Roles not working the way I expected.... any help appreciated.

Discussion in 'ASP .Net Security' started by rob lynch, Mar 10, 2006.

  1. rob lynch

    rob lynch Guest

    web.config
    <system.web>
    <authorization>
    <deny users="?"/>
    <allow roles="Members"/>
    </authorization>
    </system.web>

    What I want is for only members of the Members Role to have access to the
    directory, however authenticated users who are not in this role can access
    the site.

    I have tried changing the role to Admin, but that still doen't work. Am I
    misssing something simple?

    Do I need to actually check the group at the page level?

    If so, why have the option in the web.config?

    I did see a Deny for the role, but that only works if the member is part of
    a role :) as it doesn't like wildcards or empty strings. Which lets the evil
    individual who isn't a member of a role access to the directory.

    Asp ver 2.0


    TIA


    Rob
    rob lynch, Mar 10, 2006
    #1
    1. Advertising

  2. append a

    <deny users="*" /> at the end....

    http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > web.config
    > <system.web>
    > <authorization>
    > <deny users="?"/>
    > <allow roles="Members"/>
    > </authorization>
    > </system.web>
    > What I want is for only members of the Members Role to have access to
    > the directory, however authenticated users who are not in this role
    > can access the site.
    >
    > I have tried changing the role to Admin, but that still doen't work.
    > Am I misssing something simple?
    >
    > Do I need to actually check the group at the page level?
    >
    > If so, why have the option in the web.config?
    >
    > I did see a Deny for the role, but that only works if the member is
    > part of a role :) as it doesn't like wildcards or empty strings. Which
    > lets the evil individual who isn't a member of a role access to the
    > directory.
    >
    > Asp ver 2.0
    >
    > TIA
    >
    > Rob
    >
    Dominick Baier [DevelopMentor], Mar 10, 2006
    #2
    1. Advertising

  3. rob lynch

    rob lynch Guest

    Dominick,

    Thank you!

    I had deny users=* before the role earlier and that seemed to block all :)

    Again, Thanks!!!!


    Rob

    "Dominick Baier [DevelopMentor]" wrote:

    > append a
    >
    > <deny users="*" /> at the end....
    >
    > http://www.leastprivilege.com/ASPNETAuthorizationSettings.aspx
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > web.config
    > > <system.web>
    > > <authorization>
    > > <deny users="?"/>
    > > <allow roles="Members"/>
    > > </authorization>
    > > </system.web>
    > > What I want is for only members of the Members Role to have access to
    > > the directory, however authenticated users who are not in this role
    > > can access the site.
    > >
    > > I have tried changing the role to Admin, but that still doen't work.
    > > Am I misssing something simple?
    > >
    > > Do I need to actually check the group at the page level?
    > >
    > > If so, why have the option in the web.config?
    > >
    > > I did see a Deny for the role, but that only works if the member is
    > > part of a role :) as it doesn't like wildcards or empty strings. Which
    > > lets the evil individual who isn't a member of a role access to the
    > > directory.
    > >
    > > Asp ver 2.0
    > >
    > > TIA
    > >
    > > Rob
    > >

    >
    >
    >
    rob lynch, Mar 10, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. m.cantaloupe
    Replies:
    3
    Views:
    341
    m.cantaloupe
    May 14, 2004
  2. pkirk25
    Replies:
    5
    Views:
    372
    pkirk25
    Oct 24, 2006
  3. JimLad
    Replies:
    5
    Views:
    671
    Pavel Lepin
    Jul 11, 2007
  4. Mark
    Replies:
    5
    Views:
    170
    Kyle T. Jones
    Dec 2, 2011
  5. DamonChong
    Replies:
    4
    Views:
    87
    Damon Chong
    Dec 29, 2005
Loading...

Share This Page