From: Bernd Wechner on 10 May 2010 21:28 "Bob Barrows" wrote: > yes, an AD group can certainly be used instead of a user's > name in the web.config file. Alas I am unclear on this point. I have exactly the same wish. That a non tech savvy manager without access to the web server per se, can via their MS-Outlook Address book and managing a distribution list, win two immediate benefits: a) The ability to control who has access to a web site, and b) The ability to email them as a group. Now I find what you've suggested very encouraging Bob and am back here after a good 20 minutes of reading google results varying my search without successfully finding clear documentation or an example. Here's what I have in my web.config now: <authorization> <allow roles="domain\websiteusers"/> <deny users="*"/> </authorization> alas "domain\websiteusers" is a security group set by our IT staff and not to my knowledge easily modified by a manager using the tools they have. Hence the interest in a distribution list. Now let me suppose I have a distribution list on Active Directory named "domain\websiteuserlist" I have tested both of these scenarios quickly with no success: <authorization> <allow roles="domain\websiteuserlist"/> <deny users="*"/> </authorization> and <authorization> <allow users="domain\websiteuserlist"/> <deny users="*"/> </authorization> now I'm tempted to conclude from you cursory statement that the latter test should function. Alas I haven't replicated it. I add a user to domain\websiteuserlist and voila, the still can't access the website. It may be that all I'm experience is latency. That ti would help if I rebooted their PC, or had them log out and in again, and/or the server and/or .... my point is simply groping for answers in the dark is a frustrating time consumer and the lack of clear documentation has frustrated me. I look at page like this: http://msdn.microsoft.com/en-us/library/acsd09b0%28VS.80%29.aspx and I feel like reprimanding a microsoft documenters (well, humility aside, I've managed documentation for years and would indeed be having a chat with my staff about a page like this). What exactly IS a user and role? Where are they defined? At best it sends me off to some obtuse pages on ASP role management which takes me down many paths not of immediate interest to me (although it would no doubt of great benefit if I took the time to research and understand the complete security model all the same I ma interested primarily in a quick answer - greedy I am). In short this page ought to tell me clearly what kinds of strings are valid as roles and users and where they are defined. And it doesn't. Anyhow, if you perchance have the time for a clear example I would be grateful to you. In the mean time I am in the dark still unless I stumble upon another clarification soon. Cheers, Bernd.
|
Pages: 1 Prev: Need an unbound GridView-like control Next: Modal popup with gridview row detail |