Controlling user access using "allow" "deny"

I have a web form application for deployment on Windows 2000 Server.  I wish to limit access to the web site to a certain group of users, all having accounts on the server.  The authentication mode is "Windows", impersonate ="true"...  From my reading, this seems the perfect situation to use "roles=" within the authentication block.  I must admit, however, that I am not a server admin guru.  What is a "role" in terms of 2000 server?  What sort of group, organizational unit, etc. would be created on the server to act as a "role"?  Any light shed would be appreciated.   

-PS  I'm a little puzzled by behaviour of sign-on when using "users=" in the authorization block. For instance, assume a user account named "chefter" on the server ...  in the block I put <allow users="chefter" /> then <deny users="*" />  The purpose is to only allow "chefter" to access the site.  I would have thought that if someone logged on to the server via a client computer as "chefter" then they would be able to navigate freely to the web site with IE.  To my surprise, there is instead a pop-up dialog box to gather the user name and password before allowing access.  Is this normal?  Why, if we are using Windows authentication, must we log in twice?
0
jaybousquet
8/18/2005 4:38:57 PM
asp.net.security 27051 articles. 1 followers. Follow

1 Replies
928 Views

Similar Articles

[PageSpeed] 0

I solved this one myself (with some help from a textbook)...  The only practical documentation on this question I found in Chapter 8 of Developing Web Applications by Jeff Web.  The authentication mode "Windows" is correct - but since I wish the web app to access the sql database using the built-in ASPNET user account, I removed the impersonation statement.  Quoting Webb - on the server "roles map to names used to identify user groups".  In my case I created a group named "Teachers".  Then in the web.config file you would enter 

<authorization>
   <allow roles="OR\Teachers" />
   <deny users="*" />
</authorization>

Note that in the second line you must include the domain name of the server, in my case "OR".

As for the pop-up dialog - that occurs only when running the project remotely (internet or intranet).  When in the development enviroment (localhost) it does not appear.  Hope this helps someone.
0
jaybousquet
8/19/2005 6:18:41 PM
Reply:

Similar Artilces:

"Using" or "With"
Hi all Please can someone enlighten to me as regards the difference with the "Using" and "With" statement when accessing data - which is better, what are the limitations and/or any pointers. Many thanks. Regards DaveDavid WinchesterPlease mark as answer if this is the solution.  using gives you the ability to use the connection and it closes the connection directlly after you finish using it. and there is no need to try- cach - finaly. there is no limitation on using USING keywordMuhanad YOUNISMCSD.NETMy Blog || My Photos || LinkedIn I have a dataobject the re...

Using "+" or "||"
Using SQLAnywhere 5.5.04, I've gotten into the habit of using "||" in ISQL to indicate a string concatenation. I needed to paste my SQL statement into the PowerBuilder script painter for some embedded SQL, and PB didn't like the "||" very much at all. I changed it to "+" and it seems to be ok. Do these two operators indicate ~exactly~ the same thing? moin, afaik these two's are not the same! if you're using "||" and any term is NULL then in the resultstring the term will be ignored if you use "+" then the resu...

.ALLCOL("%COLUMN%", " ", ", ", ", ")
Do you know anyway for me to exclude a subset of columns returned by this function. We have two columns (rec_user and rec_datetime) which are in all of our tables, but when generating triggers I want automatically generate a script which does not include those two columns but does include all other columns in that table. Bruce I should add that I am using PD 9.0.0.580. Bruce "Bruce Lamb" <lamb.bruce@mayo.edu> wrote in message news:6HgI315nCHA.155@forums.sybase.com... > Do you know anyway for me to exclude a subset of columns returned by this > function. ...

Precedence of "where" ("of", "is", "will")?
Nobody on #perl6 today could answer this one. Is: Str | Int where { $_ } the same as: (Str | Int) where { $_ } or: Str | (Int where { $_ }) ? Followup questions, Mr. President: What kind of operators are "where", "of", "is", and "will"? Is there a reason that S03 doesn't list them? What are their precedence(s)? -- Chip Salzenberg - a.k.a. - <chip@pobox.com> Open Source is not an excuse to write fun code then leave the actual work to others. Chip Salzenberg writes: &...

"access to path"...."is denied"
I have a program that opens a csv file and copies all records to a database.  its working fine in development system but when i deploy this to the live system and if i try to copy a csv file on my machine i am getting an error "access to path"..<tempfile.txt> .."is denied.  I am creating a temporary file on the live server and then changing data and then copying records from the temp file to the live databaseThe problem is that the program cannot access the temp file.  Is there a way to change security access rights of the temp file programmatically so tha...

quotes, quotes, quotes...
I am getting this error and I know what is causing it, but I have no idea how to fix it, any help would be great. The script steps through the /var/log/messages file on a linux server and puts The entries into a mysql database. However when it gets to the 'hlt' line in the messages file it just barfs. The single quotes are freaking it out. I know about quotes but not how to use in this situation. Thanks, Paul Error: May 27 17:53:00 localhost kernel: Checking 'hlt' instruction... OK. <----- doesn't like this in the messages file DBD::mysql::st exec...

How to automatically send denied users to "access denied" page, instead of a login prompt only then to be sent to "access denied" page
Hello: My security works fine except for one small annoyance.  This is an intranet site only and are using Windows (AD) authentication with Anonymous turned off.  The 'good' users get right in, with no prompts.  This is good.  However, the 'bad' (denied) users get a prompt to enter their credentials only to be denied.  I would like to eliminate the need for them to even try and enter credentials and send them directly to an "access denied" page (no prompts).  It only wastes their time and aggrevates them. Thoughts? Tha...

"-" not "_"
I wrote a SQL statement in the data tab. I wrote a bunch of alaises as example ' word-type ' but when I hit the layout tab it converts the "-" to "_". So now my field name is ' word_type '. Is there any way to prevent this? CardGunner Don' use a hypen ( - ).  It isn't a valid character for column names.   See http://searchsqlserver.techtarget.com/expert/KnowledgebaseAnswer/0,289625,sid87_gci1188931,00.html   Here's an excerpt about column names: Letters as defined in the Unicode Standard 2.0 Decimal numbers from either B...

Replacing "\\" with "\"
Hi all I'm getting this value from a CheckBoxList control - a location of file, i have to remove "\\" and replace it with "\" and pass it to Query, how to do it, i tried with Replace, but coud'nt suceed. "\\\\Blaze10xp\\BLZ_SFS_07\\Sample Excel Files\\Excel Files\\report2.xls" thank's in advance - Prakash.C you tried Replace like this? string newstring = oldstring.Replace(@"\\",@"\");Plese, do not forget to click "Mark as Answer" on the post that helped you. Thanx!My blog: Scenes From A Developer Memory yes i tr...

Dynamically adding "Child" User Controls to "Parent" User Control
Hello group..Need some advice/help with some issue...Am having trouble dealing with nested user controls that i will be having. My business need is as follows...Need to display a Page Header , data Grid(for some details) and Page footer...And the grid will display only a set of data. If i have more data, the parent page should have another set of Page Header, data Grid and Page Footer. So, this is how it looks like***************************Page HeaderGridPage Footer--------Page Break---------Page HeaderGridPage Footer--------Page Break---------Page HeaderGridPage Footer--------Page Break---...

double quote
hello there...  i tried everything of think but not working the way i wanted to be... not sure what i'm missing...i'm generating a <span> in code behind and then using in javascript.... here is what i'm doing code behind: int i=0string _keywordID = "keyword";string _name = row["visit_info_nm"].ToString().Trim(); String _getElementByID = String.Format("<span id='{0}' OnClick = \"document.getElementById('{1}').value='{2}';\">{3}</span><br>", i, _keywordID, _name, _name); here is what it generate : <span id='1' OnClick = \"document.getElementById('keyword')...

replace the "." with a ","
Oi.... I need to build a small programm in ASP.NET and chose to use C# for it.Now i got everything working but there's one little problem.the first textbox is a double. I need to make it so that when someone enters a "." then it gets replaced by a ","any ideas?Ghan  string blah = "4.2.2.2";blah = blah.Replace(".", ",");Ryan Ryan OlshanASPInsider | Microsoft MVP, ASP.NEThttp://ryanolshan.comHow to ask a question...

"Me" is better than "You"
Yes I know, strings are frozen. But let me talk about it, I really can't get through the idea of a PC talkin to me. I consider my PC as an extension of myself, not a dumb companion who addresses Me as You. Yes there are times when I get angry with Him while I work and get wrong calculations etc.., but it really is my fault, Me using wrong istructions and eventually wanting to find someone else to blame, but it's Me. And yes, I consider Thunderbird my mail program, reading my mail on my PC as Me. So I personally like to have Me in the header bar as a compact address ...

"To" and "From" missing
When I print emails, the words "To" and "From" are blank, even though the "To" name and "From name (addresser, addressee) do show up. This is not a problem for other users on my system. Suggestions In mailbox right click, view. On the message window, right click and choose print options. Make sure print header is checked. -- Barry Merchant NSC Volunteer SysOp *** no email unless requested please!! *** > In mailbox right click, view. On the message window, right click and > choose print options. Make sure prin...

Web resources about - Controlling user access using "allow" "deny" - asp.net.security

Resources last updated: 2/3/2016 11:24:37 PM