Re: AuthorizationStoreRoleProvider Issues

change the authorization section to:

allow roles="Users"
deny users="*"

http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

I have been working on some sample applications to proof new security
enhancements as far as roles based and authorization based security. I
am using a trest active directory, forms based authentication with the
form control, and the AzMan.msc tool to create my roles and policy XML
file I am accessing. SO far everything is going great...

Now my issue is this, maybe someone can shed some light on this. My
AuthUsers.xml file is laid out like so:

<?xml version="1.0" encoding="utf-8" ?>
- <AzAdminManager MajorVersion="1" MinorVersion="0"
Description="Authorization Store for the AuthUser Application">
- <AzApplicationGroup Guid="7037a5f2-178d-4056-8dad-342f9d5c6c95"
Name="Administrator" Description="Datacenter Organizer Administrators"
GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1111</Member>
</AzApplicationGroup>
- <AzApplicationGroup Guid="e8109261-2b4a-4c67-ab22-400f72b9db2a"
Name="SecurityAdmin" Description="Datacenter Organizer Security
Administrators" GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1110</Member>
</AzApplicationGroup>
- <AzApplicationGroup Guid="a5de19aa-bbfb-4b2e-8bd0-635fcd7c7193"
Name="Auditors" Description="Datacenter Organizer Auditors"
GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1108</Member>
</AzApplicationGroup>
- <AzApplication Guid="16e7da53-4973-40b5-a2d0-2e2e95afcccb"
Name="AuthUser"
Description="" ApplicationVersion="">
- <AzApplicationGroup Guid="8cd3d253-c302-4875-912e-5a179ba9ad93"
Name="Users" Description="" GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1112</Member>
</AzApplicationGroup>
</AzApplication>
</AzAdminManager>
Now as you cane see I have create dan Application called: AuthUser and
assigned a Group called 'Users'. The Users group is linked to the
Active Directory Group 'DCO_User'. So far everything works like a
charm.

I have 2 users:
1. Tim
2. TestMan
Tim belongs to the DCO_User group, while TestMan does not belong to
any groups. Now I have set my authorization section in my web.config
file to be:

<authorization>
<deny users="?"/>
<!-- Deny anonymous access to website -->
<allow roles="Users"/>
<!-- Allow all users -->
</authorization>
As you cane see, the only ROLE allowed is USERS which links to the
DCO_User AD group. Whenever I authenticate, both users are let and and
see the default.aspx page. While this si nice now that there are no
errors, I didnt want TestMan to get in at all!

So me delima is thatr TestMan is not supposed to be able to access
this application. Any suggestions?



.

Relevant Pages

  • Re: AuthorizationStoreRoleProvider Issues
    ... enhancements as far as roles based and authorization based security. ... Tim belongs to the DCO_User group, while TestMan does not belong to ... As you cane see, the only ROLE allowed is USERS which links to the ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • AuthorizationStoreRoleProvider Issues
    ... I have been working on some sample applications to proof new security ... enhancements as far as roles based and authorization based security. ... Tim belongs to the DCO_User group, while TestMan does not belong to any ...
    (microsoft.public.dotnet.framework.aspnet)
  • AuthorizationStoreRoleProvider Issues
    ... I have been working on some sample applications to proof new security ... enhancements as far as roles based and authorization based security. ... Tim belongs to the DCO_User group, while TestMan does not belong to any ...
    (microsoft.public.dotnet.framework.aspnet.security)