StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POASP.NET 3.5 IIS7 Roles Security Implementation
primarykey
Id
1461132
data
AcceptedAnswerId
1461199
AnswerCount
1
ClosedDate
CommentCount
1
CommunityOwnedDate
CreationDate
2009-09-22T16:26:43.860
FavoriteCount
0
LastActivityDate
2009-09-22T17:45:19.280
LastEditDate
2009-09-22T17:14:24.500
LastEditorUserId
177274
OwnerUserId
177274
ParentId
0
PostTypeId
1
Score
3
ViewCount
2176
LastEditorDisplayName
text
Body
I'm working on a ASP.NET 3.5 application running on IIS7 (Server '08) using the stock MS Forms Authentication and SqlRolesProvider. (I used the <a href="http://msdn.microsoft.com/en-us/library/ms998314.aspx" rel="nofollow noreferrer">aspnet_regsql</a> tool to generate the tables). We have three roles: SysAdmins, AppAdmins, and Users. All users are in Users, and a user can be in either SysAdmins, AppAdmins or both. I can't seem to get an Admin directory to block access to users not in SysAdmins and AppAdmins. Either it lets in all logged-in users, or no one. Here are the relevant bits of my current configuration: <pre><code><configuration> ... <system.web> <authentication mode="Forms"> <forms loginUrl="/client/security/login.aspx" timeout="480" /> </authentication> <authorization> </authorization> <roleManager defaultProvider="SqlRoleProvider" enabled="true" cacheRolesInCookie="true" cookieName="EquityTouch.Roles" cookieProtection="All" cookieSlidingExpiration="true" cookieTimeout="60"> <providers> <clear /> <add name="SqlRoleProvider" applicationName="EquityTouch" connectionStringName="SQLProvider" type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </roleManager> ... </system.web> <system.webServer> <security> <authorization> <add accessType="Deny" users="?" /> </authorization> </security> ... </system.webServer> <location path="admin"> <system.webServer> <security> <authorization> <remove users="*" roles="" verbs=""/> <add accessType="Allow" roles="SysAdmins,AppAdmins" /> </authorization> </security> </system.webServer> <system.web> <authorization> <deny users="*"/> <allow roles="SysAdmins,AppAdmins"/> </authorization> </system.web> </location> </configuration> </code></pre> I believe this configuration currently blocks everyone. I've done similar configurations that block no one. I suspect the issue lies in using both system.web and system.webserver sections. Any help with getting this configuration working correctly would be greatly appreciated. UPDATE Removing the <system.webServer> section from the <location> element makes the .aspx pages in that folder return correctly! Unfortunately, the .js files in that folder are still blocked to all users... Ideally I would like to lock the .js files as well from unpriviledged eyes. So I'm still looking for help.
Tags
<iis-7><web-config><asp.net-3.5><sqlroleprovider>
Title
ASP.NET 3.5 IIS7 Roles Security Implementation
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USToby
UserOwnerUserId
1. USToby
plurals
PostLinksPostIdRelatedPostId
1. PL
 singulars
 LinkTypeLinkTypeId
 LTLinked
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 POASP.NET 3.5 IIS7 Roles Security Implementation
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 POASP.NET 3.5 IIS7 Roles Security Implementation
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 POASP.NET 3.5 IIS7 Roles Security Implementation
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId
1. COThis is the same issue: http://stackoverflow.com/questions/991045/asp-net-authentication-with-roles-in-iis7-integrated-mode-for-static-content
 singulars
 PostPostId
 POASP.NET 3.5 IIS7 Roles Security Implementation
 UserUserId
 USToby

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.