Wednesday, January 21, 2009

Hacking thru Matrimonial Site

video

Generally, matrimonial sites allow you to view part of profiles for free....
In case you want to contact prospective profiles, you need to be a paid customer.

This site also has the same functionality. Unfortunately, the cookie data controls whether the membership type is Free or Paid.

And I could surely get inside manipulating the cookie :)

Hurray !! A Live Hack into the Matrimonial Site.. :)

~ Dharmesh Mehta

Thursday, January 08, 2009

How to Authorize Declaratively : WCF 3.5

Declarative authorization can be added to application code at design time by specifying required access for a particular method or class declared as an attribute on the operation. Declarative role-based authorization is best for authorizing access to WCF at the operation level. Declarative authorization can be added to application code at design time by specifying required access for a particular method or class declared as an attribute on the operation.

Authorize windows groups declaratively by adding the PrincipalPermission attribute above each service method that requires authorization. Specify the Windows user group required to access the method in the Role field.

[PrincipalPermission(SecurityAction.Demand, Role = "accounting")]
public double Add(double a, double b)
{
return a + b;
}

The username/password combination supplied by the client will be mapped by the WCF service to a Windows user account. If the user is successfully authorized, the system will next check to see if the user belongs to the group declared with the PrinciplePermission role. Method access will be granted if the user belongs to the role.