Security :: Allowing Access To Users Who Are In Multiple Roles?

Feb 26, 2010

I have a web.config file with <authorization> section. I'm using window authentication.

The problem is that I would like to allow access to the web site to those users who are in multiple roles.

For example:

<authorization>
<allow roles = "Role1 AND Role2"/>
<deny users="*"/>
</authorization>

(Meaning I would like to allow access only to those user who are both in Role1 AND Role2.)

Is this possible to achive this?

If not, what would be the alternatives?

Note: Currently I'm doing the roles assignment in the Global.asax file in the OnAuthenticateRequest event (i'm reading the groups that the current user belong to in the Active Directory).

View 4 Replies


Similar Messages:

Security :: Multiple Applications Use Same Users & Roles?

Jan 10, 2011

I am using ASP.NET Membership with the default provider. I have a project where there are 3 different applications(seperated by the applicationName). Now I need every user to be able to log in to all the applications, but have a seperate role in each.Is this possible(I dont want to duplicate user details or logins for the same person)?

View 4 Replies

Security :: Regain Access To Manage Users And Roles For This Application?

Sep 23, 2010

I am working on an application that resides on a development server on our internal network. The application was originally written to use Membership and Roles. We got busy almost a year ago before the app was finished, and now we are trying to get it ready to use internally.

The login page works just fine, but I have lost the ability to controls users and roles. I am running Visual Studio 2010 Professional now on a Windows 7 VM. I can open the application fine but there is no Web Administration Tool available for me to manage users or roles. If I go to Website -> in Visual Studio, there is no option for ASP.NET Configuration in the drop down menu. It simply isn't there.

How can I regain access to manage users and roles for this application? We are using Forms authentication and the database resides on a SQL Server 2005 instance on a separate box from the web server and my local VM.

View 1 Replies

Security :: Multiple Roles For Multiple Page Access?

Jan 20, 2011

I'm planning to make a page that has about 10 different pages for varying use, for example, stats, data entry, reports, logistics, audit, sales, promo, etc etc. I'm anticipating there will be many combinations as to what pages a user may have access to, for each page, a user ought to be authorized to either enter new data, edit data, print and/or just view.

My questions are :

1. can membership & roles be used, once user is logged in, to display links to all the areas of the web app he is allowed access to?

[code]....

2. besides having access to a particular page, a user should, as mentioned before, be authorized to either enter new, edit, print and/or just view data.
3. Is there a preferred/better method to handle this besides using membership & roles?

View 3 Replies

Security :: How To Hide Multiple Roles With Roles.getallroles()

Mar 7, 2011

I have a multi level application that I am developing and need to block multiple rows from being joined. I know how to hide one role but I cannot figure out how to hide multiple.

Here is my current code

[Code]....

View 2 Replies

Architecture :: Allowing Access To Multiple Customers For One User With Url Rewriting

Jan 27, 2010

I am currently developing a solution in which the user logs in once and can work on multiple customers at the same time on my site.I've looked at all possible solutions involving sessionid having stored the customerid, to launching a new browser session so i could have multiple sessions for one users etc. I also looked at using cookieless sessions.But the all fail because it's not a simple solution and in my opinion a simple solution is most of the time a good and predictable solution.

Therefore i came up with the idea to use url rewriting(i've seen this used in other applications). When the user opens a customer, i would like to start his url as follows "~/Customers/xxxxxxx/*.aspx" where xxxxxx represents the customerid. and *.aspx represents a complete subset of pages of my site. This would allow me to use a simple technique to use multiple user sessions within a single asp.net session.

Now coming to my problem, I have never done some url rewriting, therefore my questions:

- Is this possible.

- Can i protect all the pages that need a customerid as input(come to think of it, if no customerid in the querystring, redirect to a selection screen would be sufficient).

- How do i adopt all urls used in a sitemap etc in a structured way.

View 3 Replies

Security :: Synchronization Between Two Users With Different Roles?

Jul 2, 2010

I'm workin with Visual studio 2010 and I'm trying to create an ASP.net Web Site, language used - C#

I have 2 different pages, for 2 different users with 2 different roles.Each page has a textbox.I have already created them.What I want to do, is to make a bind between this 2 textboxes, so that the second to get the first boxes' text.I managed to do it, but only if the textboxes are on the same page, very easy (Textbox2.Text=TextBox1.Text) . But how to do it for 2 different pages, for 2 different users with 2 different roles?

Another trouble would be....How can I connect the both users same time....after i start debugging the project, I do a sign in but when I sign in with the second user,the first is automaticly siggned out and the text it's lost.Then, how can they synchronize and the second user see what the first one wrote,using that 2 textboxes? Wich is the solution?

View 4 Replies

Security :: Edit Users Roles In Gridview?

Sep 14, 2010

I am trying to implement a page for an admin to edit other users details including roles and profile. I have a custom profile provider that stores data in database. My implementation is a page that shows username and allows an admin to reset user password, unlock users and approve and disapprove the users. I wanted to add a column in the gridview to allow the admin to remove or add a user to a role with the constraint that a user should be added only to one role.

View 1 Replies

Security :: Authorize And Authenticate Users By Roles?

May 18, 2010

How can I authorize and authenticate users by roles? I have roles table and user's table, role Id is the primary key in the roles table and foreign key in the user's table.

View 4 Replies

Security :: Net Users And Net Roles Features Not Available In IIS7

Dec 13, 2010

I'm running IIS7 ( in integrated mode ) and Net. 4.0 framework on Windows 7.

a) If web application runs within Asp.Net v4.0 pool, then both Net Users and Net Roles features are not available.

b) I assume Asp.Net 4.0 apps can only run within Asp.Net v4.0 pools?

View 1 Replies

Security :: Use Roles Stored In SQL And AD Users / Groups?

Feb 7, 2011

I need to create a site that is Roles based and can use AD groups and Users. I found Scott Mitchell's tutorials for setting up "role-based-authorization-cs" [URL]

I've changed to using Windows auth. instead of forms and am pointing it to a remote SQL Database. I can successfully add a user/password/email etc. (although I believe the password and email sections aren't required and would like to remove them as options).

When I create a user (usera) and login to a windows box as usera the menu displays correctly based on the Roles I've added the user to in the SQL Database.

When I add an AD Group and add it to the same Role the menu's that are displayed do not match that of usera.

I'd like to be able to add entire AD groups (They can obviously change so it needs to be dynamic in some way), as well as add individual AD users to Roles. I'd prefer to do this via a Web interface.

My questions are.

1. Am I going about this the right way?

2. If I'm not what would be a better way?

3. If I am what do I need to do to allow ADGroup lookup?

View 2 Replies

Security :: Transfer Users Roles Etc Form One Db To Another?

Jan 27, 2011

i hve 3 applications with membership providers which are wrking perfectly.. i am storing the users , roles , profiles etc in the same database as for the each application. now i want to store users roles etc in a single db n application data in separate db.. how can i shift existing users from current db to new db without re-creating them ..

View 6 Replies

Security :: How To Create Roles For The Existing Users In Database

Jun 10, 2010

I am newbie to asp.net.I want to create roles for the existing users in my database. I dont want to use the membership provider database n roles provided with it.(i don't want to use aspnet.mdf at all)

I am create roles for my existing users n assign i wanted to assign the particular roles to a particular assign.

View 2 Replies

Security :: Login Goes To Sql Server For Users And To SqlExpress For Roles?

Sep 9, 2010

I have a site witl forms authentication using te login control. I altered my sql server, I added a connectionstring and used the connectionstring in both, <rolemanager> and <Membership>. That part of the web.config is listed below.

The problem is that the login control goed to SQLserver to check the users and their passwords, but it goed to the SQLExpress database for the roles.....

[code]...

View 3 Replies

Security :: Create Users And Assign Roles After Deployment?

Feb 18, 2010

I have set up a very simple authentication page where the user enters his password and if successful authentication occurs the program allows the user to make use of the controls in the page.

I used ASP.Net Configuration to create the user and roles, SQL Membership Provider for the authentication tables and asp login controls to authenticate.

Is there any way to add users and roles once the project is deployed? Could I use the ASP.Net configuration page? and if so how?

View 3 Replies

Security :: Calling Roles.AddUserToRole Inserts Two New Users

Jan 2, 2011

I'm trying programatically to create a new user, that's working OK on it own, but whenever I add the following line to my code, it seems to create two new members with the same name in my aspnet_Users table?

Roles.AddUserToRole(newUser.ToString(), "Registered");

Here's my code:

[Code]....

View 6 Replies

Security :: Managing Users And Roles Across Different Projects In A Solution?

May 27, 2010

Initially, in my solution I had one project, and had set up all that is required for asp.net security, and that includes users and roles and access rules, etc. All of that was and still is working fine.

Now I added another project to my solution, and my first project points to pages in the second project.

The problem is that it seems like the users and roles are not being transferred accross projects. Not sure if I am explaining my problem correctly...if not, feel free to ask...

Its my first time trying to manage users and roles accross projects within a solution.

View 1 Replies

Security :: Unable To Use Existing Database Users And Roles, In New Web Application?

Jul 13, 2010

I am creating a Web Application in asp.net 2.0 and sql server 2005.I want to use an existing database.

I have created a login and a signup page. Then i replace the new SQL database (the one that is created automaticly by the visual studio) with the exiting database I have.If I create a new user, the new user goes to the database and I can login with the new user. I cannot login with the existing users.If I go to the asp.net configuration, I only can see the new users I have created, I cannot see the users that were in the database already and I can't see the roles also.

I can I make the new application to recognize the users and roles of the existing database?

View 9 Replies

Security :: Development Time Can Managment Roles And Users By Clicking?

Mar 26, 2010

in development time i can managment roles and users by clicking from main menu website -- > ASP.Net Configuration but how to do that after deploy ??

View 4 Replies

Security :: Roles Not Applying In Web.config (NTLM Authenticated Users)

Jun 3, 2010

I am not able to allow/deny users based on roles in the web.config (using <location path>). The following does not work even if the user is in the 'Admin' role:[Code]....

I am able successfully execute IsUserInRole() and GetRolesForUser() in the codebehind and get expected results. The same applies to the web.sitemap, adding roles in there do not seem to apply to the user even if he is a member of the role.

Here is my web.config (trimmed some sections out so it's not too long):[Code]....

And web.sitemap:

[Code]....

View 8 Replies

Security :: Finding Sample Admin Page For Managing Users And Roles

Nov 9, 2010

Can anyone point me to a sample admin page for managing users and roles (forms authentication). Something like the security section of the WSAT, but for a finished site.

View 3 Replies

To Implement Code Access Security, And URL Based Security Using The Roles & Types?

Apr 24, 2010

[ASP.NET 3.5, FormsAuthentication, SQL Server]

In the Roles table there is Role, and RoleType.

I have 3different roles, 2 of which have sub-roles.

Example

Role----------------------Type

Adminstrator
Subscriber---Basic
Subscriber---Business

I need to implement Code Access Security, and URL based security using the roles & types...

For instance, the (Subscriber/Basic) would need to view a different set of pages, and have different access to things then a (Subscriber/Business).

I think I can handle the Code Access security with a custom attribute, but I am unsure to how enforce a User be apart of 2 roles in the URL Authorization.

I am currently using the web.config to deny/allow access to the directories/pages.

e.g.

/Areas/Admin/web.config

[Code]....

Is it possible to force the user to be apart of 2 roles with this technique?

View 1 Replies

Security :: Allow Admin Users To Access Basic Users Accounts?

Aug 26, 2010

Allow Admin Users to Access Basic Users Accounts?

View 4 Replies

Security :: Web.config Roles / How Can Access

Jan 10, 2011

I have three roles:

AdminEditorGeneral

How can i give acces so to:

1- All users in roles Admin and Editor
2- Specific users from role General

i tried this but with no luck:

[Code]....

View 2 Replies

Security :: Access When Changing Roles?

Nov 3, 2010

well i have a simple application using an authentication (user and password) before accessing and there are several roles bound to each user.

in my web.config i have configured the acces for each page according to each role, this is an example below:

[Code]....

and i have 2 users:

1: admin (default role: administrator)

2: guest (default role: role1)

my problem is as follows:

if i give acces to the user "guest" to open the "admin.aspx" page with changin him his role from "role1" to "administrator", this one do not function except if i recharge the web.config file to the server it's just after this manipulation that this user "guest" arrives to open the page "admin.aspx".

i don't know why this problem occurs, normally changing the user role will applies instantaneously.

View 6 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved