FormsAuthentication Roles Problem

From: James McFarland (com.sunporch.at.james_at_nospam.nospam)
Date: 11/24/04

• Next message: [MSFT]: "RE: FormsAuthentication Roles Problem"
• Previous message: Hernan de Lahitte: "Re: Roles not working"
• Next in thread: [MSFT]: "RE: FormsAuthentication Roles Problem"
• Reply: [MSFT]: "RE: FormsAuthentication Roles Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 24 Nov 2004 08:35:06 -0800

I want to use FormsAuthentication and allow access based on role.

I have a /Admin directory on the web app, and want to allow role "admin",
but deny all other users.

/Web.config:
    <authorization>
        <allow users="*" /> <!-- Allow all users -->
    </authorization>

/Admin/Web.config:
    <authorization>
                <allow roles="admin"/>
                <deny users="*"/>
    </authorization>

This setup prevents all users from accessing pages in the /Admin folder,
even users whose IPrincipal.IsInRole("admin") implementation returns true.

If I change /Amdin/Web.config to the below, it allows the "admin@mysite.com"
user in:
    <authorization>
                <allow users="admin@mysite.com" roles="admin"/>
                <deny users="*"/>
    </authorization>

Anyone ever seen this problem or have any idea what I am doing wrong?
All examples I have seen appear to use the <allow roles="admin"/> approach.

Thanks,
-james

-- 
James McFarland :: SunPorch Structures Inc.

• Next message: [MSFT]: "RE: FormsAuthentication Roles Problem"
• Previous message: Hernan de Lahitte: "Re: Roles not working"
• Next in thread: [MSFT]: "RE: FormsAuthentication Roles Problem"
• Reply: [MSFT]: "RE: FormsAuthentication Roles Problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: VS.NET Create Web Application Hang ... .NET 1.x pretty much requires that the user is a local Admin. ... This one is a bit strange, but happens in some machines (try permissions, ... We even created a local account for him to> test, even though he has local administrative rights using his own domain> account. ... That local account allows him to create a web app, ... (microsoft.public.dotnet.general) RE: Secure some pages and not other ... Thanks for posting in the community! ... you're using the Formsauthentication in your ASP.NET ... wanting how to set such multi-authroized configuration in a single ASP.NET ... web app, yes? ... (microsoft.public.dotnet.framework.aspnet) Re: Is this possible in ASP.NET - dynamic questions ... We're building a Web app where we can have any number of ... > fields, radio buttons, dropdowns, etc. ... looking for - they provide an admin page to add questions and whatnot. ... (microsoft.public.dotnet.framework.aspnet) Re: Is this possible in ASP.NET - dynamic questions ... Thank you, Scott. ... We're building a Web app where we can have any number of ... Is this possible or is it just a pipe dream? ... > for - they provide an admin page to add questions and whatnot. ... (microsoft.public.dotnet.framework.aspnet)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint