• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 198
  • Last Modified:

web config Authorisation

Hi,

I have created roles in sqlserver by using AspNetSqlMembershipProvider and
AspNetSqlRoleProvider providers , now i my application structure contains admin folder

and User folder, now in my .cs file when i have written the following code

   if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

  it is working fine...

now i have commented the above code

//if (Roles.IsUserInRole("jangaon", "AndhraPradesh"))
            //Server.Transfer("bb.aspx");


and given in web.config as follows

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


where my bb.aspx file is present in admin folder , and i am denying abc user but it allowing that user, and my web.config file contains as follows



<authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
    </authentication>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
             enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
             applicationName="/" />
      </providers>
    </membership>

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
    </roleManager>
   
  </system.web>

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


Can you please say me what is the mistake  I have done.
0
praveen1981
Asked:
praveen1981
  • 2
1 Solution
 
Jared_SCommented:
This snippet makes me think that abc is a role:

  if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

But this is denying the abc as a user:

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

That may be the source of your trouble.
0
 
praveen1981Author Commented:
Hi

here Roles.IsUserInRole("abc", "AndhraPradesh")

abc is user and AndhraPradesh is role for that user..
0
 
Jitendra PatilSr.Software EngineerCommented:
Please try this way.

To allow access to particular user only and deny everyone else
      Say you want to give access to user "John" to a particular page e.g. userpersonal.aspx and deny all others the location tag above should look like below:
 
<location path="userpersonal.aspx">
<system.web>
<authorization>
<allow users="John"/> // allow John ..note: you can have multiple users seperated by comma e.g. John,Mary,etc
<deny users="*"/>  // deny others
</authorization>
</system.web>
</location>
 
Allow only users in particular Role
 
Here We will see now what needs to be done in web.config to configure authorization for a particular role. e.g You have two roles. Customer and Admin and two folders CustomerFolder and AdminFolder. Users in Admin role can access both folders. Users in Customers role can access only CustomerFolder and not AdminFolder. You will have to add location tags for each folder path as shown below:
 
<location path="AdminFolder">
 
<system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
<location path="CustomerFolder">
 
<system.web>
<authorization>
<allow roles="Admin, Customers"/> //Allow users in Admin and Customers roles
<deny users="*"/> // Deny rest of all
</authorization>
</system.web>
</location>

hope this helps.
0
 
praveen1981Author Commented:
Thanks.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now