«

In an intranet asp.net application I have the following in the web config:

<authentication mode="Windows" />

<location path="AdministrationFolder">
<system.web>
<authorization>
<allow users="John"/>
<allow users="David"/>
<allow users="Eric"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

The "Default.aspx" page is accessible to everybody.
I have a link <a href=Administration.aspx>Administration</a> on this page,
which I need it to be visible only if the user is one of those specified in
"<location path=....>" (If user = in (John, David, Eric) then, display the
link.)



How can I check if the logged user is one of the mentioned users above ?

The identity information that the UrlAuthorizationModule (the thing taht
consumes that particular piece of XML web.config) examines the
HttpContext.User property, specifically the .Identity.Name property and the
..IsInRole method to compare against user name and role membership, so you
can do the same thing programmatically in your code to conditionally display
specific markup.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"zino66" <> wrote in message
news:BA914AEF-61C7-4892-B5E3-...
> In an intranet asp.net application I have the following in the web config:
>
> <authentication mode="Windows" />
>
> <location path="AdministrationFolder">
> <system.web>
> <authorization>
> <allow users="John"/>
> <allow users="David"/>
> <allow users="Eric"/>
> <deny users="*"/>
> </authorization>
> </system.web>
> </location>
>
> The "Default.aspx" page is accessible to everybody.
> I have a link <a href=Administration.aspx>Administration</a> on this page,
> which I need it to be visible only if the user is one of those specified
> in
> "<location path=....>" (If user = in (John, David, Eric) then, display
> the
> link.)
>
>
>
> How can I check if the logged user is one of the mentioned users above ?
>
>

now I'm able to check the logged user name, but I need to compare it to the
one stored in <location path=....
<allow users='john'........

so, in the "Default.aspx" page, which is available to anybody (not only
'John',....),
I wrote:
Dim _as_ As Web.Configuration.AuthorizationSection =
Web.Configuration.WebConfigurationManager.GetSecti on("system.web/authorization", "~/Administration")

but I'm getting this error:
"The attribute 'users' has been locked in a higher level configuration"

I understand that accessing the config file in an already protected folder
from an unprotected page sound non-sense, but is there a way to work around
this ?

thanks for help


"Joe Kaplan" wrote:

> The identity information that the UrlAuthorizationModule (the thing taht
> consumes that particular piece of XML web.config) examines the
> HttpContext.User property, specifically the .Identity.Name property and the
> ..IsInRole method to compare against user name and role membership, so you
> can do the same thing programmatically in your code to conditionally display
> specific markup.
>
> --
> Joe Kaplan-MS MVP Directory Services Programming
> Co-author of "The .NET Developer's Guide to Directory Services Programming"
> http://www.directoryprogramming.net
> "zino66" <> wrote in message
> news:BA914AEF-61C7-4892-B5E3-...
> > In an intranet asp.net application I have the following in the web config:
> >
> > <authentication mode="Windows" />
> >
> > <location path="AdministrationFolder">
> > <system.web>
> > <authorization>
> > <allow users="John"/>
> > <allow users="David"/>
> > <allow users="Eric"/>
> > <deny users="*"/>
> > </authorization>
> > </system.web>
> > </location>
> >
> > The "Default.aspx" page is accessible to everybody.
> > I have a link <a href=Administration.aspx>Administration</a> on this page,
> > which I need it to be visible only if the user is one of those specified
> > in
> > "<location path=....>" (If user = in (John, David, Eric) then, display
> > the
> > link.)
> >
> >
> >
> > How can I check if the logged user is one of the mentioned users above ?
> >
> >
>
> .
>

If I were solving the problem, I'd approach it differently.

I'd create a mechanism to put these users in a role called "Admin" or
something like that and then hard code the configuration section and your
security trimming UI code to just check that.

To generate a role for a user on the fly, you can hook the authenticate
event in global.asax (or something similar) and just issue an new
GenericPrincipal for the authenticated user that add specific users to a
role. You can create a custom configuration value of your own choosing to
determine which users are in the admin role or not.

I'm not sure what the recommended method to read the configuration file
directly is but it seems that ASP.NET does not want you doing it the way you
are trying right now.

--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"zino66" <> wrote in message
news:4CBD42B0-747F-4C98-9F56-...
> now I'm able to check the logged user name, but I need to compare it to
> the
> one stored in <location path=....
> <allow users='john'........
>
> so, in the "Default.aspx" page, which is available to anybody (not only
> 'John',....),
> I wrote:
> Dim _as_ As Web.Configuration.AuthorizationSection =
> Web.Configuration.WebConfigurationManager.GetSecti on("system.web/authorization",
> "~/Administration")
>
> but I'm getting this error:
> "The attribute 'users' has been locked in a higher level configuration"
>
> I understand that accessing the config file in an already protected folder
> from an unprotected page sound non-sense, but is there a way to work
> around
> this ?
>
> thanks for help
>
>
> "Joe Kaplan" wrote:
>
>> The identity information that the UrlAuthorizationModule (the thing taht
>> consumes that particular piece of XML web.config) examines the
>> HttpContext.User property, specifically the .Identity.Name property and
>> the
>> ..IsInRole method to compare against user name and role membership, so
>> you
>> can do the same thing programmatically in your code to conditionally
>> display
>> specific markup.
>>
>> --
>> Joe Kaplan-MS MVP Directory Services Programming
>> Co-author of "The .NET Developer's Guide to Directory Services
>> Programming"
>> http://www.directoryprogramming.net
>> "zino66" <> wrote in message
>> news:BA914AEF-61C7-4892-B5E3-...
>> > In an intranet asp.net application I have the following in the web
>> > config:
>> >
>> > <authentication mode="Windows" />
>> >
>> > <location path="AdministrationFolder">
>> > <system.web>
>> > <authorization>
>> > <allow users="John"/>
>> > <allow users="David"/>
>> > <allow users="Eric"/>
>> > <deny users="*"/>
>> > </authorization>
>> > </system.web>
>> > </location>
>> >
>> > The "Default.aspx" page is accessible to everybody.
>> > I have a link <a href=Administration.aspx>Administration</a> on this
>> > page,
>> > which I need it to be visible only if the user is one of those
>> > specified
>> > in
>> > "<location path=....>" (If user = in (John, David, Eric) then, display
>> > the
>> > link.)
>> >
>> >
>> >
>> > How can I check if the logged user is one of the mentioned users above
>> > ?
>> >
>> >
>>
>> .
>>