Why must I give Authenticated Users rights to an aspx page to enable users to access it?

I am trying set up security on my application before deployment and I am having issues controlling acces to some pages. I'm using  Windows authentication and Active Directory roles and I have security trimming enabled. I have a folder called Quality Control and there are 4 aspx pages within. I have given Authenticated Users the rights they need to see and open 3 of the 4 pages in the Quality Control folder. I remove Authenticated Users from one page (QcOnly.aspx) that I only want members of the Quality Control role to have access to and I gave the Quality Control role permissions to that one file. When a user who is a member of the Quality Control role clicks on the link to QcOnly.aspx, they get an access denied error after being prompted 3 times with a Windows login box. If I give Authenticated Users the rights to the file, it opens, but then I can't block them from accessing it.

Do Authenticated Users have to have rights to every file in my app?

 

0
AkAlan
2/26/2009 7:17:54 PM
asp.net.security 27051 articles. 1 followers. Follow

1 Replies
657 Views

Similar Articles

[PageSpeed] 8

I found the solution to this problem. I did not give the Network Service account any rights to anything. See this article for a better explanation than I could give. http://support.microsoft.com/kb/317955

0
AkAlan
2/27/2009 8:31:17 PM
Reply:

Similar Artilces:

Authenticated users not getting access to secured pages????? What can I do?
Ok I have a simple login page using the login control. Once the user's name and password is found it should take them to main.aspx page. Only authorized users can access teh main.aspx page. Heres teh code for that:Protected Sub Login1_Authenticate(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.AuthenticateEventArgs) Handles Login1.Authenticate        Dim Authenticated As Boolean = False        Authenticated = Authenticate(Login1.UserName, hashPwrd())        e.Authen...

User must be in two roles to access page (forms authentication)
Hi-- I have a situation where a user must be a member of two roles to access a page or directory. My initial idea was to set web.config up like this: <allow roles="ADMINISTRATOR&amp;BEANCOUNTER" /> and write a custom role provider where I split ot the roles and check each in IsUserInRole().  However, when I access the page, GetRolesForUser() gets called. I could return all possible combinations from GetRolesForUser(), but the list would be quite extensive with even three roles, especially when you consider all possible orderings. So, my question is:&nb...

Accessing User.ProviderUserKey through Page.User
I'm currently using the standard SqlMembershipProvider that ships with ASP.NET.  I have used the aspnet_regsql tool to add the membership tables to my database.  I would like to access User.ProviderUserKey on my pages and I'm wondering what the best way of doing this is. Let me explain... Most tables in my database have a UserId (uniqueidentifier) column that stores the UserId of the user who contributed each row into the table.  In my pages that provide insert functionality I would like to just call the Insert method passing a reference to either my user or just the u...

Issue when trying to give access to a form to a user with less access rights.
Hello I am currently using the ASP.NET 2.0 in built feature provided for authentication and authorization, Membership & Roles. The authenticate mode I have set to Froms in Web.config as shown below: <authentication mode="Forms" />  I have given access rights to the user accounts created for accessing the website say a User “ Admin” has the Admin role so that user is authorized to access all the Web forms in the website. There is another user “Visitor” has Visitor role only very little access over the Web forms in the website. There is a user created “Regular...

Redirect to certain page when authenticated users are not allowed access to a restricted page
I have this code that denies all unauthenticated users to the site. Once logged in I only want to allow BOB access to mypage.axd. When an authenticated user tries to access mypage.axd they get sent back to the login page. They are already logged in they are just not allowed access to that certain page so can I do a redirect to somewhere else apart from the login page?   <authentication mode="Forms"> <forms path="/" loginUrl="/login.aspx" protection="All" requireSSL="false"/> </authentication> <authoriz...

Dynamically give Fullcontrol Rights to ASPNET user but give Access denided error
Hi All I am new in Web setup project. I created Web setup and it works fine. But in my websetup I try to give FullControl on One Folder for ASPNET User. It add that user but it won't give Full Control Rights. means when right click on that folder --> Property --> Security tab --> select ASPNET User. then All the Allow checkbox is not checked.  Here is the code which i used  Please tell me what's wrong ? // Get the local computer host name. String domainName = Dns.GetHostName(); string path = webAppPath +&q...

How do you ensure that user is authenticated as a user when they checkout from the order page?
Hi, I'm currently working on a on a E-commerce website and I'm working on the Checkout page. What code do i need to put in web.config to ensure that the user is a authenticated user of the website? I would like to redirect the user back to the log in page if they are not logged in or they are not a member of the website. What should i do to be able to do that? Thanks. <location path="Checkout.aspx"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> Please mark this post as the answer if it suits y...

RSA Secure ID enabled website along with role based access to the RSA Secure ID Users
Hello All, I am trying to implement RSA Security to my intranet website. I want to access the 'RSA Secure ID User Name'  and 'Password(Passcode here if possible)' in my application to set the roles of the user in the website. I want the RSA Secure ID user as my website user if it is registered into my database only. It means 'RSA access' and 'allocating the page access rights' to the user is totally depends upon the 'secure Id user' . I have to retrieve this information from RSA server and use it into my applic...

accessing a dynamically loaded child's page user controls(ascx) from a parent page(aspx)
hi all,i've search the forums and i still can't get it to work.ok here goes...i've created a dropdownlist in the parent(aspx) page, this dropdown will post-back on and load a different child(ascx) page onto a Placeholder each time the user chooses a different selection in the dropdownlist.in the child(ascx) page, say i have a textbox. in the parent(aspx) page, i have a submit button.the placeholder loads accordingly to the dropdownlist's selection, so that is ok.so now the problem is, how do i capture the text in the textbox inside the child(ascx) page from the parent(aspx) p...

Page denies authenticated users access
Hi. i have two asp.net pages that are suppose to allow access to only those users who are authenticated. In the page load method of the two pages i use the following code to check if the user's cookie exist. HttpCookie newCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if(newCookie != null)....  The problem is that even when the users are authenticated, they are redirected to the login page. I have a web config in the subdirectory where this pages are located. the web config has the following: <authorization> <deny users="?" /> <...

Combining non-authenticated users with authenticated users
Hi!I'm busy with "upgrading" my ASP-website's to asp.Net-website's.I've done a lot of tutorials on the net, but I still have a question. All the tutorials are about securing a whole directory (I need to use forms authentication). This means, a user is logged in and can access all files in the secured directory. When the user is not logged in, he will be forwarded to the login-page.My question is about the technique used, for example, by forums. A user that is not logged in, can read the page. But a user that is logged in, can read the page also, but has also the rights to post messages....

How to access one user control from another user control on same page
hi,I have two usercontrol on same page. 1.ascx and 2.ascx on abc.aspx . Now I need to access dropdown on 1.ascx frm 2.ascx . Plz help me how can i do this?I have tried Page.findcontrol but as a user control inherits usercontrol class and not page class . its not giving reference to proeprty Page.Findcontrol. I can do page.findcontrol on aspx page but I need to do it on ascx only.plz helpregards,max   Hi Max, you have to expose your DropDownList as a public property which lays inside usercontrol 1. Example: 1 class MyUserControl1 : UserControl 2 { 3 4 p...

How to forbid to the user to change access rights to its box of PROXY-users?
How to forbid to the user to change access rights to its box of PROXY-users? Serg Serg, you can't. Uwe -- Novell Support Connection Volunteer SysOp Please don't send me support related e-mail unless I ask you to do so. ...

Accessing ASPX page from an User Control
Hello, I just started to use VS2008 express. I have an APSX page called register.aspx.I add to it, dynamically, an ASCX page called register1.ascx. When I try to call the ASPX page from within the ASCX page, it just doesn't work.I'm trying to use a very simple code: Dim objParent As register.aspx and I get the register.aspx marked in blue-error.  How can I call an ASPX from within an ASCX page??? Thank youBest regards,Ofek Cohanyhttp://www.scopek.com Use the Page property of the user control to reference the parent page.Mark replies as answers if they helped...

Web resources about - Why must I give Authenticated Users rights to an aspx page to enable users to access it? - asp.net.security

Authenticated encryption - Wikipedia, the free encyclopedia
Authenticated Encryption ( AE ) or Authenticated Encryption with Associated Data ( AEAD ) is a block cipher mode of operation which simultaneously ...

Google Spam Report (Authenticated) - Flickr - Photo Sharing!
When you are logged into Google Webmaster Central, you can report any site that is spamming the SERPs through this tool. Post at Does Google ...

Authenticated electricity: Sony power outlets will charge you for charging
Sony is building a new kind of power outlet that raises a not entirely pleasant prospect—in the future, plugging a phone into a public wall socket ...

MLB Authenticated Game-Used Base Bar Stool
Like. From The Green Head: "If you love America's favorite pastime, now you can sit on an actual piece of it. These unique collectible bar stools ...

C-SPAN Moving to Authenticated TV Ch. Streaming
C-SPAN is launching a beta test of its migration of live online feeds of its TV channels—C-SPAN 1,2,3—to an authentication model starting Monday, ...

FDA "Corruption" Letter Authenticated: Lawyers, Start Your Engines!
The FDA's official recognition of the letter means that lawyers who want to use it to demonstrate that the FDA isn't perfect won't have to go ...

Buddy Rich's Authenticated and Complete 1960s Zildjian Cymbal Set Available on eBay for $29,995
Buddy Rich's complete 1960s Zildjian cymbal set is available for purchase on eBay. In the massive world of the Internet, anything is apparently ...

FileVault's authenticated restart has hardware requirements
If you use FileVault and wish to restart remotely, you can do so with the 'fdesetup' command; however, this does have some hardware limitations. ...

BREAKING: Michael Brown Audio Aired By CNN Authenticated
Video messaging service Glide has confirmed to the Washington Post the exact time and date the audio recording with gunshot sounds on it was ...

Sheriff: Brenham vet can't be charged with killing cat unless Facebook photo is authenticated
As a team investigated the image, the clinic where Kristen Lindsey worked said Friday that she'd been fired and condemned her post "in the strongest ...

Resources last updated: 1/5/2016 7:37:17 AM