Re: authorization different paths and roles

From: Matias Woloski (woloski_at_NOSPAMsion.com)
Date: 08/31/04

Next message: Ken Schaefer: "Re: Login failed for user '(null)'. Reason: Not associated with a trusted SQL"

Previous message: Brian Fulford: "Login failed for user '(null)'. Reason: Not associated with a trusted SQL"
In reply to: Hernan de Lahitte: "Re: authorization different paths and roles"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 30 Aug 2004 19:17:48 -0300

Thanks to everyone.

It wasn't a config problem. This was a code I inherit from someone :s The
global.asax was hooked to the AuthenticationRequest event and was getting
the roles from a cookie and didn't refreshed the db role for the user.

thanks again,
Matias
Soutworks
http://blogs.southworks.net/matiaswoloski

"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:#$zBUorjEHA.3664@TK2MSFTNGP11.phx.gbl...
> Hi Matias,
>
> I assume that you are using Forms Authentication and you are filling the
> roles info with the appropriate data. Otherwise if you use Windows Auth
you
> should add the domain info the group name (role). Regarding the first
> scenario, your last config should be fine: (apply the same to the
> 'resourcemgr' folder with the 'resourceEditors' role)
>
> > <location path="manager">
> > <system.web>
> > <authorization>
> > <allow roles="admins" />
> > <deny users="*" />
> > </authorization>
> > </system.web>
> > </location>
>
> This section may be located in the root web.config file.
> You should have this setting in the system.web main section as well.
>
> <authorization>
> <deny users="?" />
> </authorization>
>
> Notice that all users with the 'admins' role inlcuded in it's roles
> collection will be allowed to access the manager folder.
>
>
> --
> Hernan de Lahitte
> Lagash Systems S.A.
> http://weblogs.asp.net/hernandl
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "Matias Woloski" <woloski@NOSPAMsion.com> wrote in message
> news:uazgtXpjEHA.3608@TK2MSFTNGP09.phx.gbl...
> > Writing this, it won't allow anyone to get into manager,
> >
> > <location path="manager">
> > <system.web>
> > <authorization>
> > <allow roles="admins" />
> > <deny users="*" />
> > </authorization>
> > </system.web>
> > </location>
> >
> > However, I still cannot make it work to only allow "admins" role.
> >
> > any ideas?
> >
> > thanks!
> > Matias
> >
> > "naijacoder naijacoder" <naijacoder@toughguy.net> wrote in message
> > news:eRVeRUVjEHA.2524@TK2MSFTNGP11.phx.gbl...
> >> <location path="manager"> is this path MANAGER a drirectory in IIS or a
> >> group?
> >> Try using <deny> and see if it will go..
> >> Cheers
> >>
> >>
> >>
> >>
> >> *** Sent via Developersdex http://www.developersdex.com ***
> >> Don't just participate in USENET...get rewarded for it!
> >
> >
>
>

Next message: Ken Schaefer: "Re: Login failed for user '(null)'. Reason: Not associated with a trusted SQL"

Previous message: Brian Fulford: "Login failed for user '(null)'. Reason: Not associated with a trusted SQL"
In reply to: Hernan de Lahitte: "Re: authorization different paths and roles"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]