Security (Urgent!!!)

Discussion in 'ASP .Net Security' started by Vinod, Jun 27, 2005.

  1. Vinod

    Vinod Guest

    Hi,

    I am developing a aspx login screen based on the roles (Admin,User). If
    the role is Admin he needs to acess a
    particular folder in the system.

    If the role is User he needs to access another folder in the system.

    How can i accomplish it.
    Currently i am using this code but its not working fine

    <location path="alfa/admin">
    <system.web>
    <authorization>
    <allow roles ="Admin" />
    <deny users="*" />
    </authorization>
    </system.web>
    </location>

    <location path="engine">
    <system.web>
    <authorization>
    <allow roles ="Users"/>
    <deny users="*" />
    </authorization>
    </system.web>
    </location>

    In the login screen if i enter a valid login also it is not redirecting
    it to a page in the admin folder . It attaches the redirection url and
    stays in the same page.

    Any Help will be very grateful


    Regards
    Vinod
     
    Vinod, Jun 27, 2005
    #1
    1. Advertising

  2. Hello Vinod,

    what do you use to redirect back?

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > Hi,
    >
    > I am developing a aspx login screen based on the roles
    > (Admin,User). If
    > the role is Admin he needs to acess a
    > particular folder in the system.
    > If the role is User he needs to access another folder in the
    > system.
    >
    > How can i accomplish it.
    > Currently i am using this code but its not working fine
    > <location path="alfa/admin">
    > <system.web>
    > <authorization>
    > <allow roles ="Admin" />
    > <deny users="*" />
    > </authorization>
    > </system.web>
    > </location>
    > <location path="engine">
    > <system.web>
    > <authorization>
    > <allow roles ="Users"/>
    > <deny users="*" />
    > </authorization>
    > </system.web>
    > </location>
    > In the login screen if i enter a valid login also it is not
    > redirecting it to a page in the admin folder . It attaches the
    > redirection url and stays in the same page.
    >
    > Any Help will be very grateful
    >
    > Regards
    > Vinod
     
    Dominick Baier [DevelopMentor], Jun 27, 2005
    #2
    1. Advertising

  3. Vinod

    Vinod Guest

    I user response.redirect and it doesnot redirect to the location instead it
    adds the path as a query string to the url

    regards
    vinod


    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hello Vinod,
    >
    > what do you use to redirect back?
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > Hi,
    > >
    > > I am developing a aspx login screen based on the roles
    > > (Admin,User). If
    > > the role is Admin he needs to acess a
    > > particular folder in the system.
    > > If the role is User he needs to access another folder in the
    > > system.
    > >
    > > How can i accomplish it.
    > > Currently i am using this code but its not working fine
    > > <location path="alfa/admin">
    > > <system.web>
    > > <authorization>
    > > <allow roles ="Admin" />
    > > <deny users="*" />
    > > </authorization>
    > > </system.web>
    > > </location>
    > > <location path="engine">
    > > <system.web>
    > > <authorization>
    > > <allow roles ="Users"/>
    > > <deny users="*" />
    > > </authorization>
    > > </system.web>
    > > </location>
    > > In the login screen if i enter a valid login also it is not
    > > redirecting it to a page in the admin folder . It attaches the
    > > redirection url and stays in the same page.
    > >
    > > Any Help will be very grateful
    > >
    > > Regards
    > > Vinod

    >
    >
    >
     
    Vinod, Jun 28, 2005
    #3
  4. Hello Vinod,

    like this :

    Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text, false));

    ??

    i have a full working example on my blog - maybe this clarifies things
    http://www.leastprivilege.com/content/binary/FormsAuthBestPractice.zip

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I user response.redirect and it doesnot redirect to the location
    > instead it adds the path as a query string to the url
    >
    > regards
    > vinod
    > "Dominick Baier [DevelopMentor]"
    > <> wrote in message
    > news:...
    >
    >> Hello Vinod,
    >>
    >> what do you use to redirect back?
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> Hi,
    >>>
    >>> I am developing a aspx login screen based on the roles
    >>> (Admin,User). If
    >>> the role is Admin he needs to acess a
    >>> particular folder in the system.
    >>> If the role is User he needs to access another folder in the
    >>> system.
    >>> How can i accomplish it.
    >>> Currently i am using this code but its not working fine
    >>> <location path="alfa/admin">
    >>> <system.web>
    >>> <authorization>
    >>> <allow roles ="Admin" />
    >>> <deny users="*" />
    >>> </authorization>
    >>> </system.web>
    >>> </location>
    >>> <location path="engine">
    >>> <system.web>
    >>> <authorization>
    >>> <allow roles ="Users"/>
    >>> <deny users="*" />
    >>> </authorization>
    >>> </system.web>
    >>> </location>
    >>> In the login screen if i enter a valid login also it is not
    >>> redirecting it to a page in the admin folder . It attaches the
    >>> redirection url and stays in the same page.
    >>> Any Help will be very grateful
    >>>
    >>> Regards
    >>> Vinod
     
    Dominick Baier [DevelopMentor], Jun 28, 2005
    #4
  5. Vinod

    Vinod Guest

    I am just using Reponse.Redirect.

    My code is working fine locally , but when i upload to the server it doesnot
    work

    regards
    vinod
    "Dominick Baier [DevelopMentor]" <>
    wrote in message news:...
    > Hello Vinod,
    >
    > like this :
    >
    > Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text,

    false));
    >
    > ??
    >
    > i have a full working example on my blog - maybe this clarifies things
    > http://www.leastprivilege.com/content/binary/FormsAuthBestPractice.zip
    >
    > ---------------------------------------
    > Dominick Baier - DevelopMentor
    > http://www.leastprivilege.com
    >
    > > I user response.redirect and it doesnot redirect to the location
    > > instead it adds the path as a query string to the url
    > >
    > > regards
    > > vinod
    > > "Dominick Baier [DevelopMentor]"
    > > <> wrote in message
    > > news:...
    > >
    > >> Hello Vinod,
    > >>
    > >> what do you use to redirect back?
    > >>
    > >> ---------------------------------------
    > >> Dominick Baier - DevelopMentor
    > >> http://www.leastprivilege.com
    > >>> Hi,
    > >>>
    > >>> I am developing a aspx login screen based on the roles
    > >>> (Admin,User). If
    > >>> the role is Admin he needs to acess a
    > >>> particular folder in the system.
    > >>> If the role is User he needs to access another folder in the
    > >>> system.
    > >>> How can i accomplish it.
    > >>> Currently i am using this code but its not working fine
    > >>> <location path="alfa/admin">
    > >>> <system.web>
    > >>> <authorization>
    > >>> <allow roles ="Admin" />
    > >>> <deny users="*" />
    > >>> </authorization>
    > >>> </system.web>
    > >>> </location>
    > >>> <location path="engine">
    > >>> <system.web>
    > >>> <authorization>
    > >>> <allow roles ="Users"/>
    > >>> <deny users="*" />
    > >>> </authorization>
    > >>> </system.web>
    > >>> </location>
    > >>> In the login screen if i enter a valid login also it is not
    > >>> redirecting it to a page in the admin folder . It attaches the
    > >>> redirection url and stays in the same page.
    > >>> Any Help will be very grateful
    > >>>
    > >>> Regards
    > >>> Vinod

    >
    >
    >
     
    Vinod, Jun 29, 2005
    #5
  6. Hello Vinod,

    try using

    Response.Redirect("~/default.aspx");

    ---------------------------------------
    Dominick Baier - DevelopMentor
    http://www.leastprivilege.com

    > I am just using Reponse.Redirect.
    >
    > My code is working fine locally , but when i upload to the server it
    > doesnot work
    >
    > regards
    > vinod
    > "Dominick Baier [DevelopMentor]"
    > <>
    > wrote in message news:...
    >> Hello Vinod,
    >>
    >> like this :
    >>
    >> Response.Redirect(FormsAuthentication.GetRedirectUrl(txtUsername.Text
    >> ,
    >>

    > false));
    >
    >> ??
    >>
    >> i have a full working example on my blog - maybe this clarifies
    >> things
    >> http://www.leastprivilege.com/content/binary/FormsAuthBestPractice.zi
    >> p
    >>
    >> ---------------------------------------
    >> Dominick Baier - DevelopMentor
    >> http://www.leastprivilege.com
    >>> I user response.redirect and it doesnot redirect to the location
    >>> instead it adds the path as a query string to the url
    >>>
    >>> regards
    >>> vinod
    >>> "Dominick Baier [DevelopMentor]"
    >>> <> wrote in message
    >>> news:...
    >>>> Hello Vinod,
    >>>>
    >>>> what do you use to redirect back?
    >>>>
    >>>> ---------------------------------------
    >>>> Dominick Baier - DevelopMentor
    >>>> http://www.leastprivilege.com
    >>>>> Hi,
    >>>>>
    >>>>> I am developing a aspx login screen based on the roles
    >>>>> (Admin,User). If
    >>>>> the role is Admin he needs to acess a
    >>>>> particular folder in the system.
    >>>>> If the role is User he needs to access another folder in the
    >>>>> system.
    >>>>> How can i accomplish it.
    >>>>> Currently i am using this code but its not working fine
    >>>>> <location path="alfa/admin">
    >>>>> <system.web>
    >>>>> <authorization>
    >>>>> <allow roles ="Admin" />
    >>>>> <deny users="*" />
    >>>>> </authorization>
    >>>>> </system.web>
    >>>>> </location>
    >>>>> <location path="engine">
    >>>>> <system.web>
    >>>>> <authorization>
    >>>>> <allow roles ="Users"/>
    >>>>> <deny users="*" />
    >>>>> </authorization>
    >>>>> </system.web>
    >>>>> </location>
    >>>>> In the login screen if i enter a valid login also it is not
    >>>>> redirecting it to a page in the admin folder . It attaches the
    >>>>> redirection url and stays in the same page.
    >>>>> Any Help will be very grateful
    >>>>> Regards
    >>>>> Vinod
     
    Dominick Baier [DevelopMentor], Jun 30, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?RmFicmljZSBERy4=?=

    <URGENT> Crystal 9 + Server 2003 : security problem

    =?Utf-8?B?RmFicmljZSBERy4=?=, Dec 21, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    345
    =?Utf-8?B?RmFicmljZSBERy4=?=
    Dec 21, 2004
  2. Aaron
    Replies:
    1
    Views:
    357
    John C. Bollinger
    Aug 4, 2003
  3. Sachin Jagtap

    URGENT !! QUEUE STL PROBLEM URGENT!!

    Sachin Jagtap, Apr 28, 2005, in forum: C++
    Replies:
    4
    Views:
    1,045
    Mark Stijnman
    Apr 29, 2005
  4. Rob
    Replies:
    3
    Views:
    440
  5. Replies:
    1
    Views:
    268
Loading...

Share This Page