473,394 Members | 1,640 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > c# - web - can't figure out authorization via web.config

Join Bytes to post your question to a community of 473,394 software developers and data experts.

C# - WEB - Can't figure out authorization via web.config

Here's my situation:

I'm using forms authentication with a SQL DB (more or less that aspnetdb created by the config tool, but mine is NOT in the App_Data directory, just on a SQL server).

I've gotten as far as getting a user logged in (authenticated) so that they are looking at the dashboard.aspx. On this page, there are two buttons, one for the members page, one for the administrators page. The admin page is in an 'admin' folder, which is set up in my web.config as follows:

<authorization>
<allow roles="Administrators"/>
<deny users="*"/>
</authorization>

My understanding is that if the current user is in the Administrators role, they should be able to view this page, otherwise they would be denied, taken back to the login page, whatever. Problem is this: no matter what I try, I cannot get to that administrators page; it just keep taking me back to the login.aspx.

I can step thru the code and see the Cookie on the Response.Redirect and it appears to be what I need, but it won't let me in. Any thoughts on what I'm missing?

According to every site I read, this is really easy. I beg to differ; I'm a newbie, for sure, but this is far from what I would call "easy". I'm sure it's something stupid I'm doing or something I've missed, but I've spent several hours on this and have gotten no where. Any help or ideas would be greatly appreciated.

Thanks.
Nov 26 '07 #1
2 1244
KBTibbs
13
Here's my situation:

I'm using forms authentication with a SQL DB (more or less that aspnetdb created by the config tool, but mine is NOT in the App_Data directory, just on a SQL server).

I've gotten as far as getting a user logged in (authenticated) so that they are looking at the dashboard.aspx. On this page, there are two buttons, one for the members page, one for the administrators page. The admin page is in an 'admin' folder, which is set up in my web.config as follows:

<authorization>
<allow roles="Administrators"/>
<deny users="*"/>
</authorization>

My understanding is that if the current user is in the Administrators role, they should be able to view this page, otherwise they would be denied, taken back to the login page, whatever. Problem is this: no matter what I try, I cannot get to that administrators page; it just keep taking me back to the login.aspx.

I can step thru the code and see the Cookie on the Response.Redirect and it appears to be what I need, but it won't let me in. Any thoughts on what I'm missing?

According to every site I read, this is really easy. I beg to differ; I'm a newbie, for sure, but this is far from what I would call "easy". I'm sure it's something stupid I'm doing or something I've missed, but I've spent several hours on this and have gotten no where. Any help or ideas would be greatly appreciated.

Thanks.
You need a RoleProvider to just use the web.config file. It sounds since you've got your own database set up that you'll need to implement your own RoleProvider (the link above has more information about that).

The alternative is to handle this yourself. It sounds like you already have the information at hand (is it stored in the cookie?) so perhaps on page load you just check if this person belongs and redirect if they don't...


Edit: I reread what you wrote, and now I have a better link for you. Since your database is the same as what aspnet_regsql would make for you, this page will show you how to redirect from the local SQL express to a remote SQL server.
Nov 26 '07 #2
Thanks for the reply.

I think I figured out what I was doing wrong. In my web.config, I have both role provider and membership provider. I'm not positive of this, but I had the application name different in each section; once I changed them both to the same name (the one in aspnet_Applications table), it seemed to work. I think. I will continue to test this out to make sure.
Nov 27 '07 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

2
In web.config, how to specify a page that can be accessed without login?
by: TaeHo Yoo | last post by:
In my current web.config, I have these lines ----------------------------------------------------------- <authentication mode="Forms"> <forms name="frmAuthentication" loginUrl="login.aspx" />...
ASP.NET
1
Messed Up Web.Config Authorization - Help!
by: poi | last post by:
I have a Win2K and Win2K web servers with Local Groups that contain domain users and domain groups from a foreign trusted domain. In the web config for the application, the web.config has this: ...
ASP.NET
1
Authorization elements in web.config
by: Chris Leffer | last post by:
Hi. I would like to confirm a behaviour in the authorization element from the web.config file. Suppose the following (using Forms authentication): <authorization> <deny users="?" /> <deny...
ASP.NET
3
Can't get stupid Authentication to work!!
by: Amil | last post by:
I must be missing something very simple. I've had a web site running for a long time (anonymous access). Web.config authentication is original (anyone gets in): <authentication mode="Windows"...
ASP.NET
3
Form authorization problem
by: nick | last post by:
Hi, How should I write the web.config file to allow some of the aspx files be executable to all users and others are required users to login? All the aspx files are in the same folder.
ASP.NET
4
can I set web.config to require authentication only for some files?
by: Bennett Haselton | last post by:
If I add this to my web.config file: <authentication mode="Forms"> <forms name=".ASPXUSERDEMO" loginUrl="login.aspx" protection="All" timeout="60" /> </authentication> I can configure the...
ASP.NET
4
Requiring Authorization for a Single Subfolder
by: Johnnie Norsworthy | last post by:
ASP.NET 2.0 How do I configure my web site to require forms authorization only for a subfolder off the root? I know how to set Web.config for forms authentication for the whole site, but I need...
ASP.NET
0
Authorization Failed - 401 - Custom Errors
by: gilly3 | last post by:
How do I use a Custom Error page for 401 - Authorization Failed errors? I tried the web.config method: <customErrors mode="On" defaultRedirect="/GeneralError.aspx"> <error statusCode="401"...
ASP.NET
0
authorization policy help
by: yofnik | last post by:
Hello, Using policy (modifying web.config) and FormsAuthentication, is it possible to return an error message (or redirect to error page) instead of redirecting to the login page for specific...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!