window based authentication with members defined in a distribution list.

Discussion in 'ASP .Net' started by Biranchi Narayan Panda, Feb 21, 2010.

  1. I want windows based authentication for a particular folder of my web pages.
    This page should be accessible to only some of the managers and some other
    roles.
    I don't want to allow or deny role and persons in web.config.

    Rather, is it possible that a distribution list created in active directory
    of the domain and linked with web config? The logins that are there in the
    distribution list will only be able to view the pages and others will get
    error.aspx page.

    In this way, the non-technical higher position persons will also be able to
    grant and deny access to other members.
    Biranchi Narayan Panda, Feb 21, 2010
    #1
    1. Advertising

  2. Biranchi Narayan Panda

    Bob Barrows Guest

    Biranchi Narayan Panda wrote:
    > I want windows based authentication for a particular folder of my web
    > pages. This page should be accessible to only some of the managers
    > and some other roles.
    > I don't want to allow or deny role and persons in web.config.
    >
    > Rather, is it possible that a distribution list created in active
    > directory of the domain and linked with web config? The logins that
    > are there in the distribution list will only be able to view the
    > pages and others will get error.aspx page.
    >
    > In this way, the non-technical higher position persons will also be
    > able to grant and deny access to other members.


    You should be aware that each folder in a website can have its own
    web.config file in which you can create this restriction. And yes, an AD
    group can certainly be used instead of a user's name in the web.config file.

    Please note: m.p.inetserver.asp.general is a classic ASP group and has only
    a few dotnet-aware regulars. For that reason, I am removing it from the
    distribution list for this reply.

    --
    Microsoft MVP - ASP/ASP.NET - 2004-2007
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
    Bob Barrows, Feb 21, 2010
    #2
    1. Advertising

  3. Re: window based authentication with members defined in a distrib

    "Bob Barrows" wrote:
    > yes, an AD group can certainly be used instead of a user's
    > name in the web.config file.


    Alas I am unclear on this point. I have exactly the same wish. That a non
    tech savvy manager without access to the web server per se, can via their
    MS-Outlook Address book and managing a distribution list, win two immediate
    benefits:

    a) The ability to control who has access to a web site, and
    b) The ability to email them as a group.

    Now I find what you've suggested very encouraging Bob and am back here after
    a good 20 minutes of reading google results varying my search without
    successfully finding clear documentation or an example.

    Here's what I have in my web.config now:

    <authorization>
    <allow roles="domain\websiteusers"/>
    <deny users="*"/>
    </authorization>

    alas "domain\websiteusers" is a security group set by our IT staff and not
    to my knowledge easily modified by a manager using the tools they have. Hence
    the interest in a distribution list. Now let me suppose I have a distribution
    list on Active Directory named "domain\websiteuserlist"

    I have tested both of these scenarios quickly with no success:

    <authorization>
    <allow roles="domain\websiteuserlist"/>
    <deny users="*"/>
    </authorization>

    and

    <authorization>
    <allow users="domain\websiteuserlist"/>
    <deny users="*"/>
    </authorization>

    now I'm tempted to conclude from you cursory statement that the latter test
    should function. Alas I haven't replicated it. I add a user to
    domain\websiteuserlist and voila, the still can't access the website.

    It may be that all I'm experience is latency. That ti would help if I
    rebooted their PC, or had them log out and in again, and/or the server and/or
    .... my point is simply groping for answers in the dark is a frustrating time
    consumer and the lack of clear documentation has frustrated me.

    I look at page like this:

    http://msdn.microsoft.com/en-us/library/acsd09b0(VS.80).aspx

    and I feel like reprimanding a microsoft documenters (well, humility aside,
    I've managed documentation for years and would indeed be having a chat with
    my staff about a page like this). What exactly IS a user and role? Where are
    they defined? At best it sends me off to some obtuse pages on ASP role
    management which takes me down many paths not of immediate interest to me
    (although it would no doubt of great benefit if I took the time to research
    and understand the complete security model all the same I ma interested
    primarily in a quick answer - greedy I am). In short this page ought to tell
    me clearly what kinds of strings are valid as roles and users and where they
    are defined. And it doesn't.

    Anyhow, if you perchance have the time for a clear example I would be
    grateful to you. In the mean time I am in the dark still unless I stumble
    upon another clarification soon.

    Cheers,

    Bernd.
    Bernd Wechner, May 11, 2010
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Oodini
    Replies:
    1
    Views:
    1,752
    Keith Thompson
    Sep 27, 2005
  2. Biranchi Narayan Panda
    Replies:
    0
    Views:
    313
    Biranchi Narayan Panda
    Feb 18, 2010
  3. Biranchi Narayan Panda
    Replies:
    0
    Views:
    357
    Biranchi Narayan Panda
    Feb 21, 2010
  4. Biranchi Narayan Panda

    window based authentication with members defined in a distribution list.

    Biranchi Narayan Panda, Feb 21, 2010, in forum: ASP .Net Security
    Replies:
    2
    Views:
    817
    Bernd Wechner
    May 11, 2010
  5. Biranchi Narayan Panda
    Replies:
    0
    Views:
    721
    Biranchi Narayan Panda
    Feb 21, 2010
Loading...

Share This Page