Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Specific Group Authenticate

Posted on 2006-11-01
22
Medium Priority
?
449 Views
Last Modified: 2008-01-16
How do i only allow specific a specific group authentication?

See below web.config file

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://williamstownhs.vic.edu.au"/>
  </connectionStrings>
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="false">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
                  <deny users="?"/>
                  <allow users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
            <!--
            The <customErrors> section enables configuration
            of what to do if/when an unhandled error occurs
            during the execution of a request. Specifically,
            it enables developers to configure html error pages
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
      </system.web>
</configuration>
0
Comment
Question by:dion_p1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 10
  • 2
22 Comments
 
LVL 11

Expert Comment

by:ethoths
ID: 17856760
<allow groups="specific group"/>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17856769
Sorry that should have been...

<allow roles="specific group"/>
0
 

Author Comment

by:dion_p1
ID: 17857075
I changed it at this point it doesn't work...

<authorization>
                  <deny users="?"/>
                  <allow users="*"/>
      <allow roles="administrators"/>
            </authorization>

any ideas?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Expert Comment

by:ethoths
ID: 17857136
If you want to only allow members of the administators group then you need this...

<authorization>
    <allow roles="MachineName/administrators" />
    <deny users="*"/>
</authorization>

You may or may not need the machineName part.

Don't forget the <authentication mode="Windows" />



0
 

Author Comment

by:dion_p1
ID: 17857265
No tried that to....

            <authorization>
                  <deny users="?"/>
                        <allow roles="williamstownhs/administrators"/>
            </authorization>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17857271
What configuration have you set in IIS? This must be left to the defaults to work properly.
0
 

Author Comment

by:dion_p1
ID: 17857381
im not using iis i am using visual studio 2005 express, and running in debugging mode preview.
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17857626
sorry try the slash after the mashine name the other way...

          <authorization>
               <deny users="?"/>
                    <allow roles="williamstownhs\administrators" />
          </authorization>
0
 

Author Comment

by:dion_p1
ID: 17861378
i get this error message

Line 38:             <membership defaultProvider="MyADMembershipProvider">
Line 39:                   <providers>
Line 40:                         <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
Line 41:                   </providers>
Line 42:             </membership>
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17866349
I don't see any error there.

Bob
0
 

Author Comment

by:dion_p1
ID: 17866504
Here is my webiste please check it out and try to explain where i am going wrong....

http://www.willihigh.vic.edu.au/home/tc/WebSite1.zip
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17868807
I also don't have time to run it, so what exception are you getting?

Bob
0
 

Author Comment

by:dion_p1
ID: 17896156
Well my issue still exist, it autheticates any user rather than just the administators

Tried the following

          <authorization>
               <deny users="?"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="administrators" />
          </authorization>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17896558
Ok give this a try. I assuume you only want members of the administrators group in?


<authorization>
  <deny users="*"/>
  <allow roles="DOMAINNAME\administrators" />
  <deny roles="* />
</authorization>
0
 

Author Comment

by:dion_p1
ID: 17896904
i Get this Error

Server Error in '/WebSite1' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Authorization rule names cannot contain the '*' character.

Source Error:


Line 37:       <deny users="*"/>
Line 38:       <allow roles="test1/administrators"/>
Line 39:       <deny roles="*"/>
Line 40:             </authorization>
Line 41:             <membership defaultProvider="MyADMembershipProvider">
 

Source File: C:\Documents and Settings\Dion Parsons\My Documents\Visual Studio 2005\WebSites\WebSite1\web.config    Line: 39
0
 
LVL 11

Accepted Solution

by:
ethoths earned 2000 total points
ID: 17897028
Last shot...

<authorization>
  <allow roles="DOMAINNAME\administrators" />
  <deny users="*"/>
</authorization>
0
 

Author Comment

by:dion_p1
ID: 17897056
I think we may be close.

When i type an incorrect pasword it tells me incorrect password
When i type a correct password in it returns Logon.aspx
When i try to manually go to default.aspx after typing in a correct username and password it still bounces me back to Logon.aspx



0
 
LVL 11

Expert Comment

by:ethoths
ID: 17897429
what's in your default.aspx page? (or inherited base page if you have one)
Can you go to any other page ?

0
 

Author Comment

by:dion_p1
ID: 17897566
I cant go to any other page it bounces me back to Logon.aspx...

--Default.aspx---

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Users Control Panel</title>
</head>
<body>
    <form id="form1" runat="server">
    <div style="text-align: center">
        <span style="font-family: Arial"><span style="font-size: 10pt"></span>
        </span>
        <table bgcolor="#1f569b" style="text-align: center; width: 350px; height: 350px;">
            <tr>
                <td colspan="3" style="height: 80px; text-align: center">
                    <span style="font-size: 10pt; color: #ffff99; font-family: Arial"><strong>
                        <asp:Image ID="Image1" runat="server" ImageUrl="~/Images/logo.gif" /></strong></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                    <span style="font-size: 10pt"><span style="font-family: Arial"><strong><span style="color: #ffff33">
                        </span></strong><strong><span style="color: #ffffff"> Domain Control Panel</span></strong></span></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                </td>
            </tr>
            <tr>
                <td style="width: 299px; text-align: center" rowspan="3">
        <asp:Button ID="Button1" onclientclick="window.location.href='Disableuser.aspx';return false;" runat="server" Text="Disable/Enable Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button3" onclientclick="window.location.href='Rechargeuser.aspx';return false;" runat="server" Text="Recharge Users" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
                <td colspan="2" style="width: 300px; text-align: center" rowspan="3">
        <asp:Button ID="Button2" onclientclick="window.location.href='createuser.aspx';return false;" runat="server" Text="Create/Delete Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button7" onclientclick="window.location.href='Resetuser.aspx';return false;" runat="server" Text="Reset Users Password" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
            </tr>
            <tr>
            </tr>
            <tr>
            </tr>
            <tr>
                <td colspan="3">
                    <span style="font-size: 7pt; color: #ffffff; font-family: Arial">Domain Control Panel
                        - v1.1 Created By Dion Parsons</span></td>
            </tr>
        </table>
        <span style="font-size: 10pt; font-family: Arial"> </span>
   
    </div>
    </form>
</body>
</html>


--default.aspx.vb--


Partial Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Response.Write(HttpContext.Current.User.Identity.Name)
    End Sub
End Class


--web.config---

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
            <add name="ADConnectionString" connectionString="LDAP://test1.local"/>
      </connectionStrings>
  <!--<location path="Admin">
  </location>-->
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="true">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
      <allow roles="test1/administrators"/>
     <deny users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="test1\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
  </system.web>
</configuration>

Please Help!
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17899965
It sounds like it's authenticating, redirecting and then forgetting it. I've not come across this behavior before. I've also never used AD in this way. Try setting up a new 2 page app (login and a secure page) and see if you can get it working with a basic setup. Then increase the bits and see where it breaks.

0
 
LVL 11

Expert Comment

by:ethoths
ID: 17914174
Did you actually get a resiolution on this. If so post your answer for iothers to see.
0
 

Author Comment

by:dion_p1
ID: 17914236
That was it it was a domain error
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question