D
Douglas J. Badin
Hi,
The problem with Authorization is it stops at the first match and doesn't
permit Grouping.
On the Web Site, I am trying to Secure Page Access and SiteNaviagation by
implementing the following ASP.NET 2.0 features:
- Membership
- Site Maps
- SiteMap Security Trimming
A User has a least 2 roles, let's say:
- Customer or Vendor
and
- User and/or Manger and/or Accounting
User U1 has the roles:
- Customer
- Accounting
- User
User U2 has the roles:
- Customer
- User
How do I keep U2 out using roles?
Right now, it stop when it sawn they were in the Customer Role
I don't want to deny the User Role because U1 would be stopped.
I would like something like this
<authorization>
<deny users="?" />
<deny users="U3" />
<allow roles="Customer, Accounting" />
<allow roles="Vendor, Manager, Accounting" />
</authorization>
or possibly
<authorization>
<deny users="?" />
<deny users="U3" />
<allow roles="(Customer, Accounting), (Vendor, Manager, Accounting)" />
</authorization>
For Above:
The allow roles list would be evaluated with a boolean AND
The allow elements would be evaluated between each other with a boolean OR
The allow and deny elements would be evaluated with a boolean AND
..i.e.
(
(
(
users <> "?"
)
AND
(
users <> "U3"
)
AND
(
(
roles = "Customer"
AND roles = "Accounting"
)
OR
(
roles = "Vendor"
AND roles = "Manager"
AND roles = "Accounting"
)
)
)
I am currently looking at the possibility of implementing an HttpModule for
AuthenticateRequest. I found a an example that checks the
SiteMap.CurrentNode.Roles but the siteMapNode only permits allows, not
denys.
I could create my own custom nodes
<siteMapNode
url="~/Default.aspx"
title="Home"
description="Home"
AllowUsers=""
DenyUsers="?, U3"
AllowRoles="(Customer, Accounting), (Vendor, Manager, Accounting)"
DenyRoles=""
/>
I am not sure if this covers Page Access though.
Or, I can figure out how to get the prevailing web.config denys and allows.
I would check online, but the MSDN servers reply with "Server is too busy"
this morning.
Any other ideas?
Thanks,
Doug
The problem with Authorization is it stops at the first match and doesn't
permit Grouping.
On the Web Site, I am trying to Secure Page Access and SiteNaviagation by
implementing the following ASP.NET 2.0 features:
- Membership
- Site Maps
- SiteMap Security Trimming
A User has a least 2 roles, let's say:
- Customer or Vendor
and
- User and/or Manger and/or Accounting
User U1 has the roles:
- Customer
- Accounting
- User
User U2 has the roles:
- Customer
- User
How do I keep U2 out using roles?
Right now, it stop when it sawn they were in the Customer Role
I don't want to deny the User Role because U1 would be stopped.
I would like something like this
<authorization>
<deny users="?" />
<deny users="U3" />
<allow roles="Customer, Accounting" />
<allow roles="Vendor, Manager, Accounting" />
</authorization>
or possibly
<authorization>
<deny users="?" />
<deny users="U3" />
<allow roles="(Customer, Accounting), (Vendor, Manager, Accounting)" />
</authorization>
For Above:
The allow roles list would be evaluated with a boolean AND
The allow elements would be evaluated between each other with a boolean OR
The allow and deny elements would be evaluated with a boolean AND
..i.e.
(
(
(
users <> "?"
)
AND
(
users <> "U3"
)
AND
(
(
roles = "Customer"
AND roles = "Accounting"
)
OR
(
roles = "Vendor"
AND roles = "Manager"
AND roles = "Accounting"
)
)
)
I am currently looking at the possibility of implementing an HttpModule for
AuthenticateRequest. I found a an example that checks the
SiteMap.CurrentNode.Roles but the siteMapNode only permits allows, not
denys.
I could create my own custom nodes
<siteMapNode
url="~/Default.aspx"
title="Home"
description="Home"
AllowUsers=""
DenyUsers="?, U3"
AllowRoles="(Customer, Accounting), (Vendor, Manager, Accounting)"
DenyRoles=""
/>
I am not sure if this covers Page Access though.
Or, I can figure out how to get the prevailing web.config denys and allows.
I would check online, but the MSDN servers reply with "Server is too busy"
this morning.
Any other ideas?
Thanks,
Doug