Authentication to specific files/pages

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

ET - 12 Feb 2004 05:02 GMT

Hi,

The situation is that I have a virtual site (created from IIS) where all
domain users can access via the intranet. However, there are a few pages
that we would like to restrict user access. I tried to use NTFS settings to
allow a certain people to access the .aspx pages, however, it seems that
after removing "everyone" and adding users to the list on the NTFS settings
(right click on file --> property --> security), no one can access the page.

I read on the forum that the web.config file seem to be able to do something
to do with access permissions. I was wondering whether creating a web.config
from scratch would solve our current permissions problem? If so, do I put
the file in the virutal site top folder? Also, is it possible to use windows
domain users instead of user/pass saved in a database? If so, how do you
connect the web.config file to the domain?

Thanks!

ET

P.S. Some of my questions might not make a lot of sense, because I'm not too
sure how does the web.config file work. Sorry about that.

Reply to this Message

David Coe, MCP - 12 Feb 2004 20:51 GMT

ET

You have some very valid questions, and I will try to make sense of what you are asking

Yes, you can use the windows domain accounts instead of a database to authenticate your users. You will need to enable IIS for Windows authentication, and then in the web.config file, use <authentication mode="Windows" /> and <authorization><allow users="*" /></authorization> ... you can either list all of the users you want to allow/deny access to, or you can list specific roles that you want to allow access to (ie, administrator)

You have a few options when it comes to configuring access for each directory. You can either put a web.config file in each directory, or in your top-level web.config file you can add a <location> element and specify the directories that you want to allow/deny access to. For instance

</authorization></system.web></location

Reply to this Message

ET - 13 Feb 2004 03:48 GMT

Hi David,

Thanks for your prompt reply. Your explanation really helped. I have another
question regarding the allow/deny permissions. Does "deny" always override
"allow"? Also, is there a way to write the code so that only a few users are
allowed to access, and the rest are denied? Because of deny always overrides
allow, there doesn't seem to be any point writing the list of allowed users
when "deny everyone/the rest" overrides it. Thanks again!

ET

> ET -
>
> You have some very valid questions, and I will try to make sense of what you are asking.
>
> Yes, you can use the windows domain accounts instead of a database to authenticate your users. You will need to enable IIS for Windows

authentication, and then in the web.config file, use <authentication
mode="Windows" /> and <authorization><allow users="*" /><!-- <allow users="[comma separated list of users]"

> roles="[comma separated list of roles]"/><deny users="[comma separated list of users]"
> roles="[comma separated list of roles]"/>
> --></authorization> ... you can either list all of the users you want to allow/deny access to, or you can list specific roles that you

want to allow access to (ie, administrator).

> You have a few options when it comes to configuring access for each directory. You can either put a web.config file in each directory, or in

your top-level web.config file you can add a <location> element and specify
the directories that you want to allow/deny access to. For instance:

> <!--close the system.web element></system.web><location path="folder_or_file_name"><system.web><authorization><allow users="*"

/><!-- <allow users="[comma separated list of
users]"

> roles="[comma separated list of roles]"/><deny users="[comma separated list of

users]"

> roles="[comma separated list of roles]"/>
> --></authorization></system.web></location

Reply to this Message

ET - 13 Feb 2004 06:21 GMT

Hi again,

Do you absolutely must create some kind of login page for the web.config
file to work? I placed the file in the directory however I kept on getting
the same error message (Server Error in '/'Application). What am I missing?
Thanks again!

ET

my web.config file:
========

<configuration>
<location path="test_req.aspx">
<security>
<system.web>
<customErrors mode="Off"/>
<authorization>
<allow users="DOMAIN\someuser"/>
<deny users="*"/> 
</authorization>
</system.web>
</security>
</location>
</configuration>

========

want to allow access to (ie, administrator).

> You have a few options when it comes to configuring access for each directory. You can either put a web.config file in each directory, or in

your top-level web.config file you can add a <location> element and specify
the directories that you want to allow/deny access to. For instance:

> <!--close the system.web element></system.web><location path="folder_or_file_name"><system.web><authorization><allow users="*"

/><!-- <allow users="[comma separated list of
users]"

> roles="[comma separated list of roles]"/><deny users="[comma separated list of

users]"

> roles="[comma separated list of roles]"/>
> --></authorization></system.web></location

Reply to this Message

.NET Follower - 21 Feb 2004 11:47 GMT

hi,
<allow users="DOMAIN\someuser"/>

> <deny users="*"/>

u can do as this
<allow users="*">
<deny user=DOMAIN\someusers>
can u give details of error

if u dont specify login page....
where will u redirect the user....

Signature

Thanks and Regards,

Amit Agarwal

> Hi again,
>
[quoted text clipped - 50 lines]
> /><!-- <allow users="[comma separated list of
> users]"

roles="[comma

> separated list of roles]"/><deny users="[comma separated list of
> users]"

roles="[comma

> separated list of roles]"/>

--></authorization></

> system.web></location>

Reply to this Message

ET - 26 Feb 2004 22:54 GMT

Hi again,

If I use your piece of code:

> <allow users="*">
> <deny user=DOMAIN\someusers>
> can u give details of error

Doesn't this mean if I had 100 users in the company , I would have to deny
94 users if only 6 of them were allowed to view the page?
I was thinking of something like windows authentication where a window pops
up asking for user/pass when you access the page.

Below is the error message I got after using the web.config file I attempted
to write.

Thanks!

ET

Server Error in '/' Application.

----------------------------------------------------------------------------
----

The "SendUsing" configuration value is invalid.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.

Exception Details: System.Runtime.InteropServices.COMException: The
"SendUsing" configuration value is invalid.

Source Error:

The source code that generated this unhandled exception can only be
shown when compiled in debug mode. To enable this, please follow one of the
below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated
the error. Example:

<%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your
application:

<configuration>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>

Note that this second technique will cause all files within a given
application to be compiled in debug mode. The first technique will cause
only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a
memory/performance overhead. You should make sure that an application has
debugging disabled before deploying into production scenario.

Stack Trace:

[COMException (0x80040220): The "SendUsing" configuration value is
invalid.] [TargetInvocationException: Exception has been thrown by the
target of an invocation.] System.RuntimeType.InvokeDispMethod(String name,
BindingFlags invokeAttr, Object target, Object[] args, Boolean[]
byrefModifiers, Int32 culture, String[] namedParameters) +0
System.RuntimeType.InvokeMember(String name, BindingFlags invokeAttr, Binder
binder, Object target, Object[] args, ParameterModifier[] modifiers,
CultureInfo culture, String[] namedParameters) +473
System.Web.Mail.LateBoundAccessHelper.CallMethod(Object obj, String
methodName, Object[] args) +58 [HttpException (0x80004005): Could not access
'CDO.Message' object.]
System.Web.Mail.LateBoundAccessHelper.CallMethod(Object obj, String
methodName, Object[] args) +113
System.Web.Mail.CdoSysHelper.Send(MailMessage message) +1846
System.Web.Mail.SmtpMail.Send(MailMessage message) +153
_ASP.test_req_aspx.Send_Email(Object Sender, EventArgs e) +552
System.Web.UI.HtmlControls.HtmlInputButton.OnServerClick(EventArgs e) +108
System.Web.UI.HtmlControls.HtmlInputButton.System.Web.UI.IPostBackEventHandl
er.RaisePostBackEvent(String eventArgument) +57
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl,
String eventArgument) +18
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33
System.Web.UI.Page.ProcessRequestMain() +1277

----------------------------------------------------------------------------
----

Version Information: Microsoft .NET Framework Version:1.1.4322.573; ASP.NET
Version:1.1.4322.573

> hi,
> <allow users="DOMAIN\someuser"/>
[quoted text clipped - 83 lines]
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.593 / Virus Database: 376 - Release Date: 2/20/2004

Reply to this Message

Authentication to specific files/pages

Free Magazines