No you are not bother me. This is a complex topic and you are probably
asking questions that will form a FAQ or be used to add to existing
documentation.
1. First the correct form for working with a principal in Windows is:
AllowEdit: user:DOMAINNAME\Wilson.CHC
It should be in the form that you see in the upper righthand border
following the word 'Welcome". If you are using other than Windows
authentication, then the form is
AllowEdit: user:Wilson.CHC
While individual users actually works ok, I prefer to user groups as they
use the same teminology for all authentication methods
AllowEdit: role:WikiManagers
2. In the web.config where you specify
<deny users="?" />
this sets it so that only authenticated users are allowed _any_ access to
the wiki, i.e. anonymous users are not allowed to read.
3. There are a number of things to do that can help a testing environment
and allow you to experiment with various settings.
a. First I recommend comment out the web.config
<deny users="?" />
and add
<allow users="*" />
which will enable anonymous access, but give certain feedback
when logging in to the wiki and validate that the authentication portion is
working.
4. I would create a group called WikiManagers in the domain and add the
Administrators group to that WikiManagers group. Then I would change the
AllowEdit: user:DOMAINNAME\Wilson.CHC, role:WikiManagers
as this will allow you to edit a topic without going into a text editor
and revsing the .wiki and last .awiki files to new content.
5. Next I would not set the DenyEdit in early tests, but only use the
AllowEdit. Once the AllowEdit is working for the topic then add the DenyEdit
statement. The reason for this is that the Windows permissions on the
filestore may not be setup correctly to allow editing, and not having the
DenyEdit will simplify matters.
Have Fun, and let me know if you need more assistance
John Davidson
On Feb 3, 2008 4:47 AM, Wilson Chuah <[EMAIL PROTECTED]> wrote:
> Dear all,
>
>
>
> I forgot to mention that I tried with and without the principle on two
> separate topics (see below):
>
>
>
> DenyEdit: all
>
> AllowEdit: user:domainname\Wilson.CHC, user:Wilson.CHC
>
>
>
> And
>
>
>
> DenyEdit: all
>
> AllowEdit: domainname\Wilson.CHC, Wilson.CHC
>
>
>
> Regards,
>
> Wilson
>
>
> ------------------------------
>
> *From:* Wilson Chuah [mailto:[EMAIL PROTECTED]
> *Sent:* Sunday, February 03, 2008 5:41 PM
> *To:* 'FlexWiki Users Mailing List'
> *Subject:* RE: [Flexwiki-users] Allow/Deny Editing Topics
>
>
>
> Dear John,
>
>
>
> Ok, I tried out the following:
>
>
>
> webconfig authorization set as:
>
>
>
> <authentication mode="Windows" />
>
> <authorization>
>
> <deny users="?" />
>
> </authorization>
>
>
>
> My namespace definition is set as:
>
>
>
> AllowRead: authenticated, anonymous
>
> AllowManageNamespace: authenticated
>
>
>
> My topic definition is set as:
>
>
>
> DenyEdit: all
>
> AllowEdit: domainname\Wilson.CHC, Wilson.CHC
>
>
>
> And I was not given the permission to edit the page. Is it because of the
> windows authentication? Would a forms authentication work better? Thanks in
> advance for all the time taken to answer my questions, I hope I'm not being
> a bother J
>
>
>
> Regards,
>
> Wilson
>
>
>
> P.S I put both versions of my domain login (with and without domain)
> because I didn't know which to follow J
> ------------------------------
>
> *From:* [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] *On Behalf Of *John Davidson
> *Sent:* Sunday, February 03, 2008 12:06 PM
>
> *To:* FlexWiki Users Mailing List
> *Subject:* Re: [Flexwiki-users] Allow/Deny Editing Topics
>
>
>
> No. The section Evaluation Model in the reference [1] explains it best. It
> would have been possible to reverse the statements so that it was
>
> DenyEdit: all
> AllowEdit: Wilson
>
> would also work. The key is it evaluates the rules in order and looks to
> see if, after evaluating all rules, the user has the right. If your last
> rule is a DenyEdit:all then no user will ever have edit rights.
>
> John Davidson
>
> [1]
> http://www.flexwiki.com/default.aspx/FlexWiki/FlexWikiAuthorization.html
>
> On Feb 2, 2008 9:11 PM, Wilson Chuah <[EMAIL PROTECTED]> wrote:
>
> Dear John,
>
>
>
> Thanks for the speedy reply. So Deny always takes precedence over Allow
> right? Ok, I know how to proceed now. Thanks again
>
>
>
> Regards,
>
> Wilson
> ------------------------------
>
> *From:* [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] *On Behalf Of *John Davidson
> *Sent:* Saturday, February 02, 2008 10:18 PM
> *To:* FlexWiki Users Mailing List
> *Subject:* Re: [Flexwiki-users] Allow/Deny Editing Topics
>
>
>
> It would not quite work the way you want it to.
>
> The DenyEdit: all would override the AllowEdit:Wilson.
>
> What I believe you should do is
>
> AllowRead: all
> AllowEdit: Wilson
>
> It is also good in a testing system to ensure that your admin has a
> ManageNamespace permission, as that will allow corrections to be made when
> setting permissions in topics.
>
> Another option would be to use topic locking and allow Wilson to
> Lock/Unlock topics.
>
> John Davidson
>
> On Feb 2, 2008 3:12 AM, Wilson Chuah <[EMAIL PROTECTED]> wrote:
>
> Hi All,
>
>
>
> I've been reading
> http://www.flexwiki.com/default.aspx/FlexWiki/FlexWikiAuthorization.htmland
> before I start configuring, can I ask if DenyEdit takes precedence over
> AllowEdit? Example:
>
>
>
> AllowEdit: Wilson
>
> DenyEdit: all
>
>
>
> Would the above authorization allow Wilson to configure the topics while
> denying everyone?
>
>
>
> Regards,
>
> Wilson Chuah
>
>
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Flexwiki-users mailing list
> Flexwiki-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/flexwiki-users
>
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Flexwiki-users mailing list
> Flexwiki-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/flexwiki-users
>
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Flexwiki-users mailing list
> Flexwiki-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/flexwiki-users
>
>
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
