Solved

Specific Group Authenticate

Posted on 2006-11-01
22
434 Views
Last Modified: 2008-01-16
How do i only allow specific a specific group authentication?

See below web.config file

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://williamstownhs.vic.edu.au"/>
  </connectionStrings>
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="false">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
                  <deny users="?"/>
                  <allow users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
            <!--
            The <customErrors> section enables configuration
            of what to do if/when an unhandled error occurs
            during the execution of a request. Specifically,
            it enables developers to configure html error pages
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
      </system.web>
</configuration>
0
Comment
Question by:dion_p1
  • 10
  • 10
  • 2
22 Comments
 
LVL 11

Expert Comment

by:ethoths
ID: 17856760
<allow groups="specific group"/>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17856769
Sorry that should have been...

<allow roles="specific group"/>
0
 

Author Comment

by:dion_p1
ID: 17857075
I changed it at this point it doesn't work...

<authorization>
                  <deny users="?"/>
                  <allow users="*"/>
      <allow roles="administrators"/>
            </authorization>

any ideas?
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 11

Expert Comment

by:ethoths
ID: 17857136
If you want to only allow members of the administators group then you need this...

<authorization>
    <allow roles="MachineName/administrators" />
    <deny users="*"/>
</authorization>

You may or may not need the machineName part.

Don't forget the <authentication mode="Windows" />



0
 

Author Comment

by:dion_p1
ID: 17857265
No tried that to....

            <authorization>
                  <deny users="?"/>
                        <allow roles="williamstownhs/administrators"/>
            </authorization>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17857271
What configuration have you set in IIS? This must be left to the defaults to work properly.
0
 

Author Comment

by:dion_p1
ID: 17857381
im not using iis i am using visual studio 2005 express, and running in debugging mode preview.
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17857626
sorry try the slash after the mashine name the other way...

          <authorization>
               <deny users="?"/>
                    <allow roles="williamstownhs\administrators" />
          </authorization>
0
 

Author Comment

by:dion_p1
ID: 17861378
i get this error message

Line 38:             <membership defaultProvider="MyADMembershipProvider">
Line 39:                   <providers>
Line 40:                         <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
Line 41:                   </providers>
Line 42:             </membership>
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17866349
I don't see any error there.

Bob
0
 

Author Comment

by:dion_p1
ID: 17866504
Here is my webiste please check it out and try to explain where i am going wrong....

http://www.willihigh.vic.edu.au/home/tc/WebSite1.zip
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17868807
I also don't have time to run it, so what exception are you getting?

Bob
0
 

Author Comment

by:dion_p1
ID: 17896156
Well my issue still exist, it autheticates any user rather than just the administators

Tried the following

          <authorization>
               <deny users="?"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="administrators" />
          </authorization>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17896558
Ok give this a try. I assuume you only want members of the administrators group in?


<authorization>
  <deny users="*"/>
  <allow roles="DOMAINNAME\administrators" />
  <deny roles="* />
</authorization>
0
 

Author Comment

by:dion_p1
ID: 17896904
i Get this Error

Server Error in '/WebSite1' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Authorization rule names cannot contain the '*' character.

Source Error:


Line 37:       <deny users="*"/>
Line 38:       <allow roles="test1/administrators"/>
Line 39:       <deny roles="*"/>
Line 40:             </authorization>
Line 41:             <membership defaultProvider="MyADMembershipProvider">
 

Source File: C:\Documents and Settings\Dion Parsons\My Documents\Visual Studio 2005\WebSites\WebSite1\web.config    Line: 39
0
 
LVL 11

Accepted Solution

by:
ethoths earned 500 total points
ID: 17897028
Last shot...

<authorization>
  <allow roles="DOMAINNAME\administrators" />
  <deny users="*"/>
</authorization>
0
 

Author Comment

by:dion_p1
ID: 17897056
I think we may be close.

When i type an incorrect pasword it tells me incorrect password
When i type a correct password in it returns Logon.aspx
When i try to manually go to default.aspx after typing in a correct username and password it still bounces me back to Logon.aspx



0
 
LVL 11

Expert Comment

by:ethoths
ID: 17897429
what's in your default.aspx page? (or inherited base page if you have one)
Can you go to any other page ?

0
 

Author Comment

by:dion_p1
ID: 17897566
I cant go to any other page it bounces me back to Logon.aspx...

--Default.aspx---

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Users Control Panel</title>
</head>
<body>
    <form id="form1" runat="server">
    <div style="text-align: center">
        <span style="font-family: Arial"><span style="font-size: 10pt"></span>
        </span>
        <table bgcolor="#1f569b" style="text-align: center; width: 350px; height: 350px;">
            <tr>
                <td colspan="3" style="height: 80px; text-align: center">
                    <span style="font-size: 10pt; color: #ffff99; font-family: Arial"><strong>
                        <asp:Image ID="Image1" runat="server" ImageUrl="~/Images/logo.gif" /></strong></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                    <span style="font-size: 10pt"><span style="font-family: Arial"><strong><span style="color: #ffff33">
                        </span></strong><strong><span style="color: #ffffff"> Domain Control Panel</span></strong></span></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                </td>
            </tr>
            <tr>
                <td style="width: 299px; text-align: center" rowspan="3">
        <asp:Button ID="Button1" onclientclick="window.location.href='Disableuser.aspx';return false;" runat="server" Text="Disable/Enable Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button3" onclientclick="window.location.href='Rechargeuser.aspx';return false;" runat="server" Text="Recharge Users" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
                <td colspan="2" style="width: 300px; text-align: center" rowspan="3">
        <asp:Button ID="Button2" onclientclick="window.location.href='createuser.aspx';return false;" runat="server" Text="Create/Delete Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button7" onclientclick="window.location.href='Resetuser.aspx';return false;" runat="server" Text="Reset Users Password" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
            </tr>
            <tr>
            </tr>
            <tr>
            </tr>
            <tr>
                <td colspan="3">
                    <span style="font-size: 7pt; color: #ffffff; font-family: Arial">Domain Control Panel
                        - v1.1 Created By Dion Parsons</span></td>
            </tr>
        </table>
        <span style="font-size: 10pt; font-family: Arial"> </span>
   
    </div>
    </form>
</body>
</html>


--default.aspx.vb--


Partial Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Response.Write(HttpContext.Current.User.Identity.Name)
    End Sub
End Class


--web.config---

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
            <add name="ADConnectionString" connectionString="LDAP://test1.local"/>
      </connectionStrings>
  <!--<location path="Admin">
  </location>-->
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="true">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
      <allow roles="test1/administrators"/>
     <deny users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="test1\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
  </system.web>
</configuration>

Please Help!
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17899965
It sounds like it's authenticating, redirecting and then forgetting it. I've not come across this behavior before. I've also never used AD in this way. Try setting up a new 2 page app (login and a secure page) and see if you can get it working with a basic setup. Then increase the bits and see where it breaks.

0
 
LVL 11

Expert Comment

by:ethoths
ID: 17914174
Did you actually get a resiolution on this. If so post your answer for iothers to see.
0
 

Author Comment

by:dion_p1
ID: 17914236
That was it it was a domain error
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses the ASP.NET AJAX ModalPopupExtender control. In this article we will show how to use the ModalPopupExtender control, how to display/show/call the ASP.NET AJAX ModalPopupExtender control from javascript, how to show/display/cal…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question