This project is read-only.

Configuration of Restriction Module

 

  • ·         Add Module Definition:

Add this key below to your web.config file: configuration/system.web/httpModules

 <add name="RestrictionModule" type="RestrictionModuleApp.RestrictionModule, RestrictionModuleApp,Version=1.0.0.0, Culture=neutral, PublicKeyToken=be23a05ec1781ff6"  />

  • ·         Add switch key:

Add belowed key to configuration/appSettings
<add key="RestrictionModuleActive" value="On" />

İf value is on means module is active off means inactive.

  • ·         Copy Restriction.xml to your application path

Restriction.xml file definitions

 

You should define restrictions rules in restriction xml . Here is an example .

<?xml version="1.0" encoding="utf-8"?>
<RestrictionRules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <RestrictionRule Enabled="false" Action="Deny" Mode="RequestURL" ContinueRuleList="false">
    <Expressions>
      <
Expression Type="Contains" CaseSensitive="false">/Pages/Forms/</Expression>
      <Expression Type="Contains" CaseSensitive="false">/_layouts/</Expression>
    </Expressions>
    <RedirectURL>http://blog.bugrapostaci.com/ErrorPages/401.aspx</RedirectURL>
    <Audiences>PostDomain\guest</Audiences>
  </RestrictionRule>
</RestrictionRules>

 

Restriction Rule:

You can define a restriction rule between <RestrictionRule></RestrictionRule> tags.

Restriction Rule Parameters:

  • ·         Enabled: Boolean. Makes this rule active or inactive
  • ·         Action: Gets two parameters “Allow” and “Deny”. Default is “Deny”.If you choose “allow” by default all request redirect to url which is defined redirectURL parameter except selected user scope (if Audiences parameter is empty means all user is selected . All requests are not redirected) . Otherwise you choose “Deny” by default all request continue with its normal destination except selected users redirect to url which is defined RedirectURL parameter

 

  • ·         Mode: Defines an envoriment variable in httpcontext for restriction

    • o   RequestURL: Restrict request with using raw url of request.
    • o   RequestUserHostName: Restrict request by UserHostName
    • o   RequestContentType: Restrict request by Content Type.
    • o   RequestUserHostAddress: Restrict request by UserHostAddress

 

  • ·         ContinueRuleList: Boolean. By default If one rule match with expression and not match any criteria the other rules will not execute. If you set this parameter “true” the other rules will be executed what if an expression matched for one rule. This feature should be used two different rule with same expression but modes are not equal.

For example:

               Rule1: deny select url contains “/pages/” for A and B user. -> Redirect to access denied page

               Rule2: deny select ip startwith “192.168” for A and C user -> Redirect to access denied page

İf user “C” make a request a pagewith url contains “/pages/” rule expression match but identity not .By default expression match is enough and the other rules not executed.For execute rule2 you should set this parameter true in rule1.

 

Expression:

You can define one or more expression in a rule. There is no expression continue list option.if one expression is match with the pattern or criteria, the others not execute.Also there is no relation between expressions.

  • ·         Type : Defines an operation on envoriment variable .Available operations
    • o   Contains : Search given parameter with in variable
    • o   StartWith : Search given parameter at start of variable
    • o   EndWith : Search given parameter at end of variable          
    • o   RegularExpression:Search given patterns and user parameter as variable.
    • ·         CaseSensitive: Boolean . Define case sensitivity feature except Regular Expression.Default is false. İf you want use case sensitivity in regular expression,you have to write in pattern.

 

RedirectURL:

If any rule’s expression match with the criteria request will redirect to this url. Usually this url is Access Denied page or login page url.

Audiences

Access list for a rule. If its empty means all users.If you want to define more than one user you have to seperate identities by comma “,”.

Example:

<Audiences>BlogDomain\bugra,BlogDomain\postman</Audiences>

 

Exampe Restrictions Rules

 

  • ·         Example 1 :Allows only user BlogDomain\admin to reach url start with "

Other users will restricted.


<?xml version="1.0" encoding="utf-8"?>
<
RestrictionRules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <RestrictionRule Enabled="false" Action="Allow" Mode="RequestURL" ContinueRuleList="false">
    <Expressions>
      <Expression Type="StartWith" CaseSensitive="false">http://blog.bugrapostaci.com/admin</Expression>
    </Expressions>
    <RedirectURL>http://blog.bugrapostaci.com /ErrorPages/401.aspx
         </RedirectURL>
    <Audiences>BlogDomain\admin</Audiences>
  </RestrictionRule>
</RestrictionRules>

 

  • ·         Example 2 : Deny “Guest” user to reach pages url which contains /Pages/Forms and /Pages/Admin/
<?xml version="1.0" encoding="utf-8"?>
<RestrictionRules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

  <RestrictionRule Enabled="false" Action="Deny" Mode="RequestURL" ContinueRuleList="false">
    <Expressions>
      <Expression Type="Contains" CaseSensitive="false">/Pages/Forms/</Expression>
      <Expression Type="Contains" CaseSensitive="false">/Pages/Admin/</Expression>
    </Expressions>
    <RedirectURL>http://blog.bugrapostaci.com /ErrorPages/401.aspx
         </RedirectURL>
    <
Audiences>Guest</Audiences>
  </RestrictionRule>
</RestrictionRules>

 

 

  • ·         Example 3 :
<?xml version="1.0" encoding="utf-8"?>
<RestrictionRules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <RestrictionRule Enabled="false" Action="Deny" Mode="RequestUserHostAddress" ContinueRuleList="false">
    <Expressions>
      <Expression Type="StartWith" CaseSensitive="false">192.168.10</Expression>
    </Expressions>
    <RedirectURL>http://blog.bugrapostaci.com/ErrorPages/401.aspx</RedirectURL>
    <Audiences> </Audiences>
  </RestrictionRule>
</RestrictionRules>

 

  • ·         Example 4 : Multiple Rules

 

<?xml version="1.0" encoding="utf-8"?>
<RestrictionRules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

  <RestrictionRule Enabled="false" Action="Deny" Mode="RequestURL" ContinueRuleList="true">
    <Expressions>
      <Expression Type="Contains" CaseSensitive="false">/Pages/Forms/</Expression>
      <Expression Type="Contains" CaseSensitive="false">/Pages/Admin/</Expression>
    </Expressions>
    <RedirectURL>http://blog.bugrapostaci.com /ErrorPages/401.aspx
         </RedirectURL>
    <
Audiences>Guest</Audiences>
  </RestrictionRule>
<
RestrictionRule Enabled="false" Action="Deny" Mode="RequestUserHostAddress" ContinueRuleList="false">
    <Expressions>
      <Expression Type="StartWith" CaseSensitive="false">192.168.10</Expression>
    </Expressions>
    <RedirectURL>http://blog.bugrapostaci.com/ErrorPages/401.aspx</RedirectURL>
    <Audiences></Audiences>
  </RestrictionRule>
</RestrictionRules>

 

Last edited Aug 20, 2010 at 10:16 PM by bpostaci, version 1

Comments

No comments yet.