Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Create a role and check it

Reply
Thread Tools

Create a role and check it

 
 
Magnus
Guest
Posts: n/a
 
      02-20-2007
Hello!

I 'm quite new to asp.net and trying to accomplish a web that gives 'admins'
some extra options in an aspx page.
I have a local group called admins at the dotnet server. In this group I
have domain users/groups.
I have this "code" in the web.config:
<authentication mode="Windows"/>

<identity impersonate="true"/>

If the user is a member of the local group myserver\admins something should
happend. Otherwise not!
How do I accomplish this? Please explain to a "dummie".

Regards Magnus


 
Reply With Quote
 
 
 
 
Dominick Baier
Guest
Posts: n/a
 
      02-20-2007
You can check for the role using Page/Context.User.IsInrole("admins") or
use the <authorization> element in web.config to declaratively restrict access
to pages and directories using roles. The site map feature is also role aware.

What else should happen?


Why do you have a <impersonate> element in config - you can remove that if
you are not sure if you need it.


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Hello!
>
> I 'm quite new to asp.net and trying to accomplish a web that gives
> 'admins'
> some extra options in an aspx page.
> I have a local group called admins at the dotnet server. In this group
> I
> have domain users/groups.
> I have this "code" in the web.config:
> <authentication mode="Windows"/>
> <identity impersonate="true"/>
>
> If the user is a member of the local group myserver\admins something
> should
> happend. Otherwise not!
> How do I accomplish this? Please explain to a "dummie".
> Regards Magnus
>



 
Reply With Quote
 
 
 
 
Magnus
Guest
Posts: n/a
 
      02-22-2007
Thank you. It worked perfectly!!!

Well, from the beginning I thought of using impersonate because the user
should use a database with his/her own account. Changed it to use one common
sql account instead, so that's true, I don't need impersonate anymore.
Does that make any sence to you?

Regards Magnus

"Dominick Baier" <dbaier@pleasepleasenospam_leastprivilege.com> wrote in
message news:(E-Mail Removed) m...
> You can check for the role using Page/Context.User.IsInrole("admins") or
> use the <authorization> element in web.config to declaratively restrict
> access to pages and directories using roles. The site map feature is also
> role aware.
>
> What else should happen?
>
>
> Why do you have a <impersonate> element in config - you can remove that if
> you are not sure if you need it.
>
>
> -----
> Dominick Baier (http://www.leastprivilege.com)
>
> Developing More Secure Microsoft ASP.NET 2.0 Applications
> (http://www.microsoft.com/mspress/books/9989.asp)
>
>> Hello!
>>
>> I 'm quite new to asp.net and trying to accomplish a web that gives
>> 'admins'
>> some extra options in an aspx page.
>> I have a local group called admins at the dotnet server. In this group
>> I
>> have domain users/groups.
>> I have this "code" in the web.config:
>> <authentication mode="Windows"/>
>> <identity impersonate="true"/>
>>
>> If the user is a member of the local group myserver\admins something
>> should
>> happend. Otherwise not!
>> How do I accomplish this? Please explain to a "dummie".
>> Regards Magnus
>>

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
AzMan Role Based Security vs. ASP.NET Role Based Security Kursat ASP .Net Security 1 05-07-2007 01:33 PM
How to create Profile,Membership and Role provider with SQL2000/2005 RedHair ASP .Net 2 02-21-2006 02:03 AM
Help - How to create new roles and assign users to each role Jena ASP .Net Security 1 11-03-2004 02:04 PM
Role-Based Security: ACLs and Role Hierarchies Liet Kynes ASP .Net 0 11-26-2003 08:08 AM
Role-based security: Access the role of current user Jesper Stocholm ASP .Net 2 08-23-2003 06:59 PM



Advertisments