By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,740 Members | 844 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,740 IT Pros & Developers. It's quick & easy.

authorization problem

P: n/a
Mark is creating a website using ASP.NET. He is using Forms
authentication for authenticating and authorizing users. He has the
following
layout of files and directories in his website:

Root
....File
Manager/
....Files
Employee/
...Files

He wants to configure Forms authentication in such a way that the
following requirements are met:
1. Users with role employee can access web forms, which are either at
root or in Employee folder.
2. Users with role manager can access all the web forms.

For this purpose, he placed Web.config files in Manager and Employee
folder. He has
placed the following code in Web.config file:

Employee/Web.config
<system.web>
<authorization>
<allow roles="employee" />
<deny users="*" />
</authorization>
</system.web>

Manager/Web.config
<system.web>
<authorization>
<allow roles="manager" />
<deny users="*" />
</authorization>
</system.web>

When he runs the application and logins with the manager role, he can
access the web forms that are placed in the Manager folder, but he
cannot access the web forms that are placed in the Employee folder.
What
could be the possible cause of this problem? Please discuss the
authorization element to support your answer.

Please try to find this problem.

Regards
Sonu

Mar 18 '06 #1
Share this Question
Share on Google+
1 Reply


P: n/a

Will a user in the "Manager" role also be in the "Employee" role? If not,
you need to change the Employee/Web.Config to include access for both roles
e.g.

Employee/Web.config
<system.web>
<authorization>
<allow roles="employee,manager" />
<deny users="*" />
</authorization>
</system.web>
"sonu" wrote:
Mark is creating a website using ASP.NET. He is using Forms
authentication for authenticating and authorizing users. He has the
following
layout of files and directories in his website:

Root
....File
Manager/
....Files
Employee/
...Files

He wants to configure Forms authentication in such a way that the
following requirements are met:
1. Users with role employee can access web forms, which are either at
root or in Employee folder.
2. Users with role manager can access all the web forms.

For this purpose, he placed Web.config files in Manager and Employee
folder. He has
placed the following code in Web.config file:

Employee/Web.config
<system.web>
<authorization>
<allow roles="employee" />
<deny users="*" />
</authorization>
</system.web>

Manager/Web.config
<system.web>
<authorization>
<allow roles="manager" />
<deny users="*" />
</authorization>
</system.web>

When he runs the application and logins with the manager role, he can
access the web forms that are placed in the Manager folder, but he
cannot access the web forms that are placed in the Employee folder.
What
could be the possible cause of this problem? Please discuss the
authorization element to support your answer.

Please try to find this problem.

Regards
Sonu

Mar 20 '06 #2

This discussion thread is closed

Replies have been disabled for this discussion.