Solved

Role based security in ASP.NET 2.0 web application

Posted on 2006-06-23
10
432 Views
Last Modified: 2012-05-05
I know this has prbably been asked a million times here but i can't find any examples the help me resolve my issue.  I am trying to enable security on an ASP.NET 2.0 web project i am working on.  I want to have types of roles; Admin, Users.   I have the DB piece all worked out and have the login process finished.  I want to only allow the admin's to access to certain pages and restrict the other users from being able to get to these pages.  I have read here that the one way of doing this is to create an "admin" subfolder withing the site and put all of the "admin only" pages in that folder and the create a web.config file for that folder and place the web.config in the /admin folder.

What should the admin web.config file contain?  I have included the following authorization info.

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

 When I run the app i get the following:  "Error 131 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS."            

I copied the main web.config file to the admin folder and added the above code.  Do I have more that i need in the admin config file?  

Any help would be really appreciated.  

Thanks,





0
Comment
Question by:Mike_Stevens
  • 6
  • 3
10 Comments
 
LVL 35

Expert Comment

by:YZlat
ID: 16971251
1) in your web.config file do you have </location> closing tag?

2)in what section of your web.config did you put the following?

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

0
 

Author Comment

by:Mike_Stevens
ID: 16971281
Yeah i do have the closing location tag.  The above is at the end of the web.config file between the </system.web> and the </configuration> tags
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16971489
what directory do you store your config file in?
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 35

Expert Comment

by:YZlat
ID: 16971501
also, change path from

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

to

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
0
 

Author Comment

by:Mike_Stevens
ID: 16972340
the config for the admin folder is in the admin folder.
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16972590
that's the problem in that case all you need in your config file (the one in admin folder) is this:

<configuration>
<system.web>

....


<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</configuration>


Do you have another config file in the application directory?
0
 

Author Comment

by:Mike_Stevens
ID: 16972611
Yes....their is one in the app_path as well.  That one has all of the configuration info
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16972614
another thing you can do is remove web.config file from Admin folder and add this section to the web.config file in the application directory:

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
</location>
0
 
LVL 35

Accepted Solution

by:
YZlat earned 500 total points
ID: 16972644
dmake sure you remove <location> tag from web.config file in Admin directory
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
"In order to have an organized way for empathy mapping, we rely on a psychological model and trying to model it in a simple way, so we will split the board to three section for each persona and a scenario and try to see what those personas would Do,…
This video teaches users how to migrate an existing Wordpress website to a new domain.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question