Solved

Role based security in ASP.NET 2.0 web application

Posted on 2006-06-23
10
431 Views
Last Modified: 2012-05-05
I know this has prbably been asked a million times here but i can't find any examples the help me resolve my issue.  I am trying to enable security on an ASP.NET 2.0 web project i am working on.  I want to have types of roles; Admin, Users.   I have the DB piece all worked out and have the login process finished.  I want to only allow the admin's to access to certain pages and restrict the other users from being able to get to these pages.  I have read here that the one way of doing this is to create an "admin" subfolder withing the site and put all of the "admin only" pages in that folder and the create a web.config file for that folder and place the web.config in the /admin folder.

What should the admin web.config file contain?  I have included the following authorization info.

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

 When I run the app i get the following:  "Error 131 It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level.  This error can be caused by a virtual directory not being configured as an application in IIS."            

I copied the main web.config file to the admin folder and added the above code.  Do I have more that i need in the admin config file?  

Any help would be really appreciated.  

Thanks,





0
Comment
Question by:Mike_Stevens
  • 6
  • 3
10 Comments
 
LVL 35

Expert Comment

by:YZlat
ID: 16971251
1) in your web.config file do you have </location> closing tag?

2)in what section of your web.config did you put the following?

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

0
 

Author Comment

by:Mike_Stevens
ID: 16971281
Yeah i do have the closing location tag.  The above is at the end of the web.config file between the </system.web> and the </configuration> tags
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16971489
what directory do you store your config file in?
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16971501
also, change path from

<location path="admin/admin_menu.aspx">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>

to

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:Mike_Stevens
ID: 16972340
the config for the admin folder is in the admin folder.
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16972590
that's the problem in that case all you need in your config file (the one in admin folder) is this:

<configuration>
<system.web>

....


<authorization>
<allow roles="admin" />
<deny users="*" />
</authorization>
</system.web>
</configuration>


Do you have another config file in the application directory?
0
 

Author Comment

by:Mike_Stevens
ID: 16972611
Yes....their is one in the app_path as well.  That one has all of the configuration info
0
 
LVL 35

Expert Comment

by:YZlat
ID: 16972614
another thing you can do is remove web.config file from Admin folder and add this section to the web.config file in the application directory:

<location path="admin">
        <system.web>
          <authorization>
            <allow roles="admin"/>    
            <deny users="*"/>
          </authorization>  
        </system.web>
</location>
0
 
LVL 35

Accepted Solution

by:
YZlat earned 500 total points
ID: 16972644
dmake sure you remove <location> tag from web.config file in Admin directory
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
I've been asked to discuss some of the UX activities that I'm using with my team. Here I will share some details about how we approach UX projects.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now