Solved

web config Authorisation

Posted on 2013-02-06
4
188 Views
Last Modified: 2013-03-07
Hi,

I have created roles in sqlserver by using AspNetSqlMembershipProvider and
AspNetSqlRoleProvider providers , now i my application structure contains admin folder

and User folder, now in my .cs file when i have written the following code

   if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

  it is working fine...

now i have commented the above code

//if (Roles.IsUserInRole("jangaon", "AndhraPradesh"))
            //Server.Transfer("bb.aspx");


and given in web.config as follows

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


where my bb.aspx file is present in admin folder , and i am denying abc user but it allowing that user, and my web.config file contains as follows



<authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
    </authentication>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
             enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
             applicationName="/" />
      </providers>
    </membership>

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
    </roleManager>
   
  </system.web>

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


Can you please say me what is the mistake  I have done.
0
Comment
Question by:praveen1981
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 12

Expert Comment

by:Jared_S
ID: 38859591
This snippet makes me think that abc is a role:

  if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

But this is denying the abc as a user:

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

That may be the source of your trouble.
0
 

Author Comment

by:praveen1981
ID: 38859724
Hi

here Roles.IsUserInRole("abc", "AndhraPradesh")

abc is user and AndhraPradesh is role for that user..
0
 
LVL 13

Accepted Solution

by:
Jitendra Patil earned 500 total points
ID: 38863458
Please try this way.

To allow access to particular user only and deny everyone else
      Say you want to give access to user "John" to a particular page e.g. userpersonal.aspx and deny all others the location tag above should look like below:
 
<location path="userpersonal.aspx">
<system.web>
<authorization>
<allow users="John"/> // allow John ..note: you can have multiple users seperated by comma e.g. John,Mary,etc
<deny users="*"/>  // deny others
</authorization>
</system.web>
</location>
 
Allow only users in particular Role
 
Here We will see now what needs to be done in web.config to configure authorization for a particular role. e.g You have two roles. Customer and Admin and two folders CustomerFolder and AdminFolder. Users in Admin role can access both folders. Users in Customers role can access only CustomerFolder and not AdminFolder. You will have to add location tags for each folder path as shown below:
 
<location path="AdminFolder">
 
<system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
<location path="CustomerFolder">
 
<system.web>
<authorization>
<allow roles="Admin, Customers"/> //Allow users in Admin and Customers roles
<deny users="*"/> // Deny rest of all
</authorization>
</system.web>
</location>

hope this helps.
0
 

Author Closing Comment

by:praveen1981
ID: 38964827
Thanks.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes in DotNetNuke module development you want to swap controls within the same module definition.  In doing this DNN (somewhat annoyingly) swaps the Skin and Container definitions to the default admin selections.  To get around this you need t…
ASP.Net to Oracle Connectivity Recently I had to develop an ASP.NET application connecting to an Oracle database.As I am doing it first time ,I had to solve several problems. This article will help to such developers  to develop an ASP.NET client…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question