Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 2.0 > ASP.NET 2.0 Professional
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
ASP.NET 2.0 Professional If you are an experienced ASP.NET programmer, this is the forum for your 2.0 questions. Please also see the Visual Web Developer 2005 forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the ASP.NET 2.0 Professional section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
 
 
Thread Tools Display Modes
  #11 (permalink)  
Old August 19th, 2006, 08:01 AM
Imar's Avatar
Wrox Author
Points: 71,804, Level: 100
Points: 71,804, Level: 100 Points: 71,804, Level: 100 Points: 71,804, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,050
Thanks: 80
Thanked 1,581 Times in 1,558 Posts
Default

I was about to.... Glad it's working now...

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: Gabber by DJ Paul Elstak (Track 1 from the album: Various) What's This?
  #12 (permalink)  
Old August 19th, 2006, 10:18 AM
Authorized User
 
Join Date: Aug 2006
Location: Branson, MO, USA.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Jim Buchan
Default

Hi Imar it's me again. Thanks to the excellent blogs of you and ScottGu I got the site deployed and working! I am running a VWD2005 app and SQL 2K Server backend through Go Daddy and have it working now except for a couple of problems. Since I cannot use the web site administrator feature of VWD on a SQL 2K box, I've developed customized Admin pages for Adding/Editing/Deleting Roles (which does add and/or delete roles by populating the appropriate roles table)as well as other site maintenance pages, and still working on a page to edit users and their roles. In any event, my site map trimming is not working correctly. I have "Admin" pages and "Member" pages identified as such in the website map. When I create a new user I have the Create User Wizard assigning a value for their role of " Member " . When the new user signs up and logs in he sees all pages, including the " Admin " pages. I for the life of me cannot figure out where the error is. I am including code snippets from the CreateUser Wizard code, the section of the web sitemap that is not working and the web config to illustrate the connection strings. Any suggestions as to why this is not putting the user in the correct role so the navigation trimming will work would sure be appreciated.
1. The event code to add the member role via the CreateUser Wizard is as follows:
// CREATE USER METHOD USING CREATE USER WIZARD
public partial class SitePages_CreateAccount : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void CreateUserWizard1_CreatedUser(object sender, EventArgs e)
    {
        Roles.AddUserToRole(CreateUserWizard1.UserName, "Member");
    }
}//END CREATE USER
2. Web site map section that is not working properly. You will note in the web config that follows that security trimming is enabled.

<siteMapNode url="~/MemberPages/ComputerTraining/ComputerTraining.aspx" title="Computer Class" description="Computer Class Materials" roles="Member"/>
<siteMapNode url="~/MemberPages/ChangePassword.aspx" title="Change Password" description="Change my password" roles="Member"/>
<siteMapNode url="~/AdminPages/MaintainSite.aspx" title="Maintain Site" description="Maintain Site Data" roles="Admin"/>
3. The customized connection strings used in the web config look like this:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<connectionStrings>

<add name="ASPNETDBConnectionString" connectionString="
Server=****************secureserver.net;
Database=*******;
User ID=*********;
Password=********;
Trusted_Connection=False " providerName="System.Data.SqlClient" />
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="
****************.secureserver.net;
Database=*******;
User ID=*********;
Password=**********;
Trusted_Connection=False " providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<roleManager enabled="true" defaultProvider="CustomizedRoleProvider">
<providers>
<add name="CustomizedRoleProvider" type="System.Web.Security.SqlRoleProvider"
connectionStringName="LocalSqlServer"/>
</providers>
</roleManager>
<authentication mode="Forms"/>
<compilation debug="false"/>
<membership defaultProvider ="CustomizedProvider">
<providers>

<remove name="AspNetSqlMembershipProvider" />
<add name="CustomizedProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="LocalSqlServer"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
passwordStrengthRegularExpression=""/>
</providers>
</membership>
<!-SITE MAP TRIMMING ENABLES TO SUPPORT USER ROLES-->
<siteMap defaultProvider="XmlSiteMapProvider" enabled="true">
<providers>
<add name="XmlSiteMapProvider"
description="Default SiteMap provider."
type="System.Web.XmlSiteMapProvider "
siteMapFile="Web.sitemap"
securityTrimmingEnabled="true" />
</providers>
</siteMap>

<customErrors mode="RemoteOnly" defaultRedirect="customError.aspx">
<error statusCode="404" redirect="missingPage.aspx"/>
</customErrors>
</system.web>
 <system.net>
<mailSettings>
<smtp from="***************">
<network host="smtpout.secureserver.net"
userName="******"
password="**********" />
</smtp>
</mailSettings>
</system.net>
</configuration>




  #13 (permalink)  
Old August 19th, 2006, 10:26 AM
Imar's Avatar
Wrox Author
Points: 71,804, Level: 100
Points: 71,804, Level: 100 Points: 71,804, Level: 100 Points: 71,804, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,050
Thanks: 80
Thanked 1,581 Times in 1,558 Posts
Default

Are you expecting the roles element on the sitemap to stop users from accessing specific pages, or do you expect the sitemap to hide nodes to those pages in controls like a TreeView?

Where and how are you using the site map?

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
  #14 (permalink)  
Old August 19th, 2006, 10:56 AM
Authorized User
 
Join Date: Aug 2006
Location: Branson, MO, USA.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Jim Buchan
Default

Hi again and thanks for the quick response. The answer to your question is "both". I am binding the sitemap to my menu/navigation. Based on log-in/role status of a user i.e. Member or Admin I hide pages (and I thought Folder access via access rules). Members can see the Members only stuff and Admin can see the Maintain Site pages. When I set up the project in VWD I only allowed the Admin role to access the Admin Folder which contains all of the admin stuff. The members only pages have things only members can see and anonymous users see the generic site sans members only and admin menu options.
The problem is when someone creates an account at the site the roles= attribute of the sitemap does not seem to be working in that a new user can see all of the pages of the site including admin. This is as I'm sure you understand simply not acceptable for security reasons. Right now I have the maintain site pages url commented out of the site map to keep users from getting into it. I sure hope you can shed some light on this Imar; I appreciate you and your help very much. I did succeed in getting the thing to work with SQL 2k thanks to your help!

Jim

  #15 (permalink)  
Old August 19th, 2006, 11:02 AM
Imar's Avatar
Wrox Author
Points: 71,804, Level: 100
Points: 71,804, Level: 100 Points: 71,804, Level: 100 Points: 71,804, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,050
Thanks: 80
Thanked 1,581 Times in 1,558 Posts
Default

Do you have <location> tags in your main web.config file, or do the folders you want to block have their own config files?

The roles on the sitemap are only used for displaying purposes only; they don't block the actual access. You'll need to add <location> nodes to the main config file, or give each folder its own file, and then override the authorization element like this:

  <location path="Admin">
    <system.web>
      <authorization>
        <allow roles="Manager" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
  #16 (permalink)  
Old August 19th, 2006, 11:10 AM
Authorized User
 
Join Date: Aug 2006
Location: Branson, MO, USA.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Jim Buchan
Default

I'll do that and let you know how it goes. If I understand you correctly, I'll need to do that only for the two folders that I wish to restrict access to; Members Only Folder and Admin Folder? Where in the Web Config should I put the location tags? Thanks again. By the way, I've just found another write up on this issue at http://peterkellner.net/?p=24 which if I read it correctly provides a means of creating a Web Site Administration tool external to VWD. Thanks again and I'll let you know and yes; it does help!

Jim

  #17 (permalink)  
Old August 19th, 2006, 11:18 AM
Imar's Avatar
Wrox Author
Points: 71,804, Level: 100
Points: 71,804, Level: 100 Points: 71,804, Level: 100 Points: 71,804, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,050
Thanks: 80
Thanked 1,581 Times in 1,558 Posts
Default

You should place them directly in the <configuration> element, for example at the end of the file like this:



  <location path="Member">
    <system.web>
      <authorization>
        <allow roles="Members" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

  <location path="Admin">
    <system.web>
      <authorization>
        <allow roles="Manager" />
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>

</configuration>


The "WAT" by Peter is pretty interesting. I used some of the concepts on my own web site. The UI is pretty messy, but there's some pretty interesting code-behind code...

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
Want to be my colleague? Then check out this post.
  #18 (permalink)  
Old August 19th, 2006, 12:06 PM
Authorized User
 
Join Date: Aug 2006
Location: Branson, MO, USA.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Jim Buchan
Default

Imar it works! That's all it took. Even the security trimming works on the menu too! I've got a production site Yeah!! I'll finish writing my custom Admin pages now to add/edit users and their roles which is no problem and it's ready to rock.

Beginning ASP dotNet 2.0 was very helpful in learning the rudiments of ASP dot net 2.0. Now I think I can progress to the more advanced books. In particular I'm interested in the one you referenced for membership and roles. I've just got to have that.

Again, thank you very much. Now, perhaps I too can help someone.

Jim Buchan

  #19 (permalink)  
Old August 19th, 2006, 12:17 PM
Imar's Avatar
Wrox Author
Points: 71,804, Level: 100
Points: 71,804, Level: 100 Points: 71,804, Level: 100 Points: 71,804, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,050
Thanks: 80
Thanked 1,581 Times in 1,558 Posts
Default

Congratulations. Glad it's all working now.

This sounds like an ideal moment to plug my latest book: ASP.NET 2.0 Instant Results.

In this book, you'll find twelve complete working applications (a Photo Album, a Web Shop, a Bug Tracking application and more) that show you how to accomplish more complex tasks with ASP.NET 2.0. Instead of providing just little code snippets, the book provides an architectural overview of each application, and then digs deep into its code.

It discusses many of the new ASP.NET 2 features, including the ones you have been working with now: sitemaps, declarative security and security trimming.

You'll find a link to the book in my signature....

Cheers,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
Author of ASP.NET 2.0 Instant Results and Beginning Dreamweaver MX / MX 2004
While typing this post, I was listening to: The Kill by Joy Division (Track 17 from the album: Heart And Soul (CD 1)) What's This?
  #20 (permalink)  
Old August 19th, 2006, 12:38 PM
Authorized User
 
Join Date: Aug 2006
Location: Branson, MO, USA.
Posts: 11
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Jim Buchan
Default

Imar, I am going to add this book to my library forthwidth. Again, thank you.

Jim

 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Custom Membership Provider Scott663 BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 4 August 1st, 2008 06:16 PM
Custom Membership Provider kulkarnimonica ASP.NET 2.0 Professional 0 June 21st, 2007 04:56 PM
ASP.NET SQL Membership Provider bignermo ASP.NET 2.0 Professional 2 March 20th, 2007 06:41 AM
Simple ASP.NET Membership Provider Login jumpseatnews ASP.NET 2.0 Basics 0 July 16th, 2006 11:53 AM
custom membership provider msrnivas General .NET 1 September 18th, 2005 05:28 AM



All times are GMT -4. The time now is 12:39 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.