Security controls

I’m testing the security controls & authorization; I’ve one page : activity.aspx ( in an "admin" folder) as well as 2 users defined with the asp.net configuration tool (WSAT) in a (sql express)  aspnetdb.mdf ; 2 roles are defined : "administrator" and "students" , and I’ve a login page Login.aspx specified in my web.config file. On the administrator folder I created the following access rules :
 
allow administrator role  followed by:
deny all users
 
First problem : when I try to manage the rules in WSAT, the MoveUp and Move Down button are grayed (why?)
Second problem: when I call the admin/activity.aspx page , after providing my credentials in the login page, any authenticated user can reach the page (why?).
 
I don’t Use IIS here but only the personal web server
 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s