Security controls

I’m testing the security controls & authorization; I’ve one page : activity.aspx ( in an "admin" folder) as well as 2 users defined with the configuration tool (WSAT) in a (sql express)  aspnetdb.mdf ; 2 roles are defined : "administrator" and "students" , and I’ve a login page Login.aspx specified in my web.config file. On the administrator folder I created the following access rules :
allow administrator role  followed by:
deny all users
First problem : when I try to manage the rules in WSAT, the MoveUp and Move Down button are grayed (why?)
Second problem: when I call the admin/activity.aspx page , after providing my credentials in the login page, any authenticated user can reach the page (why?).
I don’t Use IIS here but only the personal web server

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s