Location element in the Web.config file. Allow System Admin whole directory, allow others specific page

Ask a Question related to ASP.NET Security, Design and Development.

  1. Ryan Taylor #1

    Default Location element in the Web.config file. Allow System Admin whole directory, allow others specific page

    Hello.

    I am developing an ASP.net C# application using forms authentication. I have
    a directory ManageUsers and I want all pages in that directory to be
    accessed by the system administrator. But, there is one page,
    ChangePassword.aspx that any authenticated user should be able to access.

    How exactly does the location element assign permissions to directories and
    pages? I thought that permissions would be applied in the order that the
    location elements were defined in the web.config file. With the latest
    location element defining the permissions.

    The following is what I have attempted. But when the Change Password role is
    assigned to the user, he/she is able to view all pages in the ManageUsers
    directory and not just the ManageUsers/ChangePassword.aspx

    <location path="ManageUsers" allowOverride="false">
    <system.web>
    <authorization>
    <allow roles="System Administrator, Requesting Organization
    Administrator, Responding Organization Administrator" />
    <deny users="?" />
    </authorization>
    </system.web>
    </location>

    <location path="ManageUsers/ChangePassword.aspx" allowOverride="false">
    <system.web>
    <authorization>
    <allow roles="Change Password, System Administrator, Requesting
    Organization Administrator, Requesting Organization User, Responding
    Organization Administrator, Responding Organization User" />
    <deny users="?" />
    </authorization>
    </system.web>
    </location>


    Thanks in advance for any assistance.
    Ryan Taylor


    Ryan Taylor Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. How to limit access to admin subfolder using web.config file?
      For the 'admin' area, you should have something like the following i nthe authorisation section of your web.config:- <allow roles="AdminRole" />...
    2. How can the location roles be read from the web.config file?
      Security Experts, I have a config file such as this: <configuration> <system.web> <!--- other stuff goes here --> <authentication...
    3. Inserting PDF file into a specific location of a PDF file not in a new page
      Acrobat 6.0 has a function to concatenate multiple pdf files into a single one. I would like to use this feature but inserting pdf files at...
    4. how to use PHP to modify system config file?
      hi, I have a problem, I want to write a Web-based system administrator system, and my development environment is RedHat 9.0 + PHP 4.2.2 + Apache...
    5. location of system & local database directory in windows NT
      I would appreciate it if someone points me to the location of system and local database directory in a windows NT environment. Regards
  2. Ryan Taylor #2

    Default Re: Location element in the Web.config file. Allow System Admin whole directory, allow others specific page

    I found that part of my problem was that I was allowing all authenticated
    users access to the pages. So I replaced the '?' with a '*' and this solved
    the problem I also moved the ChangePassword.aspx file to its own location
    just to be thorough.

    Ryan Taylor


    Ryan Taylor Guest
    Reply With Quote Reply With Quote
  3. chandrabhan singh #3

    Default Re: Location element in the Web.config file. Allow System Admin whole directory, allo

    Hi,

    I have a wired scenario in one of my ASP.net application.

    I am using ASP.net membership with my custom "roleManager",

    and having below tag in web.config to restrict any user not having role of "Keywords"(roles) to access "Keywords"(path) folder

    <location path="Keywords">

    <system.web>

    <authorization>

    <allow roles="Keywords"/>

    <deny users="*" />

    </authorization>

    </system.web>

    </location>

    If any user with some other role allow to assess this URL (Keywords in this case) will be redirected to a custom- Access denied page.

    Now things working fine but when I left my application with a inactivity of 30 min I am not able to visit the "Keywords", all the time I end up with the custom- Access denied page, if I close the browser, login again it start working fine.

    Please help me in this case.

    Thanks in advance
    chandrabhan singh Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139