Re: Web Site Configuration for remote users
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 21 Mar 2007 16:02:59 +0000 (UTC)
So what are you really trying to achieve?
use the tool to remote administer the site?
or prevent remote administration?
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Greetings all
I've just re-engineered a small system to use the Roles/Membership and
ASP.Net Configuraton Tool.
I've configured it for 'From the Internet' access.
However, I can access the Config Tool by just running it. I don't have
to login.
I hunted around and found this:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\web
.config
So I altered it to Forms authentication and did this:
<authorization>
<deny users="*"/>
<allow roles="Manager" />
</authorization>
This is slight progress. I can't administer the site anymore - it's
looking for login.aspx. But this doesn't exist in the folder.
I know this is probably all because I'm working locally, but I'd like
to be sure before I roll this out (I don't have a test environment).
Many thanks
M.
MCDBA : MCSD
.
- Prev by Date: Setting Full Trust for an outlook addin created with VSTO
- Next by Date: Re: Web Site Configuration for remote users
- Previous by thread: Setting Full Trust for an outlook addin created with VSTO
- Next by thread: Re: Web Site Configuration for remote users
- Index(es):
