Re: AuthorizationStoreRoleProvider Issues
- From: "Timothy H. Schilbach" <tschilbach@xxxxxxxxxxxxxxxx>
- Date: Fri, 28 Apr 2006 09:32:57 -0500
Dominick,
I found the answer to my question. In azMan you need to assign a role and
then assign the group to the role. In This case I assigned BrowseWeb as a
role and the group Users to it. I then changed my web.config to:
allow roles="BrowseWeb"
Deny users="*"
And presto! it works. I wish there were some good books out there really
expaining this. Maybe I should do a comprehensive writeup on it?
-Timothy
"Dominick Baier [DevelopMentor]" <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in message news:4580be6319a7fa8c838ef561abac8@xxxxxxxxxxxxxxxxxxxxx
change the authorization section to:
allow roles="Users"
deny users="*"
http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
I have been working on some sample applications to proof new security
enhancements as far as roles based and authorization based security. I
am using a trest active directory, forms based authentication with the
form control, and the AzMan.msc tool to create my roles and policy XML
file I am accessing. SO far everything is going great...
Now my issue is this, maybe someone can shed some light on this. My
AuthUsers.xml file is laid out like so:
<?xml version="1.0" encoding="utf-8" ?>
- <AzAdminManager MajorVersion="1" MinorVersion="0"
Description="Authorization Store for the AuthUser Application">
- <AzApplicationGroup Guid="7037a5f2-178d-4056-8dad-342f9d5c6c95"
Name="Administrator" Description="Datacenter Organizer Administrators"
GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1111</Member>
</AzApplicationGroup>
- <AzApplicationGroup Guid="e8109261-2b4a-4c67-ab22-400f72b9db2a"
Name="SecurityAdmin" Description="Datacenter Organizer Security
Administrators" GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1110</Member>
</AzApplicationGroup>
- <AzApplicationGroup Guid="a5de19aa-bbfb-4b2e-8bd0-635fcd7c7193"
Name="Auditors" Description="Datacenter Organizer Auditors"
GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1108</Member>
</AzApplicationGroup>
- <AzApplication Guid="16e7da53-4973-40b5-a2d0-2e2e95afcccb"
Name="AuthUser"
Description="" ApplicationVersion="">
- <AzApplicationGroup Guid="8cd3d253-c302-4875-912e-5a179ba9ad93"
Name="Users" Description="" GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1112</Member>
</AzApplicationGroup>
</AzApplication>
</AzAdminManager>
Now as you cane see I have create dan Application called: AuthUser and
assigned a Group called 'Users'. The Users group is linked to the
Active Directory Group 'DCO_User'. So far everything works like a
charm.
I have 2 users:
1. Tim
2. TestMan
Tim belongs to the DCO_User group, while TestMan does not belong to
any groups. Now I have set my authorization section in my web.config
file to be:
<authorization>
<deny users="?"/>
<!-- Deny anonymous access to website -->
<allow roles="Users"/>
<!-- Allow all users -->
</authorization>
As you cane see, the only ROLE allowed is USERS which links to the
DCO_User AD group. Whenever I authenticate, both users are let and and
see the default.aspx page. While this si nice now that there are no
errors, I didnt want TestMan to get in at all!
So me delima is thatr TestMan is not supposed to be able to access
this application. Any suggestions?
.
- References:
- AuthorizationStoreRoleProvider Issues
- From: Timothy H. Schilbach
- Re: AuthorizationStoreRoleProvider Issues
- From: Dominick Baier [DevelopMentor]
- AuthorizationStoreRoleProvider Issues
- Prev by Date: Re: AuthorizationStoreRoleProvider Issues
- Next by Date: Re: Form Auth and windows int auth
- Previous by thread: Re: AuthorizationStoreRoleProvider Issues
- Next by thread: Re: Form Auth and windows int auth
- Index(es):
Relevant Pages
|
|
