Web.config: <allow users="xxxx" /> Where does xxxx come from?

Discussion in 'ASP .Net Security' started by sjl, Apr 26, 2005.

  1. sjl

    sjl Guest

    I'm using Forms Authentication. When I authenticate a user from a database,
    I use the following line:
    FormsAuthentication.RedirectFromLoginPage(parameterID.Value.ToString(),chkRemember.Checked);

    where parameterID.Value is the ouput parameter from my stored proc which is
    the primary key from the database of the user who logged in. That way, I
    always use that key when writing back to the database for various tasks
    (Page.User.Identity.Name). Is that the same value that gets evaluated in
    the web.config file authorization section to allow/deny users? For example,
    what user am I really looking for if I use <allow users="xxxx" /> in the
    web.config file? They login using email/password, but I write the
    authentication ticket using the primary key from the database.

    What I'm really wanting to do is use forms auth to secure one folder for
    only authenticated users. Anyone who is registered on my site and logs in
    can get to all files in that folder. Additionally, I'd like to have an
    administrative back-end for the site in another subfolder that will only all
    myself into. Am I forced to use roles to accomplish this or can I do this
    with simple web.config settings?

    Thanks in advance.
    sjl
     
    sjl, Apr 26, 2005
    #1
    1. Advertising

  2. sjl

    MasterGaurav Guest

    Re: Web.config: <allow users="xxxx" /> Where does xxxx come from?

    Just use:
    <deny users="?"/>

    Anyway... "XXXX" in <allow users=..."/> is the list of users that will
    be allowed access. It's the same as the first parameter in
    RedirectFromLoginPage(...) method.

    For your situation, you may like to do the following:

    <location path="dirName">
    <system.web>
    <authorization>
    <deny users="?"/> <!-- Denying anonymous users -->
    </authorization>
    <authentication mode="Forms">
    ....
    </authentication>
    </system.web>
    </location>



    --
    Cheers,
    Gaurav Vaish
    http://www.mastergaurav.org
    http://mastergaurav.blogspot.com
    --------------------------------
     
    MasterGaurav, Apr 26, 2005
    #2
    1. Advertising

  3. sjl

    sjl Guest

    Re: Web.config: <allow users="xxxx" /> Where does xxxx come from?

    Thanks Gaurav. Since I want to deny anonymous users AND all authenticated
    users other than myself for this Admin folder, wouldn't I also need to add
    <allow users="1" /> where my primary key ID from the database is 1? Or, do
    I need to deny ALL users (<deny users="*"/>) and only <allow users = "1" />?
    I'm pretty sure I've tried this, but couldn't determine why it wasn't only
    allowing my account access and not all others.

    I'll keep working on it. You've answered my question though regarding where
    the xxxx comes from in the allow/deny users statement for the web.config.

    Thanks,
    sjl


    "MasterGaurav" <> wrote in message
    news:...
    > Just use:
    > <deny users="?"/>
    >
    > Anyway... "XXXX" in <allow users=..."/> is the list of users that will
    > be allowed access. It's the same as the first parameter in
    > RedirectFromLoginPage(...) method.
    >
    > For your situation, you may like to do the following:
    >
    > <location path="dirName">
    > <system.web>
    > <authorization>
    > <deny users="?"/> <!-- Denying anonymous users -->
    > </authorization>
    > <authentication mode="Forms">
    > ....
    > </authentication>
    > </system.web>
    > </location>
    >
    >
    >
    > --
    > Cheers,
    > Gaurav Vaish
    > http://www.mastergaurav.org
    > http://mastergaurav.blogspot.com
    > --------------------------------
    >
     
    sjl, Apr 26, 2005
    #3
  4. sjl

    MasterGaurav Guest

    MasterGaurav, Apr 28, 2005
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Carlos
    Replies:
    4
    Views:
    11,571
    Alan Samet
    Sep 22, 2005
  2. Jeff Thur

    Need to Format a zipcode into xxxxx-xxxx.

    Jeff Thur, Feb 18, 2005, in forum: ASP .Net Datagrid Control
    Replies:
    1
    Views:
    187
  3. Ryan Taylor
    Replies:
    1
    Views:
    692
    Ryan Taylor
    Sep 9, 2004
  4. Kylin

    <deny users="?" /> <allow users="*" />

    Kylin, May 17, 2005, in forum: ASP .Net Security
    Replies:
    2
    Views:
    600
    Ravichandran J.V.
    May 19, 2005
  5. Replies:
    3
    Views:
    262
    Andy Dingley
    Sep 27, 2006
Loading...

Share This Page