Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Authentication and Authorization?

Status
Not open for further replies.
xpblueScreenOfDeath

xpblueScreenOfDeath

Programmer
Sep 1, 2004
87
I am using ASP .NET(version 1.1). My http authentication module is called for every webpage that is under may project even though I specified in my web.config to only authentication for a specify directory? Am I missing somethings or is my web.config done wrong for what I am trying to accomplish?

Code: 
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    
  <system.web>
	<authentication mode="None" /> 

	<authorization>
		<allow users="*" /> <!-- Allow all users -->
	</authorization>

	<httpModules>
		<add name="mod1" type="xx.yy,mod1"/>
	</httpModules>
  </system.web>
 
  <location path="test">
    <system.web>
		<authorization>
			<allow roles="EUser" />
			<deny users="*" />
		</authorization>
    </system.web>
  </location>
</configuration>

My default is to allow anybody access. The location part of the web.config should have override the default no authentication for the directory "test" to use my http module. But my http module is called for every webpage under my project. Am I doing something wrong or am I suppose to do something in the http module to check for the location?
 
Sort by date Sort by votes
xpblue: just a shot in the dark having never worked myself with these authentication modules. One idea that crossed my mind was to move a second copy of the web.config to the specified directory and adjust authorization there to override the root web.config. Just a thought xpblue; sorry I couldn't be of more help.
 
Upvote 0 Downvote
where have u placed this web.config file?

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Originally the web.config is only in the root folder of the project. I also tried making two web.config file. One web.config for the root folder as so:
Code: 
<configuration>    
  <system.web>
    <authentication mode="None" />
    <authorization>
        <allow users="*" /> <!-- Allow all users -->
    </authorization>
  </system.web>
 </configuration>

and the another web.config in the test folder as so:
Code: 
<configuration>    
  <system.web>
    <authorization>
       <allow roles="EUser" />
       <deny users="*" />
    </authorization>
    <httpModules>
        <add name="mod1" type="xx.yy,mod1"/>
    </httpModules>
  </system.web>
 </configuration>
but this gave me a error message about the config files being configured incorrectly. The only way I got the project running with two config file is to put the httpmodule section in the root web.config. But then I still have the same problem, the http module is still being called for every web page in the project. Any more suggestiongs? Thanks.
 
Upvote 0 Downvote
xpblue: Have/did you try changing:

Code: 
<authorization>
  <allow roles="EUser" />
  <deny users="*" />
</authorization>

..to this in the test folder?

<authorization>
  <allow users="*" /> <!-- Allow all users -->
</authorization>
I could very easily be missing something here, just a thought.
 
Upvote 0 Downvote
Yep, tried that variation too. The only thing that seem to work is to create another project in the test folder and thereby, having its own web.config and then using the exactly web.config file that I stated above that gave me an error about the web.config being configured incorrectly. So, the project is configured as so.

Code: 
folder "Project1", Project1
   -web.config ->configured for anonymous access

   folder test, Project2
      -web.config -> configured to be access by roles

web.config under Project1 folder
Code: 
<configuration>    
  <system.web>
    <authentication mode="None" />
    <authorization>
        <allow users="*" /> <!-- Allow all users -->
    </authorization>
  </system.web>
 </configuration>

web.config under test folder
Code: 
<configuration>    
  <system.web>
    <authorization>
       <allow roles="EUser" />
       <deny users="*" />
    </authorization>
    <httpModules>
        <add name="mod1" type="xx.yy,mod1"/>
    </httpModules>
  </system.web>
 </configuration>

The two web.config files are exactly as posted by my second post. I really hate the idea of having to make two projects just to get the security working. I don't like this approach because the amount of secured pages are few, and there are shared functionality in the secured and unsecured pages. So, I either have to break the shared functionality into a library and make sure that if I update the library then the two dll in both projects are up to date. I wouldn't mind if I had a lot of secured pages, but that is just not the case.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Locked
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
548
Makumbi256
Makumbi256
Moregelen
  • Locked
  • Question
Domain Authentication
Replies
0
Views
563
Moregelen
Moregelen
sugu1
  • Locked
  • Question
sound editing in web site to record, cut/trim, paste and save as wav file
Replies
0
Views
567
sugu1
sugu1
G12Consult
  • Locked
  • Question
Forms authentication not working
Replies
4
Views
352
Rajkumarrrrr
Rajkumarrrrr
engsalah2018
  • Locked
  • Question
How to get label text from table reference on database based on TableName and FieldName
Replies
2
Views
604
jbenson001
jbenson001

Part and Inventory Search

Sponsor

Back
Top