Solved

Specific Group Authenticate

Posted on 2006-11-01
22
436 Views
Last Modified: 2008-01-16
How do i only allow specific a specific group authentication?

See below web.config file

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://williamstownhs.vic.edu.au"/>
  </connectionStrings>
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="false">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
                  <deny users="?"/>
                  <allow users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
            <!--
            The <customErrors> section enables configuration
            of what to do if/when an unhandled error occurs
            during the execution of a request. Specifically,
            it enables developers to configure html error pages
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
      </system.web>
</configuration>
0
Comment
Question by:dion_p1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 10
  • 2
22 Comments
 
LVL 11

Expert Comment

by:ethoths
ID: 17856760
<allow groups="specific group"/>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17856769
Sorry that should have been...

<allow roles="specific group"/>
0
 

Author Comment

by:dion_p1
ID: 17857075
I changed it at this point it doesn't work...

<authorization>
                  <deny users="?"/>
                  <allow users="*"/>
      <allow roles="administrators"/>
            </authorization>

any ideas?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Expert Comment

by:ethoths
ID: 17857136
If you want to only allow members of the administators group then you need this...

<authorization>
    <allow roles="MachineName/administrators" />
    <deny users="*"/>
</authorization>

You may or may not need the machineName part.

Don't forget the <authentication mode="Windows" />



0
 

Author Comment

by:dion_p1
ID: 17857265
No tried that to....

            <authorization>
                  <deny users="?"/>
                        <allow roles="williamstownhs/administrators"/>
            </authorization>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17857271
What configuration have you set in IIS? This must be left to the defaults to work properly.
0
 

Author Comment

by:dion_p1
ID: 17857381
im not using iis i am using visual studio 2005 express, and running in debugging mode preview.
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17857626
sorry try the slash after the mashine name the other way...

          <authorization>
               <deny users="?"/>
                    <allow roles="williamstownhs\administrators" />
          </authorization>
0
 

Author Comment

by:dion_p1
ID: 17861378
i get this error message

Line 38:             <membership defaultProvider="MyADMembershipProvider">
Line 39:                   <providers>
Line 40:                         <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
Line 41:                   </providers>
Line 42:             </membership>
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17866349
I don't see any error there.

Bob
0
 

Author Comment

by:dion_p1
ID: 17866504
Here is my webiste please check it out and try to explain where i am going wrong....

http://www.willihigh.vic.edu.au/home/tc/WebSite1.zip
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17868807
I also don't have time to run it, so what exception are you getting?

Bob
0
 

Author Comment

by:dion_p1
ID: 17896156
Well my issue still exist, it autheticates any user rather than just the administators

Tried the following

          <authorization>
               <deny users="?"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="administrators" />
          </authorization>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17896558
Ok give this a try. I assuume you only want members of the administrators group in?


<authorization>
  <deny users="*"/>
  <allow roles="DOMAINNAME\administrators" />
  <deny roles="* />
</authorization>
0
 

Author Comment

by:dion_p1
ID: 17896904
i Get this Error

Server Error in '/WebSite1' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Authorization rule names cannot contain the '*' character.

Source Error:


Line 37:       <deny users="*"/>
Line 38:       <allow roles="test1/administrators"/>
Line 39:       <deny roles="*"/>
Line 40:             </authorization>
Line 41:             <membership defaultProvider="MyADMembershipProvider">
 

Source File: C:\Documents and Settings\Dion Parsons\My Documents\Visual Studio 2005\WebSites\WebSite1\web.config    Line: 39
0
 
LVL 11

Accepted Solution

by:
ethoths earned 500 total points
ID: 17897028
Last shot...

<authorization>
  <allow roles="DOMAINNAME\administrators" />
  <deny users="*"/>
</authorization>
0
 

Author Comment

by:dion_p1
ID: 17897056
I think we may be close.

When i type an incorrect pasword it tells me incorrect password
When i type a correct password in it returns Logon.aspx
When i try to manually go to default.aspx after typing in a correct username and password it still bounces me back to Logon.aspx



0
 
LVL 11

Expert Comment

by:ethoths
ID: 17897429
what's in your default.aspx page? (or inherited base page if you have one)
Can you go to any other page ?

0
 

Author Comment

by:dion_p1
ID: 17897566
I cant go to any other page it bounces me back to Logon.aspx...

--Default.aspx---

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Users Control Panel</title>
</head>
<body>
    <form id="form1" runat="server">
    <div style="text-align: center">
        <span style="font-family: Arial"><span style="font-size: 10pt"></span>
        </span>
        <table bgcolor="#1f569b" style="text-align: center; width: 350px; height: 350px;">
            <tr>
                <td colspan="3" style="height: 80px; text-align: center">
                    <span style="font-size: 10pt; color: #ffff99; font-family: Arial"><strong>
                        <asp:Image ID="Image1" runat="server" ImageUrl="~/Images/logo.gif" /></strong></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                    <span style="font-size: 10pt"><span style="font-family: Arial"><strong><span style="color: #ffff33">
                        </span></strong><strong><span style="color: #ffffff"> Domain Control Panel</span></strong></span></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                </td>
            </tr>
            <tr>
                <td style="width: 299px; text-align: center" rowspan="3">
        <asp:Button ID="Button1" onclientclick="window.location.href='Disableuser.aspx';return false;" runat="server" Text="Disable/Enable Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button3" onclientclick="window.location.href='Rechargeuser.aspx';return false;" runat="server" Text="Recharge Users" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
                <td colspan="2" style="width: 300px; text-align: center" rowspan="3">
        <asp:Button ID="Button2" onclientclick="window.location.href='createuser.aspx';return false;" runat="server" Text="Create/Delete Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button7" onclientclick="window.location.href='Resetuser.aspx';return false;" runat="server" Text="Reset Users Password" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
            </tr>
            <tr>
            </tr>
            <tr>
            </tr>
            <tr>
                <td colspan="3">
                    <span style="font-size: 7pt; color: #ffffff; font-family: Arial">Domain Control Panel
                        - v1.1 Created By Dion Parsons</span></td>
            </tr>
        </table>
        <span style="font-size: 10pt; font-family: Arial"> </span>
   
    </div>
    </form>
</body>
</html>


--default.aspx.vb--


Partial Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Response.Write(HttpContext.Current.User.Identity.Name)
    End Sub
End Class


--web.config---

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
            <add name="ADConnectionString" connectionString="LDAP://test1.local"/>
      </connectionStrings>
  <!--<location path="Admin">
  </location>-->
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="true">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
      <allow roles="test1/administrators"/>
     <deny users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="test1\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
  </system.web>
</configuration>

Please Help!
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17899965
It sounds like it's authenticating, redirecting and then forgetting it. I've not come across this behavior before. I've also never used AD in this way. Try setting up a new 2 page app (login and a secure page) and see if you can get it working with a basic setup. Then increase the bits and see where it breaks.

0
 
LVL 11

Expert Comment

by:ethoths
ID: 17914174
Did you actually get a resiolution on this. If so post your answer for iothers to see.
0
 

Author Comment

by:dion_p1
ID: 17914236
That was it it was a domain error
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question