problem with role and accessibility

[Chris]

Hi,

i defined a role ('manager') with one memberuser: Bob.
The website has a subdirectory called "allusers" which contains two pages:
allusers.aspx and manager.aspx.
The page allusers.aspx must be accessible by all users while the page
manager.aspx must be only accessible by members of the role manager.

The web.config of directory 'allusers' contains this:

<location path="manager.aspx">
<system.web>
<authorization>
<deny users="*" />
<allow roles="manager" />
</authorization>
</system.web>
</location>

When logged via login.aspx, the user is redirected to a menu.apsx with a
hyperlink to manager.aspx.
When logged as Bob and clicking on the link to manager.aspx, i have no
access and i'm redirected to login.aspx.
Why?

I added in web.config this:

<allow users="Bob" />

but still no access !!!

What's wrong here?
Thanks
Chris

 

[Ben Rush]

For the sake of completeness, have you tried copying the string "manager"
from your web.config file and doing a IsUserInRole to verify that "Bob" or
whatever is, indeed, in the role? Perhaps do a redirect if he is and just
verify that you have things configured properly.
http://msdn2.microsoft.com/en-us/library/system.web.security.roles.isuserinrole.aspxA
whole slew of weird things could be off somewhere.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~
Ben Rush
Microsoft .NET Consultant
http://www.ben-rush.net/blog
http://www.sideshowsystems.com

 

[Chris]

thanks, but it just found it:

<deny=..> must come after <allow ...>

...