AuthorizationStoreRoleProvider Issues
- From: "Timothy H. Schilbach" <tschilbach@xxxxxxxxxxxxxxxx>
- Date: Fri, 28 Apr 2006 08:05:37 -0500
I have been working on some sample applications to proof new security
enhancements as far as roles based and authorization based security. I am
using a trest active directory, forms based authentication with the form
control, and the AzMan.msc tool to create my roles and policy XML file I am
accessing. SO far everything is going great...
Now my issue is this, maybe someone can shed some light on this. My
AuthUsers.xml file is laid out like so:
<?xml version="1.0" encoding="utf-8" ?>
- <AzAdminManager MajorVersion="1" MinorVersion="0"
Description="Authorization Store for the AuthUser Application">
- <AzApplicationGroup Guid="7037a5f2-178d-4056-8dad-342f9d5c6c95"
Name="Administrator" Description="Datacenter Organizer Administrators"
GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1111</Member>
</AzApplicationGroup>
- <AzApplicationGroup Guid="e8109261-2b4a-4c67-ab22-400f72b9db2a"
Name="SecurityAdmin" Description="Datacenter Organizer Security
Administrators" GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1110</Member>
</AzApplicationGroup>
- <AzApplicationGroup Guid="a5de19aa-bbfb-4b2e-8bd0-635fcd7c7193"
Name="Auditors" Description="Datacenter Organizer Auditors"
GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1108</Member>
</AzApplicationGroup>
- <AzApplication Guid="16e7da53-4973-40b5-a2d0-2e2e95afcccb" Name="AuthUser"
Description="" ApplicationVersion="">
- <AzApplicationGroup Guid="8cd3d253-c302-4875-912e-5a179ba9ad93"
Name="Users" Description="" GroupType="Basic">
<Member>S-1-5-21-3137277063-3307450293-2828318362-1112</Member>
</AzApplicationGroup>
</AzApplication>
</AzAdminManager>
Now as you cane see I have create dan Application called: AuthUser and
assigned a Group called 'Users'. The Users group is linked to the Active
Directory Group 'DCO_User'. So far everything works like a charm.
I have 2 users:
1. Tim
2. TestMan
Tim belongs to the DCO_User group, while TestMan does not belong to any
groups. Now I have set my authorization section in my web.config file to be:
<authorization>
<deny users="?"/>
<!-- Deny anonymous access to website -->
<allow roles="Users"/>
<!-- Allow all users -->
</authorization>
As you cane see, the only ROLE allowed is USERS which links to the DCO_User
AD group. Whenever I authenticate, both users are let and and see the
default.aspx page. While this si nice now that there are no errors, I didnt
want TestMan to get in at all!
So me delima is thatr TestMan is not supposed to be able to access this
application. Any suggestions?
.
- Prev by Date: TREEVIEW - xmlDocument - how to....?
- Next by Date: Re: Master Pages not displaying ... ?
- Previous by thread: TREEVIEW - xmlDocument - how to....?
- Next by thread: page_load triggers 2 times
- Index(es):
Relevant Pages
|
