The suggestion with Reflector was mostly just to look at the code to see how
it works and maybe borrow a little bit of its core logic. I wasn't
recommending that you try to completely recompile and debug it!
The UrlAuthorizationModule is driven by the <allow> and <deny> tags in
web.config, so if you don't have any of those, it won't do anything. You
can also remove it from list of HTTP Modules for your app by using the
appropriate XML syntax in web.config in the <httpModules> tag (the MSDN
reference as the proper syntax).
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
Joe,
I will take a look at AzMan, I had not heard of it before.
Two more questions. I used reflector to create the attached probject of the
UrlAuthorizationModule. I thought I could just compile it and debug it's
process to see how it works but I can't get it to compile. It contains some
errors that I have never seen before while compiling. Could you give me
some idea on how to clean this up?
Also, let's say I get it compiled or create my own HttpModule to do the same
thing, how would I tell ASP.Net not to perform it's process and that I am
going to take care of it?
Thanks a lot for your help,
Matt
in message You might also want to look at the Authorization Manager (AzMan) API if you
want something very flexible and powerful for doing role-based authorization
in an application. I'm not exactly sure how I would apply it given what I
know about your app (not much
), but it is good to know about.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
Joe,
WOW, quick response!
You hit the nail on the head. I want to use a table for URL and file
authorization. I have read a ton about Membership and Roles and custom
providers and not one mentioned the UrlAuthorizationModule. I will look
into finding the namespace to find the dll and definitly will fire up
reflector to see what is going on.
I am working on an application that 42 different organization units will be
using from the same site and none of them want to use the same role names.
I began thinking that even if they only have 5 roles per organization that
it will become a nightmare to maintain the roles via web.config files.
Thanks again,
Matt
in message Are you talking about the roles that are applied to the user who is
authenticated, or are you talking about the authorization policy that is
applied to any given URL in terms of who can access it?
If you want to make the latter dynamic, you can just code this in your pages
directly or write your own HTTP Module that does it. If you look at the
(use Reflector to see the code), you can see how it
reads in the authorization configuration applied to the current URL path and
then decides whether the current user has access or not. You could do the
exact same thing in your module, but store the authorization policy in the
database instead and look it up by URL or something. After that, applying
the policy and doing the proper responses is easy and something you could
basically copy from Microsoft's code.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
Can anyone tell me if is is possible to override how a web application
stores/retrieves the Access Rules for roles? Instead of using the
web.config to store the following:
<system.web>
<authorization>
<allow roles="Admin" />
</authorization>
</system.web>
I would like to store this information in a database table and have the
system pull the access role from the table when needed.
Thanks,
Matt
