Excuse me for multiple posting because I've posted this message to
aspnet.security NG but have not got any response yet.
I'm building an ASP.NET application works in Forms Authentication mode with
custom user account database. And it shows clients a list of hyperlinks to
content pages located in some separated subfolders. This application and
content pages are entirely secured, so everyone must logon to the
application. The application pages and most of content pages are accessible
for every authenticated clients but some of content pages in some specific
subfolders are served for specific users and groups only. I'm using URL
authorization to achieve this. Everything works fine now.
Now what I'm attempting to do is, hide/remove hyperlinks to unacceptable
contents from the contents list page. To do this, I want to test client's
access right for every subfolders at server side Page_Load() function, so
that avoid client user's useless operation. I don't want to show clients the
access forbidden message any more.
How can I do it?
Help me please.
best regards,
TK 3 1931
Hi TK,
I think you may be going about this the wrong way. What you really want to
do is design your application so that people have access to certain areas
based upon their role. You can then use User.IsInRole(<role>) to determine
if a user should see a particular page element. You can also use
<location> elements within your web.config to limit a user's access to
certain parts of the application.
Here's a URL you may find helpful: http://msdn.microsoft.com/library/de...us/secmod/html
/secmod18.asp
Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support ja******@online.microsoft.com
This post is provided "AS-IS" with no warranties and confers no rights.
-------------------- From: "TK" <tk****@nospam.emotionalbits.com> Subject: Permission check for secured subfolders? Date: Tue, 13 Jul 2004 17:13:41 +0900 Lines: 24 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Message-ID: <OX**************@TK2MSFTNGP09.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: q255060.ap.plala.or.jp 220.99.255.60 Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGP08.phx.gbl!TK2MSFTNGP09
.phx.gblXref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:246546 X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Excuse me for multiple posting because I've posted this message to aspnet.security NG but have not got any response yet.
I'm building an ASP.NET application works in Forms Authentication mode with custom user account database. And it shows clients a list of hyperlinks to content pages located in some separated subfolders. This application and content pages are entirely secured, so everyone must logon to the application. The application pages and most of content pages are accessible for every authenticated clients but some of content pages in some specific subfolders are served for specific users and groups only. I'm using URL authorization to achieve this. Everything works fine now.
Now what I'm attempting to do is, hide/remove hyperlinks to unacceptable contents from the contents list page. To do this, I want to test client's access right for every subfolders at server side Page_Load() function, so that avoid client user's useless operation. I don't want to show clients
theaccess forbidden message any more.
How can I do it? Help me please.
best regards, TK
Thank you for your help Jim!
You made my problem be clear. Yes, I agree with you I should use
User.IsInRole(<role>) method to check user's access permission. But where I
can get the <role> definitions? Do I have to manipulate the Web.config by
myself to get the <allow><deny> configurations for every subfolders?
In my application, these secured subfolders are not only located at flat
level but also be configured as an nested tree. And the contents manager
should be able to configure neccesary security settings to every subfolders
in everywhere.
So, if a content page is located at an URL such as http://myserver/myapp/folder1/folder...3/content.aspx, then I think I
have to manipulate Web.config files located in folder3, folder2, folder1,
myapp and machine.config all by myself.
Is thing like as above an only way for me?
Are there any classes/methods for me to make things easier?
best regards,
TK
"Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message
news:5B**************@cpmsftngxa06.phx.gbl... Hi TK,
I think you may be going about this the wrong way. What you really want
to do is design your application so that people have access to certain areas based upon their role. You can then use User.IsInRole(<role>) to
determine if a user should see a particular page element. You can also use <location> elements within your web.config to limit a user's access to certain parts of the application.
Here's a URL you may find helpful:
http://msdn.microsoft.com/library/de...us/secmod/html /secmod18.asp
Jim Cheshire [MSFT] MCP+I, MCSE, MCSD, MCDBA Microsoft Developer Support ja******@online.microsoft.com
This post is provided "AS-IS" with no warranties and confers no rights.
--------------------From: "TK" <tk****@nospam.emotionalbits.com> Subject: Permission check for secured subfolders? Date: Tue, 13 Jul 2004 17:13:41 +0900 Lines: 24 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Message-ID: <OX**************@TK2MSFTNGP09.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: q255060.ap.plala.or.jp 220.99.255.60 Path:
cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFT NGP08.phx.gbl!TK2MSFTNGP09 phx.gblXref: cpmsftngxa06.phx.gbl
microsoft.public.dotnet.framework.aspnet:246546X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Excuse me for multiple posting because I've posted this message to aspnet.security NG but have not got any response yet.
I'm building an ASP.NET application works in Forms Authentication mode
withcustom user account database. And it shows clients a list of hyperlinks
tocontent pages located in some separated subfolders. This application and content pages are entirely secured, so everyone must logon to the application. The application pages and most of content pages are
accessiblefor every authenticated clients but some of content pages in some
specificsubfolders are served for specific users and groups only. I'm using URL authorization to achieve this. Everything works fine now.
Now what I'm attempting to do is, hide/remove hyperlinks to unacceptable contents from the contents list page. To do this, I want to test client's access right for every subfolders at server side Page_Load() function, so that avoid client user's useless operation. I don't want to show clients theaccess forbidden message any more.
How can I do it? Help me please.
best regards, TK
TK,
You assign the roles in the user's database record or simply use the AD
roles. Doesn't matter.
As far as assigning which role has access to which resources, <location>
tags are going to be the best method.
Jim Cheshire [MSFT]
MCP+I, MCSE, MCSD, MCDBA
Microsoft Developer Support ja******@online.microsoft.com
This post is provided "AS-IS" with no warranties and confers no rights.
-------------------- From: "TK" <tk****@nospam.emotionalbits.com> References: <OX**************@TK2MSFTNGP09.phx.gbl>
<5B**************@cpmsftngxa06.phx.gbl>Subject: Re: Permission check for secured subfolders? Date: Wed, 14 Jul 2004 10:33:40 +0900 Lines: 107 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Message-ID: <OU**************@TK2MSFTNGP10.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.aspnet NNTP-Posting-Host: q255060.ap.plala.or.jp 220.99.255.60 Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTN GP10.phx.gbl Xref: cpmsftngxa06.phx.gbl microsoft.public.dotnet.framework.aspnet:246821 X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet
Thank you for your help Jim!
You made my problem be clear. Yes, I agree with you I should use User.IsInRole(<role>) method to check user's access permission. But where I can get the <role> definitions? Do I have to manipulate the Web.config by myself to get the <allow><deny> configurations for every subfolders?
In my application, these secured subfolders are not only located at flat level but also be configured as an nested tree. And the contents manager should be able to configure neccesary security settings to every subfolders in everywhere.
So, if a content page is located at an URL such as http://myserver/myapp/folder1/folder...3/content.aspx, then I think I have to manipulate Web.config files located in folder3, folder2, folder1, myapp and machine.config all by myself.
Is thing like as above an only way for me? Are there any classes/methods for me to make things easier?
best regards, TK "Jim Cheshire [MSFT]" <ja******@online.microsoft.com> wrote in message news:5B**************@cpmsftngxa06.phx.gbl... Hi TK,
I think you may be going about this the wrong way. What you really want to do is design your application so that people have access to certain areas based upon their role. You can then use User.IsInRole(<role>) to determine if a user should see a particular page element. You can also use <location> elements within your web.config to limit a user's access to certain parts of the application.
Here's a URL you may find helpful:
http://msdn.microsoft.com/library/de...-us/secmod/htm
l /secmod18.asp
Jim Cheshire [MSFT] MCP+I, MCSE, MCSD, MCDBA Microsoft Developer Support ja******@online.microsoft.com
This post is provided "AS-IS" with no warranties and confers no rights.
-------------------- >From: "TK" <tk****@nospam.emotionalbits.com> >Subject: Permission check for secured subfolders? >Date: Tue, 13 Jul 2004 17:13:41 +0900 >Lines: 24 >MIME-Version: 1.0 >Content-Type: text/plain; > charset="iso-2022-jp" >Content-Transfer-Encoding: 7bit >X-Priority: 3 >X-MSMail-Priority: Normal >X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 >Message-ID: <OX**************@TK2MSFTNGP09.phx.gbl> >Newsgroups: microsoft.public.dotnet.framework.aspnet >NNTP-Posting-Host: q255060.ap.plala.or.jp 220.99.255.60 >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGP08.phx.gbl!TK2MSFTNGP0
9 phx.gbl >Xref: cpmsftngxa06.phx.gblmicrosoft.public.dotnet.framework.aspnet:246546 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet > >Excuse me for multiple posting because I've posted this message to >aspnet.security NG but have not got any response yet. > >I'm building an ASP.NET application works in Forms Authentication modewith >custom user account database. And it shows clients a list of hyperlinksto >content pages located in some separated subfolders. This application and >content pages are entirely secured, so everyone must logon to the >application. The application pages and most of content pages areaccessible >for every authenticated clients but some of content pages in somespecific >subfolders are served for specific users and groups only. I'm using URL >authorization to achieve this. Everything works fine now. > >Now what I'm attempting to do is, hide/remove hyperlinks to unacceptable >contents from the contents list page. To do this, I want to test
client's >access right for every subfolders at server side Page_Load() function,
so >that avoid client user's useless operation. I don't want to show clients the >access forbidden message any more. > >How can I do it? >Help me please. > >best regards, >TK > >
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: mrbog |
last post by:
Tell me if my assertion is wrong here:
The only way to prevent session hijacking is to NEVER store
authentication information (such as name/password) in the session.
Well, to never authenticate...
|
by: Wayne Wengert |
last post by:
I am using VS.NET 2003, VB.NET, ADO.NET and an Access 2000 database. I want
to display a list of all tables in an Access database. I want to put that
list of table names in a listbox so the user...
|
by: Russ |
last post by:
Hello. My new dev machine is running XP Pro. In the past all
equipment has only used Windows 2000. I have had a lot of problems
getting my projects up and running on the new machine. The current...
|
by: David |
last post by:
I'm using following code for checking a file existence. I's working
fine for given folder. Is there a way to check a file exitance in
subfolders?
Thanks in advance,
David
Option Compare...
|
by: BuddyWork |
last post by:
Hello,
I want to know if there are tools out there that will
tell me what the minimum permission set that I require to
run my application. I've looked at PermView but this does
not do this. It...
|
by: Taishi |
last post by:
New user of SQL
Everything is on the same machine
My error is close to the bottom
After reading it today, I can see there is a problem with 2 dbases
'PUBS' and 'Master'
There are also some...
|
by: Christoffer Sørensen |
last post by:
Hi,
I have a created a simple file upload asp.net web page which also creates directories on the fly using the following code:
string fullpath = Server.MapPath(".\\..\\..\\" + path);...
|
by: Mamatha |
last post by:
Hi
i hava wrote the code to restore a file of SQL server
database through ASP.It can access the backup file on
server and restored but some times or in some systems it
gives error like permission...
|
by: alex |
last post by:
Hi,
this always works:
private ConsoleToTextbox myConsole;
Console.SetOut(myConsole);
But now (a few weeks later i started this project again)
i get a non handeld security exception
from...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
| |