Role based security across sub directories

Discussion in 'ASP .Net Security' started by FeatureRich, Nov 18, 2004.

  1. FeatureRich

    FeatureRich Guest

    Take the following directory structure:

    AppRoot (configured as a IIS Application)
    -> bin
    -> dirA
    -> dirB
    -> dirC
    login.aspx
    web.config

    Ok, what I want to do is controll access to everything in the appRoot
    and then, based on a role, allow access to dirA, B, C etc. I am
    currently using forms based authentication which authenticates via a
    DB. Once authenticated I retrieve and create the principal and
    overwrite the original. The roles are then kept up via a http handler
    who's code is in the bin.

    Question 1: Do all the sub directories have to be configured in IIS as
    applications? It would seem like there would be a way to indicate that
    the sub directories are a part of the App so that configuration
    settings in the web.config would apply to all. If that is possible,
    then why would the subs need to have application entry points in IIS?
    When I try to use a location element in the root web.config to enable
    the http handler that keeps up with roles, I get the error that
    generally says configure dirA as a IIS application. If I do make them
    apps in IIS, won't I run into AppDomain boundaries when I try to do
    things across directories?

    Question 2: I have my http handler code in a separate dll in the bin.
    I would like to use the <location> element in the root web.config to
    apply the handler and role restrictions on the sub directories. If the
    handler code is in the root/bin, can I specify a path in the root
    web.config <location> elements that point to it? Or would the only way
    to do this be to put the handler code in the GAC so everything could
    see it?
    Fun stuff.

    Thanks ahead. Just a little confused here.
     
    FeatureRich, Nov 18, 2004
    #1
    1. Advertising

  2. Hi FeatureRich,
    Try reading through :-
    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306238#3
    Hope it helps
    Patrick


    "FeatureRich" wrote:

    > Take the following directory structure:
    >
    > AppRoot (configured as a IIS Application)
    > -> bin
    > -> dirA
    > -> dirB
    > -> dirC
    > login.aspx
    > web.config
    >
    > Ok, what I want to do is controll access to everything in the appRoot
    > and then, based on a role, allow access to dirA, B, C etc. I am
    > currently using forms based authentication which authenticates via a
    > DB. Once authenticated I retrieve and create the principal and
    > overwrite the original. The roles are then kept up via a http handler
    > who's code is in the bin.
    >
    > Question 1: Do all the sub directories have to be configured in IIS as
    > applications? It would seem like there would be a way to indicate that
    > the sub directories are a part of the App so that configuration
    > settings in the web.config would apply to all. If that is possible,
    > then why would the subs need to have application entry points in IIS?
    > When I try to use a location element in the root web.config to enable
    > the http handler that keeps up with roles, I get the error that
    > generally says configure dirA as a IIS application. If I do make them
    > apps in IIS, won't I run into AppDomain boundaries when I try to do
    > things across directories?
    >
    > Question 2: I have my http handler code in a separate dll in the bin.
    > I would like to use the <location> element in the root web.config to
    > apply the handler and role restrictions on the sub directories. If the
    > handler code is in the root/bin, can I specify a path in the root
    > web.config <location> elements that point to it? Or would the only way
    > to do this be to put the handler code in the GAC so everything could
    > see it?
    > Fun stuff.
    >
    > Thanks ahead. Just a little confused here.
    >
     
    Patrick.O.Ige, Nov 26, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joel Finkel
    Replies:
    0
    Views:
    493
    Joel Finkel
    Sep 12, 2003
  2. Jesper Stocholm
    Replies:
    2
    Views:
    8,124
    John Saunders
    Aug 23, 2003
  3. Liet Kynes
    Replies:
    0
    Views:
    502
    Liet Kynes
    Nov 26, 2003
  4. Lawrence D'Oliveiro

    Death To Sub-Sub-Sub-Directories!

    Lawrence D'Oliveiro, May 5, 2011, in forum: Java
    Replies:
    92
    Views:
    2,044
    Lawrence D'Oliveiro
    May 20, 2011
  5. Kursat
    Replies:
    1
    Views:
    324
    Dominick Baier
    May 7, 2007
Loading...

Share This Page