T
tafs7
I have an ASP.NET application that uses forms authentication. I
rolled my own CustomPrincipal class for role-based authentication, and
wired the Application_AuthenticateRequest() event on my global.asax.
All is working great.
Now my new requirement is that I make a role on my SQLServer db that
is a "low level" user. This role will only have access to ONE
specific folder on my application, and nothing else outside of it.
Other roles can access other folders including this one. I should
also note that there is no anonymous access on this application.
Everything is password protected, so when the first request fires, the
user is automatically redirected to the login page, then, once
authenticated, he/she is taken to the default.aspx on the root.
Everyone uses the same login page, but if the user name is in the
"low-level" role, I need to automatically redirect to the special
folder, while all other users get taken to my root's default.aspx (if
no other return url string is specified).
This is a snippet of my web.config on the root directory:
<authentication mode="Forms">
<forms name=".ELITECTSUSERAUTH" loginUrl="~/login.aspx"
protection="All"
timeout="30"
slidingExpiration="true"
path="/" />
</authentication>
<authorization>
<deny users="?" roles="5" /> <!-- Deny anonymous users and low-level
roles-->
<allow users="*" />
</authorization>
As you can see, this denies access to anonymous users and users in the
role "5", which is my "low-level" user.
So the question is this: (1) how to make the application kick the
low-level user to the special folder once he/she is authorized and a
principal has been generated for them, without ever going to the root
default.aspx.
I also thought I should include either a location section in my root
web.config that allows role 5 into the special folder, or add a new
web.config to that special folder allowing authenticated users and all
roles, overriding the root web.config.
Does anybody have any suggestions to this problem?
rolled my own CustomPrincipal class for role-based authentication, and
wired the Application_AuthenticateRequest() event on my global.asax.
All is working great.
Now my new requirement is that I make a role on my SQLServer db that
is a "low level" user. This role will only have access to ONE
specific folder on my application, and nothing else outside of it.
Other roles can access other folders including this one. I should
also note that there is no anonymous access on this application.
Everything is password protected, so when the first request fires, the
user is automatically redirected to the login page, then, once
authenticated, he/she is taken to the default.aspx on the root.
Everyone uses the same login page, but if the user name is in the
"low-level" role, I need to automatically redirect to the special
folder, while all other users get taken to my root's default.aspx (if
no other return url string is specified).
This is a snippet of my web.config on the root directory:
<authentication mode="Forms">
<forms name=".ELITECTSUSERAUTH" loginUrl="~/login.aspx"
protection="All"
timeout="30"
slidingExpiration="true"
path="/" />
</authentication>
<authorization>
<deny users="?" roles="5" /> <!-- Deny anonymous users and low-level
roles-->
<allow users="*" />
</authorization>
As you can see, this denies access to anonymous users and users in the
role "5", which is my "low-level" user.
So the question is this: (1) how to make the application kick the
low-level user to the special folder once he/she is authorized and a
principal has been generated for them, without ever going to the root
default.aspx.
I also thought I should include either a location section in my root
web.config that allows role 5 into the special folder, or add a new
web.config to that special folder allowing authenticated users and all
roles, overriding the root web.config.
Does anybody have any suggestions to this problem?