Thank you for your help Jim!
You made my problem be clear. Yes, I agree with you I should use
User.IsInRole(<role>) method to check user's access permission. But where I
can get the <role> definitions? Do I have to manipulate the Web.config by
myself to get the <allow><deny> configurations for every subfolders?
In my application, these secured subfolders are not only located at flat
level but also be configured as an nested tree. And the contents manager
should be able to configure neccesary security settings to every subfolders
in everywhere.
So, if a content page is located at an URL such as
http://myserver/myapp/folder1/folder...3/content.aspx, then I think I
have to manipulate Web.config files located in folder3, folder2, folder1,
myapp and machine.config all by myself.
Is thing like as above an only way for me?
Are there any classes/methods for me to make things easier?
best regards,
TK
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:5B**************@cpmsftngxa06.phx.gbl...
Hi TK,
I think you may be going about this the wrong way. What you really want
to do is design your application so that people have access to certain areas
based upon their role. You can then use User.IsInRole(<role>) to
determine if a user should see a particular page element. You can also use
<location> elements within your web.config to limit a user's access to
certain parts of the application.
Here's a URL you may find helpful:
http://msdn.microsoft.com/library/de...us/secmod/html /secmod18.asp
Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support
ja******@online.microsoft.com
This post is provided "AS-IS" with no warranties and confers no rights.
--------------------From: "TK" <tk****@nospam.emotionalbits.com>
Subject: Permission check for secured subfolders?
Date: Tue, 13 Jul 2004 17:13:41 +0900
Lines: 24
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-2022-jp"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Message-ID: <OX**************@TK2MSFTNGP09.phx.gbl>
Newsgroups: microsoft.public.dotnet.framework.aspnet
NNTP-Posting-Host: q255060.ap.plala.or.jp 220.99.255.60
Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGP08.phx.gbl!TK2MSFTNGP09 phx.gblXref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet:246546X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Excuse me for multiple posting because I've posted this message to
aspnet.security NG but have not got any response yet.
I'm building an ASP.NET application works in Forms Authentication mode
withcustom user account database. And it shows clients a list of hyperlinks
tocontent pages located in some separated subfolders. This application and
content pages are entirely secured, so everyone must logon to the
application. The application pages and most of content pages are
accessiblefor every authenticated clients but some of content pages in some
specificsubfolders are served for specific users and groups only. I'm using URL
authorization to achieve this. Everything works fine now.
Now what I'm attempting to do is, hide/remove hyperlinks to unacceptable
contents from the contents list page. To do this, I want to test client's
access right for every subfolders at server side Page_Load() function, so
that avoid client user's useless operation. I don't want to show clients
theaccess forbidden message any more.
How can I do it?
Help me please.
best regards,
TK
