Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > window based authentication with members defined in a distribution list.

Reply
Thread Tools

window based authentication with members defined in a distribution list.

 
 
Biranchi Narayan Panda
Guest
Posts: n/a
 
      02-21-2010

I want windows based authentication for a particular folder of my web pages.
This page should be accessible to only some of the managers and some other
roles.
I don't want to allow or deny role and persons in web.config.

Rather, is it possible that a distribution list created in active directory
of the domain and linked with web config? The logins that are there in the
distribution list will only be able to view the pages and others will get
error.aspx page.

In this way, the non-technical higher position persons will also be able to
grant and deny access to other members.

 
Reply With Quote
 
 
 
 
Bob Barrows
Guest
Posts: n/a
 
      02-21-2010
Biranchi Narayan Panda wrote:
> I want windows based authentication for a particular folder of my web
> pages. This page should be accessible to only some of the managers
> and some other roles.
> I don't want to allow or deny role and persons in web.config.
>
> Rather, is it possible that a distribution list created in active
> directory of the domain and linked with web config? The logins that
> are there in the distribution list will only be able to view the
> pages and others will get error.aspx page.
>
> In this way, the non-technical higher position persons will also be
> able to grant and deny access to other members.


You should be aware that each folder in a website can have its own
web.config file in which you can create this restriction. And yes, an AD
group can certainly be used instead of a user's name in the web.config file.

Please note: m.p.inetserver.asp.general is a classic ASP group and has only
a few dotnet-aware regulars. For that reason, I am removing it from the
distribution list for this reply.

--
Microsoft MVP - ASP/ASP.NET - 2004-2007
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"


 
Reply With Quote
 
 
 
 
Bernd Wechner
Guest
Posts: n/a
 
      05-11-2010
"Bob Barrows" wrote:
> yes, an AD group can certainly be used instead of a user's
> name in the web.config file.


Alas I am unclear on this point. I have exactly the same wish. That a non
tech savvy manager without access to the web server per se, can via their
MS-Outlook Address book and managing a distribution list, win two immediate
benefits:

a) The ability to control who has access to a web site, and
b) The ability to email them as a group.

Now I find what you've suggested very encouraging Bob and am back here after
a good 20 minutes of reading google results varying my search without
successfully finding clear documentation or an example.

Here's what I have in my web.config now:

<authorization>
<allow roles="domain\websiteusers"/>
<deny users="*"/>
</authorization>

alas "domain\websiteusers" is a security group set by our IT staff and not
to my knowledge easily modified by a manager using the tools they have. Hence
the interest in a distribution list. Now let me suppose I have a distribution
list on Active Directory named "domain\websiteuserlist"

I have tested both of these scenarios quickly with no success:

<authorization>
<allow roles="domain\websiteuserlist"/>
<deny users="*"/>
</authorization>

and

<authorization>
<allow users="domain\websiteuserlist"/>
<deny users="*"/>
</authorization>

now I'm tempted to conclude from you cursory statement that the latter test
should function. Alas I haven't replicated it. I add a user to
domain\websiteuserlist and voila, the still can't access the website.

It may be that all I'm experience is latency. That ti would help if I
rebooted their PC, or had them log out and in again, and/or the server and/or
.... my point is simply groping for answers in the dark is a frustrating time
consumer and the lack of clear documentation has frustrated me.

I look at page like this:

http://msdn.microsoft.com/en-us/libr...8VS.80%29.aspx

and I feel like reprimanding a microsoft documenters (well, humility aside,
I've managed documentation for years and would indeed be having a chat with
my staff about a page like this). What exactly IS a user and role? Where are
they defined? At best it sends me off to some obtuse pages on ASP role
management which takes me down many paths not of immediate interest to me
(although it would no doubt of great benefit if I took the time to research
and understand the complete security model all the same I ma interested
primarily in a quick answer - greedy I am). In short this page ought to tell
me clearly what kinds of strings are valid as roles and users and where they
are defined. And it doesn't.

Anyhow, if you perchance have the time for a clear example I would be
grateful to you. In the mean time I am in the dark still unless I stumble
upon another clarification soon.

Cheers,

Bernd.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
window based authentication with members defined in a distribution list. Biranchi Narayan Panda ASP .Net Security 2 05-11-2010 01:28 AM
window based authentication with members defined in a distribution list. Biranchi Narayan Panda ASP General 0 02-21-2010 06:50 PM
window based authentication with members defined in a distribution list. Biranchi Narayan Panda ASP .Net 0 02-21-2010 06:49 PM
window based authentication with members defined in a distribution list. Biranchi Narayan Panda ASP .Net 0 02-18-2010 07:20 PM
#if (defined(__STDC__) && !defined(NO_PROTOTYPE)) || defined(__cplusplus) Oodini C Programming 1 09-27-2005 07:58 PM



Advertisments