But how can I programmtically assign the role comp1 to the user (user.identity.name).
I want to read from a database table which companys' content the user is allowed to view and then assign these roles.
ASP.NET supports multiple places where user to role mappings can be stored and defined. When Windows Authentication is enabled, ASP.NET will by default use the Active Directory
user/group mappings to support role access permission checks. This is useful when the permission checks you want to perform are global to your company environment.
In comments:
If you configure the role manager to use the
ActiveDirectoryRoleProvider, then you can definitely grant/deny users based on the roles/groups within your active directory.
Just use the syntax "DOMAIN\Group" in order to grant/deny people.
Best I can suggest right now is look for ActiveDirectoryRoleProvider over the web to know a little more about
None
0 Points
15 Posts
Web.config location or multiple using roles etc.
Jan 03, 2019 10:32 AM|kapaul|LINK
Hallo,
I want to secure my simple Intranet application (now only windows authentication).
Every user of our domain can see the complete content.
For the future we have to make different access rights.
We have 3 companies, for each company we have a separate subdirectory with sensible content
comp1
comp2
comp3
Since I know the windows username, I can lookup in a sql table which companies he is allow to view (e.g. comp2 and comp3)
How can I protect the directories the user is not allowed to? Please help !
Should I work with multipe web.configs? Or location-Tags in the root web.config? Working with roles etc.
I habe no idea to find a practicable solution ..
Participant
1091 Points
673 Posts
Re: Web.config location or multiple using roles etc.
Jan 03, 2019 01:12 PM|jzero|LINK
You can use one web.config per directory or sub directory, or location on main web.config, personally I prefer one web.config per directory.
Roles will give you more control for group of users. If you want use location path is relative to virtual directory so set it like "~/comp1"
Take a look on these links they can help you
https://support.microsoft.com/en-us/help/323176/how-to-implement-windows-authentication-and-authorization-in-asp-net
https://weblogs.asp.net/scottgu/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application
https://www.mikesdotnetting.com/article/216/windows-authentication-with-asp-net-web-pages
None
0 Points
15 Posts
Re: Web.config location or multiple using roles etc.
Jan 11, 2019 08:15 AM|kapaul|LINK
Thanks jzero.
Now I habe 3 web.configs
The main web.config:
<roleManager enabled="true" />
<authentication mode="Windows" />
<authorization>
<allow users="*"/>
</authorization>
subdirectory comp1
<authorization>
<deny users="" />
<allow roles ="comp1"/>
</authorization>
subdirectory comp2
<authorization>
<deny users="" />
<allow roles ="comp2"/>
</authorization>
But how can I programmtically assign the role comp1 to the user (user.identity.name).
I want to read from a database table which companys' content the user is allowed to view and then assign these roles.
Thanks in advance
Paul
Participant
1091 Points
673 Posts
Re: Web.config location or multiple using roles etc.
Jan 11, 2019 12:42 PM|jzero|LINK
Check these articles, you will see there are different ways to do it
https://support.microsoft.com/hr-ba/help/323176/how-to-implement-windows-authentication-and-authorization-in-asp-net
https://weblogs.asp.net/scottgu/Recipe_3A00_-Enabling-Windows-Authentication-within-an-Intranet-ASP.NET-Web-application
https://weblogs.asp.net/scottgu/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASPNET-20-using-Windows-Authentication-and-SQL-Server
None
0 Points
15 Posts
Re: Web.config location or multiple using roles etc.
Jan 16, 2019 03:58 PM|kapaul|LINK
Thanks, these articles are really interesting, but they don't really help me....
I am running windows authentication, so I know the user, e.g. "domain1\user1"
Then I want programmatically set the role "comany1" to user "user1"
Depending on web.config files the user should have the custom permissions...
Any idea?
Participant
1091 Points
673 Posts
Re: Web.config location or multiple using roles etc.
Jan 17, 2019 10:45 PM|jzero|LINK
Considering Windows Authentication, what about make all Groups you need on AD and use such groups as Roles.
I do not have a way to test, but here are 2 fragments (quoted bellow) from
https://weblogs.asp.net/scottgu/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASPNET-20-using-Windows-Authentication-and-SQL-Server
In article:
In comments:
Best I can suggest right now is look for ActiveDirectoryRoleProvider over the web to know a little more about