I have the following questions to ask.
For example, there are two roles, A and B to grant to users UA and UB
respectively.
UB in not in role A and UA is not in role B.
A can access to Apage and B to Bpage by typing their passwords, resp..
However, when A has accessed Apage and know the URL of Bpage, A can access
to Bpage. Right now I hard-code it in codebehind functions to protect the
system from this case.
I would like to setup configuration file Web.config such that I do not need
to add code to each of the codebehind function.
I have added the following to Web.config, but it seems not working in this
way. Anyone can give me a help? thanks
David
<location path="Apage.asp x">
<system.web>
<authorizatio n>
<allow roles="A" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="Bpage.asp x">
<system.web>
<authorizatio n>
<allow roles="B" />
<deny users="*" />
</authorization>
</system.web>
</location> 7 1069
This should work. I'm wondering if your roles aren't being properly created
upon each request. Are you doing this in Application_Aut henticateReques t
in global.asax?
-Brock
DevelopMentor http://staff.develop.com/ballen I have the following questions to ask.
For example, there are two roles, A and B to grant to users UA and UB respectively. UB in not in role A and UA is not in role B. A can access to Apage and B to Bpage by typing their passwords, resp.. However, when A has accessed Apage and know the URL of Bpage, A can access to Bpage. Right now I hard-code it in codebehind functions to protect the system from this case. I would like to setup configuration file Web.config such that I do not need to add code to each of the codebehind function.
I have added the following to Web.config, but it seems not working in this way. Anyone can give me a help? thanks
David
<location path="Apage.asp x"> <system.web> <authorizatio n> <allow roles="A" /> <deny users="*" /> </authorization> </system.web> </location> <location path="Bpage.asp x"> <system.web> <authorizatio n> <allow roles="B" /> <deny users="*" /> </authorization> </system.web> </location>
yes, I implement Application_Aut henticateReques t.
I will try it once more.
Another new problem raised.
All forms located in Demo and secured by Web.config as
<authenticati on mode="Forms">
<forms name="AuthCooki e" loginUrl="login .aspx" path="/" >
</forms>
</authentication>
I also have an image subfolder in Demo for storing images. The problem is
that I can access to all images in the image subfolder without asking
user/password.
What is the problem?
"Brock Allen" wrote: This should work. I'm wondering if your roles aren't being properly created upon each request. Are you doing this in Application_Aut henticateReques t in global.asax?
-Brock DevelopMentor http://staff.develop.com/ballen I have the following questions to ask.
For example, there are two roles, A and B to grant to users UA and UB respectively. UB in not in role A and UA is not in role B. A can access to Apage and B to Bpage by typing their passwords, resp.. However, when A has accessed Apage and know the URL of Bpage, A can access to Bpage. Right now I hard-code it in codebehind functions to protect the system from this case. I would like to setup configuration file Web.config such that I do not need to add code to each of the codebehind function.
I have added the following to Web.config, but it seems not working in this way. Anyone can give me a help? thanks
David
<location path="Apage.asp x"> <system.web> <authorizatio n> <allow roles="A" /> <deny users="*" /> </authorization> </system.web> </location> <location path="Bpage.asp x"> <system.web> <authorizatio n> <allow roles="B" /> <deny users="*" /> </authorization> </system.web> </location>
> yes, I implement Application_Aut henticateReques t. I will try it once more.
Hmm, ok, then I don't see why it's not working for you. I'd build a new simple
project that just does this little bit that you're trying to do and make
it work there. Sometimes the baggage of the rest of your application can
hide other problems.
I also have an image subfolder in Demo for storing images. The problem is that I can access to all images in the image subfolder without asking user/password. What is the problem?
So add a <location path="image"> that denies user="?". This will not allow
any anonymous users. Again, I'd test this in the sample app I mentioned above
just so you know it works :)
-Brock
DevelopMentor http://staff.develop.com/ballen
Thanks
"Brock Allen" wrote: yes, I implement Application_Aut henticateReques t. I will try it once more.
Hmm, ok, then I don't see why it's not working for you. I'd build a new simple project that just does this little bit that you're trying to do and make it work there. Sometimes the baggage of the rest of your application can hide other problems.
I also have an image subfolder in Demo for storing images. The problem is that I can access to all images in the image subfolder without asking user/password. What is the problem?
So add a <location path="image"> that denies user="?". This will not allow any anonymous users. Again, I'd test this in the sample app I mentioned above just so you know it works :)
-Brock DevelopMentor http://staff.develop.com/ballen
It does not work. My configuration is:
<authorizatio n>
<deny users="?" /> <!--deny anonymous users-->
<allow users="*" /> <!-- Allow all users -->
<!-- <allow users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
<deny users="[comma separated list of users]"
roles="[comma separated list of roles]"/>
-->
</authorization>
<location path="images">
<system.web>
<authorizatio n>
<deny users="?" />
</authorization>
</system.web>
</location>
"Brock Allen" wrote: yes, I implement Application_Aut henticateReques t. I will try it once more.
Hmm, ok, then I don't see why it's not working for you. I'd build a new simple project that just does this little bit that you're trying to do and make it work there. Sometimes the baggage of the rest of your application can hide other problems.
I also have an image subfolder in Demo for storing images. The problem is that I can access to all images in the image subfolder without asking user/password. What is the problem?
So add a <location path="image"> that denies user="?". This will not allow any anonymous users. Again, I'd test this in the sample app I mentioned above just so you know it works :)
-Brock DevelopMentor http://staff.develop.com/ballen
The <location> is outside your <system.web>, right?
-Brock
DevelopMentor http://staff.develop.com/ballen It does not work. My configuration is:
<authorizatio n>
<deny users="?" /> <!--deny anonymous users--> <allow users="*" /> <!-- Allow all users --> <!-- <allow users="[comma separated list of users]" roles="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]"/> --> </authorization> <location path="images"> <system.web> <authorizatio n> <deny users="?" /> </authorization> </system.web> </location> "Brock Allen" wrote:
yes, I implement Application_Aut henticateReques t. I will try it once more. Hmm, ok, then I don't see why it's not working for you. I'd build a new simple project that just does this little bit that you're trying to do and make it work there. Sometimes the baggage of the rest of your application can hide other problems.
I also have an image subfolder in Demo for storing images. The problem is that I can access to all images in the image subfolder without asking user/password. What is the problem? So add a <location path="image"> that denies user="?". This will not allow any anonymous users. Again, I'd test this in the sample app I mentioned above just so you know it works :)
-Brock DevelopMentor http://staff.develop.com/ballen
Yes, <location> is outside <system.web>,
"Brock Allen" wrote: The <location> is outside your <system.web>, right?
-Brock DevelopMentor http://staff.develop.com/ballen It does not work. My configuration is:
<authorizatio n>
<deny users="?" /> <!--deny anonymous users--> <allow users="*" /> <!-- Allow all users --> <!-- <allow users="[comma separated list of users]" roles="[comma separated list of roles]"/> <deny users="[comma separated list of users]" roles="[comma separated list of roles]"/> --> </authorization> <location path="images"> <system.web> <authorizatio n> <deny users="?" /> </authorization> </system.web> </location> "Brock Allen" wrote:
yes, I implement Application_Aut henticateReques t. I will try it once more. Hmm, ok, then I don't see why it's not working for you. I'd build a new simple project that just does this little bit that you're trying to do and make it work there. Sometimes the baggage of the rest of your application can hide other problems.
I also have an image subfolder in Demo for storing images. The problem is that I can access to all images in the image subfolder without asking user/password. What is the problem? So add a <location path="image"> that denies user="?". This will not allow any anonymous users. Again, I'd test this in the sample app I mentioned above just so you know it works :)
-Brock DevelopMentor http://staff.develop.com/ballen This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: craig |
last post by:
I am working on my first .NET development project that involves custom
role-based security per the project requirements. This lead to a general
design issue this week that really caused us some concern. I have described
the situation below because we are very curious to see what other, more
experienced, developers might suggest. The specific classes and fields are
used just to illustrate the concepts.
Our application uses role-based...
|
by: ChrisB |
last post by:
Hello:
I am a member of a team creating a .NET application, and we seem to have run
into an issue when trying to implement role based security.
Our application makes use of a fairly common (table based) security model in
which privileges are assigned to roles, which are then assigned users. So,
for example, the user "JSmith" may be assigned to a "SalesRep" role and as a
result have "Add Customer", "View Customer", and "Edit Customer"...
|
by: hazz |
last post by:
If I successfully run a VS.NET app which includes the following;
************************** APP 1 ****************************
m_iIdnt = new
System.Security.Principal.GenericIdentity(t.UserName,"MyAuthentication");
//user and My authentication type added to Identity
string roles = {"Chief Cook and Bottle Washer", "Master Gardener"};
|
by: Jesper Stocholm |
last post by:
I have implemented role-based security within my ASP.Net application.
However, it seems the role is not passed to the authentication ticket I
create.
I want to use it to display/hide some content based on the user's role. I
wrote this to do it:
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
plLoggedIn.Visible = true;
|
by: Liet Kynes |
last post by:
I'm new to the .NET security framework, and I pose the following questions:
1) According to the documentation I've read .NET is promoting a role-based
security model centered around IPrincipal. What about granular user-based
security requirements? For example: I'm building a file repository app that
allows users to upload files to the application and share them with specific
users and groups/roles. Suppose we have three roles (officer,...
| |
by: Scott Natwick |
last post by:
I would like to setup role-based security for my forms, however I'm having
trouble working through an example I found.
The example suggests creating a subdirectory for each role. I haven't been
able to find a way to create pages in subdirectories in VS.
Can this be done? Or can anyone suggest another example?
Thanks in advance,
Scott Natwick
|
by: Mike Logan |
last post by:
Questions about Role Based Security in ASP.Net:
I have a few questions about role based security in an ASP.Net application.
Below are some points about our system:
- We have a hierarchical roles system stored in a database.
- We are also using Windows for authentication.
- Page - Role relationships are also held in a database.
- We have created a shared assembly for ease of use in applications.
|
by: Mark White |
last post by:
Hey everyone
I'm having a great deal of problems finding this information through google
and yahoo, so I turn to you on this.
I have a Windows app running on XP. I am able to caputre the user's Name
property in the WindowsPrincipal's IIdentity interface.
Where can I find the role that the user is assigned for the current login?
I only want the one role which is assigned for the current user, not all of
|
by: nugget |
last post by:
Role-based security for an ASP/ASP.NET mixed environment
Hello:
My co-worker and I have been charged with designing role-based security
for our intranet. The technologies we have to work with are ASP and
ASP.NET. This security design must support *both* technologies.
Currently, we have a successful collection of both ASP and ASP.NET
applications with an identical look and feel; you'd only know they are
different by virtue of an ASP...
|
by: Max2006 |
last post by:
Hi,
I need to hide a series of siteMapNodes to certain roles. That means roles
have access to the siteMapNode, but the node doesn't appear on the
navigation menu. I'll use Response.Redirect to jump to hidden pages.
How can I do that? I tried securityTrimmingEnabled="true" in my web.config.
But it doesn't help because the pages are accessible to the roles. I just
want to hide the pages from the main menu when certain roles login
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |