Re: Authentication/Impersonation Inconsistency
From: Paul Glavich [MVP ASP.NET] (glav_at_aspalliane.com-NOSPAM)
Date: 03/01/05
- Next message: Nicole Calinoiu: "Re: Medium Level Trust and Reflection"
- Previous message: Joan: "enterprise library encrypt using config file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 1 Mar 2005 22:54:09 +1100
Istead of using ACL's, try using the <location> element in your web.config
to set the particular user allowed to access a particular location (in your
case a specific .aspx page)
eg.
<configuration>
<!-- allow only user1 to access page 1 -->
<location path="page1.aspx">
<system.web>
<authorization>
<allow users="user1"/>
<deny users="*" />
</authorization>
</system.web>
</location>
<!-- allow only user1 to access page 2 -->
<location path="page2.aspx">
<system.web>
<authorization>
<allow users="user2"/>
<deny users="*" />
</authorization>
</system.web>
</location>
<!-- allow all other authenticated users to access other pages -->
<system.web>
<authorization>
<allow users="?"/>
<deny users="*" />
</authorization>
</system.web>
</configuration>
-- - Paul Glavich ASP.NET MVP ASPInsider (www.aspinsiders.com) "whornak" <whornak@discussions.microsoft.com> wrote in message news:708EAB11-E5CA-4464-8188-7EBB5416E9BB@microsoft.com... > I am trying to use the Impersonation functionality but am getting > inconsistent results. Win 2000 w/ Visual Studio 2003 .NET Framework v1.1 in > development mode. > > I have the following set in web.config: > <authentication mode="Windows" /> > <identity impersonate ="true" /> > > I also have changed IIS to not allow Anonymous Access > > I have changed the permissions on a couple of files to different users that > I have created. Each of the files having only 1 different user given > permission. > > 2 Problems: > > 1) Sometimes things happen as expected where, when moving from apsx to aspx, > I get promted for the username/password/domain and with the proper > credentials get permission. But all of a sudden it stops working and am not > given access when retrying with the same credentials on the same aspx page > when nothing has changed. > > 2) When provided access via the username/login/domain credentials all other > pages that are accessed use that last set of credentials instead of the > original, that being what the user is logged into the machine as. > > This isn't a major problem but shouldn't it only allow access and not change > anything?
- Next message: Nicole Calinoiu: "Re: Medium Level Trust and Reflection"
- Previous message: Joan: "enterprise library encrypt using config file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
