VS 2008 - Restricting Access To Web Pages (on Intranet Site) Based On Role Based Authorization

Jul 12, 2011

I have a simple intranet site. It has a role based authorization in the web.config file.

Any user's in a specific role called as "Apr-Sales-Writers" will be authorized to use those pages. If not, they will not be authorized. So far so good. Works fine. But we added additional functionality where a new active directory group (means new role) has to be added and user's belonging to this new AD group should be given access to only specific .aspx pages on the intranet site. I am using a web.sitemap and it looks like this.

If the user's belong to say AD group "Apr-Sales-Writers", they should access only default.aspx and salesData.aspx pages. User's belonging to new AD group (which I did not include in the web.config file below), should have access to other .aspx pages.

[CODE]<?xml version="1.0" encoding="utf-8" ?>
<siteMap xmlns="http://schemas.microsoft.com/AspNet/SiteMap-File-1.0" >
<siteMapNode url="default.aspx" title="Home" description="Home">
<siteMapNode title="sales Data" description="sales Data">
<siteMapNode url="salesData.aspx" title="sales Data" description="sales Data" />

[Code] ....

View 7 Replies


Similar Messages:

VS 2008 - Role Based Authorization For ASPX Pages

Aug 2, 2011

I am having a very simple intranet site. I took the sample for my project from [URL] ....

I have integrated windows authentication with Role based authorization. There are only 3 .aspx pages and I have a tree view control on the master page. depending on the choices that the user's make on the tree view control the .aspx pages gets displayed.

There are only 2 active directory groups. Sales and Marketing. My network id is not in Sales AD group.So obviously it prompts me to put userid and password and it throws not authorized error when i try to access PortfolioData.aspx page. So far so good.

But I am a member of AD group MARKETING. I should be able open the page Schedules.aspx (please see the config file below). But I still get the Error message 401.2.: Unauthorized: Logon failed due to server configuration.

Code:

<!--
<authorization>
<allow roles="domainADGROUP_SALES"/>
<deny users="*"/>
</authorization>

[Code] .....

View 2 Replies

Security :: Claims Based Authorization VS Role Permission Based Authorization?

Apr 26, 2010

Our team has recently implemented a role permission based authorization so that we can have granular control. This is similar to what Rockford Lhotka suggests herehttp://www.lhotka.net/weblog/PermissionbasedAuthorizationVsRolebasedAuthorization.aspx I have also read about the Claims based authorization which to me looks very similar to what we have. Can some one put in simple terms what the advantages of claims based authorization are.

View 1 Replies

VS 2008 Creating Role Based Authorization?

Feb 9, 2011

I have seen articles on Role Based Authorization in MS-Sql server-Asp.net but i did not find any article in MySql-ASP.net/vb.net, i am acheived this concept using session user name i am enabling certain parts of website to group A and certain parts of site to Group B but when i have more groups i cannot use this method.

Myrequirement is:

In Web applications, typically there exist certain parts of the site that only certain folks, or groups of persons can access. For example, imagine Web site used to administer the content on a company's public Internet Web site, where the public Web site lists products sold by the company. From the administrative site, all company employees might be able to make minor changes to the products' descriptions, quantity, and other such non-essential information. However, perhaps only a subset of trusted employees might be able to change the products' prices. And even a smaller subset of employees would be able to add new products or delete existing products from the database I would be delighted if any one provide the solution

View 9 Replies

Web Forms :: Role Based Authorization And Page Access Using Session?

Jun 16, 2015

i am developing the web application in Asp.net i hav many .aspx pages in the project some of belongs to Admin and some some of to Customer so how can i divide that and how to access admin pages to admin login and customer pages to customer login.  

View 1 Replies

Security :: Finding Guideline For 'Role-based Authentication/authorization'?

Aug 26, 2010

In my asp.net website in VS-2005 with SQL-Server 2005 as db, I need to implement role-based Authentication/Authorization.

I am familiar to the practises used in role-based authentication..as I have previously worked on projects that used this method. However, my project lead used to design the database. Now I have an existing website where authentication has been set to anonymous by setting 'allow users="?"' in the authentication tags in web.config.

If I use the createUserWizard control and use the Membership.creatUser(.....) method in code behind will the asp.net security tables, like users, roles, userinrole etc get created on its own?

View 3 Replies

Security :: Role Based Authorization Using Froms Authentication Fails?

Oct 5, 2010

I am trying to implement a simple role based authorization using forms authentication in ASP.net. It works perfectly fine in my local system but fails when I deploy in production (shared hosting). Whenever I try to log in, rather than taking me to the default page in specified directory it throws me back to the login page. I suspect that there is some issues with the configuration but not sure where the problem is. The code is provided below:

Web.config (root):

[Code]....

Web.config (Member directory):

[Code]....

Login.aspx:

[Code]....

Global.asax:

[Code]....

Works fine in local machine but shared hosting is not taking the authenticated user to the pages inside the secured folders. What can be the issue?

View 1 Replies

VS 2008 - Role Based Security Not Working In Application

Jul 12, 2011

I have an asp.net application. This is a role based authorization. Basically, if the user's are in a specific AD group, it should allow them to look at the webpage. Otherwise it should error out saying "not authorized".

In the web.config file, I have the following lines of code. I made sure I am in the Apr-Sales-Writers AD group.

Code:
<authorization>
<allow roles="Apr-Sales-Writers"/>
<deny users="*"/>
</authorization>

Issue: when I go to default.aspx page, it prompts for a userid and password and even though I put correct password and userid, it says "not authorized error".

Code:
Access is denied.
Description: An error occurred while accessing the resources required to serve this request. The server may not be configured for access to the requested URL.

Error message 401.2.: Unauthorized: Logon failed due to server configuration. Verify that you have permission to view this directory or page based on the credentials you supplied and the authentication methods enabled on the Web server. Contact the Web server's administrator for additional assistance.

In the IIS project (on IIS server), I configured it to be a "Integrated windows authentication".

View 1 Replies

C# - Access Datas Based On User Role?

Mar 21, 2011

How to access datas based on user roles in asp.net ? For example : i have two admins (admin1, admin2). In the frontend ,admin1 has full access to datas(view,add,edit,delete all datas) while admin2 has limited access to datas(view,add,edit,delete certain datas alone and not all datas)

View 2 Replies

MVC :: Strongly Typed User Control On All Pages Based On Login Status And User Role

May 9, 2010

I want to display a menu (which will be strongly typed with it's own unique model) across all pages only if a user is logged in.What menu items are available depend on the user's role and also I'll need to hit the repository to get numbers like "x Messages", etc

Been scratching my head for a simple solution here. Don't want to create something that need changes all over the place.All my controllers derive from a BaseController, all my Models from BaseViewModel....probably where I'll be implementing functionality for this.

View 3 Replies

Restrict Access To Web Site Based On Referrer, Cookies Or Something Else?

Feb 22, 2010

We have a scenario whereby we are hosting an ASP.NET MVC web site on behalf of someone else.The customer in this case wants us to restrict access to the web site, to those users who have logged in to their main portal. They should then only be able to get to our web site via a link from that portal.At this point I'm not yet sure what technology or authentication mechanism the 3rd party are using but just wanted to clarify what the possible options might be.If we call our hosted site B, and their portal web site A,as I see it we could:Check the referrer for all requests to B, unless they've come from A they can't get inCheck for a specific cookie (assuming A uses cookies)

View 2 Replies

C# Multiple Login Pages Based On Which Folder User Attempts To Access?

Jul 15, 2010

I have developed an application in ASP.NET 3.5 which utilizes the Membership and Roles Providers and Forms Authentication to manage user access and profiles.

There are various area's of this application that are only to be used by an admin users whom login using their email and password and the rest of the users log in using their telephone number and password via their iPhone.

For simplicities sake, I would like to have two different login pages, one that is formatted for the iPhone and performs the correct validation for users adding a telephone number and the other for the application administrators.

I want to redirect the user to their respective login page based on which folder they are attempting to access. For example say I have an application structure like this

/Admin
/Couriers
/Customers
/Whatever
Default.aspx
iPhoneLogin.aspx
adminLogin.aspx
Web.config

I want to be able to redirect users who go to [URL]/Whatever to iPhoneLogin.aspx and users to go to [URL]/Admin to adminLogin.aspx

View 1 Replies

Security :: Restricting Access To Folders And Pages?

Nov 16, 2010

I'm using user membership and roles. Below is my web.config for subfolder restriction.

[Code]....

The way I have above, no one can access this folder, mySub, except Administrators, Editors, and Members. However, here's what I want. I want to allow all and any user to the default.aspx page of this mySub folder and denied any other pages if they're not Administrators, Editors, and Members. One last thing, also denied access to addWord.aspx if they're not Administrators and Editors. I know I can list all the pages and give them various permission but I do not want to list all the pages. What's the best and easist way to accomplish this?

View 2 Replies

Security :: Custom Access Denied Page For Role Based Security?

Oct 27, 2010

I have implemented role based security in my asp.net 2.0 vb.net application using windows authentication and the windowstokenroleprovider and limiting access to certain pages using the location tag to specific active directory groups.

The issue is that when a user tries to access a page they are not authorized to view it brings up a login prompt and when it does not pass it takes them to the default page that tells them they are not authorized to view the page. I am wondering if there is a way to throw up a custom page that tells them they are not athorized to view the page that I can incorporate into the site itself with the header and so forth? if this page could come up in lieu of the sign in box popping up as well.

View 2 Replies

Security Tutorial 7 - User-based Authorization?

Nov 30, 2010

I am going through the Security Tutorials here on ASP.Net. I am currently working on the last part of the Membership - User-Based Authorization. The tutorial covers restricting access to specific pages or to directories using a second Web.Config file. I am running into a problem with the myLogin page DestinationPageURL. Here is what is happening: 1. When the website starts, the Login page opens. 2. If I log in with an existing user, I am sent to the Default.aspx page. That is what is in the yLogin.DestinationPageURL for the login page.

View 1 Replies

C# - Setting Up An Access Controlled Intranet Site?

Jan 26, 2010

An abstract high level idea of where to begin as I am totally clueless at this point.

Background:

I am setting up an intranet site (ASP .NET) where users from our local user group (who are also added in our user table) will have access to web applications they are given access to. Right now I am developing from my PC and using SQL Server 2005 Express as the database, but the final site will be hosted on an application server with IIS 6.0 and the database on an instance of SQL Server 2005. I am a .NET newbie and it's a daunting task, but the experience is worth a million dollars.

Details:

We are using Windows Athentication for our intranet site. Therefore I am not using ASP .NET's membership data sources. Rather all the user information will be stored in two tables tblEmployee (all employees in my company) and tblUser (all users of the intranet site).

tblEmployee has fields - EmployeeID, FirstName, LastName, CostCentre, Role, ManagerName, UserID
tblUser has fields - EmoployeeID, UserID, ApplicationID, AccessLevel, AddedBy, DateAdded

(I have set up these tables and I can change them any time).

What I need to accomplish - When an user goes to the intranet site, I can get his/her domain username. I need to check if this user exists in tblUser (domain username is same as UserID in tblUser). If user exists, we display all the applications he/she has access to, else display a "no access" page.

Specific questions:

What are some of the things I need to "learn"? (as I said before, I am a .NET newbie, but a fast learner too) I need to use URLAuthorizationModule for validating a page request. How do I hide the username from the URL? I was thinking along the lines of using a session ID... but then how do I know who the user is? I am sure these is a way to encrypt the UserID, just can't find it.

View 1 Replies

How To Get Users Based On Role

Jan 24, 2011

How could users in a "customer" role be retrieved from a MembershipUserCollection?

View 3 Replies

C# - Implement Role Based Security?

Jul 11, 2010

How to implement role based security in each page.

View 2 Replies

Web Forms :: Role Change DropDown Based?

Jul 30, 2010

1) I'm currently working for HR application with security roles

2) for that I created dynamic menu and set data source to sitemapprovider control with "AspNetSqlSiteMapProvider"

Now my client requirement is to change menu's based on drop down selection so that menus will be minimum and quite user friendly.for that I did following steps:-

Created Drop Down contains list of all Roles provided him in Master Page In Menu1_MenuItemDataBound event I grabbed the roles for that node and compared with role selected in drop down and deleted that node now what i need is on drop down_selected index change I want to recreate menu.

View 9 Replies

Security :: Want To Redirect The User After The Log In Based On His Role?

Mar 17, 2011

i want to redirect the user after the log in based on his role. e.g. admin, userI already read the other threads.. I already used this:

[Code]....

And this:

[Code]....

I also tried the above codes on the Page_Load event.

View 7 Replies

Web Forms :: How To Add Role Based Security Using (ul - Li) For Menus

Oct 25, 2010

How can I implement role based security that would show the admin tab if the user was logged in as a admin by using (ul-li) like the below code as a simple example. I do not want to use the menu control is this possible ?

<ul>
<li><a href="#">Services</a></li>
<li><a href="#">About us</a></li>
<li><a href="#">Admin</a></li>
</ul>

View 3 Replies

MVC :: Displaying View Content Based On Role?

Jul 28, 2010

I have developed an ASP.NET MVC 2 application on Framework 4. I have an 'Administration' link on the home page. My query is, what is the best approach of displaying the 'Administration' link only to the users in the role administrator and hiding it from others keeping in mind the Seperation of Concern bit.

View 2 Replies

How Add Role Based Security The Files In A Folder

Jan 4, 2010

I am building an ASP.NET 3.5 Web Application and I am NOT using the membership provider for security. In the application I have a role named Admin and all the files for this role are inside the Security folder in the project. Currently for all the pages inside the security folder I am checking to see if the logged in user's role is an Admin or not. This to me seems very redundant, can do something like "If the user is requesting a page inside the security folder then check his role".

View 1 Replies

Web Forms :: URL Rewrite And Role Based Menus?

Dec 9, 2010

I have a page, program.aspx. Users with different roles have a different URL.

e.g., [URL] [URL]

I also used URL rewrite to rewrite the URLs, so users will see the following URLs from the browser

[Code]....

I defined the following access rules for the above pages.

[Code]....

The problem is when the admin users access the pages, they still have access to supervisorprogram.aspx. Vice versa for the supervisor users.

View 3 Replies

Security :: How To Redirect Logged In User Based On Role

Nov 25, 2010

I want to know how can i redirect a user to a different page when he tries to access a page restricted to another role?

The scenario is as follows:

I have a folder "Gestao" that only allows users in role "Administrator"

[Code]....

If an anonymous user tries to access that folder he is redirected to the login page, but if a logged in user whose role is "friend" tries to access this folder he is also redirected to the login page. I want to redirect him to a page showing a message that he has no permission to access that page/area.

How can I do that? Should i have code on the Page_load event of the login page checking the user role and then redirect him to the correct page? Or is there some otherway to do this?

View 2 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved