Ask a Question related to ASP.NET Security, Design and Development.
-
Brian Doyle #1
Problem using Allow Roles
Dear All,
I have an application secured using the following in the web.config file...
<authorization>
<deny users = "?" />
<allow roles = "role1, role2, role3 etc. " /> (up to 8 different roles)
<deny users = "*" />
</authorization>
This works fine for new users I create and assign to these roles (AD
security groups) but not for any existing users who I have added the roles
to. The existing users have 20 or more pre-existing roles each whereas the
new users work fine until I get to 8 or 9 roles when they too start to fail
authentication! (Error 401.2 is generated in all cases).
I have looked into the possibility of this being a problem with the size of
the Kerebos token and applied a number of fixes that would correct that,
though these seemed to be targetted at users with 200+ roles. None of these
fixes has worked. W2K is now at SP4 on .NET 1.1.
Has anyone seen this type of behaviour or got any thoughts on how to resolve
this issue.
Many thanks,
Brian Doyle
Wellington, New Zealand
Brian Doyle Guest
-
problem with checking domain roles
Hello! I have a problem with web.config's <allow roles>. Everything works fine on my development machine, but when I deploy my application into... -
Roles in encrypted cookie, security problem?
Hi, I was just looking over a few samples of role based security in combination with forms based authentication. The samples I find seem to store... -
FormsAuthentication Roles Problem
I want to use FormsAuthentication and allow access based on role. I have a /Admin directory on the web app, and want to allow role "admin", but... -
WindowsPrincipal.IsInRole() problem with non-builtin roles
Can't get WindowsPrincipal.IsInRole() to work for me when using Windows Authentication. Here's a snippit of code from my C# codebehind page: ... -
Roles Based Security and Server.Transfer Problem
Hi All, I'm looking into a Security solution using ASP.NET and C# for an Enterprise level application. I would like to implement Role based... -
Tom Vande Stouwe MCSD.net #2 Re: Problem using Allow Roles
I SUSPECT that one of the existing groups has a DISALLOW property for some
part of the application. That will block you even if you give ALLOW
permission in another group. Add the existing groups one at a time to a user
and watch for the failure. Then look at the security of that group and the
problem should show it's ugly head ;)
Tom
--
==========================================
= Tom Vande Stouwe MCSD.net, MCAD.net, MCP
= 45Wallstreet.com ([url]www.45wallstreet.com[/url])
= (803)-345-5001
==========================================
= If you are not making any mistakes
..= ..you are not trying hard enough.
==========================================
This is the spam catching address: [email]gotcha@conpro.net[/email] do not use this address
or you will be blocked at the server ;)
"Brian Doyle" <brian.doyle@xacta.co.nz> wrote in message
news:uKBQ3KadDHA.3448@TK2MSFTNGP11.phx.gbl...file...> Dear All,
>
> I have an application secured using the following in the web.configfail>
> <authorization>
> <deny users = "?" />
> <allow roles = "role1, role2, role3 etc. " /> (up to 8 different roles)
> <deny users = "*" />
> </authorization>
>
> This works fine for new users I create and assign to these roles (AD
> security groups) but not for any existing users who I have added the roles
> to. The existing users have 20 or more pre-existing roles each whereas the
> new users work fine until I get to 8 or 9 roles when they too start toof> authentication! (Error 401.2 is generated in all cases).
>
> I have looked into the possibility of this being a problem with the sizethese> the Kerebos token and applied a number of fixes that would correct that,
> though these seemed to be targetted at users with 200+ roles. None ofresolve> fixes has worked. W2K is now at SP4 on .NET 1.1.
>
> Has anyone seen this type of behaviour or got any thoughts on how to> this issue.
>
> Many thanks,
>
> Brian Doyle
> Wellington, New Zealand
>
>
Tom Vande Stouwe MCSD.net Guest
-
Brian Doyle #3 Re: Problem using Allow Roles RESOLUTION
An interesting resolution to the issues described below.
The application in was actually .NET 1.0 and not 1.1 as I mistakenly put in
my original post.
To correct the problem I had to install .NET 1.1 on the same server.
Apparantley the two versions are not as independent as the documentation
would lead you to believe! The root cause has yet to be identified but that
task is now relegated to the "to be done sometime" pile.
Thanks
Brian Doyle
"Brian Doyle" <brian.doyle@xacta.co.nz> wrote in message
news:uKBQ3KadDHA.3448@TK2MSFTNGP11.phx.gbl...file...> Dear All,
>
> I have an application secured using the following in the web.configfail>
> <authorization>
> <deny users = "?" />
> <allow roles = "role1, role2, role3 etc. " /> (up to 8 different roles)
> <deny users = "*" />
> </authorization>
>
> This works fine for new users I create and assign to these roles (AD
> security groups) but not for any existing users who I have added the roles
> to. The existing users have 20 or more pre-existing roles each whereas the
> new users work fine until I get to 8 or 9 roles when they too start toof> authentication! (Error 401.2 is generated in all cases).
>
> I have looked into the possibility of this being a problem with the sizethese> the Kerebos token and applied a number of fixes that would correct that,
> though these seemed to be targetted at users with 200+ roles. None ofresolve> fixes has worked. W2K is now at SP4 on .NET 1.1.
>
> Has anyone seen this type of behaviour or got any thoughts on how to> this issue.
>
> Many thanks,
>
> Brian Doyle
> Wellington, New Zealand
>
>
Brian Doyle Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
