I have a web application using custom authentication and role
management, which seems to work properly. I also have a web config
file with the following:
<location path="systems">
<system.web>
<authorization>
<allow roles="Administrator,Reader" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="applications">
<system.web>
<authorization>
<allow roles="Administrator,Reader" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="certification">
<system.web>
<authorization>
<allow roles="Administrator,Reader" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="admin">
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</location>
When I run the application, everything works fine. Clicking on my
menu links, I cannot access the pages for which I'm not assigned to an
allowed role. The problem is when I paste the direct URL into the
browser, I'm still able to pull up the pages I'm not supposed to have
access to. For example, when I log in as a reader (which I've
verified the role), I can click on the "Admin" link from the menu and
I get an "Access Denied" 401.2 error. However, when I copy the URL to
the browser, I can gain access to that page.
Anyone have any ideas? Any help is appreciated. Thank you. 1 3452
"Chase Kang #52" <ch********@gmail.comwrote in message
news:33**********************************@k30g2000 hse.googlegroups.com...
I have a web application using custom authentication and role
management, which seems to work properly. I also have a web config
file with the following:
<location path="systems">
<system.web>
<authorization>
<allow roles="Administrator,Reader" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="applications">
<system.web>
<authorization>
<allow roles="Administrator,Reader" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="certification">
<system.web>
<authorization>
<allow roles="Administrator,Reader" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="admin">
<system.web>
<authorization>
<allow roles="Administrator" />
<deny users="*" />
</authorization>
</system.web>
</location>
When I run the application, everything works fine. Clicking on my
menu links, I cannot access the pages for which I'm not assigned to an
allowed role. The problem is when I paste the direct URL into the
browser, I'm still able to pull up the pages I'm not supposed to have
access to. For example, when I log in as a reader (which I've
verified the role), I can click on the "Admin" link from the menu and
I get an "Access Denied" 401.2 error. However, when I copy the URL to
the browser, I can gain access to that page.
Anyone have any ideas? Any help is appreciated. Thank you.
Are these aspx pages you are trying to access?
--
Joe Fawcett (MVP - XML) http://joe.fawcett.name This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: David Sworder |
last post by:
This message was already cross-posted to C# and ADO.NET, but I forgot to
post to this "general" group... sorry about that. It just occured to me
after my first post that the "general" group readers...
|
by: Mario |
last post by:
Hello,
I couldn't find a solution to the following problem (tried
google and dejanews), maybe I'm using the wrong keywords?
Is there a way to open a file (a linux fifo pipe actually) in...
|
by: Simon Knox |
last post by:
Hi
I have a web app that has a legitimate use for pop up windows. My web app is
an insurance quoting app. I use the window.open method to display another
aspx page so that the user can check...
|
by: Mike |
last post by:
Hi
We are new to the world of ASP Development and I have a simple question - we
are starting a test development in ASP 2.0 Beta and we are building an
application using a Direct Connection to...
|
by: ABC |
last post by:
I have a web site include three folders: public, admin and member.
I place web.config files to admin and members folders only allow admin and
members to access. If there are a user login as Demo...
|
by: David |
last post by:
I am installing apps on an asp.net 1.1 machine to which I have no
access to the IIS configuration. I need to lock out the viewing of
files types in a directory. As per info on the net, I added...
|
by: Jan Kucera |
last post by:
Hi,
I do that for the first time, but posting this in
microsoft.public.dotnet.framework.aspnet, microsoft.public.inetserver.iis,
http://forums.asp.net/thread/1271188.aspx (no response) and...
|
by: newguy99 |
last post by:
Hi,
i need to know how to write a page in either JS, ASP etc.. page(s) that does the following.
1) Checks the ‘referrer’ page, where that person clicked on the link from.
2) If...
|
by: jobs |
last post by:
Hello.
If my users are logged in, and try to access restricted pages I want
to direct them to a custom 403 page. If they are not logged in, I
would like to continue to direct them to the login...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
| |