Solved

Specific Group Authenticate

Posted on 2006-11-01
22
421 Views
Last Modified: 2008-01-16
How do i only allow specific a specific group authentication?

See below web.config file

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
    <add name="ADConnectionString" connectionString="LDAP://williamstownhs.vic.edu.au"/>
  </connectionStrings>
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="false">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
                  <deny users="?"/>
                  <allow users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
            <!--
            The <customErrors> section enables configuration
            of what to do if/when an unhandled error occurs
            during the execution of a request. Specifically,
            it enables developers to configure html error pages
            to be displayed in place of a error stack trace.

        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm" />
            <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
        -->
      </system.web>
</configuration>
0
Comment
Question by:dion_p1
  • 10
  • 10
  • 2
22 Comments
 
LVL 11

Expert Comment

by:ethoths
ID: 17856760
<allow groups="specific group"/>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17856769
Sorry that should have been...

<allow roles="specific group"/>
0
 

Author Comment

by:dion_p1
ID: 17857075
I changed it at this point it doesn't work...

<authorization>
                  <deny users="?"/>
                  <allow users="*"/>
      <allow roles="administrators"/>
            </authorization>

any ideas?
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17857136
If you want to only allow members of the administators group then you need this...

<authorization>
    <allow roles="MachineName/administrators" />
    <deny users="*"/>
</authorization>

You may or may not need the machineName part.

Don't forget the <authentication mode="Windows" />



0
 

Author Comment

by:dion_p1
ID: 17857265
No tried that to....

            <authorization>
                  <deny users="?"/>
                        <allow roles="williamstownhs/administrators"/>
            </authorization>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17857271
What configuration have you set in IIS? This must be left to the defaults to work properly.
0
 

Author Comment

by:dion_p1
ID: 17857381
im not using iis i am using visual studio 2005 express, and running in debugging mode preview.
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17857626
sorry try the slash after the mashine name the other way...

          <authorization>
               <deny users="?"/>
                    <allow roles="williamstownhs\administrators" />
          </authorization>
0
 

Author Comment

by:dion_p1
ID: 17861378
i get this error message

Line 38:             <membership defaultProvider="MyADMembershipProvider">
Line 39:                   <providers>
Line 40:                         <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="williamstownhs\administrator" connectionPassword="PASSWORDHERE"/>
Line 41:                   </providers>
Line 42:             </membership>
0
 
LVL 96

Expert Comment

by:Bob Learned
ID: 17866349
I don't see any error there.

Bob
0
 

Author Comment

by:dion_p1
ID: 17866504
Here is my webiste please check it out and try to explain where i am going wrong....

http://www.willihigh.vic.edu.au/home/tc/WebSite1.zip
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 96

Expert Comment

by:Bob Learned
ID: 17868807
I also don't have time to run it, so what exception are you getting?

Bob
0
 

Author Comment

by:dion_p1
ID: 17896156
Well my issue still exist, it autheticates any user rather than just the administators

Tried the following

          <authorization>
               <deny users="?"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="?"/>
                    <allow roles="administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DOMAINNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="DCNAME\administrators" />
          </authorization>

          <authorization>
               <deny users="*"/>
                    <allow roles="administrators" />
          </authorization>
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17896558
Ok give this a try. I assuume you only want members of the administrators group in?


<authorization>
  <deny users="*"/>
  <allow roles="DOMAINNAME\administrators" />
  <deny roles="* />
</authorization>
0
 

Author Comment

by:dion_p1
ID: 17896904
i Get this Error

Server Error in '/WebSite1' Application.
--------------------------------------------------------------------------------

Configuration Error
Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

Parser Error Message: Authorization rule names cannot contain the '*' character.

Source Error:


Line 37:       <deny users="*"/>
Line 38:       <allow roles="test1/administrators"/>
Line 39:       <deny roles="*"/>
Line 40:             </authorization>
Line 41:             <membership defaultProvider="MyADMembershipProvider">
 

Source File: C:\Documents and Settings\Dion Parsons\My Documents\Visual Studio 2005\WebSites\WebSite1\web.config    Line: 39
0
 
LVL 11

Accepted Solution

by:
ethoths earned 500 total points
ID: 17897028
Last shot...

<authorization>
  <allow roles="DOMAINNAME\administrators" />
  <deny users="*"/>
</authorization>
0
 

Author Comment

by:dion_p1
ID: 17897056
I think we may be close.

When i type an incorrect pasword it tells me incorrect password
When i type a correct password in it returns Logon.aspx
When i try to manually go to default.aspx after typing in a correct username and password it still bounces me back to Logon.aspx



0
 
LVL 11

Expert Comment

by:ethoths
ID: 17897429
what's in your default.aspx page? (or inherited base page if you have one)
Can you go to any other page ?

0
 

Author Comment

by:dion_p1
ID: 17897566
I cant go to any other page it bounces me back to Logon.aspx...

--Default.aspx---

<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Default.aspx.vb" Inherits="_Default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
    <title>Users Control Panel</title>
</head>
<body>
    <form id="form1" runat="server">
    <div style="text-align: center">
        <span style="font-family: Arial"><span style="font-size: 10pt"></span>
        </span>
        <table bgcolor="#1f569b" style="text-align: center; width: 350px; height: 350px;">
            <tr>
                <td colspan="3" style="height: 80px; text-align: center">
                    <span style="font-size: 10pt; color: #ffff99; font-family: Arial"><strong>
                        <asp:Image ID="Image1" runat="server" ImageUrl="~/Images/logo.gif" /></strong></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                    <span style="font-size: 10pt"><span style="font-family: Arial"><strong><span style="color: #ffff33">
                        </span></strong><strong><span style="color: #ffffff"> Domain Control Panel</span></strong></span></span></td>
            </tr>
            <tr>
                <td colspan="3" style="text-align: center">
                </td>
            </tr>
            <tr>
                <td style="width: 299px; text-align: center" rowspan="3">
        <asp:Button ID="Button1" onclientclick="window.location.href='Disableuser.aspx';return false;" runat="server" Text="Disable/Enable Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button3" onclientclick="window.location.href='Rechargeuser.aspx';return false;" runat="server" Text="Recharge Users" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
                <td colspan="2" style="width: 300px; text-align: center" rowspan="3">
        <asp:Button ID="Button2" onclientclick="window.location.href='createuser.aspx';return false;" runat="server" Text="Create/Delete Users" Width="160px" Font-Names="Arial" Font-Size="10pt" />
                    <asp:Button ID="Button7" onclientclick="window.location.href='Resetuser.aspx';return false;" runat="server" Text="Reset Users Password" Width="160px" Font-Names="Arial" Font-Size="10pt" /></td>
            </tr>
            <tr>
            </tr>
            <tr>
            </tr>
            <tr>
                <td colspan="3">
                    <span style="font-size: 7pt; color: #ffffff; font-family: Arial">Domain Control Panel
                        - v1.1 Created By Dion Parsons</span></td>
            </tr>
        </table>
        <span style="font-size: 10pt; font-family: Arial"> </span>
   
    </div>
    </form>
</body>
</html>


--default.aspx.vb--


Partial Class _Default
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Response.Write(HttpContext.Current.User.Identity.Name)
    End Sub
End Class


--web.config---

<?xml version="1.0"?>
<!--
    Note: As an alternative to hand editing this file you can use the
    web admin tool to configure settings for your application. Use
    the Website->Asp.Net Configuration option in Visual Studio.
    A full list of settings and comments can be found in
    machine.config.comments usually located in
    \Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
      <appSettings/>
      <connectionStrings>
            <add name="ADConnectionString" connectionString="LDAP://test1.local"/>
      </connectionStrings>
  <!--<location path="Admin">
  </location>-->
      <system.web>
            <!--
            Set compilation debug="true" to insert debugging
            symbols into the compiled page. Because this
            affects performance, set this value to true only
            during development.
        -->
            <compilation debug="true">
                  <assemblies>
                        <add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
                        <add assembly="System.DirectoryServices.Protocols, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
            <!--
            The <authentication> section enables configuration
            of the security authentication mode used by
            ASP.NET to identify an incoming user.
        -->
            <authentication mode="Forms">
                  <forms name=".ADAuthCookie" timeout="10"/>
            </authentication>
            <authorization>
      <allow roles="test1/administrators"/>
     <deny users="*"/>
            </authorization>
            <membership defaultProvider="MyADMembershipProvider">
                  <providers>
                        <add attributeMapUsername="sAMAccountName" name="MyADMembershipProvider" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, &#xA;             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ADConnectionString" connectionUsername="test1\administrator" connectionPassword="PASSWORDHERE"/>
                  </providers>
            </membership>
  </system.web>
</configuration>

Please Help!
0
 
LVL 11

Expert Comment

by:ethoths
ID: 17899965
It sounds like it's authenticating, redirecting and then forgetting it. I've not come across this behavior before. I've also never used AD in this way. Try setting up a new 2 page app (login and a secure page) and see if you can get it working with a basic setup. Then increase the bits and see where it breaks.

0
 
LVL 11

Expert Comment

by:ethoths
ID: 17914174
Did you actually get a resiolution on this. If so post your answer for iothers to see.
0
 

Author Comment

by:dion_p1
ID: 17914236
That was it it was a domain error
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
A quick way to get a menu to work on our website, is using the Menu control and assign it to a web.sitemap using SiteMapDataSource. Example of web.sitemap file: (CODE) Sample code to add to the page menu: (CODE) Running the application, we wi…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now