Hi there,

I've used the built in ASP.NET Membership, Roles for my website... I've created a "Access manager" and protected some folder from being access by anon. users... It works fine on my local machine, but when uploaded to the server (here), I'm still able to views files from that folder when not logged in... Any idea?

 Thanks,

Kenny.
 

What kind of database?

Make sure to check the web.config file (as that is where I have been keeping my asp.net membership access information).

I don't know how to figure out your specific problem, however to make sure people have to be logged in to view files in a folder, the following web.config file will do it.  Just put these contents into a file called "web.config" in the directory you want to make unavailable:

(Note: You can have more then 1 web.config.  The "closest" web.config file is the most important so this file will only override this folder and deeper)

<?xml version="1.0"?>
<configuration>
    <system.web>
        <authorization>
            <deny users="?"/>
        </authorization>
    </system.web>
</configuration>

---

-Wilson Gearld Mead III
www.rangoric.com (Rather Blah)
blog.rangoric.name (Closer to Not Blah)

I'm using MS SQL 2005 database... I do have those web.config files on the folders that I want to protect, here is one example:

1. This folder allowed logged in "Users" - Users is one of the role that I defined in the Membership.

 <?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <system.web>
        <authorization>
            <allow roles="Admin" />
            <allow roles="SuperUser" />
            <allow roles="Users" />
            <deny users="?" />
        </authorization>
    </system.web>
</configuration>

 

2. This is the Admin folder where only Admin or SuperUsers (again, Admin & SuperUser are roles that I defined) can access:

<?xml version="1.0" encoding="utf-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
    <system.web>
        <authorization>
            <allow roles="Admin" />
            <allow roles="SuperUser" />
            <deny users="*" />
        </authorization>
    </system.web>
</configuration>

 

Like I said, it works fine on my local machine, but not on the server.

Thanks,

Kenny. 

Very strange.  I have something I have to get working so it might be a day or two, but I will try to walk through setting up a couple roles and such on the server.

Anyways...

Did you make sure the Application Name is Set and the same on both your Home Machine at the Online Server?  If you did not specify an application name that will be your problem.  I had an issue with that for the longest time but I don't think it should let what you are describing happen.

If Not here is my web.config.  I will walk through setting it up sometime in the next couple days if it doesn't help.  The only thing that isn't always documented is making sure you set an Application Name.

<configuration>
  <connectionStrings>
    <add name="Profile"
         connectionString="Server=***.***.***.***;Database=******;Uid=******;Password=******"
         providerName="System.Data.SqlClient" />
  </connectionStrings>
  <system.web>
    <roleManager enabled="true" defaultProvider="MyRoles">
      <providers>
        <add name="MyRoles"
             type="System.Web.Security.SqlRoleProvider"
             connectionStringName="Profile"
             applicationName="Rangoric" />
      </providers>
    </roleManager>
    <authentication mode="Forms" />
    <membership defaultProvider="MainProvider">
      <providers>
        <add connectionStringName="Profile" applicationName="Rangoric"
          minRequiredPasswordLength="7" minRequiredNonalphanumericCharacters="1"
          requiresUniqueEmail="true" passwordFormat="Hashed" requiresQuestionAndAnswer="true"
          enablePasswordRetrieval="true" enablePasswordReset="true" maxInvalidPasswordAttempts="5"
          passwordAttemptWindow="10" name="MainProvider" type="System.Web.Security.SqlMembershipProvider" />
      </providers>
    </membership>
  </system.web>
  <system.net>
    <mailSettings>
      <smtp from="kem@rangoric.com">
        <network host="mail.ultimahosts.com" password="******" userName="kem@rangoric.com"/>
      </smtp>
    </mailSettings>
  </system.net>
  <location path="Login/MemberData.aspx">
    <system.web>
      <authorization>
        <allow users="Boss"/>
        <deny users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>

---

-Wilson Gearld Mead III
www.rangoric.com (Rather Blah)
blog.rangoric.name (Closer to Not Blah)

Did you ever figure out your problem?  I'm seeing something very similar, for some reason when I'm logged in as admin it isn't allowing me to see the admin areas (folders with allow roles="Administrator"), works fine on my local pc, doesn't work on the server.

Thanks,

Dan

What Membership Data Provider are you using?  By default, it's SQL and the database is in your App_Data folder in a database called ASPNET.mdf.  That database must also be uploaded to the server.

---

William Eaton, MCSE
iTech Computer Solutions, LLC
www.itechcs.com