Solved

Role based security in ASP.NET 2.0 web application

Posted on 2006-06-23
10
433 Views
Last Modified: 2012-05-05
I know this has prbably been asked a million times here but i can't find any examples the help me resolve my issue.  I am trying to enable security on an ASP.NET 2.0 web project i am working on.  I want to have types of roles; Admin, Users.   I have the DB piece all worked out and have the login process finished.  I want to only allow the admin's to access to certain pages and restrict the other users from being able to get to these pages.  I have read here that the one way of doing this is to create an "admin" subfolder withing the site and put all of the "admin only" pages in that folder and the create a web.config file for that folder and place the web.config in the /admin folder.

What should the admin web.config file contain?  I have included the following authorization info.

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

 When I run the app i get the following:  "Error 131 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS."            

I copied the main web.config file to the admin folder and added the above code.  Do I have more that i need in the admin config file?  

Any help would be really appreciated.  

Thanks,





0
Comment
Question by:Mike_Stevens
  • 6
  • 3
10 Comments
 
LVL 35

Expert Comment

by:YZlat
ID: 16971251
1) in your web.config file do you have </location> closing tag?

2)in what section of your web.config did you put the following?

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

0
 

Author Comment

by:Mike_Stevens
ID: 16971281
Yeah i do have the closing location tag.  The above is at the end of the web.config file between the </system.web> and the </configuration> tags
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16971489
what directory do you store your config file in?
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 35

Expert Comment

by:YZlat
ID: 16971501
also, change path from

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

to

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
0
 

Author Comment

by:Mike_Stevens
ID: 16972340
the config for the admin folder is in the admin folder.
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16972590
that's the problem in that case all you need in your config file (the one in admin folder) is this:

<configuration>
<system.web>

....


<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</configuration>


Do you have another config file in the application directory?
0
 

Author Comment

by:Mike_Stevens
ID: 16972611
Yes....their is one in the app_path as well.  That one has all of the configuration info
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16972614
another thing you can do is remove web.config file from Admin folder and add this section to the web.config file in the application directory:

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
</location>
0
 
LVL 35

Accepted Solution

by:
YZlat earned 500 total points
ID: 16972644
dmake sure you remove <location> tag from web.config file in Admin directory
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
app server have enough resources... 2 52
"Go Fund Me" type plugin 5 25
PHP Installer 5 38
Understanding UserAgent String 2 18
Any business that wants to seriously grow needs to keep the needs and desires of an international audience of their websites in mind. Making a website friendly to international users isn’t prohibitively expensive and can provide an incredible return…
Because your company can’t afford for you to make SEO mistakes, you’ll want to ensure you’re taking the right steps each and every time you post a new piece of content. This list of optimization do’s and don’ts can help you become an SEO wizard.
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question