Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

web config Authorisation

Posted on 2013-02-06
4
Medium Priority
?
194 Views
Last Modified: 2013-03-07
Hi,

I have created roles in sqlserver by using AspNetSqlMembershipProvider and
AspNetSqlRoleProvider providers , now i my application structure contains admin folder

and User folder, now in my .cs file when i have written the following code

   if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

  it is working fine...

now i have commented the above code

//if (Roles.IsUserInRole("jangaon", "AndhraPradesh"))
            //Server.Transfer("bb.aspx");


and given in web.config as follows

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


where my bb.aspx file is present in admin folder , and i am denying abc user but it allowing that user, and my web.config file contains as follows



<authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880" />
    </authentication>

    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
             enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
             maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
             applicationName="/" />
      </providers>
    </membership>

    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>

    <roleManager enabled="true" defaultProvider="AspNetSqlRoleProvider">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" />
      </providers>
    </roleManager>
   
  </system.web>

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

  <location path="abc">
    <system.web>
      <authorization>          
        <deny users="jangaon"/>
      </authorization>
    </system.web>
  </location>


Can you please say me what is the mistake  I have done.
0
Comment
Question by:praveen1981
  • 2
4 Comments
 
LVL 12

Expert Comment

by:Jared_S
ID: 38859591
This snippet makes me think that abc is a role:

  if (Roles.IsUserInRole("abc", "AndhraPradesh"))
                Server.Transfer("bb.aspx");

But this is denying the abc as a user:

  <location path="Admin">
    <system.web>
      <authorization>      
        <deny users="abc"/>        
      </authorization>      
    </system.web>    
  </location>

That may be the source of your trouble.
0
 

Author Comment

by:praveen1981
ID: 38859724
Hi

here Roles.IsUserInRole("abc", "AndhraPradesh")

abc is user and AndhraPradesh is role for that user..
0
 
LVL 13

Accepted Solution

by:
Jitendra Patil earned 1500 total points
ID: 38863458
Please try this way.

To allow access to particular user only and deny everyone else
      Say you want to give access to user "John" to a particular page e.g. userpersonal.aspx and deny all others the location tag above should look like below:
 
<location path="userpersonal.aspx">
<system.web>
<authorization>
<allow users="John"/> // allow John ..note: you can have multiple users seperated by comma e.g. John,Mary,etc
<deny users="*"/>  // deny others
</authorization>
</system.web>
</location>
 
Allow only users in particular Role
 
Here We will see now what needs to be done in web.config to configure authorization for a particular role. e.g You have two roles. Customer and Admin and two folders CustomerFolder and AdminFolder. Users in Admin role can access both folders. Users in Customers role can access only CustomerFolder and not AdminFolder. You will have to add location tags for each folder path as shown below:
 
<location path="AdminFolder">
 
<system.web>
<authorization>
<allow roles="Admin"/> //Allows users in Admin role
<deny users="*"/> // deny everyone else
</authorization>
</system.web>
</location>
<location path="CustomerFolder">
 
<system.web>
<authorization>
<allow roles="Admin, Customers"/> //Allow users in Admin and Customers roles
<deny users="*"/> // Deny rest of all
</authorization>
</system.web>
</location>

hope this helps.
0
 

Author Closing Comment

by:praveen1981
ID: 38964827
Thanks.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently went through the process of creating a Calendar Control of events with the basis of using a database to keep track of the dates that are selectable, one requirement was to have the selected date pop-up in a simple lightbox.  At first this…
User art_snob (http://www.experts-exchange.com/M_6114203.html) encountered strange behavior of Android Web browser on his Mobile Web site. It took a while to find the true cause. It happens so, that the Android Web browser (at least up to OS ver. 2.…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question