help on Access to specific location ??

[Guest]

Dear all,

How to configure in config file, the fact that all users get access to the
root web folder but only some of them to a restricted forlder

Any sample ?

thnaks for your help
regards
serge

 

[Guest]

Hi Serge,

To allow users to certain area's, using the built in security framework,
requires the use of the "authorization" element in the config file. You can
then use the "location" element from with your config file to set other
folders have other security permissions. The other way is to place a separate
web.config in each folder you wish to secure, but the location element seems
more elegant.

E.g. (hope the xml comes out ok!)

<location path="pages/admin">
<system.web>
<authorization>
<deny roles="3"/>
</authorization>
</system.web>
</location>


Matt

 

[Guest]

thanks for your answer mat,

how to this authentification method behaves with NTFS permission set on
th folder as well in case we use windows authentication of course.

Does it take in account the most restrictive permission combine with
webconfig file and folder security ?

 

[Guest]

Hi Serge,

If you're using Windows Authentication with Impersination set to true, then
ASP.NET runs under that users account, and so is subject to NTFS permissions.
To be honest, I haven't tried denying read access to a folder within a
website for a given user to see what happens, but I'd say you'd want to use
the ASP.NET approach for that kind of security.

At a guess I'd say ASP.NET would check the Request and allow it to continue
if the web.config allows it, after which it may be blocked by NTFS security.
It would therefore always take the access granted by both systems.

You'd really want to use the NTFS security for access to other resources or
folders, not directly under the control of ASP.NET.

Matt