using web config to allow access to domain users only

I think you want the role tag

<authorization>
<allow users="*" allow role="domain\group" />
<deny users="*" />
</authorization>
--
Regards

John Timney
ASP.NET MVP
Microsoft Regional Director

"Carlos" <ch******@yahoo.com> wrote in message
news:uY*************@TK2MSFTNGP09.phx.gbl...

Hi all,

is it possible to configute an asp .net app using web config, to allow
access to users within a particular domain only?.

Any help is greatly appreciated.

Thanks in advance,

Carlos

I'm making the assumption that you're using windows Authentication for
your web application.

I would recommend doing this security check in the Application's
AuthorizeRequest event. You can set the domain in an appSetting in your
web.config file. The following code is untested:

Web.config:

<configuration>
<appSettings>
<add key="AuthorizedDomainName" value="Watusi" />
</appSettings>
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="notauthorized.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>

global.asax

void Application_AuthorizeRequest(object sender, EventArgs e)
{
if
(!User.Identity.Name.StartsWith(ConfigurationSetti ngs.AppSettings["AuthorizedDomainName"]
+ "\\")) HttpContext.Current.Response.Redirect("notauthoriz ed.aspx");
}

-Alan
Carlos wrote:

Hi all,

is it possible to configute an asp .net app using web config, to allow
access to users within a particular domain only?.

Any help is greatly appreciated.

Thanks in advance,

Carlos

Alan,

Thank you for your prompt response. When testing the code
I found out that it takes a long time to redirect from within
Application_AuthenticateRequest to the notauthorized page.

Is there any reason for that?

Thanks,

Carlos

"Alan Samet" <al*******@gmail.com> wrote in message
news:11*********************@g14g2000cwa.googlegro ups.com...

I'm making the assumption that you're using windows Authentication for
your web application.

I would recommend doing this security check in the Application's
AuthorizeRequest event. You can set the domain in an appSetting in your
web.config file. The following code is untested:

Web.config:

<configuration>
<appSettings>
<add key="AuthorizedDomainName" value="Watusi" />
</appSettings>
<system.web>
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
<location path="notauthorized.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>

global.asax

void Application_AuthorizeRequest(object sender, EventArgs e)
{
if
(!User.Identity.Name.StartsWith(ConfigurationSetti ngs.AppSettings["AuthorizedDomainName"]
+ "\\")) HttpContext.Current.Response.Redirect("notauthoriz ed.aspx");
}

-Alan
Carlos wrote:

Hi all,

is it possible to configute an asp .net app using web config, to allow
access to users within a particular domain only?.

Any help is greatly appreciated.

Thanks in advance,

Carlos

That I don't know. An HttpResponse.Redirect sends a header to the
browser requesting that the browser do the redirect. It may be the
browser you're using taking its time to do the redirect; the first
time, of course, you'd have to deal with the delay of the page
compiling. Perhaps the first time the WindowsPrincipal is queried for
the identity it may have to do some kind of domain lookup. I'm not
sure.

-Alan