I want to be able to specify which roles having access to certain controllers in web.config and use it something like this:
[Code]....
..but the compiler says "Error 1 An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type...". How to accomplish this behavior?
I have three roles:
AdminEditorGeneral
How can i give acces so to:
1- All users in roles Admin and Editor
2- Specific users from role General
i tried this but with no luck:
[Code]....
I can't seem to find this answer anywhere on google or stackoverflow, even though I'd thought it would've been an easy thing to do.
I want to understand how the system.web authorization tag on the web.config works, and what exactly each attribute and property does.
For instance, what does
<system.web>
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
</system.web>
Specifically what I want to do is to disallow access to most of the site for unauthenticated users, allow access to some of the site for authenticated users who belong to a certain role, and allow full access to users from a second role.
Is it possible to specify that multiple roles are required inside the authorization element of the web.config file? I currently have this block in one web.config of my site for a specific directory:
<authorization>
<allow roles="Global, Region" />
<deny users="*" />
</authorization>
I've just identified a special case where a person with two lower-level permissions than Global and Region should also have access to this directory. Roughly, I want something like this:
<authorization>
<allow roles="GlobalManager, RegionManager, SiteManager && FooSite" />
<deny users="*" />
</authorization>
I realize I probably should have a new role for this scenario, but I'd like to avoid that.
When executing this line:
Dim roleRedirectSection As LoginRedirectByRoleSection = DirectCast(ConfigurationManager.GetSection("loginRedirectByRole"), LoginRedirectByRoleSection)
...I get the following error:
Message: "An error occurred creating the configuration section handler for loginRedirectByRole: Could not load type 'sitename.LoginRedirectByRoleSection'. (W:Webs2010DEVsitenameASP 4.0web.config line 10)"
<configuration>
<configSections>
<section name="loginRedirectByRole" type="journeyeast.LoginRedirectByRoleSection" allowLocation="true" allowDefinition="Everywhere" />
</configSections>
<loginRedirectByRole>
<roleRedirects>
<add role="Administrator" url="~/Account/Admin/Default.aspx" />
<add role="Employee" url="~/Account/Emp/Default.aspx" />
<add role="Teacher" url="~/Account/Teacher/Default.aspx" />
<add role="Student" url="~/Account/Student/Default.aspx" />
<add role="School" url="~/Account/School/Default.aspx" />
</roleRedirects>
I quickly setup Roles to get my site up, but now I am going back and tightening them up. I have a custom SQL Server database Provider to hold users.I want 3 Roles, Admins, Progress and then a standard User.I have all the files only Admins to use are in a folder SecureAdminI have all the files only Progress to use are in a folder SecureProgress And all the files that everybody has access to are in the Secure Folder.As soon as I added the Custom XML Site provider, my Tree View disppeared. I would assume it's because my roles are not configured correct. I can use the ASP.NET configuration tool to see my roles and users, but any combination I try in there doesn't seemto do anything. I see most examples have some code like below.
[code]...
But even when I set up some roles in the ASP.Net configuration, I never see anything like that added to my web.config? Is this because it is stored in the database? If not, what what I add to my web.config to make this work?
I changed my application to use "InProc" sessionState instead of "Off" because I need to preserve user selected language from page to page doing localization.n web.sitemap I have this line:
<siteMapNode url="Admin.aspx" title="Administrator" description="Site administration" roles="Administrator" />
which before I changed sessionState to "InProc" worked as supposed to: menu item "Administrator" appeared as a menu choice only when user had logged in with admin rights. Now this menu choice is present for every user.
instead hard coding configuration of users and roles of windows authentication in web.config, is there any best way to manage them with out hard code?
View 1 RepliesI am not able to allow/deny users based on roles in the web.config (using <location path>). The following does not work even if the user is in the 'Admin' role:[Code]....
I am able successfully execute IsUserInRole() and GetRolesForUser() in the codebehind and get expected results. The same applies to the web.sitemap, adding roles in there do not seem to apply to the user even if he is a member of the role.
Here is my web.config (trimmed some sections out so it's not too long):[Code]....
And web.sitemap:
[Code]....
I am using this article [URL]...
And I want to add Role/s dynamically and also delete role/s in web config.
I want to add a new rule in my web.config file programmatically,
ex: I have a textbox to add location path I have a combobox (with items admin and user) to add roles. ex: user input location path = textbox roles = combobox (items admin and user) the save button, when click the save button the results go to the web config :
<location path="Report/ManageReport.aspx">
<system.web>
<authorization>
<allow roles="ADMIN" />
<deny users="*" />
</authorization>
</system.web>
</location>
So far my code as below: but I was confused to apply its
protected void AddRoleRule(string location, string selectedrole)
{
Configuration config = WebConfigurationManager.OpenWebConfiguration(Server.MapPath("~/Web.config"));
XmlDocument xDoc = new XmlDocument();
xDoc.Load(config.FilePath);
//if the rule exists update the rule
[Code] .....
I am "DomainMyDomainUserName" If I do this:
[Code]....
I can access the website I've created on my local machine in debug mode; and with my domain account as a local administrator, if I do this:
[Code]....
I can still access the website; and with my domain account in a Domain Group named "DomainDomainLocalSecurityGroup", if I do this:
[Code]....
I can still access the website; HOWEVER, if I create a Local Group on my machine named "LocalMachineGroup" and I add "DomainMyDomainUserName" to this group and I do this:
[Code]....
I get an Access Denied error trying to access the website. What I want to do is, have a group on my local machine (for testing), on a test web server, and on a production web server named "MyWebsiteUserAccess" with the same Domain Group (filled with Domain Users allowed access to the site) in all of these local groups; so that when I test the web application on my local machine, on my test web server and on my production web server, I don't have to change the Web.config file to have it work on each AND if the Domain Group name ever has to change, it won't affect access to the website.
What am I overlooking or is this even possible to do this way? I understand that there is a way to do Role Management through ASP.NET but I don't understand that well enough yet to implement that (and will probably go that route once I've done the research on how to best implement it for purpose of access control of this intranet site).
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
Let's say I have a rolegroup as follows:
<asp:LoginView ID="lvDoSomeStuff" runat="server">
<RoleGroups>
<asp:RoleGroup Roles="RoleOne,RoleTwo">
<ContentTemplate>
...
</ContentTemplate>
</asp:RoleGroup>
</RoleGroups>
</asp:LoginView>
Is there a way I can make it so that a user must meet RoleOne and RoleTwo to satisfy the RoleGroup? By default, if a user is in either of the two roles, they will be granted access. I know I can do this via the code-behind, but I'd prefer to be able to wrap some content template with this markup instead of having to wrap it in a panel and hide the panel programmatically.
i want to implement asp.net role provider to assign users over my LAN to roles and have my asp.net intranet app implement security based on roles.
i dont want to use VS to manage this with the built in tools but rather hand this off to users to manage themselves. i want an admin folder with a page(s) for admin roles to be able to create/edit roles and manage users in roles... this way an admin can add a domain user (MyDomainUsername) to a role such as ProojectManager or Tester or Developer... and users wont need to contact me for these tasks...
can anyone provide me a link (or some sample code) to some sample i can use to admin roles and users over a LAN in asp.net with c#?
I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.
Here is my current code
[Code]....
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
View 6 RepliesI have run into a problem where I need to remove certain items from collections that seem to only have get all functions.
My Idea is to get the full collection and then remove the unneeded items. Then take that new collection and bind it to whatever I need.
For example How do I get all the roles except administrator?
Roles strRoles = Roles.GetAllRoles()
RoleList.DataSource = (Roles) roles; //Roles.GetAllRoles();
RoleList.DataBind();
or How do I get all users but say user123
MembershipUserCollection users = Membership.GetAllUsers();
UserList.DataSource = users;
UserList.DataBind();
I just installed VS2010 and opened the root machine.config and web.config files for review and I found some errors. In machine.config, the following line has errors in both entries for <Microsoft.VisualStudio.Diagnostics.ServiceModelSink.Behavior>. When I hover the cursor over them I get a tooltip text which displays: "The element 'endpointBehaviors' has invalid child element 'Microsoft.VisualStudio.Diagnostics.ServiceModelSink.Behavior'. List of possible elements expected: '...(list of options here)...'. The same problem happens for the second appereance in tag <serviceBehaviors>.
[Code]....
In web.config, there is a tag called <protocols> that has an error with a tooltip text that says "The element 'system.web' has invalid child element 'protocols'. List of possible elements expected: '...(list of options here)...'.
Currently, I work on an ASP.NET project which is hosted under version control and is used on several developer machines, tester machine and production environment.
In three cases, configuration (Web.config) may be different. For example, developer and tester environments use testing SQL Server, whereas in production environment, another SQL Server is accessed, so the connection string is different in those cases.
We want to keep three versions of Web.config in subversion. But modifying each of three files every time we need to add, remove or change a common setting is annoying: it would be nice to have a common, master Web.config, which will be inherited by each of the three Web.config files.
How to set up an ASP.NET project which will use a master configuration file and different slave configuration files on different machines, thus sharing the same project/source code/configuration files in subversion?
When I open my ASP.NET site in IIS and try to open the .NET Trust Levels, I get an error message:
.NET Trust Levels There was an error while performing this operation.
Details:
Filename: ?C:inetpubwwwrootmyappweb.config
Line number: 445
Error: This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"),or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
I've checked a few places, but I haven't found anything that seems like it would be locking that setting. Is there a systematic way of determining where that setting is locked?
I'm using IIS 7.5 and .NET 3.5 sp1.
We are experiencing some strange behaviour on one of our ASP.NET web servers (Windows 2003 64-bit). After some activity, two third-party controls are unable to run correctly. One is log4net (it does not write error messages out) and the other is a menu control (it displays eval message instead of picking up its license). The one common thread is that both controls pick up their config from external config files (linked to from web.config).
Just wondering if anyone has any thoughts on this or experienced this in any way. Is it related to file/folder rights? The server has been running fine for a while and just started exhibiting this behaviour. Perhaps it occurs around the time the worker processes are recycled.
How can I "clear" the vendor defined <controls> in my child app's web.config?
Parent Web Config.
[code]....
I have it working for the <tagMapping> section, but <controls> does not support <clear/>.
I am running into a problem with a web.config in a child project that has the same connection string setting as a parent. We have this in several of our web apps but there is one case where we want a child not to use the parent web.config. Is there a setting or command in the child web.config to ignore the parent web.config?
View 4 RepliesI have deploy my web site, it contains a project!
in MyWeb there are all the aspx page and some entites datamodel, in MyApp there are the class with function like "getter data from DB" and there is a entity data model.
afeter the deploy, I have only the web.config and the connection string for the entity datamodel....itīs run ok, read/write the data on the DB.
The problem is with MyApp.....after the deploy it is a dll file and I donīt have the app.config and the entity inside it donīt run, not read/write nothing on the DB.
There arenīt error or messager but not read/write the data in the MyApp project.
all run on the iis 7
now...the question is:
I lose the connection string (in app.config) after the deploy?
Can I put a entity in the MyWeb and read it in another project (myApp)?
ps: for connect to DB I use not the c# code:
var db=from x in AccessDB.Example select x;