You searched for the word(s): userid:44069

More Search Options

RSS Available

• Re: Windows authentication + Stored Users and roles in SQL DB

  For using roles you'll need to use RoleManager. Check here: http://msdn2.microsoft.com/en-us/library/ms164660.aspx Are you saying you have two sources for your list of users?

  Posted to Security (Forum) by LordHits on 6/1/2006

• Re: login/authentication to view certain pages

  That whole <authentication> section needs to move out of the authorization section. I think that needs to go within the root <system.web>. Google for some sample web.configs using authorization/auth to give you an idea on how to structure this file.

  Posted to Security (Forum) by LordHits on 5/23/2006

• Re: login/authentication to view certain pages

  This line: < allow users ="?"> is allowing anonymous users to access the page. I think you meant: < deny users ="?"> which will deny all anonymous users. http://technet2.microsoft.com/WindowsServer/en/Library/673ad9fe-9e97-4669-a1f5-4383f45a3f7b1033.mspx?mfr=true

  Posted to Security (Forum) by LordHits on 5/23/2006

• Re: login/authentication to view certain pages

  Assigning of roles is usually done as an admin task outside of the signing in process cos usually one is assigning roles because of authorization reasons. If you just need to check if someone is logged in, you will just use User.Identity.IsAuthenticated.

  Posted to Security (Forum) by LordHits on 5/23/2006

• Re: login/authentication to view certain pages

  Hmm...alot of this provider stuff is new in 2.0. Google is your friend.... all the info is out there. Between Googling and Scott Guthrie's blog, you should get all the info for 1.1 too.

  Posted to Security (Forum) by LordHits on 5/22/2006

• Re: login/authentication to view certain pages

  You don't need no stinkin book. :) All the info is on the net. Here's a good place to start. Scott Guthrie's blog post on roles/membership/security resources. There's a link to a book there. The book goes real deep into this stuff but those other links can get you up and running fast: http://weblogs.asp.net/scottgu/archive/2006/02/24/438953.aspx LH

  Posted to Security (Forum) by LordHits on 5/22/2006

• Re: login/authentication to view certain pages

  First of, what provider are you using for role management? I use the SqlRoleProvider. Once you set that up, then your roles can be managed in the database and the authentication works like above. Note that the above authentication works no matter what role provider you use. See the bottom of this link for an example setting up the SqlRoleProvider: http://msdn2.microsoft.com/en-us/library/system.web.security.sqlroleprovider.aspx LH

  Posted to Security (Forum) by LordHits on 5/22/2006

• Re: login/authentication to view certain pages

  Protecting pages is very similar to protecting directories. This link has a sample (check "The Web.Config File / .aspx Page Security" section): http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/ASPMemManSec.asp

  Posted to Security (Forum) by LordHits on 5/22/2006

• Re: Does forms authentication implicitly allow access to login form?

  Are you trying to deny users from accessing the login page after they have logged in? I think the login page is always available whether one is logged in or not. If you trying to deny anonymous users from hitting any page, the authorisation section should read as follows: < authorization > < deny users= "?" /> </ authorization >

  Posted to Security (Forum) by LordHits on 5/22/2006

• Re: Problem in using Page.User.Identity.Name

  I wouldn't suggest storing the username in the session to check for authentication. Always use User.Identity.* to check for authentication. Storing auth stuff in a session could lead to problems where the user is not logged in anymore yet the session variable is still set. Bad. That being said, are all these pages in the same folder in your app?

  Posted to Security (Forum) by LordHits on 5/22/2006