Solved

web config Authorisation

Posted on 2013-02-06
4
187 Views
Last Modified: 2013-03-07
Hi,

I have created roles in sqlserver by using AspNetSqlMembershipProvider and
AspNetSqlRoleProvider providers , now i my application structure contains admin folder

and User folder, now in my .cs file when i have written the following code

   if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

  it is working fine...

now i have commented the above code

//if (Roles.IsUserInRole("jangaon", "AndhraPradesh"))
            //Server.Transfer("bb.aspx");


and given in web.config as follows

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


where my bb.aspx file is present in admin folder , and i am denying abc user but it allowing that user, and my web.config file contains as follows



<authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
    </authentication>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
             enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
             applicationName="/" />
      </providers>
    </membership>

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
    </roleManager>
   
  </system.web>

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


Can you please say me what is the mistake  I have done.
0
Comment
Question by:praveen1981
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Expert Comment

by:Jared_S
ID: 38859591
This snippet makes me think that abc is a role:

  if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

But this is denying the abc as a user:

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

That may be the source of your trouble.
0
 

Author Comment

by:praveen1981
ID: 38859724
Hi

here Roles.IsUserInRole("abc", "AndhraPradesh")

abc is user and AndhraPradesh is role for that user..
0
 
LVL 12

Accepted Solution

by:
jitendra patil earned 500 total points
ID: 38863458
Please try this way.

To allow access to particular user only and deny everyone else
      Say you want to give access to user "John" to a particular page e.g. userpersonal.aspx and deny all others the location tag above should look like below:
 
<location path="userpersonal.aspx">
<system.web>
<authorization>
<allow users="John"/> // allow John ..note: you can have multiple users seperated by comma e.g. John,Mary,etc
<deny users="*"/>  // deny others
</authorization>
</system.web>
</location>
 
Allow only users in particular Role
 
Here We will see now what needs to be done in web.config to configure authorization for a particular role. e.g You have two roles. Customer and Admin and two folders CustomerFolder and AdminFolder. Users in Admin role can access both folders. Users in Customers role can access only CustomerFolder and not AdminFolder. You will have to add location tags for each folder path as shown below:
 
<location path="AdminFolder">
 
<system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
<location path="CustomerFolder">
 
<system.web>
<authorization>
<allow roles="Admin, Customers"/> //Allow users in Admin and Customers roles
<deny users="*"/> // Deny rest of all
</authorization>
</system.web>
</location>

hope this helps.
0
 

Author Closing Comment

by:praveen1981
ID: 38964827
Thanks.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a IIS 8 Web Server to send and receive XML files 7 125
asp.net open new page without popup blocker 8 57
asp.net mvc , views, hidden values ? 2 27
CSS question 16 63
One of the pain points with developing AJAX, JavaScript, JQuery, and other client-side behaviors is that JavaScript doesn’t allow for cross domain request for pulling content. For example, JavaScript code on www.johnchapman.name could not pull conte…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question