This rocks! So while I was trying to get this to work, I wanted to have one
database that authenticates users for both my web site's support forum
(Community Server) and documentation site (FlexWiki). I ended up having
FlexWiki use the same users database as Community Server, so my customers
only need one user account for my whole web site. I use the Community
Server administration page to manage the roles. The authentication portion
is working, however I'm still seeing some weird behaviors.
Ideally, I'd like to have the following rules for FlexWiki:
Everyone: Can read the wiki.
Only users with accounts: Can edit the wiki.
Only a few select admins: Can lock topics, create namespaces, and modify
settings via the Admin page.
So with that, I have the following in my web.config for FlexWiki:
<authentication mode="Forms" />
<authorization>
<allow users="*" />
</authorization>
And the following rules:
<AuthorizationRules>
<Rule Type="Allow" Action="Read" Principal="all" />
<Rule Type="Allow" Action="Edit" Principal="authenticated" />
<Rule Type="Allow" Action="ManageNamespace"
Principal="role:WikiAdministrator" />
</AuthorizationRules>
Despite this, it doesn't seem like the rules are being picked up correctly.
I've noticed the following behaviors:
When I haven't logged in, the Admin page link shows up and I can modify
settings such as a namespace provider.
When I do login as a user that's part of the WikiAdministrator role, I don't
see the Lock Topics option.
Any ideas? Also, are there any other actions beyond Read, Edit, and
ManageNamespace for FlexWiki?
Thanks!
Shannon
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John
Davidson
Sent: Monday, February 11, 2008 10:37 PM
To: FlexWiki Users Mailing List
Subject: Re: [Flexwiki-users] [SPAM-LOW] Re: Forms Based Authentication
I need to check how users are added to a role in the SQL Membership
Provider. I just did some quick testing with it and then moved to Windows
Authentication as that is what I use.
The 'ManageNamespace' permission controls access to the Admin pages (it
might be necessary to improve access controls here), lock topics and create
namespace, new users etc.
John Davidson
On Feb 11, 2008 10:28 PM, Shannon Ma <[EMAIL PROTECTED]> wrote:
Hi John,
Thanks I'll try this out and let you know the results. One last question,
how can I make a user part of the WikiManagers role? Also, what exactly
does this role consist of (e.g. lock topics, create new namespaces, etc.)?
Does it also consist of the Admin page or should this be password protected
separately?
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Flexwiki-users mailing list
Flexwiki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/flexwiki-users
