Re: ASP.NET Authentication

Typically you would use groups in the allow/deny tags in NT format
(domain\groupname). You can build whatever type of access you want based on
the order of the allow and deny tags. The first match for a given user
wins.

So, you might do and allow for your domain group and a deny for users=*
after that. That will effectively allow the users in the group and deny
everyone else.

Joe K.

"Cathleen C via DotNetMonster.com" <u12958@uwe> wrote in message
news:592fb506b0ab0@xxxxxx
>I considered going with the <authorization/> it just seemed inefficient to
> include user names in a file instead of directly on the folder.
>
> So if I take that approach then I still need to give Network Services
> access
> to the folder in Explorer, and in web.config a list of users allowed to
> view
> the app? Can I list network groups? And only those will be able to view
> it?
> Since setting permissions has become more complicated than just adding
> users
> to the directory itself, I fully expect that you have to list everyone
> that
> is denied.
>
> I ran into some info on ACL elsewhere, but all I know is that it stands
> for
> Access Control List. From where do you access this?
>
> Tahnks for your help.
>
> Joe Kaplan (MVP - ADSI) wrote:
>>If you are using Windows authentication, it might be easier to just use
>>the
>><authorization/> element in the web.config file to specify allow/deny
>>lists
>>for your application than to resort to file system ACLs. ACLs give you
>>defense in depth and are a good idea, but the <authorization/> element is
>>sufficient for what you want.
>>
>>If you mess with ACLs, remember that the worker process identity still
>>needs
>>to be able to read the files too.
>>
>>Joe K.
>>
>>> I'm now well beyond frustration.
>>>
>>[quoted text clipped - 48 lines]
>>> Can anyone shed some light. It seems like this should be such a simple
>>> process.
>
> --
> Message posted via DotNetMonster.com
> http://www.dotnetmonster.com/Uwe/Forums.aspx/asp-net-security/200512/1


.

Relevant Pages

  • Re: importing autocorrect / autotext entries
    ... Office folder along side the legitimate ACLs will not enable them to work as ... though they were part of the family, nor will the macro work in Word 2008. ... text files or simple lists of words. ... in word 04 i was able to import both lists as autocorrect entries via ...
    (microsoft.public.mac.office.word)
  • Re: CArray and CList
    ... Once again, thank you for the valuable education, Joe! ... If you are inserting or deleting a lot, ... >>your lists are. ...
    (microsoft.public.vc.mfc)
  • Re: [fw-wiz] Cisco 2621 opinions
    ... I simply meant that the more ACLs you apply, ... the ios qos features work best with slower lines like BRIs. ... > Ethernet to Ethernet connection you could look at the 2651 or the 3600s. ... With CBAC and extensive lists, this could go down to 1.5mpbs. ...
    (Firewall-Wizards)
  • Re: ASP.NET Authentication
    ... inefficient to include user names in a file instead of directly on the folder. ... use the element in the web.config file to specify allow/deny lists for your application than to resort to file system ACLs. ... remember that the worker process identity ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: More video poker paytable questions
    ... He lists 8-5-4 Bonus Poker ... Joe J in LV ... Ace, Ten, and one high suited ...
    (alt.vacation.las-vegas)
Loading