|
Joined: 7/11/2005
Posts: 1
|
|
|
After upgrading from 4.0.2 to 4.3.3 I noticed I was no longer able to access role membership information using the apis. I have used both the locations functionality and asp.net user management apis to implement a number of utilities ontop of the dnn web application using a variety of techniques (duct taped asp.net, com based, ajax(dojo), and conventional asp together). I have provided a censored version of my web.config and a description/simple example of the way I have implemented a ajax application. I have included 2 examples of the types of external application I have tied in. I have many others with similar issues. Web.config
| <configuration>
<!-- register local configuration handlers -->
<configSections>
<sectionGroup name="dotnetnuke">
<!-- the requirePermission attribute will cause a syntax warning - please ignore - it is required for Medium Trust support-->
<section name="data" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="logging" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="scheduling" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="htmlEditor" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="navigationControl" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="searchIndex" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="searchDataStore" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="friendlyUrl" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="caching" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="authentication" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="members" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="roles" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
<section name="profiles" requirePermission="false" type="DotNetNuke.Framework.Providers.ProviderConfigurationHandler, DotNetNuke" />
</sectionGroup>
<sectionGroup name="system.web">
<section name="neatUpload" type="Brettle.Web.NeatUpload.ConfigSectionHandler, Brettle.Web.NeatUpload" allowLocation="true" />
</sectionGroup>
</configSections>
<connectionStrings>
<!-- Connection String for SQL Server 2005 Express
<add
name="SiteSqlServer"
connectionString="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|Database.mdf;"
providerName="System.Data.SqlClient" /> -->
<!-- Connection String for SQL Server 2000/2005 -->
<add name="SiteSqlServer" connectionString="removed" providerName="System.Data.SqlClient" />
</connectionStrings>
<appSettings>
<!-- Connection String for SQL Server 2005 Express - kept for backwards compatability - legacy modules -->
<!-- <add key="SiteSqlServer" value="Data Source=.\SQLExpress;Integrated Security=True;User Instance=True;AttachDBFilename=|DataDirectory|Database.mdf;"/>-->
<!-- Connection String for SQL Server 2000/2005 - kept for backwards compatability - legacy modules -->
<add key="SiteSqlServer" value="removed" />
<add key="InstallTemplate" value="DotNetNuke.install.config" />
<add key="AutoUpgrade" value="true" />
<add key="InstallMemberRole" value="true" />
<add key="ShowMissingKeys" value="false" />
<add key="EnableWebFarmSupport" value="false" />
<add key="EnableCachePersistence" value="false" />
<add key="InstallationDate" value="1/17/2006" />
<add key="HostHeader" value="" /><!-- Host Header to remove from URL so "www.mydomain.com/johndoe/Default.aspx" is treated as "www.mydomain.com/Default.aspx" -->
<add key="RemoveAngleBrackets" value="false" />
</appSettings>
<system.codedom>
<compilers>
<compiler language="vb" type="Microsoft.VisualBasic.VBCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" extension=".VB" />
</compilers>
</system.codedom>
<system.web>
<machineKey validationKey="removed" decryptionKey="removed" decryption="3DES" validation="SHA1" />
<!-- HttpModules for Common Functionality -->
<httpModules>
<add name="UrlRewrite" type="DotNetNuke.HttpModules.UrlRewriteModule, DotNetNuke.HttpModules.UrlRewrite" />
<add name="Exception" type="DotNetNuke.HttpModules.ExceptionModule, DotNetNuke.HttpModules.Exception" />
<add name="UploadHttpModule" type="Brettle.Web.NeatUpload.UploadHttpModule, Brettle.Web.NeatUpload" />
<!-- add name="Authentication" type="DotNetNuke.HttpModules.AuthenticationModule, DotNetNuke.HttpModules.Authentication" / -->
<add name="UsersOnline" type="DotNetNuke.HttpModules.UsersOnlineModule, DotNetNuke.HttpModules.UsersOnline" />
<add name="DNNMembership" type="DotNetNuke.HttpModules.DNNMembershipModule, DotNetNuke.HttpModules.DNNMembership" />
<add name="Personalization" type="DotNetNuke.HttpModules.PersonalizationModule, DotNetNuke.HttpModules.Personalization" />
</httpModules>
<!-- This is for FTB 3.0 support -->
<httpHandlers>
<add verb="GET" path="FtbWebResource.axd" type="FreeTextBoxControls.AssemblyResourceHandler, FreeTextBox" />
<!-- This is for CAPTCHA support -->
<add verb="*" path="*.captcha.aspx" type="DotNetNuke.UI.WebControls.CaptchaHandler, DotNetNuke" />
<!-- This is for Serving files, secure, insecure, from database -->
<add verb="*" path="LinkClick.aspx" type="DotNetNuke.Services.FileSystem.FileServerHandler, DotNetNuke"/>
</httpHandlers>
<!-- set code access security trust level - this is generally set in the machine.config
<trust level="Medium" originUrl="http://localhost/.*" />
-->
<!-- set debugmode to false for running application -->
<compilation debug="false" strict="false">
<buildProviders>
<remove extension=".resx" />
<remove extension=".resources" />
</buildProviders>
<assemblies>
<add assembly="Microsoft.VisualBasic, Version=8.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Design, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
<add assembly="System.Management, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A" />
</assemblies>
<!-- register your app_code subfolders to generate granular assemblies during compilation
<codeSubDirectories>
<add directoryName="sub-directory name"/>
</codeSubDirectories>
-->
</compilation>
<!-- permits errors to be displayed for remote clients -->
<customErrors mode="Off">
<error statusCode="413" redirect="~/NeatUpload/Error413.aspx" />
</customErrors>
<!-- Forms or Windows authentication -->
<authentication mode="Forms">
<forms name=".DOTNETNUKE" loginUrl="/" protection="All" timeout="1200" />
</authentication>
<identity impersonate="true"/><!--
<authentication mode="Windows">
</authentication>
-->
<!-- allow large file uploads -->
<httpRuntime useFullyQualifiedRedirectUrl="true" maxRequestLength="8192" requestLengthDiskThreshold="8192" executionTimeout="86000" />
<httpCookies httpOnlyCookies="true" requireSSL="false" domain="" />
<!-- GLOBALIZATION
This section sets the globalization settings of the application.
Utf-8 is not supported on Netscape 4.x
If you need netscape compatiblity leave iso-8859-1.
UTF-8 is recommended for complex languages
-->
<globalization culture="en-US" uiCulture="en" requestEncoding="UTF-8" responseEncoding="UTF-8" fileEncoding="UTF-8" />
<!--<globalization culture="en-US" uiCulture="en" fileEncoding="iso-8859-1" requestEncoding="iso-8859-1" responseEncoding="iso-8859-1"/>-->
<!-- page level options -->
<pages validateRequest="false" enableViewStateMac="true" enableEventValidation="false">
<namespaces>
<add namespace="System.ComponentModel" />
<add namespace="System.Data" />
<add namespace="System.Data.SqlClient" />
<add namespace="System.Drawing" />
<add namespace="Microsoft.VisualBasic" />
<add namespace="System.Globalization" />
<add namespace="DotNetNuke.Services.Localization" />
<add namespace="DotNetNuke.Entities.Users" />
<add namespace="DotNetNuke" />
<add namespace="DotNetNuke.Common" />
<add namespace="DotNetNuke.Data" />
<add namespace="DotNetNuke.Framework" />
<add namespace="DotNetNuke.Modules" />
<add namespace="DotNetNuke.Security" />
<add namespace="DotNetNuke.Services" />
<add namespace="DotNetNuke.UI" />
<add namespace="DotNetNuke.Entities.Portals" />
<add namespace="DotNetNuke.Common.Utilities" />
<add namespace="DotNetNuke.Services.Exceptions" />
<add namespace="DotNetNuke.Entities.Tabs" />
</namespaces>
</pages>
<xhtmlConformance mode="Legacy" />
<!-- ASP.NET 2 Membership/Profile/Role and AnonymousAuthentication Providers -->
<!-- anonymousIdentification configuration:
enabled="[true|false]" Feature is enabled?
cookieName=".ASPXANONYMOUS" Cookie Name
cookieTimeout="100000" Cookie Timeout in minutes
cookiePath="/" Cookie Path
cookieRequireSSL="[true|false]" Set Secure bit in Cookie
cookieSlidingExpiration="[true|false]" Reissue expiring cookies?
cookieProtection="[None|Validation|Encryption|All]" How to protect cookies from being read/tampered
domain="[domain]" Enables output of the "domain" cookie attribute set to the specified value
-->
<anonymousIdentification
enabled="true"
cookieName=".ASPXANONYMOUS"
cookieTimeout="100000"
cookiePath="/"
cookieRequireSSL="false"
cookieSlidingExpiration="true"
cookieProtection="None" domain=""/>
<membership
defaultProvider="AspNetSqlMembershipProvider"
userIsOnlineTimeWindow="15">
<providers>
<clear />
<!-- Configuration for DNNSQLMembershipProvider:
connectionStringName="string" Name corresponding to the entry in <connectionStrings> section where the connection string for the provider is specified
passwordAttemptThreshold="int" The number of failed password attempts, or failed password answer attempts that are allowed before locking out a user?s account
passwordAttemptWindow="int" The time window, in minutes, during which failed password attempts and failed password answer attempts are tracked
enablePasswordRetrieval="[true|false]" Should the provider support password retrievals
enablePasswordReset="[true|false]" Should the provider support password resets
requiresQuestionAndAnswer="[true|false]" Should the provider require Q & A
minRequiredPasswordLength="int" The minimum password length
minRequiredNonalphanumericCharacters="int" The minimum number of non-alphanumeric characters
applicationName="string" Optional string to identity the application: defaults to Application Metabase path
requiresUniqueEmail="[true|false]" Should the provider require a unique email to be specified
passwordFormat="[Clear|Hashed|Encrypted]" Storage format for the password: Hashed (SHA1), Clear or Encrypted (Triple-DES)
description="string" Description of what the provider does
-->
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="SiteSqlServer"
enablePasswordRetrieval="true"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
minRequiredPasswordLength="7"
minRequiredNonalphanumericCharacters="0"
requiresUniqueEmail="false"
passwordFormat="Encrypted"
applicationName="DotNetNuke"
description="Stores and retrieves membership data from the local Microsoft SQL Server database" />
</providers>
</membership>
<neatUpload useHttpModule="false" maxNormalRequestLength="4096" maxRequestLength="2097151" defaultProvider="FilesystemUploadStorageProvider">
<providers>
<add name="FilesystemUploadStorageProvider"
type="Brettle.Web.NeatUpload.FilesystemUploadStorageProvider, Brettle.Web.NeatUpload"
tempDirectory="D:\UploadTemp\"
/>
</providers>
</neatUpload>
</system.web>
<dotnetnuke>
<htmlEditor defaultProvider="Ftb3HtmlEditorProvider">
<providers>
<clear />
<!--
FTB options:
============
toolbarStyle="Office2003|OfficeXP|Office2000|OfficeMac" Sets the default FTB Toolbar style
enableProFeatures="[true|false]" Pro features require a license from FreeTextBox
or you may test them with localhost only
spellCheck="[{none}|IeSpellCheck|NetSpell]" IeSpellCheck is free for non-commercial use only
NetSpell requires some integration work
-->
<add name="Ftb3HtmlEditorProvider" type="DotNetNuke.HtmlEditor.Ftb3HtmlEditorProvider, DotNetNuke.Ftb3HtmlEditorProvider" providerPath="~\Providers\HtmlEditorProviders\Ftb3HtmlEditorProvider\" toolbarStyle="Office2003" enableProFeatures="false" spellCheck="" />
</providers>
</htmlEditor>
<navigationControl defaultProvider="SolpartMenuNavigationProvider">
<providers>
<clear />
<add
name="SolpartMenuNavigationProvider"
type="DotNetNuke.NavigationControl.SolpartMenuNavigationProvider, DotNetNuke.SolpartMenuNavigationProvider"
providerPath="~\Providers\NavigationProviders\SolpartMenuNavigationProvider\"/>
<add
name="DNNMenuNavigationProvider"
type="DotNetNuke.NavigationControl.DNNMenuNavigationProvider, DotNetNuke.DNNMenuNavigationProvider"
providerPath="~\Providers\NavigationProviders\DNNMenuNavigationProvider\"/>
<add
name="DNNTreeNavigationProvider"
type="DotNetNuke.NavigationControl.DNNTreeNavigationProvider, DotNetNuke.DNNTreeNavigationProvider"
providerPath="~\Providers\NavigationProviders\DNNTreeNavigationProvider\"/>
<add
name="DNNDropDownNavigationProvider"
type="DotNetNuke.NavigationControl.DNNDropDownNavigationProvider, DotNetNuke.DNNDropDownNavigationProvider"
providerPath="~\Providers\NavigationProviders\DNNDropDownNavigationProvider\"/>
<add
name="ASP2MenuNavigationProvider"
type="DotNetNuke.NavigationControl.ASP2MenuNavigationProvider, DotNetNuke.ASP2MenuNavigationProvider"
providerPath="~\Providers\NavigationProviders\ASP2MenuNavigationProvider\"/>
</providers>
</navigationControl>
<searchIndex defaultProvider="ModuleIndexProvider">
<providers>
<clear />
<add name="ModuleIndexProvider" type="DotNetNuke.Services.Search.ModuleIndexer, DotNetNuke.Search.Index" providerPath="~\Providers\SearchProviders\ModuleIndexer\" />
</providers>
</searchIndex>
<searchDataStore defaultProvider="SearchDataStoreProvider">
<providers>
<clear />
<add name="SearchDataStoreProvider" type="DotNetNuke.Services.Search.SearchDataStore, DotNetNuke.Search.DataStore" providerPath="~\Providers\SearchProviders\SearchDataStore\" />
</providers>
</searchDataStore>
<data defaultProvider="SqlDataProvider">
<providers>
<clear />
<add name="SqlDataProvider" type="DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider" connectionStringName="SiteSqlServer" upgradeConnectionString="" providerPath="~\Providers\DataProviders\SqlDataProvider\" objectQualifier="" templateFile="DotNetNuke_template.mdf" databaseOwner="dbo" />
</providers>
</data>
<logging defaultProvider="DBLoggingProvider">
<providers>
<clear />
<add
name="XMLLoggingProvider"
type="DotNetNuke.Services.Log.EventLog.XMLLoggingProvider, DotNetNuke.XMLLoggingProvider"
configfilename="LogConfig.xml.resources"
providerPath="~\Providers\LoggingProviders\XMLLoggingProvider\"/>
<add
name="DBLoggingProvider"
type="DotNetNuke.Services.Log.EventLog.DBLoggingProvider.DBLoggingProvider, DotNetNuke.Provider.DBLoggingProvider"
providerPath="~\Providers\LoggingProviders\Provider.DBLoggingProvider\"/>
</providers>
</logging>
<scheduling defaultProvider="DNNScheduler">
<providers>
<clear />
<add name="DNNScheduler" type="DotNetNuke.Services.Scheduling.DNNScheduling.DNNScheduler, DotNetNuke.DNNScheduler" providerPath="~\Providers\SchedulingProviders\DNNScheduler\" debug="false" maxThreads="1" />
</providers>
</scheduling>
<friendlyUrl defaultProvider="DNNFriendlyUrl">
<providers>
<clear />
<add name="DNNFriendlyUrl" type="DotNetNuke.Services.Url.FriendlyUrl.DNNFriendlyUrlProvider, DotNetNuke.HttpModules.UrlRewrite" includePageName="true" regexMatch="[^a-zA-Z0-9 _-]" />
</providers>
</friendlyUrl>
<caching defaultProvider="FileBasedCachingProvider">
<providers>
<clear />
<add name="FileBasedCachingProvider" type="DotNetNuke.Services.Cache.FileBasedCachingProvider.FBCachingProvider, DotNetNuke.Caching.FileBasedCachingProvider" providerPath="~\Providers\CachingProviders\FileBasedCachingProvider\" />
<add name="BroadcastPollingCachingProvider" type="DotNetNuke.Services.Cache.BroadcastPollingCachingProvider.BPCachingProvider, DotNetNuke.Caching.BroadcastPollingCachingProvider" providerPath="~\Providers\CachingProviders\BroadcastPollingCachingProvider\" />
</providers>
</caching>
<authentication defaultProvider="ADSIAuthenticationProvider">
<providers>
<clear />
<add name="ADSIAuthenticationProvider" type="DotNetNuke.Security.Authentication.ADSIProvider, DotNetNuke.Authentication.ADSIProvider" providerPath="~\Providers\AuthenticationProviders\ADSIProvider\" />
</providers>
</authentication>
<members defaultProvider="AspNetMembershipProvider">
<providers>
<clear/>
<add name="AspNetMembershipProvider"
type="DotNetNuke.Security.Membership.AspNetMembershipProvider, DotNetNuke.Provider.AspNetProvider"
providerPath="~\Providers\MembershipProviders\AspNetMembershipProvider\"/>
</providers>
</members>
<roles defaultProvider="DNNRoleProvider">
<providers>
<clear/>
<add name="DNNRoleProvider"
type="DotNetNuke.Security.Membership.DNNRoleProvider, DotNetNuke.Provider.DNNProvider"
providerPath="~\Providers\MembershipProviders\DNNMembershipProvider\"/>
</providers>
</roles>
<profiles defaultProvider="DNNProfileProvider">
<providers>
<clear/>
<add name="DNNProfileProvider"
type="DotNetNuke.Security.Profile.DNNProfileProvider, DotNetNuke.Provider.DNNProvider"
providerPath="~\Providers\MembershipProviders\DNNMembershipProvider\"/>
</providers>
</profiles>
</dotnetnuke>
<location path="upload.aspx" >
<system.web>
<neatUpload useHttpModule="true" />
<httpRuntime maxRequestLength="2097151" executionTimeout="86000" useFullyQualifiedRedirectUrl="true" />
<authorization>
<allow users="host,qhrclient" roles="Client - Full,Internal" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="neatupload" >
<system.web>
<authorization>
<allow users="host,qhrclient" roles="Client - Full,Internal" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="QHRExceptions/getData.aspx" >
<system.web>
<authorization>
<allow users="host" roles="Client - Full,Internal,Internal - Edit" />
<deny users="*"/>
</authorization>
</system.web>
</location>
<location path="QHRExceptions/setData.aspx" >
<system.web>
<authorization>
<allow users="host" roles="Internal - Edit" />
<deny users="*"/>
</authorization>
</system.web>
</location>
</configuration>
|
|
Web App 1: Uploader
| Structure: upload.aspx on / provides ui and calls DotNetNuke.Entities.Users.UserController.GetCurrentUserInfo().Username for file name redirection. Utilizes neatupload through a iframe in a module to securely transfer large files and provide user feedback. Security is role based and implemented by location entried in the web.config. The roles entries no longer get parsed to individual accounts so I would need to insert a very long and changing list into the users parameter 
|
Web App 2: Exceptions Tool
| Ajax based information viewer / editor. Ajax code is dumped into a html module and communicates with a one of 2 interface pages (setter and getter with different security). The getter page returns based on a call to User.IsInRole("Internal - Edit") if the interface should draw the edit controls which communicate with the setData.aspx page.
|
Effectively my question is how do I get dnn 4.3.3 to allow me to use location entries in web.config and the user.IsInRole api (or DNN equivilent) from a nonroot folder page. These are just two of about a half dozen web applications. Others utilize com objects, conventional asp, and aspx (conventional asp style) within an iframe (I dont like those ones). Any advice (other than redevelop everything as dnn modules) would be greatly appreciated
|
| |
|
|