Solved

Role based security in ASP.NET 2.0 web application

Posted on 2006-06-23
10
434 Views
Last Modified: 2012-05-05
I know this has prbably been asked a million times here but i can't find any examples the help me resolve my issue.  I am trying to enable security on an ASP.NET 2.0 web project i am working on.  I want to have types of roles; Admin, Users.   I have the DB piece all worked out and have the login process finished.  I want to only allow the admin's to access to certain pages and restrict the other users from being able to get to these pages.  I have read here that the one way of doing this is to create an "admin" subfolder withing the site and put all of the "admin only" pages in that folder and the create a web.config file for that folder and place the web.config in the /admin folder.

What should the admin web.config file contain?  I have included the following authorization info.

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

 When I run the app i get the following:  "Error 131 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS."            

I copied the main web.config file to the admin folder and added the above code.  Do I have more that i need in the admin config file?  

Any help would be really appreciated.  

Thanks,





0
Comment
Question by:Mike_Stevens
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 35

Expert Comment

by:YZlat
ID: 16971251
1) in your web.config file do you have </location> closing tag?

2)in what section of your web.config did you put the following?

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

0
 

Author Comment

by:Mike_Stevens
ID: 16971281
Yeah i do have the closing location tag.  The above is at the end of the web.config file between the </system.web> and the </configuration> tags
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16971489
what directory do you store your config file in?
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 35

Expert Comment

by:YZlat
ID: 16971501
also, change path from

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

to

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
0
 

Author Comment

by:Mike_Stevens
ID: 16972340
the config for the admin folder is in the admin folder.
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16972590
that's the problem in that case all you need in your config file (the one in admin folder) is this:

<configuration>
<system.web>

....


<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</configuration>


Do you have another config file in the application directory?
0
 

Author Comment

by:Mike_Stevens
ID: 16972611
Yes....their is one in the app_path as well.  That one has all of the configuration info
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16972614
another thing you can do is remove web.config file from Admin folder and add this section to the web.config file in the application directory:

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
</location>
0
 
LVL 35

Accepted Solution

by:
YZlat earned 500 total points
ID: 16972644
dmake sure you remove <location> tag from web.config file in Admin directory
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
Because your company can’t afford for you to make SEO mistakes, you’ll want to ensure you’re taking the right steps each and every time you post a new piece of content. This list of optimization do’s and don’ts can help you become an SEO wizard.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question