VS 2008 - Role Based Authorization For ASPX Pages
Aug 2, 2011
I am having a very simple intranet site. I took the sample for my project from [URL] ....
I have integrated windows authentication with Role based authorization. There are only 3 .aspx pages and I have a tree view control on the master page. depending on the choices that the user's make on the tree view control the .aspx pages gets displayed.
There are only 2 active directory groups. Sales and Marketing. My network id is not in Sales AD group.So obviously it prompts me to put userid and password and it throws not authorized error when i try to access PortfolioData.aspx page. So far so good.
But I am a member of AD group MARKETING. I should be able open the page Schedules.aspx (please see the config file below). But I still get the Error message 401.2.: Unauthorized: Logon failed due to server configuration.
Code:
<!--
<authorization>
<allow roles="domainADGROUP_SALES"/>
<deny users="*"/>
</authorization>
[Code] .....
View 2 Replies
Similar Messages:
Jul 12, 2011
I have a simple intranet site. It has a role based authorization in the web.config file.
Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.
If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.
[CODE]<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="default.aspx" title="Home" description="Home">
<siteMapNode title="sales Data" description="sales Data">
<siteMapNode url="salesData.aspx" title="sales Data" description="sales Data" />
[Code] ....
View 7 Replies
Feb 9, 2011
I have seen articles on Role Based Authorization in MS-Sql server-Asp.net but i did not find any article in MySql-ASP.net/vb.net, i am acheived this concept using session user name i am enabling certain parts of website to group A and certain parts of site to Group B but when i have more groups i cannot use this method.
Myrequirement is:
In Web applications, typically there exist certain parts of the site that only certain folks, or groups of persons can access. For example, imagine Web site used to administer the content on a company's public Internet Web site, where the public Web site lists products sold by the company. From the administrative site, all company employees might be able to make minor changes to the products' descriptions, quantity, and other such non-essential information. However, perhaps only a subset of trusted employees might be able to change the products' prices. And even a smaller subset of employees would be able to add new products or delete existing products from the database I would be delighted if any one provide the solution
View 9 Replies
Apr 26, 2010
Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.
View 1 Replies
Aug 26, 2010
In my asp.net website in VS-2005 with SQL-Server 2005 as db, I need to implement role-based Authentication/Authorization.
I am familiar to the practises used in role-based authentication..as I have previously worked on projects that used this method. However, my project lead used to design the database. Now I have an existing website where authentication has been set to anonymous by setting 'allow users="?"' in the authentication tags in web.config.
If I use the createUserWizard control and use the Membership.creatUser(.....) method in code behind will the asp.net security tables, like users, roles, userinrole etc get created on its own?
View 3 Replies
Oct 5, 2010
I am trying to implement a simple role based authorization using forms authentication in ASP.net. It works perfectly fine in my local system but fails when I deploy in production (shared hosting). Whenever I try to log in, rather than taking me to the default page in specified directory it throws me back to the login page. I suspect that there is some issues with the configuration but not sure where the problem is. The code is provided below:
Web.config (root):
[Code]....
Web.config (Member directory):
[Code]....
Login.aspx:
[Code]....
Global.asax:
[Code]....
Works fine in local machine but shared hosting is not taking the authenticated user to the pages inside the secured folders. What can be the issue?
View 1 Replies
Jun 16, 2015
i am developing the web application in Asp.net i hav many .aspx pages in the project some of belongs to Admin and some some of to Customer so how can i divide that and how to access admin pages to admin login and customer pages to customer login.
View 1 Replies
Jul 12, 2011
I have an asp.net application. This is a role based authorization. Basically, if the user's are in a specific AD group, it should allow them to look at the webpage. Otherwise it should error out saying "not authorized".
In the web.config file, I have the following lines of code. I made sure I am in the Apr-Sales-Writers AD group.
Code:
<authorization>
<allow roles="Apr-Sales-Writers"/>
<deny users="*"/>
</authorization>
Issue: when I go to default.aspx page, it prompts for a userid and password and even though I put correct password and userid, it says "not authorized error".
Code:
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.
In the IIS project (on IIS server), I configured it to be a "Integrated windows authentication".
View 1 Replies
May 9, 2010
I want to display a menu (which will be strongly typed with it's own unique model) across all pages only if a user is logged in.What menu items are available depend on the user's role and also I'll need to hit the repository to get numbers like "x Messages", etc
Been scratching my head for a simple solution here. Don't want to create something that need changes all over the place.All my controllers derive from a BaseController, all my Models from BaseViewModel....probably where I'll be implementing functionality for this.
View 3 Replies
Apr 8, 2010
Using ASP.NET (C#) I have set up Authorization Manager to allow me to handle roles on a website. Added users to roles is simple Roles.AddUserToRole("DOMAIN\UserName", "role"). However I want to list the users belonging to a role, but since they are stored as SID's, displaying them would not be that helpful. To get the users, I am thinking XML would have to be used, although is it possible to use COM Interop to both do that and get the user name? Either way, how can I get the users belonging to a role?
The table to manage roles would basically be like this:
Role User
---- ----
admin DOMAINUserName [delete]
DOMAINUserName2 [delete]
[add user text box]
news DOMAINUserName3 [delete]
[add user text box]
View 2 Replies
Feb 21, 2010
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Directory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused. You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Finally, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users. see my tables diagram below:
Let's say I assign UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authorization ticket like ASP.NET role prover does too.
View 1 Replies
Jun 13, 2012
I have a sitemap defined in a web.sitemap file and I'm also doing role-based authorization for locations using web.config. I'm using the web.sitemap to generate a menu structure on a Master page, and I wanted to somehow hook the role-based auth from web.config into my menu to hide links to pages that would be denied access from the roles auth.
Is it possible to read the list of <location path=""> and associated role authorizations (allow or deny) from web.config so I can check that against the web.sitemap when generating the menu structure?
View 8 Replies
Feb 21, 2010
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
View 1 Replies
Jan 11, 2011
I am working on the migration of the server. Our new server is Windows server 2008 with IIS7.0 I have a great difficulty in browsing the pages hosted in virtual directories. I have followed the proper steps of creating a virtual directories and converting them into applications. But when i try to browsing the pages of the virtual directory, i get the 404 error. Note: The .Net Framework 4.0 is installed on the server and the web applications which i am trying to configure in the virtual directories are developed in Visual Studio 3.0. Even the http://localhost also don't work.
View 9 Replies
Mar 1, 2011
i am developing in asp.net and i use different JavaScript and CSS files.
i have a master page "masterpage1" a folder admin in this folder i have a masterpage, called masterpageadmin which inherits from the masterpage1 and all aspx files in the folder admin inherits from the masterpageadmin only the "admin" role can acess to the masterpageadmin and aspx files in the folder admin
My question:
how should i reference in my masterpage1 my JavaScript and CSS, so that the aspx files in the admin folder can use them.
View 2 Replies
Nov 30, 2010
I am going through the Security Tutorials here on ASP.Net. I am currently working on the last part of the Membership - User-Based Authorization. The tutorial covers restricting access to specific pages or to directories using a second Web.Config file. I am running into a problem with the myLogin page DestinationPageURL. Here is what is happening: 1. When the website starts, the Login page opens. 2. If I log in with an existing user, I am sent to the Default.aspx page. That is what is in the yLogin.DestinationPageURL for the login page.
View 1 Replies
Jan 24, 2011
How could users in a "customer" role be retrieved from a MembershipUserCollection?
View 3 Replies
Jul 11, 2010
How to implement role based security in each page.
View 2 Replies
Jul 30, 2010
1) I'm currently working for HR application with security roles
2) for that I created dynamic menu and set data source to sitemapprovider control with "AspNetSqlSiteMapProvider"
Now my client requirement is to change menu's based on drop down selection so that menus will be minimum and quite user friendly.for that I did following steps:-
Created Drop Down contains list of all Roles provided him in Master Page In Menu1_MenuItemDataBound event I grabbed the roles for that node and compared with role selected in drop down and deleted that node now what i need is on drop down_selected index change I want to recreate menu.
View 9 Replies
Mar 17, 2011
i want to redirect the user after the log in based on his role. e.g. admin, userI already read the other threads.. I already used this:
[Code]....
And this:
[Code]....
I also tried the above codes on the Page_Load event.
View 7 Replies
Oct 25, 2010
How can I implement role based security that would show the admin tab if the user was logged in as a admin by using (ul-li) like the below code as a simple example. I do not want to use the menu control is this possible ?
<ul>
<li><a href="#">Services</a></li>
<li><a href="#">About us</a></li>
<li><a href="#">Admin</a></li>
</ul>
View 3 Replies
Jul 28, 2010
I have developed an ASP.NET MVC 2 application on Framework 4. I have an 'Administration' link on the home page. My query is, what is the best approach of displaying the 'Administration' link only to the users in the role administrator and hiding it from others keeping in mind the Seperation of Concern bit.
View 2 Replies
Jan 4, 2010
I am building an ASP.NET 3.5 Web Application and I am NOT using the membership provider for security. In the application I have a role named Admin and all the files for this role are inside the Security folder in the project. Currently for all the pages inside the security folder I am checking to see if the logged in user's role is an Admin or not. This to me seems very redundant, can do something like "If the user is requesting a page inside the security folder then check his role".
View 1 Replies
Dec 9, 2010
I have a page, program.aspx. Users with different roles have a different URL.
e.g., [URL] [URL]
I also used URL rewrite to rewrite the URLs, so users will see the following URLs from the browser
[Code]....
I defined the following access rules for the above pages.
[Code]....
The problem is when the admin users access the pages, they still have access to supervisorprogram.aspx. Vice versa for the supervisor users.
View 3 Replies
Mar 21, 2011
How to access datas based on user roles in asp.net ? For example : i have two admins (admin1, admin2). In the frontend ,admin1 has full access to datas(view,add,edit,delete all datas) while admin2 has limited access to datas(view,add,edit,delete certain datas alone and not all datas)
View 2 Replies
