Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net Security (http://www.velocityreviews.com/forums/f62-asp-net-security.html)
-   -   Can we override the Authorization Module to write custom access rules? (.NET 2.0) (http://www.velocityreviews.com/forums/t768383-can-we-override-the-authorization-module-to-write-custom-access-rules-net-2-0-a.html)

dorionda@gmail.com 03-10-2006 09:33 PM

Can we override the Authorization Module to write custom access rules? (.NET 2.0)
 
Hi everyone,

Is it possible to override the Authorization Module so that I could add
a custom parameter to the <allow> tag in the Web.Config?

example:

<configuration>
<system.web>
<authorization>
<allow usersInGroup="Group A"/> /*<< custom parameter here */
<allow roles="student"/>
<deny users="*"/>
<deny roles="*"/>
<deny usersInGroup="*"/>
</authorization>
</system.web>
</configuration>


Joe Kaplan \(MVP - ADSI\) 03-10-2006 09:52 PM

Re: Can we override the Authorization Module to write custom access rules? (.NET 2.0)
 
You would need to write your own. It is not inhertible.

Have you considered just adding "Group A" to the user's roles? You could
add a shim module that would run after authentication that would create a
new IPrincipal and stuff some additional roles in there or something.

Joe K.

<dorionda@gmail.com> wrote in message
news:1142026433.525962.139040@v46g2000cwv.googlegr oups.com...
> Hi everyone,
>
> Is it possible to override the Authorization Module so that I could add
> a custom parameter to the <allow> tag in the Web.Config?
>
> example:
>
> <configuration>
> <system.web>
> <authorization>
> <allow usersInGroup="Group A"/> /*<< custom parameter here */
> <allow roles="student"/>
> <deny users="*"/>
> <deny roles="*"/>
> <deny usersInGroup="*"/>
> </authorization>
> </system.web>
> </configuration>
>




Dominick Baier [DevelopMentor] 03-10-2006 10:07 PM

Re: Can we override the Authorization Module to write custom access rules? (.NET 2.0)
 
i don't see a difference between roles and usersInGroup???!!!

---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com

> You would need to write your own. It is not inhertible.
>
> Have you considered just adding "Group A" to the user's roles? You
> could add a shim module that would run after authentication that would
> create a new IPrincipal and stuff some additional roles in there or
> something.
>
> Joe K.
>
> <dorionda@gmail.com> wrote in message
> news:1142026433.525962.139040@v46g2000cwv.googlegr oups.com...
>
>> Hi everyone,
>>
>> Is it possible to override the Authorization Module so that I could
>> add a custom parameter to the <allow> tag in the Web.Config?
>>
>> example:
>>
>> <configuration>
>> <system.web>
>> <authorization>
>> <allow usersInGroup="Group A"/> /*<< custom parameter here */
>> <allow roles="student"/>
>> <deny users="*"/>
>> <deny roles="*"/>
>> <deny usersInGroup="*"/>
>> </authorization>
>> </system.web>
>> </configuration>




Joe Kaplan \(MVP - ADSI\) 03-10-2006 10:25 PM

Re: Can we override the Authorization Module to write custom access rules? (.NET 2.0)
 
Perhaps he can elaborate on what he is trying to do? Maybe there is some
hybrid of application-specific roles he is generating and AD groups and we
wants to use both or something? It isn't clear to me. It still seems like
a composite IPrincipal object would be the way to go.

Joe K.

"Dominick Baier [DevelopMentor]" <dbaier@pleasepleasenospamdevelop.com>
wrote in message news:4580be63197ffc8c812ae80e5c874@news.microsoft. com...
>i don't see a difference between roles and usersInGroup???!!!
>
> ---------------------------------------
> Dominick Baier - DevelopMentor
> http://www.leastprivilege.com
>





All times are GMT. The time now is 10:19 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.