Location element in the Web.config file. Allow System Admin whole directory, allow others specific p

Discussion in 'ASP .Net Security' started by Ryan Taylor, Sep 9, 2004.

  1. Ryan Taylor

    Ryan Taylor Guest

    Hello.

    I am developing an ASP.net C# application using forms authentication. I have
    a directory ManageUsers and I want all pages in that directory to be
    accessed by the system administrator. But, there is one page,
    ChangePassword.aspx that any authenticated user should be able to access.

    How exactly does the location element assign permissions to directories and
    pages? I thought that permissions would be applied in the order that the
    location elements were defined in the web.config file. With the latest
    location element defining the permissions.

    The following is what I have attempted. But when the Change Password role is
    assigned to the user, he/she is able to view all pages in the ManageUsers
    directory and not just the ManageUsers/ChangePassword.aspx

    <location path="ManageUsers" allowOverride="false">
    <system.web>
    <authorization>
    <allow roles="System Administrator, Requesting Organization
    Administrator, Responding Organization Administrator" />
    <deny users="?" />
    </authorization>
    </system.web>
    </location>

    <location path="ManageUsers/ChangePassword.aspx" allowOverride="false">
    <system.web>
    <authorization>
    <allow roles="Change Password, System Administrator, Requesting
    Organization Administrator, Requesting Organization User, Responding
    Organization Administrator, Responding Organization User" />
    <deny users="?" />
    </authorization>
    </system.web>
    </location>


    Thanks in advance for any assistance.
    Ryan Taylor
     
    Ryan Taylor, Sep 9, 2004
    #1
    1. Advertising

  2. Ryan Taylor

    Ryan Taylor Guest

    I found that part of my problem was that I was allowing all authenticated
    users access to the pages. So I replaced the '?' with a '*' and this solved
    the problem I also moved the ChangePassword.aspx file to its own location
    just to be thorough.

    Ryan Taylor
     
    Ryan Taylor, Sep 9, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Benny Ng
    Replies:
    9
    Views:
    10,003
    Benny Ng
    Oct 13, 2005
  2. Nathan Sokalski
    Replies:
    5
    Views:
    1,044
    Gaurav Vaish \(www.Edujini-Labs.com\)
    Jan 10, 2007
  3. Replies:
    2
    Views:
    791
    Alexey Smirnov
    May 25, 2007
  4. Nathan Sokalski
    Replies:
    4
    Views:
    314
    Nathan Sokalski
    Dec 21, 2006
  5. Travis
    Replies:
    3
    Views:
    373
Loading...

Share This Page