Cannot set specific authorization to a folder

Discussion in 'ASP .Net Security' started by Magnus, Nov 5, 2007.

  1. Magnus

    Magnus Guest

    Hi,

    I have a web application with the following web.config (I removed area not
    regarded to security).
    I have a local group called ITCoordinators that I want to give access to the
    existing folder Downloads in my root application.

    I have no problem to reach the root application, but when trying to access
    Default.aspx in the folder Downloads I get Access Denied.
    I am logged in as a domain user that is directly added in the local group
    ITCoordinators.
    I also tried from other computers but it doesn't work.
    The local group ITCoordinators are located at my web server called sto45. I
    also tried without writing sto45\ but it didn't work.
    <configuration>
    <system.web>
    <authentication mode="Windows"/>
    <authorization>
    <allow users="*"/>
    </authorization>
    </system.web>
    <location path="Downloads" inheritInChildApplications="true">
    <system.web>
    <authorization>
    <deny users="*" />
    <allow roles="sto45\ITCoordinators" />
    </authorization>
    </system.web>
    </location>
    </configuration>

    Please help
    Regards /Magnus
    Magnus, Nov 5, 2007
    #1
    1. Advertising

  2. Magnus

    Joe Kaplan Guest

    It doesn't look like you have impersonation enabled, so the security check
    would be done with the process account instead of the identity of the
    authenticated user.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "Magnus" <> wrote in message
    news:...
    > Hi,
    >
    > I have a web application with the following web.config (I removed area not
    > regarded to security).
    > I have a local group called ITCoordinators that I want to give access to
    > the existing folder Downloads in my root application.
    >
    > I have no problem to reach the root application, but when trying to access
    > Default.aspx in the folder Downloads I get Access Denied.
    > I am logged in as a domain user that is directly added in the local group
    > ITCoordinators.
    > I also tried from other computers but it doesn't work.
    > The local group ITCoordinators are located at my web server called sto45.
    > I also tried without writing sto45\ but it didn't work.
    > <configuration>
    > <system.web>
    > <authentication mode="Windows"/>
    > <authorization>
    > <allow users="*"/>
    > </authorization>
    > </system.web>
    > <location path="Downloads" inheritInChildApplications="true">
    > <system.web>
    > <authorization>
    > <deny users="*" />
    > <allow roles="sto45\ITCoordinators" />
    > </authorization>
    > </system.web>
    > </location>
    > </configuration>
    >
    > Please help
    > Regards /Magnus
    >
    >
    Joe Kaplan, Nov 5, 2007
    #2
    1. Advertising

  3. Magnus

    Magnus Guest

    Thanks Joe, but I don't think Impersonate is applicable in this case. This
    should just be when using code to access other resources as a database.
    Tried it anyhow without any further success. Anyone that can confirm this,
    and maybe help me?

    /Magnus

    "Joe Kaplan" <> wrote in message
    news:ewieuP$...
    > It doesn't look like you have impersonation enabled, so the security check
    > would be done with the process account instead of the identity of the
    > authenticated user.
    >
    > Joe K.
    >
    > --
    > Joe Kaplan-MS MVP Directory Services Programming
    > Co-author of "The .NET Developer's Guide to Directory Services
    > Programming"
    > http://www.directoryprogramming.net
    > --
    > "Magnus" <> wrote in message
    > news:...
    >> Hi,
    >>
    >> I have a web application with the following web.config (I removed area
    >> not regarded to security).
    >> I have a local group called ITCoordinators that I want to give access to
    >> the existing folder Downloads in my root application.
    >>
    >> I have no problem to reach the root application, but when trying to
    >> access Default.aspx in the folder Downloads I get Access Denied.
    >> I am logged in as a domain user that is directly added in the local group
    >> ITCoordinators.
    >> I also tried from other computers but it doesn't work.
    >> The local group ITCoordinators are located at my web server called sto45.
    >> I also tried without writing sto45\ but it didn't work.
    >> <configuration>
    >> <system.web>
    >> <authentication mode="Windows"/>
    >> <authorization>
    >> <allow users="*"/>
    >> </authorization>
    >> </system.web>
    >> <location path="Downloads" inheritInChildApplications="true">
    >> <system.web>
    >> <authorization>
    >> <deny users="*" />
    >> <allow roles="sto45\ITCoordinators" />
    >> </authorization>
    >> </system.web>
    >> </location>
    >> </configuration>
    >>
    >> Please help
    >> Regards /Magnus
    >>
    >>

    >
    >
    Magnus, Nov 5, 2007
    #3
  4. Magnus

    TygerKrash Guest

    Hi Magnus,
    My understanding of the authorization rules is that the
    ordering is important and that your <deny users="*"> will take
    precedence
    over your allow rule since it is listed first. Try changing the
    ordering.

    Failing that I have seen something similar where using the "hostname
    \groupname" wasn't being processed correctly and
    the apparent solution was to use "localhost\groupname" instead. I
    guess that is worth a shot.

    Dave.


    On Nov 5, 11:30 pm, "Magnus" <> wrote:
    > Thanks Joe, but I don't think Impersonate is applicable in this case. This
    > should just be when using code to access other resources as a database.
    > Tried it anyhow without any further success. Anyone that can confirm this,
    > and maybe help me?
    >
    > /Magnus
    >
    > "Joe Kaplan" <> wrote in message
    >
    > news:ewieuP$...
    >
    > > It doesn't look like you have impersonation enabled, so the security check
    > > would be done with the process account instead of the identity of the
    > > authenticated user.

    >
    > > Joe K.

    >
    > > --
    > > Joe Kaplan-MS MVP Directory Services Programming
    > > Co-author of "The .NET Developer's Guide to Directory Services
    > > Programming"
    > >http://www.directoryprogramming.net
    > > --
    > > "Magnus" <> wrote in message
    > >news:...
    > >> Hi,

    >
    > >> I have a web application with the following web.config (I removed area
    > >> not regarded to security).
    > >> I have a local group called ITCoordinators that I want to give access to
    > >> the existing folder Downloads in my root application.

    >
    > >> I have no problem to reach the root application, but when trying to
    > >> access Default.aspx in the folder Downloads I get Access Denied.
    > >> I am logged in as a domain user that is directly added in the local group
    > >> ITCoordinators.
    > >> I also tried from other computers but it doesn't work.
    > >> The local group ITCoordinators are located at my web server called sto45.
    > >> I also tried without writing sto45\ but it didn't work.
    > >> <configuration>
    > >> <system.web>
    > >> <authentication mode="Windows"/>
    > >> <authorization>
    > >> <allow users="*"/>
    > >> </authorization>
    > >> </system.web>
    > >> <location path="Downloads" inheritInChildApplications="true">
    > >> <system.web>
    > >> <authorization>
    > >> <deny users="*" />
    > >> <allow roles="sto45\ITCoordinators" />
    > >> </authorization>
    > >> </system.web>
    > >> </location>
    > >> </configuration>

    >
    > >> Please help
    > >> Regards /Magnus
    TygerKrash, Nov 6, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alper Özgür
    Replies:
    0
    Views:
    464
    Alper Özgür
    May 15, 2006
  2. Alper Özgür
    Replies:
    1
    Views:
    1,187
    faype02
    Jul 30, 2006
  3. Andy G

    Authorization of specific pages

    Andy G, Feb 10, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    119
    Andy G
    Feb 10, 2005
  4. Thammarat Charoenchai.

    Folder Authorization.

    Thammarat Charoenchai., May 24, 2005, in forum: ASP .Net Security
    Replies:
    4
    Views:
    135
    Thammarat Charoenchai.
    May 26, 2005
  5. SeanRW
    Replies:
    1
    Views:
    348
    Dominick Baier [DevelopMentor]
    May 25, 2006
Loading...

Share This Page