Coffeehouse Thread

11 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Restricting access to a file using web.config in FlexWiki

Back to Forum: Coffeehouse
  • User profile image
    OrangeJam

    I tried adding this to the web.config file in FlexWiki

    <location path="WikiBases/MyWiki/WikiPage.wiki">
    <system.web>
       <authorization>
          <deny roles="AGroup" />
       </authorization>
    </system.web>
    </location>

    I want to restrict AGroup from viewing the page with WikiPage as title but failed.

    Anyone has any idea on how to restrict specific FlexWiki pages to any user or groups?

    Thanks!!

  • User profile image
    Cybermagell​an

    Question, where is FlexWiki from? I know you have a ton of questions about it...is there a reason you keep posting them here?

  • User profile image
    OrangeJam

    Because I saw some old threads discussing about FlexWiki here therefore I think I can get some answers here.

    FlexWiki is an open source wiki, it's something like wikipedia..

    Can go here to check it out www.flexwiki.com

  • User profile image
    Manip

    I don't use IIS, I've never written a web.config file in my life and I haven't tested the following, but here is my guess.

    <configuration>
    <location path="WikiBases/MyWiki/WikiPage.wiki">
    <system.web>
    <authorization>
    <allow users="*" />
    <deny users="AGroup" />
    </authorization>
    </system.web>
    </location>
    </configuration>


  • User profile image
    OrangeJam

    Nope doesn't work but thanks anyway!!! Smiley

  • User profile image
    Manip

    OrangeJam wrote:
    Nope doesn't work but thanks anyway!!!


    You are putting it in the root of the server, correct? Not in some sub-directory?

  • User profile image
    OrangeJam

    Yep I put it in the root directory..!! I think the location tag doesn't support non aspx files

  • User profile image
    Mike Dimmick

    I don't think the ASP.NET authorization system ever sees the .wiki part.

    A typical FlexWiki URL would be, for example, http://channel9.msdn.com/wiki/default.aspx/Channel9.ProductFeedback

    The way I think it works is that IIS's URL parser follows the whole path until it reaches the 'default.aspx' in the middle. It sees that default.aspx is a file, not a directory, so it looks up the aspx extension in the metabase and sees that it's associated with ASP.NET. ASP.NET then determines if the user has access to default.aspx. If so, it runs the page.

    The remainder of the path, in this case /Channel9.ProductFeedback, is available to FlexWiki's default.aspx in the HttpRequest object's PathInfo property. FlexWiki uses that, and the NamespaceMap.xml file, to determine which file contains the raw wiki data. Here it would be ProductFeedback.wiki in the WikiBase folder for the Channel9 namespace; archives are in ProductFeedback(timestamp-user).awiki files.

    Basically, you need some form of authorization mechanism within FlexWiki itself, and at the moment, I don't think there is one. Feel free to suggest it on the SourceForge tracker.

  • User profile image
    OrangeJam

    Hey thank, actually I tried to map non-asp.net files through the aspnet_isapi process so that it can be authenticated..this is done using IIS...see the link below for more info

    http://www.dotnetcoders.com/web/Articles/ShowArticle.aspx?article=43


    I tried it on many files like.jpg, .html but this doesn't seem to work on .wiki files...

    sigh...There's no authenticating mechanism for FlexWiki? This is going to be tough...heh

  • User profile image
    Red5

    This Article may provide some help/insight.

  • User profile image
    OrangeJam

    Hey thanks...I think this will help a lot. Trying to read it now.Smiley

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.