By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,397 Members | 2,515 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,397 IT Pros & Developers. It's quick & easy.

help on Access to specific location ??

P: n/a
Dear all,

How to configure in config file, the fact that all users get access to the
root web folder but only some of them to a restricted forlder

Any sample ?

thnaks for your help
regards
serge
Nov 19 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hi Serge,

To allow users to certain area's, using the built in security framework,
requires the use of the "authorization" element in the config file. You can
then use the "location" element from with your config file to set other
folders have other security permissions. The other way is to place a separate
web.config in each folder you wish to secure, but the location element seems
more elegant.

E.g. (hope the xml comes out ok!)

<location path="pages/admin">
<system.web>
<authorization>
<deny roles="3"/>
</authorization>
</system.web>
</location>
Matt

"serge calderara" wrote:
Dear all,

How to configure in config file, the fact that all users get access to the
root web folder but only some of them to a restricted forlder

Any sample ?

thnaks for your help
regards
serge

Nov 19 '05 #2

P: n/a
thanks for your answer mat,

how to this authentification method behaves with NTFS permission set on
th folder as well in case we use windows authentication of course.

Does it take in account the most restrictive permission combine with
webconfig file and folder security ?
"Matt Tester" wrote:
Hi Serge,

To allow users to certain area's, using the built in security framework,
requires the use of the "authorization" element in the config file. You can
then use the "location" element from with your config file to set other
folders have other security permissions. The other way is to place a separate
web.config in each folder you wish to secure, but the location element seems
more elegant.

E.g. (hope the xml comes out ok!)

<location path="pages/admin">
<system.web>
<authorization>
<deny roles="3"/>
</authorization>
</system.web>
</location>
Matt

"serge calderara" wrote:
Dear all,

How to configure in config file, the fact that all users get access to the
root web folder but only some of them to a restricted forlder

Any sample ?

thnaks for your help
regards
serge

Nov 19 '05 #3

P: n/a
Hi Serge,

If you're using Windows Authentication with Impersination set to true, then
ASP.NET runs under that users account, and so is subject to NTFS permissions.
To be honest, I haven't tried denying read access to a folder within a
website for a given user to see what happens, but I'd say you'd want to use
the ASP.NET approach for that kind of security.

At a guess I'd say ASP.NET would check the Request and allow it to continue
if the web.config allows it, after which it may be blocked by NTFS security.
It would therefore always take the access granted by both systems.

You'd really want to use the NTFS security for access to other resources or
folders, not directly under the control of ASP.NET.

Matt

"serge calderara" wrote:
thanks for your answer mat,

how to this authentification method behaves with NTFS permission set on
th folder as well in case we use windows authentication of course.

Does it take in account the most restrictive permission combine with
webconfig file and folder security ?
"Matt Tester" wrote:
Hi Serge,

To allow users to certain area's, using the built in security framework,
requires the use of the "authorization" element in the config file. You can
then use the "location" element from with your config file to set other
folders have other security permissions. The other way is to place a separate
web.config in each folder you wish to secure, but the location element seems
more elegant.

E.g. (hope the xml comes out ok!)

<location path="pages/admin">
<system.web>
<authorization>
<deny roles="3"/>
</authorization>
</system.web>
</location>
Matt

"serge calderara" wrote:
Dear all,

How to configure in config file, the fact that all users get access to the
root web folder but only some of them to a restricted forlder

Any sample ?

thnaks for your help
regards
serge

Nov 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.