How to allow specified resources to be viewed before a user is logged in?

web.config authorization allow users
asp.net restrict access to page
if you want to set up specific authorization for a specific page
asp.net allow anonymous access to single page
azure ad session management
web.config authorization allow roles
aws restrict access to ec2 instance
how to give access to ec2 instance

I would like to allow users to view properties before they are logged in. But my application controller is restricting all resources before they are logged in. How can I allow the properties resource to be viewed regardless of whether a user being logged in or not?

I've tried adding the properties to the authorized method in application_controller and adding skip_before_action :authorized, only: [:index] and authorize! in the properties_controller.

class ApplicationController < ActionController::API
    before_action :authorized

  def encode_token(payload)
    # should store secret in env variable
    JWT.encode(payload, 'SECRET_KEY_BASE')
  end

  def auth_header
    request.headers['Authorization']
  end

  def decoded_token
    if auth_header
      token = auth_header.split(' ')[1]
      begin
        JWT.decode(token, 'SECRET_KEY_BASE', true, algorithm: 'HS256')
      rescue JWT::DecodeError
        nil
      end
    end
  end

  def current_investor
    if decoded_token
      investor_id = decoded_token[0]['investor_id']
      @investor = Investor.find_by(id: investor_id)
    end
  end

  def logged_in?
    !!current_investor
  end

  def authorized
    render json: { message: 'Please log in' }, status: :unauthorized unless logged_in?
  end
end
class Api::V1::PropertiesController < ApplicationController

    def index 
        properties = Property.all
        render json: PropertySerializer.new(properties).to_serialized_json
    end

    def create
        property = Property.new(property_params)
        if property.save!
            render json: property_params
        else
            render :new 
        end
    end

    private 

    def property_params
        params.require(:id, :price, :rent, :year_built, :last_year_appreciation, :next_year_appreciation, :lease_length, :beds_baths_sqft, :description, :zone, :address)
    end
end

I would like the whole properties resource be available regardless of a user being logged in. Thanks!

class Api::V1::PropertiesController < ApplicationController
    skip_before_action :authorized!
end

Ethical Hacking and Countermeasures: Attack Phases, When viewing a list of posts, authenticated users are shown an interface for a specific resource, let's customize the authorization settings so that only Tito to have the more specific rules come before the less specific ones. In the <authorization> element, add the <allow> configuration element and the <deny> configuration element. Use the users attribute to specify a comma-delimited list of user names. You can use a question mark (?) as a wildcard character that matches any user name. For example, the following code denies access to all users except user1 and user2:

skip_before_action :authorized, except: [:index] Try this will skip the authetication index method where properties can be visible to without logged in user.

User-Based Authorization (C#), Sign-in frequency defines the time period before a user is asked to sign in again when attempting to access a resource. The Azure AD default for browser session persistence allows users on personal devices to the article Require MFA for specific apps with Azure Active Directory Conditional Access. Select the collection mode. Most Azure resources will write data to the workspace in either Azure Diagnostic or Resource-Specific mode without giving you a choice. See the documentation for each service for details on which mode it uses. All Azure services will eventually use Resource-Specific mode.

Here in the ApplicationController you are calling before_action :authorized so this will be called in every single controller that is inherited from ApplicationController.

So what i suggest you is to remove the before_action filter from ApplicationController and place it in the corresponding controller. So your code might look something like,

class ApplicationController < ActionController::API
      def encode_token(payload)
    # should store secret in env variable
    JWT.encode(payload, 'SECRET_KEY_BASE')
  end

  def auth_header
    request.headers['Authorization']
  end

  def decoded_token
    if auth_header
      token = auth_header.split(' ')[1]
      begin
        JWT.decode(token, 'SECRET_KEY_BASE', true, algorithm: 'HS256')
      rescue JWT::DecodeError
        nil
      end
    end
  end

  def current_investor
    if decoded_token
      investor_id = decoded_token[0]['investor_id']
      @investor = Investor.find_by(id: investor_id)
    end
  end

  def logged_in?
    !!current_investor
  end

  def authorized
    render json: { message: 'Please log in' }, status: :unauthorized unless logged_in?
  end
end

And in your PropertiesController You can do something like this so that authorized method will not be called for the index action.

class Api::V1::PropertiesController < ApplicationController
    before_action :authorized, only: [:create]

    def index 
        properties = Property.all
        render json: PropertySerializer.new(properties).to_serialized_json
    end

    def create
        property = Property.new(property_params)
        if property.save!
            render json: property_params
        else
            render :new 
        end
    end

    private 

    def property_params
        params.require(:id, :price, :rent, :year_built, :last_year_appreciation, :next_year_appreciation, :lease_length, :beds_baths_sqft, :description, :zone, :address)
    end
end

Configure authentication session management, In some cases , computer users download code without validating the safety or or the normal functioning of the computer by accessing the system resources . a mechanism by which the code can be authenticated prior to the downloading . CAS also allows you to specify the permissions that the code can have or the  As mentioned by Brent, just create a new group policy and modify the Allow Logon Locally and Deny Logon Locally settings in the User Rights Assignment, I just want to add that you can link the GPO at the domain level and configure the security filtering so that this policy applies only to these specific PCs in case these PCs are scattered across multiple OUs.

Visual Basic 2008 Programming Black Book, Platinum Edition (With Cd), User-specified failover policy for the Fail Safe group is implemented. 3. database instance using the Oracle Resource DLL and other required resources on the Oracle7 and Oracle8 data servers allow users to connect before the instance  ASP.NET makes it easy to define user-based authorization rules. With just a bit of markup in Web.config, specific web pages or entire directories can be locked down so that they are only accessible to a specified subset of users. Page-level functionality can be turned on or off based on the currently logged in user through programmatic and

Oracle8 on Windows NT, See GlobalProtect harnesses the combination of user-logon, on-demand, and This allows for internal resources to be connected or scripts executed even before a for Windows users from the pre-logon user to the actual user who logged in. specific user group, which makes this specific setup a bit more engaging than  Do I need to create a Group that is always logged into our 2008 server R2? I have a user that is set to run our automated task but this user needs to be logged back into the server after any reboot or shutdown, how do I automate that log in function instead of manually having to log the that user in after each shutdown or restart?

GlobalProtect Pre-Logon Mode, Then, isolate the IAM user groups in their own accounts. If you must isolate your resources by Region or any conditions on the same account, first  TaskScheduler doesn't allow me to use the "Run whether user is logged in or not" option. I can't figure out how Task Scheduler's "Wake the computer to run this task" works. I have created a test task and in the Security Options, specified the user account: APPA\jonin.

Comments
  • Please don't post only code as answer, but include an explanation what your code does and how it solves the problem of the question. Answers with an explanation are generally of higher quality, and are more likely to attract upvotes.
  • I would recommend that you add some explanatory text to your answer, or you risk having it deleted as 'low quality' (even though it may be a correct answer)!