• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 460
  • Last Modified:

Specific Group Authenticate

How do i only allow specific a specific group authentication?

See below web.config file

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://williamstownhs.vic.edu.au"/>
  </connectionStrings>
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="false">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
                  <deny users="?"/>
                  <allow users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
            <!--
            The <customErrors> section enables configuration
            of what to do if/when an unhandled error occurs
            during the execution of a request. Specifically,
            it enables developers to configure html error pages
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
      </system.web>
</configuration>
0
dion_p1
Asked:
dion_p1
  • 10
  • 10
  • 2
1 Solution
 
ethothsCommented:
<allow groups="specific group"/>
0
 
ethothsCommented:
Sorry that should have been...

<allow roles="specific group"/>
0
 
dion_p1Author Commented:
I changed it at this point it doesn't work...

<authorization>
                  <deny users="?"/>
                  <allow users="*"/>
      <allow roles="administrators"/>
            </authorization>

any ideas?
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
ethothsCommented:
If you want to only allow members of the administators group then you need this...

<authorization>
    <allow roles="MachineName/administrators" />
    <deny users="*"/>
</authorization>

You may or may not need the machineName part.

Don't forget the <authentication mode="Windows" />



0
 
dion_p1Author Commented:
No tried that to....

            <authorization>
                  <deny users="?"/>
                        <allow roles="williamstownhs/administrators"/>
            </authorization>
0
 
ethothsCommented:
What configuration have you set in IIS? This must be left to the defaults to work properly.
0
 
dion_p1Author Commented:
im not using iis i am using visual studio 2005 express, and running in debugging mode preview.
0
 
ethothsCommented:
sorry try the slash after the mashine name the other way...

          <authorization>
               <deny users="?"/>
                    <allow roles="williamstownhs\administrators" />
          </authorization>
0
 
dion_p1Author Commented:
i get this error message

Line 38:             <membership defaultProvider="MyADMembershipProvider">
Line 39:                   <providers>
Line 40:                         <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
Line 41:                   </providers>
Line 42:             </membership>
0
 
Bob LearnedCommented:
I don't see any error there.

Bob
0
 
dion_p1Author Commented:
Here is my webiste please check it out and try to explain where i am going wrong....

http://www.willihigh.vic.edu.au/home/tc/WebSite1.zip
0
 
Bob LearnedCommented:
I also don't have time to run it, so what exception are you getting?

Bob
0
 
dion_p1Author Commented:
Well my issue still exist, it autheticates any user rather than just the administators

Tried the following

          <authorization>
               <deny users="?"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="administrators" />
          </authorization>
0
 
ethothsCommented:
Ok give this a try. I assuume you only want members of the administrators group in?


<authorization>
  <deny users="*"/>
  <allow roles="DOMAINNAME\administrators" />
  <deny roles="* />
</authorization>
0
 
dion_p1Author Commented:
i Get this Error

Server Error in '/WebSite1' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Authorization rule names cannot contain the '*' character.

Source Error:


Line 37:       <deny users="*"/>
Line 38:       <allow roles="test1/administrators"/>
Line 39:       <deny roles="*"/>
Line 40:             </authorization>
Line 41:             <membership defaultProvider="MyADMembershipProvider">
 

Source File: C:\Documents and Settings\Dion Parsons\My Documents\Visual Studio 2005\WebSites\WebSite1\web.config    Line: 39
0
 
ethothsCommented:
Last shot...

<authorization>
  <allow roles="DOMAINNAME\administrators" />
  <deny users="*"/>
</authorization>
0
 
dion_p1Author Commented:
I think we may be close.

When i type an incorrect pasword it tells me incorrect password
When i type a correct password in it returns Logon.aspx
When i try to manually go to default.aspx after typing in a correct username and password it still bounces me back to Logon.aspx



0
 
ethothsCommented:
what's in your default.aspx page? (or inherited base page if you have one)
Can you go to any other page ?

0
 
dion_p1Author Commented:
I cant go to any other page it bounces me back to Logon.aspx...

--Default.aspx---

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Users Control Panel</title>
</head>
<body>
    <form id="form1" runat="server">
    <div style="text-align: center">
        <span style="font-family: Arial"><span style="font-size: 10pt"></span>
        </span>
        <table bgcolor="#1f569b" style="text-align: center; width: 350px; height: 350px;">
            <tr>
                <td colspan="3" style="height: 80px; text-align: center">
                    <span style="font-size: 10pt; color: #ffff99; font-family: Arial"><strong>
                        <asp:Image ID="Image1" runat="server" ImageUrl="~/Images/logo.gif" /></strong></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                    <span style="font-size: 10pt"><span style="font-family: Arial"><strong><span style="color: #ffff33">
                        </span></strong><strong><span style="color: #ffffff"> Domain Control Panel</span></strong></span></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                </td>
            </tr>
            <tr>
                <td style="width: 299px; text-align: center" rowspan="3">
        <asp:Button ID="Button1" onclientclick="window.location.href='Disableuser.aspx';return false;" runat="server" Text="Disable/Enable Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button3" onclientclick="window.location.href='Rechargeuser.aspx';return false;" runat="server" Text="Recharge Users" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
                <td colspan="2" style="width: 300px; text-align: center" rowspan="3">
        <asp:Button ID="Button2" onclientclick="window.location.href='createuser.aspx';return false;" runat="server" Text="Create/Delete Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button7" onclientclick="window.location.href='Resetuser.aspx';return false;" runat="server" Text="Reset Users Password" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
            </tr>
            <tr>
            </tr>
            <tr>
            </tr>
            <tr>
                <td colspan="3">
                    <span style="font-size: 7pt; color: #ffffff; font-family: Arial">Domain Control Panel
                        - v1.1 Created By Dion Parsons</span></td>
            </tr>
        </table>
        <span style="font-size: 10pt; font-family: Arial"> </span>
   
    </div>
    </form>
</body>
</html>


--default.aspx.vb--


Partial Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Response.Write(HttpContext.Current.User.Identity.Name)
    End Sub
End Class


--web.config---

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
            <add name="ADConnectionString" connectionString="LDAP://test1.local"/>
      </connectionStrings>
  <!--<location path="Admin">
  </location>-->
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="true">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
      <allow roles="test1/administrators"/>
     <deny users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="test1\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
  </system.web>
</configuration>

Please Help!
0
 
ethothsCommented:
It sounds like it's authenticating, redirecting and then forgetting it. I've not come across this behavior before. I've also never used AD in this way. Try setting up a new 2 page app (login and a secure page) and see if you can get it working with a basic setup. Then increase the bits and see where it breaks.

0
 
ethothsCommented:
Did you actually get a resiolution on this. If so post your answer for iothers to see.
0
 
dion_p1Author Commented:
That was it it was a domain error
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 10
  • 10
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now