locked
Membership users - Understanding! RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1101529841 posted

    Hi,

    I am new to asp.net, until now i can't understand how to create usernames for my login page with memberships! I created login form and i have my own database that checks manually for username and password then based on a field ("usermenu") i am redirecting the users to the correct content. Now I am running into problems when trying to protect a folder using the <location> in web.config file. When i put for example <allow users"*"> and <deny users="?"> it will not work because i didn't use the builtin membership, is that correct! Could someone help me (so i don't have to redesign) so i can use the <location> in web.config file using my own user lists in my database?

    Thanks.

    Thursday, January 7, 2016 5:53 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1716253493 posted

    https://msdn.microsoft.com/en-us/library/xdt4thhy.aspx

    https://msdn.microsoft.com/en-us/library/ff647070.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, January 7, 2016 7:05 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User614698185 posted

    Hi ramiwahdan,

    The following shows the syntax for the authorization section:

    <authorization>
  <[allow|deny] users roles verbs />
</authorization>

    The allow or deny element is required. You must specify either the users or the roles attribute. Both can be included, but both are not required. The verbs attribute is optional.

    Examples:

    1.The following example grants access to several domain users, while denying it to everyone else:

    <configuration>
   <system.web>
      <authentication mode="Windows" />
      <authorization>
         <allow users="domain1\user, domain2\user2, domain1\user3" />
         <deny users="*" />
      </authorization>
   </system.web>
</configuration>

    2.The following example grants access to the Kim identity and members of the Admins role, and denies access to the John identity (unless the John Admins role) and to all anonymous users:

    <authorization>
  <allow users="Kim"/>
  <allow roles="Admins"/>
  <deny users="John"/>
  <deny users="?"/>
</authorization>

    3. The following example allows all users to perform an HTTP GET for a resource, but allows only the Kim identity to perform a POST operation:

    <authorization>
  <allow verbs="GET" users="*"/>
  <allow verbs="POST" users="Kim"/>
  <deny verbs="POST" users="*"/> 
</authorization>

    4.The following Example  deny unauthenticated users:

    <authorization>
  <deny users="?" />
</authorization>

    Best Regards,

    Candice Zhou

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, January 8, 2016 7:31 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-1716253493 posted

    https://msdn.microsoft.com/en-us/library/xdt4thhy.aspx

    https://msdn.microsoft.com/en-us/library/ff647070.aspx

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, January 7, 2016 7:05 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User614698185 posted

    Hi ramiwahdan,

    The following shows the syntax for the authorization section:

    <authorization>
  <[allow|deny] users roles verbs />
</authorization>

    The allow or deny element is required. You must specify either the users or the roles attribute. Both can be included, but both are not required. The verbs attribute is optional.

    Examples:

    1.The following example grants access to several domain users, while denying it to everyone else:

    <configuration>
   <system.web>
      <authentication mode="Windows" />
      <authorization>
         <allow users="domain1\user, domain2\user2, domain1\user3" />
         <deny users="*" />
      </authorization>
   </system.web>
</configuration>

    2.The following example grants access to the Kim identity and members of the Admins role, and denies access to the John identity (unless the John Admins role) and to all anonymous users:

    <authorization>
  <allow users="Kim"/>
  <allow roles="Admins"/>
  <deny users="John"/>
  <deny users="?"/>
</authorization>

    3. The following example allows all users to perform an HTTP GET for a resource, but allows only the Kim identity to perform a POST operation:

    <authorization>
  <allow verbs="GET" users="*"/>
  <allow verbs="POST" users="Kim"/>
  <deny verbs="POST" users="*"/> 
</authorization>

    4.The following Example  deny unauthenticated users:

    <authorization>
  <deny users="?" />
</authorization>

    Best Regards,

    Candice Zhou

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, January 8, 2016 7:31 AM