Need Authorization to Shared Resources

[Jonathan Wood]

I have three roles: Admin, Trainer, and Client. Client pages are in my root
folder, Admin pages are in my Admin subfolder, and Trainer pages are in my
Trainer subfolder. No users can access any pages not matching their role.

In order to enforce this, I have the following in my web.config:

<authorization>
<allow roles="Client" />
<deny users="*" />
</authorization>

I also need to add web.config files and rules in my Admin and Trainer
subfolders.

That seems to work except that the rules above apply to any subfolders
without a web.config file. So, for example, Trainer and Admin users cannot
access my images (~/images) and stylesheets (~/style), etc.

Is it necessary to now place yet another web.config file in each shared
folder such as images and style? Or is there an easier way to deal with
this?

Thanks.

 

[Steve C. Orr [MCSD, MVP, CSM, ASP Insider]]

Your folder hierarchy is not clear to me, but yes, that would be one
solution.
Perhaps you should put shared resources in one place for all users to share?

 

[Jonathan Wood]

My folder hierachy is as follows:

[Root folder] - "Client" users only
|
--> [Admin subfolder] - "Admin" users only
|
--> [Trainer subfolder] - "Trainer" users only

I hate to stick things like images in folders with things like stylesheets.
Moreover, I want to use themes, which have a fixed folder structure.

I suppose I could have images for each theme and put the images there. Seems
less than ideal though.

Thanks.

--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com

 

[Scott Roberts]

Hello once again.

It seems to me that you are having many problems all of which could be
resolved easily with a modified folder hierarchy.

[Root folder] - Any user
|
--> [Client subfolder] - "Client" users only
|
--> [Admin subfolder] - "Admin" users only
|
--> [Trainer subfolder] - "Trainer" users only
|
--> [Shared subfolder(s)] - Set folder security as appropriate.