Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Web Site Configuration for remote users

Reply
Thread Tools

Web Site Configuration for remote users

 
 
Mikey Baby
Guest
Posts: n/a
 
      03-21-2007
Greetings all

I've just re-engineered a small system to use the Roles/Membership and
ASP.Net Configuraton Tool.

I've configured it for 'From the Internet' access.

However, I can access the Config Tool by just running it. I don't have to
login.

I hunted around and found this:
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP. NETWebAdminFiles\web.config

So I altered it to Forms authentication and did this:
<authorization>
<deny users="*"/>
<allow roles="Manager" />
</authorization>

This is slight progress. I can't administer the site anymore - it's looking
for login.aspx. But this doesn't exist in the folder.

I know this is probably all because I'm working locally, but I'd like to be
sure before I roll this out (I don't have a test environment).

Many thanks

M.

MCDBA : MCSD
 
Reply With Quote
 
 
 
 
Dominick Baier
Guest
Posts: n/a
 
      03-21-2007
So what are you really trying to achieve?

use the tool to remote administer the site?
or prevent remote administration?


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Greetings all
>
> I've just re-engineered a small system to use the Roles/Membership and
> ASP.Net Configuraton Tool.
>
> I've configured it for 'From the Internet' access.
>
> However, I can access the Config Tool by just running it. I don't have
> to login.
>
> I hunted around and found this:
> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP. NETWebAdminFiles\web
> .config
> So I altered it to Forms authentication and did this:
> <authorization>
> <deny users="*"/>
> <allow roles="Manager" />
> </authorization>
> This is slight progress. I can't administer the site anymore - it's
> looking for login.aspx. But this doesn't exist in the folder.
>
> I know this is probably all because I'm working locally, but I'd like
> to be sure before I roll this out (I don't have a test environment).
>
> Many thanks
>
> M.
>
> MCDBA : MCSD
>



 
Reply With Quote
 
 
 
 
Mikey Baby
Guest
Posts: n/a
 
      03-21-2007
> use the tool to remote administer the site?

However, I'm possibly a little confused.

Is the ASP.Net Configuration Tool designed for live use? Or is it just
something for VS2005 to work against?

My site uses Accounts, Roles etc and I'd like to rip out my custom code and
use this tool instead. I want my users to create their own accounts and then
I will add them to the Role that allows access to the PaySite bits.

So, I guess I want the following:

1. A proper method to distribute this to my provider (a .net hosting company)
2. Prevent my users from using it through Forms Authentication

I'm starting to suspect that this might not be possible. For example; it
uses the Machine.config file which I won't have access to as I'm using a
shared host.

All the info/articles I can find are about standard usage of this Tool
(Providers, App. Settings etc). Nothing about actually rolling this out.

Then again, if it's not designed for live use, what's the point?

Also, on a brand new WS2003 machine, the Config site is there, but still no
login.aspx page. I think this Tool only works with Windows Authentication?

M.

MCDBA : MCSD


"Dominick Baier" wrote:


 
Reply With Quote
 
Dominick Baier
Guest
Posts: n/a
 
      03-21-2007
in theory it works remotely - but if you inspect the source, there is an
explicit check for local connection...


so it was designed to be used local only - every other scenario is not officially
supported (though it will work - but requires thorough testing)

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

>> use the tool to remote administer the site?
>>

> However, I'm possibly a little confused.
>
> Is the ASP.Net Configuration Tool designed for live use? Or is it just
> something for VS2005 to work against?
>
> My site uses Accounts, Roles etc and I'd like to rip out my custom
> code and use this tool instead. I want my users to create their own
> accounts and then I will add them to the Role that allows access to
> the PaySite bits.
>
> So, I guess I want the following:
>
> 1. A proper method to distribute this to my provider (a .net hosting
> company) 2. Prevent my users from using it through Forms
> Authentication
>
> I'm starting to suspect that this might not be possible. For example;
> it uses the Machine.config file which I won't have access to as I'm
> using a shared host.
>
> All the info/articles I can find are about standard usage of this Tool
> (Providers, App. Settings etc). Nothing about actually rolling this
> out.
>
> Then again, if it's not designed for live use, what's the point?
>
> Also, on a brand new WS2003 machine, the Config site is there, but
> still no login.aspx page. I think this Tool only works with Windows
> Authentication?
>
> M.
>
> MCDBA : MCSD
>
> "Dominick Baier" wrote:
>



 
Reply With Quote
 
Mikey Baby
Guest
Posts: n/a
 
      03-22-2007
Well, I've almost got it working. Added a login page, various web.config
changes, file system permissions etc. Just dealing with the LocalOnly
hardcode at the moment.

However, I'm struggling to understand why this was built at all.

It assumes that it's only being used on the developers desktop -or- we have
Remote Desktop connections to the Server. Which, if we did, why not just
write a Winforms app? Or extend the ASP.Net Config Form in IIS.

My App is based on multiple, low cost, hosts. I'm lucky if I get a single
SQL Express DB. Forget about Remote Desktop access or IIS administration.

Hopefully, I can contribute an Article somewhere explaining how to get this
running remotely as I equally can't understand why this aspect of the tool
isn't discussed in other forums. Does no-one use this live?

Regards and thanks for the input.

M.

MCDBA : MCSD


 
Reply With Quote
 
Dominick Baier
Guest
Posts: n/a
 
      03-22-2007
Well - i never came across someone who uses it live - and it was never designed
for that scenario...

It is for local only stuff...


-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

> Well, I've almost got it working. Added a login page, various
> web.config changes, file system permissions etc. Just dealing with the
> LocalOnly hardcode at the moment.
>
> However, I'm struggling to understand why this was built at all.
>
> It assumes that it's only being used on the developers desktop -or- we
> have Remote Desktop connections to the Server. Which, if we did, why
> not just write a Winforms app? Or extend the ASP.Net Config Form in
> IIS.
>
> My App is based on multiple, low cost, hosts. I'm lucky if I get a
> single SQL Express DB. Forget about Remote Desktop access or IIS
> administration.
>
> Hopefully, I can contribute an Article somewhere explaining how to get
> this running remotely as I equally can't understand why this aspect of
> the tool isn't discussed in other forums. Does no-one use this live?
>
> Regards and thanks for the input.
>
> M.
>
> MCDBA : MCSD
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
List of free web site design, web site backgrounds, web site layoutsresources cyber XML 1 12-25-2007 11:48 PM
Free web site design, web site backgrounds, web site layoutsresources cyber HTML 0 12-24-2007 04:26 PM
List of free web site design, web site backgrounds, web site layoutsresources cyber HTML 0 12-21-2007 03:47 PM
List of free web site design, web site backgrounds, web site layoutsweb sites cyber HTML 1 12-19-2007 09:07 AM
BMC Configuration Management - Users Group, formerly Marimba Users Group. chrisandnat@gmail.com Java 0 10-01-2007 06:36 PM



Advertisments