window based authentication with members defined in a distribution list.

  • Thread starter Thread starter Biranchi Narayan Panda
  • Start date Start date
B

Biranchi Narayan Panda

I want windows based authentication for a particular folder of my web pages.
This page should be accessible to only some of the managers and some other
roles.
I don't want to allow or deny role and persons in web.config.

Rather, is it possible that a distribution list created in active directory
of the domain and linked with web config? The logins that are there in the
distribution list will only be able to view the pages and others will get
error.aspx page.

In this way, the non-technical higher position persons will also be able to
grant and deny access to other members.
 
Biranchi said:
I want windows based authentication for a particular folder of my web
pages. This page should be accessible to only some of the managers
and some other roles.
I don't want to allow or deny role and persons in web.config.

Rather, is it possible that a distribution list created in active
directory of the domain and linked with web config? The logins that
are there in the distribution list will only be able to view the
pages and others will get error.aspx page.

In this way, the non-technical higher position persons will also be
able to grant and deny access to other members.

You should be aware that each folder in a website can have its own
web.config file in which you can create this restriction. And yes, an AD
group can certainly be used instead of a user's name in the web.config file.

Please note: m.p.inetserver.asp.general is a classic ASP group and has only
a few dotnet-aware regulars. For that reason, I am removing it from the
distribution list for this reply.
 
Bob Barrows said:
yes, an AD group can certainly be used instead of a user's
name in the web.config file.

Alas I am unclear on this point. I have exactly the same wish. That a non
tech savvy manager without access to the web server per se, can via their
MS-Outlook Address book and managing a distribution list, win two immediate
benefits:

a) The ability to control who has access to a web site, and
b) The ability to email them as a group.

Now I find what you've suggested very encouraging Bob and am back here after
a good 20 minutes of reading google results varying my search without
successfully finding clear documentation or an example.

Here's what I have in my web.config now:

<authorization>
<allow roles="domain\websiteusers"/>
<deny users="*"/>
</authorization>

alas "domain\websiteusers" is a security group set by our IT staff and not
to my knowledge easily modified by a manager using the tools they have. Hence
the interest in a distribution list. Now let me suppose I have a distribution
list on Active Directory named "domain\websiteuserlist"

I have tested both of these scenarios quickly with no success:

<authorization>
<allow roles="domain\websiteuserlist"/>
<deny users="*"/>
</authorization>

and

<authorization>
<allow users="domain\websiteuserlist"/>
<deny users="*"/>
</authorization>

now I'm tempted to conclude from you cursory statement that the latter test
should function. Alas I haven't replicated it. I add a user to
domain\websiteuserlist and voila, the still can't access the website.

It may be that all I'm experience is latency. That ti would help if I
rebooted their PC, or had them log out and in again, and/or the server and/or
.... my point is simply groping for answers in the dark is a frustrating time
consumer and the lack of clear documentation has frustrated me.

I look at page like this:

http://msdn.microsoft.com/en-us/library/acsd09b0(VS.80).aspx

and I feel like reprimanding a microsoft documenters (well, humility aside,
I've managed documentation for years and would indeed be having a chat with
my staff about a page like this). What exactly IS a user and role? Where are
they defined? At best it sends me off to some obtuse pages on ASP role
management which takes me down many paths not of immediate interest to me
(although it would no doubt of great benefit if I took the time to research
and understand the complete security model all the same I ma interested
primarily in a quick answer - greedy I am). In short this page ought to tell
me clearly what kinds of strings are valid as roles and users and where they
are defined. And it doesn't.

Anyhow, if you perchance have the time for a clear example I would be
grateful to you. In the mean time I am in the dark still unless I stumble
upon another clarification soon.

Cheers,

Bernd.
 
Back
Top