ARTICLE

Manage Authorization using config file

Posted by Suri meenakshi Sundaram Articles | ASP.NET Programming November 09, 2010
Tags: ASP.NET restrict user directory, ASP.NET restrict user page, ASP.NET restrict user page or directory, Authorization using config file, Manage Authorization using config file, Configure Membership provider in Config file.
How to restrict users to access a particular page or directory
Reader Level:

Here I will explain how to restrict users to access a particular page or directory.

In the real time, I want to restrict some pages and specific directory, now will see how we add location tag inside web.config file and restricting access.

<configuration>
<!-- inside the  Configuration tag you can add location Tag as shown below:w
Location tag have two attributes "path" and "allowOverride" -->

Path is used to give a path of the specific page or physical directory. Using the location element with an allowOverride = "false" attributes locks the entire configuration, similarly you can lock individual elements and attributes (refer to Image 2).
   
1.gif

In the allow tag having eight attributes is as shown below

2.gif

Image 2
 
But mainly three attributes are used often.

users: A comma-separated list of user names that are allowed access to the resource. A question mark (?) indicates that anonymous users are granted access to the resource. An asterisk (*) indicates that all users are granted access to the resource.

roles: A comma-separated list of roles that are granted access to the resource.

verbs:  A comma-separated list of HTTP transmission methods that are granted access to the resource. Verbs that are registered to ASP.NET are GET, HEAD, POST, and DEBUG.

Example 1:

I want to restrict particular page, it will be available only to specific users like user1 & user2

For the above scenario use the following snippet in the web.config

<configuration>
<!—In this path you can give either give Directory or specific page name -->
          <location path="_layouts/abc/testpage.aspx" >
                   <system.web>
                             <authorization >
                             <!-- Added the users which you want to give a access -->
                                      <allow  users="user1,user2"/>
                             <!-- denies access to all users except user1 and user 2 -->
                                      <deny users="?"/>
                             </authorization>
                   </system.web>
          </location>
</configuration>

Result: testpage.aspx is able to access only by user1 & user2

You can restrict access based on roles; now we will see how to allow access based on roles.

Example 2:

The following code example demonstrates how to deny access to all user accounts and allows access to all members of the role Administrator.

<configuration>
          <location path="_layouts/abc/testpage.aspx" >
                   <system.web>
                             <authorization >
                   <!—Add roles to give a access,you can add morethan one role with comma delimited -->
                                      <allow roles="admininstrator"/>
           <!-- denies to all users except those who role is "admininstrator"-->
                                      <deny users="?"/>
                             </authorization>
                   </system.web>
          </location>
</configuration>

Result: testpage.aspx is able to access only by those who role is "Administrator"

Need to know following things before we use in Authorization tag

allow users ="*means access to everyone by Default
allow users ="?means access only to unauthenticated (Anonymous) users

Similarly,

deny users ="*means access is restricted to everyone
deny users ="?means access is denied only for unauthenticated (Anonymous) users

Enjoy!!!

Login to add your contents and source code to this article
This Feature is Sponsored By DynamicPDF Merger is a developers dream for interacting with any existing PDF documents. Merge, append, split, form fill, flatten stamp and so much more.
post comment
     

Thanks Biju,

You can use “Active Directory membership provider”.

To configure the Membership provider, you have to add a connectiong string  that points to yours active directory users

Example:

<connectionStrings>

  <add name="ActiveDirectoryConnectionString" connectionString="LDAP://testdomain.test.com/CN=Users,DC=testdomain,DC=test,DC=com" />

</connectionStrings>

In this above example: connection string  that connects to the user's container within a domain (testdomain.test.com ). You need to update this String to point to the relevant user’s container within your domain.

 

Then you have to add a <membership > element after <authorization>

 

Example:

<membership defaultProvider="MyActiveDirectoryMembershipProvider">
<providers>
<add name="MyADMembershipProvider"  type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, 
             Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
       connectionStringName=" ActiveDirectoryConnectionString"
       connectionUsername="testdomain\administrator" 
       connectionPassword="password"/>
  </providers>
 </membership>

 

Note: you have to use the same connectionstring  name here which you already used in the Connection string section to connect the Active Directory(AD).

 

Please refer the following link to know more about ActiveDirectoryMembershipProvider Class

 

http://msdn.microsoft.com/en-us/library/system.web.security.activedirectorymembershipprovider.aspx

Hope it will help you.  Please feel free to post your comments

Posted by Suri meenakshi Sundaram Nov 11, 2010

Suri,

Nice article

How we will use AD integrated users and Roles

Posted by Biju s Nair Nov 11, 2010

Thanks Suresh!!!. if you want to use the Role, you have to do following things


Need to Enable Role Manager In Web.config. File, as 
<system.web>
<roleManager enabled="true" />
</system.web>
After that you have to Specify the Provider inside the Rolemanager.
For Example if you are using Default Provider AspNetSqlRoleProvider defined in the Machine.config file. this uses the Sql Express Instance.
 to use the role store in Sql server and add a connecting String as shown below
<configuration>
<connectionStrings>
<add name="MySqlRoleManagerConnection" 
connectionString="Data Source=sqlinstance;
Initial Catalog=aspnetdb;Integrated Security=SSPI;">
</add>
</connectionStrings>
</configuration>
then you have to use the Provider, which you have to mention it inside role manager
for example is as shown below:
you have to use the same Connection string to refer the Sql server
<roleManager enabled="true" defaultProvider="MySqlRoleManager">
<providers>
<add name="MySqlRoleManager" 
type="System.Web.Security.SqlRoleProvider"
connectionStringName="MySqlRoleManagerConnection"
applicationName="MyApplicationname" />
</providers>
</roleManager>
Now you can able to Manage Authorization using web.config.
if you want to use it in code 
use the following namespace
using System.Web.Security;
then if you want to Create new Role
Roles.CreateRole("Administrator");
if you want to add users to the role as below
Roles.AddUserToRole("Suri", "Administrator");
Hope it will help you to understand.

Posted by Suri meenakshi Sundaram Nov 10, 2010

Good article Suri, but i am new to asp.net. can u tell me where these roles like administrator and users like user1 and user2 are defined?
Can i have any roles of my wish?

Posted by Suresh Paldia Nov 10, 2010
COMMENT USING
PREMIUM SPONSORS
DynamicPDF™ product line allows you to dynamically generate PDF documents, merge PDF documents and add new content to existing PDF documents from within your applications.
Get Career Advice from Experts
TRENDING UP
MOST LIKED ARTICLE
HOT KEYWORDS
SPONSORED BY
  • PDF reports have never been easier to create. With our included WYSIWYG Designer, you can layout your reports, set up your data source and let DynamicPDF ReportWriter do the rest.
Join a Chapter
WHITEPAPERS AND BOOKS
Hosted By CBeyond Cloud Services MVPs MOST VIEWEDLEGENDSNOW PRIZESAWARDSREVIEWSSURVEYCERTIFICATIONSDOWNLOADS
PRIVACY POLICY | TERMS & CONDITIONS | SITEMAP | CONTACT US | ABOUT US | REPORT ABUSE
©2013 C# Corner. All contents are copyright of their authors.