Need Authorization to Shared Resources

Discussion in 'ASP .Net' started by Jonathan Wood, Nov 13, 2007.

  1. I have three roles: Admin, Trainer, and Client. Client pages are in my root
    folder, Admin pages are in my Admin subfolder, and Trainer pages are in my
    Trainer subfolder. No users can access any pages not matching their role.

    In order to enforce this, I have the following in my web.config:

    <authorization>
    <allow roles="Client" />
    <deny users="*" />
    </authorization>

    I also need to add web.config files and rules in my Admin and Trainer
    subfolders.

    That seems to work except that the rules above apply to any subfolders
    without a web.config file. So, for example, Trainer and Admin users cannot
    access my images (~/images) and stylesheets (~/style), etc.

    Is it necessary to now place yet another web.config file in each shared
    folder such as images and style? Or is there an easier way to deal with
    this?

    Thanks.

    --
    Jonathan Wood
    SoftCircuits Programming
    http://www.softcircuits.com
     
    Jonathan Wood, Nov 13, 2007
    #1
    1. Advertising

  2. Your folder hierarchy is not clear to me, but yes, that would be one
    solution.
    Perhaps you should put shared resources in one place for all users to share?

    --
    I hope this helps,
    Steve C. Orr,
    MCSD, MVP, CSM, ASPInsider
    http://SteveOrr.net



    "Jonathan Wood" <> wrote in message
    news:...
    >I have three roles: Admin, Trainer, and Client. Client pages are in my root
    >folder, Admin pages are in my Admin subfolder, and Trainer pages are in my
    >Trainer subfolder. No users can access any pages not matching their role.
    >
    > In order to enforce this, I have the following in my web.config:
    >
    > <authorization>
    > <allow roles="Client" />
    > <deny users="*" />
    > </authorization>
    >
    > I also need to add web.config files and rules in my Admin and Trainer
    > subfolders.
    >
    > That seems to work except that the rules above apply to any subfolders
    > without a web.config file. So, for example, Trainer and Admin users cannot
    > access my images (~/images) and stylesheets (~/style), etc.
    >
    > Is it necessary to now place yet another web.config file in each shared
    > folder such as images and style? Or is there an easier way to deal with
    > this?
    >
    > Thanks.
    >
    > --
    > Jonathan Wood
    > SoftCircuits Programming
    > http://www.softcircuits.com
    >
     
    Steve C. Orr [MCSD, MVP, CSM, ASP Insider], Nov 13, 2007
    #2
    1. Advertising

  3. My folder hierachy is as follows:

    [Root folder] - "Client" users only
    |
    --> [Admin subfolder] - "Admin" users only
    |
    --> [Trainer subfolder] - "Trainer" users only

    I hate to stick things like images in folders with things like stylesheets.
    Moreover, I want to use themes, which have a fixed folder structure.

    I suppose I could have images for each theme and put the images there. Seems
    less than ideal though.

    Thanks.

    --
    Jonathan Wood
    SoftCircuits Programming
    http://www.softcircuits.com


    "Steve C. Orr [MCSD, MVP, CSM, ASP Insider]" <> wrote in
    message news:...
    > Your folder hierarchy is not clear to me, but yes, that would be one
    > solution.
    > Perhaps you should put shared resources in one place for all users to
    > share?
    >
    > --
    > I hope this helps,
    > Steve C. Orr,
    > MCSD, MVP, CSM, ASPInsider
    > http://SteveOrr.net
    >
    >
    >
    > "Jonathan Wood" <> wrote in message
    > news:...
    >>I have three roles: Admin, Trainer, and Client. Client pages are in my
    >>root folder, Admin pages are in my Admin subfolder, and Trainer pages are
    >>in my Trainer subfolder. No users can access any pages not matching their
    >>role.
    >>
    >> In order to enforce this, I have the following in my web.config:
    >>
    >> <authorization>
    >> <allow roles="Client" />
    >> <deny users="*" />
    >> </authorization>
    >>
    >> I also need to add web.config files and rules in my Admin and Trainer
    >> subfolders.
    >>
    >> That seems to work except that the rules above apply to any subfolders
    >> without a web.config file. So, for example, Trainer and Admin users
    >> cannot access my images (~/images) and stylesheets (~/style), etc.
    >>
    >> Is it necessary to now place yet another web.config file in each shared
    >> folder such as images and style? Or is there an easier way to deal with
    >> this?
    >>
    >> Thanks.
    >>
    >> --
    >> Jonathan Wood
    >> SoftCircuits Programming
    >> http://www.softcircuits.com
    >>

    >
     
    Jonathan Wood, Nov 14, 2007
    #3
  4. Hello once again.

    It seems to me that you are having many problems all of which could be
    resolved easily with a modified folder hierarchy.

    [Root folder] - Any user
    |
    --> [Client subfolder] - "Client" users only
    |
    --> [Admin subfolder] - "Admin" users only
    |
    --> [Trainer subfolder] - "Trainer" users only
    |
    --> [Shared subfolder(s)] - Set folder security as appropriate.



    "Jonathan Wood" <> wrote in message
    news:...
    > My folder hierachy is as follows:
    >
    > [Root folder] - "Client" users only
    > |
    > --> [Admin subfolder] - "Admin" users only
    > |
    > --> [Trainer subfolder] - "Trainer" users only
     
    Scott Roberts, Nov 15, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ed J

    global shared resources

    Ed J, Jan 20, 2005, in forum: VHDL
    Replies:
    6
    Views:
    2,001
    Charles Bailey
    Jan 22, 2005
  2. Abhishek Srivastava

    ASP.NET Worker processes and shared resources

    Abhishek Srivastava, Jan 28, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    364
    Abhishek Srivastava
    Jan 28, 2004
  3. Russell E. Owen
    Replies:
    0
    Views:
    720
    Russell E. Owen
    Sep 8, 2006
  4. Maciej

    Pooling shared resources

    Maciej, Aug 10, 2007, in forum: Java
    Replies:
    0
    Views:
    282
    Maciej
    Aug 10, 2007
  5. SeanRW
    Replies:
    1
    Views:
    385
    Dominick Baier [DevelopMentor]
    May 25, 2006
Loading...

Share This Page