Permission On Admin Folder, Only For Role=admin?
Jun 13, 2010I have an Admin folder which contains 4-5 aspx pages. I want to that only user with role="admin" can view those files. What settings i need in web.config?
View 1 RepliesI have an Admin folder which contains 4-5 aspx pages. I want to that only user with role="admin" can view those files. What settings i need in web.config?
View 1 RepliesI found a great answer on SO describing how to set up custom user roles, and I've done the same in my project. So in my Login service I have:
public ActionResult Login() {
// password authentication stuff omitted here
var roles = GetRoles(user.Type); // returns a string e.g. "admin,user"
var authTicket = new FormsAuthenticationTicket(
1,
userName,
DateTime.Now,
DateTime.Now.AddMinutes(20), // expiry
false,
roles,
"/");
var cookie = new HttpCookie(FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(authTicket));
Response.Cookies.Add(cookie);
return new XmlResult(xmlDoc); // don't worry so much about this - returns XML as ActionResult
}
And in Global.asax.cs, I have (copied verbatim from the other answer):
protected void Application_AuthenticateRequest(Object sender, EventArgs e) {
var authCookie = Context.Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null) {
var authTicket = FormsAuthentication.Decrypt(authCookie.Value);
var roles = authTicket.UserData.Split(new Char[] { ',' });
var userPrincipal = new GenericPrincipal(new GenericIdentity(authTicket.Name), roles);
Context.User = userPrincipal;
}
}
Then, in my ServicesController class, I have:
[Authorize(Roles = "admin")]
//[Authorize]
public ActionResult DoAdminStuff() {
...
}
I login as a user with the "admin" role, and that works. Then I call /services/doadminstuff - and I get access denied, even though when I put a breakpoint in Global.asax.cs, I can see that my roles do include "admin". If I comment out the first Authorize attribute (with roles) and just use a plain vanilla Authorize, then I can access the service.
I have several features in admin panel. like userslist,change password for the user,delete user... Still now only one admin user can handle all this.
Now I want to give some features to some users.. ie certain users can view the list ,certain user can edit items in the list etc...
We have created an ASP.NET ( 3.5) application is configured to use FORM authentication and thus it has such a following items in Web.Config :
<location path="~/Admin/Default.aspx">
<system.web>
<authorization>
<allow roles="Manager,Member" />
<deny users="*" />
</authorization>
</system.web>
</location>
<location path="~/Admin/MyAccount.aspx">
<system.web>
<authorization>
the application runs OK on local web server box. Our ASP.net application is able to access Admin folder in local IIS application folder and its subdirectory. However, once uploaded to remote web host , user can login but when user wants to use any pages in ~/Admin subfolder, we get an exception that essentially states that access to the sub-directory is denied.
I am trying to deny access to my 'Admin' folder via web.config. I looked at another answer to a similar question and they recommend using the <location> folder, however when I insert "Admin/" into the path I get the following error:
[Code]....
I am using URL routing in asp.net application (not MVC) . I have Admin folder in my aaplication which has admin related aspx pages with seperate web.config. I have seperate login form for admin users which is placed in admin folder itself. My issue is whenever I hit [URL] (which I want to go to login form for admin)- it tries to authenticate and goes to login url mentioned in web.config of root folder.
Note: Admin folder has anonymous access in root config file. Also I have set default document in config of Admin folder. I have added following line in global.asax so that routing doesnt work for files in admin folder;
routes.Add(new
Route("admin/{*resource}",
new
StopRoutingHandler()));
I am really confused what is the issue? What I am missing?
i want to crease an admin panel. but i do not use asp.net default membership system.
i know actions enable access can be determine by [Authorize] attribute. but my admin has 10-20 controller and about 100 action.
i do not want to signature all of actions by [Authorize] attribute.
all controller must be required login if user did not login.
I am using the following in my webconfig, so that only admin an access the admin folder.
<location path="Admin" allowOverride="true">
<system.web>
<authorization>
<allow roles="Administrators" />
<deny users="*" />
</authorization>
</system.web>
Now when the guest user tries to access this he is redirected to the Login page. I want the user to either sho a popup that user cannot access it or just stay on the same page with some error message in a label on that page... Here is more code in webconfig
<authentication mode="Forms">
<forms loginUrl="Login.aspx" protection="All" name="Cookie" timeout="120" path="/" slidingExpiration="true"
defaultUrl="Default.aspx">
</forms>
i need some lessons in how to create admin folder and pages to add user ,content ,authentication, etc
View 2 Replieshow are you able to create a admin and member folder and seperate the links from the masterpage .The login and register is not done using the asp.conf is done using a customer table
View 2 RepliesI have a dropdown box showing a list of roles. I used Roles.GetAllroles() for showing all roles in the dropdown box but I don't want to show a role named "Admin" in the dropdown box. How can I keep it out?
View 2 RepliesI am not able to redirect the user to "SimpleUserLoginAfterRegistration.aspx" page if Administrator is in any one of the .aspx file inside Administrator Folder.
I tried to use: Response.redirect("/SimpleUserLoginAfterRegistration.aspx") But, it is saying Page not found error.
I am creating an application hosted on GoDaddy.com. The base files are kept in a folder called /sky while the Admin files and User files are kept in /sky/Admin and /sky/User respectively. I'm having difficulty configuring the security so that when a user tries to access Admin or User files they should be redirected to the login.aspx file in the /sky folder. I keep getting an error that its trying to access sky/sky/login.aspx instead of just sky/login.aspx.
Here are the relevant sections of my web.config file.
<?xml version="1.0"?>
<configuration>
...
<location path="sky/admin">
<system.web>
<authorization>
<allow roles="Admin" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="user">
<system.web>
<authorization>
<allow roles="Admin,User" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<customErrors mode="Off" />
<authentication mode="Forms">
<forms name="login" loginUrl="login.aspx" />
</authentication>
...
</system.web>
...
</configuration>
Can someone point me to articles or provide assistance with the proper configuration?
i have created 5 pages which are back-end and should be accessible only to sitre admin that is me. how do i do it?
View 3 Replieswe want to create website based on asp.net and we want to update data in my site dialy. told me about admin module . is their any tutorials and screen shots for admin module
View 4 RepliesI have to develop a admin page in asp.net. For that I need a master page template which looks like admin panel, menu, CSS. I am seeking layout for admin panel I am not sure if this is the right place to ask this question. If it is not I request moderators to move this question to appropriate place.
View 2 RepliesWould like to have done so I can edit my metatags on my pages from the admin section. The code I have now, just insert the metatags on the page I'm on. How do I add metatag to my other pages?
Here is the code I have so far.
// Description
PagemetaTag.Name =
PagemetaTag.Content = TextBox4.Text;
headTag.Controls.Add(PagemetaTag);
HtmlMeta PagemetaTag =
new
HtmlMeta();"description";
Is there a Django-like admin interface generator for ASP.NET or ASP.NET MVC?If not, are there any tools that could assist in creating one?
View 2 RepliesI have created a site with webmatrix. When I try to run it, it says it cannot because it needs admin right to make the connection to port.I tried to run Webmatrix with admin right it doesn't change anything.
View 2 RepliesIn our project, we have a situation where the administrator needs to 'force log off' a particular user under certain conditions. In other words, the admin user needs to have the ability to kill any other user's session.Is this possible? By using the session properties, we can kill the current session (the current user's session) but is it possible (for the admin user) to kill some other user's session?
View 1 RepliesI am currently trying to figure out how to best go about implementing an administration side for my application.I have a user site, where users can log in, customize their profile, submit information etc.I would like administration users to be able to log in and be able to choose from a list of users. From there, the administrator can submit information for the user just like the user can.
Website Start Page > RogerRabbit > Submit Information
Website Start Page > BillyBob > Customize Profile
So my question is:
How should my pages be laid out?How should the Web.sitemap file look? Is there a nice way of creating a sitemap (maybe in memory?)Would this method have to use session variables?
have table for users have a some attribute one of them admin attribute have a bit data type when the user is admin it is true and i have ligin page and control panal page i want throw login page check for the user to redirect him to control panal if the user is admin the control panal will be displayed with moreoptions any one how can i doing this with select statement
View 2 RepliesI'm going to write an ASP.NET MVC 2 application using Domain Driven Design. I'm trying to figure out how to separate the Admin from the store front. I could create 2 MVC projects, but regarding the services for them, should they be in separate projects as well or could I use the CatalogManager, for example, for both, Admin and the store front, and mix up all the services?Currently I have a class library for each part of my domain (services, infrastructure, model, etc.)
View 1 RepliesI am using ASPDotNetStoreFront demo and i cannot login to the admin site. If i try logging in using the admin user on the front end i can login so that means the credentials are correct. When i enter credentials on the admin login screen the same page is refreshed. I have tried setting it up on different machines, tested on different browsers but the same issue persists.
View 1 RepliesHow do you create your web site data admin for your customers. Do you do them programatically or do you use any specific tool?
I have been using AspMaker and is not a bad option but I'm sure there are a few more options out there. I've seen that MS has a Web Data Administrator but for me it looks more than an sql server web admin tool rather than a frontend that has the business logic.