Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / General / June 2007

Tip: Looking for answers? Try searching our database.

problem with role and accessibility

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Chris - 19 Jun 2007 10:20 GMT
Hi,

i defined a role ('manager') with one memberuser: Bob.
The website has a subdirectory called "allusers" which contains two pages:
allusers.aspx and manager.aspx.
The page allusers.aspx must be accessible by all users while the page
manager.aspx must be only accessible by members of the role manager.

The web.config of directory 'allusers' contains this:

<location path="manager.aspx">
   <system.web>
     <authorization>
       <deny users="*" />
       <allow roles="manager" />
      </authorization>
   </system.web>
 </location>

When logged via login.aspx, the user is redirected to a menu.apsx with a
hyperlink to manager.aspx.
When logged as Bob and clicking on the link to manager.aspx, i have no
access and i'm redirected to login.aspx.
Why?

I added in web.config this:

<allow users="Bob" />

but still no access !!!

What's wrong here?
Thanks
Chris
Reply to this Message
Ben Rush - 19 Jun 2007 14:49 GMT
For the sake of completeness, have you tried copying the string "manager"
from your web.config file and doing a IsUserInRole to verify that "Bob" or
whatever is, indeed, in the role? Perhaps do a redirect if he is and just
verify that you have things configured properly.
http://msdn2.microsoft.com/en-us/library/system.web.security.roles.isuserinrole.aspxA
whole slew of weird things could be off somewhere.

Signature

~~~~~~~~~~~~~~~~~~~~~~~~~~
Ben Rush
Microsoft .NET Consultant
http://www.ben-rush.net/blog
http://www.sideshowsystems.com

> Hi,
>
[quoted text clipped - 30 lines]
> Thanks
> Chris
Reply to this Message
Chris - 19 Jun 2007 15:59 GMT
thanks, but it just found it:

<deny=..> must come after <allow ...>

..

> For the sake of completeness, have you tried copying the string "manager"
> from your web.config file and doing a IsUserInRole to verify that "Bob" or
[quoted text clipped - 37 lines]
>> Thanks
>> Chris
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.