Re: Role based Security in ASP.Net

From: Gregor Streng (gregorstreng@jamieplc.com)
Date: 01/22/03

• Next message: Mads Jacobsen: "Forms Auth and codebehind"
• Previous message: Bassel Tabbara [MSFT]: "Re: Access denied ( From one site to another, that is in another server)"
• In reply to: Eric Lyons: "Role based Security in ASP.Net"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Gregor Streng" <gregorstreng@jamieplc.com>
Date: Wed, 22 Jan 2003 16:10:08 -0000

Hi Eric,

I personally would do it this way.
Let ASP.NET do the authorization based on your web.config.

When a user gets redirected by ASP.NET because the resource requires more
permission.
You can easily check on the logon page if the user is already authenticated
or not.
If the user is already authenticated and she/he gets redirected to the logon
page then
because she/he has not the required permissions.
At this point you can redirect the user to your own personal access denied
or just send
a HTTP 403.

Hope this helps,
Gregor

"Eric Lyons" <EricLyons1@comcast.net> wrote in message
news:O11fEIcwCHA.2288@TK2MSFTNGP09...
> I know this has been asked a lot but I'm having a small problem. I've
read
> all the articles and I have form and role security working. The problem
is
> requesting a page that has a role specified (Let's say "Admin") after a
user
> has already logged in and the user doesn't have the role assigned to them.
> What happens is the user is redirected to login url because the user
doesn't
> have the role assigned. Is there a way I can detect this somehow and
> redirect to an access denied page or something. I know I can check the
role
> in code on every page in that directory but that defeats the roles in the
> web config. Thanks for any information or examples.
>
> Eric Lyons
>
>

• Next message: Mads Jacobsen: "Forms Auth and codebehind"
• Previous message: Bassel Tabbara [MSFT]: "Re: Access denied ( From one site to another, that is in another server)"
• In reply to: Eric Lyons: "Role based Security in ASP.Net"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ADFS Proxy Error ... redirecting the client to the logon site. ... resource FS -> app ... The redirect from the account FS to the resource FS is a POST redirect of ... On my test client I have a host file entry to redirect any requests to my ... (microsoft.public.windows.server.active_directory) RE: Redirect default folder for Windows Explorer ... You shouldn't have to reboot because it is a user instead. ... Logon and logoff ... I've added this script to my logon script to but i have to do a reboot for ... You are far better off to redirect the My Documents than remove it. ... (microsoft.public.win2000.group_policy) Re: Redirected folders ... do you mean that your users have 2 different home directories, ... logon to the Terminal Server? ... MCSE, CCEA, Microsoft MVP - Terminal Server ... > I know - It's easy to redirect folders to users hormedir, ... (microsoft.public.windows.terminal_services) Re: popup and timeout problem ... You can't bypass the logon, as the check happens at the application level ... the popup(as the extension exists outside the .net framework). ... How can I bypass this redirect to the logon ... (microsoft.public.dotnet.languages.csharp) Re: Problem with Folder redirects using GPO ... first user logon (if you want them dynamically created ... >does the folder get created at user account creation or ... redirected folders by using Folder Redirection in Windows ... > I would like to redirect the clients 'My Documents' ... (microsoft.public.windows.group_policy)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint