William Raymond
|
| Posted: 05/18/2002, 4:46 PM |
|
Hello,
I am using CC's security system and the 3 levels just aren't enough.
Anyway, I have a set of pages that can be viewed by a person with a security
level of "1". Here is the problem... this is a different set of login
names. So, if someone is logged into the site and go to these other pages
in a different folder, they can see them even though their username should
not be allowed.
I moved the pages to a new IIS website (using ASP), which is basically the
same URL with a different port (www.sitename.com:8090). I was hoping this
would reset the UserID session variable, but it did not.
How can I force the person to login again if they go to this new set of
pages? I know how to reset the UserID session variable, but since a person
could add any of the pages to their favorites, I would need to reset the
variable every single time (which would not be good!).
Thanks for your help,
-Bill
--
Bill Raymond
Microsoft MVP
braymond@officecollab.com
Office Collaborators, Inc.
http://www.mvps.org/project/
|
|
|
 |
Dave Rexel
|
| Posted: 05/18/2002, 5:39 PM |
|
Bill,
There are several solutions depending on your security needs.
One simple fix is to set (at login) and subsequently test for one additional
folder-specific session-variable in each separate folder.
No resetting is needed for this purpose.
Hope this helps.
"William Raymond" <braymond@officecollab.com> wrote in message
news:ac6p44$ksm$1@news.codecharge.com...
> Hello,
>
> I am using CC's security system and the 3 levels just aren't enough.
> Anyway, I have a set of pages that can be viewed by a person with a
security
> level of "1". Here is the problem... this is a different set of login
> names. So, if someone is logged into the site and go to these other pages
> in a different folder, they can see them even though their username should
> not be allowed.
>
> I moved the pages to a new IIS website (using ASP), which is basically the
> same URL with a different port (www.sitename.com:8090). I was hoping this
> would reset the UserID session variable, but it did not.
>
> How can I force the person to login again if they go to this new set of
> pages? I know how to reset the UserID session variable, but since a
person
> could add any of the pages to their favorites, I would need to reset the
> variable every single time (which would not be good!).
>
> Thanks for your help,
>
> -Bill
>
> --
> Bill Raymond
> Microsoft MVP
>braymond@officecollab.com
> Office Collaborators, Inc.
>
> http://www.mvps.org/project/
>
>
>
>
|
|
|
|
William Raymond
|
| Posted: 05/20/2002, 9:03 AM |
|
Hi Dave,
I have so many folders, each with their own CC application, it would be
difficult to go back and start creating new session variables. Is there
anything else you can recommend?
Thanks,
-Bill
--
Bill Raymond
Microsoft MVP
braymond@officecollab.com
Office Collaborators, Inc.
http://www.mvps.org/project/
"Dave Rexel" <therex_spamenot@hotmail.com> wrote in message
news:ac6s76$pr4$1@news.codecharge.com...
> Bill,
> There are several solutions depending on your security needs.
> One simple fix is to set (at login) and subsequently test for one
additional
> folder-specific session-variable in each separate folder.
> No resetting is needed for this purpose.
>
> Hope this helps.
>
> "William Raymond" <braymond@officecollab.com> wrote in message
>news:ac6p44$ksm$1@news.codecharge.com...
> > Hello,
> >
> > I am using CC's security system and the 3 levels just aren't enough.
> > Anyway, I have a set of pages that can be viewed by a person with a
> security
> > level of "1". Here is the problem... this is a different set of login
> > names. So, if someone is logged into the site and go to these other
pages
> > in a different folder, they can see them even though their username
should
> > not be allowed.
> >
> > I moved the pages to a new IIS website (using ASP), which is basically
the
> > same URL with a different port (www.sitename.com:8090). I was hoping
this
> > would reset the UserID session variable, but it did not.
> >
> > How can I force the person to login again if they go to this new set of
> > pages? I know how to reset the UserID session variable, but since a
> person
> > could add any of the pages to their favorites, I would need to reset the
> > variable every single time (which would not be good!).
> >
> > Thanks for your help,
> >
> > -Bill
> >
> > --
> > Bill Raymond
> > Microsoft MVP
> >braymond@officecollab.com
> > Office Collaborators, Inc.
> >
> > http://www.mvps.org/project/
> >
> >
> >
> >
>
>
|
|
|
|
Stefan Hogedal
|
| Posted: 05/24/2002, 8:38 AM |
|
Make the different folders IIS applications. Then they will have separate
sessions (and their own global.asa if you use that).
1. IIS Manager (version 5, W2K)
2. Mark your website in the left pane.
3. Open the propertiy sheet for the folder you want to modify. (Right-click
folder and choose properties or mark it and press ALT-Enter)
4. In the lower part of the first TAB (Applications settings), klick Create
5. Click OK.
/Stefan
"William Raymond" <braymond@officecollab.com> wrote in message
news:ac6p44$ksm$1@news.codecharge.com...
> Hello,
>
> I am using CC's security system and the 3 levels just aren't enough.
> Anyway, I have a set of pages that can be viewed by a person with a
security
> level of "1". Here is the problem... this is a different set of login
> names. So, if someone is logged into the site and go to these other pages
> in a different folder, they can see them even though their username should
> not be allowed.
>
> I moved the pages to a new IIS website (using ASP), which is basically the
> same URL with a different port (www.sitename.com:8090). I was hoping this
> would reset the UserID session variable, but it did not.
>
> How can I force the person to login again if they go to this new set of
> pages? I know how to reset the UserID session variable, but since a
person
> could add any of the pages to their favorites, I would need to reset the
> variable every single time (which would not be good!).
>
> Thanks for your help,
>
> -Bill
>
> --
> Bill Raymond
> Microsoft MVP
>braymond@officecollab.com
> Office Collaborators, Inc.
>
> http://www.mvps.org/project/
>
>
>
>
|
|
|
|
Dave Rexel
|
| Posted: 05/24/2002, 11:12 AM |
|
Hi Bill,
Have you thought about a common header file for all the folders/apps.
In this you could quite simply manage permissions for the affected
folders/apps.
To avoid disturbance of any DB tables, file structures or existing code the
header could read the URL and extract the folder info and then act according
to your wishes.
I use a similar login file in every folder. This file also uses extraction
of the folder name to set a session var that I later check for in header.
Its important that this login page in particular does not use above
header(can't set and check sess vars on same page), this simplifies the
stitching into entire site.
I have tested CC design with this solution and the only pain is to
Import/Copy the login or header pages to each folder if the logic changes,
this was not too much trouble because the benefits were excellent, and I
usually perfect my logic on only a couple of test objects before adopting a
solution.
Regards
Dave
"William Raymond" <braymond@officecollab.com> wrote in message
news:acb6o9$des$1@news.codecharge.com...
> Hi Dave,
>
> I have so many folders, each with their own CC application, it would be
> difficult to go back and start creating new session variables. Is there
> anything else you can recommend?
>
> Thanks,
>
> -Bill
>
> --
> Bill Raymond
> Microsoft MVP
>braymond@officecollab.com
> Office Collaborators, Inc.
>
> http://www.mvps.org/project/
>
>
> "Dave Rexel" <therex_spamenot@hotmail.com> wrote in message
>news:ac6s76$pr4$1@news.codecharge.com...
> > Bill,
> > There are several solutions depending on your security needs.
> > One simple fix is to set (at login) and subsequently test for one
> additional
> > folder-specific session-variable in each separate folder.
> > No resetting is needed for this purpose.
> >
> > Hope this helps.
> >
> > "William Raymond" <braymond@officecollab.com> wrote in message
> >news:ac6p44$ksm$1@news.codecharge.com...
> > > Hello,
> > >
> > > I am using CC's security system and the 3 levels just aren't enough.
> > > Anyway, I have a set of pages that can be viewed by a person with a
> > security
> > > level of "1". Here is the problem... this is a different set of login
> > > names. So, if someone is logged into the site and go to these other
> pages
> > > in a different folder, they can see them even though their username
> should
> > > not be allowed.
> > >
> > > I moved the pages to a new IIS website (using ASP), which is basically
> the
> > > same URL with a different port (www.sitename.com:8090). I was hoping
> this
> > > would reset the UserID session variable, but it did not.
> > >
> > > How can I force the person to login again if they go to this new set
of
> > > pages? I know how to reset the UserID session variable, but since a
> > person
> > > could add any of the pages to their favorites, I would need to reset
the
> > > variable every single time (which would not be good!).
> > >
> > > Thanks for your help,
> > >
> > > -Bill
> > >
> > > --
> > > Bill Raymond
> > > Microsoft MVP
> > >braymond@officecollab.com
> > > Office Collaborators, Inc.
> > >
> > > http://www.mvps.org/project/
> > >
> > >
> > >
> > >
> >
> >
>
>
|
|
|
|
|
