using web config to allow access to domain users only

Re: using web config to allow access to domain users only

I think you want the role tag

<authorizatio n>
<allow users="*" allow role="domain\gr oup" />
<deny users="*" />
</authorization>
--
Regards

John Timney
ASP.NET MVP
Microsoft Regional Director



"Carlos" <ch_sanin@yahoo .com> wrote in message
news:uYbc0crvFH A.252@TK2MSFTNG P09.phx.gbl...[color=blue]
> Hi all,
>
> is it possible to configute an asp .net app using web config, to allow
> access to users within a particular domain only?.
>
> Any help is greatly appreciated.
>
> Thanks in advance,
>
> Carlos
>[/color]

Re: using web config to allow access to domain users only

I'm making the assumption that you're using windows Authentication for
your web application.

I would recommend doing this security check in the Application's
AuthorizeReques t event. You can set the domain in an appSetting in your
web.config file. The following code is untested:

Web.config:

<configuratio n>
<appSettings>
<add key="Authorized DomainName" value="Watusi" />
</appSettings>
<system.web>
<authenticati on mode="Windows" />
<authorizatio n>
<deny users="?" />
</authorization>
</system.web>
<location path="notauthor ized.aspx">
<system.web>
<authorizatio n>
<allow users="*" />
</authorization>
</system.web>
</location>
</configuration>

global.asax

void Application_Aut horizeRequest(o bject sender, EventArgs e)
{
if
(!User.Identity .Name.StartsWit h(Configuration Settings.AppSet tings["AuthorizedDoma inName"]
+ "\\")) HttpContext.Cur rent.Response.R edirect("notaut horized.aspx");
}

-Alan


Carlos wrote:[color=blue]
> Hi all,
>
> is it possible to configute an asp .net app using web config, to allow
> access to users within a particular domain only?.
>
> Any help is greatly appreciated.
>
> Thanks in advance,
>
> Carlos[/color]

Re: using web config to allow access to domain users only


Alan,

Thank you for your prompt response. When testing the code
I found out that it takes a long time to redirect from within
Application_Aut henticateReques t to the notauthorized page.

Is there any reason for that?

Thanks,

Carlos

"Alan Samet" <alansamet@gmai l.com> wrote in message
news:1127317164 .051700.60390@g 14g2000cwa.goog legroups.com...[color=blue]
> I'm making the assumption that you're using windows Authentication for
> your web application.
>
> I would recommend doing this security check in the Application's
> AuthorizeReques t event. You can set the domain in an appSetting in your
> web.config file. The following code is untested:
>
> Web.config:
>
> <configuratio n>
> <appSettings>
> <add key="Authorized DomainName" value="Watusi" />
> </appSettings>
> <system.web>
> <authenticati on mode="Windows" />
> <authorizatio n>
> <deny users="?" />
> </authorization>
> </system.web>
> <location path="notauthor ized.aspx">
> <system.web>
> <authorizatio n>
> <allow users="*" />
> </authorization>
> </system.web>
> </location>
> </configuration>
>
> global.asax
>
> void Application_Aut horizeRequest(o bject sender, EventArgs e)
> {
> if
> (!User.Identity .Name.StartsWit h(Configuration Settings.AppSet tings["AuthorizedDoma inName"]
> + "\\")) HttpContext.Cur rent.Response.R edirect("notaut horized.aspx");
> }
>
> -Alan
>
>
> Carlos wrote:[color=green]
>> Hi all,
>>
>> is it possible to configute an asp .net app using web config, to allow
>> access to users within a particular domain only?.
>>
>> Any help is greatly appreciated.
>>
>> Thanks in advance,
>>
>> Carlos[/color]
>[/color]

Re: using web config to allow access to domain users only

That I don't know. An HttpResponse.Re direct sends a header to the
browser requesting that the browser do the redirect. It may be the
browser you're using taking its time to do the redirect; the first
time, of course, you'd have to deal with the delay of the page
compiling. Perhaps the first time the WindowsPrincipa l is queried for
the identity it may have to do some kind of domain lookup. I'm not
sure.

-Alan