Need help on Create New User account in asp.net 2.0

Discussion in 'ASP .Net Security' started by Dominick Baier [DevelopMentor], Apr 5, 2006.

  1. remove the ~/

    <location path="UnSecured">


    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello,
    > The code I have in web.config file to redirect the user to the
    > MainLogin.aspx page
    > <authentication mode="Forms">
    > <forms name="/.ASPXAUTH"
    > loginUrl="~/Unsecured/MainLogin.aspx" cookieless="UseCookies">
    > </forms>
    > </authentication>
    > Now I also have the CreateNewAcct.aspx page sitting in the UnSecured
    > folder as the MainLogin.aspx.
    >
    > Here is the code that should allow every including un authenticated
    > users as we have allow users = "*"
    > <location path="~/UnSecured/CreateNewAcct.aspx">
    > <system.web>
    > <authorization>
    > <allow users="*" />
    > </authorization>
    > </system.web>
    > </location>
    > But when I click on the Create New User link thats on the Login
    > control it never goes the CreateNewAcct.aspx page and it comes back to
    > the MainLogin.aspx page!
    >
    > Any clue why this comes back though I have used allow users = "*"?
    >
    > Thanks
    > -
    Dominick Baier [DevelopMentor], Apr 5, 2006
    #1
    1. Advertising

  2. it is just that the ~ syntax does not apply here. that's it ;)

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Cool that works!
    >
    > Is there any thing I need to understand here? Please help me
    > understand how it is works.
    >
    > Thanks
    > -
    Dominick Baier [DevelopMentor], Apr 5, 2006
    #2
    1. Advertising

  3. Dominick Baier [DevelopMentor]

    Learner Guest

    Hello,
    The code I have in web.config file to redirect the user to the
    MainLogin.aspx page


    <authentication mode="Forms">
    <forms name="/.ASPXAUTH"
    loginUrl="~/Unsecured/MainLogin.aspx" cookieless="UseCookies">
    </forms>
    </authentication>


    Now I also have the CreateNewAcct.aspx page sitting in the UnSecured
    folder as the MainLogin.aspx.

    Here is the code that should allow every including un authenticated
    users as we have allow users = "*"
    <location path="~/UnSecured/CreateNewAcct.aspx">
    <system.web>
    <authorization>
    <allow users="*" />
    </authorization>
    </system.web>
    </location>


    But when I click on the Create New User link thats on the Login control
    it never goes the CreateNewAcct.aspx page and it comes back to the
    MainLogin.aspx page!


    Any clue why this comes back though I have used allow users = "*"?


    Thanks
    -L
    Learner, Apr 5, 2006
    #3
  4. Dominick Baier [DevelopMentor]

    Learner Guest

    Cool that works!

    Is there any thing I need to understand here? Please help me understand
    how it is works.

    Thanks
    -L
    Learner, Apr 5, 2006
    #4
  5. Dominick Baier [DevelopMentor]

    Learner Guest

    Hello Dominick,

    Thanks for the clarification. Also, I am just wondering if you can
    help me with what I am planning to work on few pages in my application
    who can view/access based on the roles.

    Suppose I have 10 .aspx pages

    say
    1.aspx
    2.aspx
    3.aspx
    4.aspx
    ....
    10.aspx

    Now a user who has a Admin role can access all the pages (1 thru
    10.aspx pages)
    a User who has Manager can only access say 4,5,6,7.aspx pages and also
    some portion of the remaining web pages that Admin has access to but
    not the entire page.
    a User who has just has User access can only access 8,9,10.aspx pages
    and also some parts (portion of the webform) of the remainings pages. I
    mean based on what he can see he should have access some parts of the 1
    thru 10.aspx pages but full access to the 8,9,10.aspx pages.

    Could you please help me here how do I design this? My idea is to
    create Admin, Manager, User folders seperatley and allow access based
    on who logged in. And put the pages that each role has access to in
    these folders.

    But I don't know how to provide access to the portion of the web pages
    to be allowed to be accessed by the Manager / User to certain pages as
    I described above.

    Can you help me with this?

    Thanks
    -L
    Learner, Apr 6, 2006
    #5
  6. use the <authorization> element where it is granular enough - for pages where
    multiple roles have access but should see different information/portions
    of the page -

    use Context.IsInRole in the page code to make the security decisions.

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hello Dominick,
    >
    > Thanks for the clarification. Also, I am just wondering if you can
    > help me with what I am planning to work on few pages in my application
    > who can view/access based on the roles.
    >
    > Suppose I have 10 .aspx pages
    >
    > say
    > 1.aspx
    > 2.aspx
    > 3.aspx
    > 4.aspx
    > ...
    > 10.aspx
    > Now a user who has a Admin role can access all the pages (1 thru
    > 10.aspx pages)
    > a User who has Manager can only access say 4,5,6,7.aspx pages and also
    > some portion of the remaining web pages that Admin has access to but
    > not the entire page.
    > a User who has just has User access can only access 8,9,10.aspx pages
    > and also some parts (portion of the webform) of the remainings pages.
    > I
    > mean based on what he can see he should have access some parts of the
    > 1
    > thru 10.aspx pages but full access to the 8,9,10.aspx pages.
    > Could you please help me here how do I design this? My idea is to
    > create Admin, Manager, User folders seperatley and allow access based
    > on who logged in. And put the pages that each role has access to in
    > these folders.
    >
    > But I don't know how to provide access to the portion of the web pages
    > to be allowed to be accessed by the Manager / User to certain pages as
    > I described above.
    >
    > Can you help me with this?
    >
    > Thanks
    > -L
    Dominick Baier [DevelopMentor], Apr 6, 2006
    #6
  7. Dominick Baier [DevelopMentor]

    Learner Guest

    Thank you for the reply. Yes thats what exactly how want it to be done.
    I am just wondering is there an article or blog to go through that
    explains briefly on how to implement these ones. That definitely helps
    me to understand it correctly and implement it.

    I am surfing the web but couldn't find the right one.

    Thanks
    -L
    Learner, Apr 6, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?SmFzb24gQ2FtcA==?=

    How To: Create a Custom Account to Run ASP.NET 2.0

    =?Utf-8?B?SmFzb24gQ2FtcA==?=, Jun 5, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    1,297
    =?Utf-8?B?SmFzb24gQ2FtcA==?=
    Jun 5, 2006
  2. vj
    Replies:
    3
    Views:
    251
    Sybren Stuvel
    Mar 22, 2006
  3. nilapenn
    Replies:
    3
    Views:
    603
    Joe Kaplan \(MVP - ADSI\)
    Feb 14, 2005
  4. Replies:
    4
    Views:
    621
    Paul Clement
    Sep 15, 2005
  5. Mukul

    Hw to create user Account using ASP

    Mukul, Feb 5, 2008, in forum: ASP General
    Replies:
    1
    Views:
    121
    Mukul
    Feb 6, 2008
Loading...

Share This Page