Re: roleProvider and Windows Authentication

From: ManniAT (pcpohler_at_hotmail.com)
Date: 05/23/05 

Date: Mon, 23 May 2005 16:08:04 +0200

Hi,

for me it works - but I give access to diretories - not to files!
One dir like this:

<system.web>
<authorization>
<allow roles="Admins" />
<allow roles="BSTR Admins" />
<allow roles="BSTR Members" />
<deny users="?" />
</authorization>
</system.web>
And the other like this:
<system.web>
<authorization>
<allow roles="Admins" />
<allow roles="BSTR Admins" />
<deny users="*" />
</authorization>
</system.web>
If you are an Admin you see both - instead you see only the first!
Even one dir where every role (or better no anonymus) can access pages works like this:
<system.web>
<authorization>
<deny users="?" />
</authorization>
</system.web>
So last not least my siteMap
<siteMapNode url="~/Default.aspx" title="Startseite" description="Zur ISatTrack Startseite">
   <siteMapNode roles="Admins, BSTR Admins" title="Administration" description="Administrationsbereich">
      <siteMapNode url="~/Admin/Default.aspx" title="Hauptseite" description="sbersicht fr Administratoren">
           <siteMapNode url="~/Admin/UserMgmt.aspx" title="Benutzer" description="Verwaltung der Benutzer" />
           <siteMapNode url="~/Admin/PCs.aspx" title="PCs" description="Administration der PCs" />
      </siteMapNode>
   </siteMapNode>
   <siteMapNode roles="Admins, BSTR Admins, BSTR Members" title="Mitarbeiterbereich" description="Mitarbeiterbereich">
       <siteMapNode url="~/Members/Default.aspx" title="Hauptseite" description="sbersicht fr Mitarbeiter">
           <siteMapNode url="~/Members/Software.aspx" title="Software" description="Softwaredownloads" />
       </siteMapNode>
   </siteMapNode>
   <siteMapNode roles="Users, Admins, BSTR Admins, BSTR Members" title="Benutzerbereich" description="Bereich Benutzer">
       <siteMapNode url="~/RegistredUsers/Default.aspx" title="Hauptseite" description="sbersicht fr angemeldete Benutzer">
          <siteMapNode url="~/RegistredUsers/CMRRequest.aspx" title="CMR Abfrage" description="CMRs abfragen" />
          <siteMapNode url="~/RegistredUsers/ChgPWD.aspx" title="Passwort "ndern" description="Zndern Sie regelm"ig Ihr Passwort"
/>
      </siteMapNode>
   </siteMapNode>
</siteMapNode>
The things work like expected for me!
The unly "unexpexted" thing was - that for "Bereich Benutzer" I had to add all roles,
since roles="'*" works also for user not in any role - and roles="?" is not supported.

Cheers

Manfred

Relevant Pages

  • Re: Authorization based on roles or directory access?
    ... It would be fine if the <authorization> setting was only checked as an ... security check for nodes that I in the sitemap decided to show. ... to users in "Members" role. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: User.IsInRole with * wildcard, web.sitemap etc.
    ... You don't specify any authorization requirements in web.sitemap!!! ... You use the <authorization> element in web.config for that - the sitemap just uses this information - and the role attribute in the sitemap file allows to override the information found in the authorization element for visual presentation. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Sitemap trimming with Forms auth (Active Directory)
    ... Sitemap will pick up these settings. ... The roles attribute in web.sitemap is ONLY for overriding the settings made in <authorization> ... Dim ticket As FormsAuthenticationTicket = ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Authorization based on roles or directory access?
    ... Your authorization sections in the web.config file can specify a script ... But the roles attribute in the sitemap works for this authorization ... "For navigation node ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: newbie: asp.net 2.0 security question
    ... With the current settings unathenticated users cannot view the ... more sitemap nodes ...
    (microsoft.public.dotnet.framework.aspnet)