Professional Web Applications Themes

Web.config: <allow users="xxxx" /> Where does xxxx come from? - ASP.NET Security

I'm using Forms Authentication. When I authenticate a user from a database, I use the following line: FormsAuthentication.RedirectFromLoginPage(paramete rID.Value.ToString(),chkRemember.Checked); where parameterID.Value is the ouput parameter from my stored proc which is the primary key from the database of the user who logged in. That way, I always use that key continued...

  1. #1

    Default Web.config: <allow users="xxxx" /> Where does xxxx come from?

    I'm using Forms Authentication. When I authenticate a user from a database,
    I use the following line:
    FormsAuthentication.RedirectFromLoginPage(paramete rID.Value.ToString(),chkRemember.Checked);

    where parameterID.Value is the ouput parameter from my stored proc which is
    the primary key from the database of the user who logged in. That way, I
    always use that key when writing back to the database for various tasks
    (Page.User.Identity.Name). Is that the same value that gets evaluated in
    the web.config file authorization section to allow/deny users? For example,
    what user am I really looking for if I use <allow users="xxxx" /> in the
    web.config file? They login using email/password, but I write the
    authentication ticket using the primary key from the database.

    What I'm really wanting to do is use forms auth to secure one folder for
    only authenticated users. Anyone who is registered on my site and logs in
    can get to all files in that folder. Additionally, I'd like to have an
    administrative back-end for the site in another subfolder that will only all
    myself into. Am I forced to use roles to accomplish this or can I do this
    with simple web.config settings?

    Thanks in advance.
    sjl


    sjl Guest

  2. #2

    Default Re: Web.config: <allow users="xxxx" /> Where does xxxx come from?

    Just use:
    <deny users="?"/>

    Anyway... "XXXX" in <allow users=..."/> is the list of users that will
    be allowed access. It's the same as the first parameter in
    RedirectFromLoginPage(...) method.

    For your situation, you may like to do the following:

    <location path="dirName">
    <system.web>
    <authorization>
    <deny users="?"/> <!-- Denying anonymous users -->
    </authorization>
    <authentication mode="Forms">
    ....
    </authentication>
    </system.web>
    </location>



    --
    Cheers,
    Gaurav Vaish
    [url]http://www.mastergaurav.org[/url]
    [url]http://mastergaurav.blogspot.com[/url]
    --------------------------------

    MasterGaurav Guest

  3. #3

    Default Re: Web.config: <allow users="xxxx" /> Where does xxxx come from?

    Thanks Gaurav. Since I want to deny anonymous users AND all authenticated
    users other than myself for this Admin folder, wouldn't I also need to add
    <allow users="1" /> where my primary key ID from the database is 1? Or, do
    I need to deny ALL users (<deny users="*"/>) and only <allow users = "1" />?
    I'm pretty sure I've tried this, but couldn't determine why it wasn't only
    allowing my account access and not all others.

    I'll keep working on it. You've answered my question though regarding where
    the xxxx comes from in the allow/deny users statement for the web.config.

    Thanks,
    sjl


    "MasterGaurav" <gaurav.vaish@gmail.com> wrote in message
    news:1114493976.328298.251340@f14g2000cwb.googlegr oups.com...
    > Just use:
    > <deny users="?"/>
    >
    > Anyway... "XXXX" in <allow users=..."/> is the list of users that will
    > be allowed access. It's the same as the first parameter in
    > RedirectFromLoginPage(...) method.
    >
    > For your situation, you may like to do the following:
    >
    > <location path="dirName">
    > <system.web>
    > <authorization>
    > <deny users="?"/> <!-- Denying anonymous users -->
    > </authorization>
    > <authentication mode="Forms">
    > ....
    > </authentication>
    > </system.web>
    > </location>
    >
    >
    >
    > --
    > Cheers,
    > Gaurav Vaish
    > [url]http://www.mastergaurav.org[/url]
    > [url]http://mastergaurav.blogspot.com[/url]
    > --------------------------------
    >

    sjl Guest

  4. #4

    Default Re: Web.config: <allow users="xxxx" /> Where does xxxx come from?

    Ok.. then do:

    <allow users="comma, separated, list, of, id"/>
    <deny users="*"/>

    Allow first.
    Deny next.

    --
    Cheers,
    Gaurav Vaish
    [url]http://www.mastergaurav.org[/url]
    [url]http://mastergaurav.blogspot.com[/url]
    --------------------------------

    MasterGaurav Guest

Similar Threads

  1. Need to Format a zipcode into xxxxx-xxxx.
    By Jeff Thur in forum ASP.NET Data Grid Control
    Replies: 1
    Last Post: February 18th, 04:14 AM
  2. No PDF file was created because xxxx.doc does not exist
    By Phil Dornan in forum Adobe Acrobat Windows
    Replies: 2
    Last Post: May 12th, 02:01 PM
  3. if a number is say xx how to make it 20xx, but ignore if it is xxxx?
    By The Biscuit Eater in forum PHP Development
    Replies: 1
    Last Post: October 30th, 09:52 AM
  4. Replies: 2
    Last Post: September 8th, 11:40 PM
  5. aspnet_wp.exe (PID: xxxx) stopped unexpectedly.
    By Matt Sollars in forum ASP.NET General
    Replies: 2
    Last Post: August 5th, 02:17 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139