Ask a Question related to ASP.NET General, Design and Development.
-
Rory #1
Access problem of a folder.
Perhaps you could try adding a seperate web.config file in
the folder that you want the restrictions on. In this new
web.config file, include the authorization tag for denying
all users.
allowing all>-----Original Message-----
>In my application I'm using forms authentication, butSo in web.config>users.
><authorization>
> <allow users="*" /> <!-- Allow all users -->
></authorization>
>
>And I don't want anybody to access to a special folder.directory. Can>I wrote:
>
><location path="Data">
> <system.web>
> <authorization>
> <deny users="*" />
> </authorization>
> </system.web>
></location>
>
>
>But Ýt doesn't work. I can access to .xml files in the>anyone see what is wrong...?
>.
>Rory Guest
-
Can I allow access to one file within a folder, but notthe whole folder
I want to allow access for users to edit only specific file within a folder. Can I do this Also, since I am just starting to use this on a new... -
Folder and File Access
Is is possible to give a Publisher access to the root index file but not the root of the site? I would like them to be able to edit the home page... -
Access folder from the network
I am keeping all the images out of the webserver. This is in some other system in the network. Can anybody please give me workaround in asp.net,... -
folder created, but no access
Hi there, thats an error i try to solve for quite a while already but didn't find a solution yet. My problem: I'm writing a little cms, that... -
folder access in share
In article <un6Zq$9RDHA.3768@tk2msftngp13.phx.gbl>, "WILLIAM WELBORN" <bwelborn707@email.uophx.edu> wrote: That message is very misleading. The... -
S. Justin Gengo #2 Re: Access problem of a folder.
I can't be exactly certain about what might be wrong. Your code snippet
looks fine.
So here is an entire web.config file that is working for me. Maybe you can
spot the difference...
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<!-- DYNAMIC DEBUG COMPILATION
Set compilation debug="true" to insert debugging symbols (.pdb
information)
into the compiled page. Because this creates a larger file that
executes
more slowly, you should set this value to true only when debugging
and to
false at all other times. For more information, refer to the
documentation about
debugging ASP.NET files.
-->
<compilation defaultLanguage="vb" debug="true" />
<!-- CUSTOM ERROR MESSAGES
Set customErrors mode="On" or "RemoteOnly" to enable custom error
messages, "Off" to disable.
Add <error> tags for each of the errors you want to handle.
-->
<customErrors mode="Off" />
<!-- AUTHENTICATION
This section sets the authentication policies of the application. Possible
modes are "Windows",
"Forms", "Passport" and "None"
-->
<authentication mode="Forms">
<!-- The name attribute below specifies the name of the browser cookie
that contains the authentication ticket. By default the cookie is named
..ASPXAUTH. If you are configuring multiple apps on the same server, you
should give a uniques cookie name for each app. loginUrl is the page to
which users are auto-redirected to when authentication is required. timeout
is the amnt. of time in minutes before a cookie expires. The default is 30
min. -->
<forms name="AboutFortunate" loginUrl="admin/login.aspx" timeout="20">
<credentials passwordFormat="SHA1">
<user name="[UserName]" password="[HashedPassword]"/>
</credentials>
</forms>
</authentication>
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You
can allow or deny access
to application resources by user or role. Wildcards: "*" mean
everyone, "?" means anonymous
(unauthenticated) users.
-->
<authorization>
<!-- allowing anonymous users access to the entire app -->
<allow users="?" />
</authorization>
<!-- APPLICATION-LEVEL TRACE LOGGING
Application-level tracing enables trace log output for every page
within an application.
Set trace enabled="true" to enable application trace logging. If
pageOutput="true", the
trace information will be displayed at the bottom of each page.
Otherwise, you can view the
application trace log by browsing the "trace.axd" page from your
web application
root.
-->
<trace enabled="false" requestLimit="10" pageOutput="false"
traceMode="SortByTime" localOnly="false" />
<!-- SESSION STATE SETTINGS
By default ASP.NET uses cookies to identify which requests belong
to a particular session.
If cookies are not available, a session can be tracked by adding a
session identifier to the URL.
To disable cookies, set sessionState cookieless="true".
-->
<sessionState
mode="InProc"
stateConnectionString="tcpip=127.0.0.1:42424"
sqlConnectionString="data source=127.0.0.1;user id=sa;password="
cookieless="false"
timeout="20"
/>
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
-->
<globalization requestEncoding="utf-8" responseEncoding="utf-8" />
</system.web>
<!-- LOCATION
The "<location>" tag allows a developer to specify a particular folder /
file to set
properties for.
-->
<location path="admin">
<system.web>
<!-- AUTHORIZATION
This section sets the authorization policies of the application. You can
allow or deny access
to application resources by user or role. Wildcards: "*" mean everyone,
"?" means anonymous
(unauthenticated) users.
-->
<authorization>
<!-- I use the code below to allow one and only one user to access the
ADMIN folder
(directory). My login script returns a username and not an id value. If
it returned an id
value then the id value would be used instead. I then deny all users and
anonymous users.
Thus only one user, the site admin, can access the folder "Admin" and
any pages in that
folder. -->
<allow users="philosopher"></allow>
<deny users="*"></deny>
<deny users="?"></deny>
</authorization>
</system.web>
</location>
</configuration>
Hope this helps.
Justin
"Onur Bozkurt" <onur.bozkurt@softhome.net> wrote in message
news:egfN7AfSDHA.2432@TK2MSFTNGP10.phx.gbl...> In my application I'm using forms authentication, but allowing all
> users.
> <authorization>
> <allow users="*" /> <!-- Allow all users -->
> </authorization>
>
> And I don't want anybody to access to a special folder. So in web.config
> I wrote:
>
> <location path="Data">
> <system.web>
> <authorization>
> <deny users="*" />
> </authorization>
> </system.web>
> </location>
>
>
> But Ýt doesn't work. I can access to .xml files in the directory. Can
> anyone see what is wrong...?
S. Justin Gengo Guest
-
bruce barker #3 Re: Access problem of a folder.
web.config access only applies to files mapped to asp.net. a web request to
an xml file is handled by iis only, so only iis security is used. you can
add .xml to asp.net mappings to get asp.net manage the security.
"Onur Bozkurt" <onur.bozkurt@softhome.net> wrote in message
news:egfN7AfSDHA.2432@TK2MSFTNGP10.phx.gbl...> In my application I'm using forms authentication, but allowing all
> users.
> <authorization>
> <allow users="*" /> <!-- Allow all users -->
> </authorization>
>
> And I don't want anybody to access to a special folder. So in web.config
> I wrote:
>
> <location path="Data">
> <system.web>
> <authorization>
> <deny users="*" />
> </authorization>
> </system.web>
> </location>
>
>
> But Ýt doesn't work. I can access to .xml files in the directory. Can
> anyone see what is wrong...?
bruce barker Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
