on creating an Azure Security Policy for Azure Analysis Services. First of all, I can not find a mention or a sample code and I can not get my strategies to work properly. Is it even possible to set up a strategy on Analysis Services?

If so, should I call a compute resource from the Analysis Services resource;
"Microsoft.AnalysisServices / Servers". There are properties below that identify firewall rules, so I'm not sure.

I try to limit access to external IP addresses from two specific ranges.

Please ask more clarification questions if necessary. Thank you.

cloudfront not the configuration of magento 2 CORS Policy error

I receive an error

No Access Control-Allow-Origin & # 39; on the Magento 2 website. Although I'm adding
Access-Control-Allow-Origin header set, but still not enabled
he.

enter the description of the image here

enter the description of the image here

enter the description of the image here

Amazon Web Services – If I already have files in an S3 Bay of the Glacier storage class, what happens if I apply a Bay Policy to migrate to Glacier after 1 day?

We have a pre-existing S3 bucket to which we want to add a lifecycle strategy to transfer large files to the S3 standard to Glacier. The bucket already contains elements of the Glacier storage class (manually modified via the console). How does the lifecycle strategy handle files already in Glacier? Will they be ignored or will they be moved again?

The question comes mainly from a previous experience of adding a transition to a deep archiving strategy for the files that were in Glacier, which resulted in an early removal of the Glacier load, which would Was not ideal (because the files were in the Glacier storage level for less than 90 days). .

Also do a little test in a test bucket tonight to see how it behaves, but were you curious to know if anyone had experience in a production environment?

content security policy – How do I know that some software sends background data to the Internet?

Is it possible to use tools such as Fiddler easily know if a software from my system sends data to the internet behind the scenes?

I have downloaded free open source software to accomplish certain tasks. But worried they scan my PC and send data back to the cloud behind the scenes!