Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Web.config: <allow users="xxxx" /> Where does xxxx come from?

Reply
Thread Tools

Web.config: <allow users="xxxx" /> Where does xxxx come from?

 
 
sjl
Guest
Posts: n/a
 
      04-26-2005
I'm using Forms Authentication. When I authenticate a user from a database,
I use the following line:
FormsAuthentication.RedirectFromLoginPage(paramete rID.Value.ToString(),chkRemember.Checked);

where parameterID.Value is the ouput parameter from my stored proc which is
the primary key from the database of the user who logged in. That way, I
always use that key when writing back to the database for various tasks
(Page.User.Identity.Name). Is that the same value that gets evaluated in
the web.config file authorization section to allow/deny users? For example,
what user am I really looking for if I use <allow users="xxxx" /> in the
web.config file? They login using email/password, but I write the
authentication ticket using the primary key from the database.

What I'm really wanting to do is use forms auth to secure one folder for
only authenticated users. Anyone who is registered on my site and logs in
can get to all files in that folder. Additionally, I'd like to have an
administrative back-end for the site in another subfolder that will only all
myself into. Am I forced to use roles to accomplish this or can I do this
with simple web.config settings?

Thanks in advance.
sjl


 
Reply With Quote
 
 
 
 
MasterGaurav
Guest
Posts: n/a
 
      04-26-2005
Just use:
<deny users="?"/>

Anyway... "XXXX" in <allow users=..."/> is the list of users that will
be allowed access. It's the same as the first parameter in
RedirectFromLoginPage(...) method.

For your situation, you may like to do the following:

<location path="dirName">
<system.web>
<authorization>
<deny users="?"/> <!-- Denying anonymous users -->
</authorization>
<authentication mode="Forms">
....
</authentication>
</system.web>
</location>



--
Cheers,
Gaurav Vaish
http://www.mastergaurav.org
http://mastergaurav.blogspot.com
--------------------------------

 
Reply With Quote
 
 
 
 
sjl
Guest
Posts: n/a
 
      04-26-2005
Thanks Gaurav. Since I want to deny anonymous users AND all authenticated
users other than myself for this Admin folder, wouldn't I also need to add
<allow users="1" /> where my primary key ID from the database is 1? Or, do
I need to deny ALL users (<deny users="*"/>) and only <allow users = "1" />?
I'm pretty sure I've tried this, but couldn't determine why it wasn't only
allowing my account access and not all others.

I'll keep working on it. You've answered my question though regarding where
the xxxx comes from in the allow/deny users statement for the web.config.

Thanks,
sjl


"MasterGaurav" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Just use:
> <deny users="?"/>
>
> Anyway... "XXXX" in <allow users=..."/> is the list of users that will
> be allowed access. It's the same as the first parameter in
> RedirectFromLoginPage(...) method.
>
> For your situation, you may like to do the following:
>
> <location path="dirName">
> <system.web>
> <authorization>
> <deny users="?"/> <!-- Denying anonymous users -->
> </authorization>
> <authentication mode="Forms">
> ....
> </authentication>
> </system.web>
> </location>
>
>
>
> --
> Cheers,
> Gaurav Vaish
> http://www.mastergaurav.org
> http://mastergaurav.blogspot.com
> --------------------------------
>



 
Reply With Quote
 
MasterGaurav
Guest
Posts: n/a
 
      04-28-2005
Ok.. then do:

<allow users="comma, separated, list, of, id"/>
<deny users="*"/>

Allow first.
Deny next.

--
Cheers,
Gaurav Vaish
http://www.mastergaurav.org
http://mastergaurav.blogspot.com
--------------------------------

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: D.A.L. (h) xxx-xxx-xxxx Don Klipstein Digital Photography 1 11-11-2010 09:28 AM
what does 'b.jpg?xxxx' mean? is it a jpg or a script? leo.hou@gmail.com Javascript 3 09-27-2006 08:24 PM
Does the 2.0 Framework come out when Visual Studio .NET 2005 does? needin4mation@gmail.com ASP .Net 3 10-07-2005 12:55 AM
Need to Format a zipcode into xxxxx-xxxx. Jeff Thur ASP .Net Datagrid Control 1 02-18-2005 04:14 AM
Come One, Come All Jess Guim Digital Photography 0 12-02-2003 04:43 PM



Advertisments