Ask a Question related to ASP.NET Security, Design and Development.
-
TK #1
Permission check for secured subfolders?
I'm building an ASP.NET application works in Forms Authentication mode with
custom user account database. And it shows clients a list of hyperlinks to
content pages located in some separated subfolders. This application and
content pages are entirely secured, so everyone must logon to the
application. The application pages and most of content pages are accessible
for every authenticated clients but some of content pages in some specific
subfolders are served for specific users and groups only. I'm using URL
authorization to achieve this. Everything works fine now.
Now what I'm attempting to do is, hide/remove hyperlinks to unacceptable
contents from the contents list page. To do this, I want to test client's
access right for every subfolders at server side Page_Load() function, so
that avoid client user's useless operation. I don't want to show clients the
access forbidden message any more.
How can I do it?
Help me please.
best regards,
TK
TK Guest
-
CFindex - How do you exclude subfolders?
Greetings How can I get verity to skip folders the in the path provided? Thanks -
Subfolders and security, please help!!
Hi, I'm having some terrible difficulty setting up security on sub-folders of my ASP.NET application. Here's essentially what is happening: ... -
permission error on unlink, but who has permission if not PHP?
I wrote some code that let me upload a file to my server. Then I wrote some code to let me delete the file. But when I try to delete, I get this... -
authentication and authorization in subfolders
Hello, I went through several posts and found out that it is only possible to have the authentication tag only at an app level but the... -
How to check writing permission?
how can i check my writing permissions with perl? im working on unix... THANKS:) -
David Coe, MCAD #2 RE: Permission check for secured subfolders?
It seems like there are a couple options to what you are trying to accomplish. You can either set up the relationships on the database side. IE, user A belongs to group A. Group A has links 1,2,3,4 associated with it. Get the group name associated with the user at login, then get the appropriate links. OR, you could hold a Session variable that checks the user group/link association, and only display the links associated with each group by showing and hiding panels.
"TK" wrote:
> I'm building an ASP.NET application works in Forms Authentication mode with
> custom user account database. And it shows clients a list of hyperlinks to
> content pages located in some separated subfolders. This application and
> content pages are entirely secured, so everyone must logon to the
> application. The application pages and most of content pages are accessible
> for every authenticated clients but some of content pages in some specific
> subfolders are served for specific users and groups only. I'm using URL
> authorization to achieve this. Everything works fine now.
>
> Now what I'm attempting to do is, hide/remove hyperlinks to unacceptable
> contents from the contents list page. To do this, I want to test client's
> access right for every subfolders at server side Page_Load() function, so
> that avoid client user's useless operation. I don't want to show clients the
> access forbidden message any more.
>
> How can I do it?
> Help me please.
>
> best regards,
> TK
>
>David Coe, MCAD Guest
-
TK #3 Re: Permission check for secured subfolders?
Thank you David.
I agree with your advise, but it seems not be a smart solution because I
have to implement access controlling functionality by myself moreover we
have the URL authorization mechanizm built in ASP.NET. I'm looking for a way
to easily and quickly test the URL authorization settings in each subfolders
for each clients/groups at server side.
Any idea?
TK
<David Coe>; "MCAD" <DavidCoeMCAD@discussions.microsoft.com> wrote in
message news:CB258090-A66D-4E16-A666-6AD29F4D99BE@microsoft.com...accomplish. You can either set up the relationships on the database side.> It seems like there are a couple options to what you are trying to
IE, user A belongs to group A. Group A has links 1,2,3,4 associated with
it. Get the group name associated with the user at login, then get the
appropriate links. OR, you could hold a Session variable that checks the
user group/link association, and only display the links associated with each
group by showing and hiding panels.with>
> "TK" wrote:
>> > I'm building an ASP.NET application works in Forms Authentication modeto> > custom user account database. And it shows clients a list of hyperlinksaccessible> > content pages located in some separated subfolders. This application and
> > content pages are entirely secured, so everyone must logon to the
> > application. The application pages and most of content pages arespecific> > for every authenticated clients but some of content pages in someclient's> > subfolders are served for specific users and groups only. I'm using URL
> > authorization to achieve this. Everything works fine now.
> >
> > Now what I'm attempting to do is, hide/remove hyperlinks to unacceptable
> > contents from the contents list page. To do this, I want to testso> > access right for every subfolders at server side Page_Load() function,the> > that avoid client user's useless operation. I don't want to show clients> > access forbidden message any more.
> >
> > How can I do it?
> > Help me please.
> >
> > best regards,
> > TK
> >
> >TK Guest
-
Andy Mortimer [MS] #4 Re: Permission check for secured subfolders?
It's the UrlAuthorizationModule which will be able to build up the groups
and users which can access a particular folder. Unfortunately there isn't
any API presented by it. The only way I can think of at present is to built
up a webrequest and try and hit the various sub folders. However I'v been
trying to implement something along these lines myself, but haven't had any
success as yet.
Andy Mortimer [MS] Guest
-
TK #5 Re: Permission check for secured subfolders?
Thank you very much Andy.
You gave me an important fact that there isn't any APIs match to my
requirement.
I'll consider if it will be a worth effort to implementing all by myself.
thanks again,
TK
TK Guest
-
Andy Mortimer [MS] #6 Re: Permission check for secured subfolders?
Ok, we seem to have worked it out. Aparrently, the word is, you should be
restricting your url's in your top level web.config using the <location>
element structure .
Then you need to create a Role for each subfolder, FolderA FolderB etc.
Then you use that role in the web.config to allow access. (then you never
touch that part again).
To allow people access to the folder, you then just add them to the
appropriate role.
To then dynamically test for access to folders you use IsInRole. Now
normally that would just check for membership of the role i.e. if UserA is
in FolderB role, so we override the IsInRole and have something like:-
public override bool IsInRole(string Role)
{
switch(Role)
{
Case "FolderA":
return test for folder
permissions
Break;
Case "FolderB":
return test for folder
permissions
Break;
Default:
Return base.IsInRole(Role)
Break;
}
}
Now the bit above where it says test for folder permissions, should be
implemented by creating your own section handler using the provided
framework classes, to read the auth section of your web.config file
(because our auth is now in our top level web.config.)
So, the roles are put in web.config, and the above switch is written, then
that code never changes (unless you add further folders and roles). To
add/remove people access to folders, you just add/remove them to
appropriate role and thejob is done.
Hope that helps.
Andy
Andy Mortimer [MS] Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
