Security :: Set Up Some Roles In Configuration Nothing Added To Web.config?
Feb 17, 2010
I quickly setup Roles to get my site up, but now I am going back and tightening them up. I have a custom SQL Server database Provider to hold users.I want 3 Roles, Admins, Progress and then a standard User.I have all the files only Admins to use are in a folder SecureAdminI have all the files only Progress to use are in a folder SecureProgress And all the files that everybody has access to are in the Secure Folder.As soon as I added the Custom XML Site provider, my Tree View disppeared. I would assume it's because my roles are not configured correct. I can use the ASP.NET configuration tool to see my roles and users, but any combination I try in there doesn't seemto do anything. I see most examples have some code like below.
But even when I set up some roles in the ASP.Net configuration, I never see anything like that added to my web.config? Is this because it is stored in the database? If not, what what I add to my web.config to make this work?
When I drag/drop a Chart or ReportViewer control onto my page the web.config updates with said assemblies however my website fails to load. Removing the controls and assembly tags successfully starts the website however I cannot seem to understand why the website has issues when the Chart, for instance, is loaded.
The site is live within an intranet space which was originally created in .asp however the .aspx pages I create do work with other controls such as gridviews etc.It seems altering the web.config causes issues but I just want to know how I can get the chart etc controls working?
I am not able to allow/deny users based on roles in the web.config (using <location path>). The following does not work even if the user is in the 'Admin' role:[Code]....
I am able successfully execute IsUserInRole() and GetRolesForUser() in the codebehind and get expected results. The same applies to the web.sitemap, adding roles in there do not seem to apply to the user even if he is a member of the role.
Here is my web.config (trimmed some sections out so it's not too long):[Code]....
I am working on an Ecommerce website. I have created a database using Server Explorer named 'MyTestStore' and created Tables and Stored procedures inside it.
Than I used the program called aspnet_regsql.exe (which is in:
C:windowsMicrosoft.NETFrameworkv2.0.50727) to create the membership and roles tables. And this tool created all the membership tables in the MyTestStore database. All is fine till this point.
Now I need to enable roles, insert admin and users into this membership tables in my database. so I opened up ASP.Net Configuration Tool but when I enable and create roles it automatically creates a database called ASPNETDB under App_Data folder whereas, I want to have the roles enabled in the database MyTestStore. But it keeps creating the database ASPNETDB. How do Imap the ASP.Net configuration Tool to create and add users into my database called MyTestStore instead of that default ASPNETDB.
I can access the website I've created on my local machine in debug mode; and with my domain account as a local administrator, if I do this:
I can still access the website; and with my domain account in a Domain Group named "DomainDomainLocalSecurityGroup", if I do this:
I can still access the website; HOWEVER, if I create a Local Group on my machine named "LocalMachineGroup" and I add "DomainMyDomainUserName" to this group and I do this:
I get an Access Denied error trying to access the website. What I want to do is, have a group on my local machine (for testing), on a test web server, and on a production web server named "MyWebsiteUserAccess" with the same Domain Group (filled with Domain Users allowed access to the site) in all of these local groups; so that when I test the web application on my local machine, on my test web server and on my production web server, I don't have to change the Web.config file to have it work on each AND if the Domain Group name ever has to change, it won't affect access to the website.
What am I overlooking or is this even possible to do this way? I understand that there is a way to do Role Management through ASP.NET but I don't understand that well enough yet to implement that (and will probably go that route once I've done the research on how to best implement it for purpose of access control of this intranet site).
As mentioned in subject line I'm not able to configure role based website in IIS7. Please find details below.
.Net Framework: 3.5
Server: Windows 2008
Database: SQL Server 2008
Authentication Type: Form Based
Roles/Membership Provider: User defnied.
After setuped my website in iis7 while trying to Login in web page even I entered correct password it says Incorrect password in Login control.After long googling I suspecty that we need to add "Provider to trusted provider" to Authorized provider. I have gone http://www.iis.net/ConfigReference/system.webServer/management/trustedProviders/add but didn't works for me. Can you anyone please help me in this.
I developed a site for a client a couple of years ago. It uses the the standard ASP.NET Membership, authentication, etc. I just added the profile section with (2) fields: CustID AgntID. Now whenever I load the page with any Profile code in it I receive this error: Violation of UNIQUE KEY constraint 'IX_aspnet_Users'. Cannot insert duplicate key in object 'dbo.aspnet_Users'. The INSERT statement conflicted with the FOREIGN KEY constraint "FK__aspnet_Pr__UserI__3CA9F2BB". The conflict occurred in database "broo001", table "dbo.aspnet_Users", column 'UserId'. The statement has been terminated. The statement has been terminated. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Violation of UNIQUE KEY constraint 'IX_aspnet_Users'. Cannot insert duplicate key in object 'dbo.aspnet_Users'. The INSERT statement conflicted with the FOREIGN KEY constraint "FK__aspnet_Pr__UserI__3CA9F2BB". The conflict occurred in database "broo001", table "dbo.aspnet_Users", column 'UserId'. The statement has been terminated. The statement has been terminated. Source Error:
Newb question: what is the standard practice for assigning roles to newly signed-on members. Is it usually manual or is there a way of automatically assigning roles. Being completely new to this, I am confronted by the issue of my site having three different roles that new members could fall into, but am unsure about how to assign each a role. I can't imagine having to go through the process manually if I have thousands of members.
I want to be able to specify which roles having access to certain controllers in web.config and use it something like this:
..but the compiler says "Error 1 An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type...". How to accomplish this behavior?
Specifically what I want to do is to disallow access to most of the site for unauthenticated users, allow access to some of the site for authenticated users who belong to a certain role, and allow full access to users from a second role.
Dim roleRedirectSection As LoginRedirectByRoleSection = DirectCast(ConfigurationManager.GetSection("loginRedirectByRole"), LoginRedirectByRoleSection)
...I get the following error:
Message: "An error occurred creating the configuration section handler for loginRedirectByRole: Could not load type 'sitename.LoginRedirectByRoleSection'. (W:Webs2010DEVsitenameASP 4.0web.config line 10)"
which before I changed sessionState to "InProc" worked as supposed to: menu item "Administrator" appeared as a menu choice only when user had logged in with admin rights. Now this menu choice is present for every user.
I want to add a new rule in my web.config file programmatically,
ex: I have a textbox to add location path I have a combobox (with items admin and user) to add roles. ex: user input location path = textbox roles = combobox (items admin and user) the save button, when click the save button the results go to the web config :
The reason I found was that it was looking for app.config and I had provided the details in web.config. My question is why does the system.configuration differentiate between web.config and app.config.
I upgrade my application from .NET 2.0 to .NET 4.0. Everything went smooth, with very few errors. Now the code is compiling fine, but run time environment is loading the configuration parameters from app.config instead of web.config;Here is my setup:Objects project: has app.configUI project: has web.config, When I run this site, it is fetching the configuration parameters from app.config. Any idea if I need to make any changes to read it from web.config instead of app.config? It used to work fine in my previous environment.
I built my ASP.NET website using vs2008 professional.
Now I have purchased vs2010 professional edition.
I do format my computer and then installed vs2010.
Now I want to deploy my website in vs2010, but it is giving configuration error in <add assemblies...
Configuration Error Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
Parser Error Message: Could not load file or assembly 'System.Core, Version=184.108.40.206, Culture=neutral, PublicKeyToken=b77a5c561934e089'