Role based security based on Windows authentication
Hello there, A newbie question here.. I am trying to build an application using role-based security (ie. it would let in only selected users) and I am using Wingdows Authentication as a security model. The problem is that no matter what I do I cannot restrict usage only to specific users. It works on the all or none basis. Ie no matter what I set in the web.config file, it does not effect the security, except setting <deny users="*"/> blocks access altogether..Currently I have the following settings set in the web.config file with no other settings/code set anywhere &nb...No roles found... but roles-based security works anyway!!!????
I wrote a ASP.NET 2.0 application using the Membership framework for
security (roles and users). For debugging purposes I wrote some code in
the index.aspx page to simply write out a list of all the roles that
exist, using the good old Response.Write() method. I then published the
site to my domain. However, the behavior of the index page is dependent
on the running environment as follows:
IN VS 2005 ACCESSING LOCAL SQLSERVER: Runs great, all roles listed.
IN VS 2005 ACCESSING REMOTE (i.e. "LIVE") SQLSERVER: Runs great, all roles listed.
IN A WEB BROWSER VIEWING THE PUBLI...Forms Security for Role base security. Nirdesh Puri
Hi,I am using IBuySpy portal framwork and using Role based security. But I got some security problem in this type of security.Can you solve my problem.Role base security: Role is based on Task Group and Task Group based on Task and Task based on pages url.Create Two different roles: A and BCreate one user User1User1 assign role Aif User1 login on site and get the menu of Role A. But any how he get the url of Role B page. How we prevent Role B pages from this user.Warm Regards,Nirdesh Puri...Login with form based authentication and roles based security
I've develop Sign In pages apply Forms Authentication and Roles Based Security. It means, 1 user can have many roles (HttpContext.Current.User = New GenericPrincipal(fi, astrRoles)). Let's say User ID: sr102, then it roles is Sales, Marketing and Logistic.
Im using User.IsInRole("Sales") to control the applications modules. My application like as follow
1. After login success, application show all the application modules such as Logistic, Sales, Marketing, IT, Human Resource and Warehouse.
From user id, application will know the roles assigned.
How to enable and di...Dynamically modify page role permissions in Role Based Security
Is it possible to configure page role access within a WebForm.
Suppose I have the following section in my web.config:
Is it possible to provide a user interface/webform that allows an "administrator" a person to change t...User based Security instead of Role based (The most common unanswered problem)
To check whether the user has permission to view some personal data, i need query by the UserId.Page.User only has UserName property.Solution used in TimeTracker starterkit:
Create stored procs that take UserName as parameter and always use a select statement to lookup the userid.
Create a custom iprincipal object and store the userid in it during login.I read posts that suggest this is an ASP.NET 1.1 method but no one suggested what is the correct design for ASP.NET 2.0. Does this require event handling on the login control?
So whats the best practice f...role base security
If I use Widows Integrated security, how can I assign permission to view certain pages based on the group you belong to in active directory? So that if a user from group "a" logs on and click on a link in the menubar a chack will be don to see if he has access to the page, if so, then loads the page. Where can I find information on this?
Some background information is available in:
"Building Secure ASP.NET Applications"
http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp?frame=trueIf my post is your answer, please mark it as the...Roles-Based Security
Can anybody have any idea abt the Roles-Based Security
Roles-based security enables personalised presentation of portal content. Security roles assigned to each user determine the type of access they have to services and information on the portal. The portal administrator can create as many security roles as required (e.g. reseller, employee, customer, sales, management, VIP, shareholder etc). Each page and module site can be set to allow the various roles to view, edit, delete or administer etc. its content. Once the user has logged in, only the content th...Role-Based Security
Is there a good article that explains in details how the Role-Based is implemented in asp.net. I don't need code, I just want to understand when and where are the different objcets created.
for example, once user is authenticated what happens ? When is the GenericPrinciple object created ? When will the Identity be available. By the way, is there a difference between the Identtiy & the userId that the user was given upon the user creation ?
Check this article http://aspnet.4guysfromrolla.com/articles/082703-1.aspx
It provides the explanation you re...Role based Security
I would be interested in role based security for the following scenario:
In an NT envrionment I want to rely on integrated login based on group
membership. When user_X runs App1, App2, App3 ...or AppN, I want the user
to have the minimum set of permissions necessary for each application to
I don't see that this is possible in the current product. The best that I
can do is map the NT group to a Db login that has the maximum set of
permissions that will allow App1, App2...or AppN to function.
Posted to the wrong group.
"Scott Holman" <sh...Roles based Security
I have read all the postings and the MS documentation on the subject and my head is spinning. Actually I am frustated at the lack of a good "how to" explanation in micorsoft documentation. It seems that documenation falls between two extremes: explanation of the whole world to showing a few lines of code completely out of context.
I have forms authentication working great. I store the roles in a SQL database. Here is the example used in . .
HOW TO: Implement Role-Based Security with Forms-Based Authentication in Your ASP.NET Application by Using Visual Basic .NET