I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
I have a problem using windows authentication and the authorization-tag in web.config for my asp.net application. When I host the application in IIS (both in IIS 6 and IIS 7) the authorization-tag is ignored. When I run the application in asp.net development server that comes with visual studio 2010, it works perfect.
To test I have been using "Administrators" which is a valid role so should allow me access and "TEST" which isnt. This works fine when using the above attribute however when I comment that out and use this in my Web.Config file:
I'm testing this on my local dev environment using Cassini and on a test web server running IIS 6. Both systems/sites work the same way and allow anyone access to any page. Both systems/sites also return correct data when programmatically checking Roles.GetRolesForUser and User.IsInRole.
Is it possible to have location authorization nodes in a web.config be external?
Such that I could take all of the nodes simlar to
And move them outside of the web.config or something simlar? I find these nodes at an extreme amount of noise to a web.config when they're relatively static. Normally my approach would be to config source something like this but since it falls under the root node I'm not sure of it's possible with these nodes.
I have Windows Authentication enabled, and I can verify that without the line that my REMOTE_USER is MYDOMAINmyusername.
However, when I try to deny all users, I am prompted with the typical Windows domain username/password box. If I enter the username password, the prompt comes back up again 3 times until finally presenting me with a failure message. (I have also tried to no avail)
Looking in the event viewer, it appears as if my login using the username and pw is successful in the audit ... and to further that point, my account is not being locked out (which it would if I were failing to login over and over). So it's as if I am logging in, but the configuration is not seeing what I entered as matching my login.
Below is the message I see (even when connecting from the server using localhost):
**Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.**
In my web.config file, I have an authorization section that is supposed to deny all users EXCEPT for those included in the group specified. However, my login form doesn't allow these users to proceed to the next page - the login form just reappears as if the user has been denied. Code:
I have a user named 'test' that is in the Student Council group. I've tried 'allow users' and 'allow roles' with no success. I've also confirmed that the user is able to log into any workstation in my domain.
I have a sitemap defined in a web.sitemap file and I'm also doing role-based authorization for locations using web.config. I'm using the web.sitemap to generate a menu structure on a Master page, and I wanted to somehow hook the role-based auth from web.config into my menu to hide links to pages that would be denied access from the roles auth.
Is it possible to read the list of <location path=""> and associated role authorizations (allow or deny) from web.config so I can check that against the web.sitemap when generating the menu structure?
I want to maintain different user authorization lists for different environments. I know that connectionstrings can be broken out in an external file with configSource, but how would I do this for the following?
I implemented the Location tag in the web.config file to authorize the anonymous users for Images folder. I deployed the code in IIS6.0 with Forms authentication mode enabled for the virtual directory. I disabled all other authentication modes. When I browse the login page, Images are not displaying. When I set Anonymous authentication in IIS6.0 for the Image folder, it works fine.
I'm using an autocomplete contol of ajax toolkit. Yesterday a user found that it had stopped working (it wasn't generating the list as you type letters in the textbox). After hours of troubleshooting, I found that in web.config <httpHandlers>, this line
<remove verb="*" path="*.asmx" /> was placed after the <add> line like this: <httpHandlers> <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=184.108.40.206, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
So I am new to ASP.NET MVC and I would like to create a view with a text box for each item in a collection. How do I do this, and how do I capture the information when it POSTs back? I have used forms and form elements to build static forms for a model, but never dynamically generated form elements based on a variable size collection.
I want to do something like this in mvc 3:
How do I do a text box for each guest? And how do I capture them in the action method that it posts back to?