configuring web.config to restrict certain users t

Results 1 to 2 of 2

Thread: configuring web.config to restrict certain users t

  1. #1
    Join Date
    Dec 1969

    Default configuring web.config to restrict certain users t

    for web.config,how do i narrow down the access to certain fiels to certain users?<BR>i.e. in classic asp,i would use something like<BR>if session("securitylevel")="1" then the person can see certain files<BR>else the person can only see certain files

  2. #2
    Join Date
    Dec 1969

    Default RE: configuring web.config to restrict certain use

    Actually is just brilliant for this type of security. I havent actually done this yet but I read something ( here at 4 guys ) that pretty much explains everything. basically you add a tag like this. Syntax isnt exactly right. But Ill give you a link to the full article that explains how to do this.<BR><BR>&#060;allow groups="Administrators" /&#062;<BR>&#060;deny users="*" /&#062;<BR><BR>That says only groups of administrators have access and deny all users. * means all. ? means anonymous or unauthenticated. So how do you know whos who? Well you have to assign roles to a user when he logs on. In global.asax there is an event... <BR><BR><BR>Sub Application_AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)<BR> If Request.IsAuthenticated() Then<BR> &#039; create an array of roles for the current user<BR> &#039; these would most likely be dynamically read<BR> &#039; from the data store for each user.<BR> Dim arrRoles() As String = {"Manager", "Cleaner"}<BR> <BR> &#039; Add our Principal to the current context<BR> Thread.CurrentPrincipal = New GenericPrincipal(Context.User.Identity, arrRoles)<BR> End If<BR>End Sub<BR><BR><BR>Here you assign your roles to the user. From a db or where ever. Only happens when they login. Its brilliant. Anyways check out this article. <BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts