Solved

web config Authorisation

Posted on 2013-02-06
4
186 Views
Last Modified: 2013-03-07
Hi,

I have created roles in sqlserver by using AspNetSqlMembershipProvider and
AspNetSqlRoleProvider providers , now i my application structure contains admin folder

and User folder, now in my .cs file when i have written the following code

   if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

  it is working fine...

now i have commented the above code

//if (Roles.IsUserInRole("jangaon", "AndhraPradesh"))
            //Server.Transfer("bb.aspx");


and given in web.config as follows

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


where my bb.aspx file is present in admin folder , and i am denying abc user but it allowing that user, and my web.config file contains as follows



<authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
    </authentication>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
             enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
             applicationName="/" />
      </providers>
    </membership>

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
    </roleManager>
   
  </system.web>

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


Can you please say me what is the mistake  I have done.
0
Comment
Question by:praveen1981
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Expert Comment

by:Jared_S
ID: 38859591
This snippet makes me think that abc is a role:

  if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

But this is denying the abc as a user:

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

That may be the source of your trouble.
0
 

Author Comment

by:praveen1981
ID: 38859724
Hi

here Roles.IsUserInRole("abc", "AndhraPradesh")

abc is user and AndhraPradesh is role for that user..
0
 
LVL 12

Accepted Solution

by:
jitendra patil earned 500 total points
ID: 38863458
Please try this way.

To allow access to particular user only and deny everyone else
      Say you want to give access to user "John" to a particular page e.g. userpersonal.aspx and deny all others the location tag above should look like below:
 
<location path="userpersonal.aspx">
<system.web>
<authorization>
<allow users="John"/> // allow John ..note: you can have multiple users seperated by comma e.g. John,Mary,etc
<deny users="*"/>  // deny others
</authorization>
</system.web>
</location>
 
Allow only users in particular Role
 
Here We will see now what needs to be done in web.config to configure authorization for a particular role. e.g You have two roles. Customer and Admin and two folders CustomerFolder and AdminFolder. Users in Admin role can access both folders. Users in Customers role can access only CustomerFolder and not AdminFolder. You will have to add location tags for each folder path as shown below:
 
<location path="AdminFolder">
 
<system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
<location path="CustomerFolder">
 
<system.web>
<authorization>
<allow roles="Admin, Customers"/> //Allow users in Admin and Customers roles
<deny users="*"/> // Deny rest of all
</authorization>
</system.web>
</location>

hope this helps.
0
 

Author Closing Comment

by:praveen1981
ID: 38964827
Thanks.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question