wonky <authorization> (order matters?)

Discussion in 'ASP .Net Security' started by SpaceMarine, May 21, 2008.

  1. SpaceMarine

    SpaceMarine Guest

    hello,

    i am using Windows authentication w/ my web app and lock it down via
    roles. in my testing it seems like the *order* of the <authorization>
    elements matters.

    eg, this works:

    <authorization>
    <allow roles="Foo" />
    <deny users="?" />
    <deny users="*" />
    </authorization>

    but this doesnt:

    <authorization>
    <deny users="?" />
    <deny users="*" />
    <allow roles="Foo" />
    </authorization>

    ....for the latter my browser keeps popping a credentials dialog, even
    tho im in the Foo role.


    is this expected behavior? ASP.NET v2.


    thanks!
    sm
     
    SpaceMarine, May 21, 2008
    #1
    1. Advertising

  2. SpaceMarine

    Joe Kaplan Guest

    Yes, it does matter. It evaluates each rule in order until it matches and
    then it applies the allow or deny based on the match.

    Joe K.

    --
    Joe Kaplan-MS MVP Directory Services Programming
    Co-author of "The .NET Developer's Guide to Directory Services Programming"
    http://www.directoryprogramming.net
    --
    "SpaceMarine" <> wrote in message
    news:...
    > hello,
    >
    > i am using Windows authentication w/ my web app and lock it down via
    > roles. in my testing it seems like the *order* of the <authorization>
    > elements matters.
    >
    > eg, this works:
    >
    > <authorization>
    > <allow roles="Foo" />
    > <deny users="?" />
    > <deny users="*" />
    > </authorization>
    >
    > but this doesnt:
    >
    > <authorization>
    > <deny users="?" />
    > <deny users="*" />
    > <allow roles="Foo" />
    > </authorization>
    >
    > ...for the latter my browser keeps popping a credentials dialog, even
    > tho im in the Foo role.
    >
    >
    > is this expected behavior? ASP.NET v2.
    >
    >
    > thanks!
    > sm
     
    Joe Kaplan, May 21, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jason Ferguson

    Introducing Dot Net Matters

    Jason Ferguson, Nov 20, 2005, in forum: ASP .Net
    Replies:
    0
    Views:
    346
    Jason Ferguson
    Nov 20, 2005
  2. pooh
    Replies:
    5
    Views:
    429
    Karl Heinz Buchegger
    Jan 25, 2005
  3. Twisted

    Wonky HTTP behavior?

    Twisted, Nov 13, 2006, in forum: Java
    Replies:
    7
    Views:
    513
    Twisted
    Nov 14, 2006
  4. SeanRW
    Replies:
    1
    Views:
    364
    Dominick Baier [DevelopMentor]
    May 25, 2006
  5. mindseeker

    javascript resize in IE/XP wonky

    mindseeker, Jan 24, 2006, in forum: Javascript
    Replies:
    3
    Views:
    126
    Randy Webb
    Jan 27, 2006
Loading...

Share This Page